In order to protect the internal data against the cyberthreats from the Internet, corporations mostly enforce the network isolation policy. Based on USB storage media control with a centralized management system, USB devices can be managed through a whitelist and permission access mechanism. In sight of the whitelist is based on the serial number of the hardware device, and that, those device serial numbers can be manually burned. What's more, a fake whitelisted USB device can be used to access internal computers legally. The research integrates the application of Self-Certified scheme, Elliptic Curve Cryptography and Random Knapsack mechanism, to ensure that the internal USB devices and computers for public use have an undeniable digital identity, constructing a USB access control system with Identity Verification. Besides, the administrator manages the authorization information and audit records of all internal computers and USB devices. Moreover, users can apply for USB access authorization according to practical needs. With the architecture of Elliptic Curve encryption, we can strengthen data transmission security to implement device access management and online audit. Through the control mechanism combining the one-time authorization and data exchange, in this way, we can establish a flexible and high security access services with a safer and auditable operating environment.