CN204578548U - A kind of USB device authentic authentication device of USB control chip level - Google Patents
A kind of USB device authentic authentication device of USB control chip level Download PDFInfo
- Publication number
- CN204578548U CN204578548U CN201520198837.1U CN201520198837U CN204578548U CN 204578548 U CN204578548 U CN 204578548U CN 201520198837 U CN201520198837 U CN 201520198837U CN 204578548 U CN204578548 U CN 204578548U
- Authority
- CN
- China
- Prior art keywords
- usb
- control chip
- main control
- authentication
- management system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Storage Device Security (AREA)
Abstract
A USB device authentic authentication device for USB control chip level, relates to field of information security technology.The utility model USB device authentic authentication device generates management system, USB main control chip safety management system and USB device authentic authentication system by Third Party Authentication authentication management system, USB main control chip device certificate and forms.Compared with the existing technology, the utility model integrated use asymmetric cryptographic technique and authentic authentication technology, fail safe is carried out to the master controller of usb host and the main control chip of USB device and strengthens transformation, and by third party testing agency, Certificate Authority management is carried out to USB main control chip, realize the authentic authentication of usb host to USB device, reach to stop and allly to attempt with the object of the USB control chip firmware assault pattern that is intermediary, thus build department of computer science and to unify the trust computing of USB device system and communication environment.
Description
Technical field
The utility model relates to field of information security technology, particularly the USB device authentic authentication device of USB control chip level.
Background technology
USB (Universal Serial Bus) is used to connect the bus between computer and peripheral unit, the function of its plug and play (Plug and Play), makes it can arbitrarily ancillary equipment must not linked, configure, use and be removed through complicated installation.And due to USB elasticity with easily use, make the peripheral unit of support USB comprise the various different products such as mouse, keyboard, loudspeaker, modulator-demodulator, scanning machine and increase year by year.Even to this day, USB interface has become from COM port(serial port) after, the most successful peripheral connect interface on computer, relevant product also comes into the market with the amplification per year over 30%.
Mobile memory medium (abbreviation USB flash disk) is as the most widely used USB device, and having the advantages that volume is little, capacity is large, easy to carry, is the convenient medium of one of information exchange.For the ease of producing and after-sales service, USB flash disk main control chip all provides volume production instrument to affiliate, for defining product function and technical parameter, and repairs product institute's produced problem after sale by software.But the firmware of USB flash disk main control chip itself then belongs to chip producer secret, and not opening, similar method adopts too in other ancillary equipment products of USB.
By to the principle analysis of USB main control chip firmware and reverse-engineering, hacker organizes the safety defect having found to be called as " BADUSB ", make computer can revise the firmware of USB flash disk main control chip voluntarily, thus can be attacked the computer system that it inserts by main control chip; Main control chip firmware also can active attack computer system, become the chain attacked and propagate, define the index diffusive infection model of " computer-> many USB flash disk-> more multicomputer ", thus cause the thinking how mobile memory medium being carried out to safety management.
In prior art, due to the design defect of computer, operating system system and usb protocol, cause to be on the defensive to above-mentioned attack method by software approach at present, to the computer system in the whole world, comprise the robot control system(RCS) of industry and national basis facility, all constitute extremely urgent serious threat.
Summary of the invention
For above-mentioned problems of the prior art, the purpose of this utility model is to provide a kind of USB device authentic authentication device of USB control chip level.Its integrated use asymmetric cryptographic technique and authentic authentication technology, fail safe is carried out to the master controller of usb host and the main control chip of USB device and strengthens transformation, and by third party testing agency, Certificate Authority management is carried out to USB main control chip, realize the authentic authentication of usb host to USB device, reach to stop and allly to attempt with the object of the USB control chip firmware assault pattern that is intermediary, thus build department of computer science and to unify the trust computing of USB device system and communication environment.
In order to realize foregoing invention object, the technical solution of the utility model realizes as follows:
A kind of USB device authentic authentication device of USB control chip level, its design feature is, it generates management system, USB main control chip safety management system and USB device authentic authentication system by Third Party Authentication authentication management system, USB main control chip device certificate and forms.Described Third Party Authentication authentication management system is signed and issued manager by Authorization Manager, licencing key algoritic module and USB main control chip device certificate and is formed, and comprises hash algorithm, Digital Signature Algorithm and digital sign test algorithm in licencing key algoritic module.Described USB main control chip device certificate generates management system and is made up of system password algoritic module and chipset certificate generator, comprises hash algorithm and Digital Signature Algorithm in system password algoritic module.Described USB main control chip safety management system is made up of chip secure memory cell, chip cryptographic algorithm hardware module, safe self-inspection read-only memory bootstrap and safety verification managed firmware program, and chip cryptographic algorithm hardware module comprises hard-wired hash algorithm and digital sign test algorithm.Described USB device authentic authentication system is made up of USB main control chip certificate manager, secret key safety memory cell and authentication password algoritic module, comprises digital sign test algorithm in authentication password algoritic module.Third Party Authentication authentication management system is the system that third-party chip testing agency uses, and completes the Certificate Authority function to USB main control chip safety management system and USB device authentic authentication system.It is the system that USB main control chip production firm uses that USB main control chip device certificate generates management system, completes generation and the management work of USB main control chip certificate.USB main control chip safety management system is built in the USB main control chip of USB device, completes the self-inspection of main control chip level security and the safety verification function of USB device.USB device authentic authentication system is built in usb host controller or by individual chips and realizes, and completes usb host to the authentic authentication of USB device and safe handling authentication function.
The utility model, owing to have employed above-mentioned structure, carries out the Safe Transformation of chip-scale on the one hand, increases the safe self-checking function of USB main control chip before establishing a communications link with usb host to the main control chip of USB device, ensure USB main control chip inherently safe; On the other hand, Safe Transformation carried out to the master controller of usb host or increases individual chips, before usb host enumerates USB device, increasing the authentic authentication function of usb host to USB device, guarantee that the USB device of access host is safe and reliable.Meanwhile, carry out authentic authentication management by third party testing agency to USB main control chip, realize the authentic authentication of usb host to USB device, the unsanctioned USB device of certification is rejected and is connected with main frame.The attack of the utility model to be information and network system defence with USB be medium provides a kind of USB device authentic authentication technology of USB control chip level, thus solve cause because of computer, operating system system and usb protocol design defect cannot defend to take USB as the attack problem of medium by software approach.The utility model adopts asymmetric cryptographic technique to achieve empowerment management to USB main control chip and authentic authentication, and by increasing the safe self-inspection of USB main control chip, achieve the inherently safe of USB device from chip layer, the authentic authentication for USB device provides reliable technique guarantee.
Below in conjunction with the drawings and specific embodiments, the utility model is described in further detail.
Accompanying drawing explanation
Fig. 1 is the principle assumption diagram of the utility model device;
Fig. 2 is the system authorization process schematic diagram using the utility model device to realize usb host and USB device in USB device authentic authentication method in embodiment;
Fig. 3 uses the utility model device to realize in USB device authentic authentication method USB main control chip device certificate to generate, sign and issue and process schematic diagram with storing to solidify in embodiment;
Fig. 4 is USB main control chip device certificate generation system flow chart in Fig. 3;
Fig. 5 is the safe self-inspection treatment system flow chart using the utility model device to realize USB main control chip in USB device authentic authentication method in embodiment;
Fig. 6 uses the utility model device to realize in USB device authentic authentication method usb host to the authentic authentication treatment system flow chart of USB main control chip in embodiment.
Embodiment
Referring to Fig. 1 to Fig. 3, the USB device authentic authentication device of the utility model USB control chip level generates management system B, USB main control chip safety management system C and USB device authentic authentication system D by Third Party Authentication authentication management system A, USB main control chip device certificate and forms.
Third Party Authentication authentication management system A is the system that third-party chip testing agency uses, it is signed and issued manager 3 by Authorization Manager 1, licencing key algoritic module 2 and USB main control chip device certificate and forms, comprise hash algorithm, Digital Signature Algorithm and digital sign test algorithm in licencing key algoritic module 2, complete the Certificate Authority function to system USB main control chip safety management system C and USB device authentic authentication system D.Third Party Authentication authentication management system A mono-aspect licensing by Third Party Authentication PKI 13, realize the empowerment management to usb host and USB device, on the other hand, digital signature is carried out by the chipset certificate body 14 USB main control chip being carried out to safety detection and treat label, generate USB main control chip device certificate 15, realize signing and issuing of USB main control chip device certificate 15.
It is the system that USB main control chip production firm uses that USB main control chip device certificate generates management system B, it is made up of system password algoritic module 4 and chipset certificate generator 5, comprise hash algorithm and Digital Signature Algorithm in system password algoritic module 4, complete generation and the management work of USB main control chip device certificate.
USB main control chip safety management system C is built in the USB main control chip of USB device, be made up of chip secure memory cell 6, chip cryptographic algorithm hardware module 7, safe self-inspection read-only memory bootstrap 8 and safety verification managed firmware program 9, chip cryptographic algorithm hardware module 7 comprises hard-wired hash algorithm and digital sign test algorithm, completes safe self-inspection and the safety verification function of USB device main control chip.
USB device authentic authentication system D is built in usb host controller or is realized by individual chips, be made up of USB main control chip certificate manager 10, secret key safety memory cell 11 and authentication password algoritic module 12, comprise digital sign test algorithm in authentication password algoritic module 12, complete usb host to the authentic authentication of USB device and safe handling authentication function.
USB main control chip device certificate 15 of the present utility model includes USB main control chip firmware digital digest and digital signature thereof, for the authentic authentication realizing whole device provides important support.
Referring to Fig. 1 to Fig. 6, the step using the utility model device to realize USB device authentic authentication method is:
1) system authorization:
1. the Authorization Manager 1 in Third Party Authentication authentication management system A provides Third Party Authentication PKI 13 for USB device authentic authentication system D, and storage is cured in the secret key safety memory cell 11 of USB device authentic authentication system D, realizes the Certificate Authority of USB device authentic authentication system D.
2. the Authorization Manager 1 in Third Party Authentication authentication management system A provides Third Party Authentication PKI 13 for USB main control chip safety management system C, and storage is cured in the chip secure memory cell 6 of USB main control chip safety management system C, realizes the Certificate Authority of USB device.
) USB main control chip device certificate generate, sign and issue and store solidification:
1. the chipset certificate generator 5 of USB main control chip device certificate generation management system B uses the hash algorithm in system password algoritic module 4 to carry out Hash process to all or part of data of USB main control chip firmware in USB main control chip, generate USB main control chip firmware digital digest, and use the Digital Signature Algorithm in chipset private key and system password algoritic module 4 to generate the digital signature of USB main control chip firmware digital digest.The packing of the digital signature information of USB main control chip mark, USB device type declaration, chipset PKI, USB main control chip firmware digital digest and firmware digital digest is generated the chipset certificate body 14 corresponding with USB master control safety chip.Chipset certificate body 14 will be provided to Third Party Authentication authentication management system A.
2. the USB main control chip device certificate in Third Party Authentication authentication management system A signs and issues the digital signature of the USB main control chip firmware digital digest in the digital sign test proof of algorithm chipset certificate body 14 that manager 3 uses in the chipset PKI in chipset certificate body 14 and licencing key algoritic module 2, confirms legitimacy and the integrality of USB main control chip firmware digital digest, as passed through digital signature authentication, hash algorithm in use authority cryptographic algorithm module 2 carries out Hash process to all or part of data of USB main control chip firmware, generate USB main control chip firmware digital digest, USB main control chip firmware digital digest in this digital digest and chipset certificate body 14 is compared, if data consistent, then use the digital signature of the Digital Signature Algorithm generating chip device certificate body 14 in third party's signature private key and licencing key algoritic module 2, and chipset certificate body 14 and digital signature packing are generated USB main control chip device certificate 15.
3. USB main control chip device certificate 15 by be stored be solidificated in USB main control chip safety management system D chip secure memory cell 6 in.
) the safe self-inspection of USB main control chip:
1. USB device connects usb host through usb bus, and realize after USB device powers on, USB main control chip starts the safe self-inspection read-only memory bootstrap 8 performing USB main control chip safety management system C;
2. during safe self-inspection read-only memory bootstrap 8 uses in chip secure memory cell 6 in Third Party Authentication PKI 13 and chip cryptographic algorithm hardware module 7 digital sign test proof of algorithm chip secure memory cell 6, the digital signature of USB main control chip device certificate 15, confirms legitimacy and the integrality of chipset certificate; As do not passed through digital signature authentication, USB device will be prevented from communicating to connect with usb host;
The digital signature of the USB main control chip firmware digital digest during 3. safe self-inspection read-only memory bootstrap 8 uses in the chipset PKI in USB main control chip device certificate 15 and chip cryptographic algorithm hardware module 7 digital sign test proof of algorithm USB main control chip device certificate 15, confirms legitimacy and the integrality of USB main control chip firmware digital digest; As do not passed through digital signature authentication, USB device will be prevented from communicating to connect with usb host;
4. safe self-inspection read-only memory bootstrap 8 uses the hash algorithm in chip cryptographic algorithm hardware module 7 to carry out Hash process to all or part of data of USB main control chip firmware, obtains USB main control chip firmware digital digest; USB main control chip firmware digital digest in this digital digest and USB main control chip device certificate 15 is compared, if data consistent, confirms that USB main control chip firmware data is not tampered; If data are inconsistent, USB device will be prevented from communicating to connect with usb host;
5., after USB device and usb host establish a communications link, USB main control chip will perform the safety verification managed firmware program 9 of USB main control chip safety management system C, coordinates usb host to the authentic authentication of USB device.
) authentic authentication of USB main control chip:
1. after usb host detects USB device, establish a communications link, the USB main control chip certificate manager 10 of USB device authentic authentication system D and the safety verification managed firmware program 9 of USB main control chip safety management system C conversate communication, obtain USB main control chip device certificate 15; And use the digital signature of the digital sign test proof of algorithm USB main control chip device certificate 15 in the Third Party Authentication PKI 13 in secret key safety memory cell 11 and authentication password algoritic module 12, confirm legitimacy and the integrality of chipset certificate 15; As not by digital signature authentication, directly disconnect the communication connection of usb host and USB device.
2. the USB main control chip certificate manager 10 of USB device authentic authentication system D starts USB device enumeration process, obtain USB device type declarations from USB main control chip, the device type in this USB device type declarations and USB main control chip device certificate 15 is illustrated and compares; If device type is consistent, then continue the normal enumeration process of USB device; As device type is inconsistent, directly disconnect the communication connection of usb host and USB device.
Claims (1)
1. the USB device authentic authentication device of a USB control chip level, it is characterized in that, it generates management system (B), USB main control chip safety management system (C) and USB device authentic authentication system (D) by Third Party Authentication authentication management system (A), USB main control chip device certificate and forms; Described Third Party Authentication authentication management system (A) is signed and issued manager (3) by Authorization Manager (1), licencing key algoritic module (2) and USB main control chip device certificate and is formed, and comprises hash algorithm, Digital Signature Algorithm and digital sign test algorithm in licencing key algoritic module (2); Described USB main control chip device certificate generates management system (B) and is made up of system password algoritic module (4) and chipset certificate generator (5), and system password algoritic module comprises hash algorithm and Digital Signature Algorithm in (4); Described USB main control chip safety management system (C) is made up of chip secure memory cell (6), chip cryptographic algorithm hardware module (7), safe self-inspection read-only memory bootstrap (8) and safety verification managed firmware program (9), and chip cryptographic algorithm hardware module (7) comprises hard-wired hash algorithm and digital sign test algorithm; Described USB device authentic authentication system (D) is made up of USB main control chip certificate manager (10), secret key safety memory cell (11) and authentication password algoritic module (12), comprises digital sign test algorithm in authentication password algoritic module (12); Third Party Authentication authentication management system (A) is the system that third-party chip testing agency uses, and completes the Certificate Authority function to system USB main control chip safety management system (C) and USB device authentic authentication system (D); It is the system that USB main control chip production firm uses that USB main control chip device certificate generates management system (B), completes generation and the management work of USB main control chip device certificate (15); USB main control chip safety management system (C) is built in the USB main control chip of USB device, completes safe self-inspection and the safety verification function of USB device main control chip; USB device authentic authentication system (D) is built in usb host controller or is realized by individual chips, completes usb host to the authentic authentication of USB device and safe handling authentication function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201520198837.1U CN204578548U (en) | 2015-04-03 | 2015-04-03 | A kind of USB device authentic authentication device of USB control chip level |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201520198837.1U CN204578548U (en) | 2015-04-03 | 2015-04-03 | A kind of USB device authentic authentication device of USB control chip level |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN204578548U true CN204578548U (en) | 2015-08-19 |
Family
ID=53871135
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201520198837.1U Expired - Fee Related CN204578548U (en) | 2015-04-03 | 2015-04-03 | A kind of USB device authentic authentication device of USB control chip level |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN204578548U (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105868640A (en) * | 2016-04-04 | 2016-08-17 | 张曦 | Hard disk firmware attack preventing system and method |
| CN115314188A (en) * | 2022-10-11 | 2022-11-08 | 北京紫光青藤微系统有限公司 | Decoding device, authentication method for decoding device and mobile terminal |
-
2015
- 2015-04-03 CN CN201520198837.1U patent/CN204578548U/en not_active Expired - Fee Related
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105868640A (en) * | 2016-04-04 | 2016-08-17 | 张曦 | Hard disk firmware attack preventing system and method |
| CN115314188A (en) * | 2022-10-11 | 2022-11-08 | 北京紫光青藤微系统有限公司 | Decoding device, authentication method for decoding device and mobile terminal |
| CN115314188B (en) * | 2022-10-11 | 2022-12-09 | 北京紫光青藤微系统有限公司 | Decoding device, authentication method for decoding device and mobile terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106161024A (en) | A kind of USB device authentic authentication method of USB control chip level and system thereof | |
| CN102646077B (en) | A kind of method of the full disk encryption based on credible password module | |
| CN103038745B (en) | Extension integrity measurement | |
| CN111245597B (en) | Key management method, system and equipment | |
| CN109858265A (en) | A kind of encryption method, device and relevant device | |
| CN105303094B (en) | The safety of a kind of USB main control chip is from check system and from proved recipe method | |
| CN102262599B (en) | Trusted root-based portable hard disk fingerprint identification method | |
| CN108173659B (en) | Certificate management method and system based on UKEY equipment and terminal equipment | |
| CN105447390A (en) | Digital certificate system based software version trusted management method | |
| CN110730159B (en) | TrustZone-based secure and trusted hybrid system starting method | |
| CN101739622A (en) | Trusted payment computer system | |
| CN109190401A (en) | A kind of date storage method, device and the associated component of Qemu virtual credible root | |
| CN105046138A (en) | FT-processor based trust management system and method | |
| CN107294710A (en) | A kind of key migration method and device of vTPM2.0 | |
| CN110874726A (en) | TPM-based digital currency security protection method | |
| CN111160879A (en) | Hardware wallet and security improving method and device thereof | |
| CN204578548U (en) | A kind of USB device authentic authentication device of USB control chip level | |
| CN110737725A (en) | Electronic information inspection method, device, equipment, medium and system | |
| CN105933117A (en) | Data encryption and decryption device and method based on TPM (Trusted Platform Module) key security storage | |
| CN103346883A (en) | Method and device for initializing electronic signature tool | |
| CN101582765A (en) | User bound portable trusted mobile device | |
| CN117574403A (en) | Photovoltaic embedded system access control method and system based on trusted computing | |
| WO2023160705A1 (en) | Component authentication method and apparatus | |
| CN201498001U (en) | Credible calculation platform based on symmetrical key codes | |
| CN116707885A (en) | Secure and trusted starting method and system for generating random key based on TPCM |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150819 |