CN107194289A - A kind of USB interface permission control device and authority control method - Google Patents
A kind of USB interface permission control device and authority control method Download PDFInfo
- Publication number
- CN107194289A CN107194289A CN201710197819.5A CN201710197819A CN107194289A CN 107194289 A CN107194289 A CN 107194289A CN 201710197819 A CN201710197819 A CN 201710197819A CN 107194289 A CN107194289 A CN 107194289A
- Authority
- CN
- China
- Prior art keywords
- usb
- analogue quantity
- select
- quantity switch
- switch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Systems (AREA)
Abstract
The present invention provides a kind of hardware based USB interface permission control device and hardware based USB interface authority control method, pass through hardware based USB interface control of authority technology proposed by the present invention, the type for the USB device for inserting computer can be detected, and realize the access control function to different type equipment.The type of USB device judges to realize by hardware completely with access control, with higher security.Simultaneously without being modified to operating system, any computer platform can be readily integrated into.
Description
Technical field
The present invention relates to data security arts, more particularly to a kind of hardware based USB interface permission control device and power
Limit control method.
Background technology
USB interface is one of most common interface of computer equipment, can be used for connection key mouse, USB flash disk, mobile hard disk, light
The equipment such as drive, printer, network interface card.In the industry required to security work, it will usually which the function to USB interface is limited,
Only allow to connect specific equipment, to prevent the leakage of significant data.The access control of traditional USB interface is in operation system
What system aspect was realized, the type of USB device is obtained by driver, and the equipment prohibitted the use of is prohibited in software view
The processing only accessed.The cost which is realized is very low, but is due to be realized completely in software view, and appearance is easily modified to be cracked,
So as to access unauthorized equipment.
The content of the invention
In order to solve the above technical problems, the present invention proposes one kind independent of operating system, USB is realized by independent hardware
The technology of interface authority control:
In a first aspect, the present invention provides a kind of hardware based USB interface permission control device, including one or more 2
Select 1 analogue quantity switch, N to select 1 analogue quantity switch, USB Type identification circuit, TCM, wherein 2 select the fixing end of 1 analogue quantity switch with
USB interface is connected, and 2 select bridge piece and N of the switch terminal of 1 analogue quantity switch respectively with computer equipment to select 1 analogue quantity switch
Switch terminal is connected, and the other end of the bridge piece of computer equipment and the CPU connections of computer equipment, N select the fixation of 1 analogue quantity switch
End is connected with USB Type identification circuit, and USB Type identification circuit is connected with TCM, and TCM produces control signal, for controlling 2 to select 1
The switch terminal of analogue quantity switch is switched between the bridge piece and N of computer equipment select 1 analogue quantity switch.
Further, in computer equipment after electricity, all 2, which select 1 analogue quantity switch to be all connected to N, selects 1 analogue quantity switch,
All USB ports all select 1 analogue quantity switch, N to select 1 analogue quantity switch to be connected to USB device type identification circuit through 2, do not allow
Operating system conducts interviews.
Further, after insertion USB device, USB Type identification circuit is detected to the type of USB device, is passed through
The essential information of the USB device of insertion is read, and judges device type, device type is sent into TCM chips is judged,
TCM parts judge whether the equipment of the type allows access, if it is allowed, then sending control signal, 1 is selected by the 2 of corresponding interface
Analogue quantity switch is adjusted to be connected to bridge piece, it is allowed to which operating system conducts interviews.
Further, after USB device is using extraction is finished, TCM selects 21 analogue quantity switch to be switched to N and selects 1 analog quantity
Switch, selects 1 analogue quantity switch to be connected with USB device type identification circuit through N, waits the insertion of next equipment.
Further, 2 select the quantity of 1 analogue quantity switch identical with the USB interface quantity of computer equipment.
Further, USB device type identification circuit uses the chip microcontroller with USB HOST interfaces, by reading
The essential information of the USB device of insertion judges device type, and the device type judged is sent to TCM.
Further, the insertion of USB device, extract detection by detecting electric current that USB 5V power or by detecting USB
Equipment D+/D- pull-up resistor is realized.
Second aspect, the present invention provides a kind of hardware based USB interface authority control method, comprises the following steps:
SS1:In computer equipment after electricity, all 2, which select 1 analogue quantity switch to be all connected to N, selects 1 analogue quantity switch, owns
USB port all select 1 analogue quantity switch, N to select 1 analogue quantity switch to be connected to USB device type identification circuit through 2, do not allow operation
System conducts interviews;
SS2:After insertion USB device, USB Type identification circuit is detected to the type of USB device, is inserted by reading
The essential information of the USB device entered, and judge device type, device type is sent into TCM chips is judged, TCM parts
Whether allow access, if it is allowed, then sending control signal, select 1 analog quantity to open by the 2 of corresponding interface if judging the equipment of the type
Pass is adjusted to be connected to bridge piece, it is allowed to which operating system conducts interviews;
SS3:After USB device is using extraction is finished, TCM selects 21 analogue quantity switch to be switched to N and selects 1 analogue quantity switch,
Select 1 analogue quantity switch to be connected with USB device type identification circuit through N, wait the insertion of next equipment.
Further, USB device type identification circuit uses the chip microcontroller with USB HOST interfaces, by reading
The essential information of the USB device of insertion, to judge device type, the device type judged is sent to TCM.
Further, the insertion of USB device, extract detection by detecting electric current that USB 5V power or by detecting USB
Equipment D+/D- pull-up resistor is realized.
, can be to the USB device of insertion computer by the hardware port control technology for USB interface of the present invention
Type is detected, and realizes the access control function to different type equipment.
Brief description of the drawings
Fig. 1 shows the structured flowchart of hardware based USB interface permission control device of the invention.
Fig. 2 shows the flow chart of hardware based USB interface authority control method of the invention.
Embodiment
Technical scheme is further illustrated below in conjunction with Figure of description and specific embodiment.It should be appreciated that this
The specific embodiment of place description is not intended to limit the present invention only to explain the present invention.
Fig. 1 shows the structured flowchart of hardware based USB interface permission control device of the invention.
As shown in figure 1, hardware based USB interface permission control device selects 1 analogue quantity switch, N including one or more 2
Select 1 analogue quantity switch, USB Type identification circuit, TCM (credible password module, Trust Cryptography Module), 2 choosings
The fixing end of 1 analogue quantity switch is connected with USB interface, and 2 select the bridge of the switch terminal of 1 analogue quantity switch respectively with computer equipment
Piece and N select the switch terminal of 1 analogue quantity switch to connect, the other end of the bridge piece of computer equipment and the CPU connections of computer equipment,
N selects the fixing end of 1 analogue quantity switch to be connected with USB Type identification circuit, and USB Type identification circuit is connected with TCM, and TCM is produced
Control signal, for controlling 2 to select the switch terminal of 1 analogue quantity switch between the bridge piece and N of computer equipment select 1 analogue quantity switch
Switch over.
According to one embodiment of the invention, in computer equipment after electricity, all 2 select 1 analogue quantity switch to be all connected to N choosings
1 analogue quantity switch, all USB ports all select 1 analogue quantity switch, N to select 1 analogue quantity switch to be connected to USB device type identification through 2
Circuit, does not allow operating system to conduct interviews.
According to one embodiment of the invention, after insertion USB device, USB Type identification circuit enters to the type of USB device
Row detection, the essential information of the USB device by reading insertion, and judge device type, device type is sent to TCM chips
Judged, TCM parts judge whether the equipment of the type allows access, if it is allowed, then sending control signal, correspondence is connect
1 analogue quantity switch is selected to be adjusted to be connected to bridge piece in the 2 of mouth, it is allowed to which operating system conducts interviews.
According to one embodiment of the invention, after USB device is using extraction is finished, TCM selects 1 analogue quantity switch to switch by 2
Select 1 analogue quantity switch to select 1 analogue quantity switch to be connected with USB device type identification circuit through N to N, wait inserting for next equipment
Enter.
The quantity of 1 analogue quantity switch and the USB interface quantity phase of computer equipment are selected according to one embodiment of the invention, 2
Together.
According to one embodiment of the invention, USB device type identification circuit uses the single-chip microcomputer with USB HOST interfaces
Realize, the essential information of the USB device by reading insertion, to judge device type, the device type judged is sent to
TCM。
According to one embodiment of the invention, insertion, the extraction detection of USB device can be by detecting the electricity that USB SV power
Stream is realized by detecting USB device D+/D- pull-up resistor.
Fig. 2 shows hardware based USB interface authority control method flow chart of the invention, for realize above based on hard
The control flow of the USB interface permission control device of part.
As shown in figure 1, hardware based USB interface authority control method includes:
SS1:In computer equipment after electricity, all 2, which select 1 analogue quantity switch to be all connected to N, selects 1 analogue quantity switch, owns
USB port all select 1 analogue quantity switch, N to select 1 analogue quantity switch to be connected to USB device type identification circuit through 2, do not allow operation
System conducts interviews;
SS2:After insertion USB device, USB Type identification circuit is detected to the type of USB device, is inserted by reading
The essential information of the USB device entered, and judge device type, device type is sent into TCM chips is judged, TCM parts
Whether allow access, if it is allowed, then sending control signal, select 1 analog quantity to open by the 2 of corresponding interface if judging the equipment of the type
Pass is adjusted to be connected to bridge piece, it is allowed to which operating system conducts interviews.
According to one embodiment of the invention, in addition to step SS3:After USB device is using extraction is finished, TCM selects 1 by 2
Analogue quantity switch is switched to N and selects 1 analogue quantity switch, selects 1 analogue quantity switch to be connected with USB device type identification circuit through N, waits
The insertion of next equipment.
The quantity of 1 analogue quantity switch and the USB interface quantity phase of computer equipment are selected according to one embodiment of the invention, 2
Together.
According to one embodiment of the invention, USB device type identification circuit uses the single-chip microcomputer with USB HOST interfaces
Realize, the essential information of the USB device by reading insertion, to judge device type, the device type judged is sent to
TCM。
According to one embodiment of the invention, insertion, the extraction detection of USB device can be by detecting the electricity that USB 5V power
Stream is realized by detecting USB device D+/D- pull-up resistor.
Hardware based USB interface control of authority technology proposed by the present invention, for the USB device to inserting computer
Type is detected, and realizes the access control function to different type equipment.The type of USB device judges complete with access control
Realized full by hardware, with higher security.Simultaneously without being modified to operating system, it can be readily integrated into and appoint
What computer platform.
Whole system, without being modified to operating system, can be readily integrated into any meter completely by hardware controls
Calculate machine platform.It can prevent USB interface authority control system from being changed to crack simultaneously.
Although in terms of having been described for some in the context of device, it is apparent that these aspects also illustrate that corresponding method
Description, wherein block or apparatus and method for step or the feature of method and step be corresponding.Similarly, in the context of method and step
Described in each side also illustrate that the description of corresponding piece or project or the feature of corresponding intrument.(or use) can be passed through
Hardware unit such as microprocessor, programmable calculator or electronic circuit etc is some or all of in method and step to perform.
Can be performed by such device in most important method and step some or it is multiple.
The realization can using hardware or using software or can use for example floppy disk, DVD, blue light, CD, ROM,
PROM, EPROM, EEPROM's or flash memory etc there is the stored digital for being stored in electronically readable control signal thereon to be situated between
Matter is performed, and the electronically readable control signal coordinates (or with it can coordinate) to perform with programmable computer system
Corresponding method.The data medium with electronically readable control signal can be provided, the electronically readable control signal can be with
Programmable computer system coordinates to perform approach described herein.
The realization can also use the form of the computer program product with program code, work as computer program product
When running on computers, program code is operated to perform this method.Can in machine-readable carrier storage program generation
Code.
Described above be only it is illustrative, and it is to be understood that it is described herein arrangement and details modification and
Change will be apparent to those skilled in the art.It is therefore intended that only by scope of the following claims rather than by
The specific detail that is presented is limited above description and by way of explaining.
Claims (10)
1. a kind of hardware based USB interface permission control device, it is characterised in that select 1 analog quantity to open including one or more 2
Close, N selects 1 analogue quantity switch, USB Type identification circuit, TCM, wherein 2 select the fixing end of 1 analogue quantity switch to be connected with USB interface
Connect, 2 select the switch terminal of 1 analogue quantity switch to select the switch terminal of 1 analogue quantity switch to be connected with the bridge piece and N of computer equipment respectively,
The other end of the bridge piece of computer equipment and the CPU connections of computer equipment, N select the fixing end and USB Type of 1 analogue quantity switch
Identification circuit is connected, and USB Type identification circuit is connected with TCM, and TCM produces control signal, for controlling 2 to select 1 analogue quantity switch
Switch terminal switched between the bridge piece and N of computer equipment select 1 analogue quantity switch.
2. hardware based USB interface permission control device according to claim 1, it is characterised in that computer equipment
After upper electricity, all 2, which select 1 analogue quantity switch to be all connected to N, selects 1 analogue quantity switch, and all USB ports all select 1 analog quantity to open through 2
Close, N selects 1 analogue quantity switch to be connected to USB device type identification circuit, does not allow operating system to conduct interviews.
3. hardware based USB interface permission control device according to claim 1, it is characterised in that set in insertion USB
After standby, USB Type identification circuit is detected to the type of USB device, the essential information of the USB device by reading insertion,
And judging device type, device type is sent into TCM chips is judged, TCM parts judge whether the equipment of the type permits
Perhaps access, if it is allowed, then sending control signal, select 1 analogue quantity switch to be adjusted to be connected to bridge piece by the 2 of corresponding interface, permit
Perhaps operating system conducts interviews.
4. hardware based USB interface permission control device according to claim 1, it is characterised in that make in USB device
With finishing after extraction, TCM selects 21 analogue quantity switch to be switched to N and selects 1 analogue quantity switch, select 1 analogue quantity switch to be set with USB through N
Standby type identification circuit connection, waits the insertion of next equipment.
5. hardware based USB interface permission control device according to claim 1, it is characterised in that 2 select 1 analog quantity
The quantity of switch is identical with the USB interface quantity of computer equipment.
6. hardware based USB interface permission control device according to claim 1, it is characterised in that USB device type
Identification circuit uses the chip microcontroller with USB HOST interfaces, is sentenced by reading the essential information of the USB device inserted
Disconnected device type, the device type judged is sent to TCM.
7. hardware based USB interface permission control device according to claim 1, it is characterised in that USB device is inserted
Enter, extract detection by detecting electric current that USB 5V power or being realized by detecting USB device D+/D- pull-up resistor.
8. a kind of hardware based USB interface authority control method, it is characterised in that comprise the following steps:
SS1:In computer equipment after electricity, all 2, which select 1 analogue quantity switch to be all connected to N, selects 1 analogue quantity switch, all USB
Mouth all selects 1 analogue quantity switch, N to select 1 analogue quantity switch to be connected to USB device type identification circuit through 2, does not allow operating system to enter
Row is accessed;
SS2:After insertion USB device, USB Type identification circuit is detected to the type of USB device, by reading insertion
The essential information of USB device, and judge device type, device type is sent into TCM chips is judged, TCM parts judge
Whether the equipment of the type allows access, if it is allowed, then sending control signal, selects 1 analogue quantity switch to adjust by the 2 of corresponding interface
Whole is to be connected to bridge piece, it is allowed to which operating system conducts interviews;
SS3:After USB device is using extraction is finished, TCM selects 21 analogue quantity switch to be switched to N and selects 1 analogue quantity switch, selected through N
1 analogue quantity switch is connected with USB device type identification circuit, waits the insertion of next equipment.
9. hardware based USB interface authority control method according to claim 8, it is characterised in that USB device type
Identification circuit uses the chip microcontroller with USB HOST interfaces, the essential information of the USB device by reading insertion, to sentence
Disconnected device type, the device type judged is sent to TCM.
10. hardware based USB interface authority control method according to claim 8, it is characterised in that USB device
Insertion, detection is extracted by detecting electric current that USB SV power or being realized by detecting USB device D+/D- pull-up resistor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710197819.5A CN107194289A (en) | 2017-03-29 | 2017-03-29 | A kind of USB interface permission control device and authority control method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710197819.5A CN107194289A (en) | 2017-03-29 | 2017-03-29 | A kind of USB interface permission control device and authority control method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107194289A true CN107194289A (en) | 2017-09-22 |
Family
ID=59870949
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710197819.5A Pending CN107194289A (en) | 2017-03-29 | 2017-03-29 | A kind of USB interface permission control device and authority control method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107194289A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109409142A (en) * | 2018-09-30 | 2019-03-01 | 联想(北京)有限公司 | A kind of processing method and electronic equipment |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080005414A1 (en) * | 2006-05-05 | 2008-01-03 | Dell Products L.P. | Method, system and apparatus to allow users to remotely mount USB devices and access KVM through a server interface Pod (SIP) |
CN102542192A (en) * | 2011-01-04 | 2012-07-04 | 联想(北京)有限公司 | Method and device for carrying out selective starting on USB (Universal Serial Bus) device, and computer terminal |
CN104978302A (en) * | 2015-06-24 | 2015-10-14 | 山东超越数控电子有限公司 | TCM chip based intelligent security USB interface control method |
-
2017
- 2017-03-29 CN CN201710197819.5A patent/CN107194289A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080005414A1 (en) * | 2006-05-05 | 2008-01-03 | Dell Products L.P. | Method, system and apparatus to allow users to remotely mount USB devices and access KVM through a server interface Pod (SIP) |
CN102542192A (en) * | 2011-01-04 | 2012-07-04 | 联想(北京)有限公司 | Method and device for carrying out selective starting on USB (Universal Serial Bus) device, and computer terminal |
CN104978302A (en) * | 2015-06-24 | 2015-10-14 | 山东超越数控电子有限公司 | TCM chip based intelligent security USB interface control method |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109409142A (en) * | 2018-09-30 | 2019-03-01 | 联想(北京)有限公司 | A kind of processing method and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8549317B2 (en) | Authentication method, authentication apparatus and authentication program storage medium | |
CN100476989C (en) | Portable data storage device | |
US7454783B2 (en) | System, method, and apparatus for automatic login | |
CN115485708A (en) | Accurate images in graphical user interfaces to enable data transfer | |
US7447895B2 (en) | BIOS locking device, computer system with a BIOS locking device and control method thereof | |
CN101751524B (en) | Device, method and computer for management of computer external equipment | |
US20060102716A1 (en) | PCMCIA-complaint Smart Card Secured Memory Assembly For Porting User Profiles and Documents | |
JP2017510909A (en) | Fingerprint authentication method, apparatus, intelligent terminal, and computer storage medium | |
CN103218180A (en) | Disk positioning method and device | |
CN101894226B (en) | Biometric authentication unit and biometric authentication method | |
CN107943260A (en) | Semiconductor equipment, the method and semiconductor system for controlling semiconductor equipment | |
US20080126810A1 (en) | Data protection method for optical storage media/device | |
TW202040385A (en) | System for using device identification to identify via telecommunication server and method thereof | |
CN100349085C (en) | Portable computer | |
CN103810440B (en) | Access system and method | |
CN107194289A (en) | A kind of USB interface permission control device and authority control method | |
JP3135932U (en) | Portable storage device with fingerprint identification function | |
US8739277B2 (en) | Process for releasing the access to a computer system or to a program | |
CN100421047C (en) | Biological signal input device, computer system with said device and its control method | |
CN109214144B (en) | IP soft core property protection and infringement identification method based on USB3.2 protocol TS2 training sequence | |
CN105871840A (en) | Certificate management method and system | |
CN111062063B (en) | System and method for controlling access of mobile storage equipment based on power supply strategy | |
TWI698823B (en) | System for verifying user identity when processing digital signature and method thereof | |
US9047457B2 (en) | Portable electronic entity, host station and associated method | |
CN101211386A (en) | Protection mode switch method and protection system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170922 |