Search

CN-122001644-A - Enterprise-level zero-trust security hub and USB access security management and control method

CN122001644ACN 122001644 ACN122001644 ACN 122001644ACN-122001644-A

Abstract

The application provides an enterprise-level zero-trust security hub and a USB access security management and control method, and belongs to the technical field of hubs. The enterprise-level zero-trust security hub comprises a USB extension module, a device detection module, a type judgment module and a port switching module, wherein the USB extension module is used for extending a USB downlink port of a host machine and is used for being accessed by external USB equipment, the uplink end of the USB extension module is connected with the port switching module, the device detection module is connected with the USB extension module and is used for capturing access signals of the external USB equipment and processing the access signals, the type judgment module is connected with the device detection module and is used for receiving the processed access signals and carrying out type identification on all the accessed external USB equipment, and the port switching module is respectively connected with the type judgment module and a USB interface of the host machine and is used for controlling the on-off of the USB extension module and the USB interface of the host machine according to the identification result of the type judgment module.

Inventors

  • ZHAI YAOBIN
  • ZONG LU

Assignees

  • 贵州一溪云科技有限公司

Dates

Publication Date
20260508
Application Date
20260129

Claims (10)

  1. 1. The enterprise-level zero-trust security hub is characterized by comprising a USB extension module, a device detection module, a type judgment module and a port switching module, wherein, The USB expansion module is used for expanding a host USB downlink port for external USB equipment to access, and the uplink end of the USB expansion module is connected with the port switching module; the device detection module is connected with the USB expansion module and is used for capturing an access signal of external USB equipment and processing the access signal; the type judging module is connected with the equipment detecting module and is used for receiving the processed access signals and carrying out type identification on all the accessed external USB equipment; The port switching module is respectively connected with the type judging module and the host USB interface and is used for controlling the on-off of the USB expansion module and the host USB interface according to the identification result of the type judging module so as to conduct safety control.
  2. 2. The enterprise-level zero trust security hub of claim 1, wherein the USB extension module comprises at least two USB3.0 hub chips, the two USB3.0 hub chips cooperatively extend to form at least 7 USB downstream ports, and all USB downstream ports are correspondingly connected with the device detection module.
  3. 3. The enterprise-level zero trust security hub according to claim 1, wherein the device detection module comprises a USB hub chip and a signal processing circuit, the USB hub chip corresponds to a downstream port of the USB expansion module one by one, when an external USB device is accessed, a pin corresponding to the USB hub chip outputs a PWM signal, and the signal processing circuit converts the PWM signal and outputs a level signal to the type judgment module.
  4. 4. The enterprise-level zero-trust security hub of claim 3, wherein the signal processing circuit is an integrating circuit, the integrating circuit is provided with 7 independent branches, each independent branch corresponds to one USB downstream port of the USB expansion module, and each independent branch comprises a resistor, a capacitor and a switching tube for independently processing PWM signals of the corresponding port.
  5. 5. The enterprise-level zero trust security hub according to claim 1, wherein the type judging module is an ARM SOC chip, and the ARM SOC chip is connected with the device detecting module through an IO interface, and is configured to receive a level signal, analyze a type of an access device based on a USB device protocol, and identify whether the access device is a storage device or a communication device.
  6. 6. The enterprise-level zero-trust security hub of claim 1, wherein the port switching module is a USB3.0 high-speed switch, a first end of the USB3.0 high-speed switch is connected to an upstream end of the USB expansion module, a second end of the USB3.0 high-speed switch is connected to a communication interface of the type determination module, a third end of the USB3.0 high-speed switch is connected to a USB interface of the host, and the connection object is switched by a switching control signal.
  7. 7. The enterprise-level zero-trust security hub of claim 1, wherein when a plurality of external USB devices are simultaneously connected to the USB extension module, the type judgment module performs unified type identification on all connected external USB devices based on a signal change triggered by a last external USB device connected.
  8. 8. The enterprise-level zero-trust security hub of claim 1, wherein the type judgment module sends a disconnection control signal to the port switching module when recognizing that a storage type or a communication type USB device exists, the port switching module cuts off the connection between the USB expansion module and the host USB interface and keeps the connection with the type judgment module, and the type judgment module sends a connection control signal when recognizing that no storage type or communication type USB device exists, and the port switching module conducts the connection between the USB expansion module and the host USB interface.
  9. 9. The enterprise-level zero-trust security hub according to claim 1, wherein the enterprise-level zero-trust security hub adopts a solidified structure design, does not retain an original USB interface of a host, only retains a special docking interface adapted to the USB expansion module, and the special docking interface is fixed by a physical fastener or welding manner, and is released from a fixed state under a physical effect.
  10. 10. An enterprise-level zero-trust USB access security management and control method, wherein the method is applied to the enterprise-level zero-trust security hub according to any one of claims 1-9, and the method comprises: the device detection module captures an access signal of external device of the USB downlink port in real time, processes the access signal and transmits the processed access signal to the type judgment module; The type judging module receives the processed access signals, carries out type identification on all accessed external USB devices and judges whether storage type or communication type USB devices exist or not; and the port switching module controls the on-off state of the USB expansion module and the USB interface of the host according to the identification result of the type judging module.

Description

Enterprise-level zero-trust security hub and USB access security management and control method Technical Field The application relates to the technical field of hubs, in particular to an enterprise-level zero-trust security hub and a USB access security management and control method. Background In the information age, the connection demands of various terminal devices and hosts are increasing, the number of USB interfaces originally configured on a main board and a case is difficult to meet the use scene of simultaneous access of multiple devices, so that the USB hub has the core effects of expanding the number of USB interfaces of the hosts, solving the pain point of insufficient interface resources and providing more convenient device connection experience for users. The main current USB hub belongs to the primary first-generation hub solution, mainly faces the consumer market, and the design core is only focused on an interface expansion function, lacks the type identification and judgment capability of accessing USB equipment, and all the access equipment is directly managed by a host operating system by default without setting any front-end safety protection mechanism. However, with the increasing importance of the country to the security of data assets, the risks of data leakage and virus propagation become a serious hidden trouble in the process of digital transformation and intelligent construction of various industries. The existing USB hub has no design of safety control, when the interception mode of the USB device is displayed in combination with the simple dependence on software or a system level, the USB hub is easy to crack, cracking operation is easy to leave no trace, for example, disk data can be illegally extracted or virus can be implanted by starting the USB flash disk to shut down and insert the USB flash disk, and after the host is restarted to an original system, the virus can be diffused in an intranet, so that a great safety blind area is caused for internal information management, and the data safety is seriously threatened. Therefore, a USB hub with a security management capability is needed, which solves the problems of lack of equipment identification and front protection, easy data leakage and virus propagation of the existing hub, and provides reliable USB access security for enterprise-level scenarios. Disclosure of Invention In view of the above, the application provides an enterprise-level zero-trust security hub and a USB access security management and control method, which are used for solving the problems that the existing hub lacks equipment identification and front protection and is easy to cause data leakage and virus propagation, and providing reliable USB access security guarantee for enterprise-level scenes. Specifically, the application is realized by the following technical scheme: The first aspect of the application provides an enterprise-level zero-trust security hub, which comprises a USB extension module, a device detection module, a type judgment module and a port switching module, wherein, The USB expansion module is used for expanding a host USB downlink port for external USB equipment to access, and the uplink end of the USB expansion module is connected with the port switching module; the device detection module is connected with the USB expansion module and is used for capturing an access signal of external USB equipment and processing the access signal; the type judging module is connected with the equipment detecting module and is used for receiving the processed access signals and carrying out type identification on all the accessed external USB equipment; The port switching module is respectively connected with the type judging module and the host USB interface and is used for controlling the on-off of the USB expansion module and the host USB interface according to the identification result of the type judging module so as to conduct safety control. A second aspect of the present application provides a method for managing and controlling enterprise-level zero-trust USB access security, where the method is applied to any one of the enterprise-level zero-trust security hubs provided in the first aspect of the present application, and the method includes: the device detection module captures an access signal of external device of the USB downlink port in real time, processes the access signal and transmits the processed access signal to the type judgment module; The type judging module receives the processed access signals, carries out type identification on all accessed external USB devices and judges whether storage type or communication type USB devices exist or not; and the port switching module controls the on-off state of the USB expansion module and the USB interface of the host according to the identification result of the type judging module. The application provides an enterprise-level zero-trust security hub and a USB access security manag