CN2906756Y - Secure data transmission device - Google Patents
Secure data transmission device Download PDFInfo
- Publication number
- CN2906756Y CN2906756Y CN 200620012951 CN200620012951U CN2906756Y CN 2906756 Y CN2906756 Y CN 2906756Y CN 200620012951 CN200620012951 CN 200620012951 CN 200620012951 U CN200620012951 U CN 200620012951U CN 2906756 Y CN2906756 Y CN 2906756Y
- Authority
- CN
- China
- Prior art keywords
- module
- equipment
- memory
- data security
- transmission equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Landscapes
- Computer And Data Communications (AREA)
Abstract
The utility model relates to a data secure transmission equipment, in particular to an apple computer-based data secure transmission equipment. In order to solve the data secure transmission problem of the apple computer, the apple computer-based data secure transmission equipment provided by the utility model comprises a CPU, an interface chip and a memory. A communication protocol module which can analyze the communication protocol of the apple computer operating system and a security module for the data security protection are arranged in the memory. The communication protocol module positioned in the memory is connected with the CPU; the security module positioned in the memory is connected with the CPU. The apple computer-based data secure transmission is realized in the software protection and personal identification field through adding the communication protocol module and the security module to the memory.
Description
Technical field
The utility model relates to a kind of data security transmission equipment, relates to a kind of data security transmission equipment based on Macintosh especially, belongs to the data security transmission field.
Background technology
Various PCs have been come into huge numbers of families, are enriching people's life, but also have a very important strength dominating some important aspects of computer realm, Here it is Apple Computers.In the heart one to the synonym that is the graph image professional application, the floating-point operation ability that it possessed is considerably beyond common PC people for Apple Computers.In fields such as publication, design, animation and video editings, Macintosh is to take the course of its own.Simultaneously, Macintosh from honorable high-end product adaption demand progressively, moves towards the request for utilization that low-end product satisfies people.The user of Macintosh also faces information security the same with common pc user and software copyright problem certainly.
Along with the continuous development of Macintosh, constantly arise towards the software of each application or industry requirement.But which kind of outstanding software no matter, the technology of its internal core is the lifeblood of this software often, in case stolen by other people or by bootlegging, the economic loss that is subjected to thus is inestimable.The copyright protection product of software plays an important role in the software copyright protection field as a kind of information safety devices, and it protects software developer's interests, additional income, and the interests of protection validated user can also the Control Software distribution.The piracy that can face after preventing to sell, the problems such as software cost of use of taking in that can not be regular.
Along with popularizing of internet, the rise of ecommerce, E-Government, increasing people begin to attempt online transaction, more and more informational needs that relate to individual privacy and secret of the trade pass through network delivery, yet deliberate threats such as virus, hacker, phishing and the counterfeit swindle of webpage have brought great challenge for the security of online transaction.The network crime that emerges in an endless stream; caused the trust crisis of people to network identity; how to prove " Who Am I? " and problem becomes again the focus that people pay close attention to how to prevent that identity from falsely using etc.; as the matter of utmost importance in the network security---authentication/identification, its safety guarantee is extremely urgent.
Therefore, in the world of Macintosh, still be necessary to design a kind of data security transmission equipment, satisfy the identification requirement of Macintosh user in the ecommerce E-Government, and solve the software copyright protection problem that is applied to Macintosh.
The utility model content
(1) technical matters that will solve
The utility model wants the technical solution problem to provide a kind of equipment that transmits based on the data security of Macintosh operating system (MACOS).
MACOS (Mac Operating System Macintosh operating system)
(2) technical scheme
In order to achieve the above object, the utility model provides a kind of data security transmission equipment based on Macintosh, and this equipment comprises:
Comprise a central processing unit; a storer; an interface module; also comprise a Macintosh operating system communication protocol module and a security module in the equipment; communication protocol module is used for the communication protocol of Macintosh operating system is resolved; security module is used to provide data security protecting, and communication protocol module is positioned at memory inside and is connected with described central processing unit, and security module is positioned at memory inside and is connected with described central processing unit.
Security module is the software protection module, and the software protection module is used to provide software cryptography.
Security module can also be an identification module, and identification module is used to preserve user's sensitive data.
The central processing unit of the said equipment, interface chip and storer are integrated in a microcontroller chip.
Central processing unit of the said equipment and storer are integrated in a microcontroller chip.
Above-mentioned microcontroller chip is an intelligent card chip.
The above-mentioned equipment that contains intelligent card chip also comprises flash memories, and flash memories is connected with microcontroller chip.
Central processing unit and storer also can be integrated in the single-chip microcomputer.
The storer of the said equipment is any in random access memory, ROM (read-only memory), electronics EPROM (Erasable Programmable Read Only Memory), the EPROM (Erasable Programmable Read Only Memory).
(3) beneficial effect
The utility model has comprised the storer of the communication module that can resolve the communication protocol of MACOS by employing; the data transmission set of interface module and storer is connected the line data transmission of going forward side by side with Macintosh; the algorithm routine that is preset in storer by the CPU operation is encrypted with communicating by letter of Macintosh the user; realized data security transmission based on Macintosh; and then realize software protection and identification, have simple in structure, easy to use, steady performance simultaneously.
Description of drawings
Fig. 1 is the workflow diagram of embodiment 1 in the utility model;
Fig. 2 is the workflow diagram of embodiment 2 in the utility model;
The hardware block diagram that single MCU scheme shown in Figure 3 is embodiment 2;
MCU shown in Figure 4 adds the hardware block diagram of interface chip solution for embodiment 3;
MCU shown in Figure 5 adds the interface chip and memory approaches is the hardware block diagram of embodiment 1.
Embodiment
First kind of preferred embodiment of the present utility model provides a kind of software protection equipment (or being called encryption lock) that is applied to Macintosh.With USB interface equipment is example.
As shown in Figure 5; described software protection equipment 502 comprises interface module 503, MCU (the Micro-Controller Unit that connects in turn; micro controller unit) 505 and extended memory 504; described extended memory can be selected RAM, ROM, EPROM, FLASH etc. arbitrarily for use, is used to store corresponding cryptographic algorithm.Storer should have enough storage spaces, is used to store the cryptographic algorithm that presets, and perhaps can be selected or download algorithm by the user, and the words of storage area personal code work need enough big storage space if desired, can be in-chip FLASHs etc.
MCU505 comprises communication protocol module 506 and the security module 507 under the MACOS among the figure.506 modules are finished the parsing at the communication protocol of MACOS, and security module 507 is used to provide data security protecting, and security module 507 is the software protection module in the present embodiment.
Firmware program partly comprises: identification division, the equipment wait of equipment and data, device parses and deal with data, the equipment that receives from main frame are returned to host data and wait for that next bar instruction and equipment disconnect the coupling part with main frame.Equipment is discerned by main frame, and the information of the register by being built in MCU inside is set up being connected of main frame and equipment.
In the said procedure, the communications portion of equipment and main frame is the core, below in conjunction with Fig. 1 the communication process of equipment and main frame is described in detail.
At first, equipment has been finished initialization, by step 102 main frame the product identification of the manufacturer of equipment has been verified again through step 101 main frame, if correct, equipment execution in step 103, otherwise forwarded for 110 being connected to equipment disconnection and main frame.Verify user password in the step 103, if it is correct, equipment waits for the order of self-application with execution in step 104, otherwise also forward step 110 to, equipment execution in step 104 receives after the order, resolve command is also carried out step 105 according to different application requirements and is carried out data encrypting and deciphering, perhaps step 106 operation of presetting the code operational data.Data processing finishes afterwards data to be returned to enter step 107, wait for the order of self-application, if use and to no longer include response, then enter step 110, disconnect and being connected of main frame, otherwise, if also have new order, then forward step 108 to, if through judging sign off, then execution in step 109 disconnects and being connected of main frame equipment, continues wait and takes orders otherwise forward step 104 to.
Below the code operational data is preset in utilization is that the function of performing step 106 is described further.
Equipment is as the device that software cryptography is provided.Can be used to preserve the part segment of user software, guarantee the safety of this part segment, and be not read out, and make it to come Control Software to guarantee its legal operation with this in device interior operation and mutual with external software.This equipment and external program are frequent alternately, and computing velocity and communication speed are important speed ability indexs.
According to the function of this embodiment, the software protection function that can be achieved as follows:
1. acquisition facility information, this information refers to the information of this device.These information stores offer the function of the equipment of user's memory and identification oneself in internal storage.As step 102.
2. format, the user can format this device, through making all settings and data return to factory state after the format.
3. written document, this class file comprises user's code snippet, perhaps needed data during this segment operation.
4. read file, this class file can be the data file in code snippet when operation but not be this code snippet itself.
5. operating file, this class file just is meant the code snippet that the user writes, and allows these code snippets move in this equipment and guarantees all data of its operation and memory information is retained in equipment with interior and return results only.
6. encryption and decryption offers the user and carries out encryption and decryption such as user data RSA, DES, 3DES in hardware inside, and the encryption and decryption result is returned to the user.
Preset and also comprise software protection application interface function in the code, described software protection application interface function is the interface level between software protection equipment and the 3rd side use, and this application interface function is mainly used by the developer, and following function mainly is provided:
1. open equipment, open the handle of this equipment, set up communication channel with this equipment.
2. closing device when equipment is prepared not re-use, is removed the handle and the status information of equipment of this equipment.
3. send order, this is the core of this protected software product, and realization is provided with work, i.e. the realization of all software protection functions to all of this device.
The main effect of software protection equipment is that the defence program part can not appear in the internal memory of main frame, and the benefit of bringing like this is:
1. prevent the illegal copies of program, it is exactly incomplete that the program on the main frame is left the software protection key, and the distribution of software must have the existence of software protection key.
2. the program that prevents is illegally followed the tracks of or is debugged, and the code of the pith of software can not operate in the main frame, and all debugging softwares all can't obtain the running status of this section program.
3. prevent that by dump the situation that software the most easily is cracked is it in operation, traditional software that adds the shell protection is often reduced code return under the situation of core dump.
4. prevent decompiling, no matter how high the technology of decompiling have, and all can't obtain the code snippet of this embodiment device inside, therefore can't realize the complete function of its software itself.
Second kind of preferred embodiment of the present utility model provides a kind of user identity identification equipment (or being called the authentication lock).It mainly is responsible for preserving user's sensitive data, as password, digital certificate etc.
The hardware components of identification apparatus as shown in Figure 3,301 is main frame among the figure, 302 is identification apparatus, 303 for being arranged on the MCU in the described identification apparatus, protocol part 304 and security module 305 under the MACOS that described MCU is inner integrated, wherein, 303 have comprised inner integrated CPU, interface chip and RAM storer, are built-in with algorithm among the described RAM.MCU303 partly comprises communication protocol module 304 and the security module 305 under the MACOS among the figure.304 modules are finished the parsing at the communication protocol of MACOS, and security module 305 is identification module in the present embodiment.Enough ram in slice spaces should be arranged among the described MCU, be used to preset algorithm, comprise RSA, DES, 3DES, MD5 algorithm etc., perhaps can select or download algorithm by the user, the words of storage area personal code work need enough big storage space if desired, can be in-chip FLASHs etc.Can select the chip of Cypress company for use.
The firmware program of identification apparatus part can the combined with intelligent card technique and modern password learn a skill, can support third party's algorithm to download, support multistage file management and visit.
Shown in Figure 2 as flow process.General function is: step 201 has been finished initialization for main frame to identification apparatus among Fig. 2, obtain the password A of user's input in the step 202 by identification apparatus, identification apparatus is read password and is obtained B through specific processing in the step 203 from the password storage district, in the step 204 A and B are compared, then authentication failure of difference, forward step 211 to, identification apparatus disconnects the connection with main frame, identically then distribute certain authority to give the user by identification apparatus, described this authority is associated with user's cryptographic levels, the user can authorize the application end operation in the identity allowed band, be order such as the step 205 that identification apparatus receives self-application, order is carried out dissection process such as step 206 data encryption processing and step 207 with presetting the code operational data, return to application then, execution in step 208 continues to wait for the order of self-application then.There is not to forward under the situation of legal response being connected of step 211 off device and main frame in application, otherwise receive the order of application layer, if judge the indication sign off by step 208, then arrive step 210 and disconnect this communication process of connection normal termination, continue to carry out otherwise forward step 205 to.Step 202, step 203, three modules of step 204 also can directly read password from identification apparatus, judge by host side whether password is correct.
Present embodiment can be achieved as follows function and comprise:
1. accesses network, id information and user authentication information by containing in the identification apparatus are used to land network.
2. be used to verify digital signature or proof with the identity of the sender of document of identify, and prevent to be distorted midway.
3. storage encrypted message, the stored user encrypted message prevents the risk that the user brings when manually inputing password.
4. telnet, the website of bank can utilize signing messages to discern the user and get legitimacy.
5. the visit of control documents can add access control information in some files, can prevent unauthorized access or operation under the situation of identification apparatus.
6. control logs on specific application system, and the developer can be used for this function the product of oneself, and this product can utilize the present embodiment device to land.
Be meant described in above-mentioned 3 that the encrypted message that comprises in the identification apparatus sends to main frame and is used for discerning the lock people information of holding.
Described presetting also comprises identification apparatus application interface function in the code, identification apparatus application interface function is the interface level between identification apparatus and the 3rd side use, this application interface function is mainly used by the developer, and described application interface function mainly provides following function:
1. open equipment, open the handle of this equipment, set up communication channel with this equipment.
2. closing device is removed the handle and the status information of equipment of this equipment when equipment is prepared not re-use.
3. send order, this is the core of identification apparatus, and realization is provided with work, i.e. the realization of the intelligent card function of all this identity identification equipments to all of this device.
The main effect of digital identity identification equipment is that the important sensitive data of protection can be read out outside the key apparatus in the internal memory as main frame never, and such benefit of bringing is:
1. the user can remember redundant cipher, and the password of safety is necessarily formed enough complicated character string by letter and number, and upgrades often, stores the trouble that encrypted message can be removed the user from identification apparatus.
2. the measures of double factor authentication is provided,, can bring risk to the user even a side of user's password or digital identity identification equipment loses.
3. key can not be derived, and has guaranteed the safety of user key.
4. algorithm is built-in.
The third embodiment of the present utility model, another kind of identification apparatus is provided, as shown in Figure 4, be provided with interface module 403 in the described identification apparatus 402, with the integrated CPU that is attached thereto and the MCU404 of storer, link to each other with main frame 401 by interface module, make that the realization of MCU part 404 can be simpler.404 parts also comprise 405 (protocol modules under the MACOS) and 406 (security modules).
Communicating by letter of main frame in the present embodiment and equipment is identical with embodiment 2, and realize and
Embodiment 2 identical functions.
More than to a kind of data security transmission equipment provided by the utility model, be described in detail, used specific case herein principle of the present utility model and embodiment are set forth, the explanation of above embodiment just is used for helping to understand method of the present utility model and realizing thought; Simultaneously, for one of ordinary skill in the art, according to thought of the present utility model, the part that all can change in specific embodiments and applications, in sum, this description should not be construed as restriction of the present utility model.
Claims (10)
1. data security transmission equipment; comprise a central processing unit; a storer; an interface module; it is characterized in that; also comprise a Macintosh operating system communication protocol module and a security module in the described equipment; described communication protocol module is used for the communication protocol of Macintosh operating system is resolved; described security module is used to provide data security protecting; described communication protocol module is positioned at described memory inside and is connected with described central processing unit, and described security module is positioned at described memory inside and is connected with described central processing unit.
2. data security transmission equipment as claimed in claim 1 is characterized in that, described security module is the software protection module, and the software protection module is used to provide software cryptography.
3. data security transmission equipment as claimed in claim 1 is characterized in that, described security module is an identification module, and identification module is used to preserve user's sensitive data.
4. as the described data security transmission equipment of arbitrary claim in the claim 1 to 3, it is characterized in that described central processing unit, interface module and storer are integrated in a microcontroller chip.
5. as the described data security transmission equipment of arbitrary claim in the claim 1 to 3, it is characterized in that described central processing unit and storer are integrated in a microcontroller chip.
6. data security transmission equipment as claimed in claim 4 is characterized in that described microcontroller chip is an intelligent card chip.
7. data security transmission equipment as claimed in claim 5 is characterized in that described microcontroller chip is an intelligent card chip.
8. as claim 6 or 7 described data security transmission equipments, it is characterized in that described equipment also comprises extended memory, described extended memory is connected with described microcontroller chip.
9. as the described data security transmission equipment of arbitrary claim in the claim 1 to 3, it is characterized in that described central processing unit and storer are integrated in the single-chip microcomputer.
10. data security transmission equipment as claimed in claim 1 is characterized in that, described storer is any in random access memory, ROM (read-only memory), electronics EPROM (Erasable Programmable Read Only Memory), the EPROM (Erasable Programmable Read Only Memory).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200620012951 CN2906756Y (en) | 2006-04-06 | 2006-04-06 | Secure data transmission device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200620012951 CN2906756Y (en) | 2006-04-06 | 2006-04-06 | Secure data transmission device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN2906756Y true CN2906756Y (en) | 2007-05-30 |
Family
ID=38115397
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200620012951 Expired - Lifetime CN2906756Y (en) | 2006-04-06 | 2006-04-06 | Secure data transmission device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN2906756Y (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302483A (en) * | 2016-08-19 | 2017-01-04 | 上海帜讯信息技术股份有限公司 | Decentralized management method and system |
| CN109359451A (en) * | 2018-11-12 | 2019-02-19 | 兴科迪科技(泰州)有限公司 | A kind of architecture based on security control box container, method and system |
-
2006
- 2006-04-06 CN CN 200620012951 patent/CN2906756Y/en not_active Expired - Lifetime
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302483A (en) * | 2016-08-19 | 2017-01-04 | 上海帜讯信息技术股份有限公司 | Decentralized management method and system |
| CN109359451A (en) * | 2018-11-12 | 2019-02-19 | 兴科迪科技(泰州)有限公司 | A kind of architecture based on security control box container, method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101878149B1 (en) | Device, system, and method of secure entry and handling of passwords | |
| CN101340281B (en) | Method and system for safe login input on network | |
| CN108055133B (en) | Key security signature method based on block chain technology | |
| JP5344716B2 (en) | Secure remote startup, boot, and login methods, systems, and programs from a mobile device to a computer | |
| CN109412812B (en) | Data security processing system, method, device and storage medium | |
| CN100437618C (en) | Portable information safety device | |
| WO2013176491A1 (en) | Method for authenticating web service user | |
| CN102111349A (en) | Security certificate gateway | |
| MY145949A (en) | Trusted computer platform method and system without trust credential | |
| CN101894235B (en) | Smart card security session system | |
| CN110598429B (en) | Data encryption storage and reading method, terminal equipment and storage medium | |
| Falcarin et al. | Exploiting code mobility for dynamic binary obfuscation | |
| CN112069555B (en) | Safe computer architecture based on double-hard-disk cold switching operation | |
| CN102024115B (en) | Computer with user security subsystem | |
| CN100334519C (en) | Method for establishing credible input-output channels | |
| CN106203141A (en) | The data processing method of a kind of application and device | |
| CN102831335A (en) | Safety protecting method and safety protecting system of Windows operating system | |
| CN1755572A (en) | Computer security startup method | |
| CN2906756Y (en) | Secure data transmission device | |
| CN100543762C (en) | Computer-aided design data encryption protecting method based on hardware environment | |
| CN100574192C (en) | A kind of information safety devices and communication means thereof based on usb protocol | |
| CN2927185Y (en) | Data safety transmission equipment | |
| KR20100048323A (en) | Apparatus for and method of securing keyboard to evade stealth sniffing | |
| Nosrati et al. | Security assessment of mobile-banking | |
| CN102098282B (en) | Secure encryption method for database |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: FEITIAN CHENGXIN TECHNOLOGIES CO., LTD. Free format text: FORMER NAME: BEIJING FEITIAN CHENGXIN SCIENCE + TECHNOLOGY CO. LTD. |
|
| CP03 | Change of name, title or address |
Address after: 100085 Beijing city Haidian District Xueqing Road No. 9 Ebizal building B block 17 layer Patentee after: Feitian Technologies Co., Ltd. Address before: 100083, Haidian District, Xueyuan Road, No. 40 research, 7 floor, 5 floor, Beijing Patentee before: Beijing Feitian Chengxin Science & Technology Co., Ltd. |
|
| CX01 | Expiry of patent term |
Granted publication date: 20070530 |
|
| EXPY | Termination of patent right or utility model |