+

CN112363968B - Improved communication method of USB interface - Google Patents

Improved communication method of USB interface Download PDF

Info

Publication number
CN112363968B
CN112363968B CN202011178880.3A CN202011178880A CN112363968B CN 112363968 B CN112363968 B CN 112363968B CN 202011178880 A CN202011178880 A CN 202011178880A CN 112363968 B CN112363968 B CN 112363968B
Authority
CN
China
Prior art keywords
upper computer
computer
usb
lower computer
data line
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011178880.3A
Other languages
Chinese (zh)
Other versions
CN112363968A (en
Inventor
陈玉树
代强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xinfeng Aerospace Equipment Co Ltd
Original Assignee
Beijing Xinfeng Aerospace Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xinfeng Aerospace Equipment Co Ltd filed Critical Beijing Xinfeng Aerospace Equipment Co Ltd
Priority to CN202011178880.3A priority Critical patent/CN112363968B/en
Publication of CN112363968A publication Critical patent/CN112363968A/en
Application granted granted Critical
Publication of CN112363968B publication Critical patent/CN112363968B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • G06F13/42Bus transfer protocol, e.g. handshake; Synchronisation
    • G06F13/4282Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Small-Scale Networks (AREA)

Abstract

An improved USB interface communication method is characterized by comprising the following steps of manufacturing an improved USB data line, specifically using a 9-pin data line for USB signal transmission to form a special interface line, namely setting 4 pins in the 9-pin data line as 4 pins of a standard USB interface, and keeping the other 5 pins in the data line to be only grounded and not used for signal and power transmission; the method is simple and convenient to use, meets the requirement of comprehensively guaranteeing the communication safety of the integrated equipment management machine (the upper computer) and the intelligent terminal (the lower computer), and achieves the communication guarantee. The requirement of confidentiality of communication is met.

Description

Improved communication method of USB interface
Technical Field
The invention relates to an improved communication method of a USB interface, which is used for equipping a virtual network for comprehensively ensuring the communication between an integrated management machine and an intelligent terminal and ensuring the confidentiality of the communication.
Background
According to the field maintenance support of certain equipment, an equipment comprehensive support management intelligent mobile terminal (intelligent terminal for short) is used as a data carrier, outfield operation data are collected through the intelligent terminal, and the data are transmitted to an equipment support integrated machine (integrated machine for short) through a USB cable. The common USB cable is convenient to transmit data, but the safety does not meet the requirements of special occasions, and the intelligent terminal and the equipment guarantee all-in-one machine (the upper computer) lack identity detection and authentication processes, so that the potential safety hazard of a server caused by the fact that an illegal terminal is connected into the upper computer cannot be avoided.
Based on the idea of realizing a TCP/IP protocol by a USB, according to RNIDS (Remote Network Driver Interface Specification) and under the specific application scene that a Network cannot be used, the invention forms a safe USB-based intelligent terminal and upper computer communication method by comprehensively modifying a Linux kernel Driver, an Android Driver and an SSL (Secure Sockets Layer) authentication program.
Disclosure of Invention
The invention aims to provide an improved communication method of a USB interface so as to ensure the communication safety of an equipment comprehensive guarantee management all-in-one machine server and an intelligent terminal.
An improved communication method of USB interface is characterized by that it includes the following steps,
step one, manufacturing an improved USB data line, specifically, using a 9-pin data line for USB signal transmission to form a special interface line, namely setting 4 pins in the 9-pin data line as 4 pins of a standard USB interface, and reserving the rest 5 pins in the data line for only grounding and not transmitting signals and power;
step two, making an upper computer PC and an external interface of the information to be transmitted and an interface of the lower computer intelligent terminal into an interface corresponding to the improved USB data line, and corresponding to 4 pins set in 9 pins of the improved USB data line one by one;
step three, physically connecting the PC of the upper computer with an external interface and an interface of the intelligent terminal of the lower computer by using an improved USB data line;
step four, after the upper computer PC and the lower computer are connected through the improved USB data line, the USB drive of the upper computer automatically executes judgment and operation on the lower computer, the upper computer PC verifies the identity information of the lower computer through an SSL certificate verification program on a Linux operating system and a customized USB-RNDIS drive terminal identity verification daemon, and meanwhile, the lower computer customizes a USB-RNDIS drive on an AOSP operating system and verifies the upper computer with the SSL certificate; the upper computer and the lower computer pass the verification, and bidirectional data transmission can be carried out.
The specific identity verification method process is as follows:
the identity verification adopts a bidirectional asymmetric encryption algorithm, the lower computer stores the public key of the upper computer and the CPUID, and the upper computer stores the public key of the lower computer and the CPUID; a checking step:
the first step is as follows: the lower computer sends an identity verification request to the server, and the upper computer responds to the CPUID random string encrypted by the private key of the upper computer;
the second step is that: the lower computer decrypts the received random string by the public key of the upper computer, checks the random string with a CPUID list of the upper computer stored locally, encrypts the CPUID information of the lower computer by the private key of the lower computer and sends the information to the upper computer; if the verification fails, the communication is terminated;
the third step: the upper computer decrypts the received random string by using the public key of the lower computer and verifies the random string with the CPUID list of the lower computer stored locally, and the two conditions are generally adopted, namely, a communication link is established after the verification is passed; if the verification fails, the communication is terminated;
step five, if the verification fails, the communication is terminated; if the verification is passed, the next step is carried out;
and step six, checking and communicating the USB cable to a lower computer of the upper computer, and specifically comprising the following steps:
the first step is as follows: the upper computer automatically negotiates RNDIS virtual networking with the lower computer through a USB;
the third step: monitoring the establishment of a virtual network by an upper computer automatic script;
the third step: the upper computer sets a local virtual network address parameter;
the fourth step: the upper computer service starts virtual network monitoring;
the fifth step: the lower computer starts a client APP;
and a sixth step: and data transmission is carried out between the lower computers of the upper computer.
The method is simple and convenient to use, meets the requirement of comprehensively guaranteeing the communication safety of the integrated equipment management machine (the upper computer) and the intelligent terminal (the lower computer), and achieves the communication guarantee. The requirement of confidentiality of communication is met.
Drawings
FIG. 1, a comparison of an improved USB interface on the left with an existing USB interface on the right;
fig. 2 is a schematic diagram of a link relationship between a single upper computer and a single lower computer;
FIG. 3 is a schematic diagram of a plurality of lower computers connected with an upper computer;
FIG. 4 is a schematic diagram of improved USB connection device communication.
Detailed Description
An improved communication method of USB interface is characterized by that it includes the following steps,
step one, manufacturing an improved USB data line, specifically, using a 9-pin data line for USB signal transmission to form a special interface line, namely setting 4 pins in the 9-pin data line as 4 pins of a standard USB interface, and reserving the rest 5 pins in the data line for only grounding and not transmitting signals and power;
step two, making an upper computer PC and an external interface of the information to be transmitted and an interface of the lower computer intelligent terminal into an interface corresponding to the improved USB data line, and corresponding to 4 pins set in 9 pins of the improved USB data line one by one;
step three, physically connecting the PC of the upper computer with an external interface and an interface of the intelligent terminal of the lower computer by using an improved USB data line;
step four, after the upper computer PC and the lower computer are connected through the improved USB data line, the USB drive of the upper computer automatically executes judgment and operation on the lower computer, the upper computer PC verifies the identity information of the lower computer through an SSL certificate verification program on a Linux operating system and a customized USB-RNDIS drive terminal identity verification daemon, and meanwhile, the lower computer customizes a USB-RNDIS drive on an AOSP operating system and verifies the upper computer with the SSL certificate; the upper computer and the lower computer pass the verification, and bidirectional data transmission can be carried out.
The specific identity verification method process is as follows:
the identity verification adopts a bidirectional asymmetric encryption algorithm, the lower computer stores the public key of the upper computer and the CPUID, and the upper computer stores the public key of the lower computer and the CPUID; a checking step:
the first step is as follows: the lower computer sends an identity verification request to the server, and the upper computer responds to the CPUID random string encrypted by the private key of the upper computer;
the second step is that: the lower computer decrypts the received random string by the public key of the upper computer, checks the random string with a CPUID list of the upper computer stored locally, encrypts the CPUID information of the lower computer by the private key of the lower computer and sends the information to the upper computer; if the verification fails, the communication is terminated;
the third step: the upper computer decrypts the received random string by using the public key of the lower computer and verifies the random string with the CPUID list of the lower computer stored locally, and the two conditions are generally adopted, namely, a communication link is established after the verification is passed; if the verification fails, the communication is terminated;
step five, if the verification fails, the communication is terminated; if the verification is passed, the next step is carried out;
and step six, checking and communicating the USB cable to a lower computer of the upper computer, and specifically comprising the following steps:
the first step is as follows: the upper computer automatically negotiates RNDIS virtual networking with the lower computer through a USB;
the third step: monitoring the establishment of a virtual network by an upper computer automatic script;
the third step: the upper computer sets a local virtual network address parameter;
the fourth step: the upper computer service starts virtual network monitoring;
the fifth step: the lower computer starts a client APP;
and a sixth step: and data transmission is carried out between the lower computers of the upper computer.
The integrated equipment comprehensive guarantee management all-in-one machine has the capability of expanding managed equipment models and other guarantee task data, and equipment guarantee data management software has the characteristic of three-person management and meets the requirements of confidentiality and safety.
The intelligent terminal is a reinforced mobile terminal which removes Wi-Fi and Bluetooth and is additionally provided with NFC hardware, and product data, task data, NFC label data and the like can be synchronized between the intelligent terminal and the all-in-one machine through a USB cable.
The equipment comprehensive guarantee management system software provides an equipment guarantee data comprehensive retrieval function, can inquire according to the model, the number, the delivery time, the user unit, the state and the position, and can check and record task information.
The equipment comprehensive guarantee management APP runs on the intelligent terminal and is used for collecting field operation task data.
The special USB cable initiates a communication request to the upper computer through the USB by the intelligent terminal, the two parties carry out identity authentication, the upper computer identifies the connected terminal codes through the USB link, the authentication is passed, and the two-way data communication mode is entered.
The customized USB drive is installed on the all-in-one machine, the intelligent terminal is connected with an upper computer (the all-in-one machine) through a USB cable, the USB drive of the upper computer judges whether the terminal equipment is legal or not, if the terminal equipment is legal, a communication agent program is started, interactive data communication between the mobile terminal and the server is completed, and downloading and uploading of data are achieved. The protocol is SSL certificate check communication protocol based on USB RNDIS. SSL enhanced USB RNDIS software packages are respectively developed at two ends of a server and a mobile terminal, a basic communication link is established by means of the USB RNDIS, and the SSL client certificate ensures that only a specific mobile terminal certificate is received for access, and the mobile terminal without a legal certificate is configured, so that even if a corresponding USB RNDIS driver is owned, data communication cannot be established with a host, and illegal terminals are effectively prevented from accessing an upper computer.
The RNDIS protocol takes an intelligent terminal as an initiating terminal, sends hardware ID and certificate information of the RNDIS protocol to an upper computer, the upper computer is in an initialization process of establishing connection with a mobile terminal, a terminal identity verification daemon records the hardware ID and the certificate of the initiating terminal, the validity of the certificate is verified, the identity of the mobile terminal is confirmed when the certificate is legal (signed and issued by an upper computer self-establishing CA) and the hardware ID is matched with the certificate, a link can be established, normal communication can be carried out between the APP and an application program of the upper computer, otherwise, the link is not established, the communication cannot be normally carried out, and an alarm prompt is given.
In order to ensure that the multi-path communication is not interfered mutually when a plurality of intelligent terminals are connected with an upper computer, a virtual port for requesting the application software of the upper computer is established for each intelligent terminal on the RNDIS drive of the upper computer, and the mutual isolation of the requests is ensured.
The customized plug is adopted in the scheme to replace a standard USB plug, and the plug and the cable position of the USB cable are adjusted to ensure that the non-customized cable cannot form a physical link for communication of an upper computer and a lower computer.
The protocol involves the following list of procedures:
ASOPRNDIS driver
LINUXRNDIS kernel module
3. Terminal identity verification daemon program
The present invention is described in detail below with reference to the attached drawings so that the advantages and features of the present invention can be more easily understood by those skilled in the art.
Fig. 1 shows that the modified USB interface is different from the standard USB interface. The conventional 9-pin serial port is used for providing USB four-core cable butt joint, and four pins 1, 2, 3 and 4 of the serial port are respectively corresponding to GND, DATA-, DATA + and VCC of the USB.
Fig. 2 shows a relationship between the upper PC and the lower intelligent PC from a physical link to software; after the USB physical link is connected with the upper computer and the lower computer, the SSL certificate verification program on the Linux operating system and the customized USB-RNDIS drive terminal identity verification daemon verify the identity information of the lower computer, meanwhile, the customized USB-RNDIS drive and the SSL certificate on the AOSP operating system verify the identity information of the upper computer, and the upper computer and the lower computer pass verification and can perform bidirectional data transmission.
The specific identity verification method process is as follows:
the identity verification adopts a bidirectional asymmetric encryption algorithm, the lower computer stores the public key of the upper computer and the CPUID, and the upper computer stores the public key of the lower computer and the CPUID. A checking step:
the first step is as follows: the lower computer sends an identity verification request to the server, and the upper computer responds to the CPUID random string encrypted by the private key of the upper computer;
the second step is that: the lower computer decrypts the received random string by the public key of the upper computer, checks the random string with a CPUID list of the upper computer stored locally, encrypts the CPUID information of the lower computer by the private key of the lower computer and sends the information to the upper computer; if the verification fails, the communication is terminated;
the third step: the upper computer decrypts the received random string by using the public key of the lower computer, checks the random string with a CPUID (compact peripheral device identifier) list of the lower computer stored locally, and establishes a communication link after the check is passed; if the verification fails, the communication is terminated.
The upper computer shown in fig. 3 is connected with the plurality of lower computers through USB cables, and the number of the upper computers connected with the lower computers depends on the number of USB interfaces of the upper computers.
The communication schematic diagram of the USB cable connected with the lower computer of the upper computer shown in FIG. 4 comprises the following steps:
the first step is as follows: the USB line is connected with the upper computer and the lower computer;
the second step is that: the upper computer automatically negotiates RNDIS virtual networking with the lower computer through a USB;
the third step: monitoring the establishment of a virtual network by an upper computer automatic script;
the fourth step: the upper computer sets a local virtual network address parameter;
the fifth step: the upper computer service starts virtual network monitoring;
and a sixth step: the lower computer starts a client APP;
the seventh step: data transmission is carried out between lower computers of the upper computer;
after the USB line is connected, the special USB driver of the upper computer automatically executes judgment and operation of the lower computer.

Claims (1)

1. An improved communication method of USB interface is characterized by that it includes the following steps,
step one, manufacturing an improved USB data line, specifically, using a 9-pin data line for USB signal transmission to form a special interface line, namely setting 4 pins in the 9-pin data line as 4 pins of a standard USB interface, and reserving the rest 5 pins in the data line for only grounding and not transmitting signals and power;
step two, making an upper computer PC and an external interface of the information to be transmitted and an interface of the lower computer intelligent terminal into an interface corresponding to the improved USB data line, and corresponding to 4 pins set in 9 pins of the improved USB data line one by one;
step three, physically connecting the PC of the upper computer with an external interface and an interface of the intelligent terminal of the lower computer by using an improved USB data line;
step four, after the upper computer PC and the lower computer are connected through the improved USB data line, the USB drive of the upper computer automatically executes judgment and operation on the lower computer, the upper computer PC verifies the identity information of the lower computer through an SSL certificate verification program on a Linux operating system and a customized USB-RNDIS drive terminal identity verification daemon, and meanwhile, the lower computer customizes a USB-RNDIS drive on an AOSP operating system and verifies the upper computer with the SSL certificate; the upper computer and the lower computer pass the verification, and bidirectional data transmission can be performed;
the specific identity verification method process is as follows:
the identity verification adopts a bidirectional asymmetric encryption algorithm, the lower computer stores the public key of the upper computer and the CPUID, and the upper computer stores the public key of the lower computer and the CPUID; a checking step:
the first step is as follows: the lower computer sends an identity verification request to the server, and the upper computer responds to the CPUID random string encrypted by the private key of the upper computer;
the second step is that: the lower computer decrypts the received random string by the public key of the upper computer, checks the random string with a CPUID list of the upper computer stored locally, encrypts the CPUID information of the lower computer by the private key of the lower computer and sends the information to the upper computer; if the verification fails, the communication is terminated;
the third step: the upper computer decrypts the received random string by using the public key of the lower computer and checks the received random string with a CPUID list of the lower computer stored locally, and the communication link is established when the two conditions are met; if the verification fails, the communication is terminated;
step five, if the verification fails, the communication is terminated; if the verification is passed, the next step is carried out;
and step six, checking and communicating the USB cable to a lower computer of the upper computer, and specifically comprising the following steps:
the first step is as follows: the upper computer automatically negotiates RNDIS virtual networking with the lower computer through a USB;
the third step: monitoring the establishment of a virtual network by an upper computer automatic script;
the third step: the upper computer sets a local virtual network address parameter;
the fourth step: the upper computer service starts virtual network monitoring;
the fifth step: the lower computer starts a client APP;
and a sixth step: and data transmission is carried out between the lower computers of the upper computer.
CN202011178880.3A 2020-10-29 2020-10-29 Improved communication method of USB interface Active CN112363968B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011178880.3A CN112363968B (en) 2020-10-29 2020-10-29 Improved communication method of USB interface

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011178880.3A CN112363968B (en) 2020-10-29 2020-10-29 Improved communication method of USB interface

Publications (2)

Publication Number Publication Date
CN112363968A CN112363968A (en) 2021-02-12
CN112363968B true CN112363968B (en) 2022-01-28

Family

ID=74512370

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011178880.3A Active CN112363968B (en) 2020-10-29 2020-10-29 Improved communication method of USB interface

Country Status (1)

Country Link
CN (1) CN112363968B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103238305A (en) * 2010-05-28 2013-08-07 安全第一公司 Accelerator system for use with secure data storage
CN103444153A (en) * 2011-03-22 2013-12-11 萨热姆防务安全公司 Method and device for connecting to high security network
CN103608794A (en) * 2011-06-17 2014-02-26 阿尔卡特朗讯 Method and apparatus for remote delivery of managed usb services via a mobile computing device
CN105337977A (en) * 2015-11-16 2016-02-17 苏州通付盾信息技术有限公司 Secure mobile communication architecture with dynamic two-way authentication and implementation method thereof

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9071441B2 (en) * 2010-01-04 2015-06-30 Google Inc. Identification and authorization of communication devices

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103238305A (en) * 2010-05-28 2013-08-07 安全第一公司 Accelerator system for use with secure data storage
CN103444153A (en) * 2011-03-22 2013-12-11 萨热姆防务安全公司 Method and device for connecting to high security network
CN103608794A (en) * 2011-06-17 2014-02-26 阿尔卡特朗讯 Method and apparatus for remote delivery of managed usb services via a mobile computing device
CN105337977A (en) * 2015-11-16 2016-02-17 苏州通付盾信息技术有限公司 Secure mobile communication architecture with dynamic two-way authentication and implementation method thereof

Also Published As

Publication number Publication date
CN112363968A (en) 2021-02-12

Similar Documents

Publication Publication Date Title
CN102663300B (en) Media player and annex
KR100906119B1 (en) Distributed filesystem network security extension
JP6656157B2 (en) Network connection automation
CN108512846A (en) Mutual authentication method and device between a kind of terminal and server
US20030131257A1 (en) Method and apparatus for initiating strong encryption using existing SSL connection for secure key exchange
CN101442527A (en) Remote Provisioning Using Device Identifiers
CN104202185A (en) Backup method and backup device for communication data
CN111586021B (en) Remote office business authorization method, terminal and system
CN110716831A (en) Terminal, debugging system of USB (universal serial bus) equipment and debugging method of USB equipment
KR101430861B1 (en) Security information sharing system and execution method thereof
CN115250203A (en) A method, device and related products for controlling equipment access
CN106656457A (en) Method, device and system for safe access of data based on VPN
CN109842600B (en) A method, terminal device and MDM device for realizing mobile office
CN112363968B (en) Improved communication method of USB interface
CN114338132A (en) Secret-free login method, client application, operator server and electronic equipment
CN110278127B (en) Agent deployment method and system based on secure transmission protocol
CN119127765A (en) USB device access method, device, terminal device and storage medium
CN110602693B (en) Networking method and equipment of wireless network
CN112926093A (en) Singlechip firmware encryption downloading management system based on cloud service
CN103701644A (en) Operation and maintenance method and system of IT (information technology) equipment
CN115001936B (en) Operation and maintenance management system and method based on management agent and computer equipment
CN102255902A (en) Network equipment function sharing method and device
CN115514503B (en) A method and device for remotely logging into batch server devices
JP5705699B2 (en) Connection control system and connection control method
CN114240624B (en) Method and device for reporting and releasing bank card loss

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载