CN102750230A - Access control system and method of universal serial bus (USB) storage equipment - Google Patents
Access control system and method of universal serial bus (USB) storage equipment Download PDFInfo
- Publication number
- CN102750230A CN102750230A CN2011100978542A CN201110097854A CN102750230A CN 102750230 A CN102750230 A CN 102750230A CN 2011100978542 A CN2011100978542 A CN 2011100978542A CN 201110097854 A CN201110097854 A CN 201110097854A CN 102750230 A CN102750230 A CN 102750230A
- Authority
- CN
- China
- Prior art keywords
- access control
- usb
- pin
- allow
- detects
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Information Transfer Systems (AREA)
Abstract
The invention discloses an access control system and method of universal serial bus (USB) storage equipment. Access control detection pins are respectively arranged on a USB socket of host equipment and a USB plug of the USB storage equipment, and the USB socket is connected with the USB plug; the USB storage equipment is authenticated by the host equipment according to access control signals of the access control detection pin on the USB socket, and the host equipment is authenticated by the USB storage equipment according to access control signals of the access control detection pin on the USB plug; and if both the USB storage equipment and the host equipment are authenticated, the host equipment is allowed to access a USB storage module in the USB storage equipment, if any one is not authenticated, the access is not allowed. The scheme provided by the invention is applied to shorten delay and improve security.
Description
Technical field
The present invention relates to access control technology, the access control system and the method for particularly a kind of USB (USB) memory device.
Background technology
Current, along with the progress of science and technology, mobile storage technology is fast-developing, and characteristics such as wherein, the USB memory device is little with its volume, capacity is big, profile is various, simple to operate and long service life have obtained using widely, are having vast market prospect.
Be accompanied by the widespread use of USB memory device, its safety problem also comes out gradually, and the information leakage accident that causes via the USB memory device emerges in an endless stream.Therefore, need carry out strict access control to the USB memory device, common implementation is following:
On main process equipment and USB memory device, specific software is installed all; When main process equipment conducts interviews operation to the USB memory device; The USB memory device carries out authentication through this software to main process equipment, judges whether it is legal main process equipment, and implements different access control policies according to the difference of judged result; As allow legal main process equipment that the USB memory device is carried out read-write operation, only allow illegal main process equipment to carry out write operation etc.
Though aforesaid way can prevent information leakage to a certain extent; But also can there be certain problem in this mode in practical application; As: 1) the USB memory device needs the information interaction of several times usually to the process that main process equipment carries out authentication, thereby can cause long time delay; 2) said specific software is easy to broken through by means such as Brute Forces, and security is lower; 3) only can realize unilateral authentication, promptly can only carry out authentication, can not carry out authentication, also cause security lower the USB memory device to main process equipment.
Summary of the invention
In view of this, fundamental purpose of the present invention is to provide a kind of access control system of USB memory device, can shorten time delay and improve security.
Another object of the present invention is to provide a kind of access control method of USB memory device, can shorten time delay and improve security.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of access control system of general-purpose serial bus USB memory device comprises: main process equipment and USB memory device;
Wherein, said main process equipment comprises: USB socket, host computer control module and host stores module, said USB socket are provided with access control and detect pin;
Said USB memory device comprises: USB plug, USB control module and USB memory module, said USB plug are provided with access control and detect pin;
Said USB memory device links to each other with said USB socket through said USB plug with said main process equipment;
Said host computer control module detects the access control signal of the access control detection pin on the said USB socket; According to testing result said USB memory device is carried out authentication; Said USB control module detects the access control signal of the access control detection pin on the said USB plug; According to testing result said main process equipment is carried out authentication,, then allow said main process equipment that said USB memory module is conducted interviews if the equal authentication of both sides is passed through; If any side's authentication is not passed through, then do not allow to conduct interviews.
A kind of access control method of general-purpose serial bus USB memory device comprises:
Access control is set respectively on the USB plug of the USB socket of main process equipment and USB memory device detects pin, and said USB socket is linked to each other with said USB plug;
Said main process equipment comes said USB memory device is carried out authentication according to the access control signal that the access control on the said USB socket detects pin, and said USB memory device comes said main process equipment is carried out authentication according to the access control signal that the access control on the said USB plug detects pin;
If the equal authentication of both sides is passed through, then allow said main process equipment that the USB memory module in the said USB memory device is conducted interviews, if any side's authentication is not passed through, then do not allow to conduct interviews.
It is thus clear that, adopt technical scheme of the present invention, through hardware circuit main process equipment and USB memory device are carried out two-way authentication, thereby shorten even removed time delay, and avoided software, thereby improved security preferably by problems such as Brute Forces; And all standard compliant dimensional requirement of USB socket of the present invention and USB plug can normally engage with standard USB plug and USB socket, has good compatibility.
Description of drawings
Fig. 1 is the composition structural representation of main process equipment embodiment of the present invention.
Fig. 2 is the pin set-up mode synoptic diagram on the existing USB socket.
Fig. 3 detects the first set-up mode synoptic diagram of pin for the access control on the USB socket of the present invention.
Fig. 4 detects the second set-up mode synoptic diagram of pin for the access control on the USB socket of the present invention.
Fig. 5 detects the 3rd set-up mode synoptic diagram of pin for the access control on the USB socket of the present invention.
Fig. 6 detects the 4th set-up mode synoptic diagram of pin for the access control on the USB socket of the present invention.
Fig. 7 detects the 5th set-up mode synoptic diagram of pin for the access control on the USB socket of the present invention.
Fig. 8 detects the 6th set-up mode synoptic diagram of pin for the access control on the USB socket of the present invention.
Fig. 9 detects the size synoptic diagram of pin for the access control on the USB socket of the present invention.
Figure 10 forms structural representation for first of the level sensitive circuit in the host computer control module of the present invention.
Figure 11 forms structural representation for second of the level sensitive circuit in the host computer control module of the present invention.
Figure 12 is the composition structural representation of USB memory device embodiment of the present invention.
Figure 13 is the process flow diagram of USB storage device access control method embodiment of the present invention.
Figure 14 is the pin set-up mode synoptic diagram on the USB socket in the example one of the present invention.
Figure 15 is the pin set-up mode synoptic diagram on the USB plug in the example one of the present invention.
Figure 16 is the pin set-up mode synoptic diagram on the USB socket in the example two of the present invention.
Figure 17 is the composition structural representation of the level sensitive circuit in the host computer control module in the example two of the present invention.
The set-up mode synoptic diagram of the pin on the USB plug in Figure 18 example two of the present invention.
The composition structural representation of the level sensitive circuit in the USB control module in Figure 19 example two of the present invention.
Embodiment
To the problem that exists in the prior art, the access control system and the method for the USB memory device after a kind of improve proposed among the present invention, can shorten time delay and improve security.
For make technical scheme of the present invention clearer, understand, below be example with the A type interface in USB 2.0 standards, with reference to the accompanying drawing embodiment that develops simultaneously, the present invention program is done to specify further.
Comprise in the access control system of USB memory device of the present invention: main process equipment and USB memory device, introduce as follows respectively:
1) main process equipment
Fig. 1 is the composition structural representation of main process equipment embodiment of the present invention.As shown in Figure 1, comprising: USB socket, host computer control module, host stores module, the three is in the prior art existing.Wherein, USB socket is used to connect main process equipment and USB memory device, is that the USB socket with main process equipment links to each other with the USB plug of USB memory device specifically; Host computer control module is used for the various operations on the processing host, comprises that control carries out read-write operation etc. to the USB memory device; The host stores module is used to carry out data storage.With different in the prior art be; Also be provided with access control on the USB socket of main process equipment shown in Figure 1 and detect pin (CTL); In addition; Also can further be provided with access control signal pins (VP), access control detects pin and links to each other with host computer control module, but the access control signal of host computer control module test access control detection pin; The access control signal pins also links to each other with host computer control module, for it access control signal is provided by host computer control module.
In practical application, above-mentioned access control signal can be varying level values such as high level or low level.
Fig. 2 is the pin set-up mode synoptic diagram on the existing USB socket.As shown in Figure 2, be followed successively by from top to bottom: 5V power pins (VBUS), data line 1 pin (D-), data line 2 pins (D+) and ground wire pin (GND).
Fig. 3 detects the first set-up mode synoptic diagram of pin for the access control on the USB socket of the present invention.As shown in Figure 3, be followed successively by from top to bottom: 5V power pins, data line 1 pin, data line 2 pins, wire pin and access control detect pin.
The standard compliant dimensional requirement of USB socket shown in Figure 3 can normally engage with the standard USB plug, has just increased access control and has detected pin.
As shown in Figure 3, access control detects pin and is positioned at the other side away from data line 2 pins of ground wire pin.In practical application, the position of access control detection pin is not limited to shown in Figure 3, promptly also can be positioned at other position, shown in Fig. 4~8.Wherein, Fig. 4 can find out that for the second set-up mode synoptic diagram of the detection of the access control on the USB socket of the present invention pin access control detects pin and is positioned at the other side away from data line 1 pin of 5V power pins; Fig. 5 can find out that for the 3rd set-up mode synoptic diagram of the detection of the access control on the USB socket of the present invention pin access control detects pin between 5V power pins and data line 1 pin; Fig. 6 can find out that for the 4th set-up mode synoptic diagram of the detection of the access control on the USB socket of the present invention pin access control detects pin between data line 1 pin and data line 2 pins; Fig. 7 can find out that for the 5th set-up mode synoptic diagram of the detection of the access control on the USB socket of the present invention pin access control detects pin between data line 2 pins and ground wire pin; Fig. 8 can find out that for the 6th set-up mode synoptic diagram of the detection of the access control on the USB socket of the present invention pin access control detects the front end that pin is positioned at USB socket.
In addition, all only be provided with an access control in Fig. 3~8 and detect pin, in practical application; The number of the access control detection pin on the USB socket also can be for a plurality of; Promptly can be M, as long as M is a positive integer, the concrete value of M can be decided according to the actual requirements.If be a plurality of, these a plurality of access control detect pins and can be positioned at identical position so, also can lay respectively at different positions, perhaps also can partly be positioned at same position, other be positioned at diverse location, in a word, concrete implementation is not limit.
Access control detects arbitrary plane that pin can be positioned at other pin place that is provided with on the USB socket.
In addition, access control detect pin size can with the consistent size of other pin of being provided with on the USB socket, also can be inconsistent, promptly can be self-defining size.Fig. 9 detects the size synoptic diagram of pin for the access control on the USB socket of the present invention.
The set-up mode of access control signal pins is identical with the set-up mode that access control detects pin; The dimensional requirement of the access control signal pins also dimensional requirement with access control detection pin is identical; Simultaneously; It is corresponding that the set-up mode of access control signal pins, pin size should detect set-up mode, the pin size of pin with the access control on the USB plug, to guarantee that access control signal pins on the USB socket can detect pin and correctly link to each other with the access control on the USB plug.
Can specifically comprise in the host computer control module shown in Figure 1: level sensitive circuit and control module wherein, may further include resistance (R) and lead in the level sensitive circuit.
Figure 10 forms structural representation for first of the level sensitive circuit in the host computer control module of the present invention.Shown in figure 10, an end connected reference control detection pin of lead, the other end connects control module, an end ground connection of resistance, the other end is connected between the two ends of lead.The level value of default access control detection pin is a low level; When the USB memory device fails to detect pin high level is provided for access control; Control module will detect low level, and when the USB memory device is access control when detecting pin high level being provided, control module will detect high level.
Figure 11 forms structural representation for second of the level sensitive circuit in the host computer control module of the present invention.Shown in figure 11, an end connected reference control detection pin of lead, the other end connects control module, a termination high level V of resistance
H, the other end is connected between the two ends of lead.The level value of default access control detection pin is a high level; When the USB memory device fails to detect pin low level is provided for access control; Control module will detect high level, and when the USB memory device is access control when detecting pin low level being provided, control module will detect low level.
Control module is through the access control signal of level sensitive circuit test access control detection pin.
2) USB memory device
Figure 12 is the composition structural representation of USB memory device embodiment of the present invention.Shown in figure 12, comprising: USB plug, USB control module and USB memory module, the three is in the prior art existing.Wherein, USB plug is used to connect USB memory device and main process equipment; Specifically, be that USB plug is linked to each other with USB socket in the main process equipment, the USB control module is used for the read-write requests of main process equipment is responded; Promptly in the USB memory module, write data and from the USB memory module sense data, the USB memory module is used to carry out data storage.With different in the prior art be; Also be provided with access control on the USB plug shown in Figure 12 and detect pin; In addition; Also can further be provided with the access control signal pins, access control detects pin and links to each other with the USB control module, but the access control signal of USB control module test access control detection pin; The access control signal pins also links to each other with the USB control module, and the USB control module provides the access control signal for it.
As previously mentioned, in practical application, above-mentioned access control signal can be varying level values such as high level or low level.
Set-up mode, the access control that existing pin set-up mode on the USB plug, access control detect pin detects all identical with described in the USB socket such as the size of pin, the set-up mode of access control signal pins, the size of access control signal pins; Simultaneously; It is corresponding that the set-up mode of the access control signal pins on the USB plug, pin size should detect set-up mode, the pin size of pin with the access control on the USB socket, to guarantee that access control signal pins on the USB plug can detect pin and correctly link to each other with the access control on the USB plug.
In addition, can comprise equally in the USB control module: level sensitive circuit and control module wherein, can further comprise resistance and lead in the level sensitive circuit.
It is same as shown in Figure 10 that first of level sensitive circuit in the USB control module is formed structure; The level value that is default access control detection pin is a low level; When main process equipment fails to detect pin high level is provided for access control; Control module will detect low level, and when main process equipment is access control when detecting pin high level being provided, control module will detect high level.
It is same as shown in Figure 11 that second of level sensitive circuit in the USB control module is formed structure; The level value that is default access control detection pin is a high level; When main process equipment fails to detect pin low level is provided for access control; Control module will detect high level, and when main process equipment is access control when detecting pin low level being provided, control module will detect low level.
Control module is through the access control signal of level sensitive circuit test access control detection pin.
Among the present invention; Access control on the USB socket detects pin and can link to each other with the access control signal pins on the USB plug; So, in fact host computer control module detection that the access control on the USB socket is detected the access control signal of pin is exactly the detection to the access control signal of the access control signal pins of the correspondence position on the USB plug; Access control on the USB plug detects pin and can link to each other with the access control signal pins on the USB socket; So, in fact the detection that the access control on the USB plug is detected the access control signal of pin of USB control module is exactly the detection to the access control signal of the access control signal pins of the correspondence position on the USB socket.
Need to prove that the number that the access control on the above-mentioned USB socket detects pin can be M, M is a positive integer; The number that access control on the USB plug detects pin can be N; N is a positive integer, the value of M and N can be identical also can be different, concrete value separately all can be decided according to the actual requirements; In addition, the number of the access control signal pins on the USB socket can be M ', and M ' is a positive integer, and the value of M ' can be identical with N, also can be different; The number of the access control signal pins on the USB plug can be N ', and N ' is a positive integer, and the value of N ' can be identical with M, also can be different.When USB socket with after USB plug links to each other; Detect pin for each access control; It can link to each other with an access control signal pins, for it high level or low level is provided by this access control signal pins, perhaps; Can not link to each other yet, promptly adopt the level value of acquiescence with the access control signal pins.
Based on above-mentioned introduction, Figure 13 is the process flow diagram of USB storage device access control method embodiment of the present invention.Shown in figure 13, may further comprise the steps:
Step 131: access control is set respectively on the USB plug of the USB socket of main process equipment and USB memory device detects pin, and USB socket is linked to each other with USB plug.
Step 132: main process equipment comes the USB memory device is carried out authentication according to the access control signal that the access control on the USB socket detects pin, and the USB memory device comes main process equipment is carried out authentication according to the access control signal that the access control on the USB plug detects pin; If the equal authentication of both sides is passed through, then allow main process equipment that the USB memory module in the USB memory device is conducted interviews, if any side's authentication is not passed through, then do not allow to conduct interviews.
For the operation that to the USB memory device, writes data from main process equipment, host computer control module is at first carried out authentication to the USB memory device, and promptly the access control signal according to the detection of the access control on USB socket pin determines whether to allow to write data to the USB memory device from main process equipment; If do not allow, EO then is if allow; Then main process equipment sends the request of writing to the USB memory device; Correspondingly, the USB control module is carried out authentication to main process equipment, and promptly the access control signal according to the detection of the access control on USB plug pin determines whether to allow main process equipment to write data; If do not allow; EO then, if allow, then main process equipment can write data in the USB memory device.
For the operation of main process equipment reading of data from the USB memory device, the USB control module is at first carried out authentication to main process equipment, and promptly the access control signal according to the detection of the access control on USB plug pin determines whether to allow from USB memory device reading of data to main process equipment; If do not allow, EO then is if allow; Then USB memory device response main process equipment can reading of data; Correspondingly, host computer control module is carried out authentication to the USB memory device, and promptly the access control signal according to the detection of the access control on USB socket pin determines whether to allow reading of data from the USB memory device; If do not allow; EO then, if allow, then main process equipment can be from the USB memory device reading of data.
Above-mentioned main process equipment in the USB memory device, write and the process of reading of data in, the Comprehensive Control of host computer control module and USB memory module has all been passed through in the transmission of data, thereby has improved safety of data.In addition, said process is sightless for the user, and the user only can realize the result of access control, promptly allows or does not allow to carry out data transmission between main process equipment and the USB memory device, so can not influence user experience.
In practical application, can comprise X partition holding in the USB memory module, X is a positive integer.To each partition holding, can implement in the following access control policy any one respectively:
Allow main process equipment that it is carried out read-write operation;
Allow main process equipment that it is carried out read operation, do not allow to carry out write operation;
Allow main process equipment that it is carried out write operation, do not allow to carry out read operation;
Neither allow main process equipment that it is carried out read operation, also do not allow to carry out write operation.
As previously mentioned; The number that access control on the USB socket detects pin can be M; The number that access control on the USB plug detects pin can be N, and the number of the access control signal pins on the USB socket can be M ', and the number of the access control signal pins on the USB plug is N '.Below, scheme according to the invention is done to specify further through concrete example.
1) example one
The value of supposing M is 1; The value of M ' also is 1, and Figure 14 adopts level sensitive circuit shown in Figure 10 for the pin set-up mode synoptic diagram on the USB socket in the example one of the present invention, host computer control module; And the value of hypothesis N is 1; The value of N ' also is 1, and Figure 15 adopts level sensitive circuit shown in Figure 11 for the pin set-up mode synoptic diagram on the USB plug in the example one of the present invention, USB control module; In addition, suppose to comprise in the USB memory module partition holding 1 and partition holding 2 totally 2 partition holdings.
When the USB memory device with after main process equipment links to each other, host computer control module detects the access control signal that access control on the USB socket detects pin, the USB control module detects the access control signal that access control on the USB plug detects pin.
For instance, if host computer control module detects low level, then allow whole partition holdings are carried out read-write operation; Perhaps; Only allow whole partition holdings are carried out read operation, perhaps, only allow whole partition holdings are carried out write operation; Perhaps, do not allow whole partition holdings are carried out read-write operation; If host computer control module detects high level, corresponding access control policy can be above-mentioned any one, but corresponding access control policy is different need detect low level with host computer control module usually the time.In this example, when supposing that host computer control module detects high level, allow whole partition holdings are carried out read-write operation, when detecting low level, do not allow whole partition holdings are carried out read-write operation.
If the USB control module detects low level, then allow whole partition holdings are carried out read-write operation, perhaps, only allow whole partition holdings are carried out read operation; Perhaps, only allow whole partition holdings are carried out write operation, perhaps; Do not allow whole partition holdings are carried out read-write operation, perhaps, allow partition holding 1 is carried out read-write operation; Do not allow partition holding 2 is carried out read-write operation, perhaps, allow partition holding 1 is carried out read-write operation; Permission is carried out read operation to partition holding 2, does not allow partition holding 2 is carried out write operation, and other possible situation is enumerated no longer one by one; If the USB control module detects high level, corresponding access control policy can be above-mentioned any one, but usually need be when the USB control module detects low level corresponding access control policy is different.In this example, when supposing that the USB control module detects low level, allow whole partition holdings are carried out read-write operation, when detecting high level, only allow whole partition holdings are carried out read operation.
Like this; If host computer control module detects high level; The USB control module detects low level; Be that host computer control module allows whole partition holdings are carried out read-write operation, the USB control module also allows whole partition holdings are carried out read-write operation, allows main process equipment that whole partition holdings are carried out read-write operation so the most at last; If host computer control module detects high level; The USB control module also detects high level; Be that host computer control module allows whole partition holdings are carried out read-write operation; And the USB control module only allows whole partition holdings are carried out read operation, the most only allows main process equipment that whole partition holdings are carried out read operation so, does not allow to carry out write operation; If host computer control module detects low level; The USB control module detects high level or low level; Because host computer control module does not allow whole partition holdings are carried out read-write operation, therefore the most do not allow main process equipment that whole partition holdings are carried out read-write operation.
2) example two
The value of supposing M is 5, and the value of M ' is 3, and Figure 16 is the pin set-up mode synoptic diagram on the USB socket in the example two of the present invention.
Figure 17 is the composition structural representation of the level sensitive circuit in the host computer control module in the example two of the present invention; Can find out; The acquiescence level value that access control detects pin 1, access control detection pin 3 and access control detection pin 5 is a low level; Have only when the USB memory device provides high level for these 3 access control detect pin, the level value that just can detect these 3 access control detection pins is a high level; Access control detection pin 2 is a high level with the acquiescence level value that access control detects pin 4, has only when the USB memory device provides low level for these 2 access control detect pins, and the level value that just can detect these 2 access control detection pins is a low level.Because each access control detects pin 2 kinds of possible level values are arranged all, 5 access control detect pin and have 2 so
5Plant possible level value, promptly have 32 kinds of level values combinations.
In this example; Suppose that the level value that detects 5 access control detection pins when host computer control module is followed successively by high level, high level, high level, high level, high level; Perhaps when high level, high level, low level, low level, low level, allow whole partition holdings are carried out read-write operation; When the level value that detects 5 access control detection pins is followed successively by high level, low level, high level, high level, high level; Perhaps when high level, low level, low level, low level, low level; Permission is carried out read operation to whole partition holdings, does not allow to carry out write operation; When the level value that detects 5 access control detection pins is followed successively by low level, high level, high level, high level, high level; Perhaps when low level, high level, low level, low level, low level; Permission is carried out write operation to whole partition holdings, does not allow to carry out read operation; When detected level value is combined as other 26 kinds combinations outside above-mentioned 6 kinds, do not allow whole partition holdings are carried out read-write operation.
In addition, the value of supposing N is 3, and the value of N ' is 5, the pin set-up mode synoptic diagram on the USB plug in Figure 18 example two of the present invention.
The composition structural representation of the level sensitive circuit in the USB control module in Figure 19 example two of the present invention; Can find out; It is low level with the acquiescence level value that access control detects pin 3 that access control detects pin 1; Have only when main process equipment provides high level for these 2 access control detect pin, the level value that just can detect these 2 access control detection pins is a high level; The acquiescence level value that access control detects pin 2 is a high level, has only when main process equipment provides low level for this access control detects pin, and the level value that just can detect this access control detection pin is a low level.Because each access control detects pin 2 kinds of possible level values are arranged all, 3 access control detect pin and have 2 so
3Plant possible level value, promptly have 8 kinds of level values combinations.
Have again, suppose to comprise in the USB memory module partition holding 1, partition holding 2, partition holding 3 and partition holding 4 totally 4 subregions.
In this example, suppose when the USB control module detects level value that 3 access control detect pins and is followed successively by high level, high level, high level, to allow whole partition holdings are carried out read-write operation; When the level value that detects 3 access control detection pins is followed successively by high level, high level, low level, only allow partition holding 1, partition holding 2, partition holding 3 and partition holding 4 are carried out write operation; When the level value that detects 3 access control detection pins is followed successively by high level, low level, high level; Permission is carried out read-write operation to partition holding 1; Only allow partition holding 2 is carried out read operation; Only allow partition holding 3 is carried out write operation, do not allow partition holding 4 is carried out read-write operation; When the level value that detects 3 access control detection pins is followed successively by high level, low level, low level, allow partition holding 1 and partition holding 2 are carried out read-write operation, only allow partition holding 3 and partition holding 4 are carried out read operation; When the level value that detects 3 access control detection pins is followed successively by low level, high level, high level, allow partition holding 1 and partition holding 2 are carried out read-write operation, only allow partition holding 3 and partition holding 4 are carried out write operation; When the level value that detects 3 access control detection pins is followed successively by low level, high level, low level, allow partition holding 1 is carried out read-write operation, only allow partition holding 2, partition holding 3 and partition holding 4 are carried out read operation; When the level value that detects 3 access control detection pins is followed successively by low level, low level, high level, allow partition holding 1 is carried out read-write operation, do not allow partition holding 2, partition holding 3 and partition holding 4 are carried out read-write operation; When the level value that detects 3 access control detection pins is followed successively by low level, low level, low level, do not allow whole partition holdings are carried out read-write operation.
When main process equipment with after the USB memory device links to each other, host computer control module detects the level value that 5 access control on the USB socket detect pins, the USB control module detects the level value that 3 access control on the USB plug detect pins.Because host computer control module can detect 32 kinds of level value combinations, the USB control module can detect 8 kinds of level value combinations, and therefore comprehensively both testing results will have the combination of 32 * 8=256 kind level value.
Like this; The level value that detects 5 access control detection pins on the USB socket when host computer control module is followed successively by high level, high level, high level, high level, high level; And when the USB control module detects level value that 3 access control on the USB plug detect pins and is followed successively by high level, high level, high level, allow main process equipment that whole 4 partition holdings are carried out read-write operation.
The level value that detects 5 access control detection pins on the USB socket when host computer control module is followed successively by high level, high level, high level, high level, high level; And when the USB control module detects level value that 3 access control on the USB plug detect pins and is followed successively by high level, low level, high level; Allow main process equipment that partition holding 1 is carried out read-write operation; Allow main process equipment that partition holding 2 is carried out read operation; Do not allow main process equipment that partition holding 2 is carried out write operation; Allow main process equipment that partition holding 3 is carried out write operation, do not allow main process equipment that partition holding 3 is carried out read operation, do not allow main process equipment that partition holding 4 is carried out read-write operation.
The level value that detects 5 access control detection pins on the USB socket when host computer control module is followed successively by high level, high level, low level, low level, low level; And when the USB control module detects level value that 3 access control on the USB plug detect pins and is followed successively by high level, low level, low level; Allow main process equipment that partition holding 1 and partition holding 2 are carried out read-write operation; Allow main process equipment that partition holding 3 and partition holding 4 are carried out read operation, do not allow main process equipment that partition holding 3 and partition holding 4 are carried out write operation.
The level value that detects 5 access control detection pins on the USB socket when host computer control module is followed successively by high level, high level, high level, high level, high level; And when the USB control module detects level value that 3 access control on the USB plug detect pins and is followed successively by low level, high level, high level; Allow main process equipment that partition holding 1 and partition holding 2 are carried out read-write operation; Allow main process equipment that partition holding 3 and partition holding 4 are carried out write operation, do not allow main process equipment that partition holding 3 and partition holding 4 are carried out read operation.
The level value that detects 5 access control detection pins on the USB socket when host computer control module is followed successively by high level, high level, low level, low level, low level; And when the USB control module detects level value that 3 access control on the USB plug detect pins and is followed successively by low level, high level, low level; Allow main process equipment that partition holding 1 is carried out read-write operation; Allow main process equipment that partition holding 2, partition holding 3 and partition holding 4 are carried out read operation, do not allow main process equipment that partition holding 2, partition holding 3 and partition holding 4 are carried out write operation.
The level value that detects 5 access control detection pins on the USB socket when host computer control module is followed successively by high level, high level, high level, high level, high level; And when the USB control module detects level value that 3 access control on the USB plug detect pins and is followed successively by low level, low level, high level; Allow main process equipment that partition holding 1 is carried out read-write operation, do not allow main process equipment that partition holding 2, partition holding 3 and partition holding 4 are carried out read-write operation.
The level value that detects 5 access control detection pins on the USB socket when host computer control module is followed successively by high level, low level, high level, high level, high level; And when the USB control module detects level value that 3 access control on the USB plug detect pins and is followed successively by high level, high level, high level; Allow main process equipment that partition holding 1, partition holding 2, partition holding 3 and partition holding 4 are carried out read operation, do not allow main process equipment that partition holding 1, partition holding 2, partition holding 3 and partition holding 4 are carried out write operation.
The level value that detects 5 access control detection pins on the USB socket when host computer control module is followed successively by high level, high level, low level, low level, low level; And when the USB control module detects level value that 3 access control on the USB plug detect pins and is followed successively by low level, low level, low level, do not allow main process equipment that whole 4 partition holdings are carried out read-write operation.
When host computer control module detected 5 access control on the USB socket and detects the level value of pins and level value that 3 access control on the detected USB plug of USB control module detect pins and be other 248 kinds combinations beyond above-mentioned 8 kinds of combinations, the access control policy that possibly take was enumerated no longer one by one.
Be example with the A type interface in USB 2.0 standards only below, in practical application, each class interface in USB 1.0 standards, USB 2.0 standards and USB 3.0 standards all can adopt scheme according to the invention.
The above is merely preferred embodiment of the present invention, and is in order to restriction the present invention, not all within spirit of the present invention and principle, any modification of being made, is equal to replacement, improvement etc., all should be included within the scope that the present invention protects.
Claims (13)
1. the access control system of a general-purpose serial bus USB memory device is characterized in that, comprising: main process equipment and USB memory device;
Wherein, said main process equipment comprises: USB socket, host computer control module and host stores module, said USB socket are provided with access control and detect pin;
Said USB memory device comprises: USB plug, USB control module and USB memory module, said USB plug are provided with access control and detect pin;
Said USB memory device links to each other with said USB socket through said USB plug with said main process equipment;
Said host computer control module detects the access control signal of the access control detection pin on the said USB socket; According to testing result said USB memory device is carried out authentication; Said USB control module detects the access control signal of the access control detection pin on the said USB plug; According to testing result said main process equipment is carried out authentication,, then allow said main process equipment that said USB memory module is conducted interviews if the equal authentication of both sides is passed through; If any side's authentication is not passed through, then do not allow to conduct interviews.
2. system according to claim 1 is characterized in that,
Further be provided with the access control signal pins on the said USB socket, the access control detection pin that is used on the said USB plug provides the access control signal;
Further be provided with the access control signal pins on the said USB plug, the access control detection pin that is used on the said USB socket provides the access control signal.
3. system according to claim 2 is characterized in that,
Access control on the said USB socket detects arbitrary plane that pin is positioned at other pin place that is provided with on the said USB socket;
Access control signal pins on the said USB socket is positioned at arbitrary plane at other pin place that is provided with on the said USB socket;
Access control on the said USB plug detects arbitrary plane that pin is positioned at other pin place that is provided with on the said USB plug;
Access control signal pins on the said USB plug is positioned at arbitrary plane at other pin place that is provided with on the said USB plug.
4. system according to claim 2 is characterized in that,
The consistent size of other pin that is provided with on the size of the access control detection pin on the said USB socket and the said USB socket or inconsistent;
The consistent size of other pin that is provided with on the size of the access control signal pins on the said USB socket and the said USB socket or inconsistent;
The consistent size of other pin that is provided with on the size of the access control detection pin on the said USB plug and the said USB plug or inconsistent;
The consistent size of other pin that is provided with on the size of the access control signal pins on the said USB plug and the said USB plug or inconsistent.
5. system according to claim 2 is characterized in that,
The position that access control on the said USB socket detects pin comprises: between any two adjacent leads, any one only with an other side of pin that pin is adjacent, and the front end of said USB socket away from this adjacent pin;
The position of the access control signal pins on the said USB socket comprises: between any two adjacent leads, any one only with an other side of pin that pin is adjacent, and the front end of said USB socket away from this adjacent pin;
The position that access control on the said USB plug detects pin comprises: between any two adjacent leads, any one only with an other side of pin that pin is adjacent, and the front end of said USB plug away from this adjacent pin;
The position of the access control signal pins on the said USB plug comprises: between any two adjacent leads, any one only with an other side of pin that pin is adjacent, and the front end of said USB plug away from this adjacent pin.
6. according to claim 2,3 or 5 described systems, it is characterized in that,
The number that access control on the said USB socket detects pin is M, and said M is a positive integer;
The number of the access control signal pins on the said USB socket is M ', and said M ' is a positive integer;
The number that access control on the said USB plug detects pin is N, and said N is a positive integer;
The number of the access control signal pins on the said USB plug is N ', and said N ' is a positive integer.
7. system according to claim 1 is characterized in that, comprises in the said host computer control module: level sensitive circuit and control module; Comprise resistance and lead in the said level sensitive circuit;
The access control that one end of said lead connects on the said USB socket detects pin, and the other end connects said control module, an end ground connection of said resistance, and the other end is connected between the two ends of said lead;
Perhaps, the access control that an end of said lead connects on the said USB socket detects pin, and the other end connects said control module, a termination high level of said resistance, and the other end is connected between the two ends of said lead;
Said control module detects the access control signal of the access control detection pin on the said USB socket through said level sensitive circuit.
8. system according to claim 1 is characterized in that, comprises in the said USB control module: level sensitive circuit and control module; Comprise resistance and lead in the said level sensitive circuit;
The access control that one end of said lead connects on the said USB plug detects pin, and the other end connects said control module, an end ground connection of said resistance, and the other end is connected between the two ends of said lead;
Perhaps, the access control that an end of said lead connects on the said USB plug detects pin, and the other end connects said control module, a termination high level of said resistance, and the other end is connected between the two ends of said lead;
Said control module detects the access control signal of the access control detection pin on the said USB plug through said level sensitive circuit.
9. according to claim 2,3 or 5 described systems, it is characterized in that comprise X partition holding in the said USB memory module, said X is a positive integer;
To each partition holding, implement in the following access control policy any one respectively:
Allow said main process equipment that it is carried out read-write operation;
Allow said main process equipment that it is carried out read operation, do not allow to carry out write operation;
Allow said main process equipment that it is carried out write operation, do not allow to carry out read operation;
Neither allow said main process equipment that it is carried out read operation, also do not allow to carry out write operation.
10. the access control method of a general-purpose serial bus USB memory device is characterized in that, comprising:
Access control is set respectively on the USB plug of the USB socket of main process equipment and USB memory device detects pin, and said USB socket is linked to each other with said USB plug;
Said main process equipment comes said USB memory device is carried out authentication according to the access control signal that the access control on the said USB socket detects pin, and said USB memory device comes said main process equipment is carried out authentication according to the access control signal that the access control on the said USB plug detects pin;
If the equal authentication of both sides is passed through, then allow said main process equipment that the USB memory module in the said USB memory device is conducted interviews, if any side's authentication is not passed through, then do not allow to conduct interviews.
11. method according to claim 10 is characterized in that, this method further comprises:
The access control signal pins is set on said USB socket, and utilizing said access control signal pins is that access control on the said USB plug detects pin the access control signal is provided;
The access control signal pins is set on said USB plug, and utilizing access control signal pins on the said USB plug is that access control on the said USB socket detects pin the access control signal is provided.
12. the method according to claim 11 is stated is characterized in that,
The number that access control on the said USB socket detects pin is M, and said M is a positive integer;
The number of the access control signal pins on the said USB socket is M ', and said M ' is a positive integer;
The number that access control on the said USB plug detects pin is N, and said N is a positive integer;
The number of the access control signal pins on the said USB plug is N ', and said N ' is a positive integer.
13., it is characterized in that comprise X partition holding in the said USB memory module, said X is a positive integer according to claim 10,11 or 12 described methods;
To each partition holding, implement in the following access control policy any one respectively:
Allow said main process equipment that it is carried out read-write operation;
Allow said main process equipment that it is carried out read operation, do not allow to carry out write operation;
Allow said main process equipment that it is carried out write operation, do not allow to carry out read operation;
Neither allow said main process equipment that it is carried out read operation, also do not allow to carry out write operation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110097854.2A CN102750230B (en) | 2011-04-19 | 2011-04-19 | Access control system and method of universal serial bus (USB) storage equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110097854.2A CN102750230B (en) | 2011-04-19 | 2011-04-19 | Access control system and method of universal serial bus (USB) storage equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102750230A true CN102750230A (en) | 2012-10-24 |
CN102750230B CN102750230B (en) | 2014-11-12 |
Family
ID=47030437
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201110097854.2A Expired - Fee Related CN102750230B (en) | 2011-04-19 | 2011-04-19 | Access control system and method of universal serial bus (USB) storage equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102750230B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104361277A (en) * | 2014-10-22 | 2015-02-18 | 成都卫士通信息产业股份有限公司 | Identity authentication module and method for USB interface equipment |
CN106330950A (en) * | 2016-09-17 | 2017-01-11 | 上海林果实业股份有限公司 | Method and system for accessing encrypted information, and adapter |
CN108521639A (en) * | 2018-06-16 | 2018-09-11 | 刘至键 | A kind of communication device of intelligence networking connection automobile |
CN113075978A (en) * | 2021-03-26 | 2021-07-06 | 山东英信计算机技术有限公司 | Fan module hot plug timing sequence regulation and control device, method and server |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050120222A1 (en) * | 2003-11-27 | 2005-06-02 | Yoshio Mitsuoka | Access control apparatus and access control method |
CN101030175A (en) * | 2006-02-28 | 2007-09-05 | 国际商业机器公司 | Universal serial bus storage device and access control method thereof |
-
2011
- 2011-04-19 CN CN201110097854.2A patent/CN102750230B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050120222A1 (en) * | 2003-11-27 | 2005-06-02 | Yoshio Mitsuoka | Access control apparatus and access control method |
CN101030175A (en) * | 2006-02-28 | 2007-09-05 | 国际商业机器公司 | Universal serial bus storage device and access control method thereof |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104361277A (en) * | 2014-10-22 | 2015-02-18 | 成都卫士通信息产业股份有限公司 | Identity authentication module and method for USB interface equipment |
CN106330950A (en) * | 2016-09-17 | 2017-01-11 | 上海林果实业股份有限公司 | Method and system for accessing encrypted information, and adapter |
CN106330950B (en) * | 2016-09-17 | 2021-06-25 | 上海林果实业股份有限公司 | Encrypted information access method, system and adapter |
CN108521639A (en) * | 2018-06-16 | 2018-09-11 | 刘至键 | A kind of communication device of intelligence networking connection automobile |
CN108521639B (en) * | 2018-06-16 | 2024-01-02 | 刘至键 | Communication device of intelligent networking allies oneself with car |
CN113075978A (en) * | 2021-03-26 | 2021-07-06 | 山东英信计算机技术有限公司 | Fan module hot plug timing sequence regulation and control device, method and server |
Also Published As
Publication number | Publication date |
---|---|
CN102750230B (en) | 2014-11-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2589206B1 (en) | Detection of cable connections for electronic devices | |
US7673092B2 (en) | PCI Express interface | |
US8533380B2 (en) | Apparatus for peer-to-peer communication over a universal serial bus link | |
EP2677439A2 (en) | Active cable management | |
CN103237189A (en) | Electronic equipment, MHL (mobile high-definition link) connector, MHL system and connector detection method | |
CN102750230B (en) | Access control system and method of universal serial bus (USB) storage equipment | |
US9229836B2 (en) | Coexisting standard and proprietary connection usage | |
CN112799985B (en) | USB interface control method, USB control circuit and intelligent networking equipment mainboard | |
US8351178B2 (en) | Electronic system with secured data accessing | |
CN102722430B (en) | Method and device for detecting hot plug of secure digital card | |
CN104268042A (en) | Design method for detecting server memory signal | |
CN105004957A (en) | SD card test method and test device | |
CN103201723A (en) | Memory configuration method and memory configuration management server | |
CN109147861A (en) | A kind of hard disk is in level detecting apparatus and method | |
CN103366830A (en) | Testing device of memory card | |
US20170026843A1 (en) | Prevention of covert access after successful completion of authentication process | |
CN102479301B (en) | Universal serial bus (USB) storage equipment and access control method thereof | |
US11334506B2 (en) | Interface connection device, system and method thereof | |
CN205123779U (en) | Support card to carry USB storage device's network security isolating device | |
CN104123257A (en) | Universal serial bus devices, communication method, and computer readable storage medium | |
EP3196769A1 (en) | Reader/writer device, information processing device, data transfer control method, and program | |
CN105760325A (en) | System and method for supporting hot swapping of USB (universal serial bus) storage device under DOS (disk operating system) | |
CN202796068U (en) | Hard disk expansion interface device | |
CN101430637B (en) | Apparatus capable of detecting independent redundancy magnetic disk array initialization | |
CN103365811A (en) | Electronic apparatus and host determination method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20141112 Termination date: 20200419 |
|
CF01 | Termination of patent right due to non-payment of annual fee |