Multifunctional information safety equipment
Technical field
The utility model relates to information security field, particularly a kind of information safety devices that integrates functions as one.
Background technology
As everyone knows, the process of computer booting protection process or client-access remote server, only by requiring the user to input password to confirm whether its identity is legal, as long as the user can correctly input password, computer just thinks that he is a validated user usually.But in concrete application process, the static password authentication mode exists many unsafe factors, very easily causes password to reveal and causes a series of illegal logins.Simultaneously,, just can change content wherein, realize the normal startup of system, so the static password authentication mode be a kind of identification authentication mode that has potential safety hazard if hard disk is transplanted in the computer that does not have password.
Intelligent key apparatus is a kind of small hardware device that has processor and memory, and it can be connected with computer by the data communication interface of computer.Intelligent key apparatus adopts the legitimacy of PIN code identifying user identity, when carrying out authentication, intelligent key apparatus is linked to each other with computer, the user imports PIN code on computers, the correctness of automatic this PIN code of verification of intelligent key apparatus meeting, when having only the PIN code of importing as the user correct, just allow user's operative intelligence key device.Intelligent key apparatus also has the key systematic function, but and safe storage key and preset cryptographic algorithm.The intelligent key apparatus computing relevant with key be fully at the device internal operation, and intelligent key apparatus has the anti-characteristic of attacking of physics, and fail safe is high.
Because intelligent key apparatus has the characteristic of high safety, so much require the higher field of fail safe, all adopts intelligent key apparatus to carry out authentication, to guarantee the fail safe of operation.For example the computer booting protection system just often utilizes intelligent key apparatus to confirm user's identity.
However, intelligent key apparatus yet exists leak at secure context, if network hacker just can be realized illegal login under the situation of intercepting and capturing PIN code.
Dynamic password also claims disposal password (One-time Password), and it refers to user's password according to time or the continuous dynamic change of access times, and each password only uses once.The dynamic cipher verification mode is general to be adopted a kind of specialized hardware that is referred to as dynamic token (dynamic token also can be a form of software, java program as mobile phone), the password that it is built in the special cryptographic algorithm of operation generates chip, according to current time or access times generation current password and output.Certificate server adopts the identical current valid password of algorithm computation.The user is by importing dynamic token with factors such as self-defining static password, time/incidents, generate dynamic password by dynamic token in conjunction with built-in shared key, after generating dynamic password, the user transfers to identification service system by network with userspersonal information and current dynamic password in client, if the identification service system password authentification is passed through, then the user can login.Because each password that uses must be produced by dynamic token, has only validated user just to hold this hardware, as long as password authentification is passed through, system just can think that this user's identity is reliable.Because the each password that uses of user is all inequality, so, also can't utilize this password to come the identity of counterfeit validated user even the hacker has intercepted and captured password one time.The dynamic cipher verification mode has improved client user's fail safe effectively, and rapidly at home many industries of Web bank, telephone bank, online game or the like have obtained to use widely.
The dynamic password device only can realize producing the effect of password on function, function singleness for the higher computer system of security requirement, all needs dynamic password device and other safety means to combine use, and it is very loaded down with trivial details to operate.
In the prior art, intelligent key apparatus or dynamic token mainly connect by serial ports or USB interface and computer, and to realize the communication of data, range of application is restricted.A kind of dynamic password systematic function that both had is not arranged at present as yet, have the intelligent key function again, and can be by realizing the equipment of information communication between noncontact mode and the card reader.
The principle of non-contact technology mainly is an embedded antenna and microelectronic chip in device, when this device is regional near the actual induction of card reader, just can finish the primary information exchange between them, need not do any contact, just can realize the transmission of data with coupled-inductors.Because contactless technology is compared with the contact technology, has advantages such as ease for use is strong, reliability is high, easy to operate, not easy to wear, therefore just be applied to the every field of social life more and more widely.
The utility model content
The utility model provides a kind of safe, easy to use, multifunctional information safety equipment of having wide range of applications, and described information safety devices collection intelligent key function, dynamic token function, output function and contactless function are one.
The technical solution of the utility model is: a kind of multifunctional information safety equipment, comprise authentication module, disposal password generation module and output module, it is characterized in that also being provided with control module and wireless communication module, described control module links to each other with wireless communication module with described authentication module, disposal password generation module, output module respectively.
Also be provided with wireline interface module, enciphering/deciphering module, memory module and power module.
Also be provided with human-computer interaction module, described human-computer interaction module links to each other with control module.
Described wireless communication module is made up of radio-frequency module and Anneta module, and described radio-frequency module links to each other with Anneta module with control module respectively, and described Anneta module also links to each other with power module.
Described memory module is a mass storage module.
Described mass storage module comprises ciphertext memory module and stored in clear module, is EEPROM, FLASH memory.
Described control module, authentication module, disposal password generation module, radio-frequency module are integrated in little process chip inside.
Described human-computer interaction module is mechanical switch, sensor devices, audio-switch, body temperature inductor, pressure inductor, vibrating sensor, acceleration transducer, magnetic sensors or electric field induction device.
Described output module is display module and/or sounding output module.
Described radio-frequency module comprises modulation/demodulation modules.
Described Anneta module realized by coupled antenna, and described coupled antenna and described little process chip or radio-frequency module and power module link to each other.
Described power module comprises the rectifying and voltage-stabilizing module.
Described power module also comprises battery and/or external power supply.
Described wireline interface module is usb interface module, eSATA interface module, SDIO interface module or pcmcia interface module.
The beneficial effects of the utility model are: at first, the utility model collection intelligent key function, dynamic token function, contactless function, mass storage function and Presentation Function are one, and be convenient easy-to-use; Secondly, aspect authentication, the equipment that utilizes the utility model to provide, except that by the intrinsic PIN code authentication of intelligent key apparatus, also to have introduced the disposal password technology user identity has been discerned, dynamic token can onlinely use, also can off line use, its disposal password that generates at random both can be exported by main frame, also can make things convenient for the user to check by the output device output that carries; Simultaneously, the device that utilizes the utility model to provide carries out enciphering/deciphering by the visit high-capacity storage to the data of its storage inside and handles, thereby has enlarged the memory space of data, has improved safety of data; At last, the equipment that utilizes the utility model to provide both can carry out data communication by wireline interface and outer computer, also can realize the transmission of data by the noncontact mode, can also use with the powered battery off line, this enlarge to a great extent equipment range of application, promoted equipment performance.
Description of drawings
Fig. 1 is the functional block diagram of a kind of information safety devices that integrates functions as one provided by the utility model;
Fig. 2 is the device interior chip connection layout that is provided in the specific embodiment of the invention 1.
Embodiment
Below in conjunction with drawings and Examples the utility model is specifically described.
Embodiment 1
Among Fig. 1, multifunctional information safety equipment, comprise authentication module, disposal password generation module and output module, also be provided with control module and wireless communication module, described control module respectively with described authentication module, the disposal password generation module, output module links to each other with wireless communication module, also be provided with the wireline interface module, the enciphering/deciphering module, memory module and power module, described wireline interface module, the enciphering/deciphering module, memory module is connected with control module respectively with power module, power module also links to each other with wireless communication module, under the control of control module, described wireline interface module is used for the data communication with main frame, the enciphering/deciphering module is used for the enciphering/deciphering of data is handled, and described memory module is used for the storage to related data.Also be provided with human-computer interaction module, described human-computer interaction module links to each other with the disposal password generation module with control module respectively, under the control of described control module, human-computer interaction module sends dynamic password for the disposal password generation module and generates order, the disposable generation crypto module back that receives orders produces password, and by control module password is sent to output module and export.
Among Fig. 2, the equipment that is provided in the embodiment of the invention comprises:
SmartMX P5CT072 main control chip, coupled antenna, regulator rectifier circuit, button, HTG12832C LCD.Wherein, coupled antenna, HTG12832C LCD, button are connected with SmartMXP5CT072 main control chip controller respectively, and regulator rectifier circuit is connected with coupled antenna.
SmartMX P5CT072 main control chip inner integrated authentication module, enciphering/deciphering module, disposal password generation module, Flash memory module, CPU module, radio-frequency module and usb interface module.
When button was pressed, the CPU module in the SmartMX P5CT072 main control chip received disposal password and generates order, and according to current time generation current password, at last the password that generates was passed through the output of HTG12832C LCD.
In the SmartMX P5CT072 main control chip, authentication module is used to realize authenticating user identification, the enciphering/deciphering module is used for that data are carried out enciphering/deciphering and handles, the Flash memory module comprises clear data district and privately owned district, be used to store clear data and encrypt data, comprise user data and related hardware letter, customer digital certificate, user ID, static password or the like.
When equipment that present embodiment provided connects by usb interface module and outer computer, by computer to the power supply of SmartMX P5CT072 main control chip, so that the normal working voltage of equipment to be provided; When device start non-contact function that present embodiment provided, inductance coil provides energy to the equipment that present embodiment provided.
When equipment desire that present embodiment provided when outside card reader receives data, equipment will enter the actual induction zone of outside card reader, inductance coil receives the high-frequency induction signal from outside card reader, produce induced current voltage, after the voltage process rectifying and voltage-stabilizing processing and amplifying, give power devices as power supply, after device power starts initialization, SmartMX P5CT072 main control chip just can receive data, radio-frequency module can carry out demodulation to the high-frequency induction signal that receives in the SmartMX P5CT072 main control chip, generate discernible digital signal, then the data of receiving are dealt with again.
When the equipment that present embodiment provided is desired when outside card reader sends data, need enter the actual induction zone of outside card reader, equipment obtains electric current and voltage by magnetic field induction, after this voltage process rectifying and voltage-stabilizing processing and amplifying, can make power supply and give power devices, after device power starts initialization, SmartMX P5CT072 main control chip just can have been sent out data, the data that send will be modulated into electromagnetic wave signal through radio-frequency module in the SmartMX P5CT072 main control chip, send by inductance coil, so just finish wireless data and send.
More than to a kind of multifunctional information safety equipment provided by the utility model, be described in detail, used concrete each example herein execution mode of the present utility model is set forth, the explanation of above embodiment just is used for helping to understand core concept of the present utility model; Simultaneously, for one of ordinary skill in the art, according to thought of the present utility model, the part that all can change in specific embodiments and applications, in sum, this description should not be construed as restriction of the present utility model.