As e-business develops fast, working is increasingly dependent on computers and the network in business affairs. And applications, such as MS Office, electronic mailbox, chat tools, and forums, are frequently used for work.
The requirements for security of information boost development of the information security device, which is a portable and removable hardware device. The small-sized information security device contains a processor and a storage unit. It can be connected to a host via a data communication interface of the host. Typically, the processor takes advantage of a security-designed chip, so that the so-called key generation, key security storage, and preset cryptographic algorithms are implemented through its built-in security mechanism. Additionally, sensitive information, like passwords and certificates, can be stored in the information security device to guarantee security or prevent it from being forgotten. Operations relating to keys are fully performed inside the information security device. Moreover, the information security device is an anti-attack device. Generally, the information security device is connected to a host via a USB (Universal Serial Bus) interface, so that the information security device is also called the USB key or the USB token. At this time, the advanced information security device is programmable, in other words, the previously stored code can be executed in the information security device.
In addition to capabilities of common embedded microcontrollers, the security-designed chip also incorporates security. Special processing relating to security is applied to the architecture of the security-designed chip during its design phase. For example, the security-designed chip employs a specific security kernel, which provides supports for multiple states with different right definitions, so as to implement management of access to hardware resources, support for randomization of instruction execution time (i.e. instruction cycle), support for switch of chip states through its interrupt system, so as to implement control over different levels of security to support multi-applications. In addition, the kernel may also contain a MMU (Memory Management Unit) for separating logic addresses from physical addresses and mapping addresses, providing supports for the implementation of application (or multi-applications) and security from the architecture and forming a hardware firewall along with the different states. The interrupt system can also support passing and switching of interfaces and privileges for system databases and user programs. The security-designed chip can be equipped with a non-volatile memory as its storage medium. Generally, the security-designed chip complies with some standards or is certified by authorities to guarantee its security. These standards and certification include, for example, TCG TPM v1.2, ISO15408, and certain standards of China Password Administration Committee. One of the commercially available security-designed chips is ST19WP18 from STMicroelectronics has been successfully certified by EAL5+(Common Criteria Evaluation Assurance Level 5 plus), which is one of the highest levels for this kind of products in ISO15408 standard.
In view of the features of the information security device, the information security device has been widely applied to identity authentication, online banking and VPN (Virtual Private Network) in recent years. The information security device can also be used to encrypt or decrypt data stored in it for the purpose of software protection. In addition, the information security device can be used for the so-called data interaction (encrypting data written in or decrypting data read out), identify authentication information processing, storing/verifying passwords, storing/verifying signatures, storing/verifying certificates, access control, and data operation on preset code, etc. In particular, the preset code may be a preset user software fragment, which cannot be read outside the information security device and can only be operated within the device, and a preset software protection application interface function, which is an interface-level function between the information security device and the software developer application, etc.
CDs, hard disks, and mass storage devices are easy to use with the autorun function. In general, programs that can be executed automatically are called autorun programs. The system is notified of which program is to be executed and which its path is by an autorun program, so that the program is executed automatically. When a CD with an autorun program is inserted into or a mass storage device with an autorun program is connected to a host system, the autorun program will automatically load a relevant file, such as a .exe (executable) file, a .reg (registry) file, a .GIF file, a .HTML file, a .PDF file, etc., because the autorun program contains commands (for changing drive icon, executing a program, etc.) to be executed automatically.
The Virtual Machine (VM) is a virtualized “computer” by its literal meaning. The virtualized “computer” is almost just like a real computer, except that its hard disk is virtualized from within a file. Therefore, the settings of the VM can be modified in any way, without tampering the computer itself. The VM is a system that supports multiple operating systems running in parallel on a single physical server, thus providing more efficient use of lower level hardware. In the VM, the Central Processing Unit (CPU) chip assigns a memory area from other segments of the system and the operating system and applications run in a protected mode. The client operating system and applications can run on the VM, without support by a network adapter.
The working environment herein refers to all application programs and application environments needed in work, such as popular work software like Microsoft Office (including Word, Excel, Powerpoint) and Outlook, chat applications like MSN and QQ, and personal preferences like a browser application, etc.
Generally, people build a personal working environment, set logon passwords for applications, save private files etc. in their computer for carrying out their work. However, it is no longer for this manner to meet the needs now for the security and convenience. When working outside the office or at home, people have to remember many passwords for their mailboxes, or instant communication tools, such as MSN and QQ. And the classic websites cannot be retrieved by the working computer versus the one that is located at the office. Moreover, personal private files or other confidential files cannot be saved securely on computers other than the office computers. It is also possible that personal accounts for applications and associated data of the owner of the accounts and even those of his friends are hacked by hard drive analysis or logging in as Administrator or the owner's role and resetting passwords, on a computer with which the owner does not have full control.