CN100452003C - Information safety apparatus having multiple interface and capable of being automatically installed and controlling method therefor - Google Patents
Information safety apparatus having multiple interface and capable of being automatically installed and controlling method therefor Download PDFInfo
- Publication number
- CN100452003C CN100452003C CNB2007100640135A CN200710064013A CN100452003C CN 100452003 C CN100452003 C CN 100452003C CN B2007100640135 A CNB2007100640135 A CN B2007100640135A CN 200710064013 A CN200710064013 A CN 200710064013A CN 100452003 C CN100452003 C CN 100452003C
- Authority
- CN
- China
- Prior art keywords
- safety devices
- information safety
- main frame
- module
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 70
- 230000008569 process Effects 0.000 claims abstract description 45
- 238000004891 communication Methods 0.000 claims description 32
- 238000013461 design Methods 0.000 claims description 21
- 238000002224 dissection Methods 0.000 claims description 11
- 238000012545 processing Methods 0.000 claims description 10
- 238000009434 installation Methods 0.000 claims description 5
- 230000006870 function Effects 0.000 description 19
- 230000000875 corresponding effect Effects 0.000 description 15
- 230000015654 memory Effects 0.000 description 12
- 238000007726 management method Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 3
- 239000008358 core component Substances 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000018109 developmental process Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004880 explosion Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 101100489713 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) GND1 gene Proteins 0.000 description 1
- 101100489717 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) GND2 gene Proteins 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000033772 system development Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Landscapes
- Stored Programmes (AREA)
Abstract
This invention provides one information safety device with multiple interface and its control method, wherein, the device comprises USB interface module, judgment module, control module, SCSI agreement process module, free agreement process module, automatic operation module, information safety module and at least two USB interfaces; the method comprises the following steps: the connecting the safety device with host machine through USB interface; judging the said interface and to determine its relative interface agreement and host machine to express self device type to host machine; if the agreement is of SCSI agreement, automatically starting the operating Autorun program and if it is of free agreement, then accordingly executing information safety operation. This invention information safety device realizes multiple interfaces and automatic fix function.
Description
Technical field
The present invention relates to information security field, particularly a kind of many interfaces and information safety devices and the control method thereof that can install automatically.
Background technology
In recent years, along with the fast development of Internet technology and ecommerce, increasing commercial activity was transferred on the network and was carried out, for example, and the office of online government, Web bank and shopping online or the like.Meanwhile, more and more informational needs that relate to individual privacy and secret of the trade pass through network delivery.Yet deliberate threats such as virus, hacker and the counterfeit swindle of webpage have brought great challenge for the security of online transaction, cause network security problem to become very important.
Information safety devices (abbreviation equipment) is a kind of small hardware device that has processor and storer, and it is connected with main frame by the data communication interface of computing machine.It has key generation, safe storage key, presets functions such as cryptographic algorithm.The information safety devices computing relevant with key be fully at the device internal operation, and information safety devices has anti-characteristic of attacking, and security is high.Because information safety devices generally links to each other with computing machine by USB interface, so information safety devices is commonly called USB KEY or USB Token.Information safety devices manufacturer, software system development merchant or final user can store some important informations in the information safety devices into, in order to guarantee security or to prevent to forget.At present, the information safety devices of higher-end is programmable, promptly can be implemented in and move the code that pre-deposits wherein in the information safety devices.Information security operation comprises: data interaction, as the data that write are encrypted in information safety devices or the data that read are decrypted in information safety devices; Authentication information is handled, as storage/authentication password information, storage/certifying signature, storage/authentication certificate, rights management; Preset code and carry out data operation, as preset and to be read out information safety devices and portion operation within it and to carry out the user software part segment of data operation, preset software protection application interface function (information safety devices and software developer use between interface level function) or the like.
Usually can realize the information security function by built-in Safety Design chip in the information safety devices.The Safety Design chip is except the various characteristics with general-purpose built-in type microcontroller, when chip design, can aspect security performance, structurally do some special processings, for example, adopt specific security kernel, this security kernel can be supported a plurality of states that have different rights definition, is used to realize the management to the hardware resource access rights; Perhaps support the randomization of instruction time; Perhaps adopt the interrupt system that can realize the supporting chip state exchange, thereby realize control, to support the realizations of using more the level of security of different levels; Perhaps have MMU (Memory Management Unit, Memory Management Unit), be used to realize the isolation and the map addresses of logical address, physical address, support the design of many application, security to realize from architecture, organically form a hardware firewall with the different conditions of kernel support; Perhaps adopt energy back-up system database and the interface of user program and the interrupt system of transfer of right and switching; Perhaps adopt non-volatile memory medium or the like.
Safety Design chip in the information safety devices generally all requires to meet relevant standard and by the authentication of being correlated with etc. guaranteeing its security performance, as TCG TPM v1.2 standard, ISO15408 international standard and Chinese Password Management council standard or the like.There are a lot of money Safety Design chips available at present on the market, the ST19WP18 microcontroller of STMicw Electronics wherein, ensured the authentication of level EAL5+ (enhanced edition) by " public standard " assessment, this is the ISO15408 international standard about one of the highest standard of this series products.
The interface of existing information safety devices has multiple standards, for example, SCSI (Small Computer System Interface, the minihose system interface) standard, CCID (USB Chip/Smart Card Interface Devices-USB chip intelligent card equipment) standard and HID (Human Interface Device, human interface device) standard.When computing machine carries out communication at the information safety devices with distinct interface, be descriptor by the equipment type of coming identification equipment.Descriptor is the format piece of data result or information, and it can make computing machine know this equipment, and each descriptor has comprised the information about the Global Information of this equipment or an element.Different interfacing equipments has different descriptors.For example, the descriptor that meets the equipment of scsi interface standard, the equipment that meets the CCID interface standard and the equipment that meets the HID interface standard is all different, and computing machine can identify corresponding apparatus by descriptor when being connected with these equipment.
SCSI is a kind of interface standard that main frame connects external equipment, and the faster data transmission rate can be provided.SCSI has reserved explosion command for making things convenient for the developer to use, for finishing the SCSI communication of information safety devices, the developer is designed to the order of information safety devices with the SCSI explosion command, and the user only need use the SCSI extended instruction, just can finish the function of information safety devices.But in the operating system more than Windows 2000 reaches, domestic consumer does not have authority to use the SCSI extended instruction, has only the power user just to have authority to use.Authority be Windows for the purpose of safety, limited subscriber is to the right to access of system resource.Different user capture computing machines have different authorities.The user of Windows is divided into many groups, and common user's group has following several: Administrator (group of administrators), System, Power User (advanced level user's group), Power User, User (domestic consumer's group) and Guest (guest's group).Usually claim that Administrator, System and PowerUser are the power user, User and Guest are non-power user.Power user's authority is than non-power user's authority height.The use of scsi device extended instruction is subjected to the restriction of user right, and this has brought a lot of inconvenience for the use of scsi device.
AutoPlay function (Autorun) is the function that USB-SCSI equipment is carried, it becomes easier to the operation that equipment such as CD, hard disk and mass memory carry out, owing to comprised the needs order of operation automatically in the Autorun program, as change contents such as drive icon, run program file and optional shortcut menu, so when equipment such as CD that has the Autorun program or mass memory are connected on the computing machine, the Autorun program can be loaded corresponding document, for example GIF, JPEG, html file and pdf document etc., thus realize AutoPlay function.The Autorun program can also show startup interface etc. in addition.
The CCID standard is that it provides a kind of read-write equipment for smart card and main frame or other embedded host to realize the possibility of mutual communication by the common standard of formulating of several big international IT enterprises.The CCID standard code CCID equipment be a kind of chip/intelligence card interface device, equipment is connected with main frame or other embedded host by USB interface, the data communication that meets the CCID standard, equipment carries out communication by interface and the smart card that meets 7816 standard agreements simultaneously.Microsoft is at its Windows
2000 and above operating system on provide and support CCID to drive, device fabrication manufacturer can be developed easily uses the equipment that meets the CCID interface standard.Simultaneously, the CCID interface standard is supported PC (Personal Computer-personal computer)/SC (Smart Card-smart card) interface interchange, make numerous developers develop operation to information safety devices easily, on numerous versions of other increase income operating system such as LINUX, also having many CCID that increase income to drive can use for developer and user.
The HID class is a kind of in first USB device type of supporting fully of Windows, at operation Windows 98 or more on the computing machine of highest version, application program can with the HID devices communicating that uses the built-in driving of operating system, for this reason, the USB device that meets the HID class just is provided with easily and is moved.But HID equipment must not have man-machine interface, and it just needs and can play a role in the restriction of HID class standard.The equipment within the restriction of any HID of being operated in class of we can say can be called HID equipment, these equipment both can send data to computing machine, also can receive the request of configuration device from computing machine, the main example of being responsible for receiving data is the control panel of remote display and remote equipment, and once in a while or periodically receive the equipment of any kind of order from main frame.HID equipment can be one of a plurality of USB interface of equipment support, both can be that low-speed device also can be a full speed equipment.Microsoft provides on its Windows98 and above operating system and supports HID to drive, and device fabrication manufacturer can be developed easily use the equipment that meets the HID interface standard.
HID equipment and CCID equipment have many good qualities, and for example, can not be subjected to the restriction of user right, and in Windows98 and above operating system, domestic consumer and administrator can realize HID equipment and CCID equipment conducts interviews and corresponding operation; And the equipment user does not need install driver just can use whenever and wherever possible, do not need to manage the constantly driver of upgrading of version, do not need to consider the compatibling problem of different product driver, demand side does not need to worry the pollution of the installation unloading of driver to system's generation to the operating system application risk that driver causes.Generally, when host computer system is supported the smart card login, the CCID agreement can be selected for use, when host computer system is not supported the smart card login, the HID agreement can be selected for use.Because above-mentioned advantage, make HID equipment and CCID equipment application more and more widely, but a new problem has also been proposed simultaneously, be that HID equipment and CCID equipment can not resemble the function that has automatic operation the scsi device, promptly can not realize automatic installation the equipment related application.
Having a kind of prior art at present is at inner USB flash disk partial circuit and hub (HUB) partial circuit of increasing of HID category information safety equipment/CCID category information safety equipment, thereby realizes AutoPlay function.Though this prior art can realize HID category information safety equipment/CCID category information safety equipment and have the function of automatic operation, but owing to increased USB flash disk partial circuit and hub partial circuit, cost of development is increased, and the reliability of information safety devices also decreases.
Summary of the invention
For problem such as solve that the interface standard of information safety devices is single in the prior art, cost is high and reliability is low, the information safety devices that the invention provides a kind of many interfaces and can install automatically, described information safety devices comprises: at least two USB joints;
Usb interface module is connected with each USB joint in the described USB joint respectively, is used for connecting described information safety devices and main frame by described USB joint, resolves and also handles the USB communications protocol;
Judge module is connected with each USB joint in the described USB joint respectively, is used for judging described information safety devices and the main frame employed USB joint that connects from described USB joint;
Control module, link to each other with judge module with described usb interface module respectively, be used for result according to described judge module judgement, the corresponding relation of applied interface protocol when connecting by this USB joint and main frame with default USB joint and described information safety devices, control and the mode of operation of managing described information safety devices, data are handled and controlled, the described default USB joint and the corresponding relation of application interface agreement are, a corresponding scsi interface agreement is arranged in all USB joints of described information safety devices, the not limited interface protocol of other equal correspondences, described not limited interface protocol is meant that described information safety devices when interface that should agreement and main frame are communicated, is not subjected to the restriction of user right;
The SCSI protocol process module links to each other with described control module, be used for after described information safety devices receives the device type request that main frame sends, to the main frame statement from as the scsi device type, and dissection process scsi interface protocol instructions;
Not limited protocol process module, link to each other with described control module, be used for after described information safety devices receives the device type request that main frame sends, to the main frame statement from as not limited interface protocol device type, and the not limited interface protocol instruction of dissection process;
Automatically the operation module links to each other with described SCSI protocol process module, be used for when described information safety devices by corresponding scsi interface agreement the USB joint and after main frame connects, start automatically and move the Autorun program;
The information security module links to each other with described not limited protocol process module, is used to carry out information security operation.
Described not limited interface protocol is specially the HID interface protocol; Correspondingly, described not limited protocol process module comprises:
The HID protocol processing unit is used for after described information safety devices receives the device type request that main frame sends, to the main frame statement from as HID interfacing equipment type, and dissection process HID interface protocol instruction; Described HID protocol processing unit links to each other with the information security module with described control module respectively.
Described not limited interface protocol is specially the CCID interface protocol; Correspondingly, described not limited protocol process module comprises:
The CCID protocol processing unit is used for after described information safety devices receives the device type request that main frame sends, to the main frame statement from as CCID interfacing equipment type, and dissection process CCID interface protocol instruction; Described CCID protocol processing unit links to each other with the information security module with described control module respectively.
Described judge module comprises the decision circuitry of being made up of at least one resistance and at least one diode.
Described judge module is by the level information of the tie point of the I/O pin of described decision circuitry and described control module, comes to judge from described USB joint described information safety devices and the main frame employed USB joint that connects.
Described automatic operation module comprises:
Detecting unit is used for utilizing the Autorun program to detect whether the application program relevant with described information safety devices being installed in the described main frame after described information safety devices is used scsi interface agreement and main frame and set up communication;
Installation unit is used for utilizing described Autorun program that the application program relevant with described information safety devices is installed in described main frame when described detecting unit does not detect described main frame the application program relevant with described information safety devices is installed.
Described automatic operation module also comprises:
The user right judging unit is used to utilize described Autorun program to judge the user right of current host computer system.
The application program relevant with described information safety devices comprises watchdog routine, and described automatic operation module also comprises:
The user right judging unit is used to utilize described Autorun program or watchdog routine to judge the user right of current host computer system.
Described information security module links to each other with the SCSI protocol process module; When described information safety devices is used scsi interface agreement and main frame and is set up communication, described information security module also is used for when the user right of the current host computer system of described user right judgment unit judges is superuser right, carries out information security operation by the scsi interface protocol instructions.
The Autorun program of described automatic operation module operation is write in advance by the manufacturer of described information safety devices, and is stored in the described information safety devices.
The application program relevant with described information safety devices write in advance by the manufacturer of described information safety devices, and is stored in the described information safety devices.
Described usb interface module is discrete USB interface chip.
Described information security module and usb interface module, control module, SCSI protocol process module, not limited protocol process module and a module or a plurality of module moved automatically in the module are integrated on the chip.
Described chip is the Safety Design chip, and described Safety Design chip comprises intelligent card chip.
Described information security module is the Safety Design chip, and described Safety Design chip comprises intelligent card chip.
The present invention also provides a kind of many interfaces and installed security equipment control methods automatically, and described method comprises:
Information safety devices has a plurality of USB joints, and connects by one of them USB joint and main frame;
Described information safety devices is judged from described a plurality of USB joints and is set up the USB joint that described connection is used, and according to the USB joint default in the described information safety devices and the corresponding relation of application interface agreement, determine the interface protocol of described USB joint correspondence, use described interface protocol and main frame then and carry out communication, and state the device type of self to main frame; If described interface protocol is the scsi interface agreement, then described information safety devices starts and operation Autorun program automatically; If described interface protocol is not limited interface protocol, then described information safety devices and main frame are undertaken mutual by not limited interface protocol instruction, carry out information security operation; Described not limited interface protocol is meant that described information safety devices when interface that should agreement and main frame are communicated, is not subjected to the restriction of user right.
Described method comprises:
When described not limited interface protocol was the HID interface protocol, described information safety devices and main frame were undertaken mutual by the instruction of HID interface protocol, carry out information security operation;
When described not limited interface protocol was the CCID interface protocol, described information safety devices and main frame were undertaken mutual by the instruction of CCID interface protocol, carry out information security operation.
Described information safety devices starts automatically and the step of operation Autorun program specifically comprises:
Described information safety devices starts and operation Autorun program automatically, described Autorun program detects whether the application program relevant with described information safety devices is installed in the described main frame, if do not install, then described Autorun program is installed the application program relevant with described information safety devices in described main frame.
Described method also comprises:
When described information safety devices is used scsi interface agreement and main frame and is set up communication, described Autorun program is judged the user right of current host computer system, if described user right is the power user, then described information safety devices is after having moved described Autorun program, undertaken alternately by scsi interface protocol instructions and described main frame, carry out information security operation.
The application program relevant with described information safety devices comprises watchdog routine, and correspondingly, described method also comprises:
When described information safety devices is used scsi interface agreement and main frame and is set up communication, described Autorun program or watchdog routine are judged the user right of current host computer system, if described user right is the power user, then described information safety devices is after having moved described Autorun program, undertaken alternately by scsi interface protocol instructions and described main frame, carry out information security operation.
Described Autorun program is write in advance by the manufacturer of described information safety devices, and is stored in the described information safety devices.
The application program relevant with described information safety devices write in advance by the manufacturer of described information safety devices, and is stored in the described information safety devices.
Beneficial effect of the present invention mainly shows: the information safety devices among the present invention can be realized the function of many interfaces and the function that can install automatically; The user can not be subjected to the restriction of user right when using information safety devices; Information safety devices and control method thereof can be used under Windows98, Windows2000, Windows xp, Windows2003 and above operating system, and power user and non-power user all can use.
Description of drawings
Fig. 1 is the structural drawing of embodiment of the invention interface more than one and the information safety devices that can install automatically;
Fig. 2 is a kind of circuit diagram of embodiment of the invention interface more than one and the information safety devices that can install automatically;
Fig. 3 is the another kind of circuit diagram of embodiment of the invention interface more than one and the information safety devices that can install automatically;
Fig. 4 is embodiment of the invention interface more than two and installed security equipment control methods process flow diagram automatically.
Embodiment
The invention will be further described below in conjunction with the drawings and specific embodiments, but the present invention is not limited to the following examples.
Main frame in the embodiment of the invention can be desktop computer, notebook computer, server or special machine.Many interfaces in the embodiment of the invention and the information safety devices that can install automatically have two USB joints at least, and it can also be connected with other external unit, and for example, card reader, communication apparatus, digital camera, main frame are outward if other specialized equipment or the like.
Embodiment one
In the present embodiment, information safety devices has two USB joints, and referring to Fig. 1, the information safety devices that the embodiment of the invention provides a kind of many interfaces and can install automatically specifically comprises:
(1) USB joint A101 is used for connecting with main frame;
(2) USB joint B102 is used for connecting with main frame;
(3) usb interface module 103, be used for by USB joint A101 and or USB joint B102 and main frame connect, resolve also processing USB communications protocol; It links to each other with USB joint B102 with USB joint A101 respectively;
(4) judge module 104, are used to judge that information safety devices and main frame connect is USB joint A101, or USB joint B102; It links to each other with USB joint B102 with USB joint A101 respectively;
(5) control module 105, be used for result according to judge module 104 judgements, the corresponding relation of applied interface protocol when connecting by this USB joint and main frame with default USB joint and information safety devices, the mode of operation of control and management information safety equipment, data are handled and controlled, and carry out communication by usb interface module 103 and main frame; It links to each other with judge module 104 with usb interface module 103 respectively;
USB joint default in the present embodiment is as follows with the corresponding relation of application interface protocol type: when information safety devices was connected with main frame by USB joint A101, the USB interface of information safety devices was used the scsi interface agreement and main frame carries out communication; When information safety devices was connected with main frame by USB joint B102, the USB interface of information safety devices was used not limited interface protocol-HID interface protocol and main frame carries out communication; When information safety devices has the above USB joint of three and three, wherein have only a corresponding scsi interface agreement, remaining is the not limited interface protocol of correspondence all;
(6) the SCSI protocol process module 106, be used for after information safety devices receives the device type request that main frame sends, to the main frame statement from as the scsi device type, and dissection process scsi interface protocol instructions; It links to each other with control module 105, be built-in with the scsi interface device descriptor, stating from as the scsi device type time, by control module 105, usb interface module 103 and USB joint A101 to main frame, this descriptor is transferred to main frame, and carries out communication with main frame;
(7) the HID protocol process module 107, be used for after information safety devices receives the device type request that main frame sends, to the main frame statement from as the HID device type, and dissection process HID interface protocol instruction; It links to each other with control module 105, be built-in with HID interfacing equipment descriptor, stating from as the HID device type time, by control module 105, usb interface module 103 and USB joint B102 to main frame, this descriptor is transferred to main frame, and carries out communication with main frame;
(8) move module 108 automatically, be used for after information safety devices connects by USB joint A101 and main frame, start automatically and move the Autorun program; It links to each other with SCSI protocol process module 106;
(9) the information security module 109, are used to carry out information security operation; It links to each other with HID protocol process module 107.Automatically operation module 108 specifically comprises:
1) detecting unit is used for after information safety devices connects by USB joint A101 and main frame, utilizes the Autorun program to detect in the main frame whether the application program relevant with information safety devices is installed;
2) installation unit is used for utilizing the Autorun program that the application program relevant with information safety devices is installed in main frame when detecting unit does not detect main frame the information safety devices related application is installed.
Above-mentioned automatic operation module 108 also comprises:
The user right judging unit is used to utilize the Autorun program to judge the user right of current host computer system.
The application program relevant with information safety devices can also comprise watchdog routine, correspondingly, moves module 108 automatically and also comprises:
The user right judging unit is used to utilize Autorun program or watchdog routine to judge the user right of current host computer system.
Further, information security module 109 can also link to each other with SCSI protocol process module 106, when information safety devices connects by USB joint A101 and main frame, information security module 109 also is used for when the user right of the current host computer system of user right judgment unit judges is superuser right, mutual by scsi interface protocol instructions and main frame, carry out information security operation.
The Autorun program can be write in advance by the information safety devices manufacturer, and is stored in the information safety devices.
The application program relevant with information safety devices can be write in advance by the information safety devices manufacturer, and is stored in the information safety devices.
Described chip can be the Safety Design chip, and this Safety Design chip comprises intelligent card chip.
Usb interface module can be the USB interface chip, and this USB interface chip and said chip are two discrete chips.
For example, information security module 109, SCSI protocol process module 106 and HID protocol process module 107 can be integrated on the Safety Design chip (comprising intelligent card chip); The Autorun procedure stores on a storage chip, is realized the function of operation module automatically; On a usb protocol chip, utilize a general single chip to realize the function of control module 105 again usb interface module 103 designs.
For example, usb interface module 103, control module 105, SCSI protocol process module 106, HID protocol process module 107 and information security module 109 are integrated on the Safety Design chip (comprising intelligent card chip), utilize storage chip to realize the function of operation module automatically.
The storage medium of above-mentioned storage chip can be RAM (Random Access Memory, random access memory), ROM (Read-Only Memory, ROM (read-only memory)), EPROM (Erasable Programmable Read-Only Memory, EPROM (Erasable Programmable Read Only Memory)), EEPROM (Electrically-Erasable Programmable Read-Only Memory, EEPROM (Electrically Erasable Programmable Read Only Memo)) one or more and among the FLASH (FLASH memory, flash memories).
Referring to Fig. 2, judge module 104 comprises by a resistance and the decision circuitry that diode is formed.Information safety devices comprises housing parts and is loaded on its interior circuit board that the core component on the circuit board is the decision circuitry that has the intelligent card chip of USB interface and have a resistance and a diode; The main control chip Z32H256SU (201) of emerging company, pull down resistor R (202), USB joint (203A), USB joint (203B) and diode D (204) in being equipped with on the circuit board.The power pin Vcc of USB joint (203A) connects the positive pole of diode D (204), and is connected with the I/O pin of main control chip (201), and tie point is a; The I/O pin of main control chip (201) also connects the pull down resistor R (202) of a ground connection; The power pin Vcc of USB joint (203B) connects the negative pole of diode D (204), and is connected with the power pin Vcc of main control chip (201); The D+ pin of USB joint (203A) and USB joint (203B) (usb data string anode), D-pin (usb data string negative terminal), Vcc pin and earth terminal are connected with earth terminal with D+ pin, D-pin, the Vcc pin of main control chip (201) respectively.Wherein D+ pin and D-pin are two signal wires of USB, be responsible for usb bus on devices exchange data.Main control chip (201) utilizes the I/O pin to be connected with decision circuitry, and in order to incoming level information, thereby realization is to the identification of the USB joint of connection main frame.
The judgement principle of above-mentioned decision circuitry is as follows: after USB joint (203A) and main frame connect, power connection, diode D (204) conducting, the loop that power pin Vcc, the pull down resistor R of USB joint this moment (203A) and GND form is connected, and I/O can receive the information that a level point is a high level; After USB joint (203B) and main frame connect, power connection, diode D (204) ends, and can't form the loop of conducting this moment, and it is low level information that I/O can receive a level point; Therefore information safety devices can receive high level or low level information according to I/O, judge it is that USB joint (203A) links to each other with main frame, or USB joint (203B) links to each other with main frame.
Referring to Fig. 3, judge module 104 comprises by two resistance and two decision circuitry that diode is formed.Information safety devices comprises housing parts and is loaded on its interior circuit board that the core component on the circuit board is the decision circuitry that has the intelligent card chip of USB interface and have two resistance and two diodes; The main control chip Z32H256SU (301) of emerging company, pull down resistor R1 (302A), pull down resistor R2 (302B), diode D1 (304A), diode D2 (304B), USB joint (303A), USB joint (303B) and USB joint (303C) in being equipped with on the circuit board.The power pin Vcc of USB joint (303A) connects the positive pole of diode D1 (304A), and is connected with the I/O1 pin of main control chip (301), and its tie point is a; The I/O1 pin of main control chip (301) also connects the pull down resistor R1 (302A) of a ground connection; The power pin Vcc of USB joint (303B) connects the negative pole of diode D1 (304A), and is connected with the power pin Vcc of main control chip (301); The power pin Vcc of USB joint (303C) connects the positive pole of diode D2 (304B), and is connected with the I/O2 pin of main control chip (301), and its tie point is b; The I/O2 pin of main control chip (301) also connects the pull down resistor R2 (302B) of a ground connection; The negative pole of diode D2 (304B) is connected with the power pin Vcc of main control chip (301); D+ pin, D-pin, Vcc pin and the earth terminal of USB joint (303A), USB joint (303B) and USB joint (303C) are connected with earth terminal with D+ pin, D-pin, the Vcc pin of main control chip (301) respectively.Wherein D+ pin and D-pin are two signal wires of USB, be responsible for usb bus on devices exchange data.Main control chip (301) utilizes the I/O pin to be connected with decision circuitry, and in order to incoming level information, thereby realization is to the identification of the USB joint of connection main frame.
The judgement principle of above-mentioned decision circuitry is as follows: after USB joint (303A) and main frame connect, power connection, diode D1 (304A) conducting, the loop that power pin Vcc, the pull down resistor R1 of USB joint this moment (303A) and GND1 form is connected, and I/O1 can receive the information that a level point is a high level; After USB joint (303B) and main frame connect, power connection, diode D1 (304A) ends, and can't form the loop of conducting this moment, and it is low level information that I/O1 can receive a level point; After USB joint (303C) and main frame connect, power connection, diode D2 (304B) conducting, the loop that power pin Vcc, the pull down resistor R2 of USB joint this moment (303C) and GND2 form is connected, I/O2 can receive the information that the b level point is a high level, therefore, information safety devices can receive high level or low level information according to I/O1 and I/O2, judges it is which USB joint in USB joint (303A), USB joint (303B) and the USB joint (303C) links to each other with main frame.
HID protocol process module 107 in the present embodiment can be by replacing with lower module:
The CCID protocol process module is used for after information safety devices receives the device type request that main frame sends, to the main frame statement from as the CCID device type, and dissection process CCID interface protocol instruction; It links to each other with control module 105, be built-in with CCID interfacing equipment descriptor, stating from as the CCID device type time, by control module 105, usb interface module 103 and USB joint B102 to main frame, this descriptor is transferred to main frame, and carries out communication with main frame;
Correspondingly, when the presupposed information safety equipment were connected with main frame by USB joint B102 in control module 105, the USB interface of information safety devices was used not limited interface protocol-CCID interface protocol.
Embodiment two
In the present embodiment, information safety devices has three USB joints, USB joint A, USB joint B and USB joint C, and the corresponding relation of default above-mentioned USB joint and application interface agreement is as follows in the chip of information safety devices: when information safety devices and main frame connect by USB joint A, the USB interface of information safety devices is used the scsi interface agreement and main frame carries out communication, when information safety devices and main frame connect by USB joint B, the USB interface of information safety devices is used the HID interface protocol and main frame carries out communication, when information safety devices and main frame connected by USB joint C, the USB interface of information safety devices was used the CCID interface protocol and main frame carries out communication.
Referring to Fig. 4, the embodiment of the invention also provides a kind of many interfaces and installed security equipment control methods automatically, specifically may further comprise the steps:
Step 401: information safety devices is connected by USB joint and main frame;
Step 402: information safety devices judges which in three USB joints the USB joint that connects with main frame be, if USB joint A, then execution in step 403; If USB joint B, then execution in step 409; If USB joint C, then execution in step 411;
Step 403: information safety devices is according to the default USB joint and the corresponding relation of application interface agreement, the interface protocol of determining current USB joint A correspondence is the scsi interface agreement, use scsi interface agreement and main frame then and carry out communication, information safety devices is the scsi device descriptor to main frame reporting facility descriptor, and statement is certainly as the scsi device type;
Step 404: information safety devices starts the Autorun program automatically; This Autorun program is write in advance by the information safety devices manufacturer, and is stored in the information safety devices;
Step 405:Autorun program detects the related application whether information safety devices has been installed in the main frame, if do not install, then execution in step 406, otherwise execution in step 407;
The application program that information safety devices is relevant can also comprise watchdog routine, and this application program is write in advance by the information safety devices manufacturer, and is stored in the information safety devices in advance; If the relevant application program of information safety devices has been installed in the main frame, then when main frame was opened, watchdog routine can start automatically.
Step 406:Autorun program is installed the application program relevant with information safety devices in main frame; After application program installed, watchdog routine can start automatically.
Step 407:Autorun program or watchdog routine are judged the user right of current host computer system, if current host computer system is operated under the superuser right, then execution in step 408; If current host computer system is operated under the non-superuser right, then finish;
The user right of judging current host computer system can be undertaken by calling the function that host computer system carries, and for example, can directly call following system function and realize:
#include<Windows.h>
CheckTokenMembership(NULL,AdministratorsGroup,&b);
Also can call following system function realizes:
#include<Windows.h>
GetUserName(lpszSystemInfo,&cchBuff);
Step 408: carry out information security operation by the scsi interface protocol instructions between information safety devices and the main frame, finish then;
Step 409: information safety devices is according to the default USB joint and the corresponding relation of application interface agreement, the interface protocol of determining current USB joint B correspondence is the HID interface protocol, carry out communication by HID interface protocol and main frame then, information safety devices is the HID device descriptor to main frame reporting facility descriptor, and statement is certainly as the HID device type;
Step 410: carry out information security operation by the instruction of HID interface protocol between information safety devices and the main frame, finish then.
Step 411: information safety devices is according to the default USB joint and the corresponding relation of application interface agreement, the interface protocol of determining current USB joint C correspondence is the CCID interface protocol, carry out communication by CCID interface protocol and main frame then, information safety devices is the CCID device descriptor to main frame reporting facility descriptor, and statement is certainly as the CCID device type;
Step 412: carry out information security operation by the instruction of CCID interface protocol between information safety devices and the main frame, finish then.
Above-described embodiment is a more preferably embodiment of the present invention, and common variation that those skilled in the art carries out in the technical solution of the present invention scope and replacement all should be included in protection scope of the present invention.
Claims (22)
1. interface more than a kind and the information safety devices that can install automatically is characterized in that described information safety devices comprises: at least two USB joints;
Usb interface module is connected with each USB joint in the described USB joint respectively, is used for connecting described information safety devices and main frame by described USB joint, resolves and also handles the USB communications protocol;
Judge module is connected with each USB joint in the described USB joint respectively, is used for judging described information safety devices and the main frame employed USB joint that connects from described USB joint;
Control module, link to each other with judge module with described usb interface module respectively, be used for result according to described judge module judgement, the corresponding relation of applied interface protocol when connecting by this USB joint and main frame with default USB joint and described information safety devices, control and the mode of operation of managing described information safety devices, data are handled and controlled, the described default USB joint and the corresponding relation of application interface agreement are, a corresponding minihose system interface scsi interface agreement is arranged in all USB joints of described information safety devices, the not limited interface protocol of other equal correspondences, described not limited interface protocol is meant that described information safety devices when interface that should agreement and main frame are communicated, is not subjected to the restriction of user right;
The SCSI protocol process module links to each other with described control module, be used for after described information safety devices receives the device type request that main frame sends, to the main frame statement from as the scsi device type, and dissection process scsi interface protocol instructions;
Not limited protocol process module, link to each other with described control module, be used for after described information safety devices receives the device type request that main frame sends, to the main frame statement from as not limited interface protocol device type, and the not limited interface protocol instruction of dissection process;
Automatically the operation module links to each other with described SCSI protocol process module, be used for when described information safety devices by corresponding scsi interface agreement the USB joint and after main frame connects, start automatically and move the Autorun program;
The information security module links to each other with described not limited protocol process module, is used to carry out information security operation.
2. many interfaces according to claim 1 and the information safety devices that can install automatically is characterized in that described not limited interface protocol is specially human interface device HID interface protocol; Correspondingly, described not limited protocol process module comprises:
The HID protocol processing unit is used for after described information safety devices receives the device type request that main frame sends, to the main frame statement from as HID interfacing equipment type, and dissection process HID interface protocol instruction; Described HID protocol processing unit links to each other with the information security module with described control module respectively.
3. many interfaces according to claim 1 and the information safety devices that can install automatically is characterized in that described not limited interface protocol is specially chip intelligent card equipment CCID interface protocol; Correspondingly, described not limited protocol process module comprises:
The CCID protocol processing unit is used for after described information safety devices receives the device type request that main frame sends, to the main frame statement from as CCID interfacing equipment type, and dissection process CCID interface protocol instruction; Described CCID protocol processing unit links to each other with the information security module with described control module respectively.
4. many interfaces according to claim 1 and the information safety devices that can install automatically is characterized in that, described judge module comprises the decision circuitry of being made up of at least one resistance and at least one diode.
5. many interfaces according to claim 4 and the information safety devices that can install automatically, it is characterized in that, described judge module is by the level information of the tie point of the I/O pin of described decision circuitry and described control module, comes to judge from described USB joint described information safety devices and the main frame employed USB joint that connects.
6. many interfaces according to claim 1 and the information safety devices that can install automatically is characterized in that described automatic operation module comprises:
Detecting unit is used for utilizing the Autorun program to detect whether the application program relevant with described information safety devices being installed in the described main frame after described information safety devices is used scsi interface agreement and main frame and set up communication;
Installation unit is used for utilizing described Autorun program that the application program relevant with described information safety devices is installed in described main frame when described detecting unit does not detect described main frame the application program relevant with described information safety devices is installed.
7. many interfaces according to claim 6 and the information safety devices that can install automatically is characterized in that described automatic operation module also comprises:
The user right judging unit is used to utilize described Autorun program to judge the user right of current host computer system.
8. many interfaces according to claim 6 and the information safety devices that can install automatically is characterized in that the application program relevant with described information safety devices comprises watchdog routine,
Described automatic operation module also comprises:
The user right judging unit is used to utilize described Autorun program or watchdog routine to judge the user right of current host computer system.
9. according to claim 7 or 8 described many interfaces and the information safety devices that can install automatically, it is characterized in that described information security module links to each other with the SCSI protocol process module; When described information safety devices is used scsi interface agreement and main frame and is set up communication, described information security module also is used for when the user right of the current host computer system of described user right judgment unit judges is superuser right, carries out information security operation by the scsi interface protocol instructions.
10. many interfaces according to claim 1 and the information safety devices that can install automatically, it is characterized in that, the Autorun program of described automatic operation module operation is write in advance by the manufacturer of described information safety devices, and is stored in the described information safety devices.
11. according to claim 6 or 8 described many interfaces and the information safety devices that can install automatically, it is characterized in that, the application program relevant with described information safety devices write in advance by the manufacturer of described information safety devices, and is stored in the described information safety devices.
12. many interfaces according to claim 1 and the information safety devices that can install automatically is characterized in that described usb interface module is discrete USB interface chip.
13. many interfaces according to claim 1 and the information safety devices that can install automatically, it is characterized in that described information security module and usb interface module, control module, SCSI protocol process module, not limited protocol process module and a module or a plurality of module moved automatically in the module are integrated on the chip.
14. many interfaces according to claim 13 and the information safety devices that can install automatically is characterized in that described chip is the Safety Design chip, described Safety Design chip comprises intelligent card chip.
15. many interfaces according to claim 1 and the information safety devices that can install automatically is characterized in that described information security module is the Safety Design chip, described Safety Design chip comprises intelligent card chip.
16. interface more than a kind and installed security equipment control methods automatically is characterized in that described method comprises:
Information safety devices has a plurality of USB joints, and connects by one of them USB joint and main frame;
Described information safety devices is judged from described a plurality of USB joints and is set up the USB joint that described connection is used, and according to the USB joint default in the described information safety devices and the corresponding relation of application interface agreement, determine the interface protocol of described USB joint correspondence, use described interface protocol and main frame then and carry out communication, and state the device type of self to main frame; If described interface protocol is the scsi interface agreement, then described information safety devices starts and operation Autorun program automatically; If described interface protocol is not limited interface protocol, then described information safety devices and main frame are undertaken mutual by not limited interface protocol instruction, carry out information security operation; Described not limited interface protocol is meant that described information safety devices when interface that should agreement and main frame are communicated, is not subjected to the restriction of user right.
17. many interfaces according to claim 16 and installed security equipment control methods automatically is characterized in that described method comprises:
When described not limited interface protocol was the HID interface protocol, described information safety devices and main frame were undertaken mutual by the instruction of HID interface protocol, carry out information security operation;
When described not limited interface protocol was the CCID interface protocol, described information safety devices and main frame were undertaken mutual by the instruction of CCID interface protocol, carry out information security operation.
18. many interfaces according to claim 16 and installed security equipment control methods automatically is characterized in that, described information safety devices starts automatically and the step of moving the Autorun program specifically comprises:
Described information safety devices starts and operation Autorun program automatically, described Autorun program detects whether the application program relevant with described information safety devices is installed in the described main frame, if do not install, then described Autorun program is installed the application program relevant with described information safety devices in described main frame.
19. many interfaces according to claim 16 and installed security equipment control methods automatically is characterized in that described method also comprises:
When described information safety devices is used scsi interface agreement and main frame and is set up communication, described Autorun program is judged the user right of current host computer system, if described user right is the power user, then described information safety devices is after having moved described Autorun program, undertaken alternately by scsi interface protocol instructions and described main frame, carry out information security operation.
20. many interfaces according to claim 18 and installed security equipment control methods automatically is characterized in that the application program relevant with described information safety devices comprises watchdog routine, correspondingly, described method also comprises:
When described information safety devices is used scsi interface agreement and main frame and is set up communication, described Autorun program or watchdog routine are judged the user right of current host computer system, if described user right is the power user, then described information safety devices is after having moved described Autorun program, undertaken alternately by scsi interface protocol instructions and described main frame, carry out information security operation.
21. many interfaces according to claim 16 and installed security equipment control methods automatically is characterized in that described Autorun program is write in advance by the manufacturer of described information safety devices, and is stored in the described information safety devices.
22. according to claim 18 or 20 described many interfaces and installed security equipment control methods automatically, it is characterized in that, the application program relevant with described information safety devices write in advance by the manufacturer of described information safety devices, and is stored in the described information safety devices.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2007100640135A CN100452003C (en) | 2007-02-16 | 2007-02-16 | Information safety apparatus having multiple interface and capable of being automatically installed and controlling method therefor |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2007100640135A CN100452003C (en) | 2007-02-16 | 2007-02-16 | Information safety apparatus having multiple interface and capable of being automatically installed and controlling method therefor |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101017464A CN101017464A (en) | 2007-08-15 |
| CN100452003C true CN100452003C (en) | 2009-01-14 |
Family
ID=38726486
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2007100640135A Expired - Fee Related CN100452003C (en) | 2007-02-16 | 2007-02-16 | Information safety apparatus having multiple interface and capable of being automatically installed and controlling method therefor |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100452003C (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7555588B2 (en) * | 2007-08-17 | 2009-06-30 | I/O Interconnect Inc | Computers having USB buses, methods of operation thereof and programs and information for use therewith |
| CN101567052B (en) * | 2008-04-21 | 2011-04-06 | 北京同方微电子有限公司 | System and method for issuing intelligent card with USB interface |
| US9330282B2 (en) | 2009-06-10 | 2016-05-03 | Microsoft Technology Licensing, Llc | Instruction cards for storage devices |
| US8321956B2 (en) * | 2009-06-17 | 2012-11-27 | Microsoft Corporation | Remote access control of storage devices |
| CN102736992B (en) * | 2011-04-15 | 2015-01-21 | 深圳市文鼎创数据科技有限公司 | Method and device for self-adaption driving of intelligent secret key equipment and intelligent secret key equipment |
| CN103838784A (en) * | 2012-11-23 | 2014-06-04 | 杭州星纬物联技术有限公司 | Data manager management method based on USB drive |
| CN103281323A (en) * | 2013-05-31 | 2013-09-04 | 杨俊杰 | Intelligent household appliance communication chip integrated based on HomePlug protocol and WiFi protocol |
| CN104751061B (en) * | 2013-12-30 | 2018-04-27 | 中国银联股份有限公司 | Equipment and device for safety information interaction |
| WO2017206161A1 (en) * | 2016-06-03 | 2017-12-07 | 达闼科技(北京)有限公司 | Interface detection method and apparatus |
| CN111045750B (en) * | 2019-12-19 | 2023-07-07 | 飞天诚信科技股份有限公司 | Method for automatically matching application programs on multi-application device and electronic device |
| CN111198614A (en) * | 2020-02-27 | 2020-05-26 | 上海商米科技集团股份有限公司 | Method and apparatus for processing input content of human interface device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6763399B2 (en) * | 1998-11-10 | 2004-07-13 | Aladdin Knowledge Systems, Ltd. | USB key apparatus for interacting with a USB host via a USB port |
| US20050209842A1 (en) * | 2004-03-16 | 2005-09-22 | Digi International Inc. | Remote USB port system and method |
| US20060117170A1 (en) * | 2004-10-14 | 2006-06-01 | Wesley Cheng | Controller having auto-run function |
| CN1801122A (en) * | 2004-12-31 | 2006-07-12 | 联想(北京)有限公司 | Method for controlling automatic running program in USB memory and USB memory thereof |
| CN1838142A (en) * | 2006-04-29 | 2006-09-27 | 北京飞天诚信科技有限公司 | USB device with data memory and intelligent secret key and control method thereof |
-
2007
- 2007-02-16 CN CNB2007100640135A patent/CN100452003C/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6763399B2 (en) * | 1998-11-10 | 2004-07-13 | Aladdin Knowledge Systems, Ltd. | USB key apparatus for interacting with a USB host via a USB port |
| US20050209842A1 (en) * | 2004-03-16 | 2005-09-22 | Digi International Inc. | Remote USB port system and method |
| US20060117170A1 (en) * | 2004-10-14 | 2006-06-01 | Wesley Cheng | Controller having auto-run function |
| CN1801122A (en) * | 2004-12-31 | 2006-07-12 | 联想(北京)有限公司 | Method for controlling automatic running program in USB memory and USB memory thereof |
| CN1838142A (en) * | 2006-04-29 | 2006-09-27 | 北京飞天诚信科技有限公司 | USB device with data memory and intelligent secret key and control method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101017464A (en) | 2007-08-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100452003C (en) | Information safety apparatus having multiple interface and capable of being automatically installed and controlling method therefor | |
| CN100462949C (en) | An information security device capable of automatic installation and its control method | |
| US8255930B2 (en) | Method and system for dynamically switching between different device configurations | |
| US8122172B2 (en) | Portable information security device | |
| JP5323873B2 (en) | System, method, portable computing device, and computer-readable medium using configurable firewall | |
| US20150039897A1 (en) | Information processing apparatus, program, storage medium and information processing system | |
| CN101071463A (en) | Method and device for virtulizing personal office environment | |
| US20130305006A1 (en) | Method, system and apparatus for region access control | |
| CN101018131B (en) | Information security device with the function selection device and its control method | |
| WO2002091201A1 (en) | Data processing system and method for password protecting a booting order of boot devices | |
| JP2004511865A (en) | Dual mode smart card and related methods | |
| CN101587519B (en) | System and method for realizing multifunctional information security device | |
| US10037206B2 (en) | Methods and systems for state switching | |
| CN111666579B (en) | Computer device, access control method thereof and computer readable medium | |
| CN201078772Y (en) | Information safety equipment with multi interface for automatic installation | |
| CN102096782B (en) | Internet banking safety authentication method based on removable medium of virtual machine | |
| CN101150459B (en) | Method and system for improving security of information security device | |
| CA2702373C (en) | Method of passing instructions between a host station and a portable electronic device, and device for implementation | |
| CN106775941A (en) | A kind of virtual machine kernel completeness protection method and device | |
| CN114286345B (en) | NFC communication device and method in intelligent terminal | |
| KR20110023685A (en) | SD having an authentication function and a driving method thereof | |
| US11501002B2 (en) | Protocol security system | |
| US20140310776A1 (en) | Control Access Based on Network Status | |
| CN102541673A (en) | Security processing method and circuit for central processing unit (CPU) fetch instruction abnormity | |
| TWI754812B (en) | System for using a device identification to log in via telecommunication server and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: FEITIAN CHENGXIN TECHNOLOGIES CO., LTD. Free format text: FORMER NAME: BEIJING FEITIAN CHENGXIN SCIENCE + TECHNOLOGY CO. LTD. |
|
| CP03 | Change of name, title or address |
Address after: 100085 Beijing city Haidian District Xueqing Road No. 9 Ebizal building B block 17 layer Patentee after: Feitian Technologies Co.,Ltd. Address before: 100083, Haidian District, Xueyuan Road, No. 40 research, 7 floor, 5 floor, Beijing Patentee before: FEITIAN TECHNOLOGIES Co.,Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090114 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |