CN101488952A - Mobile storage apparatus, data secured transmission method and system - Google Patents
Mobile storage apparatus, data secured transmission method and system Download PDFInfo
- Publication number
- CN101488952A CN101488952A CNA2008102368031A CN200810236803A CN101488952A CN 101488952 A CN101488952 A CN 101488952A CN A2008102368031 A CNA2008102368031 A CN A2008102368031A CN 200810236803 A CN200810236803 A CN 200810236803A CN 101488952 A CN101488952 A CN 101488952A
- Authority
- CN
- China
- Prior art keywords
- flash memory
- memory device
- data
- host terminal
- intranet host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
This invention discloses a mobile storage device, a data safety transmission method and system. The device is internally equipped with an intelligent card chip, a data exchange area and a privacy area after the intelligent card technology change, wherein the data exchange area, the privacy area and a memory in an internal network host terminal are combined with matched software and hardware to realize the pure data safety transmission without protocol, based on which, the user authorization method is added, such that each data transmission operation in accordance with the user thought is realized, thereby effectively preventing the attacks of virus and Trojan. This invention guarantees the credibility of the user identity and the mutual credibility between the internal network host terminal and a mobile storage device via fingerprint authorization and bidirection authorization, realizing that the secret document only can be accessed in the safe environment via the authorized user. Finally, the mutual operation between the mobile storage device and the internal network terminal is recorded in a visit diary via an audit database and a fingerprint database of an authorization server, thereby realizing the traceability of the identity of the mobile storage device holder.
Description
Technical field
The invention belongs to information security field, be specifically related to a kind of flash memory device, and adopt the data ferry-boat to carry out the method and the system thereof of safe transmission to security information, the present invention has ensured the fail safe and the confidentiality of message transmission between storage device.
Technical background
In recent years, along with the quickening of China's informatization paces, " E-Government " arises at the historic moment, and develops at a speed unheard of before.E-Government is embodied in aspect of social life: industrial and commercial registration is declared, is declared dutiable goods on the net, declaration, fund project are declared or the like on the net.E-Government is closely related with country and personal interests, in China's electronic government affairs system is built, external network is connecting the numerous common people, internal network is connecting government civilian's desktop office system, private network is connecting the information system of governments at all levels, and exchange message is basic demand between outer net, Intranet, private network.How under the prerequisite that guarantees Intranet and private network resource security, realize that the network from the common people to the government is unimpeded, resource-sharing, convenient and swift be the technical problem that must solve during electronic government affairs system is built.The method of generally taking is to carry out the logic isolation of fire compartment wall between inner network and external network, carries out physical isolation between Intranet and private network.Physics isolation net gap becomes the equipment that the E-Government information system must dispose, and begins thus, and physics isolation net gap product and technology become a new growth point of China's information security industry development in China's rapid rising.
Physics isolation net gap is to use the solid-state switch read-write medium that has the various control function to connect the information safety devices of two unique host systems.Because between two unique host systems that physics isolation net gap connected, the physical connection, logic connection, message transmission order, the information transmission protocol that do not have communication, do not exist according to the packets of information of agreement and transmit, the no-protocol " ferry-boat " that has only data file, and solid storage medium had only " reading " and " writing " two orders.So physics isolation net gap has all possible connections of potential attack from physically having isolated, having blocked, and makes " hacker " can't invade, can't attack, can't destroy, and has realized real safety.
Because it is more and more to need to exchange shared data between physically-isolated safe Intranet, the information sharing structure becomes increasingly complex between net, and flash memory device is flexible because of using, easy to carry, and its information flow between net is popularized rapidly in using.Increasing sensitive information, private data and archives material are stored and transfer by unshielded flash memory device, especially the leakage of a state or party secret that information security is had an overwhelming majority in the department of specific (special) requirements in government, army etc. all with the abuse of flash memory device with manage improperly relevant.Flash memory device has become the important means of carrying out exchanges data under the condition that is perfectly safe that inside and outside network physical is isolated, but " anonymity " of itself brought huge challenge to equipment safety management, and authentication difficulty, information are easily revealed, often carried problems such as virus and perplexing user and computer system security personnel always.
According to TNC (Trusted Network Connect, the trustable network connection) basic principle, if every station terminal of access network, each user and the running status and the integrality thereof that operate in each software on the terminal have all been passed through authentication and authorization, the operation behavior that guarantees them all is up to specification, just can effectively control the generation of security incident from the source.Simultaneously, binding data ferry-boat technology, realize that two inter-trust domain carry out safe data communication under physically-isolated prerequisite, its principle is applied in the flash memory device, make to make up credible the connection between inter-trust domain terminal and the flash memory device, classified document is ferried to flash memory device from terminal.Two aspects of access of slave unit trustable network and equipment and terminal room secure data exchange ensure information safety respectively, are a kind of new thinking and feasible solution.
Summary of the invention
The object of the present invention is to provide a kind of flash memory device and data safe transmission method thereof, this method can be carried out data message the safe transmission of no-protocol between storage medium, effectively prevent the potential safety hazard brought by flash memory device, and had the low characteristics of cost; The present invention also provides the system that realizes this method.
Flash memory device provided by the invention, it is characterized in that: this device built-in intelligence the core of the card sheet, its storage area is divided into data exchange zone and private area, data exchange zone is as the private area transition region outside with it, with all accessing operations of interception at private area, private area is used to deposit data encrypted information, and the connection status of data exchange zone and its outside or data exchange zone and private area is switched by electronic switch.
Based on the data safe transmission method of above-mentioned flash memory device, its step comprises:
1. flash memory device inserts the intranet host terminal, and by this terminal recognition;
2. the intranet host terminal authenticates user identity by user fingerprints, and subsequently, intranet host terminal and flash memory device carry out two-way authentication; If above verification process all passes through, then change step over to 3., otherwise intranet host terminal refusal flash memory device inserts, and changes step over to 7.;
3. the user sends the message transmission request to intranet host terminal or flash memory device; The user will initiate data file information transmission request, so that data file is transmitted between intranet host terminal and flash memory device;
4. the intranet host terminal feeds back to the user with the summary info of this solicit operation, and this summary info comprises operation promoter, file source address, destination address and initiation time;
5. this operation of subscriber authorisation; Pass through if authorize, then enter step 6., otherwise prompting makes mistakes, change step over to 7.;
6. carry out the data ferry-boat; Realize the no-protocol message transmission between intranet host terminal and flash memory device;
7. stop.
Realize the system of above-mentioned data safe transmission method, comprise certificate server, and some intranet host terminals and flash memory device; Certificate server comprises fingerprint database and audit database, is used to provide the finger print information of authenticating user identification and the log information that system backup is used respectively; The intranet host terminal places in certain trust domain, keeps in communication with certificate server by terminal agency, obtains individual finger print information and the Visitor Logs of flash memory device is counted audit database from fingerprint database; The side that memory in the intranet host terminal is ferried in the tripartite entity as data participates in the data security transmission; Flash memory device is respectively by USB interface and intranet host terminal called, be used to finish authenticating user identification, and and the intranet host terminal between carry out two-way authentication, realization is carried out encrypted transmission to the data file information of travelling to and fro between between intranet host terminal and the flash memory device, and deposits the data encrypted file in private area.
The present invention has guaranteed the safety of data Intranet and the mobile device from three aspects, at first be the division of trust domain, formulates corresponding trust domain according to the level of security of each Intranet; Secondly, by the two-way authentication of carrying out between user, intranet host and mobile device tripartite authentication, particularly intranet host and mobile device, guaranteed that further private data has only the user of mandate just can read in the environment of safety; At last, the data ferry-boat by subscriber authorisation has realized that each ferry-boat operation all meets user intention, and private data is carried out safe transfer and preservation, has effectively prevented the attack of virus and wooden horse.
Description of drawings
Fig. 1 is the internal structure schematic diagram of the employed flash memory device of the inventive method;
Fig. 2 is the overview flow chart of information security transmission course;
Fig. 3 is the flow for authenticating ID of user, intranet host and flash memory device;
Fig. 4 is the schematic diagram of data ferry-boat between intranet host and mobile device;
Fig. 5 is the flow chart of user authorization data ferry-boat;
Fig. 6 is the structural representation of system of the present invention;
Fig. 7 is the modular structure function diagram of a kind of specific implementation of intelligent card chip.
Embodiment
Be subjected to present data ferry-boat to be applied to the enlightenment that physical gateway carries out exchanges data, the present invention brings in conjunction with TNC and authentication etc. the data ferry-boat at flash memory device potential safety hazard proposes the method for solution.
The inner frame of the employed flash memory device of the inventive method as shown in Figure 1, based on built-in intelligence the core of the card sheet, data exchange zone and private area in the improved flash memory device of smart card techniques, data exchange zone is as the transition region between external environment condition and the private area, with all accessing operations of interception at private area, private area is used to deposit the data messages such as classified document after the encryption, and unique identify label file of flash memory device is deposited in this private area.Data exchange zone is by designated lane and USB interface communication, and this designated lane is the communication protocol that realizes by certain cryptographic algorithm, is mainly used to transmit the private data information behind the enciphering/deciphering.Electronic switch is then realized by hardware or software, is used for switching the connection status of intranet host terminal memory and data exchange zone or data exchange zone and private area.
When this flash memory device inserts intranet host terminal in certain trust domain, and when the intranet host terminal is carried out information interaction therewith, adopt overview flow chart that this method carries out the information security transmission as shown in Figure 2, its detailed process is as follows:
(1) flash memory device inserts the intranet host terminal, and by this terminal recognition.
(2) authentication.At first, the intranet host terminal authenticates user identity by user fingerprints, and subsequently, intranet host terminal and flash memory device carry out two-way authentication.If above verification process all passes through, then change step (3) over to, otherwise intranet host terminal refusal flash memory device inserts, and changes step (7) over to.
(3) user sends the message transmission request to intranet host terminal or flash memory device.The user will initiate data file information transmission request, so that data file is transmitted between intranet host terminal and flash memory device.
(4) the intranet host terminal feeds back to the user with the summary info of this solicit operation, and this summary info comprises operation promoter, file source address, destination address and initiation time etc.
(5) this operation of subscriber authorisation.Pass through if authorize, then change (6) over to, otherwise prompting makes mistakes, change step (7) over to.
(6) carry out the data ferry-boat.Realize the no-protocol message transmission between intranet host terminal and flash memory device.
(7) stop.
Below by will describing the present invention more in detail by following examples, and following examples only are illustrative, and the present invention is not subjected to the restriction of these embodiment.
As shown in Figure 3, the detailed process of the employed authentication of this example is as follows:
(a1) Intranet terminal scanning USB port is found flash memory device to be certified;
(a2) the intranet host terminal utilizes user fingerprints that user identity is authenticated, and authentication success then changes (a3) over to, otherwise, refuse this flash memory device and insert;
(a3) the intranet host terminal sends authentication request to flash memory device;
(a4) flash memory device sends and to count to terminal at random, impacts-response authentication, if authentication is by then changing (a6) over to, otherwise the flash memory device refusal accesses terminal;
(a5) the intranet host terminal is sent read request to flash memory device, and reads the wherein documentation of identity of private area, and flash memory device is carried out authentication, if by then changing (a6) over to, otherwise terminal refusal mobile storage inserts;
(a6) the intranet host terminal is with the associated databases that counts user fingerprints information and mobile device turn-on time etc. in the certificate server.
Wherein, certificate server is used to provide important authentication and data backup information such as corresponding fingerprint database and audit database as the central server in the Intranet environment.Success is by after authentication and inserting the intranet host terminal, and as shown in Figure 4, the tripartite entity of the memory three composition data ferry-boat in the data exchange zone in the flash memory device, private area and the intranet host terminal cooperates corresponding software to realize the no-protocol ferry-boat.
In the exchange area, file will be accepted consistency check, allow all attack the carrier that does not all have agreement and physical medium when guaranteeing the data file integrality, and the data that guaranteed to enter the flash memory device private area are the clear data of no-protocol.The detailed process of data ferry-boat is as follows:
(b1) send data transfer request.The user operates the data file of needs, sends the transmission request, and the memory in the intranet host terminal is made response;
(b2) data enter data exchange zone.Intranet host customer end A gent is sent to data exchange zone in the flash memory device by client-side management software with data file;
(b3) agreement is landed, encryption.Because the existence of data exchange zone, make that all attacks to private area all are invalid, i.e. all attacks have all broken away from protocol bearer, in addition, in data exchange zone by smart card CPU call enciphering/deciphering power function that intelligent card chip provides to the data file add/closely wait safety operation;
(b4) kept secure.The private area that clear data information after encrypting is sent to flash memory device carries out safe storage.
(b5) transfer of data finishes.Realize safe transfer of data between intranet host terminal and flash memory device, guaranteed the data security of private area in intranet host terminal and the flash memory device.
Above process is that the secure data file in the Intranet enters the process in the flash memory device, otherwise, be flash memory device as data relay equipment, data file is sent to the process of intranet host terminal.
Can well control the safety inspection and the transmission of low layer data though adopt the data ferry-boat, but for upper layer application is that the promoter that data are ferried has no way of investigating, and the function that trojan horse and rogue program may utilize the data ferry-boat to be provided is at any time stolen user's confidential document.So on the basis of authentication and data ferry-boat, add file distributing confirmation method based on subscriber authorisation, guaranteed that the data ferry-boat that upper layer application is carried out meets user intention, guarantee that further the safety of confidential document between inter-trust domain transmits.
Working in coordination with down of intelligent card chip, when initiation is used in each data ferry-boat, with the summary info of confidential document, use initiator information and initiation time etc. and together form Summary file and feed back to the terminal use, and wait for that the user imports finger print information and carries out the behavior mandate, after treating that mandate is passed through, begin the ferry-boat of confidential document again.The subscriber authorisation flow process is as shown in Figure 5:
(c1) user is to the transmission request between data file initiation intranet host terminal and flash memory device;
(c2) host's machine terminal Agent initiates data transfer request;
(c3) intranet host terminal Agent forms summary info with this operation;
(c4) user imports fingerprint, and the fingerprint recognition processing module responds, and the user confirms this summary info;
(c5) finger print information comparison then this file is carried out transfer of data if compare successfully, otherwise this data transfer operation is under an embargo.
As shown in Figure 6, system of the present invention comprises certificate server 1, intranet host terminal 2.1 ..., 2.m, flash memory device 3.1 ..., 3.n, m, n are positive integer.
Intranet host terminal 2.1 ..., 2.m places in certain trust domain, keeps in communication by terminal Agent and certificate server, from fingerprint database, obtain individual finger print information and the Visitor Logs of flash memory device counted audit database.The side that memory in the intranet host terminal is ferried in the tripartite entity as data participates in the data security transmission.
Flash memory device 3.1 ..., 3.n is used to deposit individual's private information, the internal structure of each flash memory device is identical, includes USB interface, intelligent card chip, data exchange zone and private area.Wherein, data exchange zone and private area have carried out detailed argumentation as two other participants of data ferry-boat.USB interface meets current USB2.0 standard, is used for carrying out communication with the intranet host terminal.
As shown in Figure 7, be provided with communication module, authentication module, fingerprint recognition processing module, encryption and decryption module and CPU in the intelligent card chip.Wherein, authentication module is responsible for responding the authentication request that CPU sends, and authentication module calls the fingerprint recognition processing module compares to user fingerprints, thereby confirms user's legal identity; Authentication module also is used to produce random number, and obtains identify label file of flash memory device etc.The fingerprint recognition processing module is used to obtaining and comparing of finger print information is provided, and portion will generate comparison result within it, and feed back to authentication module, all will call the fingerprint recognition processing module and carry out corresponding operating in authenticating user identification and subscriber authorisation process.The encryption and decryption module is carried out enciphering/deciphering by built-in enciphering/deciphering function to the identify label file of data fileinfo and flash memory device, has guaranteed the safety of communication port, data file and flash memory device itself.CPU is used for unified management and each module of scheduling as the central processing unit of flash memory device, each functional module is under the unified scheduling of CPU, realization is carried out encrypted transmission to the data file information of travelling to and fro between between intranet host terminal and the flash memory device, the formation designated lane is finished security inspection and the data encrypted file deposits private area subsequently in.
The above is preferred embodiment of the present invention, but the present invention should not be confined to the disclosed content of this embodiment and accompanying drawing.So everyly do not break away from the equivalence of finishing under the spirit disclosed in this invention or revise, all fall into the scope of protection of the invention.
Claims (7)
1, a kind of flash memory device, it is characterized in that: this device built-in intelligence the core of the card sheet, its storage area is divided into data exchange zone and private area, data exchange zone is as the private area transition region outside with it, with all accessing operations of interception at private area, private area is used to deposit data encrypted information, and the connection status of data exchange zone and its outside or data exchange zone and private area is switched by electronic switch.
2, a kind of data safe transmission method based on the described flash memory device of claim 1, its step comprises:
1. flash memory device inserts the intranet host terminal, and by this terminal recognition;
2. the intranet host terminal authenticates user identity by user fingerprints, and subsequently, intranet host terminal and flash memory device carry out two-way authentication; If above verification process all passes through, then change step over to 3., otherwise intranet host terminal refusal flash memory device inserts, and changes step over to 7.;
3. the user sends the message transmission request to intranet host terminal or flash memory device; The user will initiate data file information transmission request, so that data file is transmitted between intranet host terminal and flash memory device;
4. the intranet host terminal feeds back to the user with the summary info of this solicit operation, and this summary info comprises operation promoter, file source address, destination address and initiation time;
5. this operation of subscriber authorisation; Pass through if authorize, then enter step 6., otherwise prompting makes mistakes, change step over to 7.;
6. carry out the data ferry-boat; Realize the no-protocol message transmission between intranet host terminal and flash memory device;
7. stop.
3, data safe transmission method according to claim 2 is characterized in that: the process that step is carried out authentication in 2. is as follows:
(a1) Intranet terminal scanning USB port is found flash memory device to be certified;
(a2) the intranet host terminal utilizes user fingerprints that user identity is authenticated, and authentication success then changes (a3) over to, otherwise, refuse this flash memory device and insert;
(a3) the intranet host terminal sends authentication request to flash memory device;
(a4) flash memory device sends and to count to terminal at random, impacts-response authentication, if authentication is by then changing (a6) over to, otherwise the flash memory device refusal accesses terminal;
(a5) the intranet host terminal is sent read request to flash memory device, and reads the wherein documentation of identity of private area, and flash memory device is carried out authentication, if by then changing (a6) over to, otherwise terminal refusal mobile storage inserts;
(a6) the intranet host terminal counts associated databases in the certificate server turn-on time with user fingerprints information and mobile device.
4, data safe transmission method according to claim 2 is characterized in that: the detailed process of the 6. middle data ferry-boat of step is as follows:
(b1) user operates the data file of needs, sends the transmission request, and the memory in the intranet host terminal is made response;
(b2) the intranet host client is sent to data exchange zone in the flash memory device with data file;
(b3) intelligent card chip in the flash memory device utilize the enciphering/deciphering power function to the data file add/closely separate operation;
(b4) private area that is sent to flash memory device of the clear data information after will encrypting carries out safe storage.
5, data safe transmission method according to claim 2 is characterized in that: the step 5. process of middle subscriber authorisation is:
(c1) user is to the transmission request between data file initiation intranet host terminal and flash memory device;
(c2) the intranet host terminal is initiated data transfer request;
(c3) the intranet host terminal forms summary info with this operation;
(c4) user confirms this summary info by the input fingerprint;
(c5) finger print information comparison then this file is carried out transfer of data if compare successfully, otherwise this data transfer operation is under an embargo.
6, a kind of system that realizes the described data safe transmission method of claim 2, it comprises certificate server (1), the intranet host terminal (2.1 ..., 2.m), and flash memory device (3.1 ..., 3.n), m, n are positive integer;
Certificate server (1) comprises fingerprint database (1.1) and audit database (1.2), is used to provide the finger print information of authenticating user identification and the log information that system backup is used respectively;
The intranet host terminal (2.1 ..., 2.m) place in certain trust domain, keep in communication with certificate server by terminal agency, from fingerprint database, obtain individual finger print information and the Visitor Logs of flash memory device counted audit database; The side that memory in the intranet host terminal is ferried in the tripartite entity as data participates in the data security transmission;
Flash memory device (3.1 ..., 3.n) respectively by USB interface and intranet host terminal (2.1 ..., 2.m) communication, be used to finish authenticating user identification, and and the intranet host terminal between carry out two-way authentication, realization is carried out encrypted transmission to the data file information of travelling to and fro between between intranet host terminal and the flash memory device, and deposits the data encrypted file in private area.
7, system according to claim 6 is characterized in that: be provided with communication module, authentication module, fingerprint recognition processing module, encryption and decryption module and CPU in the described intelligent card chip; Authentication module is responsible for responding the authentication request that CPU sends, and calls the fingerprint recognition processing module user fingerprints is compared, and confirms user's legal identity; Authentication module also is used to produce random number, and the identify label file that obtains flash memory device; The fingerprint recognition processing module is used to obtaining and comparing of finger print information is provided, and portion will generate comparison result within it, and feed back to authentication module, all will call the fingerprint recognition processing module and carry out corresponding operating in authenticating user identification and subscriber authorisation process; The encryption and decryption module is carried out enciphering/deciphering by built-in enciphering/deciphering function to the identify label file of data fileinfo and flash memory device, guarantees the safety of communication port, data file and flash memory device itself; CPU is used for unified management and each module of scheduling as the central processing unit of flash memory device, each functional module is under the unified scheduling of CPU, realization is carried out encrypted transmission to the data file information of travelling to and fro between between intranet host terminal and the flash memory device, the formation designated lane is finished security inspection and the data encrypted file deposits private area subsequently in.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008102368031A CN101488952A (en) | 2008-12-10 | 2008-12-10 | Mobile storage apparatus, data secured transmission method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008102368031A CN101488952A (en) | 2008-12-10 | 2008-12-10 | Mobile storage apparatus, data secured transmission method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101488952A true CN101488952A (en) | 2009-07-22 |
Family
ID=40891630
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008102368031A Pending CN101488952A (en) | 2008-12-10 | 2008-12-10 | Mobile storage apparatus, data secured transmission method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101488952A (en) |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101794310A (en) * | 2010-03-04 | 2010-08-04 | 北京握奇数据系统有限公司 | Method, system and device for processing smart card database |
| CN101799856A (en) * | 2010-03-17 | 2010-08-11 | 太仓市同维电子有限公司 | Method for encrypting application software private area of EVDO (evolution-data optimized) data card end |
| CN101916342A (en) * | 2010-08-16 | 2010-12-15 | 武汉天喻信息产业股份有限公司 | Secure mobile storage device and method for realizing secure data exchange by using same |
| WO2010145337A1 (en) * | 2009-11-05 | 2010-12-23 | 中兴通讯股份有限公司 | Encryption device and method for controlling download and access of mobile terminal |
| CN102063359A (en) * | 2010-11-02 | 2011-05-18 | 北京安天电子设备有限公司 | Method and device for monitoring data for USE mobile storage device |
| CN102137396A (en) * | 2010-11-12 | 2011-07-27 | 华为终端有限公司 | Terminal, card and method and system for checking machine and card |
| CN102195780A (en) * | 2010-03-15 | 2011-09-21 | 英威康科技股份有限公司 | Electronic key system |
| CN102244649A (en) * | 2010-05-12 | 2011-11-16 | 杭州华三通信技术有限公司 | Data transmission method among secure networks and data processors |
| CN102713920A (en) * | 2009-09-04 | 2012-10-03 | 托马斯·索克 | A personalized multifunctional access device possessing an individualized form of authenticating and controlling data exchange |
| CN103632107A (en) * | 2012-08-23 | 2014-03-12 | 苏州慧盾信息安全科技有限公司 | Mobile terminal information safety protection system and method |
| CN105871836A (en) * | 2016-03-30 | 2016-08-17 | 华东师范大学 | GAP information extraction method combining with fingerprint verification |
| CN106446654A (en) * | 2016-10-21 | 2017-02-22 | 国网黑龙江省电力有限公司信息通信公司 | Isolation method based on fingerprint recognition of computer input and output devices |
| CN106534275A (en) * | 2016-10-25 | 2017-03-22 | 公安部第三研究所 | Universal safe and reliable data switching method |
| CN107018120A (en) * | 2015-09-15 | 2017-08-04 | 西门子公司 | System and method for analyzing object |
| CN107451480A (en) * | 2017-07-21 | 2017-12-08 | 山东华芯半导体有限公司 | A kind of encrypted partition access method based on unidirectional 4-Way Handshake |
| CN108156155A (en) * | 2017-12-25 | 2018-06-12 | 资密科技有限公司 | A kind of biological authentification system based on wireless network, mobile device and method |
| CN108200217A (en) * | 2018-03-05 | 2018-06-22 | 吉林化工学院 | The synchronous method and system of a kind of data |
| CN109783570A (en) * | 2018-12-10 | 2019-05-21 | 安徽四创电子股份有限公司 | A kind of cross-border case data ferry-boat implementation method |
| CN112364395A (en) * | 2020-11-11 | 2021-02-12 | 中国信息安全测评中心 | Safety protection method and device for solid state disk |
| CN112541168A (en) * | 2020-12-04 | 2021-03-23 | 中国电子信息产业集团有限公司第六研究所 | Data anti-theft method, system and storage medium |
| CN112784248A (en) * | 2020-12-31 | 2021-05-11 | 沈阳中钞信达金融设备有限公司 | Financial machine storage peripheral data security solution method |
| CN112800451A (en) * | 2021-02-24 | 2021-05-14 | 山东华芯半导体有限公司 | Data dump device based on hardware physical isolation |
| CN113609538A (en) * | 2021-07-09 | 2021-11-05 | 国网福建省电力有限公司电力科学研究院 | Access control method, device and equipment for mobile storage medium and storage medium |
| CN114710360A (en) * | 2022-04-15 | 2022-07-05 | 北京全路通信信号研究设计院集团有限公司 | Audit-based inside-out data secure transmission method and system and electronic equipment |
| CN114826760A (en) * | 2022-05-12 | 2022-07-29 | 深圳铸泰科技有限公司 | Network security analysis method based on boundary theory |
-
2008
- 2008-12-10 CN CNA2008102368031A patent/CN101488952A/en active Pending
Cited By (34)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102713920A (en) * | 2009-09-04 | 2012-10-03 | 托马斯·索克 | A personalized multifunctional access device possessing an individualized form of authenticating and controlling data exchange |
| US8661239B2 (en) | 2009-11-05 | 2014-02-25 | Zte Corporation | Encryption device and method for controlling download and access operations performed to a mobile terminal |
| WO2010145337A1 (en) * | 2009-11-05 | 2010-12-23 | 中兴通讯股份有限公司 | Encryption device and method for controlling download and access of mobile terminal |
| CN101794310A (en) * | 2010-03-04 | 2010-08-04 | 北京握奇数据系统有限公司 | Method, system and device for processing smart card database |
| CN102195780A (en) * | 2010-03-15 | 2011-09-21 | 英威康科技股份有限公司 | Electronic key system |
| CN101799856A (en) * | 2010-03-17 | 2010-08-11 | 太仓市同维电子有限公司 | Method for encrypting application software private area of EVDO (evolution-data optimized) data card end |
| CN102244649A (en) * | 2010-05-12 | 2011-11-16 | 杭州华三通信技术有限公司 | Data transmission method among secure networks and data processors |
| CN102244649B (en) * | 2010-05-12 | 2015-06-10 | 杭州华三通信技术有限公司 | Data transmission method among secure networks and data processors |
| CN101916342A (en) * | 2010-08-16 | 2010-12-15 | 武汉天喻信息产业股份有限公司 | Secure mobile storage device and method for realizing secure data exchange by using same |
| CN102063359A (en) * | 2010-11-02 | 2011-05-18 | 北京安天电子设备有限公司 | Method and device for monitoring data for USE mobile storage device |
| CN102063359B (en) * | 2010-11-02 | 2013-05-22 | 北京安天电子设备有限公司 | Method and device for monitoring data for USE mobile storage device |
| CN102137396A (en) * | 2010-11-12 | 2011-07-27 | 华为终端有限公司 | Terminal, card and method and system for checking machine and card |
| CN103632107A (en) * | 2012-08-23 | 2014-03-12 | 苏州慧盾信息安全科技有限公司 | Mobile terminal information safety protection system and method |
| CN107018120A (en) * | 2015-09-15 | 2017-08-04 | 西门子公司 | System and method for analyzing object |
| CN105871836A (en) * | 2016-03-30 | 2016-08-17 | 华东师范大学 | GAP information extraction method combining with fingerprint verification |
| CN105871836B (en) * | 2016-03-30 | 2019-06-11 | 华东师范大学 | A kind of gateway information extracting method of combination fingerprint authentication |
| CN106446654A (en) * | 2016-10-21 | 2017-02-22 | 国网黑龙江省电力有限公司信息通信公司 | Isolation method based on fingerprint recognition of computer input and output devices |
| CN106446654B (en) * | 2016-10-21 | 2019-03-29 | 国网黑龙江省电力有限公司信息通信公司 | Input output device of computer partition method based on fingerprint recognition |
| CN106534275A (en) * | 2016-10-25 | 2017-03-22 | 公安部第三研究所 | Universal safe and reliable data switching method |
| CN106534275B (en) * | 2016-10-25 | 2019-12-06 | 公安部第三研究所 | Universal safe and reliable data exchange method |
| CN107451480A (en) * | 2017-07-21 | 2017-12-08 | 山东华芯半导体有限公司 | A kind of encrypted partition access method based on unidirectional 4-Way Handshake |
| CN108156155A (en) * | 2017-12-25 | 2018-06-12 | 资密科技有限公司 | A kind of biological authentification system based on wireless network, mobile device and method |
| CN108200217A (en) * | 2018-03-05 | 2018-06-22 | 吉林化工学院 | The synchronous method and system of a kind of data |
| CN109783570A (en) * | 2018-12-10 | 2019-05-21 | 安徽四创电子股份有限公司 | A kind of cross-border case data ferry-boat implementation method |
| CN112364395A (en) * | 2020-11-11 | 2021-02-12 | 中国信息安全测评中心 | Safety protection method and device for solid state disk |
| CN112541168A (en) * | 2020-12-04 | 2021-03-23 | 中国电子信息产业集团有限公司第六研究所 | Data anti-theft method, system and storage medium |
| CN112784248A (en) * | 2020-12-31 | 2021-05-11 | 沈阳中钞信达金融设备有限公司 | Financial machine storage peripheral data security solution method |
| CN112800451A (en) * | 2021-02-24 | 2021-05-14 | 山东华芯半导体有限公司 | Data dump device based on hardware physical isolation |
| CN113609538A (en) * | 2021-07-09 | 2021-11-05 | 国网福建省电力有限公司电力科学研究院 | Access control method, device and equipment for mobile storage medium and storage medium |
| CN113609538B (en) * | 2021-07-09 | 2024-03-08 | 国网福建省电力有限公司电力科学研究院 | Access control method, device and equipment for mobile storage medium and storage medium |
| CN114710360A (en) * | 2022-04-15 | 2022-07-05 | 北京全路通信信号研究设计院集团有限公司 | Audit-based inside-out data secure transmission method and system and electronic equipment |
| CN114710360B (en) * | 2022-04-15 | 2024-01-19 | 北京全路通信信号研究设计院集团有限公司 | Audit-based inside-to-outside data security transmission method and system and electronic equipment |
| CN114826760A (en) * | 2022-05-12 | 2022-07-29 | 深圳铸泰科技有限公司 | Network security analysis method based on boundary theory |
| CN114826760B (en) * | 2022-05-12 | 2023-08-15 | 深圳铸泰科技有限公司 | Network security analysis method based on boundary theory |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101488952A (en) | Mobile storage apparatus, data secured transmission method and system | |
| CN108989346B (en) | Third-party valid identity escrow agile authentication access method based on account hiding | |
| CN106022080B (en) | A kind of data ciphering method based on the cipher card of PCIe interface and the cipher card | |
| CN106888084B (en) | Quantum fort machine system and authentication method thereof | |
| KR20210040078A (en) | Systems and methods for safe storage services | |
| CN103546421B (en) | Network work based on PKI technology exchange security system and its implementation | |
| CN108615154B (en) | Block chain digital signature system based on hardware encryption protection and using process | |
| CN103441991A (en) | Mobile terminal security access platform | |
| CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
| CN103297437A (en) | Safety server access method for mobile intelligent terminal | |
| CN105956496A (en) | Security and secrecy method for sharing storage files | |
| CN105099711A (en) | ZYNQ-based small-sized cipher machine and data encryption method | |
| CN107332671A (en) | A kind of safety mobile terminal system and method for secure transactions based on safety chip | |
| CN1901452A (en) | Multi-level and multi-factor security credentials management for network element authentication | |
| CN107196932A (en) | Managing and control system in a kind of document sets based on virtualization | |
| US11861582B2 (en) | Security protection of association between a user device and a user | |
| CN110336788A (en) | A kind of data safety exchange method of internet of things equipment and mobile terminal | |
| CN104219077A (en) | Information management system for middle and small-sized enterprises | |
| CN101833620A (en) | Custom security JDBC driver-based database protective method | |
| CN103595534B (en) | A kind of holding equipment revokes data ciphering and deciphering system and the implementation method of operation | |
| CN1925401B (en) | Internet access system and method | |
| CN101808077A (en) | Information security input processing system and method and smart card | |
| CN203164961U (en) | Safe portable storage device | |
| CN202652534U (en) | Mobile terminal safety access platform | |
| CN103269301A (en) | Desktop type IPSecVPN cryptographic machine and networking method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20090722 |