公开(公告)号：US10114953B2

公开(公告)日：2018-10-30

申请号：US12455637

申请日：2009-06-04

Applicant: Zhou Lu ,  Huazhang Yu

Inventor： Zhou Lu ,  Huazhang Yu

IPC: G06F9/44 ,  G06F21/57

Abstract: The invention discloses a method and a system of upgrading firmware of a card reader. In the method, a card reader is connected to an IC card; the card reader determines whether the IC card is an IC card for upgrading, if it is, the card reader makes one-way or mutual authentication with the IC card; after a successful authentication, the card reader acquires files for upgrading the firmware of the card reader. The system includes a card reader and an IC card. The firmware of card reader is upgraded in the invention by acquiring the files for upgrading from an IC card in which the files for upgrading are pre-stored. The invention improves the efficiency of upgrading the card reader and also improves the security of the upgrading by the authentication between the card reader and the IC card.

公开(公告)号：US09047486B2

公开(公告)日：2015-06-02

申请号：US13286520

申请日：2011-11-01

Applicant: Zhou Lu ,  Huazhang Yu

Inventor： Zhou Lu ,  Huazhang Yu

IPC: G06F7/04 ,  G06F21/62 ,  G06F9/455 ,  G06F21/34

CPC classification number: G06F21/6245 ,  G06F9/45537 ,  G06F21/34 ,  G06F2221/2149

Abstract: The present invention is directed to a method for virtualizing a personal working environment and a device for the same, relating to the information security field. The method comprises the steps of: installing a Virtual Machine (VM) environment on a device; upon virtualizing the personal working environment, connecting the device to a host, loading the VM environment into the host; and responding to a user operation and saving data of the user operation to the device by the VM environment. The device comprises a communication interface module, a VM environment storage module, and a control module. The present invention provides a means for secure and convenient mobile work.

公开(公告)号：US08862790B2

公开(公告)日：2014-10-14

申请号：US13640997

申请日：2011-09-15

Applicant: Zhou Lu ,  Huazhang Yu

Inventor： Zhou Lu ,  Huazhang Yu

IPC: G06F3/00 ,  G06F9/44

CPC classification number: G06F9/4411

Abstract: The invention provides a method for identifying version type of a Windows operating system on a host by USB device, relating to operating system field and including steps: A, USB device is powered on and initialized; B, the USB device performs USB enumeration, determines whether a first predetermined instruction is received in process of USB enumeration, if yes, determines the operating system is a first operating system and goes to Step D, if no, goes to C; C, the USB device determines the device type returned in process of USB enumeration, if it is a CCID device, determines whether the received instruction includes a second predetermined instruction, if yes, determines the operating system is a second operating system, if no, determines the operating system is a third operating system; when the device is an SCSI device, the USB device determines whether the second received SCSI instruction is a third predetermined instruction or fourth predetermined instruction, if it is the third predetermined instruction, determines that the operating system is a second operating system, if it is the fourth predetermined instruction, determines that the operating system is a third operating system; D, the USB device establishes communication with the host, waits for instruction sent by the host and returns related information to the host according to the determined type of the host operating system.

Abstract translation: 本发明提供了一种用于通过USB设备识别主机上的Windows操作系统的版本类型的方法，涉及操作系统领域并且包括以下步骤：A，USB设备被通电和初始化; B，USB设备执行USB枚举，确定在USB枚举过程中是否接收到第一预定指令，如果是，则确定操作系统是第一操作系统，并且如果否，则转到步骤D; 如图C所示，USB设备确定USB枚举过程中返回的设备类型，如果它是CCID设备，则确定接收到的指令是否包括第二预定指令，如果是，则确定操作系统是第二操作系统，如果否， 确定操作系统是第三个操作系统; 当设备是SCSI设备时，USB设备确定第二接收到的SCSI指令是否是第三预定指令或第四预定指令，如果它是第三预定指令，则确定操作系统是第二操作系统，如果是 第四预定指令确定操作系统是第三操作系统; D，USB设备与主机建立通信，等待主机发送的指令，并根据主机操作系统的确定类型向主机返回相关信息。

公开(公告)号：US08856521B2

公开(公告)日：2014-10-07

申请号：US13696200

申请日：2011-05-04

Applicant: Zhou Lu ,  Huazhang Yu

Inventor： Zhou Lu ,  Huazhang Yu

IPC: G06F21/00 ,  G06F21/60 ,  G06F21/62

CPC classification number: G06F21/602 ,  G06F21/6209 ,  G06F21/6218

Abstract: The invention discloses a file protecting method and a system therefor, relating to the information security field. The method includes: an application receives an instruction for opening a protected file sent by a user and invokes an upper interface of an operation system, and the upper interface sends an instruction for opening the protected file sent by a file system, and a filter driver intercepts the instruction for opening the protected file sent by the upper-layer interface to the file system, if the filter driver determines that the application is valid, it creates an image file on a virtual disk for the protected file, and returns a handler of the image file and reads or writes the protected file by the handler, which avoids a possible disclosure of plain text of the protected file in a buffer in prior art.

Abstract translation: 本发明公开了一种与信息安全领域相关的文件保护方法及其系统。 该方法包括：应用接收用于打开用户发送的受保护文件的指令，并调用操作系统的上层接口，上层接口发送用于打开文件系统发送的受保护文件的指令，以及过滤器驱动程序 截取打开上层接口发送到文件系统的受保护文件的指令，如果过滤器驱动程序确定应用程序有效，则在受保护文件的虚拟磁盘上创建一个映像文件，并返回一个 图像文件，并由处理程序读取或写入受保护的文件，这避免了在现有技术的缓冲器中可能泄露受保护文件的纯文本。

公开(公告)号：US20140208403A1

公开(公告)日：2014-07-24

申请号：US13806311

申请日：2011-12-27

Applicant: Zhou Lu ,  Huazhang Yu

Inventor： Zhou Lu ,  Huazhang Yu

IPC: H04L29/06

CPC classification number: H04L63/0838 ,  H04K1/00 ,  H04L9/3226 ,  H04L63/0823

Abstract: The invention provides a method for identifying pulse optical signal, including: a. receiving first trigger information; b. collecting and identifying pulse optical signal with a predetermined method to obtain a unit of data; c. parsing the unit of data and determining type of it, if the unit of data is a unit of data representing header information, step d is executed; or if the unit of data is other type of unit of data, step b is executed; d. going on collecting and identifying pulse optical signal with the predetermined method to obtain a unit of data; e. determining whether all units of data corresponding to the unit of data representing the header information is received; f. packeting the unit of data representing the header information with all corresponding units of data into a group of data packets. The invention converts the pulse optical signal into bits, packets and converts the bits into a data packet, and receives the photosensitive-transfer information which accelerates the process of obtaining required data by a signal identifying device.

Abstract translation: 本发明提供一种识别脉冲光信号的方法，包括：a。 接收第一触发信息; b。 以预定方法收集和识别脉冲光信号以获得数据单位; C。 解析数据单元并确定其类型，如果数据单元是表示头信息的数据单元，则执行步骤d; 或者如果数据单位是数据单位的其他类型，则执行步骤b; d。 以预定方法收集和识别脉冲光信号以获得数据单位; e。 确定是否接收到对应于表示头部信息的数据单元的所有数据单元; F。 将表示头部信息的数据的单位与所有对应的数据单元打包成一组数据分组。 本发明将脉冲光信号转换为比特，分组，并将比特转换为数据分组，并且接收通过信号识别装置加速获得所需数据的处理的光敏传输信息。

公开(公告)号：US08789166B2

公开(公告)日：2014-07-22

申请号：US13502772

申请日：2010-10-29

Applicant: Zhou Lu ,  Huazhang Yu

Inventor： Zhou Lu ,  Huazhang Yu

IPC: G06F7/04 ,  H04L29/06 ,  H04L9/16 ,  H04L9/32

CPC classification number: H04L9/16 ,  H04L9/3226 ,  H04L63/0846 ,  H04L63/1483 ,  H04L2209/56

Abstract: The invention discloses an authenticating method and a system thereof, which relates to information security field and solves the problem that the user information is not safe in transaction process. The embodiment of the invention comprises that the server side receives user data information and a first dynamic password sent from the user side; the server side generates the first authenticating dynamic password according to the user data information; server side verifies the first dynamic password according to the first authenticating dynamic password and generates the second authenticating dynamic password after successful verification; the server side sends the second authenticating dynamic or the first password to the user side; the server side executes the transaction data in the user data information or permits the user to log on after using a third authenticating dynamic password generated by the server side to verify the user data information or the third dynamic password sent from the user side successfully. The invention enhances the safety of transaction for the user and prevents the user from loss caused by logging on phishing website by the user.

Abstract translation: 本发明公开了一种与信息安全领域相关的认证方法及其系统，解决了用户信息在交易过程中不安全的问题。 本发明的实施例包括服务器侧接收从用户侧发送的用户数据信息和第一动态密码; 服务器端根据用户数据信息生成第一认证动态密码; 服务器端根据第一个验证动态密码验证第一个动态密码，并在验证成功后生成第二个验证动态密码; 服务器侧向用户侧发送第二认证动态或第一密码; 服务器端执行用户数据信息中的交易数据，或者允许用户在使用由服务器端生成的第三认证动态密码之后登录，以验证用户端发送的用户数据信息或第三动态密码。 本发明增强了用户交易的安全性，防止用户因用户登录网络钓鱼网站而导致的丢失。

公开(公告)号：US08528008B2

公开(公告)日：2013-09-03

申请号：US12411629

申请日：2009-03-26

Applicant: Zhou Lu ,  Huazhang Yu

Inventor： Zhou Lu ,  Huazhang Yu

IPC: G06F3/00 ,  G06F9/45

CPC classification number: G06F21/14

Abstract: A method and system for program protection based on a .NET card. The method includes compiling, by a first device, first source code into a first assembly, and storing the first assembly to a .NET card. Information of a remotely invoked class in the first source code is extracted to form a new class. A remote invocation instruction is written in the new class to generate second source code. The second source code is compiled into a second assembly, and the .NET card and the second assembly are provided to a second device. The second device executes the second assembly, remotely invoking the class in the first source code, executing the class at the .NET card via an interface of the .NET card, and receiving an execution result returned by the .NET card. The system includes a .NET card, a first device and a second device.

Abstract translation: 基于.NET卡的程序保护方法和系统。 该方法包括由第一设备将第一源代码编译成第一组件，以及将第一组件存储到.NET卡。 提取第一个源代码中的远程调用类的信息以形成一个新类。 远程调用指令被写入新类以生成第二个源代码。 将第二个源代码编译成第二个程序集，将.NET卡和第二个程序集提供给第二个程序。 第二个设备执行第二个程序集，远程调用第一个源代码中的类，通过.NET卡的接口在.NET卡上执行该类，并接收.NET卡返回的执行结果。 该系统包括.NET卡，第一设备和第二设备。

公开(公告)号：US08522352B2

公开(公告)日：2013-08-27

申请号：US11876195

申请日：2007-10-22

Applicant: Zhou Lu ,  Huazhang Yu

Inventor： Zhou Lu ,  Huazhang Yu

IPC: G06F21/00

CPC classification number: G06F21/32 ,  G06F21/34 ,  G06F21/602 ,  G06F21/78

Abstract: A key device with external storage and its method of use, which relates to the computer security technology field, is disclosed herein. The key device with external storage consists of a micro-controller unit and an off-chip mass storage. The micro-controller unit comprises a host interface module, a CPU, a key data storage module, a firmware program storage module, and an off-chip mass storage interface module. The method of using the key device with external storage includes: the key device builds connection with the host and reports itself as a mass storage device; the host starts the application program; and the user uses and manages the information. The usability of the key device is improved by adding off-chip mass storage in the key device, which makes the user use and manage the files in the key device easily as well.

Abstract translation: 本文公开了一种具有外部存储器的关键装置及其使用方法，涉及计算机安全技术领域。 带有外部存储器的关键设备由微控制器单元和片外大容量存储器组成。 微控制器单元包括主机接口模块，CPU，密钥数据存储模块，固件程序存储模块和片外大容量存储接口模块。 使用带有外部存储的关键设备的方法包括：关键设备与主机建立连接并将其自身报告为大容量存储设备; 主机启动应用程序; 用户使用和管理信息。 通过在关键设备中添加芯片外大容量存储来提高关键设备的可用性，这使得用户也可以轻松地使用和管理关键设备中的文件。

公开(公告)号：US08522351B2

公开(公告)日：2013-08-27

申请号：US11535412

申请日：2006-09-26

Applicant: Zhou Lu ,  Huazhang Yu

Inventor： Zhou Lu ,  Huazhang Yu

IPC: H04L29/06

CPC classification number: G06F21/34 ,  G06F21/32

Abstract: The present invention relates to a production security control apparatus for software products and the control method thereof. The present invention uses security control devices to control the production process for software products, which ensures that the production process cannot proceed without appropriate security control device. There are many ways to embody the present invention and the security level can be customized. The device is simple and easy to use. In addition, the leak of protected code can be prevented—because the data in the production host is not copied to the dongle directly, unauthorized dongles cannot work with the software itself directly. Moreover, the unauthorized production of dongles can be prevented as well—the production number of dongles is also restricted by the developer, which ensures that illegal bulk production cannot occur without authorization.

Abstract translation: 本发明涉及一种软件产品的生产安全控制装置及其控制方法。 本发明使用安全控制装置来控制软件产品的生产过程，这确保了在没有适当的安全控制装置的情况下生产过程不能进行。 有很多方式来体现本发明，并且可以定制安全级别。 该设备简单易用。 此外，可以防止受保护代码的泄漏，因为生产主机中的数据不会直接复制到加密狗，未授权的加密狗不能直接与软件本身一起工作。 此外，还可以防止加密狗的未授权生产，加密狗的生产数量也受到开发商的限制，这确保非法批量生产不能在未经授权的情况下发生。

公开(公告)号：US20130160103A1

公开(公告)日：2013-06-20

申请号：US13700466

申请日：2011-11-30

Applicant: Zhou Lu ,  Huazhang Yu

Inventor： Zhou Lu ,  Huazhang Yu

IPC: G06F21/31

CPC classification number: H04L63/0838 ,  G06F21/31 ,  H04L9/3247 ,  H04L9/3271 ,  H04L63/08 ,  H04L63/18 ,  H04L2209/56

Abstract: An image collection based information security method and system is disclosed. The method includes a server side receiving a first transaction data sent by a client side and generating a second transaction data with the first data. The server converts the second data into an image, and sends the image to the client. A dynamic token collects the image, pre-processes, and converts the image into a third transaction data, and displays the third data for user's confirmation. The token generates and displays a second dynamic password according to the third data. The client receives the second password input by a user and sends same to the server. The server receives the second password and generates a first dynamic password, determines whether the first password is identical to the second password; if yes, the authentication is successful and the transaction is executed; if no, the transaction is cancelled.

Abstract translation: 公开了一种基于图像采集的信息安全方法和系统。 该方法包括：服务器端，接收由客户端发送的第一事务数据，并产生具有第一数据的第二事务数据。 服务器将第二个数据转换为图像，并将图像发送给客户端。 动态令牌收集图像，预处理，并将图像转换为第三个交易数据，并显示第三个数据供用户确认。 令牌根据第三个数据生成并显示第二个动态密码。 客户端接收用户输入的第二个密码，并将其发送到服务器。 服务器接收第二个密码并生成第一个动态密码，确定第一个密码是否与第二个密码相同; 如果是，验证成功并执行事务; 如果否，交易将被取消。