[go: up one dir, main page]

CN1696865A - Information security equipment and communication method based on MMC/SDIO interface - Google Patents

Information security equipment and communication method based on MMC/SDIO interface Download PDF

Info

Publication number
CN1696865A
CN1696865A CN 200510082685 CN200510082685A CN1696865A CN 1696865 A CN1696865 A CN 1696865A CN 200510082685 CN200510082685 CN 200510082685 CN 200510082685 A CN200510082685 A CN 200510082685A CN 1696865 A CN1696865 A CN 1696865A
Authority
CN
China
Prior art keywords
mmc
data
sdio interface
chip
host
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN 200510082685
Other languages
Chinese (zh)
Other versions
CN100334520C (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Beijing Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Feitian Technologies Co Ltd filed Critical Beijing Feitian Technologies Co Ltd
Priority to CNB200510082685XA priority Critical patent/CN100334520C/en
Publication of CN1696865A publication Critical patent/CN1696865A/en
Application granted granted Critical
Publication of CN100334520C publication Critical patent/CN100334520C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

An information safety device makes software copyright protection and information safety based on MMC / SDIO possible by applying CPU to process data and by connecting chip having MMC / SDIO interface, CPU and storage to host with MMC / SDIO interface for communication. The safety device is small in size and low in power consumption so it can be used in hot insertion way as well as in plug and play way.

Description

基于MMC/SDIO接口的信息安全设备及其通信方法Information security equipment and communication method based on MMC/SDIO interface

技术领域technical field

本发明涉及一种信息安全设备和通信方法的设计,特别是一种基于MMC/SDIO接口的信息安全设备及其通信方法。The invention relates to the design of an information security device and a communication method, in particular to an information security device based on an MMC/SDIO interface and a communication method thereof.

技术背景technical background

在信息科技日益发达的今天,数据信息的安全性和保密性日益受到人们的重视。其中,软件的版权保护产品作为一种信息安全设备在软件版权保护领域发挥着重要的作用,它保护软件开发商的利益、增加收益,保护合法用户的利益,还可以控制软件分销。同时,随着互联网的发展,越来越多涉及个人隐私和商业秘密的信息需要通过网络传递,信息安全的重要性也越来越为人们所认知。信息安全产品用作网络身份认证、数据安全存储、访问、控制、传输、数据加解密等方面,在电子商务、电子政务、网上银行等领域有非常广阔的使用前景。In today's increasingly developed information technology, the security and confidentiality of data information are increasingly valued by people. Among them, software copyright protection products, as an information security device, play an important role in the field of software copyright protection. It protects the interests of software developers, increases revenue, protects the interests of legitimate users, and can also control software distribution. At the same time, with the development of the Internet, more and more information involving personal privacy and business secrets needs to be transmitted through the network, and the importance of information security is increasingly recognized by people. Information security products are used in network identity authentication, data security storage, access, control, transmission, data encryption and decryption, etc., and have very broad application prospects in e-commerce, e-government, online banking and other fields.

同时,MMC(MultiMediaCard)接口和SD(Secure Digital I/O)是两种接口标准,由于外形小巧,便于携带的应用优势,使得MMC/SD接口被广泛应用。At the same time, MMC (MultiMediaCard) interface and SD (Secure Digital I/O) are two interface standards. Due to the application advantages of small size and easy portability, MMC/SD interface is widely used.

MMC接口主要出现在数码影像、音乐、手机、PDA、电子书、玩具等产品中,应用比较广泛。MMC接口设备可以做到低功耗,高数据吞吐,支持热插拔,有良好的兼容性和可靠性。SD卡在数字家电、手机等行业得到广泛应用,SD接口技术越来越广泛的进入人们的生活。SDIO协议是基于SD接口的,也可称支持SDIO的SD接口为SDIO接口,以下全部称为SDIO接口。SDIO设备象USB设备一样支持即插即用,通信速度高,全速设备可以达到100Mb/second。耗电小,适合于各种移动设备。对比MMC/SDIO与CF等早先出现的接口,MMC/SDIO比其他的早期接口更加省电,更加小型化,也就更加成为应用的一个趋势。MMC interfaces mainly appear in digital video, music, mobile phones, PDAs, e-books, toys and other products, and are widely used. MMC interface devices can achieve low power consumption, high data throughput, support hot swap, and have good compatibility and reliability. SD cards are widely used in digital home appliances, mobile phones and other industries, and SD interface technology is more and more widely used in people's lives. The SDIO protocol is based on the SD interface, and the SD interface that supports SDIO can also be called the SDIO interface, and all of the following are called SDIO interfaces. SDIO devices support plug and play like USB devices, with high communication speed, and full-speed devices can reach 100Mb/second. Low power consumption, suitable for various mobile devices. Compared with earlier interfaces such as MMC/SDIO and CF, MMC/SDIO is more power-saving and more miniaturized than other early interfaces, and it has become a trend of application.

但目前,尚没有一种利用MMC/SDIO接口实现信息安全保护的设备和方法,从而实现软件保护和身份认证识别等功能。But at present, there is no device and method for realizing information security protection by using the MMC/SDIO interface, so as to realize functions such as software protection and identity authentication.

发明内容Contents of the invention

本发明利用MMC/SDIO接口的诸多优点,提供一种结构简单,使用方便的基于MMC/SDIO接口的信息安全设备以及通过此设备进行数据传输的方法。The invention utilizes many advantages of the MMC/SDIO interface to provide an information security device based on the MMC/SDIO interface with a simple structure and convenient use and a data transmission method through the device.

本发明解决其技术问题所采取的技术方案是:一种基于MMC/SDIO接口的信息安全设备,包括The technical scheme adopted by the present invention to solve its technical problems is: a kind of information security equipment based on MMC/SDIO interface, comprising

CPU:用于运行固件程序和用户程序,CPU: used to run firmware programs and user programs,

MMC/SDIO接口:用于设备与主机进行通讯,MMC/SDIO interface: used for communication between the device and the host,

存储器:用于存储设备固件程序和用户数据以及状态信息,所述CPU分别与所述MMC/SDIO接口芯片和存储器相连。Memory: used to store device firmware program, user data and state information, the CPU is connected to the MMC/SDIO interface chip and memory respectively.

还可包括一个集成MCU芯片,所述集成MCU芯片集成了包括所述CPU、MMC/SDIO接口芯片和存储器。It may also include an integrated MCU chip, which integrates the CPU, MMC/SDIO interface chip and memory.

还可包括一个集成MCU芯片,所述集成MCU芯片包括集成的所述CPU和存储器。An integrated MCU chip may also be included, and the integrated MCU chip includes the integrated CPU and memory.

所述CPU可为单片机。The CPU can be a single chip microcomputer.

所述存储器可包括RAM、ROM、EPROM、EEPROM、FLASH。The memory may include RAM, ROM, EPROM, EEPROM, FLASH.

所述MCU芯片可为安全设计的芯片,包括智能卡芯片。The MCU chip can be a security designed chip, including a smart card chip.

一种使用上述设备的数据通信方法,数据传输过程包括如下步骤:A data communication method using the above-mentioned equipment, the data transmission process includes the following steps:

1)主机识别到设备,并对设备进行初始化;1) The host recognizes the device and initializes the device;

2)主机向设备发送命令;2) The host sends commands to the device;

3)设备对命令的解析和处理;3) The device parses and processes commands;

4)设备向主机返回结果。4) The device returns the result to the host.

主机向设备发送命令过程中,主机可将指令发送给设备CPU中的驱动程序,驱动程序将指令通过MMC/SDIO接口按照接口协议的要求将数据发送给设备。When the host sends commands to the device, the host can send the command to the driver in the device CPU, and the driver sends the command to the device through the MMC/SDIO interface in accordance with the requirements of the interface protocol.

所述步骤3)中所述设备对命令的解析和处理,可包括如下过程:The parsing and processing of the command by the device described in step 3) may include the following process:

A.设备接收来自MMC/SDIO接口的数据;A. The device receives data from the MMC/SDIO interface;

B.设备根据接收的数据执行相应操作。B. The device performs corresponding operations according to the received data.

所述步骤B)中,在执行相关指令的过程中,所述操作可包括数据的安全存储、访问控制、数据的处理过程。In the step B), during the execution of relevant instructions, the operations may include safe storage of data, access control, and data processing.

所述数据处理过程中,对于数据的运算处理可包括自定义处理过程和标准的处理过程,标准处理过程可包括:RSA、DES、3DES、MD5、SHA-1、SSF33、AES、椭圆曲线算法。In the data processing process, the calculation process for data may include custom processing process and standard processing process, and standard processing process may include: RSA, DES, 3DES, MD5, SHA-1, SSF33, AES, elliptic curve algorithm.

本发明通过采用包括MMC/SDIO接口芯片、CPU和存储器的设备,与带有MMC/SDIO接口的主机进行连接和通信,并通过CPU进行数据处理,使基于MMC/SDIO接口的信息安全和软件版权保护成为可能,同时具备小巧便携、高速、低功耗、可热插拔、即插即用的优点。The present invention connects and communicates with a host computer with an MMC/SDIO interface by adopting a device including an MMC/SDIO interface chip, a CPU, and a memory, and processes data through the CPU, so that information security and software copyright based on the MMC/SDIO interface are Protection becomes possible, and at the same time, it has the advantages of small and portable, high speed, low power consumption, hot-swappable, and plug-and-play.

附图说明Description of drawings

图1为本发明中实施例1的流程图Fig. 1 is the flowchart of embodiment 1 among the present invention

图2为本发明中实施例2的流程图Fig. 2 is the flowchart of embodiment 2 in the present invention

图3为实施例2的硬件框图Fig. 3 is the hardware block diagram of embodiment 2

图4为实施例3的硬件框图Fig. 4 is the hardware block diagram of embodiment 3

图5为实施例1的硬件框图Fig. 5 is the hardware block diagram of embodiment 1

具体实施方式Detailed ways

本发明的第一种优选实施例,提供了一种软件保护设备及其通信方法。The first preferred embodiment of the present invention provides a software protection device and a communication method thereof.

如图5所示,所述软件保护设备502包括顺次连接的MMC/SDIO接口芯片503、CPU 505和扩展存储器504,所述扩展存储器可以选用任意的RAM、ROM、EPROM、FLASH等,用于存储相应的加密算法。所述存储器应该有足够的存储空间,用于存储预置的加密算法,或者可以由用户选择或下载算法,如果需要存储部分用户代码的话需要有足够大的存储空间,可以是片内FLASH等。As shown in Figure 5, described software protection device 502 comprises MMC/SDIO interface chip 503, CPU 505 and expansion memory 504 that are connected in sequence, and described expansion memory can select arbitrary RAM, ROM, EPROM, FLASH etc. for use Store the corresponding encryption algorithm. The memory should have enough storage space for storing the preset encryption algorithm, or the algorithm can be selected or downloaded by the user. If it is necessary to store part of the user code, it needs to have a large enough storage space, which can be on-chip FLASH, etc.

固件程序部分包括:对设备的识别部分、设备等待并接收来自主机的数据、设备解析并处理数据、设备返回给主机数据并等待下一条指令、以及设备同主机断开连接部分。设备被带有MMC/SDIO接口的主机识别,通过内置于MCU内部的寄存器的信息,建立主机和设备的连接,并申明为确定的MMC/SDIO的通信类型以用来进行后续的通信,通信部分完全遵守MMC/SDIO的通信协议。The firmware program part includes: the identification part of the device, the device waiting for and receiving data from the host, the device parsing and processing the data, the device returning data to the host and waiting for the next instruction, and the part of disconnecting the device from the host. The device is recognized by the host with MMC/SDIO interface, establishes the connection between the host and the device through the information of the registers built into the MCU, and declares it as a certain MMC/SDIO communication type for subsequent communication, the communication part Comply with MMC/SDIO communication protocol completely.

上述程序中,设备和主机的通信部分为核心部分,下面结合图1对设备和主机的通信过程做详细的说明。In the above program, the communication part between the device and the host is the core part, and the communication process between the device and the host will be described in detail below in conjunction with Figure 1 .

首先,经过步骤101主机对设备完成了初始,再由步骤102主机对设备的产品厂商标识进行验证,如果正确,设备执行步骤103,否则转到110将设备断开和主机的连接。步骤103中进行验证用户口令,若正确,设备等待来自应用的命令以执行步骤104,否则也转到步骤110,设备执行步骤104接收到命令之后,解析命令并根据不同的应用要求进行步骤105进行数据加解密,或者步骤106用预置代码运算数据的操作。数据处理结束之后将数据返回进入步骤107,等待来自应用的命令,如果应用不再有响应,则进入步骤110,断开和主机的连接,否则,如果还有新的命令,则转到步骤108,经判断如果通信结束,则执行步骤109使设备断开与主机的连接,否则转到步骤104继续等待接受命令。First, after step 101, the host completes the initialization of the device, and then in step 102, the host verifies the product manufacturer ID of the device. If it is correct, the device executes step 103; otherwise, it goes to step 110 to disconnect the device from the host. Verify the user password in step 103. If it is correct, the device waits for the command from the application to execute step 104, otherwise it also goes to step 110. After receiving the command, the device executes step 104, parses the command and proceeds to step 105 according to different application requirements Data encryption and decryption, or step 106 uses preset codes to perform operations on data. After the data processing is completed, return the data to step 107, wait for the command from the application, if the application no longer responds, then enter step 110, disconnect the connection with the host, otherwise, if there are new commands, then go to step 108 , if it is judged that the communication is over, then execute step 109 to disconnect the device from the host, otherwise go to step 104 and continue to wait for the command to be accepted.

以下对利用预置代码运算数据即实现步骤106的功能进行进一步描述。The function of implementing step 106 by using preset codes to calculate data will be further described below.

设备作为提供软件加密的装置。可以用于保存用户软件的部分片断,保证这部分片断的安全,而不被读出,并使之在设备内部运行并与外部软件交互,依次来控制软件保证其合法运行。该设备与外部程序交互频繁,计算速度和通信速度是重要的速度性能指标。The appliance acts as a device that provides software encryption. It can be used to save some fragments of user software to ensure the safety of these fragments without being read out, and make them run inside the device and interact with external software, and in turn control the software to ensure its legal operation. The device interacts frequently with external programs, and computing speed and communication speed are important speed performance indicators.

根据该实施例的功能,可实现如下的软件保护功能:According to the function of this embodiment, the following software protection functions can be realized:

1.获得设备信息,这个信息指本装置的信息。这些信息存储在内部存储器内,提供给用户记忆和识别自己的设备的功能。如步骤102。1. Obtain equipment information, this information refers to the information of this device. This information is stored in the internal memory, providing users with the ability to remember and identify their own devices. Such as step 102.

2.格式化,用户可以对本装置进行格式化,经过格式化后使所有的设置和数据恢复到出厂状态。2. Formatting, the user can format the device, and after formatting, all settings and data will be restored to the factory state.

3.写文件,这类文件包括用户的代码片断,或者该片断运行时所需要的数据。3. Write a file, this type of file includes the user's code fragment, or the data required for the fragment to run.

4.读文件,这类文件可以是代码片断运行时的数据文件但不是该代码片断本身。4. Read the file, this type of file can be the data file when the code segment is running but not the code segment itself.

5.运行文件,这类文件就是指用户写入的代码片断,让这些代码片断在本设备内运行并保证其运行的一切数据和内存信息保留在设备以内而只返回结果。5. Running files, this kind of files refer to the code fragments written by the user, let these code fragments run in the device and ensure that all the data and memory information of their operation are kept in the device and only return the result.

6.加解密,提供给用户在硬件内部进行对用户数据RSA、DES、3DES等加解密,并将加解密结果返回给用户。6. Encryption and decryption, providing users with encryption and decryption of user data RSA, DES, 3DES, etc. inside the hardware, and returning the encryption and decryption results to the user.

预置代码中还包括软件保护应用接口函数,所述软件保护应用接口函数是软件保护设备和第3方应用之间的接口级,这个应用接口函数主要由开发商使用,主要提供如下功能:The preset code also includes a software protection application interface function. The software protection application interface function is an interface level between the software protection device and a third-party application. This application interface function is mainly used by developers and mainly provides the following functions:

1.打开设备打开该设备的句柄,建立与该设备的通讯通道。1. Open the device Open the handle of the device and establish a communication channel with the device.

2.关闭设备在设备准备不再使用的时候,将该设备的句柄和设备状态信息清除。2. Close the device When the device is ready to be no longer used, clear the handle and device status information of the device.

3.发送命令这个是本软件保护产品的核心部分,实现对本装置的所有设置工作,即所有软件保护功能的实现。3. Send command This is the core part of this software protection product, which realizes all the settings of the device, that is, the realization of all software protection functions.

软件保护设备的主要作用是保护程序部分不会出现在主机的内存中,这样带来的好处是:The main function of the software protection device is to protect the program part from appearing in the memory of the host computer. The benefits brought by this are:

1.防止程序的非法拷贝,主机上的程序离开软件保护键就是不完整的,软件的分发必须有软件保护键的存在。1. To prevent illegal copying of the program, the program on the host is incomplete without the software protection key, and the software distribution must have the existence of the software protection key.

2.防止程序被非法跟踪或调试,软件的重要部分的代码不会运行在主机中,所有的调试软件都无法得到该段程序的运行状态。2. To prevent the program from being illegally tracked or debugged, the code of an important part of the software will not run in the host, and all debugging software cannot obtain the running status of this segment of the program.

3.防止被转储,软件最易被破解的情况是其在运行的时候,传统的加壳保护的软件,经常被内存转储的情况下将代码还原回来。3. To prevent being dumped, the most vulnerable situation for software to be cracked is when it is running. Traditional packaged protection software often restores the code when it is dumped by memory.

4.防止反编译,无论反编译的技术有多高,都无法得到该实施例装置内部的代码片断,因此无法实现其软件本身的完整功能。4. Prevent decompilation, no matter how high the technology of decompilation is, the code fragments inside the device of this embodiment cannot be obtained, so the complete functions of the software itself cannot be realized.

本发明的第二种优选实施例,提供了一种用户身份识别设备及其通信方法。它主要负责保存用户敏感数据,如密码、数字证书等。The second preferred embodiment of the present invention provides a user identification device and a communication method thereof. It is mainly responsible for saving user sensitive data, such as passwords, digital certificates, etc.

身份识别设备的硬件部分如图3中所示,图中301为主机,302为身份识别设备,303为设置在所述身份识别设备中的MCU,所述MCU内部集成了CPU、MMC/SDIO接口芯片和RAM存储器,所述RAM中内置有算法。所述MCU中应该有足够的片内RAM空间,用于预置算法,包括RSA、DES、3DES、MD5算法等,或者可以由用户选择或下载算法,如果需要存储部分用户代码的话需要有够大的存储空间,可以是片内FLASH等。可以选用Intel xscale系列的芯片来实现,也可以使用STR710系列和STR720系列。The hardware part of the identity recognition device is as shown in Figure 3, 301 among the figure is a host, 302 is an identity recognition device, 303 is an MCU arranged in the identity recognition device, and the inside of the MCU integrates a CPU and an MMC/SDIO interface A chip and a RAM memory in which the algorithm is built. There should be enough on-chip RAM space in the MCU for preset algorithms, including RSA, DES, 3DES, MD5 algorithms, etc., or the algorithm can be selected or downloaded by the user. If you need to store part of the user code, it needs to be large enough The storage space can be on-chip FLASH, etc. It can be realized by using Intel xscale series chips, or STR710 series and STR720 series.

身份识别设备的固件程序部分可以结合智能卡技术和现代密码学技术,可以支持第三方算法下载,支持多级文件管理和访问。The firmware program part of the identification device can combine smart card technology and modern cryptography technology, can support third-party algorithm download, and support multi-level file management and access.

如流程图2所示。总体功能为:图2中步骤201为主机对身份识别设备完成了初始化,步骤202中由身份识别设备获得用户输入的口令A,步骤203中身份识别设备从密码存储区中读出口令并经过特定的处理得到B,步骤204中将A和B进行比较,不同则身份认证失败,转到步骤211,身份识别设备断开同主机的连接,相同则由身份识别设备分配一定的权限给用户,所述该权限同用户的密码等级相关联,用户可以进行授权身份允许范围内的应用端操作,即身份识别设备接收来自应用的命令如步骤205,对命令进行解析处理如步骤206数据加密处理和步骤207用预置代码运算数据,然后返回给应用,然后执行步骤208继续等待来自应用的命令。在应用没有合法响应的情况下转到步骤211断开设备与主机的连接,否则接收应用层的命令,如果通过步骤208判断指示通信结束,则到步骤210断开连接正常结束本次通信过程,否则转到步骤205继续执行。步骤202、步骤203、步骤204三个模块也可以直接从身份识别设备中读取密码,由主机端判定密码是否正确。As shown in flow chart 2. The overall function is as follows: in step 201 in Figure 2, the host completes the initialization of the identity recognition device; in step 202, the identity recognition device obtains the password A entered by the user; in step 203, the identity recognition device reads the password from the password storage area and passes a specific If B is obtained through processing, A and B are compared in step 204. If they are different, the identity authentication fails. Go to step 211. The identity recognition device disconnects the connection with the host. If they are the same, the identity recognition device assigns a certain authority to the user, so The authority is associated with the user's password level, and the user can perform application-side operations within the scope of the authorized identity, that is, the identity recognition device receives commands from the application as in step 205, and parses the commands as in step 206. Data encryption processing and steps 207 calculates the data with preset codes, then returns to the application, and then executes step 208 to continue waiting for commands from the application. If there is no legal response from the application, go to step 211 to disconnect the device from the host, otherwise receive the command from the application layer, if it is judged through step 208 that the communication ends, then go to step 210 to disconnect and end the communication process normally. Otherwise, go to step 205 and continue to execute. The three modules of step 202, step 203, and step 204 can also directly read the password from the identification device, and the host side determines whether the password is correct.

本实施例可实现如下功能包括:This embodiment can realize the following functions including:

1.控制访问网络:通过身份识别设备中含有的ID信息和用户验证信息,用于登陆网络。1. Control access to the network: use the ID information and user verification information contained in the identification device to log in to the network.

2.用于验证和鉴别文件的发送者身份的数字签名或证明,并防止被中途篡改。2. The digital signature or certificate used to verify and authenticate the identity of the sender of the file, and prevent it from being tampered with in the middle.

3.储密码信息,储存用户密码信息,防止用户手动输入密码时带来的风险。3. Store password information, store user password information, and prevent risks caused by users manually entering passwords.

4.远程登陆,银行的网站可以利用签名信息来识别用户得合法性。4. Remote login, the bank's website can use the signature information to identify the legitimacy of the user.

5.控制文件的访问,可以在一些文件中加入访问控制信息,可以防止在身份识别设备的情况下非法访问或运行。5. To control the access of files, access control information can be added to some files, which can prevent illegal access or operation in the case of identification equipment.

6.控制登陆到特定的应用系统,开发商可以将此功能用于自己的产品,该产品可以利用本实施例装置来进行登陆。6. Control login to a specific application system. Developers can use this function for their own products, and this product can use the device of this embodiment to log in.

上述3中所述是指身份识别设备中包含的密码信息发送给主机用来识别持锁人信息。The above 3 means that the password information contained in the identification device is sent to the host to identify the lock holder information.

所述预置代码中还包括身份识别设备应用接口函数,身份识别设备应用接口函数是身份识别设备和第3方应用之间的接口级,这个应用接口函数主要由开发商使用,所述应用接口函数主要提供如下功能:The preset code also includes the identity recognition device application interface function, the identity recognition device application interface function is the interface level between the identity recognition device and the third party application, this application interface function is mainly used by developers, the application interface The function mainly provides the following functions:

1.打开设备  打开该设备的句柄,建立与该设备的通讯通道。1. Open the device Open the handle of the device and establish a communication channel with the device.

2.关闭设备  在设备准备不再使用的时候,将该设备的句柄和设备状态信息清除。2. Close the device When the device is no longer used, the handle and device status information of the device will be cleared.

3.发送命令  这个是身份识别设备的核心部分,实现对本装置的所有设置工作,即所有本身份识别设备的智能卡功能的实现。3. Send command This is the core part of the identification device, which realizes all the setting work of the device, that is, the realization of the smart card function of all the identification devices.

数字身份识别设备的主要作用是保护重要得到敏感数据永远都不会被读出键装置之外如主机的内存中,这样所带来的好处是:The main function of the digital identification device is to protect important and sensitive data from being read out of the key device such as the memory of the host. The benefits brought by this are:

1.用户可以不必记忆冗长的密码,安全的密码一定有字母和数字组成足够复杂的字符串,而且是时常更新的,用身份识别设备来存储密码信息可以免去用户的麻烦。1. Users do not need to memorize lengthy passwords. A secure password must have a sufficiently complex string of letters and numbers, and it must be updated frequently. Using an identification device to store password information can save users trouble.

2.提供双因子认证的保险措施,即使用户的密码或数字身份识别设备的一方丢失,都不会给用户带来风险。2. Provide two-factor authentication insurance measures, even if the user's password or one of the digital identification devices is lost, it will not bring risks to the user.

3.密匙不可导出,保证了用户密钥的安全。3. The key cannot be exported, which ensures the security of the user key.

4.算法内置。4. Built-in algorithm.

本发明的第三种实施例,提供另一种身份识别设备,如图4中所示,所述身份识别设备402中设置有MMC/SDIO接口芯片403,和与之相连的集成了CPU和存储器的MCU404,由所MMC/SDIO接口芯片与主机401相连,主要用于完成对MMC/SDIO接口协议的翻译,使得MCU部分404的实现可以更简单,接口芯片403可以选择ARASAN的AC21C00 SDIO Controller再配以普通MCU来实现。The third embodiment of the present invention provides another identity recognition device, as shown in Figure 4, the identity recognition device 402 is provided with an MMC/SDIO interface chip 403, and integrated CPU and memory connected thereto The MCU404 is connected with the host 401 by the MMC/SDIO interface chip, which is mainly used to complete the translation of the MMC/SDIO interface protocol, so that the realization of the MCU part 404 can be simpler, and the interface chip 403 can be configured with the AC21C00 SDIO Controller of ARASAN Realized by common MCU.

本实施例中的主机与设备的通信与实施例2完全相同,并实现与The communication between the host computer and the device in this embodiment is exactly the same as that in Embodiment 2, and realizes the same

实施例2相同的功能。Embodiment 2 has the same function.

以上对本发明所提供的一种实现软件版权保护和信息安全的基于MMC/SDIO接口的数据通信方法进行了详细介绍。本文中应用了具体个例对本发明的原理及实施方式进行了阐述。以上实施例的说明只是用于帮助理解本发明的方法及其实现思想;同时,对于本领域的一般技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有改变之处。综上所述,本说明书内容不应理解为对本发明的限制。A data communication method based on the MMC/SDIO interface that realizes software copyright protection and information security provided by the present invention has been introduced in detail above. In this paper, specific examples are used to illustrate the principle and implementation of the present invention. The descriptions of the above embodiments are only used to help understand the method of the present invention and its realization ideas; at the same time, for those of ordinary skill in the art, according to the ideas of the present invention, there will be changes in the specific implementation and application scope. In summary, the contents of this specification should not be construed as limiting the present invention.

Claims (10)

1.一种基于MMC/SDIO接口的信息安全设备,其特征在于:包括1. An information security device based on an MMC/SDIO interface, characterized in that: comprising CPU:用于运行固件程序和用户程序,CPU: used to run firmware programs and user programs, MMC/SDIO接口芯片:用于设备与主机进行通讯,MMC/SDIO interface chip: used for communication between the device and the host, 存储器:用于存储设备固件程序和用户数据以及状态信息,Memory: used to store device firmware programs and user data and status information, 所述CPU分别与所述MMC/SDIO接口芯片和存储器相连。The CPU is connected to the MMC/SDIO interface chip and memory respectively. 2.根据权利要求1所述的基于MMC/SDIO接口的信息安全设备,其特征在于:包括一个集成MCU芯片,所述集成MCU芯片集成了包括所述CPU、MMC/SDIO接口芯片和存储器。2. The information security device based on the MMC/SDIO interface according to claim 1, characterized in that: it includes an integrated MCU chip, and the integrated MCU chip integrates the CPU, MMC/SDIO interface chip and memory. 3、根据权利要求1所述的基于MMC/SDIO接口的信息安全设备,其特征在于:包括一个集成MCU芯片,所述集成MCU芯片包括集成的所述CPU和存储器。3. The MMC/SDIO interface-based information security device according to claim 1, characterized in that it includes an integrated MCU chip, and the integrated MCU chip includes the integrated CPU and memory. 4、根据权利要求2或3所述的基于MMC/SDIO接口的信息安全设备,其特征在于:所述MCU芯片为安全设计的芯片,包括智能卡芯片。4. The MMC/SDIO interface-based information security device according to claim 2 or 3, characterized in that: the MCU chip is a security-designed chip, including a smart card chip. 5、根据权利要求1或2或3所述的基于MMC/SDIO接口的信息安全设备,其特征在于:所述CPU为单片机,所述存储器包括RAM、ROM、EPROM、EEPROM、FLASH。5. The information security device based on MMC/SDIO interface according to claim 1, 2 or 3, characterized in that: the CPU is a single-chip microcomputer, and the memory includes RAM, ROM, EPROM, EEPROM, and FLASH. 6、一种采用基于MMC/SDIO接口的信息安全设备进行数据通信的方法,其特征在于:数据传输过程包括如下步骤:6. A method for data communication using an information security device based on an MMC/SDIO interface, characterized in that: the data transmission process includes the following steps: 1)主机识别到设备,并对设备进行初始化;1) The host recognizes the device and initializes the device; 2)主机向设备发送命令;2) The host sends commands to the device; 3)设备对命令的解析和处理;3) The device parses and processes commands; 4)设备向主机返回结果。4) The device returns the result to the host. 7、根据权利要求6所述的数据通信的方法,其特征在于:主机将指令通过MMC/SDIO接口按照接口协议的要求将数据发送给设备。7. The data communication method according to claim 6, characterized in that: the host sends instructions to the device through the MMC/SDIO interface in accordance with the requirements of the interface protocol. 8、根据权利要求6或7所述的数据通信的方法,其特征在于:所述步骤3)中所述设备对命令的解析和处理,包括如下过程:8. The data communication method according to claim 6 or 7, characterized in that: the parsing and processing of the command by the device in the step 3) includes the following process: A)设备接收来自MMC/SDIO接口的数据;A) The device receives data from the MMC/SDIO interface; B)设备根据接收的数据执行相应操作。B) The device performs corresponding operations according to the received data. 9、根据权利要求8所述的数据通信的方法,其特征在于:所述步骤B)中,在执行相应操作的过程中,所述操作包括数据的安全存储、访问控制、数据的处理过程。9. The data communication method according to claim 8, characterized in that: in the step B), during the execution of corresponding operations, the operations include safe storage of data, access control, and data processing. 10、根据权利要求9所述的数据通信的方法,其特征在于:所述数据处理过程中,对于数据的运算处理包括自定义处理过程和标准的处理过程,标准处理过程包括:RSA、DES、3DES、MD5、SHA-1、SSF33、AES、椭圆曲线算法。10. The data communication method according to claim 9, characterized in that: in the data processing process, the calculation and processing of data includes self-defined processing process and standard processing process, and the standard processing process includes: RSA, DES, 3DES, MD5, SHA-1, SSF33, AES, elliptic curve algorithm.
CNB200510082685XA 2005-07-08 2005-07-08 Information safety appliance based on MMC / SDIO interface and communication method Expired - Fee Related CN100334520C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB200510082685XA CN100334520C (en) 2005-07-08 2005-07-08 Information safety appliance based on MMC / SDIO interface and communication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB200510082685XA CN100334520C (en) 2005-07-08 2005-07-08 Information safety appliance based on MMC / SDIO interface and communication method

Publications (2)

Publication Number Publication Date
CN1696865A true CN1696865A (en) 2005-11-16
CN100334520C CN100334520C (en) 2007-08-29

Family

ID=35349613

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB200510082685XA Expired - Fee Related CN100334520C (en) 2005-07-08 2005-07-08 Information safety appliance based on MMC / SDIO interface and communication method

Country Status (1)

Country Link
CN (1) CN100334520C (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107608928A (en) * 2017-09-14 2018-01-19 记忆科技(深圳)有限公司 A kind of device of configurable parsing SDIO data flows

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004192452A (en) * 2002-12-12 2004-07-08 Matsushita Electric Ind Co Ltd Memory card
US7197583B2 (en) * 2003-01-21 2007-03-27 Zentek Technology Japan, Inc. SDIO controller
CN1332289C (en) * 2004-06-14 2007-08-15 张毅 Multimedia memory card

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107608928A (en) * 2017-09-14 2018-01-19 记忆科技(深圳)有限公司 A kind of device of configurable parsing SDIO data flows
CN107608928B (en) * 2017-09-14 2020-10-16 记忆科技(深圳)有限公司 Configurable device for analyzing SDIO data stream

Also Published As

Publication number Publication date
CN100334520C (en) 2007-08-29

Similar Documents

Publication Publication Date Title
US9015848B2 (en) Method for virtualizing a personal working environment and device for the same
CN101266590B (en) Method and system for dynamically switching device configuration
US8122172B2 (en) Portable information security device
US7447895B2 (en) BIOS locking device, computer system with a BIOS locking device and control method thereof
CN101794362A (en) Trusted computation trust root device for computer and computer
US20080288782A1 (en) Method and Apparatus of Providing Security to an External Attachment Device
CN102254119B (en) Safe mobile data storage method based on fingerprint U disk and virtual machine
KR20110128248A (en) Method and apparatus for secure scanning from remote server to data storage device
CN1288527C (en) Computer security control module and safeguard control method thereof
CN1702593A (en) Safety chip
CN1377481A (en) Removable active, personal storage device, system and method
CN101018131B (en) An information security device with a function selection device and its control method
CN102768851A (en) Data storage device authentication apparatus and data storage device including connector
CN201820230U (en) Trusted Computing Trust Root Devices and Computers for Computers
CN1822013A (en) Fingerprint biometric identification engine system and identification method based on trusted platform module
CN100481107C (en) An identity control method based on credibility platform module and fingerprint identifying
CN1713101A (en) Computer power-on identity authentication system and authentication method
CN114153280B (en) Computer main board
US7890723B2 (en) Method for code execution
CN1624667A (en) Memory storage device with fingerprint sensor and method for protecting stored data
CN1900939A (en) Fingerprint biometric identification device and identification method for secure computer
CN1632709A (en) A computer system to ensure information security
CN1700135A (en) Virus-preventing method of network computer without local operating system
CN102223227B (en) Safe and intelligent code memory chip and automatic communication file reestablishing method thereof
CN1696865A (en) Information security equipment and communication method based on MMC/SDIO interface

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C56 Change in the name or address of the patentee

Owner name: FEITIAN TECHNOLOGIES CO., LTD.

Free format text: FORMER NAME: BEIJING FEITIAN CHENGXIN TECHNOLOGY CO., LTD.

CP03 Change of name, title or address

Address after: 100085 Beijing city Haidian District Xueqing Road No. 9 Ebizal building B block 17 layer

Patentee after: Feitian Technologies Co.,Ltd.

Address before: 100083, Haidian District, Xueyuan Road, Beijing No. 40 research, 7A building, 5 floor

Patentee before: FEITIAN TECHNOLOGIES Co.,Ltd.

CP03 Change of name, title or address

Address after: 17th floor, building B, Huizhi building, No.9, Xueqing Road, Haidian District, Beijing 100085

Patentee after: Feitian Technologies Co.,Ltd.

Country or region after: China

Address before: 100085 17th floor, block B, Huizhi building, No.9 Xueqing Road, Haidian District, Beijing

Patentee before: Feitian Technologies Co.,Ltd.

Country or region before: China

CP03 Change of name, title or address
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20070829

CF01 Termination of patent right due to non-payment of annual fee