CN2753062Y - Safe isolating and monitoring information terminal - Google Patents
Safe isolating and monitoring information terminal Download PDFInfo
- Publication number
- CN2753062Y CN2753062Y CN 200420091557 CN200420091557U CN2753062Y CN 2753062 Y CN2753062 Y CN 2753062Y CN 200420091557 CN200420091557 CN 200420091557 CN 200420091557 U CN200420091557 U CN 200420091557U CN 2753062 Y CN2753062 Y CN 2753062Y
- Authority
- CN
- China
- Prior art keywords
- subsystem
- jtag
- information
- microcontroller
- isolated
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The utility model relates to a secure isolating and monitoring information terminal which is composed of a secure isolating and monitoring subsystem, an information processing subsystem, an information storing subsystem, an information transfer subsystem, a user identity authentication detector, a peripheral input-output interface, a keyboard, a touch screen pen writing input part, a display, a microphone, an audio input part, an audio output part, a loudspeaker and a camera input part. Each component can be an autonomous subsystem. The switching network of the secure isolating and monitoring subsystem is connected with each component, or/ and the secure isolating and monitoring subsystem is respectively connected with each component into one or a plurality of JTAG daisy chains. The JTAG daisy chains are connected with or disconnected and isolated from each other physically. Thus, the information terminal which satisfies various security levels can be dynamically restructured to go into each autonomous subsystem and to isolate a controller thereof. Thus, the function of the controller can be independently performed. The operation of the autonomous subsystems can be monitored in real time, and black box data can be formed to be used for the security audit trail. By the utility model, a large number of rich convenient apparatuses, module components, devices and pieces of software with a poor information security capability, a poor network isolation capability, a poor port isolation capability and a poor storage isolation capability can be used in information security services to realize network isolation, port isolation, storage isolation, equipment isolation and user isolation control and monitoring.
Description
Technical field
The utility model relates to information security and maintains secrecy, information processing and transmission (communication), is that a kind of safety is isolated and the monitor message terminal.
Background technology
Information can be divided into public information and nonpublic information, and computer and communication network can be divided into Intranet and outer net.Intranet can be divided into classified network and non-classified network, and classified network can be divided into the net of different security level again.Outer net mainly refers to Internet (Internet), and Internet covers the whole world, towards masses.Because the opening of Internet, make that the equipment with Internet UNICOM suffers security attack and reveal information easily, when comprising that the information terminal crossed with Intranet UNICOM is again with outer net UNICOM, cause Intranet information remaining in the information terminal to be revealed.The profuse information resources of Internet make with the demand of Internet UNICOM very strong.Therefore isolate between net is the information security and the important aspect of maintaining secrecy.
The isolation technology mainly contains isolation gap, two hard disk or single hard disk partition network isolation card between present net.A messaging device, personal computer (PC) for example, by isolated device, Intranet and outer net are used in timesharing, and Intranet and outer net are physically isolated, and the information of Intranet and outer net is stored in two subregions of two hard disks or a hard disk respectively.When network switches, remove residual, information in the PC internal memory random asccess memory by cold start-up again.
Generally speaking, the volatile memory capacity of nonvolatile storage in the PC internal memory or use reserve battery is very limited.For example, use the CMOS memory of reserve battery power supply in the PC, only be used for preserving the system configuration data of PC.When in PC, inserting an electrically rewritable non-volatile memory card, perhaps use the volatile memory card of reserve battery, the PC outage can not make the information dropout in these memories, thereby becomes information security hidden danger.
In embedded device, module and parts, use the electrically rewritable non-volatile memory in a large number or the volatile memory of reserve battery is arranged.The embedded device, module and the parts that related to nonpublic information may continue to preserve these nonpublic informations after outage.When they and outer net UNICOM, may reveal these nonpublic informations, become information security hidden danger.
The floppy drive floppy disk of PC, CD-ROM drive CD, mobile memory all are non-volatile memory mediums, also are information security hidden danger.Also there are information security hidden danger in parallel interface, serial line interface, USB interface.Because the confidence in security through the strict CPU (CPU) that detects or microcontroller MCU and operating system is not high, may have back door, in use the PI computer virus is introduced " Trojan Horse " program.Therefore, the CPU (CPU) by PC is or/and operating system checks that there are reliability disadvantages in the memory device of PC and interface capability.
Present isolated device does not possess the ability of memory device and interface in the independent check PC.Therefore, present isolated device does not possess the equipment isolating power.Isolated device can not independently be finished user identity discriminating detections such as password.Therefore, do not possess the user isolation ability.
A kind of safe and secret intelligent information terminal (patent 3202666.8) is handled resource based on public correspondence network and general information, realizes that the safe and secret and end-to-end communication security of local information store is secret.It is made up of information security and master control subsystem, information processing subsystem, information storage subsystem, message transmission subsystem.Information security is connected with other each several part respectively with the master control subsystem, realize other each several part physically with in logic mutual isolation.Information security and master control subsystem can be accepted the control of validated user, independently determine safe and secret mode and grade, and are responsible for coordinating other each several part, monitor their operating state.
When this information terminal was operated in cipher mode, information processing subsystem was operated in the cleartext information district, relates to cleartext information.Information storage subsystem, message transmission subsystem are operated in the cipher-text information district, do not relate to cleartext information.This information terminal can with Intranet UNICOM, also can with outer net UNICOM.Because outer net does not possess the encrypting and decrypting ability.Therefore, mainly be to utilize outer net with outer net UNICOM as information transfer channel, realize end-to-end or end to the information security passage of Intranet (comprising classified network).
When this information terminal was operated in non-encrypted mode, each subsystem all was operated in the cleartext information district, can be respectively and Intranet and outer net UNICOM.
When information processing subsystem does not possess the residual, information retentivity, for example its uses the memory in information storage subsystem, not memory independently, the volatile memory of independently not preparing and carrying with battery is perhaps arranged, after outage, information dropout can realize isolating between net.
When information processing subsystem possesses the residual, information retentivity, can insert Intranet (can outer net as escape way) in the encrypted work mode, Intranet finishes encryption and decryption and information is overanxious, and Intranet realizes isolating between net by isolation gap and outer net UNICOM.
The IEEE1149.1 standard is the basic thought of joint test working group (JTAG:Joint Test Action Group) based on boundary scan testing, interconnective correctness between the quality of device and the device is widely used in electronics and IT products research and development, manufacturing and the maintenance process in the testing printed circuit board.
Support the device of IEEE1149.1 JTAG standard all to have the JTAG basic hardware, comprise test access port (TAP), TAP controller, command register (IR), test data register (TDR), the special register of expansion also can be arranged.Test access port has test clock incoming line (TCK), test mode to select incoming line (TMS), test data incoming line (TDI), test data output line (TDO), test reset incoming line (TRST).The TAP controller is a hardware state machine, is used for instruction load register is moved into shift register with test data, and test result is shifted out from shift register, carry out test, catch, displacement, refresh test data etc.Test data register has bypass register (BR), boundary scan register (BSR), device identification register.Boundary scan register is made up of a string boundary scan cell (BSC), it is controlled by the TAP controller, each pin of corresponding chip all has a boundary scan cell, realize input, two condition output, ternary output, input and output bi-directional pin respectively by the pin type, they constitute a boundary scan shift register together.The device identification register provides information such as the title, type of device, device serial number, version number of chip production factory.
Jtag instruction is divided into public instruction and special instruction.Public instruction has bypass instruction, sampling/preset instruction, external testing instruction, close beta instruction, operation bist instruction (RUNBIST), assembly instruction (CLAMP), device identification instruction, high-impedance state instruction.Bypass instruction makes this chip bypass.The sampling instruction is under the normal operation that does not influence the chip core logic, and to the chip pin sampling, sampled result is by boundary scan shift register displacement output.Preset instruction is used for changing latched data on the boundary scan cell output pin.The external testing instruction is physically isolated the core logic of chip pin and chip mutually, and chip pin and boundary scan shift register are interconnected, so that the chip output pin is subjected to the Data Control of preset instruction fully, and are not subjected to the influence of chip core logic.Catch chip exterior from chip input pin and connect or the response of external circuit under chip output pin signal excitation, realize external testing.The close beta instruction is physically isolated the core logic of chip and chip pin mutually, be interconnected with the boundary scan shift register, so that the chip core logic obtains excitation from the boundary scan shift register, the response of chip core logic outputs to boundary scan shift register displacement output, realize the low cruise of chip core logic, reach test purpose.The operation bist instruction is realized the high-speed cruising of chip core logic, and test result is captured to the boundary scan shift register, and shifts out from TDO.The assembly instruction is used for to the fixing level of chip output pin output, and the device identification instruction is used for from TDO displacement output device sign.For the user-programmable device, personal code work instruction is the authentication code of the user-programmable device marker register of packing into.It is high-impedance state that all output pins of chip are forced in the high-impedance state instruction.
Because the needs of Chip Packaging and surface mount process, the chip of function complexity such as CPU (CPU), microcontroller (MCU), digital signal processor (DSP), field programmable gate array (FPGA), monolithic radio receiving-transmitting unit is all supported IEEE1149.1 JTAG standard.As 80486 microprocessors, the PXA250 xScal microcontroller of Intel, the TMS320C6000 DSP of TI, the FPGA of Xilinx etc.
Microcontroller, digital signal processor have generally all been expanded JTAG special register and special instruction, have embedded on-line debugging module (ICE), and with JTAG TAP as the on-line debugging interface.JTAG ICE special instruction is used for being provided with Hardware Breakpoint and point of observation, checks status register and the memory content of revising the chip core logic.Intel PXA250 xScal microcontroller chip has also embedded on-line tracing macrocell (ETM:EmbeddedTrace Macrocell), ETM is used for monitoring the chip core bus, and the information after will compressing is sent to embedded trace buffer (ETB:Embedded Trace Buffer) in real time, JTAG ICE controller uses the JTAG special instruction, by the data among the jtag port visit ETB.
Summary of the invention
The utility model is that a kind of safety is isolated and the monitor message terminal, come isolated controlling and monitoring by encrypt and decrypt, switching network, JTAG and ICE, realize Network Isolation (message transmission isolation) control and monitoring, store isolated control and monitoring, port isolation control and monitoring, equipment isolated controlling and monitoring, user isolation control and monitoring.
The utility model is isolated with Monitor And Control Subsystem (1), information processing subsystem (2), information storage subsystem (3), message transmission subsystem (4), user identity discriminating detection (5), peripheral hardware input/output interface (6), keyboard by safety and touch screen pen is write input (7), demonstration and interface (8), microphone and audio frequency input (9), audio frequency output is imported (11) each several part with loudspeaker (10), camera and formed.Safety is isolated and is connected with each part with switching network (25) switch terminals of Monitor And Control Subsystem (1), connect into one or more JTAG daisy chains with each part respectively or/and safety is isolated with Monitor And Control Subsystem (1), they physically are interconnected or disconnect isolation.
Safety is isolated with Monitor And Control Subsystem (1) and is made up of with JTAGICE controller (23), encrypt and decrypt (24), switching network (25), input/output interface (26) microcontroller (21), memory (22), JTAG control, microcontroller (21) is connected with other each part respectively, also the control end with switching network (25) is connected, and JTAG control can be the part of integrated circuit (IC) chip or microcontroller (21) software with JTAG ICE controller (23), encrypt and decrypt (24).
Safety is isolated with Monitor And Control Subsystem (1) and dynamically is connected and each part of disconnection isolation, is reconstructed into the information terminal of various different safety class.
Isolating safely with Monitor And Control Subsystem (1) is the core component of safety isolation and monitor message terminal, and its safe and secret grade has determined the safe and secret grade of whole information terminal, and the level security of other each several part is unrestricted.Select satisfactory parts for use according to safe and secret class requirement, carry out corresponding safe and secret detection, adopt anti-rewriting of hardware and packaging protection to prevent following the tracks of dissection and analysis, sensitive data can be destroyed voluntarily.JTAG control and JTAG ICE controller (23) can be built-in also can be external.
Information processing subsystem (2) is made up of controller (31), memory (32), input/output interface (33), controller (31) be with the CPU (CPU) of JTAG compatibility or microcontroller (MCU) or/and digital signal processor (DSP), be connected with memory (32), input/output interface (33) respectively, the other end of the memory interface of controller (31), input/output interface (33) can be connected with the switch terminals of switching network (25), and controller (31) is connected with microcontroller (21) available parallelism interface or serial line interface.
Information storage subsystem (3) can be one or more memories of physically isolating mutually, and memory interface is connected with microcontroller (21) or with the switch terminals of switching network (25).
Memory can be various universal or special information storing devices or device, modular assembly etc., comprises disk storage, optical disc storage, photomagneto disk storage, semiconductor memory, fixed or movable or mobile memory medium, volatile memory or nonvolatile storage and various combinations thereof etc.
Message transmission subsystem (4) can be one or more information transfer channels of physically isolating mutually, their interface is connected with microcontroller (21) or with the switch terminals of switching network (25), and their JTAG device and JTAG control connect into the JTAG daisy chain with JTAG ICE controller (23).
Information transfer channel can be various universal or special information transmission equipments or device, modular assembly etc., comprise various standard public's cellular mobile communications, various standard trunking mobile communications, short-distance wireless communication such as BLUETOOTH, infrared ray, wireless or cable LAN, metropolitan area network, various communications and combinations thereof such as Access Network or point-to-point communication, wire communication or radio communication.
Safety is isolated and each part of monitor message terminal can be autonomous subsystem, can have equipment identities identification algorithm or equipment identities authentication code, and power control terminal is connected with microcontroller (21).
According to the safe and secret class requirement of information terminal, user identity differentiate to detect (5) can be the semiconductor fingerprint detection part or/and pluggable IC identity authenticating card or/and password.Peripheral hardware input/output interface (6) can be parallel interface, serial line interface, USB interface etc.
Safety is isolated with Monitor And Control Subsystem (1) can isolate the controller that disconnects autonomous subsystem, be connected with ancillary equipment with memory, the peripheral components of autonomous subsystem, perhaps isolate memory, peripheral components and the ancillary equipment that disconnects autonomous subsystem, be connected with controller, perhaps be connected with the kernel access unit, perhaps be connected with each input and output pin boundary scan cell of autonomous subsystem controller with the embedded tracking of autonomous subsystem controller.
The external testing instruction of JTAG is physically isolated the core logic of chip pin and chip mutually, catches the response of chip exterior circuit under chip output pin signal excitation from chip input pin.Therefore, microcontroller (21) generates JTAG external testing instruction and preset instruction by JTAG control and JTAG ICE controller (23), the controller (comprising CPU, microprocessor, microcontroller, digital signal processor) of autonomous subsystem can be isolated, do not use the software of autonomous subsystem, but can be deep enough should autonomy subsystem inside, exercise the function of this autonomy subsystem controller, for example incoming memory, peripheral components and ancillary equipment, loading programmable logic array etc.Generate the sampling instruction, the autonomous subsystem input of real time monitoring.Whether generate close beta instruction and operation bist instruction, check the operating state of autonomous subsystem controller chip core logic, for example break down, whether change chip, whether the chip internal fail safe variation etc. has taken place.Generate JTAG ICE special instruction inspection and revise the content of the state of chip core logic, register, memory, monitor the chip core bus.Therefore, realized autonomous subsystem physically is communicated with or disconnects isolation, monitoring and control.
When the user selected working method or starts network switching, input or change password, microcontroller (21) control switch network (25) was write input (7) with keyboard and touch screen pen and is communicated with microcontroller (21), disconnected with other parts and isolating.Perhaps microcontroller (21) makes JTAG control and JTAG ICE controller (23) generate the external testing instruction, pass through jtag port, keyboard and touch screen pen are write the microcontroller (except the microcontroller (21)) that input (7), demonstration and interface (8) joins with it physically isolates, and drive them, return response.The user writes the input change password or selects working method, startup network to switch by keyboard and touch screen pen according to the prompting of display.
In the discriminating of local user's identity or through message transmission subsystem (4) and server coded communication, carry out user identity by network and differentiate.After identity discriminating in system starting process and other are checked correctly, enter normal operating conditions, and continue real-time discriminating and detect user identity.For example the user fingerprints identity detect to be differentiated, official hour at interval in, if user's finger leave fingerprint detection parts or fingerprint identity detect differentiate incorrect, safety isolate with Monitor And Control Subsystem (1) to user prompt.If after the prompting for several times, the identity detection is differentiated still incorrect, and safety is isolated and Monitor And Control Subsystem (1) preservation security affairs record, stops operate as normal, destroys for information about, realizes user isolation control and monitors.Safety is isolated the instruction that can also accept the webserver with Monitor And Control Subsystem (1), stops operate as normal, destroys for information about, realizes long-distance user's isolated controlling and monitoring.
In system starting process, safety is isolated and Monitor And Control Subsystem (1) carries out equipment identities discriminating and safety test to other each several part.Adopt cryptographic algorithm to carry out the equipment identities discriminating or generate the instruction of JTAG device identification and carry out the equipment identities discriminating.According to the information terminal working method, microcontroller (21) control switch network (25) or generation jtag instruction connect each several part or disconnect, generate jtag instruction, test the safety tests such as type specification, operational capacity, residual, information retentivity, read-write property, data flow of the device and equipments such as controller, software, memory, peripheral components, peripheral interface and ancillary equipment of each subsystem.If find that subsystem does not conform to the information terminal working method, then to user prompt, preserve the security affairs record, stop operate as normal, realize equipment isolated controlling and monitoring.
When information terminal is in the encrypted work mode, microcontroller (21) control switch network (25), make information processing subsystem (2) respectively with message transmission subsystem (4), peripheral hardware input/output interface (6) physical isolation.Make the electrically rewritable non-volatile memory and information processing subsystem (2) physical isolation of information storage subsystem (3); perhaps the electrically rewritable non-volatile memory that links to each other with information processing subsystem (2) of control write control end (write-protect end), program voltage end, it can not be rewritten.The BDB Bi-directional Data Bus of perhaps controlling the electrically rewritable non-volatile memory is read-only unidirectional data bus.
When information processing subsystem (2) need be with the nonvolatile storage of information stores in the information storage subsystem (3), this information at first consigns to microcontroller (21) and encrypts, and the information after the encryption is stored in the information storage subsystem (3) by microcontroller (21).Otherwise, when information processing subsystem (2) need read the enciphered message that is stored in information storage subsystem (3), the information that information processing subsystem (2) is at first notified microcontroller (21) to read and is stored in information storage subsystem (3) is also deciphered, and the information after the deciphering consigns to information processing subsystem (2) by microcontroller (21).
When information processing subsystem (2) needed transmission information, this information at first consigned to microcontroller (21) and encrypts, and the information after the encryption consigns to message transmission subsystem (4) by microcontroller (21) and sends.Otherwise message transmission subsystem (4) consigns to microcontroller (21) deciphering with the information of receiving, the information after the deciphering consigns to information processing subsystem (2) by microcontroller (21) and proceeds information processing.
Information processing subsystem (2) also can pass through safety isolation and Monitor And Control Subsystem (1) to information encryption and deciphering and peripheral hardware input/output interface (6) exchange message.Microcontroller (21) also can pass through message transmission subsystem (4) and receive Noncoded Information, or reads Noncoded Information from multimedia storage card (MMC), or reads Noncoded Information from the USB peripheral hardware, delivers to information processing subsystem (2) and handles.
Safety isolate with Monitor And Control Subsystem (1) and information processing subsystem (2), information storage subsystem (3), message transmission subsystem (4) between communicate by letter, the employing internal agreement, the IP packet data processes can be finished in message transmission subsystem (4).
If information processing subsystem (2) has independently electrically rewritable non-volatile memory; write control end (write-protect end); the program voltage end; perhaps BDB Bi-directional Data Bus is all uncontrollable; or/and independently peripheral hardware input/output interface is arranged; then generate the read-write control end of JTAG sampling instruction real time monitoring electrically rewritable non-volatile memory; other interface of program voltage end and memory; the peripheral hardware input/output interface is (as USB interface; the mobile memory interface; parallel interface; serial line interface etc.); discovery is gone beyond one's commission; just stop operate as normal; preserve the security affairs record, destroy for information about.But and the data flow of real time monitoring controller input and output pin, form " flight data recorder " data, be used for security audit and follow the tracks of.To having the chip of embedded trace buffer, generate the special instruction of JTAG trace buffer, start the chip internal trace buffer, by JTAG access track buffering result, implement to monitor than JTAG sampling instruction kernel bus more at a high speed.
When information terminal work finishes or working method switching (comprising that network switches), according to safety requirements, microcontroller (21) is controlled volatile memory and the chip that may contain volatile memory, parts, modular assembly outage in each subsystem, perhaps with jtag instruction with their zero clearings, to electrically rewritable non-volatile memory online programming again, empty residual, information.
Therefore, Network Isolation control and monitoring, store isolated control and monitoring, equipment isolated controlling and monitoring, user isolation control and monitoring have been realized.
Information encryption is a kind of very important information security technology, also can adopt the nonpublic information of concerning security matters not and encrypt storage, when receiving terminal possesses decryption capabilities, can adopt encrypted transmission.
According to safety requirements, the Intranet working method of information terminal can similar encrypted work mode be handled.Perhaps use the transmission channel and the electrically rewritable non-volatile memory of Intranet special use.Promptly by microcontroller (21) control switch network (25), information processing subsystem (2) is communicated with the transmission channel of the middle Intranet special use of message transmission subsystem (4), the electrically rewritable non-volatile memory of the middle Intranet special use of information storage subsystem (3) respectively, with the transmission channel of outer net special use, the electrically rewritable non-volatile memory physical isolation of outer net special use, but intranet and extranet also subregion use an electrically rewritable non-volatile memory.Perhaps use the shared electrically rewritable non-volatile memory of intranet and extranet, switching network (25) makes this memory read-only.
If information processing subsystem (2), message transmission subsystem (4) have independently electrically rewritable non-volatile memory, or/and peripheral hardware input/output interface is independently arranged and information terminal work finishes or the residual, information of working method when switching empties, the residual, information in can similar encrypted work mode empties to be handled.
The transmission channel and the electrically rewritable non-volatile memory of the outer net working method of information terminal or the special use of use outer net.Promptly by microcontroller (21) control switch network (25), information processing subsystem (2) is communicated with the transmission channel of the middle outer net special use of message transmission subsystem (4), the electrically rewritable non-volatile memory of the middle outer net special use of information storage subsystem (3) respectively, with the transmission channel of Intranet special use, the electrically rewritable non-volatile memory physical isolation of Intranet special use, but intranet and extranet also subregion use an electrically rewritable non-volatile memory.Perhaps use the shared electrically rewritable non-volatile memory of intranet and extranet, switching network (25) is only write this memory.
Information terminal work finishes or working method when switching residual, information empty, can be similar residual, information during the encrypted work mode empty and handle.
The beneficial effects of the utility model:
The utility model can dynamically be communicated with or isolate the each several part resource, and dynamic restructuring satisfies the information terminal of various safe classes; Can go deep into autonomous subsystem inside, the controller of isolating it, the independent function of exercising this controller; Can real time monitoring the operation of autonomous subsystem, and form " flight data recorder " data, be used for security audit and follow the tracks of; Can will be in a large number abundant and easily information security ability, Network Isolation, port isolation, the equipment of store isolated ability, modular assembly, device, software be used for the information security business, realize that Network Isolation, port isolation, store isolated, equipment are isolated, user isolation control and monitoring.
Description of drawings
Below in conjunction with drawings and Examples the utility model is further specified.
Fig. 1, Fig. 2 are structure principle chart of the present utility model.
Fig. 3 is the connection layout of the utility model JTAG daisy chain.
Fig. 4 is the structure principle chart of execution mode 1 safety isolation and Monitor And Control Subsystem (1).
Fig. 5 is the structure principle chart of execution mode 1 information processing subsystem (2).
In the drawings, 1 is that safety is isolated and Monitor And Control Subsystem, and 2 is information processing subsystem, and 3 is information storage subsystem, 4 is message transmission subsystem, 5 are that user identity is differentiated detects, and 6 is the peripheral hardware input/output interface, and 7 write input for keyboard and touch screen pen, 8 for showing and interface, 9 is microphone and audio frequency input, and 10 are audio frequency output and loudspeaker, and 11 is the camera importation.
21-26 is each part of safety isolation and Monitor And Control Subsystem (1), and wherein 21 is microcontroller, and 22 is memory, and 23 is JTAG control and JTAG ICE controller, and 24 is encrypt and decrypt, and 25 is switching network, and 26 is input/output interface.
31-33 is each part of information processing subsystem (2), and wherein 31 is controller, and 32 is memory, and 33 is input/output interface.
TCK-1, TMS-1, TDI-1, TDO-1, TRST-1 are respectively the safety isolation and select output line, test data incoming line, test data output line, test reset output line with Monitor And Control Subsystem (1) JTAG control and test clock output line, the test mode of JTAG ICE controller.
TCK-2, TMS-2, TDI-2, TDO-2, TRST-2 are respectively jtag test clock incoming line, the test mode of information processing subsystem (2) and select incoming line, test data incoming line, test data output line, test reset incoming line.
TCK-4, TMS-4, TDI-4, TDO-4, TRST-4 are respectively jtag test clock incoming line, the test mode of message transmission subsystem (4) and select incoming line, test data incoming line, test data output line, test reset incoming line.
MCU21-1 and MCU21-2 are the serial line interface of microcontroller (21), and MCU21-3 and MCU21-4 are respectively multimedia storage card (MMC) interface and the USB interface of microcontroller (21), and IO26 is the port of input/output interface (26).
K1, K2, K3, K4 are respectively the parallel output terminal mouth of microcontroller (21).SW1, SW2 are respectively the single-pole double throw analog switch of switching network (25), SW1-1, SW1-2 are the moving point of two of switch SW 1 switch terminals, SW1-3 is the fixed point switch terminals of switch SW 1, and SW2-1, SW2-2 are the moving point of two of switch SW 2 switch terminals, and SW2-3 is the fixed point switch terminals of switch SW 2.MCU31-1, MCU31-2 are respectively serial line interface, multimedia storage card (MMC) interface of controller (31), and IO33-1 is the USB interface end of input/output interface (33).
Embodiment
In the drawings in 1, the safety isolation differentiates that with information processing subsystem (2), information storage subsystem (3), message transmission subsystem (4), user identity detection (5), peripheral hardware input/output interface (6), keyboard are write input (7), demonstration and interface (8) with touch screen pen, microphone is imported (11) with audio frequency input (9), audio frequency output with loudspeaker (10), camera and is connected, and comprises that JTAG connects respectively with Monitor And Control Subsystem (1).Safety is isolated and Monitor And Control Subsystem (1) carries out physical isolation to other each several part.
The chip of each JTAG compatibility all has jtag test clock incoming line TCK, test mode to select incoming line TMS, test data incoming line TDI, test data output line TDO and test reset incoming line TRST.In Fig. 3, the TDO of first JTAG chip of information processing subsystem (2) is connected with the TDI of second JTAG chip, by that analogy, is connected into a JTAG chain.The TDI-2 of information processing subsystem (2) JTAG is connected with the TDI of first JTAG chip of JTAG chain, TDO-2 is connected with the TDO of last JTAG chip of JTAG chain, and TCK, the TMS of all JTAG chips, TRST distinguish parallel with one another on the TCK-2 on the JTAG socket, TMS-2, TRST-2 and the JTAG chain.TCK-4, the TMS-4 of message transmission subsystem (4) JTAG, TRST-4, TDI-4, TDO-4 are similarly.In Fig. 3, be example only with information processing subsystem (2) and message transmission subsystem (4).Safety is isolated with the JTAG control of Monitor And Control Subsystem (1) and is connected with the TDI-2 of information processing subsystem (2) JTAG with the TDO-1 of JTAG ICE controller, the TDO-2 of information processing subsystem (2) JTAG is connected with the TDI-4 of message transmission subsystem (4) JTAG, the TDO-4 of message transmission subsystem (4) JTAG isolates with the JTAG control of Monitor And Control Subsystem (1) with safety and is connected with the TDI-1 of JTAG ICE controller, forms the JTAG daisy chain.TCK-2, the TMS-2 of information processing subsystem (2) JTAG, TRST-2 respectively with TCK-4, TMS-4, the TRST-4 of message transmission subsystem (4) JTAG parallel with one another after, isolate to control with safety respectively again and be connected with TCK-1, TMS-1, the TRST-1 of JTAG ICE controller with the JTAG of Monitor And Control Subsystem (1).
Execution mode 1:
Execution mode 1 is that a kind of hand-hold type safety is isolated and the mobile encrypted information terminal of monitoring.In execution mode 1, safety is isolated with Monitor And Control Subsystem (1) to be provided by the mechanism with corresponding qualification, and information processing subsystem (2) is a palmtop PC.Information storage subsystem (3) is a multimedia storage card (MMC), it is a kind of large-capacity semiconductor information memory card, have serial communication interface, comprise that sheet selects incoming line MMCCS, order incoming line MMCCMD, clock incoming line MMCCLK, data input-output line MMCDAT, card detection line MMCDETECT.Message transmission subsystem (4) is a CDMA2000 1X wireless communication module, is a kind of public's cellular mobile communication terminal, has serial line interface and jtag interface TCK-4, TMS-4, TRST-4, TDI-4, TDO-4.User identity differentiates that detecting (5) is semiconductor fingerprint identification detection module, and peripheral hardware input/output interface (6) is a USB interface, and demonstration and interface (8) are TFT LCD display module, and camera (11) is the cmos semiconductor camera module.Have keyboard and touch screen pen and write input (7), microphone and audio frequency input (9), audio frequency output and loudspeaker (10).2 show among the annexation of each several part such as the figure.
In the drawings in 2, isolation differentiates that with information processing subsystem (2), information storage subsystem (3), message transmission subsystem (4), user identity detection (5), peripheral hardware input/output interface (6) are connected respectively with Monitor And Control Subsystem (1) safely, and safety isolation and Monitor And Control Subsystem (1) have been realized the physical isolation to them.Information processing subsystem (2) is also write input (7) with keyboard and touch screen pen, show and interface (8), microphone and audio frequency input (9), audio frequency output and loudspeaker (10), camera input (11) is connected, keyboard and touch screen pen are write input (7), show and interface (8), microphone and audio frequency input (9), audio frequency output and loudspeaker (10), camera input (11) is the basic configuration and the basic man-machine interface of information processing subsystem (2), existing a large amount of such equipment, module or assembly, safety are isolated and the JTAG of Monitor And Control Subsystem (1) carries out safety isolation and monitoring to them.
In Fig. 4, safety is isolated and is connected with memory (22), encrypt and decrypt (24), input/output interface (26) respectively with the microcontroller (21) of Monitor And Control Subsystem (1), JTAG control is connected with microcontroller (21) with an end of JTAG ICE controller (23), the other end is port TCK-1, TMS-1, TRST-1, TDI-1, the TDO-1 of jtag controller, wherein TDI-1 is an input, and TCK-1, TMS-1, TRST-1, TDO-1 are output.When without JTAG and the hardware-accelerated chip of encrypt and decrypt, JTAG control is the part of microcontroller (21) software with JTAG ICE controller (23), encrypt and decrypt (24), the port TDI-1 of jtag controller is the parallel input port of microcontroller (21), and TCK-1, TMS-1, TRST-1, TDO-1 are respectively the parallel output terminal mouth of microcontroller (21).SW1, SW2 are analog switch, can adopt the CC4053 of MOTOROLA company or the homemade cmos analog switch suitable with CC4053 respectively, and a CC4053 has three groups of independently single-pole double throw bidirectional analog switches, each independently analog switch a control end is all arranged.
In Fig. 5, the controller (31) of information processing subsystem (2) is a microcontroller, and memory (32) is the random asccess memory SDRAM of easily mistake and non-volatile FLASH memory, and input/output interface has USB interface in (33).Adopt embedded OS WINDOWS CE, have a large amount of abundant, practical, convenient and outstanding general application softwares.Microcontroller and FLASH memory are selected Intel xScal PXA263 for use, Intel xScalPXA263 is multi-chip module (MCM) encapsulation, Intel xScal PXA250 microcontroller and 32MBFLASH memory have been encapsulated, the data/address bus of this FLASH memory, address bus and most of control bus are encapsulated in multi-chip module inside, there is not pin to draw, uncontrollable outside multi-chip module.But, the write-protect input nWP of this FLASH memory, wipe and enable input VPEN with the locking of programming and piece and have pin to draw.
The serial line interface MCU21-1 of microcontroller (21) is connected with the serial line interface MCU31-1 of microcontroller (31), serial line interface MCU21-2 is connected with the serial line interface of the CDMA2000 1X wireless communication module of message transmission subsystem (4), the SW1-1 of switch SW 1 is connected with multimedia storage card (MMC) the interface MCU21-3 of microcontroller (21) in the switching network (25), SW1-2 is connected with multimedia storage card (MMC) the interface MCU31-2 of microcontroller (31), and SW1-3 is connected with the multimedia storage card (MMC) of information storage subsystem (3).The SW2-1 of SW2 is connected with the USB interface IO33-1 of information processing subsystem (2), and SW2-2 is connected with the USB interface MCU21-4 of microcontroller (21), and SW2-3 is connected with the USB interface of peripheral hardware input/output interface (6).The write-protect end nWP of the multi-chip module PXA263 that microcontroller (31) and FLASH memory are formed is connected with K2, and and the programming and piece of wiping of PXA263 locks and enables input VPEN and be connected with K4.Microcontroller (21) is controlled the control end of system's general supply and each several part power supply in the power management chip respectively.
Sheet selects incoming line MMCCS, order incoming line MMCCMD, clock incoming line MMCCLK, data input-output line MMCDAT, card detection line MMCDETECT to have 5 lines in multimedia storage card (MMC) interface, and data anode (USBDP) and data negative terminal (USBDN), power supply detect (USBPW) and have 3 lines in the USB interface.Therefore, switching network (25) needs 5 SW1 analog switches, 3 SW2 analog switches.The control end of each analog switch SW1 all is connected with K1, and the control end of each analog switch SW2 all is connected with K3.
During system start-up, microcontroller (21) is gone up the prompting user by serial line interface MCU21-1/MCU31-1 notice microcontroller (31) in demonstration (8) and is carried out the identity discriminating.User identity differentiates that detecting (5) arrives microcontroller (21) with the user fingerprints data delivery, carries out the user identity discriminating in the discriminating of local user's identity or through the CDMA2000 1X wireless communication module and the server coded communication of serial line interface MCU21-2 and message transmission subsystem (4) by network.After user identity is differentiated, microcontroller (21) carries out equipment identities by MCU21-1, MCU21-2, TCK-1, TMS-1, TDI-1, TDO-1, TRST-1 to each several part and differentiates, checkout equipment ability, particularly information I/O channel and residual, information retentivity.
In the encrypted work mode, K1 control switch network (25) the analog switch SW1 of microcontroller (21) makes the multimedia storage card (MMC) of information storage subsystem (3) be connected with microcontroller (21), disconnects with microcontroller (31).K3 control switch network (25) analog switch SW2 makes the USB interface of peripheral hardware input/output interface (6) be connected with microcontroller (21), with the USB interface IO33-1 disconnection of information processing subsystem (2).K2 and K4 control multi-chip module PXA263 write-protect end nWP enable input VPEN with wiping with programming and piece locking, make this FLASH memory become read-only memory.Therefore, safety isolate with Monitor And Control Subsystem (1) by the information encryption deciphering, can insert multimedia storage card (MMC), can with the USB peripheral devices exchange information, can insert CDMA2000 1X public cellular mobile communications networks through message transmission subsystem (4).Information processing subsystem (2) can insert the easy mistake SDRAM memory (32) and the non-volatile read-only FLASH memory of this subsystem.The information of information processing subsystem (2) is isolated and Monitor And Control Subsystem (1) encryption through safety, and can be stored in multimedia storage card (MMC), or send to the USB peripheral hardware, or by message transmission subsystem (4) and the transmission of CDMA2000 1X public cellular mobile communications networks.Otherwise, enciphered message that come by the transmission of message transmission subsystem (4) and CDMA2000 1X public cellular mobile communications networks or that read from multimedia storage card (MMC), or the enciphered message that reads from the USB peripheral hardware, isolate and Monitor And Control Subsystem (1) deciphering through safety, or read Noncoded Information from multimedia storage card (MMC), or, deliver to information processing subsystem (2) and handle from the Noncoded Information that the USB peripheral hardware reads.
In the course of the work, microcontroller (21) generates JTAG sampling instruction or/and the kernel bus tracking monitors special instruction, monitor the state and the information flow of each subsystem, form by " flight data recorder ", be used for security audit, can monitor the write operation of microcontroller (31) especially the FLASH memory in its multi-chip module.
Work finishes, and microcontroller (21) can generate JTAG kernel bus tracking and monitor special instruction, inserts register, buffer, the memory of chip internal such as microcontroller in each subsystem, and they are emptied.Generate JTAG external testing instruction, insert the easy mistake random asccess memory in each subsystem, they are emptied.Perhaps microcontroller (21) control each several part power supply disconnects, and makes loss of data in the volatile memory.According to the needs of information security grade, can generate JTAG external testing instruction by microcontroller (21), the FLASH memory in the multi-chip module of microcontroller (31) is all wiped reprogramming.
Intranet working method and encrypted work mode are similar.Because personal digital assistant device generally inserts Intranet with outer net as transmission channel.Therefore, form the information security passage and encrypt storage by information encryption.
In the outer net working method, K1 control switch network (25) the analog switch SW1 of microcontroller (21) makes the multimedia storage card (MMC) of information storage subsystem (3) be connected with microcontroller (31), disconnects with microcontroller (21).K3 control switch network (25) analog switch SW2 makes the USB interface of peripheral hardware input/output interface (6) be connected with the USB interface IO33-1 of information processing subsystem (2), disconnects with microcontroller (21).K2 and K4 control multi-chip module PXA263 FLASH memory write protection end nWP enable input VPEN with wiping with programming and piece locking, make this FLASH memory become electrically alterable storage.Therefore, safety is isolated with Monitor And Control Subsystem (1) can insert CDMA2000 1X public cellular mobile communications networks through message transmission subsystem (4), inserts outer nets such as Internet again through CDMA2000 1X public cellular mobile communications networks.Information processing subsystem (2) can insert the multimedia storage card (MMC) and the USB peripheral hardware of the easy mistake SDRAM memory (32) of this subsystem and non-volatile electrically rewritable FLASH memory, information storage subsystem (3).The information of information processing subsystem (2) is isolated by safety and Monitor And Control Subsystem (1) transmits by message transmission subsystem (4) and CDMA2000 1X public cellular mobile communications networks.Otherwise,, deliver to information processing subsystem (2) through safety isolation and Monitor And Control Subsystem (1) and handle by message transmission subsystem (4) and CDMA2000 1X public cellular mobile communications networks signal transmitted.
Execution mode 2:
Execution mode 2 is that a kind of hand-hold type safety is isolated and the monitoring personal digital assistant device.In execution mode 2, safety is isolated with Monitor And Control Subsystem (1) to be provided by the mechanism with corresponding qualification, and information processing subsystem (2) is a palmtop PC.Information storage subsystem (3) is a multimedia storage card (MMC), has serial communication interface.Message transmission subsystem (4) has two independently transmission channels, a transmission channel (outer net passage) is a CDMA2000 1X wireless communication module, have serial line interface and jtag interface, another transmission channel (Intranet passage) is an IEEE 802.11b/g wireless local area network communications module, has USB interface and jtag interface.User identity differentiates that detecting (5) enters password for keyboard, shared keyboard and touch screen pen are write input (7), peripheral hardware input/output interface (6) is a USB interface, and demonstration and interface (8) are TFT LCD display module, and camera (11) is the cmos semiconductor camera module.Have keyboard and touch screen pen and write input (7), microphone and audio frequency input (9), audio frequency output and loudspeaker (10).Except that safety isolation and Monitor And Control Subsystem (1), information processing subsystem (2) is connected with other each several part respectively, this is an existing personal digital assistant device, and independently electrically rewritable non-volatile memory and independently peripheral hardware input/output interface USB are arranged, and safety is not isolated and monitoring capacity.This existing terminal is not changed, isolate and Monitor And Control Subsystem (1), make it possess safety and isolate and monitoring capacity by increasing safety.
The safety isolation has being connected of personal digital assistant device with Monitor And Control Subsystem (1) now with being somebody's turn to do, and mainly is being connected of jtag interface (annexation such as Fig. 3) and power control line.The safety isolation is similar with Monitor And Control Subsystem (1) and execution mode 1, draws if having the power control line inconvenience of terminal now, and the switch control among available similar Fig. 4, this switch is the high-current semiconductor switch.
During system start-up, microcontroller (21) generates the external testing instruction, by jtag port, keyboard and touch screen pen is write the microcontroller (31) that input (7), demonstration and interface (8) joins with it physically isolate, and drive them, returns response.The user writes input or change password, selection working method or starts the network switching by keyboard and touch screen pen according to the prompting of display.Generate jtag instruction each several part is carried out equipment identities discriminating, checkout equipment ability, particularly information I/O channel and residual, information retentivity.
In the Intranet working method, microcontroller (21) generates external testing instruction or close beta instruction or high-impedance state instruction and makes JTAG device and external isolation disconnection in the CDMA2000 1X wireless communication module (outer net passage) in the message transmission subsystem (4), IEEE 802.11b/g wireless local area network communications module (Intranet passage) operate as normal.It is a fixing level that generation CLAMP instruction makes a part of address line of the FLASH memory interface of microcontroller (31), makes the subregion (Intranet subregion) in microcontroller (31) the use FLASH memory.In the course of the work, microcontroller (21) generates read-write control end, program voltage end and other interface of memory, peripheral hardware USB interface, multimedia storage card (MMC) interface of JTAG sampling instruction real time monitoring electrically rewritable non-volatile memory (particularly outer net subregion), discovery is gone beyond one's commission, just stop operate as normal, preserve the security affairs record, destroy for information about.But and the data flow of real time monitoring controller input and output pin, form " flight data recorder " data, be used for security audit and follow the tracks of.Generate the special instruction of JTAG trace buffer, start the chip internal trace buffer,, implement to monitor than JTAG sampling instruction kernel bus more at a high speed by JTAG access track buffering result.
In the outer net working method, microcontroller (21) generates external testing instruction or close beta instruction or high-impedance state instruction and makes JTAG device and external isolation disconnection in the IEEE 802.11b/g wireless local area network communications module (Intranet passage) in the message transmission subsystem (4), CDMA2000 1X wireless communication module (outer net passage) operate as normal.It is a fixing level that generation CLAMP instruction makes a part of address line of the FLASH memory interface of microcontroller (31), makes another subregion (outer net subregion) in microcontroller (31) the use FLASH memory.In the course of the work, microcontroller (21) generates read-write control end, program voltage end and other interface of memory of JTAG sampling instruction real time monitoring electrically rewritable non-volatile memory (particularly Intranet subregion), discovery is gone beyond one's commission, just stop operate as normal, preserve the security affairs record, destroy for information about.But and the data flow of real time monitoring controller input and output pin, form " flight data recorder " data, be used for security audit and follow the tracks of.
Work finishes, and microcontroller (21) can generate JTAG kernel bus tracking and monitor special instruction, inserts register, buffer, the memory of chip internal such as microcontroller in each subsystem, and they are emptied.Generate JTAG external testing instruction, insert the easy mistake random asccess memory in each subsystem, they are emptied.Perhaps microcontroller (21) control each several part power supply disconnects, and makes loss of data in the volatile memory.According to the needs of information security grade, can generate JTAG external testing instruction by microcontroller (21), the FLASH memory is all wiped reprogramming.
Adopt information encryption, also can be in the outer net working method, by long-range access Intranet of CDMA2000 1X mobile radio communication or communication end to end.Obtain the Intranet information of needed encryption in the outer net working method after, withdraw from the outer net working method.Microcontroller (21) generates external testing instruction or close beta instruction or high-impedance state instruction all disconnects message transmission subsystem (4), microcontroller (31) with external isolation, microcontroller (21) generates the external testing instruction and inserts Intranet subregion and outer net subregion in the FLASH memory, will be stored in the Intranet subregion after the deciphering of the enciphered message in the outer net subregion.Then, enter Intranet (off-grid) working method, handle the Intranet information after deciphering.
Otherwise, will be stored in the outer net subregion after the information encryption in the Intranet subregion.Then, enter the outer net working method, the information after encrypting is transferred to long-range Intranet or end-to-end user by outer net.
Claims (8)
1, a kind of safety is isolated and the monitor message terminal, isolate and Monitor And Control Subsystem (1) by safety, information processing subsystem (2), information storage subsystem (3), message transmission subsystem (4), user identity is differentiated and is detected (5), peripheral hardware input/output interface (6), keyboard and touch screen pen are write input (7), show and interface (8), microphone and audio frequency input (9), audio frequency output and loudspeaker (10), camera input (11) each several part is formed, it is characterized in that the safety isolation is connected with each part with switching network (25) switch terminals of Monitor And Control Subsystem (1), connect into one or more JTAG daisy chains with each part respectively or/and safety is isolated with Monitor And Control Subsystem (1), they physically are interconnected or disconnect isolation.
2, a kind of safety according to claim 1 is isolated and the monitor message terminal, it is characterized in that safety isolation and Monitor And Control Subsystem (1) are by microcontroller (21), memory (22), JTAG control and JTAG ICE controller (23), encrypt and decrypt (24), switching network (25), input/output interface (26) is formed, microcontroller (21) is connected with other each part respectively, also the control end with switching network (25) is connected, JTAG control and JTAG ICE controller (23), encrypt and decrypt (24) can be the part of integrated circuit (IC) chip or microcontroller (21) software.
3, a kind of safety according to claim 1 is isolated and the monitor message terminal, it is characterized in that information processing subsystem (2), by controller (31), memory (32), input/output interface (33) is formed, controller (31) be with the CPU (CPU) of JTAG compatibility or microcontroller (MCU) or/and digital signal processor (DSP), respectively with memory (32), input/output interface (33) is connected, the memory interface of controller (31), the other end of input/output interface (33) can be connected with the switch terminals of switching network (25), and controller (31) is connected with microcontroller (21) available parallelism interface or serial line interface.
4, a kind of safety according to claim 1 is isolated and the monitor message terminal, it is characterized in that information storage subsystem (3) can be one or more memories of physically isolating mutually, memory interface is connected with microcontroller (21) or with the switch terminals of switching network (25).
5, a kind of safety according to claim 1 is isolated and the monitor message terminal, it is characterized in that message transmission subsystem (4) can be one or more information transfer channels of physically isolating mutually, their interface is connected with microcontroller (21) or with the switch terminals of switching network (25), and their JTAG device and JTAG control connect into the JTAG daisy chain with JTAG ICE controller (23).
6, a kind of safety according to claim 1 is isolated and the monitor message terminal, each part that it is characterized in that it can be autonomous subsystem, can have equipment identities identification algorithm or equipment identities authentication code, power control terminal is connected with microcontroller (21).
7, a kind of safety according to claim 1 is isolated and the monitor message terminal, it is characterized in that safety is isolated and Monitor And Control Subsystem (1) dynamically is connected and disconnects each part of isolation, is reconstructed into the information terminal of various different safety class.
8, a kind of safety according to claim 1 is isolated and the monitor message terminal, it is characterized in that safety is isolated and Monitor And Control Subsystem (1) can be isolated the controller that disconnects autonomous subsystem, be connected with ancillary equipment with memory, the peripheral components of autonomous subsystem, perhaps isolate memory, peripheral components and the ancillary equipment that disconnects autonomous subsystem, be connected with controller, perhaps be connected with the kernel access unit, perhaps be connected with each input and output pin boundary scan cell of autonomous subsystem controller with the embedded tracking of autonomous subsystem controller.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200420091557 CN2753062Y (en) | 2004-09-05 | 2004-09-05 | Safe isolating and monitoring information terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200420091557 CN2753062Y (en) | 2004-09-05 | 2004-09-05 | Safe isolating and monitoring information terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN2753062Y true CN2753062Y (en) | 2006-01-18 |
Family
ID=35914472
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200420091557 Expired - Fee Related CN2753062Y (en) | 2004-09-05 | 2004-09-05 | Safe isolating and monitoring information terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN2753062Y (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217361B (en) * | 2008-01-14 | 2010-10-06 | 周亮 | Method, system and terminal to guarantee information security |
| CN101141317B (en) * | 2007-04-12 | 2011-11-23 | 中兴通讯股份有限公司 | Automatic testing equipment and method for multiple JTAG chain |
| CN101800738B (en) * | 2009-12-31 | 2013-01-16 | 暨南大学 | Realization system and method for safely visiting and storing intranet data by mobile equipment |
| CN101141352B (en) * | 2006-09-05 | 2013-05-29 | 通用电气公司 | Ethernet chaining network and method |
| CN103475300A (en) * | 2013-09-29 | 2013-12-25 | 奇瑞汽车股份有限公司 | Vehicle motor control system and safety monitoring method |
| CN104200179A (en) * | 2014-09-12 | 2014-12-10 | 南京神易网络科技有限公司 | Computer peripheral equipment isolation method |
| CN104298641A (en) * | 2009-03-30 | 2015-01-21 | 美国亚德诺半导体公司 | USB isolator with advanced control features |
| CN106131072A (en) * | 2016-08-28 | 2016-11-16 | 姜俊 | A kind of computer information safe system |
| CN108763971A (en) * | 2018-08-17 | 2018-11-06 | 北京航星中云科技有限公司 | A kind of data safety storage device and method, mobile terminal |
| CN110414225A (en) * | 2019-07-24 | 2019-11-05 | 广州魅视电子科技有限公司 | A kind of system and method for anti-HID keyboard attack |
-
2004
- 2004-09-05 CN CN 200420091557 patent/CN2753062Y/en not_active Expired - Fee Related
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101141352B (en) * | 2006-09-05 | 2013-05-29 | 通用电气公司 | Ethernet chaining network and method |
| CN101141317B (en) * | 2007-04-12 | 2011-11-23 | 中兴通讯股份有限公司 | Automatic testing equipment and method for multiple JTAG chain |
| CN101217361B (en) * | 2008-01-14 | 2010-10-06 | 周亮 | Method, system and terminal to guarantee information security |
| CN104298641B (en) * | 2009-03-30 | 2018-01-30 | 美国亚德诺半导体公司 | USB isolator with Dynamic matrix control characteristic |
| USRE47097E1 (en) | 2009-03-30 | 2018-10-23 | Analog Devices, Inc. | USB isolator with advanced control features |
| CN104298641A (en) * | 2009-03-30 | 2015-01-21 | 美国亚德诺半导体公司 | USB isolator with advanced control features |
| USRE47098E1 (en) | 2009-03-30 | 2018-10-23 | Analog Devices, Inc. | USB isolator with advanced control features |
| USRE47083E1 (en) | 2009-03-30 | 2018-10-09 | Analog Devices, Inc. | USB isolator with advanced control features |
| CN101800738B (en) * | 2009-12-31 | 2013-01-16 | 暨南大学 | Realization system and method for safely visiting and storing intranet data by mobile equipment |
| CN103475300A (en) * | 2013-09-29 | 2013-12-25 | 奇瑞汽车股份有限公司 | Vehicle motor control system and safety monitoring method |
| CN103475300B (en) * | 2013-09-29 | 2016-02-24 | 奇瑞新能源汽车技术有限公司 | A kind of vehicle motor control system and method for safety monitoring |
| CN104200179A (en) * | 2014-09-12 | 2014-12-10 | 南京神易网络科技有限公司 | Computer peripheral equipment isolation method |
| CN106131072A (en) * | 2016-08-28 | 2016-11-16 | 姜俊 | A kind of computer information safe system |
| CN108763971A (en) * | 2018-08-17 | 2018-11-06 | 北京航星中云科技有限公司 | A kind of data safety storage device and method, mobile terminal |
| CN108763971B (en) * | 2018-08-17 | 2023-04-04 | 北京航星中云科技有限公司 | Data security storage device and method and mobile terminal |
| CN110414225A (en) * | 2019-07-24 | 2019-11-05 | 广州魅视电子科技有限公司 | A kind of system and method for anti-HID keyboard attack |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101533450B (en) | Microprocessor device for providing secure execution environment and method for executing secure code thereof | |
| CN2753062Y (en) | Safe isolating and monitoring information terminal | |
| CN202795383U (en) | Device and system for protecting data | |
| CN1147793C (en) | Semiconductor memory device | |
| CN102255888A (en) | Method and apparatus for secure scan of Data storage device from remote server | |
| CN103198037B (en) | Reliable pipe control method and system for IO (input output) equipment | |
| CN1799104A (en) | Integrity control for data stored in a non-volatile memory | |
| WO2008156328A2 (en) | Digital forensic system and method | |
| CN108470129A (en) | A kind of data protection special chip | |
| CN100594506C (en) | Data uploading transmission extension card apparatus embeded in computer | |
| CN201917912U (en) | Monitoring and management system of USB (Universal Serial Bus) storage device | |
| CN112882964B (en) | High-capacity high-safety storage system supporting multiple interfaces | |
| CN100594507C (en) | Data transmission device | |
| CN111857947B (en) | Memory isolation method, isolation checking circuit and CPU chip | |
| CN101408920B (en) | Data downloading transmission expending card apparatus embedded in computer | |
| CN202720652U (en) | Dual-computer system for information security protection | |
| CN203242000U (en) | USB (Universal Serial Bus) hardware encryption system based on FPGA (Field Programmable Gate Array) technology | |
| Farulla et al. | An object-oriented open software architecture for security applications | |
| CN117591456A (en) | Network shared data storage system | |
| Knapp | Firmware Security in IoT: Should Smart Homes Be Afraid of Evil Maids? | |
| CN112688953A (en) | Data processing method and device, electronic equipment and computer readable storage medium | |
| CN109190416A (en) | A kind of flash disk data encryption Ferrying machine and method of ferrying | |
| CN201654769U (en) | Encryption mobile storage device | |
| CN102222050A (en) | Highly-efficient data processing and secure storage method and secure smart cryptographic storage chip | |
| Ni et al. | Realization of A Data Communication Card for A High Speed Digital Electronic Engraving Machine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C19 | Lapse of patent right due to non-payment of the annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |