CN202085191U - Data safe storage and transmission system - Google Patents
Data safe storage and transmission system Download PDFInfo
- Publication number
- CN202085191U CN202085191U CN2011201766912U CN201120176691U CN202085191U CN 202085191 U CN202085191 U CN 202085191U CN 2011201766912 U CN2011201766912 U CN 2011201766912U CN 201120176691 U CN201120176691 U CN 201120176691U CN 202085191 U CN202085191 U CN 202085191U
- Authority
- CN
- China
- Prior art keywords
- memory
- transmission system
- data
- module
- communication protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
Abstract
The utility model provides a data safe storage and transmission system, including a central processor, a memory and an interface module. The data safe storage and transmission system also includes an operating system communication protocol module and a safety module, wherein the communication protocol module is located inside the memory, connected with the central processor and used to provide communication between the data safe storage and transmission system and computers, the safety module is located inside the memory and connected with the central processor, and the operating system communication protocol module is used for finishing the parsing of communication protocol for Linux, apple or an embedded system. An algorithm program preset in the memory is operated by a CPU to encrypt the communication between users and a host, such that the data safe transmission under different platforms is realized, and software protection and identity recognition are further realized.
Description
Technical field
The utility model relates to a kind of data security storage and transmission system, relates to a kind of data security storage and transmission system based on various operating systems especially.
Background technology
International Organization for Standardization to the definition of computer system security is: for data handling system is set up and the technology of employing and the safeguard protection of management, protection computer hardware, software and data are not suffered to destroy, change and are revealed because of the reason of chance and malice.Safety that thus can computer network is interpreted as: by adopting various technology and control measures, network system is normally moved, thereby guaranteed availability, integrality and the confidentiality of network data.So the purpose of setting up the network security protection measure is to guarantee that data through Network Transmission and exchange can not increase, revise, lose and leakage etc.
Information security or data security have the implication of two aspects of opposition: the one, and the safety of data itself; mainly be meant and adopt the modern password algorithm that data are carried out the active protection; maintain secrecy as data; data integrity; bidirectional strength authentication etc.; the 2nd, the safety of data protection; mainly be to adopt present information storage means that data are carried out the active protection; as pass through disk array; data backup; means such as long-distance disaster guarantee the safety of data; data security is a kind of measure that comprises of active; the safety of data itself must be based on reliable cryptographic algorithm and security system, and mainly being has two kinds of symmetry algorithm and public key cryptography systems.
The safety of data processing is meant database damage or the loss of data phenomenon that prevents that how effectively data from causing owing to hardware fault, outage, deadlock, artificial misoperation, bugs, virus or hacker etc. in typing, processing, statistics or printing, personnel or operator that some data responsive or that maintain secrecy may not held qualification read, and cause consequence such as leakage of data.
And the safety of storage is meant the readability of database outside system operation, and the ACCESS database of a standard is understood a little and can be opened the computer personnel of some basic skills and read or revise.In case database is stolen, even without original system program, coding is checked the database of stealing or is revised in addition in the same old way.From this angle, the ciphered data storehouse is not unsafe, causes commerce to divulge a secret easily.This has just related to problems such as the maintaining secrecy of computer network communication, safety and software protection.
Along with popularizing of the Internet, the rise of ecommerce, E-Government, increasing people begin to attempt online transaction, more and more informational needs that relate to individual privacy and business secret pass through network delivery, yet deliberate threats such as virus, hacker, phishing and the counterfeit swindle of webpage have brought great challenge for the fail safe of online transaction.Therefore, be necessary to propose the solution that some are applied to the data transmission security of various operating systems (such as Linux, apple system, embedded system or the like), satisfy the identification requirement of user in the ecommerce E-Government.
The utility model content
The utility model wants the technical solution problem to provide a kind of equipment that transmits based on the data security of various operating systems.
According to an aspect of the present utility model, a kind of data security storage and transmission system are provided, comprising: central processing unit, memory, and interface module.This data security storage also comprises operating system communication protocol module and security module with transmission system, wherein, described communication protocol module is positioned at described memory inside and is connected with described central processing unit, be used to provide the communication of this data security storage and transmission system and computer, described security module is positioned at described memory inside and is connected with described central processing unit.
In above-mentioned data security storage and transmission system, described central processing unit and memory can be integrated in the microcontroller chip, described central processing unit and memory can be integrated in the single-chip microcomputer, and described central processing unit, interface chip and memory can be integrated in the microcontroller chip.And described equipment also comprises extended menory, and this extended menory is connected with described microcontroller chip.Described operating system communication protocol module is used to finish at Linux, the parsing of the communication protocol of apple system or embedded system.
The utility model has comprised by employing can be to various operating systems (such as Linux; apple system, embedded system or the like) the data transmission system of memory, interface module and memory of the communication protocol communication module of resolving be connected the line data transmission of going forward side by side with main frame; the algorithm routine that is preset in memory by the CPU operation is encrypted with communicating by letter of main frame the user; realized the data security transmission under the various platforms; and then realize software protection and identification, have simple in structure, easy to use, steady performance simultaneously.
Description of drawings
Fig. 1 is the workflow diagram of first embodiment of the present utility model;
Fig. 2 is the workflow diagram of second embodiment of the present utility model;
Fig. 3 is the structured flowchart that first embodiment of the present utility model is shown;
Fig. 4 is the structured flowchart that second embodiment of the present utility model is shown;
Fig. 5 is the structured flowchart that the 3rd embodiment of the present utility model is shown.
Embodiment
Below, describe embodiment of the present utility model in detail with reference to accompanying drawing.
Fig. 3 illustrates first exemplary embodiment of the present utility model.In this first exemplary embodiment, software protection equipment 302 comprises interface chip 303, MCU 305 and the extended menory 304 that connects in turn.Described extended menory can be selected RAM, ROM, EPROM, FLASH etc. arbitrarily for use, is used to store corresponding cryptographic algorithm.Cryptographic algorithm can be stored in the memory in advance, perhaps can be selected or be downloaded by the user.
MCU part 305 shown in Figure 3 comprises operating system communication protocol module 306 and security module 307.Operating system communication protocol module 306 is finished the parsing at the communication protocol of operating system.Here the operating system of indication includes but not limited to Linux, apple system, embedded system.Security module 307 is used to provide data security protecting.For example, security module 307 is the software protection module in the present embodiment.
Below, in conjunction with Fig. 1 the communication process of equipment and main frame is described in detail.In Fig. 1, be that Linux is that example describes with operating system.
At first, when connecting devices to main frame, the USB subsystem of Linux can be discerned vendor id and product IDs automatically.Simultaneously, when driver was loaded, its can provide information such as the vendor id that drives the product of supporting and product IDs to the USB subsystem, like this, just the driving of product and product is mapped.
On the Linux platform, under/dev catalogue, there is a logical device node corresponding to encryption lock.This node exists with the form of file, but it is not the file on the common meaning, but device file.Be not activated in the system of devfs, can creating device file, wherein specifying major device number and secondary device number by mknod order.In the system that has started devfs, create this device file automatically by the devfs system.The major device number of device file and device driver are one to one on the linux system.
At step S101, main frame carries out initialization to equipment.At step S102, main frame is verified the product identification of the manufacturer of equipment.If correct, equipment execution in step S103 then; Otherwise, forward S110 to, with being connected of equipment disconnection and main frame.
In step S103, verify user password; If correct, equipment waits for the order of self-application with execution in step S104; Otherwise, forward step S110 to.In step 104, if carrying out, equipment receives order, then order is resolved, and, enter into step S105 and carry out data encrypting and deciphering according to different application requirements, perhaps enter into step S106, with the operation of presetting the code operational data.
After in step S105 or S106, data being handled, enter step S107, wait for the order of self-application, no longer include response, then enter step S110, disconnect and being connected of main frame if use; Otherwise, then forward step S108 to.If sign off, execution in step S109 then disconnects and being connected of main frame equipment, continues wait and takes orders otherwise forward step S104 to.
The main effect of software protection equipment is that defence program part can not appear in the internal memory of main frame, and the benefit of bringing like this comprises the illegal copies of the program of preventing, the program that prevents is illegally followed the tracks of or debugged, and prevents by dump and prevents decompiling.
Second preferred embodiment of the present utility model provides a kind of user identity identification equipment (or being called the authentication lock), is used to preserve user's sensitive data, as password, digital certificate etc.
The hardware components of identification apparatus as shown in Figure 4,401 is main frame among the figure, 402 is identification apparatus, 403 for being arranged on MCU in the described identification apparatus.Described MCU is inner integrated communication protocol module 404 and security module 405, wherein, MCU 403 comprises CPU, interface module and RAM memory (being built-in with algorithm in this RAM).Described MCU 403 presets the algorithm that comprises RSA, DES, 3DES, MD5 or the like, perhaps can be selected or download algorithm by the user.
Fig. 2 is the operational flowchart of second exemplary embodiment of the present utility model.In Fig. 2, with the situation of figure similarly, be that Linux is that example describes with operating system.And the linux system among Fig. 2 is similar to the operation of embodiment 1 to the identifying of equipment.
In step S201, main frame has been finished initialization to identification apparatus.In step 202, obtain the password A of user's input by identification apparatus.In step 203, identification apparatus is read password and is obtained B through specific processing from the password memory block.In step 204, A and B are compared; If different, then represent the authentication failure, flow process forwards step S211 to, and identification apparatus disconnects the connection with main frame; If identical, then distribute certain authority to give the user by identification apparatus, described this authority is associated with user's cryptographic levels.The user can authorize the application end operation in the identity allowed band.Be the order (as step S205) that identification apparatus receives self-application, dissection process (data encryption as step S206 is handled) is carried out in order.
At step S207,, return to application then with presetting the code operational data.Then.Execution in step S208 continues to wait for the order of self-application.Do not have in application under the situation of legal response, flow process forwards step S211 to, and off device is connected with main frame; Otherwise, receive the order of application layer.
If judge the indication sign off by step S208, then flow process forwards step S210 to, disconnect connecting this communication process of normal termination; Otherwise flow process forwards step S205 to and continues to carry out.
In above-mentioned step S202, step S203, step S204, also can directly from identification apparatus, read password, judge by host side whether password is correct.
The main effect of digital identity identification equipment is that the important sensitive data that obtains of protection can be read out (in the internal memory as main frame) outside the key apparatus never, and such benefit of bringing is:
Fig. 5 shows the 3rd exemplary embodiment of the present utility model, and it provides another kind of identification apparatus.As shown in Figure 5, be provided with interface chip 503 and the integrated CPU that is attached thereto and the MCU 504 of memory in the described identification apparatus 502, link to each other with main frame 501 by institute's interface chip 503, be mainly used in the translation of finishing the docking port agreement, make that the realization of MCU part 504 can be simpler.
Main frame in the present embodiment 3 is identical with embodiment 2 with communicating by letter of equipment, and can realize 2 identical functions with embodiment.
Above-described structure and processing only are exemplary, and are not to be used to limit scope of the present utility model.Those skilled in the art will appreciate that and to carry out various changes to the utility model, and do not break away from spirit and scope of the present utility model.
Claims (5)
1. a data security is stored and transmission system, comprising: central processing unit, and memory and interface module is characterized in that,
This data security storage also comprises operating system communication protocol module and security module with transmission system, wherein, described communication protocol module is positioned at described memory inside and is connected with described central processing unit, be used to provide the communication of this data security storage and transmission system and computer, described security module is positioned at described memory inside and is connected with described central processing unit.
2. data security storage as claimed in claim 1 and transmission system is characterized in that described central processing unit and memory are integrated in the microcontroller chip.
3. data security storage as claimed in claim 1 and transmission system is characterized in that described central processing unit and memory are integrated in a single-chip microcomputer.
4. data security storage as claimed in claim 1 and transmission system is characterized in that described central processing unit, interface chip and memory are integrated in the microcontroller chip.
5. data security storage as claimed in claim 1 and transmission system is characterized in that described equipment also comprises extended menory, and this extended menory is connected with described microcontroller chip.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011201766912U CN202085191U (en) | 2011-05-30 | 2011-05-30 | Data safe storage and transmission system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011201766912U CN202085191U (en) | 2011-05-30 | 2011-05-30 | Data safe storage and transmission system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN202085191U true CN202085191U (en) | 2011-12-21 |
Family
ID=45345806
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011201766912U Expired - Fee Related CN202085191U (en) | 2011-05-30 | 2011-05-30 | Data safe storage and transmission system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN202085191U (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103426280A (en) * | 2013-07-24 | 2013-12-04 | 北京科东电力控制系统有限责任公司 | Intelligent handheld terminal for electric power mobile operation |
| CN109150882A (en) * | 2018-08-23 | 2019-01-04 | 杭州在信科技有限公司 | A kind of data leakage prevention method based on using routing encryption |
| CN110321725A (en) * | 2019-07-12 | 2019-10-11 | 中孚信息股份有限公司 | A kind of method and device for preventing from distorting system data and clock |
-
2011
- 2011-05-30 CN CN2011201766912U patent/CN202085191U/en not_active Expired - Fee Related
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103426280A (en) * | 2013-07-24 | 2013-12-04 | 北京科东电力控制系统有限责任公司 | Intelligent handheld terminal for electric power mobile operation |
| CN109150882A (en) * | 2018-08-23 | 2019-01-04 | 杭州在信科技有限公司 | A kind of data leakage prevention method based on using routing encryption |
| CN109150882B (en) * | 2018-08-23 | 2021-02-12 | 深圳市安盾网络技术有限公司 | Data leakage prevention method based on encryption by utilizing route |
| CN110321725A (en) * | 2019-07-12 | 2019-10-11 | 中孚信息股份有限公司 | A kind of method and device for preventing from distorting system data and clock |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104160403B (en) | Use single credible platform module measuring table part | |
| EP2795829B1 (en) | Cryptographic system and methodology for securing software cryptography | |
| CN100437618C (en) | Portable information safety device | |
| US8566934B2 (en) | Apparatus and method for enhancing security of data on a host computing device and a peripheral device | |
| US8090946B2 (en) | Inter-system binding method and application based on hardware security unit | |
| US8954747B2 (en) | Protecting keystrokes received from a keyboard in a platform containing embedded controllers | |
| CN107851160A (en) | For carrying out multiple credible I/O that credible performing environment coexists technology under being controlled in ISA | |
| US9015454B2 (en) | Binding data to computers using cryptographic co-processor and machine-specific and platform-specific keys | |
| US20200026882A1 (en) | Methods and systems for activating measurement based on a trusted card | |
| CN104320389A (en) | Fusion identify protection system and fusion identify protection method based on cloud computing | |
| KR20090078551A (en) | Method and apparatus for authorizing host in portable storage device and providing information for authorizing host, and computer readable medium thereof | |
| CN102799831B (en) | Information safety protection system of application system based on database and information safety protection method | |
| TW201712589A (en) | Secure input/output device management | |
| US10148444B2 (en) | Systems and methods for storing administrator secrets in management controller-owned cryptoprocessor | |
| CN104834874A (en) | Establishing physical locality between secure execution environments | |
| CN112016090B (en) | Secure computing card, and measuring method and system based on secure computing card | |
| CN202085191U (en) | Data safe storage and transmission system | |
| US8863273B2 (en) | Method of using an account agent to access superuser account shell of a computer device | |
| CN105187459B (en) | Account private data security system and its data guard method | |
| US9262619B2 (en) | Computer system and method for protecting data from external threats | |
| KR101711024B1 (en) | Method for accessing temper-proof device and apparatus enabling of the method | |
| WO2016026333A1 (en) | Data protection method, device and storage medium in connection between terminal and pc | |
| CN113127141B (en) | Container system management method and device, terminal equipment and storage medium | |
| CN114070548A (en) | Software copyright encryption protection method based on soft dongle device | |
| CN2927185Y (en) | Data safety transmission equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20111221 Termination date: 20130530 |