[go: up one dir, main page]

WO2016033819A1 - Computer - Google Patents

Computer Download PDF

Info

Publication number
WO2016033819A1
WO2016033819A1 PCT/CN2014/086391 CN2014086391W WO2016033819A1 WO 2016033819 A1 WO2016033819 A1 WO 2016033819A1 CN 2014086391 W CN2014086391 W CN 2014086391W WO 2016033819 A1 WO2016033819 A1 WO 2016033819A1
Authority
WO
WIPO (PCT)
Prior art keywords
manual switch
write enable
read enable
switch
memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2014/086391
Other languages
French (fr)
Chinese (zh)
Inventor
林于翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Tongsheng Green Technology Co Ltd
Original Assignee
Shenzhen Tongsheng Green Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Tongsheng Green Technology Co Ltd filed Critical Shenzhen Tongsheng Green Technology Co Ltd
Publication of WO2016033819A1 publication Critical patent/WO2016033819A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode

Definitions

  • the present invention relates to the field of computers, and in particular to a computer.
  • the technical problem to be solved by the present invention is to provide a computer capable of further improving the security of data storage.
  • the present invention provides a computer, comprising: a processor, comprising: a first read enable end for issuing a read enable signal under the control of the processor; the first write enable end, a write enable signal is issued under the control of the processor; the memory is provided with: a second read enable end connected to the first read enable end for receiving the read enable signal; the second write enable end, and the a write enable connection for receiving a write enable signal; a first manual switch disposed between the first read enable end and the second read enable end, the first manual switch being manually controlled to cause the first read enable The second end switch is connected between the first write enable end and the second write enable end, and the second manual switch is manually controlled to make the first a write enable end and a second write enable end are connected or disconnected; a switch operation authorization module, the switch operation authorization module is configured to perform identity authentication on at least one user of the first manual switch and the second manual switch When the identity authentication is passed at the same time, the switch operation authorization module is opened to the first manual opening. And operating
  • the first manual switch is manually controlled to connect the first read enable end and the second read enable end, and the processor issues a read enable signal through the first read enable end, so that the second read enable end Upon receiving the read enable signal, the processor reads data from the memory through the plurality of first data transmission terminals and the plurality of second data transmission terminals.
  • the second manual switch is manually controlled to connect the first write enable end and the second write enable end, and the processor issues a write enable signal through the first write enable end, so that the second write enable
  • the processor writes data to the memory through the plurality of first data transmission ends and the plurality of second data transmission ends.
  • the first manual switch and the second manual switch are at least one of a wire switch, a knife switch and a push button switch.
  • the switch operation authorization module includes an electronic code lock and a box body, the electronic code lock is used to lock the box body, the first manual switch and the second manual switch are disposed in the box body, and the electronic code lock collects at least one user-provided identity information.
  • the identity authentication is passed, and the electronic password lock unlocks the box.
  • the identity authentication does not pass, and the electronic password lock remains locked to the cabinet.
  • the identity information includes at least one or a combination of user information and a password.
  • the password is at least one of a password, a fingerprint, a retina, and an iris.
  • the present invention provides a computer, comprising: a processor, comprising: a first read enable end for issuing a read enable signal under the control of the processor; the first write enable end, a write enable signal is issued under the control of the processor; the memory is provided with: a second read enable end connected to the first read enable end for receiving the read enable signal; the second write enable end, and the a write enable connection for receiving a write enable signal; a first manual switch disposed between the first read enable end and the second read enable end, the first manual switch being manually controlled to cause the first read enable The second end switch is connected between the first write enable end and the second write enable end, and the second manual switch is manually controlled to make the first a write enable end and a second write enable end are connected or disconnected; a switch operation authorization module, the switch operation authorization module is configured to perform identity authentication on at least one user of the first manual switch and the second manual switch When the identity authentication is passed at the same time, the switch operation authorization module is opened to the first manual opening. And
  • the processor further includes a plurality of first data transmission ends, and the memory further includes a plurality of second data transmission ends respectively connected to the first data transmission end.
  • the first manual switch is manually controlled to connect the first read enable end and the second read enable end, and the processor issues a read enable signal through the first read enable end, so that the second read enable end Upon receiving the read enable signal, the processor reads data from the memory through the plurality of first data transmission terminals and the plurality of second data transmission terminals.
  • the second manual switch is manually controlled to connect the first write enable end and the second write enable end, and the processor issues a write enable signal through the first write enable end, so that the second write enable
  • the processor writes data to the memory through the plurality of first data transmission ends and the plurality of second data transmission ends.
  • the memory is set to be accessible by Internet users.
  • the first manual switch and the second manual switch are at least one of a wire switch, a knife switch and a push button switch.
  • the switch operation authorization module includes an electronic code lock and a box body, the electronic code lock is used to lock the box body, the first manual switch and the second manual switch are disposed in the box body, and the electronic code lock collects at least one user-provided identity information.
  • the identity authentication is passed, and the electronic password lock unlocks the box.
  • the identity authentication does not pass, and the electronic password lock remains locked to the cabinet.
  • the identity information includes at least one or a combination of user information and a password.
  • the password is at least one of a password, a fingerprint, a retina, and an iris.
  • the invention has the beneficial effects that: by providing a first read enable end through the processor for issuing a read enable signal under the control of the processor; the first write enable end is used to be issued under the control of the processor Writing an enable signal; the memory is provided with a second read enable terminal coupled to the first read enable terminal for receiving the read enable signal; and a second write enable terminal coupled to the first write enable terminal for receiving the write
  • the first manual switch is disposed between the first read enable end and the second read enable end, and the first manual switch is manually controlled to connect the first read enable end and the second read enable end.
  • the second manual switch is disposed between the first write enable end and the second write enable end, and the second manual switch is manually controlled to enable the first write enable end and the second write enable end Connecting or disconnecting;
  • the switch operation authorization module is configured to perform identity authentication on at least one user of the first manual switch and the second manual switch, and when the identity authentication is simultaneously passed, the switch operation authorization module is opened to the first manual switch Operation permission to disconnect or connect with the second manual switch, Further improve the security of data storage.
  • FIG. 1 is a schematic structural view of a computer according to a first embodiment of the present invention
  • FIG. 2 is a schematic structural diagram of a computer according to a second embodiment of the present invention.
  • Figure 3 is a block diagram showing the structure of a computer according to a third embodiment of the present invention.
  • FIG. 4 is a flow chart showing a network intrusion detection method of a computer according to a first embodiment of the present invention.
  • FIG. 1 is a schematic structural diagram of a computer according to a first embodiment of the present invention.
  • the computer 10 includes a memory 11, a first manual switch 12, a second manual switch 13, and a processor 14.
  • the processor 14 is provided with a first read enable terminal 141 and a first write enable terminal 142.
  • the first read enable terminal 141 is configured to issue a read enable signal under the control of the processor 14, and the first write enable terminal 142 is configured to issue a write enable signal under the control of the processor 14.
  • the memory 11 is provided with a second read enable terminal 111 and a second write enable terminal 112.
  • the second read enable terminal 111 is coupled to the first read enable terminal 141 for receiving a read enable signal
  • the second write enable terminal 112 is coupled to the first write enable terminal 142 for receiving a write enable signal.
  • the first manual switch 12 is disposed between the first read enable end 141 and the second read enable end 111.
  • the first manual switch 12 is manually controlled to enable the first read enable end 141 and the second read enable end 111.
  • the second manual switch 13 is disposed between the first write enable terminal 142 and the second write enable terminal 112.
  • the second manual switch 13 is manually controlled to enable the first write enable terminal 142 and the second write enable terminal. Connect or disconnect between 112.
  • the processor 14 further includes a plurality of first data transmission terminals 143
  • the memory 11 further includes a plurality of second data transmission terminals 113 connected to the first data transmission terminals 143, respectively.
  • the computer 10 may further include a second memory (not shown) identical to the memory 11, and the second memory is a backup memory of the memory 11 for backing up data of the memory.
  • a manual switch is provided between the read enable end of the second memory and the read enable end of the processor 14 and between the write enable end of the second memory and the write enable end of the processor 14 for connection.
  • the data data transmission end of the second memory is also directly connected to the data transmission end of the processor for data transmission.
  • the memory 11 is set to be accessible by Internet users, while the second memory is set to be inaccessible to Internet users.
  • the computer 10 can automatically switch to the second memory directly for normal reading and writing of data.
  • the first manual switch 12 is manually controlled to connect the first read enable terminal 141 and the second read enable terminal 111, and the processor 14 issues a read enable by the first read enable terminal 141.
  • the energy signal is such that when the second read enable terminal 111 receives the read enable signal, the processor 14 reads data from the memory 11 through the plurality of first data transfer terminals 143 and the plurality of second data transfer terminals 113.
  • the second manual switch 13 is manually controlled to connect the first write enable terminal 142 and the second write enable terminal 112, and the processor 14 issues a write enable signal through the first write enable terminal 142, so that the second When the write enable terminal 112 receives the write enable signal, the processor 14 writes data to the memory 11 through the plurality of first data transfer terminals 143 and the plurality of second data transfer terminals 113.
  • the first manual switch 12 and the second manual switch 13 are at least one of a wire switch, a knife switch, or a push button switch. In the embodiment of the present invention, by manually operating the first manual switch 12 and the second manual switch 13 to separately control the read and write operations of the processor 14 on the memory 11, the data in the memory 11 can be effectively prevented from being illegally modified, and the data is guaranteed. Storage security.
  • Figure 2 is a block diagram showing the structure of a computer in accordance with a second embodiment of the present invention.
  • the computer 20 includes: a memory 21, a first manual switch 22, a second manual switch 23, a processor 24 and the switch operation authorization module 25.
  • the processor 24 is provided with a first read enable terminal 241 and a first write enable terminal 242.
  • the first read enable terminal 241 is configured to issue a read enable signal under the control of the processor 24, and the first write enable terminal 242 is configured to issue a write enable signal under the control of the processor 24.
  • the memory 21 is provided with a second read enable terminal 211 and a second write enable terminal 212.
  • the second read enable terminal 211 is coupled to the first read enable terminal 241 for receiving a read enable signal.
  • the second write enable terminal 212 is coupled to the first write enable terminal 412 for receiving a write enable signal.
  • the first manual switch 22 is disposed between the first read enable terminal 241 and the second read enable terminal 211.
  • the first manual switch 22 is manually controlled to enable the first read enable terminal 241 and the second read enable terminal 211.
  • the second manual switch 23 is disposed between the first write enable terminal 242 and the second write enable terminal 212.
  • the second manual switch 23 is manually controlled to cause the first write enable terminal 242 and the second write enable terminal. Connect or disconnect between 212.
  • the switch operation authorization module 25 is configured to perform identity authentication on at least one user of the first manual switch 22 and the second manual switch 23. When the identity authentication is passed, the switch operation authorization module 25 is opened to the first manual switch 22 and the first The second manual switch 23 performs the operation authority of disconnecting or connecting.
  • the computer 20 may further include a second memory (not shown) identical to the memory 21, and the second memory is a backup memory of the memory 21 for backing up data of the memory.
  • a manual switch is provided between the read enable end of the second memory and the read enable end of the processor 24 and between the write enable end of the second memory and the write enable end of the processor 24, respectively.
  • the data data transmission end of the second memory is also directly connected to the data transmission end of the processor for data transmission.
  • the memory 21 is set to be accessible by an Internet user, and the second memory is set to be inaccessible to Internet users.
  • the computer 20 can automatically switch to the second memory to perform normal reading and writing of data.
  • the switch operation authorization module 25 is also required to be respectively disposed on the read enable end of the second memory. Authenticating at least one user with a manual switch between the read enable end of the processor 24 and the write enable end of the second memory and the write enable end of the processor 24, and when the identity authentication is passed, The switch operation authorization module 25 opens the operation authority for disconnecting or connecting the two manual switches.
  • the processor 24 further includes a plurality of first data transmission ends 243, and the memory 24 further includes a plurality of second data transmission ends 213 respectively connected to the first data transmission end 243.
  • the first manual switch 22 is manually controlled to connect the first read enable terminal 241 and the second read enable terminal 211, and the processor 24 issues a read enable signal through the first read enable terminal 241, so that the second read
  • the processor 24 reads data from the memory 24 through the plurality of first data transfer terminals 243 and the plurality of second data transfer terminals 313.
  • the second manual switch 23 is manually controlled to connect the first write enable terminal 242 and the second write enable terminal 212, and the processor 24 issues a write enable signal through the first write enable terminal 242, so that the second When the write enable terminal 212 receives the write enable signal, the processor 24 writes data to the memory 21 through the plurality of first data transfer terminals 243 and the plurality of second data transfer terminals 213.
  • the first manual switch 22 and the second manual switch 23 are at least one of a wire pull switch, a knife switch and a push button switch.
  • the switch operation authorization module 25 is authenticated by the switch operation authorization module 25, and when the identity authentication is passed, the switch operation authorization module 25 is opened to the first manual switch 22 and The operation permission of the second manual switch 23 to open or connect can further prevent the data of the memory 21 from being illegally modified, thereby further ensuring the security of data storage.
  • the switch operation authorization module 25 includes an electronic code lock 251 and a box 252.
  • the electronic code lock 251 is used to lock the box 252.
  • the first manual switch 22 and the second manual switch 23 are disposed in the box 252.
  • the electronic code lock 251 collects at least one user-provided identity information and performs identity authentication. When it is determined that the collected identity information is consistent with the pre-stored identity information, the identity authentication is passed, and the electronic password lock 251 unlocks the box 252, and when it is determined that the collected identity information is inconsistent with the pre-stored identity information, The identity authentication fails, and the electronic code lock 251 remains locked to the box 252.
  • the identity information includes at least one of user information or a password.
  • the identity information may include only user information or a password, and may also include user information and a password corresponding to the user information.
  • User information can be obtained by swiping a smart card.
  • the user information may be the number of the smart card, the user's job number or other identity information related to the user's personal.
  • the password is at least one of a password, a fingerprint, a retina, and an iris.
  • the electronic password lock 251 first collects the user information provided by the user and performs authentication, and collects the password corresponding to the user information and authenticates after the user information is authenticated. If the electronic code lock 251 passes the user information and the corresponding password authentication, the electronic code lock 251 unlocks the box 252.
  • the electronic password lock 251 can collect identity information provided by a user and perform identity authentication. When the electronic password lock 251 completes identity authentication and the identity authentication passes, the identity information provided for the first user is completed. Verification. If the verification of the operation of the memory 21 only requires the identity information provided by a single user to complete the verification, if the smart card is lost by someone else and/or the password is known by others, it is easy for others to operate the first manual switch 22 and the Two manual switches 23 to make the processor 24 performs a read or write operation on the memory 21, which makes the security performance low; and it is easy to verify the user information and/or password of a single user to make the client performing the authentication arbitrarily.
  • the switch operation authorization module 25 can also verify the identity information provided by two or more users. Specifically, the identity information provided by the different users is verified at least three times, and the electronic password lock 251 collects the identity information provided by the second user and performs verification, and obtains a first when the identity information provided by the second user is verified correctly. The identity information provided by the three users is verified. Therefore, at least the identity information provided by two different users needs to be verified and verified to be correct before the first manual switch 22 and the second manual switch 23 are operated.
  • the order of the identity information provided by the three users may be limited, that is, the identity information provided by the user must be verified first, and then the identity information provided by the user is verified.
  • verify which user provides the identity information; or the order of the identity verification provided by the three users may be limited, that is, only the identity information provided by the three users needs to be verified, regardless of the three The order in which the user-provided identity information is verified.
  • more user-provided identity information may be verified, which is not limited herein.
  • the user who operates the first manual switch 22 and the second manual switch 23 may be one of the three users, or may be other users than the three users, and is not limited herein.
  • the switch operation authorization module 25 and the first manual switch 22 and the second manual switch 23 are independent components of the processor 24, independent of the processor.
  • the impact of 24 is also immune to external influences such as network viruses and Trojans.
  • At least one user of the first manual switch 22 and the second manual switch 23 is authenticated by the switch operation authorization module 25, and when the identity authentication is passed, the switch operation authorization module 25 is opened.
  • the operation authority of the first manual switch 22 and the second manual switch 23 to open or connect can further prevent the data of the memory 21 from being illegally modified, thereby further improving the security of data storage.
  • Figure 3 is a block diagram showing the structure of a computer in accordance with a third embodiment of the present invention.
  • the computer 30 includes: a memory 31, a first manual switch 32, a second manual switch 33, and a processor. 34.
  • the processor 34 is provided with a first read enable terminal 341 and a first write enable terminal 342.
  • the first read enable terminal 341 is for issuing a read enable signal under the control of the processor 34
  • the first write enable terminal 342 is configured to issue a write enable signal under the control of the processor 34.
  • the memory 31 is provided with a second read enable terminal 311 and a second write enable terminal 312.
  • the second read enable terminal 311 is connected to the first read enable terminal 341 for receiving the read enable signal
  • the second write enable terminal 312 is coupled to the first write enable terminal 342 for receiving the write enable signal.
  • the first manual switch 32 is disposed between the first read enable end 341 and the second read enable end 311.
  • the first manual switch 32 is configured to manually control the first read enable end 341 and the second read enable end 311.
  • the second manual switch 33 is disposed between the first write enable terminal 342 and the second write enable terminal 312, and the second manual switch 32 is manually controlled to cause the first write enable terminal 342 and the second write enable terminal. Connect or disconnect between 312.
  • the mirror memory 36 is a mirror image of the memory 31.
  • the mirror memory 36 includes a third read enable terminal 361 and a third write enable terminal 362.
  • the third read enable terminal 361 is directly connected to the first read enable terminal 341 for receiving the read enable signal
  • the third write enable terminal 362 is directly connected to the first write enable terminal 342 for receiving write enable. signal.
  • the switch operation authorization module 35 is configured to perform identity authentication on at least one user of the first manual switch 32 and the second manual switch 33. When the identity authentication is passed, the switch operation authorization module 35 is opened to the first manual switch 32 and the first The second manual switch 33 performs the operation permission to disconnect or connect.
  • the memory 31 is set to be accessible by an Internet user, and the mirror memory 36 is set to be inaccessible to Internet users.
  • the processor 34 further includes a plurality of first data transmission ends 343.
  • the memory 32 further includes a plurality of second data transmission ends 313 respectively connected to the first data transmission end 343.
  • the mirror memory 36 further includes a first data transmission end 343.
  • a plurality of third data transmission ends 363 are connected.
  • the first manual switch 32 is manually controlled to connect the first read enable terminal 341 and the second read enable terminal 311, and the processor 34 issues a read enable through the first read enable terminal 341.
  • the signal is such that when the second read enable terminal 311 and the third read enable terminal 361 receive the read enable signal, the processor 34 passes the plurality of first data transfer terminals 343 and the plurality of second data transfer terminals 313 from the memory 31.
  • the data is read, and data is read from the mirror memory 36 through the plurality of first data transfer terminals 343 and the plurality of third data transfer terminals 363.
  • the first manual switch 32 is manually controlled to disconnect the first read enable terminal 341 and the second read enable terminal 311, and the processor 34 issues a read enable signal through the first read enable terminal 341, so that only the third
  • the processor 34 reads data from the image memory 36 through the plurality of first data transfer terminals 341 and the plurality of third data transfer terminals 361.
  • the second manual switch 33 is manually controlled to connect the first write enable terminal 342 and the second write enable terminal 312, and the processor 34 issues a write enable signal through the first write enable terminal 342, so that the second write
  • the processor 34 writes data to the memory 31 through the plurality of first data transfer terminals 343 and the plurality of second data transfer terminals 313, and passes the data.
  • the plurality of first data transfer terminals 343 and the plurality of third data transfer terminals 363 write data to the mirror memory 36.
  • the second manual switch 33 is manually controlled to disconnect the first write enable terminal 342 and the second write enable terminal 312, and the processor 34 issues a write enable signal through the first write enable terminal 342, so that only the first
  • the processor 34 writes data to the mirror memory 36 through the plurality of first data transfer terminals 343 and the plurality of third data transfer terminals 363.
  • the second manual switch 33 is manually controlled to disconnect between the first write enable terminal 342 and the second write enable terminal 312.
  • the image memory 36 is The stored data is changed in accordance with the write enable signal issued by the processor 34, and the data stored in the memory 31 is not actually changed.
  • the computer 30 further includes a comparison module (not shown).
  • the comparison module compares the data in the memory 31 with the image memory 36. If the two are inconsistent, it is determined that the computer 30 is invaded by the network, thus preventing the memory 31 from being subjected to illegal network intrusion. .
  • the computer 30 may further include a second memory (not shown) identical to the memory 31, and the second memory is a backup memory of the memory 31 for backing up data of the memory.
  • a manual switch is provided between the read enable end of the second memory and the read enable end of the processor 34 and between the write enable end of the second memory and the write enable end of the processor 34, respectively.
  • the data data transmission end of the second memory is also directly connected to the data transmission end of the processor for data transmission.
  • the computer 30 can automatically switch to the second memory directly for normal reading and writing of data, and the mirror memory 36 is automatically switched to mirror the modeling memory.
  • the switch operation authorization module 35 is also required to be respectively disposed between the read enable end of the second memory and the read enable end of the processor 34 and the write enable end of the second memory and the write of the processor 34. At least one user of the manual switch between the energy terminals performs identity authentication, and when the identity authentication passes, the switch operation authorization module 35 opens the operation authority for disconnecting or connecting the two manual switches.
  • the manual switch is manually controlled to disconnect the write enable 342 of the second memory from the write enable 312 of the processor 34.
  • the data stored in the mirror memory 36 is changed in accordance with the write enable signal issued by the processor 34, and the data stored in the second memory is not actually changed.
  • the comparison module compares the data in the second memory with the image memory 36. If the two are inconsistent, it is determined that the computer 30 is invaded by the network. This also prevents the second memory from being subjected to illegal network intrusion.
  • the data in the memory 31 can also define a part of the data to be read and written by the manual control of the first manual switch 32 and the second manual switch 33. Specifically, the portion of the data in the memory 31 can be written or read by operating the first manual switch 32 or the second manual switch 33 only after the authentication of the authorization module 35 is operated by the switch and the authentication is passed. It can prevent illegal network intrusion.
  • the network intrusion detection method of the computer 30 includes:
  • Step S10 The setting memory 31 is set to be accessible by an Internet user, and the mirror memory 36 is set to be inaccessible to Internet users.
  • the specific structure of the computer 30 is shown in FIG. 3.
  • the mirror memory 36 is a mirror image of the memory 31.
  • Step S11 The second manual switch 33 is manually controlled to disconnect between the first write enable terminal 342 and the second write enable terminal 312; compare the data in the memory 31 with the image memory 36, if the two are inconsistent, Then, it is judged that the computer 30 is invaded by the network. If the two are consistent, it is judged that the computer 30 is not invaded by the network.
  • the present invention is provided with a first read enable terminal for issuing a read enable signal under the control of the processor; and a first write enable terminal for issuing a write enable signal under the control of the processor;
  • the second read enable end of the memory is connected to the first read enable end for receiving the read enable signal;
  • the second write enable end is connected to the first write enable end for receiving the write enable signal;
  • a manual switch is disposed between the first read enable end and the second read enable end, and the first manual switch is manually controlled to connect or disconnect between the first read enable end and the second read enable end;
  • the second manual switch is disposed between the first write enable end and the second write enable end, and the second manual switch is manually controlled to connect or disconnect the first write enable end and the second write enable end.
  • the switch operation authorization module is configured to perform identity authentication on at least one user of the first manual switch and the second manual switch, and when the identity authentication is simultaneously passed, the switch operation authorization module is opened to the first manual switch and the second manual
  • the operation permission of the switch to disconnect or connect can further improve the security of data storage. Sex.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed is a computer, comprising: a processor (24) provided with a first read enable end (241) and a first write enable end (242); a memory (21) provided with a second read enable end (211) and a second write enable end (212); a first manual switch (22) arranged between the first read enable end (241) and the second read enable end (211), the first manual switch (22) enabling the first read enable end (241) to be connected to or disconnected from the second read enable end (211) via manual control; a second manual switch (23) arranged between the first write enable end (242) and the second write enable end (212), the second manual switch (23) enabling the first write enable end (242) to be connected to or disconnected from the second write enable end (212) via manual control; a switch operation authorisation module (25) used for performing identity authentication on at least one user of the first manual switch (22) and the second manual switch (23), the switch operation authorisation module (25) releasing permission for performing disconnection or connection operations on the first manual switch (22) and the second manual switch (23) at the same time as identity authentication is passed. The described means further improve the security of data storage.

Description

计算机 Computer

【技术领域】[Technical Field]

本发明涉及计算机领域,特别是涉及一种计算机。The present invention relates to the field of computers, and in particular to a computer.

【背景技术】 【Background technique】

传统电路存储器件的写保护通常采用系统CPU的I/O口或者控制器的专用口进行写保护。这样一旦计算机感染木马病毒,很容易会感染到存储器,使存储器的信息被非法修改,更甚者可能导致计算机软件不能运行,系统瘫痪,造成严重后果。现有技术中,对操作存储器的用户不需要进行认证时,使得任何人都可以对存储器中存储的数据进行读写操作,安全性不高。 The write protection of traditional circuit storage devices is usually written and protected by the I/O port of the system CPU or the dedicated port of the controller. In this way, once the computer is infected with the Trojan virus, it is easy to infect the memory, so that the information of the memory is illegally modified, and even more so, the computer software cannot be run, and the system is paralyzed, causing serious consequences. In the prior art, when the user operating the memory does not need to perform authentication, any person can read and write the data stored in the memory, and the security is not high.

【发明内容】 [Summary of the Invention]

本发明解决的技术问题是,提供一种计算机,能够进一步提高数据存储的安全性。The technical problem to be solved by the present invention is to provide a computer capable of further improving the security of data storage.

为解决上述技术问题,本发明提供了一种计算机,包括:处理器,设有:第一读使能端,用于在处理器控制下发出读使能信号;第一写使能端,用于在处理器控制下发出写使能信号;存储器,设有:第二读使能端,与第一读使能端连接,用于接收读使能信号;第二写使能端,与第一写使能端连接,用于接收写使能信号;第一手动开关,设置在第一读使能端与第二读使能端之间,第一手动开关经人工控制使第一读使能端与第二读使能端之间连接或断开;第二手动开关,设置在第一写使能端与第二写使能端之间,第二手动开关经人工控制使第一写使能端与第二写使能端之间连接或断开;开关操作授权模组,开关操作授权模组用于对第一手动开关和第二手动开关的至少一个用户进行身份认证,在身份认证同时通过时,开关操作授权模组开放对第一手动开关和第二手动开关进行断开或连接的操作权限;其中,处理器还包括多个第一数据传输端,存储器还包括分别与第一数据传输端连接的多个第二数据传输端,存储器设置为可以被互联网用户访问。In order to solve the above technical problem, the present invention provides a computer, comprising: a processor, comprising: a first read enable end for issuing a read enable signal under the control of the processor; the first write enable end, a write enable signal is issued under the control of the processor; the memory is provided with: a second read enable end connected to the first read enable end for receiving the read enable signal; the second write enable end, and the a write enable connection for receiving a write enable signal; a first manual switch disposed between the first read enable end and the second read enable end, the first manual switch being manually controlled to cause the first read enable The second end switch is connected between the first write enable end and the second write enable end, and the second manual switch is manually controlled to make the first a write enable end and a second write enable end are connected or disconnected; a switch operation authorization module, the switch operation authorization module is configured to perform identity authentication on at least one user of the first manual switch and the second manual switch When the identity authentication is passed at the same time, the switch operation authorization module is opened to the first manual opening. And operating permission to disconnect or connect with the second manual switch; wherein the processor further includes a plurality of first data transmission ends, the memory further includes a plurality of second data transmission ends respectively connected to the first data transmission end, the memory Set to be accessible by Internet users.

其中,第一手动开关经人工控制令第一读使能端与第二读使能端之间连接,且处理器通过第一读使能端发出读使能信号,使得第二读使能端接收到读使能信号时,处理器通过多个第一数据传输端以及多个第二数据传输端从存储器读取数据。The first manual switch is manually controlled to connect the first read enable end and the second read enable end, and the processor issues a read enable signal through the first read enable end, so that the second read enable end Upon receiving the read enable signal, the processor reads data from the memory through the plurality of first data transmission terminals and the plurality of second data transmission terminals.

其中,第二手动开关经人工控制令第一写使能端与第二写使能端之间连接,且处理器通过第一写使能端发出写使能信号,使得第二写使能端接收到写使能信号时,处理器通过多个第一数据传输端以及多个第二数据传输端向存储器写入数据。The second manual switch is manually controlled to connect the first write enable end and the second write enable end, and the processor issues a write enable signal through the first write enable end, so that the second write enable When the terminal receives the write enable signal, the processor writes data to the memory through the plurality of first data transmission ends and the plurality of second data transmission ends.

其中,第一手动开关和第二手动开关为拉线开关,闸刀开关以及按钮开关中的至少一种。The first manual switch and the second manual switch are at least one of a wire switch, a knife switch and a push button switch.

其中,开关操作授权模组包括电子密码锁以及箱体,电子密码锁用于锁定箱体,第一手动开关和第二手动开关设置在箱体内,电子密码锁采集至少一个用户提供的身份信息,在判断到所采集到的身份信息与预先存储的身份信息一致时,身份认证通过,电子密码锁对箱体解除锁定,在判断到所采集到的身份信息与预先存储的身份信息不一致时,身份认证不通过,电子密码锁对箱体保持锁定。The switch operation authorization module includes an electronic code lock and a box body, the electronic code lock is used to lock the box body, the first manual switch and the second manual switch are disposed in the box body, and the electronic code lock collects at least one user-provided identity information. When it is determined that the collected identity information is consistent with the pre-stored identity information, the identity authentication is passed, and the electronic password lock unlocks the box. When it is determined that the collected identity information is inconsistent with the pre-stored identity information, The identity authentication does not pass, and the electronic password lock remains locked to the cabinet.

其中,身份信息包括用户信息、密码的至少一种或组合。The identity information includes at least one or a combination of user information and a password.

其中,密码为口令、指纹、视网膜、虹膜中的至少一个。The password is at least one of a password, a fingerprint, a retina, and an iris.

为解决上述技术问题,本发明提供了一种计算机,包括:处理器,设有:第一读使能端,用于在处理器控制下发出读使能信号;第一写使能端,用于在处理器控制下发出写使能信号;存储器,设有:第二读使能端,与第一读使能端连接,用于接收读使能信号;第二写使能端,与第一写使能端连接,用于接收写使能信号;第一手动开关,设置在第一读使能端与第二读使能端之间,第一手动开关经人工控制使第一读使能端与第二读使能端之间连接或断开;第二手动开关,设置在第一写使能端与第二写使能端之间,第二手动开关经人工控制使第一写使能端与第二写使能端之间连接或断开;开关操作授权模组,开关操作授权模组用于对第一手动开关和第二手动开关的至少一个用户进行身份认证,在身份认证同时通过时,开关操作授权模组开放对第一手动开关和第二手动开关进行断开或连接的操作权限。In order to solve the above technical problem, the present invention provides a computer, comprising: a processor, comprising: a first read enable end for issuing a read enable signal under the control of the processor; the first write enable end, a write enable signal is issued under the control of the processor; the memory is provided with: a second read enable end connected to the first read enable end for receiving the read enable signal; the second write enable end, and the a write enable connection for receiving a write enable signal; a first manual switch disposed between the first read enable end and the second read enable end, the first manual switch being manually controlled to cause the first read enable The second end switch is connected between the first write enable end and the second write enable end, and the second manual switch is manually controlled to make the first a write enable end and a second write enable end are connected or disconnected; a switch operation authorization module, the switch operation authorization module is configured to perform identity authentication on at least one user of the first manual switch and the second manual switch When the identity authentication is passed at the same time, the switch operation authorization module is opened to the first manual opening. And a second manual switch for connecting or disconnecting operation rights.

其中,处理器还包括多个第一数据传输端,存储器还包括分别与第一数据传输端连接的多个第二数据传输端。The processor further includes a plurality of first data transmission ends, and the memory further includes a plurality of second data transmission ends respectively connected to the first data transmission end.

其中,第一手动开关经人工控制令第一读使能端与第二读使能端之间连接,且处理器通过第一读使能端发出读使能信号,使得第二读使能端接收到读使能信号时,处理器通过多个第一数据传输端以及多个第二数据传输端从存储器读取数据。The first manual switch is manually controlled to connect the first read enable end and the second read enable end, and the processor issues a read enable signal through the first read enable end, so that the second read enable end Upon receiving the read enable signal, the processor reads data from the memory through the plurality of first data transmission terminals and the plurality of second data transmission terminals.

其中,第二手动开关经人工控制令第一写使能端与第二写使能端之间连接,且处理器通过第一写使能端发出写使能信号,使得第二写使能端接收到写使能信号时,处理器通过多个第一数据传输端以及多个第二数据传输端向存储器写入数据。The second manual switch is manually controlled to connect the first write enable end and the second write enable end, and the processor issues a write enable signal through the first write enable end, so that the second write enable When the terminal receives the write enable signal, the processor writes data to the memory through the plurality of first data transmission ends and the plurality of second data transmission ends.

其中,存储器设置为可以被互联网用户访问。Among them, the memory is set to be accessible by Internet users.

其中,第一手动开关和第二手动开关为拉线开关,闸刀开关以及按钮开关中的至少一种。The first manual switch and the second manual switch are at least one of a wire switch, a knife switch and a push button switch.

其中,开关操作授权模组包括电子密码锁以及箱体,电子密码锁用于锁定箱体,第一手动开关和第二手动开关设置在箱体内,电子密码锁采集至少一个用户提供的身份信息,在判断到所采集到的身份信息与预先存储的身份信息一致时,身份认证通过,电子密码锁对箱体解除锁定,在判断到所采集到的身份信息与预先存储的身份信息不一致时,身份认证不通过,电子密码锁对箱体保持锁定。The switch operation authorization module includes an electronic code lock and a box body, the electronic code lock is used to lock the box body, the first manual switch and the second manual switch are disposed in the box body, and the electronic code lock collects at least one user-provided identity information. When it is determined that the collected identity information is consistent with the pre-stored identity information, the identity authentication is passed, and the electronic password lock unlocks the box. When it is determined that the collected identity information is inconsistent with the pre-stored identity information, The identity authentication does not pass, and the electronic password lock remains locked to the cabinet.

其中,身份信息包括用户信息、密码的至少一种或组合。The identity information includes at least one or a combination of user information and a password.

其中,密码为口令、指纹、视网膜、虹膜中的至少一个。The password is at least one of a password, a fingerprint, a retina, and an iris.

通过上述方案,本发明的有益效果是:通过通过处理器设有第一读使能端用于在处理器控制下发出读使能信号;第一写使能端用于在处理器控制下发出写使能信号;存储器设有第二读使能端与第一读使能端连接,用于接收读使能信号;第二写使能端与第一写使能端连接,用于接收写使能信号;第一手动开关设置在第一读使能端与第二读使能端之间,第一手动开关经人工控制使第一读使能端与第二读使能端之间连接或断开;第二手动开关设置在第一写使能端与第二写使能端之间,第二手动开关经人工控制使第一写使能端与第二写使能端之间连接或断开;开关操作授权模组用于对第一手动开关和第二手动开关的至少一个用户进行身份认证,在身份认证同时通过时,开关操作授权模组开放对第一手动开关和第二手动开关进行断开或连接的操作权限,能够进一步提高数据存储的安全性。Through the above solution, the invention has the beneficial effects that: by providing a first read enable end through the processor for issuing a read enable signal under the control of the processor; the first write enable end is used to be issued under the control of the processor Writing an enable signal; the memory is provided with a second read enable terminal coupled to the first read enable terminal for receiving the read enable signal; and a second write enable terminal coupled to the first write enable terminal for receiving the write The first manual switch is disposed between the first read enable end and the second read enable end, and the first manual switch is manually controlled to connect the first read enable end and the second read enable end. Or disconnected; the second manual switch is disposed between the first write enable end and the second write enable end, and the second manual switch is manually controlled to enable the first write enable end and the second write enable end Connecting or disconnecting; the switch operation authorization module is configured to perform identity authentication on at least one user of the first manual switch and the second manual switch, and when the identity authentication is simultaneously passed, the switch operation authorization module is opened to the first manual switch Operation permission to disconnect or connect with the second manual switch, Further improve the security of data storage.

【附图说明】 [Description of the Drawings]

图1是本发明第一实施例的计算机的结构示意图;1 is a schematic structural view of a computer according to a first embodiment of the present invention;

图2是本发明第二实施例的计算机的结构示意图;2 is a schematic structural diagram of a computer according to a second embodiment of the present invention;

图3是发明第三实施例的计算机的结构示意图;Figure 3 is a block diagram showing the structure of a computer according to a third embodiment of the present invention;

图4是本发明第一实施例的计算机的网络入侵检测方法的流程示意图。4 is a flow chart showing a network intrusion detection method of a computer according to a first embodiment of the present invention.

【具体实施方式】 【detailed description】

请参阅图1,图1是本发明第一实施例的计算机的结构示意图。如图1所示,计算机10包括:存储器11、第一手动开关12、第二手动开关13以及处理器14。其中,处理器14设有:第一读使能端141和第一写使能端142。第一读使能端141用于在处理器14控制下发出读使能信号,第一写使能端142用于在处理器14控制下发出写使能信号。存储器11设有:第二读使能端111和第二写使能端112。第二读使能端111与第一读使能端141连接,用于接收读使能信号,第二写使能端112与第一写使能端142连接,用于接收写使能信号。第一手动开关12设置在第一读使能端141与第二读使能端111之间,第一手动开关12经人工控制使第一读使能端141与第二读使能端111之间连接或断开。第二手动开关13设置在第一写使能端142与第二写使能端112之间,第二手动开关13经人工控制使第一写使能端142与第二写使能端112之间连接或断开。处理器14还包括多个第一数据传输端143,存储器11还包括分别与第一数据传输端143连接的多个第二数据传输端113。Please refer to FIG. 1. FIG. 1 is a schematic structural diagram of a computer according to a first embodiment of the present invention. As shown in FIG. 1, the computer 10 includes a memory 11, a first manual switch 12, a second manual switch 13, and a processor 14. The processor 14 is provided with a first read enable terminal 141 and a first write enable terminal 142. The first read enable terminal 141 is configured to issue a read enable signal under the control of the processor 14, and the first write enable terminal 142 is configured to issue a write enable signal under the control of the processor 14. The memory 11 is provided with a second read enable terminal 111 and a second write enable terminal 112. The second read enable terminal 111 is coupled to the first read enable terminal 141 for receiving a read enable signal, and the second write enable terminal 112 is coupled to the first write enable terminal 142 for receiving a write enable signal. The first manual switch 12 is disposed between the first read enable end 141 and the second read enable end 111. The first manual switch 12 is manually controlled to enable the first read enable end 141 and the second read enable end 111. Connect or disconnect. The second manual switch 13 is disposed between the first write enable terminal 142 and the second write enable terminal 112. The second manual switch 13 is manually controlled to enable the first write enable terminal 142 and the second write enable terminal. Connect or disconnect between 112. The processor 14 further includes a plurality of first data transmission terminals 143, and the memory 11 further includes a plurality of second data transmission terminals 113 connected to the first data transmission terminals 143, respectively.

在本发明实施例中,计算机10还可以包括一与存储器11相同的第二存储器(图未示),第二存储器为存储器11的备份存储器,用于对存储器的数据进行备份。在第二存储器的读使能端与处理器14的读使能端之间以及在第二存储器的写使能端与处理器14的写使能端之间分别设置手动开关以进行连接。而第二存储器的数据数据传输端与处理器的数据传输端也直接连接,以进行数据的传输。在存储器11能正常使用时,存储器11设置为可以被互联网用户访问,而第二存储器设置为不能被互联网用户访问。在存储器11损坏或不能正常使用时,计算机10能直接自动切换至第二存储器以进行数据的正常读写。In the embodiment of the present invention, the computer 10 may further include a second memory (not shown) identical to the memory 11, and the second memory is a backup memory of the memory 11 for backing up data of the memory. A manual switch is provided between the read enable end of the second memory and the read enable end of the processor 14 and between the write enable end of the second memory and the write enable end of the processor 14 for connection. The data data transmission end of the second memory is also directly connected to the data transmission end of the processor for data transmission. When the memory 11 is in normal use, the memory 11 is set to be accessible by Internet users, while the second memory is set to be inaccessible to Internet users. When the memory 11 is damaged or cannot be used normally, the computer 10 can automatically switch to the second memory directly for normal reading and writing of data.

在本发明实施例中,第一手动开关12经人工控制令第一读使能端141与第二读使能端111之间连接,且处理器14通过第一读使能端141发出读使能信号,使得第二读使能端111接收到读使能信号时,处理器14通过多个第一数据传输端143以及多个第二数据传输端113从存储器11读取数据。第二手动开关13经人工控制令第一写使能端142与第二写使能端112之间连接,且处理器14通过第一写使能端142发出写使能信号,使得第二写使能端112接收到写使能信号时,处理器14通过多个第一数据传输端143以及多个第二数据传输端113向存储器11写入数据。其中,第一手动开关12和第二手动开关13为拉线开关、闸刀开关、或按钮开关的至少一种。在本发明实施例中,通过手动操作第一手动开关12和第二手动开关13进而分别控制处理器14对存储器11的读写操作,能够有效防止存储器11中的数据被非法修改,保证数据存储的安全性。In the embodiment of the present invention, the first manual switch 12 is manually controlled to connect the first read enable terminal 141 and the second read enable terminal 111, and the processor 14 issues a read enable by the first read enable terminal 141. The energy signal is such that when the second read enable terminal 111 receives the read enable signal, the processor 14 reads data from the memory 11 through the plurality of first data transfer terminals 143 and the plurality of second data transfer terminals 113. The second manual switch 13 is manually controlled to connect the first write enable terminal 142 and the second write enable terminal 112, and the processor 14 issues a write enable signal through the first write enable terminal 142, so that the second When the write enable terminal 112 receives the write enable signal, the processor 14 writes data to the memory 11 through the plurality of first data transfer terminals 143 and the plurality of second data transfer terminals 113. The first manual switch 12 and the second manual switch 13 are at least one of a wire switch, a knife switch, or a push button switch. In the embodiment of the present invention, by manually operating the first manual switch 12 and the second manual switch 13 to separately control the read and write operations of the processor 14 on the memory 11, the data in the memory 11 can be effectively prevented from being illegally modified, and the data is guaranteed. Storage security.

图2是本发明第二实施例的计算机的结构示意图。如图2 所示,计算机20包括:存储器21、第一手动开关22、第二手动开关23、处理器 24以及开关操作授权模组25。处理器24设有:第一读使能端241和第一写使能端242。第一读使能端241用于在处理器24控制下发出读使能信号,第一写使能端242用于在处理器24控制下发出写使能信号。存储器21设有:第二读使能端211和第二写使能端212。第二读使能端211与第一读使能端241连接,用于接收读使能信号。第二写使能端212与第一写使能端412连接,用于接收写使能信号。第一手动开关22设置在第一读使能端241与第二读使能端211之间,第一手动开关22经人工控制使第一读使能端241与第二读使能端211之间连接或断开。第二手动开关23设置在第一写使能端242与第二写使能端212之间,第二手动开关23经人工控制使第一写使能端242与第二写使能端212之间连接或断开。开关操作授权模组25用于对第一手动开关22和第二手动开关23的至少一个用户进行身份认证,在身份认证通过时,开关操作授权模组25开放对第一手动开关22和第二手动开关23进行断开或连接的操作权限。Figure 2 is a block diagram showing the structure of a computer in accordance with a second embodiment of the present invention. Figure 2 As shown, the computer 20 includes: a memory 21, a first manual switch 22, a second manual switch 23, a processor 24 and the switch operation authorization module 25. The processor 24 is provided with a first read enable terminal 241 and a first write enable terminal 242. The first read enable terminal 241 is configured to issue a read enable signal under the control of the processor 24, and the first write enable terminal 242 is configured to issue a write enable signal under the control of the processor 24. The memory 21 is provided with a second read enable terminal 211 and a second write enable terminal 212. The second read enable terminal 211 is coupled to the first read enable terminal 241 for receiving a read enable signal. The second write enable terminal 212 is coupled to the first write enable terminal 412 for receiving a write enable signal. The first manual switch 22 is disposed between the first read enable terminal 241 and the second read enable terminal 211. The first manual switch 22 is manually controlled to enable the first read enable terminal 241 and the second read enable terminal 211. Connect or disconnect. The second manual switch 23 is disposed between the first write enable terminal 242 and the second write enable terminal 212. The second manual switch 23 is manually controlled to cause the first write enable terminal 242 and the second write enable terminal. Connect or disconnect between 212. The switch operation authorization module 25 is configured to perform identity authentication on at least one user of the first manual switch 22 and the second manual switch 23. When the identity authentication is passed, the switch operation authorization module 25 is opened to the first manual switch 22 and the first The second manual switch 23 performs the operation authority of disconnecting or connecting.

在本发明实施例中,计算机20还可以包括一与存储器21相同的第二存储器(图未示),第二存储器为存储器21的备份存储器,用于对存储器的数据进行备份。在第二存储器的读使能端与处理器24的读使能端之间以及在第二存储器的写使能端与处理器24的写使能端之间分别设置手动开关以进行连接。而第二存储器的数据数据传输端与处理器的数据传输端也直接连接,以进行数据的传输。在存储器21能正常使用时,存储器21设置为可以被互联网用户访问,而第二存储器设置为不能被互联网用户访问。在存储器21损坏或不能正常使用时,计算机20能直接自动切换至第二存储器以进行数据的正常读写,此时同样需要开关操作授权模组25对分别设置在第二存储器的读使能端与处理器24的读使能端之间以及在第二存储器的写使能端与处理器24的写使能端之间的手动开关的至少一个用户进行身份认证,并在身份认证通过时,开关操作授权模组25开放对此两手动开关进行断开或连接的操作权限。In the embodiment of the present invention, the computer 20 may further include a second memory (not shown) identical to the memory 21, and the second memory is a backup memory of the memory 21 for backing up data of the memory. A manual switch is provided between the read enable end of the second memory and the read enable end of the processor 24 and between the write enable end of the second memory and the write enable end of the processor 24, respectively. The data data transmission end of the second memory is also directly connected to the data transmission end of the processor for data transmission. When the memory 21 is in normal use, the memory 21 is set to be accessible by an Internet user, and the second memory is set to be inaccessible to Internet users. When the memory 21 is damaged or cannot be used normally, the computer 20 can automatically switch to the second memory to perform normal reading and writing of data. At this time, the switch operation authorization module 25 is also required to be respectively disposed on the read enable end of the second memory. Authenticating at least one user with a manual switch between the read enable end of the processor 24 and the write enable end of the second memory and the write enable end of the processor 24, and when the identity authentication is passed, The switch operation authorization module 25 opens the operation authority for disconnecting or connecting the two manual switches.

在本发明实施例中,处理器24还包括多个第一数据传输端243,存储器24还包括分别与第一数据传输端243连接的多个第二数据传输端213。第一手动开关22经人工控制令第一读使能端241与第二读使能端211之间连接,且处理器24通过第一读使能端241发出读使能信号,使得第二读使能端211接收到读使能信号时,处理器24通过多个第一数据传输端243以及多个第二数据传输端313从存储器24读取数据。第二手动开关23经人工控制令第一写使能端242与第二写使能端212之间连接,且处理器24通过第一写使能端242发出写使能信号,使得第二写使能端212接收到写使能信号时,处理器24通过多个第一数据传输端243以及多个第二数据传输端213向存储器21写入数据。其中,第一手动开关22和第二手动开关23为拉线开关,闸刀开关以及按钮开关中的至少一种。如此通过开关操作授权模组25对第一手动开关22和第二手动开关23的至少一个用户进行身份认证,并在身份认证通过时,开关操作授权模组25开放对第一手动开关22和第二手动开关23进行断开或连接的操作权限,能够进一步防止存储器21的数据被非法修改,进一步保证数据存储的安全性。In the embodiment of the present invention, the processor 24 further includes a plurality of first data transmission ends 243, and the memory 24 further includes a plurality of second data transmission ends 213 respectively connected to the first data transmission end 243. The first manual switch 22 is manually controlled to connect the first read enable terminal 241 and the second read enable terminal 211, and the processor 24 issues a read enable signal through the first read enable terminal 241, so that the second read When the enable terminal 211 receives the read enable signal, the processor 24 reads data from the memory 24 through the plurality of first data transfer terminals 243 and the plurality of second data transfer terminals 313. The second manual switch 23 is manually controlled to connect the first write enable terminal 242 and the second write enable terminal 212, and the processor 24 issues a write enable signal through the first write enable terminal 242, so that the second When the write enable terminal 212 receives the write enable signal, the processor 24 writes data to the memory 21 through the plurality of first data transfer terminals 243 and the plurality of second data transfer terminals 213. The first manual switch 22 and the second manual switch 23 are at least one of a wire pull switch, a knife switch and a push button switch. Thus, at least one user of the first manual switch 22 and the second manual switch 23 is authenticated by the switch operation authorization module 25, and when the identity authentication is passed, the switch operation authorization module 25 is opened to the first manual switch 22 and The operation permission of the second manual switch 23 to open or connect can further prevent the data of the memory 21 from being illegally modified, thereby further ensuring the security of data storage.

开关操作授权模组25包括:电子密码锁251以及箱体252。电子密码锁251用于锁定箱体252,第一手动开关22和第二手动开关23设置在箱体252内,电子密码锁251采集至少一个用户提供的身份信息,并进行身份认证。在判断到所采集到的身份信息与预先存储的身份信息一致时,身份认证通过,电子密码锁251对箱体252解除锁定,在判断到所采集到的身份信息与预先存储的身份信息不一致时,身份认证不通过,电子密码锁251对箱体252保持锁定。身份信息包括用户信息或密码中的至少一个。即身份信息可以只包括用户信息或密码,也可以包括用户信息以及对用户信息对应的密码。其中用户信息可以通过刷智能卡获取。用户信息可以是智能卡的编号,用户的工号或者其他与用户个人相关的身份信息。密码为口令、指纹、视网膜、虹膜中的至少一个。身份信息包括用户信息以及对用户信息对应的密码时,电子密码锁251首先采集用户提供的用户信息并进行认证,并在用户信息认证通过后采集与该用户信息对应的密码并进行认证。如果电子密码锁251对用户信息以及对应的密码认证都通过时,电子密码锁251对箱体252解除锁定。The switch operation authorization module 25 includes an electronic code lock 251 and a box 252. The electronic code lock 251 is used to lock the box 252. The first manual switch 22 and the second manual switch 23 are disposed in the box 252. The electronic code lock 251 collects at least one user-provided identity information and performs identity authentication. When it is determined that the collected identity information is consistent with the pre-stored identity information, the identity authentication is passed, and the electronic password lock 251 unlocks the box 252, and when it is determined that the collected identity information is inconsistent with the pre-stored identity information, The identity authentication fails, and the electronic code lock 251 remains locked to the box 252. The identity information includes at least one of user information or a password. That is, the identity information may include only user information or a password, and may also include user information and a password corresponding to the user information. User information can be obtained by swiping a smart card. The user information may be the number of the smart card, the user's job number or other identity information related to the user's personal. The password is at least one of a password, a fingerprint, a retina, and an iris. When the identity information includes the user information and the password corresponding to the user information, the electronic password lock 251 first collects the user information provided by the user and performs authentication, and collects the password corresponding to the user information and authenticates after the user information is authenticated. If the electronic code lock 251 passes the user information and the corresponding password authentication, the electronic code lock 251 unlocks the box 252.

在本发明实施例中,电子密码锁251可以采集一个用户提供的身份信息,并进行身份认证,在电子密码锁251完成身份认证且身份认证通过时,即完成了针对第一用户提供的身份信息的验证。如果存储器21操作的验证只是需要单个用户提供的身份信息即可完成验证,则如果智能卡丢失被别人捡到和/或密码被别人知晓,就很容易造成别人可以随意操作第一手动开关22和第二手动开关23,使处理器 24对存储器21进行读操作或写操作,这就使得安全性能不高;并且只需验证单个用户的用户信息和/或密码也容易使得进行验证的该客户进行随意的操作。鉴于此,开关操作授权模组25还可以对两个或两个以上用户提供的身份信息进行验证。具体地,以针对不同的用户提供的身份信息至少验证三次为例,电子密码锁251采集第二用户提供的身份信息并进行验证,并在第二用户提供的身份信息验证正确时,获取一第三用户提供的身份信息并进行验证。如此至少需要对两个不同用户提供的身份信息进行验证并且验证正确后才能对第一手动开关22和第二手动开关23进行操作。其中对三个不同用户提供的身份信息进行验证时,可以对该三个用户提供的身份信息的顺序进行限定,即规定必须首先验证哪个用户提供的身份信息,然后再验证哪个用户提供的身份信息,最后验证哪个用户提供的身份信息;也可以不对该三个用户提供的身份信息验证的顺序进行限定,即只需要对这三个用户提供的身份信息进行了验证即可,而不用管这三个用户提供的身份信息是以什么样的顺序来进行验证的。当然在本发明的其他实施例中,也可以对更多的用户提供的身份信息进行验证,在此不作限制。其中,对第一手动开关22和第二手动开关23进行操作的用户可以是这三个用户中的其中之一,也可以是这三个用户之外的其他用户,在此不作限制。如此在对两个或两个以上用户提供的身份信息进行验证并通过后电子密码锁251才对箱体252解除锁定,显然安全性能能够得到提高,同时,由于需要两个或两个以上用户提供的身份信息,其中任意一个用户对第一手动开关22和第二手动开关23的操作都至少需要接受至少另外一个用户的监督,也就是说其中任一个用户都不可能能够随意对第一手动开关22和第二手动开关23进行操作,使得数据存储的安全性进一步提高。In the embodiment of the present invention, the electronic password lock 251 can collect identity information provided by a user and perform identity authentication. When the electronic password lock 251 completes identity authentication and the identity authentication passes, the identity information provided for the first user is completed. Verification. If the verification of the operation of the memory 21 only requires the identity information provided by a single user to complete the verification, if the smart card is lost by someone else and/or the password is known by others, it is easy for others to operate the first manual switch 22 and the Two manual switches 23 to make the processor 24 performs a read or write operation on the memory 21, which makes the security performance low; and it is easy to verify the user information and/or password of a single user to make the client performing the authentication arbitrarily. In view of this, the switch operation authorization module 25 can also verify the identity information provided by two or more users. Specifically, the identity information provided by the different users is verified at least three times, and the electronic password lock 251 collects the identity information provided by the second user and performs verification, and obtains a first when the identity information provided by the second user is verified correctly. The identity information provided by the three users is verified. Therefore, at least the identity information provided by two different users needs to be verified and verified to be correct before the first manual switch 22 and the second manual switch 23 are operated. When the identity information provided by three different users is verified, the order of the identity information provided by the three users may be limited, that is, the identity information provided by the user must be verified first, and then the identity information provided by the user is verified. Finally, verify which user provides the identity information; or the order of the identity verification provided by the three users may be limited, that is, only the identity information provided by the three users needs to be verified, regardless of the three The order in which the user-provided identity information is verified. Of course, in other embodiments of the present invention, more user-provided identity information may be verified, which is not limited herein. The user who operates the first manual switch 22 and the second manual switch 23 may be one of the three users, or may be other users than the three users, and is not limited herein. Thus, after the identity information provided by two or more users is verified and the electronic password lock 251 is released, the security of the cabinet 252 is unlocked, and the security performance can be improved, and at the same time, two or more users are required to provide the security information. Identity information, wherein any one of the user operations on the first manual switch 22 and the second manual switch 23 at least needs to be supervised by at least one other user, that is, any one of the users cannot be free to the first manual The switch 22 and the second manual switch 23 operate to further improve the security of data storage.

开关操作授权模组25和第一手动开关22和第二手动开关23均是独立于处理器 24的独立元件,不受处理器 24的影响,也就不受外界比如网络病毒、木马等影响。The switch operation authorization module 25 and the first manual switch 22 and the second manual switch 23 are independent components of the processor 24, independent of the processor. The impact of 24 is also immune to external influences such as network viruses and Trojans.

在本发明实施例中,通过开关操作授权模组25对第一手动开关22和第二手动开关23的至少一个用户进行身份认证,并在身份认证通过时,开关操作授权模组25开放对第一手动开关22和第二手动开关23进行断开或连接的操作权限,能够进一步防止存储器21的数据被非法修改,进一步提高数据存储的安全性。In the embodiment of the present invention, at least one user of the first manual switch 22 and the second manual switch 23 is authenticated by the switch operation authorization module 25, and when the identity authentication is passed, the switch operation authorization module 25 is opened. The operation authority of the first manual switch 22 and the second manual switch 23 to open or connect can further prevent the data of the memory 21 from being illegally modified, thereby further improving the security of data storage.

图3是本发明第三实施例的计算机的结构示意图。如图3所示,计算机30包括:存储器31、第一手动开关32、第二手动开关33、处理器 34、开关操作授权模组35以及镜像存储器36。处理器34设有:第一读使能端341和第一写使能端342。第一读使能端341用于在处理器34控制下发出读使能信号,第一写使能端342用于在处理器34控制下发出写使能信号。存储器31设有:第二读使能端311和第二写使能端312。第二读使能端311与第一读使能端341连接,用于接收读使能信号,第二写使能端312与第一写使能端342连接,用于接收写使能信号。第一手动开关32设置在第一读使能端341与第二读使能端311之间,第一手动开关32经使人工控制第一读使能端341与第二读使能端311之间连接或断开。第二手动开关33设置在第一写使能端342与第二写使能端312之间,第二手动开关32经人工控制使第一写使能端342与第二写使能端312之间连接或断开。镜像存储器36为存储器31的镜像,镜像存储器36包括:第三读使能端361和第三写使能端362。第三读使能端361与第一读使能端341直接连接,用于接收读使能信号,第三写使能端362与第一写使能端342直接连接,用于接收写使能信号。开关操作授权模组35用于对第一手动开关32和第二手动开关33的至少一个用户进行身份认证,在身份认证通过时,开关操作授权模组35开放对第一手动开关32和第二手动开关33进行断开或连接的操作权限。Figure 3 is a block diagram showing the structure of a computer in accordance with a third embodiment of the present invention. As shown in FIG. 3, the computer 30 includes: a memory 31, a first manual switch 32, a second manual switch 33, and a processor. 34. The switch operation authorization module 35 and the image memory 36. The processor 34 is provided with a first read enable terminal 341 and a first write enable terminal 342. The first read enable terminal 341 is for issuing a read enable signal under the control of the processor 34, and the first write enable terminal 342 is configured to issue a write enable signal under the control of the processor 34. The memory 31 is provided with a second read enable terminal 311 and a second write enable terminal 312. The second read enable terminal 311 is connected to the first read enable terminal 341 for receiving the read enable signal, and the second write enable terminal 312 is coupled to the first write enable terminal 342 for receiving the write enable signal. The first manual switch 32 is disposed between the first read enable end 341 and the second read enable end 311. The first manual switch 32 is configured to manually control the first read enable end 341 and the second read enable end 311. Connect or disconnect. The second manual switch 33 is disposed between the first write enable terminal 342 and the second write enable terminal 312, and the second manual switch 32 is manually controlled to cause the first write enable terminal 342 and the second write enable terminal. Connect or disconnect between 312. The mirror memory 36 is a mirror image of the memory 31. The mirror memory 36 includes a third read enable terminal 361 and a third write enable terminal 362. The third read enable terminal 361 is directly connected to the first read enable terminal 341 for receiving the read enable signal, and the third write enable terminal 362 is directly connected to the first write enable terminal 342 for receiving write enable. signal. The switch operation authorization module 35 is configured to perform identity authentication on at least one user of the first manual switch 32 and the second manual switch 33. When the identity authentication is passed, the switch operation authorization module 35 is opened to the first manual switch 32 and the first The second manual switch 33 performs the operation permission to disconnect or connect.

在本发明实施例中,存储器31设置为可以被互联网用户访问,镜像存储器36设置为不可以被互联网用户访问。处理器34还包括多个第一数据传输端343,存储器32还包括分别与第一数据传输端343连接的多个第二数据传输端313,镜像存储器36还包括分别与第一数据传输端343连接的多个第三数据传输端363。In the embodiment of the present invention, the memory 31 is set to be accessible by an Internet user, and the mirror memory 36 is set to be inaccessible to Internet users. The processor 34 further includes a plurality of first data transmission ends 343. The memory 32 further includes a plurality of second data transmission ends 313 respectively connected to the first data transmission end 343. The mirror memory 36 further includes a first data transmission end 343. A plurality of third data transmission ends 363 are connected.

在本发明实施例中,第一手动开关32经人工控制令第一读使能端341与第二读使能端311之间连接,处理器34通过第一读使能端341发出读使能信号,使得第二读使能端311和第三读使能端361接收到读使能信号时,处理器34通过多个第一数据传输端343以及多个第二数据传输端313从存储器31读取数据,并通过多个第一数据传输端343以及多个第三数据传输端363从镜像存储器36读取数据。第一手动开关32经人工控制令第一读使能端341与第二读使能端311之间断开,处理器34通过第一读使能端341发出读使能信号,使得仅有第三读使能端361接收到读使能信号时,处理器34通过多个第一数据传输端341以及多个第三数据传输端361从镜像存储器36读取数据。In the embodiment of the present invention, the first manual switch 32 is manually controlled to connect the first read enable terminal 341 and the second read enable terminal 311, and the processor 34 issues a read enable through the first read enable terminal 341. The signal is such that when the second read enable terminal 311 and the third read enable terminal 361 receive the read enable signal, the processor 34 passes the plurality of first data transfer terminals 343 and the plurality of second data transfer terminals 313 from the memory 31. The data is read, and data is read from the mirror memory 36 through the plurality of first data transfer terminals 343 and the plurality of third data transfer terminals 363. The first manual switch 32 is manually controlled to disconnect the first read enable terminal 341 and the second read enable terminal 311, and the processor 34 issues a read enable signal through the first read enable terminal 341, so that only the third When the read enable terminal 361 receives the read enable signal, the processor 34 reads data from the image memory 36 through the plurality of first data transfer terminals 341 and the plurality of third data transfer terminals 361.

第二手动开关33经人工控制令第一写使能端342与第二写使能端312之间连接,处理器34通过第一写使能端342发出写使能信号,使得第二写使能端312和第三写使能端362接收到写使能信号时,处理器34通过多个第一数据传输端343以及多个第二数据传输端313向存储器31写入数据,并通过多个第一数据传输端343以及多个第三数据传输端363向镜像存储器36写入数据。第二手动开关33经人工控制令第一写使能端342与第二写使能端312之间断开,处理器34通过第一写使能端342发出写使能信号,使得仅有第三写使能端362接收到写使能信号时,处理器34通过多个第一数据传输端343以及多个第三数据传输端363向镜像存储器36写入数据。如此在计算机30与互联网连接时,第二手动开关33经人工控制令第一写使能端342与第二写使能端312之间断开,当计算机30受到网络入侵时,镜像存储器36中存储的数据根据处理器34的发出的写使能信号进行更改,而存储器31中存储的数据不实际进行更改。计算机30还包括比较模块(图未示),比较模块对存储器31与镜像存储器36内的数据进行比较,若二者不一致,则判断计算机30受到网络入侵,如此能够防止存储器31遭受非法的网络入侵。The second manual switch 33 is manually controlled to connect the first write enable terminal 342 and the second write enable terminal 312, and the processor 34 issues a write enable signal through the first write enable terminal 342, so that the second write When the enable terminal 312 and the third write enable terminal 362 receive the write enable signal, the processor 34 writes data to the memory 31 through the plurality of first data transfer terminals 343 and the plurality of second data transfer terminals 313, and passes the data. The plurality of first data transfer terminals 343 and the plurality of third data transfer terminals 363 write data to the mirror memory 36. The second manual switch 33 is manually controlled to disconnect the first write enable terminal 342 and the second write enable terminal 312, and the processor 34 issues a write enable signal through the first write enable terminal 342, so that only the first When the write enable 362 receives the write enable signal, the processor 34 writes data to the mirror memory 36 through the plurality of first data transfer terminals 343 and the plurality of third data transfer terminals 363. Thus, when the computer 30 is connected to the Internet, the second manual switch 33 is manually controlled to disconnect between the first write enable terminal 342 and the second write enable terminal 312. When the computer 30 is invaded by the network, the image memory 36 is The stored data is changed in accordance with the write enable signal issued by the processor 34, and the data stored in the memory 31 is not actually changed. The computer 30 further includes a comparison module (not shown). The comparison module compares the data in the memory 31 with the image memory 36. If the two are inconsistent, it is determined that the computer 30 is invaded by the network, thus preventing the memory 31 from being subjected to illegal network intrusion. .

在本发明实施例中,计算机30还可以包括一与存储器31相同的第二存储器(图未示),第二存储器为存储器31的备份存储器,用于对存储器的数据进行备份。在第二存储器的读使能端与处理器34的读使能端之间以及在第二存储器的写使能端与处理器34的写使能端之间分别设置手动开关以进行连接。而第二存储器的数据数据传输端与处理器的数据传输端也直接连接,以进行数据的传输。在存储器31能正常使用时,存储器31设置为可以被互联网用户访问,而第二存储器设置为不能被互联网用户访问。在存储器31损坏或不能正常使用时,计算机30能直接自动切换至第二存储器以进行数据的正常读写,而镜像存储器也36自动切换为对造型存储器的镜像。此时同样需要开关操作授权模组35对分别设置在第二存储器的读使能端与处理器34的读使能端之间以及在第二存储器的写使能端与处理器34的写使能端之间的手动开关的至少一个用户进行身份认证,并在身份认证通过时,开关操作授权模组35开放对此两手动开关进行断开或连接的操作权限。In the embodiment of the present invention, the computer 30 may further include a second memory (not shown) identical to the memory 31, and the second memory is a backup memory of the memory 31 for backing up data of the memory. A manual switch is provided between the read enable end of the second memory and the read enable end of the processor 34 and between the write enable end of the second memory and the write enable end of the processor 34, respectively. The data data transmission end of the second memory is also directly connected to the data transmission end of the processor for data transmission. When the memory 31 is in normal use, the memory 31 is set to be accessible by an Internet user, and the second memory is set to be inaccessible to an Internet user. When the memory 31 is damaged or cannot be used normally, the computer 30 can automatically switch to the second memory directly for normal reading and writing of data, and the mirror memory 36 is automatically switched to mirror the modeling memory. At this time, the switch operation authorization module 35 is also required to be respectively disposed between the read enable end of the second memory and the read enable end of the processor 34 and the write enable end of the second memory and the write of the processor 34. At least one user of the manual switch between the energy terminals performs identity authentication, and when the identity authentication passes, the switch operation authorization module 35 opens the operation authority for disconnecting or connecting the two manual switches.

而在计算机30与互联网连接时,手动开关经人工控制令第二存储器的写使能端342与处理器34的写使能端312之间断开。当计算机30受到网络入侵时,镜像存储器36中存储的数据根据处理器34的发出的写使能信号进行更改,而第二存储器中存储的数据不实际进行更改。比较模块对第二存储器与镜像存储器36内的数据进行比较,若二者不一致,则判断计算机30受到网络入侵。如此亦能够防止第二存储器遭受非法的网络入侵。When the computer 30 is connected to the Internet, the manual switch is manually controlled to disconnect the write enable 342 of the second memory from the write enable 312 of the processor 34. When the computer 30 is compromised by the network, the data stored in the mirror memory 36 is changed in accordance with the write enable signal issued by the processor 34, and the data stored in the second memory is not actually changed. The comparison module compares the data in the second memory with the image memory 36. If the two are inconsistent, it is determined that the computer 30 is invaded by the network. This also prevents the second memory from being subjected to illegal network intrusion.

在本发明实施例中,存储器31中的数据也可以限定其中的一部分数据需要通过第一手动开关32和第二手动开关33的人工控制才可以进行读写操作。具体地,只有通过开关操作授权模组35的认证并且认证通过之后,才可以通过操作第一手动开关32或第二手动开关33对存储器31中的该部分数据进行写操作或者读操作,如此能够防止非法的网络入侵。In the embodiment of the present invention, the data in the memory 31 can also define a part of the data to be read and written by the manual control of the first manual switch 32 and the second manual switch 33. Specifically, the portion of the data in the memory 31 can be written or read by operating the first manual switch 32 or the second manual switch 33 only after the authentication of the authorization module 35 is operated by the switch and the authentication is passed. It can prevent illegal network intrusion.

图4是本发明第一实施例的计算机的网络入侵检测方法的流程示意图。如图4所示,计算机30的网络入侵检测方法包括:4 is a flow chart showing a network intrusion detection method of a computer according to a first embodiment of the present invention. As shown in FIG. 4, the network intrusion detection method of the computer 30 includes:

步骤S10:设置存储器31设置为可以被互联网用户访问,镜像存储器36设置为不可以被互联网用户访问。Step S10: The setting memory 31 is set to be accessible by an Internet user, and the mirror memory 36 is set to be inaccessible to Internet users.

其中,计算机30的具体结构如图3所示。镜像存储器36为存储器31的镜像。The specific structure of the computer 30 is shown in FIG. 3. The mirror memory 36 is a mirror image of the memory 31.

步骤S11:第二手动开关33经人工控制使第一写使能端342与第二写使能端312之间断开;对存储器31与镜像存储器36内的数据进行比较,若二者不一致,则判断计算机30受到网络入侵,若二者一致,则判断计算机30没有受到网络入侵。Step S11: The second manual switch 33 is manually controlled to disconnect between the first write enable terminal 342 and the second write enable terminal 312; compare the data in the memory 31 with the image memory 36, if the two are inconsistent, Then, it is judged that the computer 30 is invaded by the network. If the two are consistent, it is judged that the computer 30 is not invaded by the network.

综上所述,本发明通过处理器设有第一读使能端用于在处理器控制下发出读使能信号;第一写使能端用于在处理器控制下发出写使能信号;存储器设有第二读使能端与第一读使能端连接,用于接收读使能信号;第二写使能端与第一写使能端连接,用于接收写使能信号;第一手动开关设置在第一读使能端与第二读使能端之间,第一手动开关经人工控制使第一读使能端与第二读使能端之间连接或断开;第二手动开关设置在第一写使能端与第二写使能端之间,第二手动开关经人工控制使第一写使能端与第二写使能端之间连接或断开;开关操作授权模组用于对第一手动开关和第二手动开关的至少一个用户进行身份认证,在身份认证同时通过时,开关操作授权模组开放对第一手动开关和第二手动开关进行断开或连接的操作权限,能够进一步提高数据存储的安全性。In summary, the present invention is provided with a first read enable terminal for issuing a read enable signal under the control of the processor; and a first write enable terminal for issuing a write enable signal under the control of the processor; The second read enable end of the memory is connected to the first read enable end for receiving the read enable signal; the second write enable end is connected to the first write enable end for receiving the write enable signal; a manual switch is disposed between the first read enable end and the second read enable end, and the first manual switch is manually controlled to connect or disconnect between the first read enable end and the second read enable end; The second manual switch is disposed between the first write enable end and the second write enable end, and the second manual switch is manually controlled to connect or disconnect the first write enable end and the second write enable end. The switch operation authorization module is configured to perform identity authentication on at least one user of the first manual switch and the second manual switch, and when the identity authentication is simultaneously passed, the switch operation authorization module is opened to the first manual switch and the second manual The operation permission of the switch to disconnect or connect can further improve the security of data storage. Sex.

以上所述仅为本发明的实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。The above is only the embodiment of the present invention, and is not intended to limit the scope of the invention, and the equivalent structure or equivalent process transformation of the present invention and the contents of the drawings may be directly or indirectly applied to other related technologies. The fields are all included in the scope of patent protection of the present invention.

Claims (16)

一种计算机,其特征在于,包括: A computer characterized by comprising: 处理器,设有:Processor with: 第一读使能端,用于在所述处理器控制下发出读使能信号;a first read enable terminal for issuing a read enable signal under control of the processor; 第一写使能端,用于在所述处理器控制下发出写使能信号;a first write enable terminal for issuing a write enable signal under control of the processor; 存储器,设有:Memory with: 第二读使能端,与所述第一读使能端连接,用于接收所述读使能信号; a second read enable terminal, coupled to the first read enable terminal, for receiving the read enable signal; 第二写使能端,与所述第一写使能端连接,用于接收所述写使能信号;a second write enable terminal coupled to the first write enable terminal for receiving the write enable signal; 第一手动开关,设置在所述第一读使能端与所述第二读使能端之间,所述第一手动开关经人工控制使所述第一读使能端与所述第二读使能端之间连接或断开;a first manual switch disposed between the first read enable end and the second read enable end, the first manual switch being manually controlled to cause the first read enable end and the second Connect or disconnect between the read enable terminals; 第二手动开关,设置在所述第一写使能端与所述第二写使能端之间,所述第二手动开关经人工控制使所述第一写使能端与所述第二写使能端之间连接或断开;a second manual switch disposed between the first write enable end and the second write enable end, the second manual switch being manually controlled to cause the first write enable end and the Connecting or disconnecting the second write enable terminals; 开关操作授权模组,所述开关操作授权模组用于对所述第一手动开关和所述第二手动开关的至少一个用户进行身份认证,在身份认证同时通过时,所述开关操作授权模组开放对所述第一手动开关和所述第二手动开关进行断开或连接的操作权限;a switch operation authorization module, configured to perform identity authentication on at least one user of the first manual switch and the second manual switch, and when the identity authentication is simultaneously passed, the switch operation authorization The module is open to operate the disconnection or connection of the first manual switch and the second manual switch; 其中,所述处理器还包括多个第一数据传输端,所述存储器还包括分别与所述第一数据传输端连接的多个第二数据传输端,所述存储器设置为可以被互联网用户访问。The processor further includes a plurality of first data transmission ends, the memory further includes a plurality of second data transmission ends respectively connected to the first data transmission end, the memory being configured to be accessible by an Internet user . 根据权利要求1所述的计算机,其特征在于,所述第一手动开关经人工控制令所述第一读使能端与所述第二读使能端之间连接,且所述处理器通过所述第一读使能端发出所述读使能信号,使得所述第二读使能端接收到所述读使能信号时,所述处理器通过所述多个第一数据传输端以及所述多个第二数据传输端从所述存储器读取数据。The computer according to claim 1, wherein the first manual switch is manually controlled to connect the first read enable end and the second read enable end, and the processor passes The first read enable end issues the read enable signal, so that when the second read enable end receives the read enable signal, the processor passes the plurality of first data transmission ends and The plurality of second data transmission terminals read data from the memory. 根据权利要求1所述的计算机,其特征在于,所述第二手动开关经人工控制令所述第一写使能端与所述第二写使能端之间连接,且所述处理器通过所述第一写使能端发出所述写使能信号,使得所述第二写使能端接收到所述写使能信号时,所述处理器通过所述多个第一数据传输端以及所述多个第二数据传输端向所述存储器写入数据。The computer according to claim 1, wherein the second manual switch is manually controlled to connect the first write enable end and the second write enable end, and the processor Sending, by the first write enable end, the write enable signal, when the second write enable end receives the write enable signal, the processor passes the plurality of first data transmission ends And the plurality of second data transmission ends write data to the memory. 根据权利要求1所述的计算机,其特征在于,所述第一手动开关和所述第二手动开关为拉线开关,闸刀开关以及按钮开关中的至少一种。The computer according to claim 1, wherein the first manual switch and the second manual switch are at least one of a wire switch, a knife switch, and a push button switch. 根据权利要求1所述的计算机,其特征在于,所述开关操作授权模组包括电子密码锁以及箱体,所述电子密码锁用于锁定所述箱体,所述第一手动开关和所述第二手动开关设置在所述箱体内,所述电子密码锁采集至少一个用户提供的身份信息,在判断到所采集到的身份信息与预先存储的身份信息一致时,身份认证通过,所述电子密码锁对所述箱体解除锁定,在判断到所采集到的身份信息与预先存储的身份信息不一致时,身份认证不通过,所述电子密码锁对所述箱体保持锁定。The computer according to claim 1, wherein said switch operation authorization module comprises an electronic code lock and a case, said electronic code lock is for locking said case, said first manual switch and said The second manual switch is disposed in the box, and the electronic password lock collects at least one identity information provided by the user, and when it is determined that the collected identity information is consistent with the pre-stored identity information, the identity authentication is passed. The electronic code lock unlocks the box. When it is determined that the collected identity information is inconsistent with the pre-stored identity information, the identity authentication fails, and the electronic code lock remains locked to the box. 根据权利要求5所述的计算机,其特征在于,所述身份信息包括用户信息、密码的至少一种或组合。The computer of claim 5 wherein said identity information comprises at least one or a combination of user information, passwords. 根据权利要求6所述的计算机,其特征在于,所述密码为口令、指纹、视网膜、虹膜中的至少一个。  The computer of claim 6, wherein the password is at least one of a password, a fingerprint, a retina, and an iris. 一种计算机,其特征在于,包括:A computer characterized by comprising: 处理器,设有:Processor with: 第一读使能端,用于在所述处理器控制下发出读使能信号;a first read enable terminal for issuing a read enable signal under control of the processor; 第一写使能端,用于在所述处理器控制下发出写使能信号;a first write enable terminal for issuing a write enable signal under control of the processor; 存储器,设有:Memory with: 第二读使能端,与所述第一读使能端连接,用于接收所述读使能信号; a second read enable terminal, coupled to the first read enable terminal, for receiving the read enable signal; 第二写使能端,与所述第一写使能端连接,用于接收所述写使能信号;a second write enable terminal coupled to the first write enable terminal for receiving the write enable signal; 第一手动开关,设置在所述第一读使能端与所述第二读使能端之间,所述第一手动开关经人工控制使所述第一读使能端与所述第二读使能端之间连接或断开;a first manual switch disposed between the first read enable end and the second read enable end, the first manual switch being manually controlled to cause the first read enable end and the second Connect or disconnect between the read enable terminals; 第二手动开关,设置在所述第一写使能端与所述第二写使能端之间,所述第二手动开关经人工控制使所述第一写使能端与所述第二写使能端之间连接或断开;a second manual switch disposed between the first write enable end and the second write enable end, the second manual switch being manually controlled to cause the first write enable end and the Connecting or disconnecting the second write enable terminals; 开关操作授权模组,所述开关操作授权模组用于对所述第一手动开关和所述第二手动开关的至少一个用户进行身份认证,在身份认证同时通过时,所述开关操作授权模组开放对所述第一手动开关和所述第二手动开关进行断开或连接的操作权限。a switch operation authorization module, configured to perform identity authentication on at least one user of the first manual switch and the second manual switch, and when the identity authentication is simultaneously passed, the switch operation authorization The module opens an operation authority for disconnecting or connecting the first manual switch and the second manual switch. 根据权利要求8所述的计算机,其特征在于,所述处理器还包括多个第一数据传输端,所述存储器还包括分别与所述第一数据传输端连接的多个第二数据传输端。The computer according to claim 8, wherein the processor further comprises a plurality of first data transmission terminals, the memory further comprising a plurality of second data transmission ends respectively connected to the first data transmission end . 根据权利要求9所述的计算机,其特征在于,所述第一手动开关经人工控制令所述第一读使能端与所述第二读使能端之间连接,且所述处理器通过所述第一读使能端发出所述读使能信号,使得所述第二读使能端接收到所述读使能信号时,所述处理器通过所述多个第一数据传输端以及所述多个第二数据传输端从所述存储器读取数据。The computer according to claim 9, wherein the first manual switch is manually controlled to connect the first read enable end and the second read enable end, and the processor passes The first read enable end issues the read enable signal, so that when the second read enable end receives the read enable signal, the processor passes the plurality of first data transmission ends and The plurality of second data transmission terminals read data from the memory. 根据权利要求9所述的计算机,其特征在于,所述第二手动开关经人工控制令所述第一写使能端与所述第二写使能端之间连接,且所述处理器通过所述第一写使能端发出所述写使能信号,使得所述第二写使能端接收到所述写使能信号时,所述处理器通过所述多个第一数据传输端以及所述多个第二数据传输端向所述存储器写入数据。 The computer according to claim 9, wherein the second manual switch is manually controlled to connect the first write enable end and the second write enable end, and the processor Sending, by the first write enable end, the write enable signal, when the second write enable end receives the write enable signal, the processor passes the plurality of first data transmission ends And the plurality of second data transmission ends write data to the memory. 根据权利要求8所述的计算机,其特征在于,所述存储器设置为可以被互联网用户访问。The computer of claim 8 wherein said memory is configured to be accessible by an Internet user. 根据权利要求8所述的计算机,其特征在于,所述第一手动开关和所述第二手动开关为拉线开关,闸刀开关以及按钮开关中的至少一种。The computer of claim 8, wherein the first manual switch and the second manual switch are at least one of a wire switch, a knife switch, and a push button switch. 根据权利要求8所述的计算机,其特征在于,所述开关操作授权模组包括电子密码锁以及箱体,所述电子密码锁用于锁定所述箱体,所述第一手动开关和所述第二手动开关设置在所述箱体内,所述电子密码锁采集至少一个用户提供的身份信息,在判断到所采集到的身份信息与预先存储的身份信息一致时,身份认证通过,所述电子密码锁对所述箱体解除锁定,在判断到所采集到的身份信息与预先存储的身份信息不一致时,身份认证不通过,所述电子密码锁对所述箱体保持锁定。The computer according to claim 8, wherein said switch operation authorization module comprises an electronic code lock and a case, said electronic code lock is for locking said case, said first manual switch and said The second manual switch is disposed in the box, and the electronic password lock collects at least one identity information provided by the user, and when it is determined that the collected identity information is consistent with the pre-stored identity information, the identity authentication is passed. The electronic code lock unlocks the box. When it is determined that the collected identity information is inconsistent with the pre-stored identity information, the identity authentication fails, and the electronic code lock remains locked to the box. 根据权利要求14所述的计算机,其特征在于,所述身份信息包括用户信息、密码的至少一种或组合。The computer of claim 14, wherein the identity information comprises at least one or a combination of user information, a password. 根据权利要求15所述的计算机,其特征在于,所述密码为口令、指纹、视网膜、虹膜中的至少一个。 The computer according to claim 15, wherein the password is at least one of a password, a fingerprint, a retina, and an iris.
PCT/CN2014/086391 2014-09-05 2014-09-12 Computer Ceased WO2016033819A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410451981.1 2014-09-05
CN201410451981.1A CN105468996A (en) 2014-09-05 2014-09-05 Computer

Publications (1)

Publication Number Publication Date
WO2016033819A1 true WO2016033819A1 (en) 2016-03-10

Family

ID=55439059

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/086391 Ceased WO2016033819A1 (en) 2014-09-05 2014-09-12 Computer

Country Status (2)

Country Link
CN (1) CN105468996A (en)
WO (1) WO2016033819A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112836246A (en) * 2021-02-09 2021-05-25 无锡云动科技发展有限公司 Multi-network isolated cloud desktop connection system based on fingerprint identification

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090228711A1 (en) * 2008-03-06 2009-09-10 Samsung Electronics Co., Ltd. Processor apparatus having a security function
US20110225407A1 (en) * 2010-03-10 2011-09-15 Dell Products L.P. System and Method for Recovering From an Interrupted Encryption and Decryption Operation Performed on a Volume
CN102486755A (en) * 2010-12-03 2012-06-06 罗伯特·博世有限公司 Memory protection unit and method for controlling access to memory device
CN102789560A (en) * 2011-05-17 2012-11-21 三星电子株式会社 Data storage device, encoding unit, and system including same
CN204189172U (en) * 2014-09-05 2015-03-04 深圳市同盛绿色科技有限公司 A kind of computing machine

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100640876B1 (en) * 2004-11-17 2006-11-02 엘지전자 주식회사 Video decoding system of mobile broadcast receiver
CN101217366B (en) * 2007-01-04 2012-08-22 北京紫贝龙科技有限责任公司 A digital signature device with write protection
CN201047944Y (en) * 2007-05-11 2008-04-16 广东天海威数码技术有限公司 Personal computer capable of performing access control to memory space
CN102385673B (en) * 2011-07-19 2015-05-06 古丽 Human body lock

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090228711A1 (en) * 2008-03-06 2009-09-10 Samsung Electronics Co., Ltd. Processor apparatus having a security function
US20110225407A1 (en) * 2010-03-10 2011-09-15 Dell Products L.P. System and Method for Recovering From an Interrupted Encryption and Decryption Operation Performed on a Volume
CN102486755A (en) * 2010-12-03 2012-06-06 罗伯特·博世有限公司 Memory protection unit and method for controlling access to memory device
CN102789560A (en) * 2011-05-17 2012-11-21 三星电子株式会社 Data storage device, encoding unit, and system including same
CN204189172U (en) * 2014-09-05 2015-03-04 深圳市同盛绿色科技有限公司 A kind of computing machine

Also Published As

Publication number Publication date
CN105468996A (en) 2016-04-06

Similar Documents

Publication Publication Date Title
TW457417B (en) Computer system and method for providing secure password communications in a computer system
WO2017034312A1 (en) Apparatus and method for trusted execution environment based secure payment transactions
CN203746071U (en) Security computer based on encrypted hard disc
WO2014026442A1 (en) Identity authentication device and method thereof
WO2011062364A2 (en) User authentication system, user authentication apparatus, smart card, and user authentication method for ubiquitous authentication management
WO2012161505A1 (en) Method and apparatus for authenticating a non-volatile memory device
WO2015180281A1 (en) Determination method and system of mobile terminal for identifying user privilege based on fingerprint
CN101542452A (en) Authentication method, device and system for external storage device
KR101385929B1 (en) Certification and storage device with multi connector and finger print sensor
WO2019200958A1 (en) Composite identity authentication method and composite identity authentication system using same
CN103532980A (en) Internal and external network security access terminal
CN108701186A (en) The safety of dual factor anthentication template achieves and restores
WO2018040760A1 (en) Server, terminal, and verification method for authorization code thereof
US20240045945A1 (en) Systems and methods for computer security
WO2020159328A1 (en) Authentication information processing method and apparatus and user terminal including authentication information processing method apparatus
WO2014112695A1 (en) System for securing electronic device through two-factor authentication and method for securing electronic device using same
WO2016033819A1 (en) Computer
CN107735998A (en) The structure of network instrument and method of data network are accessed for networking component
CN105790935A (en) Independent-software-and-hardware-technology-based trusted authentication server
WO2021206289A1 (en) User authentication method, device and program
WO2016033820A1 (en) Computer and network intrusion detection method therefor
JP2004046820A (en) Authentication validation device and method for computer system
WO2017115965A1 (en) User identification system and method using autograph in plurality of terminals
WO2016033818A1 (en) Computer
CN102474498B (en) Subscriber Identification Device Authentication Method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14901417

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14901417

Country of ref document: EP

Kind code of ref document: A1