1. Field of Invention
The present invention relates to computer technology, in particularly to a computer security control method based on USB flash disk.
2. Description of Prior Art
With ever wider application of the computer and rapid development of computer technology, a growing number of tasks need to be fulfilled with the computer in the present information society, and the computer has been utilized to store and process an increasing amount of information related to various enterprises, corporations and personal information. An enterprise, a corporation or a person may not want other enterprise, corporation or person to obtain some information stored in the computer, since the obtaining of such information by others may bring about a severe results and lead to a huge loss. In this context, the confidentiality of the information stored in the computer has drawn more and more attention from enterprises, corporations as well individuals.
In order to prevent the information stored in the computer from being acquired by others, there are currently several security management measures as follows.
1) In order to prevent others from illegally using the computer and acquiring the data stored therein, a password verification process is prompt at the start-up of the computer. Typically, a dialogue box for inputting a user's log-on password pops up before the computer enters the operating system to ask the user to input associated log-on password. In addition, the user can put the computer into a locked state when leaving the computer, and the associated log-on password must be entered if any other personal wants to manipulate the computer under the locked state. Furthermore, the user may make such setting that the computer enters the standby or screen-protecting state automatically within a predetermined period of time after the departure of the user. In this case, the associated log-on password is also required if any other personal wants to operate the computer.
2) In addition to impose a security control on the computer, internal data of the computer needs to be further encrypted, especially in the case of multiple individuals sharing one computer. For example, password can be set for data, such as documents and the like, and only a user who knows and entered the proper password can obtain the information stored in the computer.
Since the above schemes prevent others from acquiring data inside the computer in such a simple manner of setting a password, and the set password is subjected to be decrypted by various existing decryption software, the purpose of secrecy cannot be substantially achieve in a sense.
A method called “Verification Method Based on Storage Medium Private Space of USB Flash Disk” is disclosed in Chinese Patent Application No.03137109.4 filed on Jun. 13, 2003. According to the verification method proposed by the application, the control of the user log-on and the close of the operating system as well as the encryption and decryption of a file are realized with USB flash disk and associated security software in the computer.
There are some problems in the above method, however.
1) Since a user can enter the operating system only after inputting an associated password manually, and the locked system can be unlocked only when the associated password is inputted manually, the operation becomes complicated for the user.
2) There is no management mechanism for files to be encrypted except general encryption and decryption process for a file.
3) No differential handling approach is provided for the case of multiple individuals sharing one computer, and different users are not provided with their own private space. Therefore, the same content will be presented to each of the users after he or she logs on the operating system, and the confidentiality of personal information is degraded in this case.
The object of the present invention is to provide a computer security control method based on USB flash disk.
According to the first aspect of the present invention, a computer security control method based on USB flash disk is proposed, in which a log-on password is provided in both of the USB flash disk and the operating system, and the USB flash disk interacts with the computer via USB interface. Said method comprises steps of:
Step A: starting up the operating system and entering a state of waiting for user log-on; and
Step B: in the case of normally plugging the USB flash disk in the USB interface, reading the password for logging on the operating system from the USB flash disk, comparing it with the password for logging on the operating system in the operating system, and logging on the operating system if the two passwords are identical with each other.
According to the second aspect of the present invention, a computer security control method based on USB flash disk is proposed, in which a private folder password is provided in both of the USB flash disk and the private folder(s) of the operating system, and one or more private folder passwords corresponding to the private folder(s) in the operating system, respectively, are provided in the USB flash disk. Said method comprises steps of: reading the corresponding private folder password from the USB flash disk at the time of opening the private folder after logging on the operating system, and opening the private folder if the read password is identical to the private folder password in the private folder.
According to the third aspect of the present invention, a computer security control method based on USB flash disk is proposed, in which a network service account number is provided in the USB flash disk, and said method comprises steps of:
after the operating system log-on and network service initiation, reading the network service account number from the USB flash disk, transferring it to a network server and then logging on the network service.
The present invention has the following benefits as compared with the prior art.
1) It is possible to realize authentication for automatic operating system log-on, private folder opening and network service log-on by writing in the USB flash disk the log-on password for operating system, the password of opening the private folder as well as the network service account number. Further, it is possible to automatically close the private folder, log off the network service and exit the operating system after the USB flash disk is withdrawn from the USB interface, and hence the security of personal information is effectively guaranteed.
2) Each private folder can be viewed only by the user having the corresponding USB flash disk while remaining invisible to other users of the one and same computer. Therefore, the confidentiality of personal information is enhanced.
Hereafter, a detailed explanation will be given to the computer security control method based on USB flash disk of the present invention in connection with specific embodiments and figures.
In order to realize the security control method of the present invention, it is necessary to install in the operating system the associated security software, which exchanges information with the USB flash disk via a USB interface. As the key to logging on the operating system, opening the private folder and logging on the network service, the USB flash disk in the invention has private space and normal space. The private space can also be referred to as reserved region, of which the property and content cannot be changed by a user and which serves as a storage region invisible to the user. The normal space is a storage region the user can utilize in a normal manner. With the interaction between the security software and the USB flash disk which has been inserted in the USB interface, it is possible to log on the operating system automatically as well as carry out authentication for opening the private folder, logging on the network service and the like after the operating system is logged on.
In the present invention, a predetermined identification can be provided on the mainboard of the computer. In the above process of installing the security software, the operating system first detects whether the predetermined identification exists on the mainboard and installs the security software if the answer is yes, otherwise prohibits installation of the security software.
For the purpose of logging on the operating system automatically as well as carrying out authentication for opening the private folder, logging on the network service and the like after the operating system is logged on, the first requirement is to write a password for associated authentication in USB flash disk. It is also necessary to create a private folder, store a password for private folder and a password for logging on the operating system. The detailed process is shown in
At step 100, the operating system installed with the security software is logged on.
At step 110, it is detected by the security software whether there is USB flash disk connected to the USB interface, and if there is, it is proceeded to step 120, otherwise the user is prompted to insert the USB flash disk and proceeding to step 120 after the detection of a normal connection.
At step 120, the user is prompted to input the password for logging on the operating system.
At step 130, the password for logging on the operating system is written in the private space or the normal space of the USB flash disk. The password is preferably written in the private space to ensure its security. The password for logging on the operating system can be further encrypted and then written in the private space of the USB flash disk. The password for logging on the operating system is written in the operating system at the same time of being written in the USB flash disk.
At step 140, the user is prompted to create a private folder. In the present invention, a private folder is a private disk space which is partitioned from a hard disk driver designated by the user and can be opened only with the prescribed password for private folder. Once opened, such space is utilized in the completely identical manner as that for a general disk.
At step 150, the desired password is input, capacity value and location for the private folder by the user, and the corresponding disk space based on the inputted capacity value and location is created by the security software. Besides, the disk space can be further encrypted;
At step 160, the password for private folder is written in the private space or the normal space of the USB flash disk. The password is preferably written in the private space to ensure its security. The password for private folder can be further encrypted and then written in the private space of the USB flash disk. The password for private folder is written in the operating system at the same time of being written in the USB flash disk. The private folder created here is used as the user's confidential private folder, which can be viewed by the user only after the insertion of the USB flash disk storing the password for private folder and the authentication of the password. Each computer may be used to create a plurality of private folders that use the one and same password for private folder or different passwords for private folder.
At step 170, the unique identification of the USB flash disk (e.g., the serial number of the USB flash disk) is further sent to a network server if the user needs to register network service, and a network service account number is allocated and returned by the network server.
At step 180, the network service account number is written in the private space or the normal space of the USB flash disk. The code is preferably written in the private space to ensure its security. The network service account number can be further encrypted and then written in the private space of the USB flash disk. The registration and writing of the network service account number may correspond to a plurality of service.
It will be appreciated that the steps 120-130 for creating the password for logging on the operating system, the steps 140-160 for creating the password for private folder and the steps 170-180 for creating the network service account number may not be executed in the above order, which is merely one example of the execution orders and illustrated for a simple description. Moreover, only certain password can be created in the above steps while other passwords can be established during the subsequent utilization of the USB flash disk.
A predetermined identification indicating the permission to create a password can further be stored in the initial USB flash disk. Such identification is fixed and written in a preset storage space of the USB flash disk, preferably the private space, in the process of manufacturing the USB flash disk by a manufacturer. In this case, it is first checked whether there is such identification in the USB flash disk before the creation of the above password, and the password is created if there is, otherwise the creation of the password is prohibited.
In this way, by storing various passwords for verification in the USB flash disk, it can perform the authentications such as system log-on, private folder opening and network service log-on.
At step 200, the operating system is started up, and a state of waiting for user log on is entered.
At step 210, it is checked whether the USB flash disk has been inserted, if the USB flash disk has been normally plugged in the USB interface, it is proceeded to step 220, and if no USB flash disk is inserted in the USB interface, the user is prompted to insert the USB flash disk and then proceeding to step 220, on the other hand, the user is prompted to input the password for logging on the operating system and logging on the operating system after the user has input the correct password for operating system.
At step 220, it is checked whether there is the password for logging on the operating system in the USB flash disk, if there is, the password for logging on the operating system is read from the USB flash disk, it is compared with the password for logging on the operating system in the operating system, and the operating system is logged on if the two passwords are identical, otherwise the user is prompted to input the password for logging on the operating system so as to log on the operating system. If the password has been encrypted and then written in the USB flash disk, the read password for logging on the operating system must be decrypted before compared with the password for logging on the operating system in the operating system. If there is no password for logging on the operating system in the USB flash disk, the user is prompted to input the password for logging on the operating system so as to logging on the operating system.
After logging on the operating system, the security software checks in real-time way whether the USB flash disk has been plugged out from the USB interface and puts the computer into the state of waiting for user log on if the USB flash disk has been pull out from the USB interface.
At step 300, it checked whether there is a private folder password in the USB flash disk when the user opens a private folder.
At step 310, it is proceeded to step 320 if there is, otherwise the steps for creating a private folder (the steps 140-160 in
At step 320, the private folder password in the USB flash disk is read by the security software while opening the private folder in the operating system and comparing the private folder passwords in the USB flash disk and the private folder. If the two passwords are identical, it is proceeded to step 330, otherwise terminating the flow. If encrypted, the private folder password written in the USB flash disk must be decrypted at first and then compared with the private folder password in the private folder.
At step 330, the private folder is displayed and decrypted. After that, the user can use the private folder in the same manner as that for a general disk.
After opening the private folder, the security software checks in a real-time fashion whether the USB flash disk has been plugged out from the USB interface and, if the USB flash disk has been plugged out from the USB interface, closes the private folder automatically, encrypts and then hides it in the operating system. Thereafter, the computer enters the state of waiting for user log-on.
Step 400, it is checked whether there is a network service account number in the USB flash disk after the user initiates network service.
At step 410, the network service account number is read, and information is transferred, such as the network service account number, to a network server and the network service is logged on if the network service account number is present in the USB flash disk. Otherwise, the network service registration flow (steps 170-180 in
After the network service is logged on, the security software checks in a real-time fashion whether the USB flash disk has been plugged out from the USB interface and, if the USB flash disk has been plugged out from the USB interface, logs out the network service automatically. Then, the computer enters the state of waiting for user log-on.
The above operations of private folder opening and network service log-on can be carried out simultaneously. In this case, if the USB flash disk has been plugged out from the USB interface, the private folder is closed automatically while the network service is logged out.
As can be seen from the above description, the present invention achieves the following effect as compared with the prior art.
1) It is possible to realize automatic authentication for logging on the operating system, opening the private folder and logging on the network service by writing in the USB flash disk the log-on password for operating system, the password of opening the private folder as well as the network service account number. Further, it is possible to automatically close the private folder, log off the network service and exit the operating system after the USB flash disk is plugged out from the USB interface, and hence the security of personal information is effectively guaranteed.
2) Each private folder can be viewed only by the user having the corresponding USB flash disk while remaining invisible to other users of the one and same computer. Therefore, the confidentiality of personal information is enhanced.
The above discloses only the preferred embodiment of the present invention and has no intention to limit the scope of the present invention. Any variation or substitution that can be readily envisaged by those skilled in the art should be encompassed in the scope of the invention, which is defined by the appended claims.
Number | Date | Country | Kind |
---|---|---|---|
200610101796.5 | Jul 2006 | CN | national |