CN204948361U - A kind of information safety protection terminal - Google Patents
A kind of information safety protection terminal Download PDFInfo
- Publication number
- CN204948361U CN204948361U CN201520670652.6U CN201520670652U CN204948361U CN 204948361 U CN204948361 U CN 204948361U CN 201520670652 U CN201520670652 U CN 201520670652U CN 204948361 U CN204948361 U CN 204948361U
- Authority
- CN
- China
- Prior art keywords
- pin
- safety protection
- port
- information safety
- serial ports
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The utility model discloses a kind of information safety protection terminal, comprise primary processor and WIFI module, primary processor is integrated with USB port, SD card port, serial ports and System on Chip/SoC; System on Chip/SoC connects USB port, SD card port, serial ports and WIFI module, and WIFI module is connected with router communication; The data pin of USB port, SD card port, serial ports and/or detection pin ground connection; The WIFI password of input is converted to secondary password and is transferred to WIFI module by System on Chip/SoC, also detects the operating state of USB port, SD card port, serial ports; WIFI password after encryption sends to router to carry out network connection by WIFI module; Make information safety protection terminal can only connect default network, and the data in information safety protection terminal can not be copied out, data can not be copied in information safety protection terminal by port, have rejected information leakage, improve Information Security.
Description
Technical field
The utility model relates to field of terminal technology, particularly a kind of information safety protection terminal.
Background technology
Mobile terminal, as panel computer, mobile phone are quite universal, belongs to ordinary consumption electronic product.There is the not high problem of level of security in ordinary consumption electronic product.Because Android panel computer/mobile phone has feature richness, related industry chain is perfect, and extensibility is strong, and the advantages such as development rate is fast, make Android panel computer have an opportunity to move towards industry flat board/mobile phone.Finance as customized to bank is dull and stereotyped, dull and stereotyped to the business handling of insurance company's customization, to three anti-flat boards of the particular surroundings customizations such as colliery etc.
Such as, army, national defence or other military establishment also start, for soldier configures panel computer, can enrich the entertainment life of soldier, simultaneously also provide a new on-line study approach to soldier.Also use the security row of panel computer to propose stricter requirement to soldier simultaneously.As needs ensure that army's inside information can not leak, will guarantee that the place of panel computer beyond army with extraneous, data interaction does not occur by any approach; Meanwhile, the data irrelevant with army can not be transmitted arbitrarily in army inside panel computer or download related data.Current panel computer can not reach these requirements
Therefore, be necessary to improve prior art.
Utility model content
In view of above-mentioned the deficiencies in the prior art part, the purpose of this utility model is to provide a kind of information safety protection terminal, to solve the problem that existing terminal can not carry out information safety protection.
In order to achieve the above object, the utility model takes following technical scheme:
A kind of information safety protection terminal, be connected with router, it comprises: primary processor and WIFI module;
Described primary processor is integrated with USB port, SD card port, serial ports and System on Chip/SoC;
The data pin of described USB port, SD card port, serial ports and/or detection pin ground connection; The WIFI password of input is converted to secondary password and is transferred to WIFI module by described System on Chip/SoC, also detects the operating state of USB port, SD card port, serial ports; WIFI password after encryption sends to router to carry out network connection by described WIFI module;
Described System on Chip/SoC connects USB port, SD card port, serial ports and WIFI module, and described WIFI module is connected with router communication.
In described information safety protection terminal, described primary processor adopts model to be the processor of RK3066.
In described information safety protection terminal, the OTG_DM pin of described USB port, OTG_DP pin, the equal ground connection of OTG_ID pin.
In described information safety protection terminal, the GPIO3_B0/SDMMC0_CLKO pin of described SD card port, GPIO3_B1/SDMMC0_CMD pin, GPIO3_B2/SDMMC0_D0 pin, GPIO3_B3/SDMMC0_D1 pin, GPIO3_B4/SDMMC0_D2 pin, GPIO3_B5/SDMMC0_D3 pin, the equal ground connection of GPIO3_B6/SDMMC0_DET pin.
In described information safety protection terminal, the GPIO1_B0/UART2_RX pin of described serial ports, the equal ground connection of GPIO1_B1/UART2_TX pin.
Compared to prior art, the information safety protection terminal that the utility model provides, comprises primary processor and WIFI module, described primary processor is integrated with USB port, SD card port, serial ports and System on Chip/SoC; By by the data pin of described USB port, SD card port, serial ports and/or detect pin ground connection; Be converted to secondary password by the WIFI password of described System on Chip/SoC by input and be transferred to WIFI module, also detecting the operating state of USB port, SD card port, serial ports; WIFI password after encryption sends to router to carry out network connection by described WIFI module; Make information safety protection terminal can only connect default network, avoid connecting other networks and cause information leakage; Further, the data in information safety protection terminal can not be copied out, data can not be copied in information safety protection terminal by these ports, have rejected information leakage, improve Information Security.
Accompanying drawing explanation
The structured flowchart of the information safety protection terminal that Fig. 1 provides for the utility model embodiment;
The circuit diagram of USB port, SD card port, serial ports in the information safety protection terminal that Fig. 2 provides for the utility model embodiment.
Embodiment
The utility model provides a kind of information safety protection terminal, is applied to the panel computer field high to safety requirements, as financial panel computer field, and the business handling panel computer that government bodies, certificates handling building use, army uses; It can only connect default network and check intranet resources, can not access the resource of other any network environments; And this network can not be connected by other equipment (as mobile phone and ordinary flat computer); Relevant interface, port (as USB interface, TF-card, serial ports) are processed simultaneously, make it can not carry out data interaction etc. with the external world.For making the purpose of this utility model, technical scheme and effect clearly, clearly, referring to the accompanying drawing embodiment that develops simultaneously, the utility model is further described.Should be appreciated that specific embodiment described herein only in order to explain the utility model, and be not used in restriction the utility model.
Please refer to Fig. 1 and Fig. 2, the information safety protection terminal that the utility model embodiment provides is connected with router radio communication, and it comprises WIFI module 100 and primary processor 200.WIFI module is connected with router radio communication, and described primary processor 200 connects WIFI module.Described primary processor 200 for forbid each port, serial ports communication data transfer, also the WIFI password of input is carried out to some grades and encrypts and be transferred to WIFI module.WIFI module 100(is prior art) send to router to carry out network connection in the WIFI password after encryption.Described information safety protection terminal comprises panel computer, mobile phone etc.Following for panel computer.
In the present embodiment, described primary processor 200 is models is RK3066(RK3066-H), it is integrated with USB port 201, SD card port 202(or TF card port; TF card and SD card are all as storage card, and both dimensionss are different to coordinate the storage card slot of different size), serial ports 203 and System on Chip/SoC 204.Described System on Chip/SoC 204 connects USB port 201, SD card port 202 and serial ports 203.
The WIFI password of input is converted to secondary password and is transferred to WIFI module 100 by described System on Chip/SoC 204.For the WIFI data link that uniquely can be connected with the external world, the present embodiment carries out some grades of encryptions to WIFI password, preferably for secondary is encrypted, is also symmetric cryptography again.
In prior art, after arranging WIFI password for common router, panel computer can pass through this password connection route device of input, thus accesses network resource.And the present embodiment all adds corresponding System on Chip/SoC 204 in panel computer and router, its inside is provided with corresponding cryptographic algorithm f (x).The detailed process of symmetric cryptography process is again:
Panel computer end arranges after interface finds corresponding router at the Android ejected by System on Chip/SoC 204, and the WIFI password A arranged in the router is filled up in the dialog box that WIFI connects by user.This WIFI password (being assumed to A) is converted to secondary password f (A) and is transferred to WIFI module 100 by System on Chip/SoC 204, and secondary password f (A) is passed to router by WIFI module 100.Be provided with identical System on Chip/SoC 204 in router, it carries out cipher authentication to the secondary password f (A) that reality uses.The WIFI password that user sees in the web interface that System on Chip/SoC 204 ejects is A.And the WIFI password that router really needs is f (A), therefore can successfully connect.
Such as, as f (x)=AxB, time, if the WIFI password of input is " 12345678 ", the secondary password calculated by System on Chip/SoC 204 conversion is " A12345678B ".Such router and the inner secondary password " A12345678B " of directly passing through of panel computer carry out cipher authentication, instead of the password that user sees " 12345678 ".
In the specific implementation, also can adopt other cryptographic algorithm, calculate as once encrypted again secondary password and decode difficulty to increase, improve networking fail safe.This is not restricted herein.
By above-mentioned encryption, only need install the router adding System on Chip/SoC in internal network, panel computer connects this kind of router, just can access intranet resources.Owing to using bi-directional symmetrical cipher mode, panel computer can not connect other ordinary routers, if because WIFI password f (x) after encryption is connected ordinary router by panel computer, and the password of ordinary router is not through the x of symmetric cryptography, both do not mate, and cannot connect.
Meanwhile, because internal network uses the router adding System on Chip/SoC, ordinary flat computer and mobile phone will not connect this kind of router by password x.Because the actual password that router uses is f (x), so ensure that army's internal network can not by other ordinary terminal connected references.
In the present embodiment, forbid each port, the communication data transfer of serial ports is foundation least privilege distribution principle, hardware configuration stops transfer of data to respective pins (data wire and/or the detection line) ground connection of USB port 201, SD card port 202, serial ports 203, the peripheral hardware that these ports of System on Chip/SoC identification connect can also be forbidden, to guarantee fundamentally to forbid with upper port.Described System on Chip/SoC 204 also detects the operating state of USB port 201, SD card port 202, serial ports 203; Be specially:
Forbid usb data communication function, USB port 201 can only be used for, to panel computer charging, can not being used for transfer of data.Forbid SD card (or TF card) function, even if SD card (or TF card) inserts SD(or TF) draw-in groove, panel computer can not identify that SD card (or TF card) blocks, in case stop-pass crosses SD card (or TF card) copies data to panel computer, or from panel computer copies data to TF card.Forbid serial communication function, serial data cannot transmit.
See also Fig. 2, to respective pins (data wire and the detection line) ground connection of port specifically as shown in Figure 2.
The OTG_DM pin of described USB port 201, OTG_DP pin, the equal ground connection of OTG_ID pin; Other pins connect (not doing example in figure) according to existing mode.By by the data pin (AB16, AC16) of USB port 201 and detection pin (AB4) ground connection, usb data can not be communicated, even if insert USB device also can not download or upload any data.And the voltage pin (as USBVDD) of USB port 201 keeps existing connected mode, can guarantee that the charge function of USB normally carries out.
The GPIO3_B0/SDMMC0_CLKO pin of described SD card port 202, GPIO3_B1/SDMMC0_CMD pin, GPIO3_B2/SDMMC0_D0 pin, GPIO3_B3/SDMMC0_D1 pin, GPIO3_B4/SDMMC0_D2 pin, GPIO3_B5/SDMMC0_D3 pin, the equal ground connection of GPIO3_B6/SDMMC0_DET pin.Make SD card not carry out data communication the data pin (M21, U23, T21, K20) of SD card, clock pin (U22), control pin (P22), detection pin (L20) ground connection by direct, also can not identify even if insert SD card.
The GPIO1_B0/UART2_RX pin of described serial ports 203, the equal ground connection of GPIO1_B1/UART2_TX pin.By data pin (N22, AB19) ground connection by serial ports 203, serial data can not be communicated.
Further, also any port except WIFI can be forbidden from Android inner nuclear layer, from the Android kernel of System on Chip/SoC 204, namely remove the driver of corresponding port, thus the use of corresponding peripheral hardware or card (as SD card, TF card) can be avoided.
In sum, the information safety protection terminal that the utility model provides, by increase System on Chip/SoC, WIFI password A is converted to f (A) and imports router certification again into, make terminal (i.e. information safety protection terminal) that default network can only be connected, and other any networks can not be connected; Simultaneously owing to too increasing corresponding System on Chip/SoC in router, the default network at this router place can only be connected by the terminal adding System on Chip/SoC equally, and can not by other equipment connections.Simultaneously, relevant pins earthing mode be have disabled other ports except wifi data link by the present invention's employing, make the data in terminal not to be copied out, can not data be copied in terminal by these ports, improve the fail safe of terminal and dedicated network.
Be understandable that; for those of ordinary skills; can be equal to according to the technical solution of the utility model and utility model design thereof and replace or change, and all these change or replace the protection range that all should belong to the claim appended by the utility model.
Claims (5)
1. an information safety protection terminal, is connected with router, it is characterized in that, comprising: primary processor and WIFI module;
Described primary processor is integrated with USB port, SD card port, serial ports and System on Chip/SoC;
The data pin of described USB port, SD card port, serial ports and/or detection pin ground connection; The WIFI password of input is converted to secondary password and is transferred to WIFI module by described System on Chip/SoC, also detects the operating state of USB port, SD card port, serial ports; WIFI password after encryption sends to router to carry out network connection by described WIFI module;
Described System on Chip/SoC connects USB port, SD card port, serial ports and WIFI module, and described WIFI module is connected with router communication.
2. information safety protection terminal according to claim 1, is characterized in that, described primary processor adopts model to be the processor of RK3066.
3. information safety protection terminal according to claim 1, is characterized in that, the OTG_DM pin of described USB port, OTG_DP pin, the equal ground connection of OTG_ID pin.
4. information safety protection terminal according to claim 1; it is characterized in that, the GPIO3_B0/SDMMC0_CLKO pin of described SD card port, GPIO3_B1/SDMMC0_CMD pin, GPIO3_B2/SDMMC0_D0 pin, GPIO3_B3/SDMMC0_D1 pin, GPIO3_B4/SDMMC0_D2 pin, GPIO3_B5/SDMMC0_D3 pin, the equal ground connection of GPIO3_B6/SDMMC0_DET pin.
5. information safety protection terminal according to claim 1, is characterized in that, the GPIO1_B0/UART2_RX pin of described serial ports, the equal ground connection of GPIO1_B1/UART2_TX pin.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201520670652.6U CN204948361U (en) | 2015-09-01 | 2015-09-01 | A kind of information safety protection terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201520670652.6U CN204948361U (en) | 2015-09-01 | 2015-09-01 | A kind of information safety protection terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN204948361U true CN204948361U (en) | 2016-01-06 |
Family
ID=55015745
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201520670652.6U Active CN204948361U (en) | 2015-09-01 | 2015-09-01 | A kind of information safety protection terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN204948361U (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110737551A (en) * | 2018-07-20 | 2020-01-31 | 北京君正集成电路股份有限公司 | method and device for communication between upper computer and lower computer |
| CN110737582A (en) * | 2018-07-20 | 2020-01-31 | 北京君正集成电路股份有限公司 | OTG port-based detection method and device |
| CN110737583A (en) * | 2018-07-20 | 2020-01-31 | 北京君正集成电路股份有限公司 | method and device for testing test code |
-
2015
- 2015-09-01 CN CN201520670652.6U patent/CN204948361U/en active Active
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110737551A (en) * | 2018-07-20 | 2020-01-31 | 北京君正集成电路股份有限公司 | method and device for communication between upper computer and lower computer |
| CN110737582A (en) * | 2018-07-20 | 2020-01-31 | 北京君正集成电路股份有限公司 | OTG port-based detection method and device |
| CN110737583A (en) * | 2018-07-20 | 2020-01-31 | 北京君正集成电路股份有限公司 | method and device for testing test code |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103826221B (en) | Encryption communication method, related system and method based on bluetooth | |
| TW201723949A (en) | Disabling mobile payments for lost electronic devices | |
| CN204948361U (en) | A kind of information safety protection terminal | |
| CN104216761B (en) | It is a kind of that the method for sharing equipment is used in the device that can run two kinds of operating system | |
| CN109714166A (en) | A kind of mobile distribution method, system, terminal and storage medium based on quantum key | |
| CN106465044A (en) | Wireless power transfer with improved device identification and signaling link security | |
| CN106411865A (en) | Data transmission method and device, and terminal | |
| CN203659017U (en) | USB interface lock | |
| CN105068955A (en) | Local bus structure and data interaction method | |
| CN105592459B (en) | Safety certification device based on wireless communication | |
| CN102098160B (en) | Dynamic password and digital certificate based double-factor authentication security token device | |
| CN109739791A (en) | A kind of universal safety trusted interface card of PCIE and MINIPCIE double nip | |
| CN110601843A (en) | Internet of things terminal security protection system based on trusted computing | |
| CN109960851A (en) | A kind of data transmission method and Handshake Protocol circuit based on different voltages domain | |
| CN107437997A (en) | A kind of frequency communication devices and method | |
| CN202406118U (en) | Intelligent cipher key and electronic transaction system | |
| CN105743855B (en) | A kind of safety control system of Internet application equipment and its distribution, application method | |
| CN104102870B (en) | Electron underwriting authentication expansion equipment and information processing method | |
| CN204291001U (en) | There is the near field communication tag of encipherment protection and applicable near-field communication control system | |
| CN104102869B (en) | Electron underwriting authentication expansion equipment and information processing method | |
| CN204990547U (en) | A device is opened to invoice for taxation control system | |
| CN103118367B (en) | System and method for safety certification of mobile phones | |
| CN205318283U (en) | Special isolation equipment mainboard based on explain 410 majestic treaters and shen wei nest plate | |
| CN2914500Y (en) | Portable and reliable platform module | |
| CN203243339U (en) | Data transmission system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |