针对当前安全防护方案在应对USB硬件木马、Bad USB、总线窃听等新型攻击技术方面的不足,设计了一种与设备种类无关的USB安全连接方案。方案通过扩展标准设备请求,在USB连接建立过程中由集线器驱动程序与USB设备框架驱动进行双向认证与密钥协商,在数据传输过程中由USB总线驱动与USB设备框架驱动对I/O请求进行过滤加解密,实现了独立于设备种类的USB接入与传输安全。实验结果表明,方案可为信息系统构建安全封闭的USB连接,解决因USB接口引入的安全隐患。 In view of the shortcomings of the current security protection solutions such as USB hardware Trojans, Bad USB, bus eavesdropping and other new attack technologies, a USB security connection scheme that is independent of the device type is designed. By extending standard device requests, the protocol is bi-directionally authenticated and key-negotiated by the hub driver and the USB device frame driver during the USB connection setup. The USB bus driver and the USB device driver are used to perform I / O requests during the data transfer Filter encryption and decryption, to achieve a USB device independent of the type of access and transmission security. The experimental results show that the scheme can construct a secure and closed USB connection for information system and solve the security risk introduced by the USB interface.