CN102662874B - Double-interface encryption memory card and management method and system of data in double-interface encryption memory card - Google Patents
Double-interface encryption memory card and management method and system of data in double-interface encryption memory card Download PDFInfo
- Publication number
- CN102662874B CN102662874B CN201210100033.4A CN201210100033A CN102662874B CN 102662874 B CN102662874 B CN 102662874B CN 201210100033 A CN201210100033 A CN 201210100033A CN 102662874 B CN102662874 B CN 102662874B
- Authority
- CN
- China
- Prior art keywords
- radio
- key
- interfaces
- data
- writing device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a double-interface encryption memory card with a USB (universal serial bus) interface and a RFID (radio-frequency identification) interface, and a management method and system of data in the double-interface encryption memory card. The management method comprises the steps that the USB interface is used for connecting with a PC (personal computer) to carry out data reading/writing, and the RFID interface is used for receiving and sending radio-frequency signal, and receiving a security command from the radio-frequency signal; the data in the card is stored after encryption; in an initialization stage, the double-interface encryption memory card generates a data key and stores the data key; in a use state, the data key in the double-interface encryption memory card is in a null state, when a first radio-frequency reading/writing device is activated in a used area, the data key is in a usable state, and the data key is used for encrypting and decrypting the data and completing the reading/writing operation; and in a destroy stage, when the double-interface encryption memory card enters a destroy area, the destroy command sent by a second radio-frequency reading/writing device is received and executed so as to destroy the stored data key. By the adoption of the scheme disclosed by the invention, the data security and data transmission speed are improved.
Description
Technical field
The present invention relates to data processing technique, the data managing method particularly in a kind of pair of interface cryptographic storage card, a kind of pair of interface cryptographic storage card, and the data management system in a kind of pair of interface cryptographic storage card.
Background technology
In prior art; the portable memory apparatus such as USB flash disk often can be utilized to carry out data transmission quickly and easily; along with the raising of user to data security requirement and the development of technology, after losing to prevent USB flash disk, there is several guard method for data in USB flash disk in the leakage of user data.
1) software cryptography: USB flash disk itself does not have encryption function, is encrypted data by the encryption software on personal computer (PC, PersonalComputer), then the data after encryption is stored on USB flash disk.
2) file hiding USB flash disk: in USB flash disk, file is hidden file, after user passes through password authentication, ability reading and writing of files; As long as know that password just can carry out read-write operation to the file in USB flash disk, be not in fact encrypted the data stored in USB flash disk, data carry out storing with form expressly.
3) hardware encipher USB flash disk: cryptographic algorithm and ciphering process are solidificated in the steering logic of USB flash disk, completes in USB flash disk the cryptographic operation of data, does not need to carry out extra encryption and decryption operation at PC end; Similar with file hiding USB flash disk, encryption process all needs user to input correct password; But different from file hiding USB flash disk, the data in hardware encipher USB flash disk carry out storing with the form of ciphertext.
4) double-interface card is another kind of common mobile memory medium, it is the smart card integrating contact and non-contact interface, there are two operation interfaces, can by the contact of contact to the access of chip, also can be conducted interviews with RF-wise by separated by a distance, different standards is followed at two interfaces respectively, and wherein, contact interface follows ISO/IEC 7816 standard; Non-contact interface follows ISO/IEC 14443 standard, can perform identical operation by contact interface and non-contact interface, the identical data district on access card.
But all certain problem can be there is in actual applications in above-mentioned each mode, as:
For mode 1), owing to needing to carry out extra cryptographic operation to data, therefore for not too convenient user, so once user forgets is encrypted data, when USB flash disk is lost, data wherein will be revealed;
For mode 2), data wherein carry out storing with form expressly, and like this, USB flash disk is once lose, and data wherein will exist the risk of leakage;
For mode 3), although data wherein store with the form of ciphertext, data leak wherein after can preventing USB flash disk from losing, user that can not prevent rights of using, that know password deliberates the data of leaking wherein;
For mode 4), the contact communication of double-interface card adopts integrated circuit (IC, Integrate Circuit) card interface, therefore data rate can be caused very slow, be not suitable for storing mass data, and the transfer rate of non-contact interface is also nothing like the speed of USB (universal serial bus) (USB, Universal Serial Bus) interface.
Summary of the invention
In view of this, the invention provides the data managing method in a kind of pair of interface cryptographic storage card, a kind of pair of interface cryptographic storage card, and the data management system in a kind of pair of interface cryptographic storage card, security and the data rate of data can be improved.
For achieving the above object, technical scheme of the present invention is achieved in that
Data managing method in a kind of pair of interface cryptographic storage card, two interfaces cryptographic storage jig has two interfaces: general-purpose serial bus USB interface and radio frequency discrimination RFID interface, USB interface is used for being connected with personal computer PC carrying out reading and writing data, RFID interface is used for receiving and sending radiofrequency signal, from radiofrequency signal, receive security command; Store after data encryption in the cryptographic storage card of two interfaces;
Initial phase, two interfaces cryptographic storage card is connected with initialization apparatus, under the control of initialization apparatus, complete initialization, generates data key, stores;
Operational phase, after two interfaces cryptographic storage cartoon is crossed USB interface and used the PC in region to be connected, data key is in disarmed state; When receiving read request or write request from USB interface, identity verify is carried out by RFID interface and the first radio-frequency reading-writing device used in region, differentiate by rear, receive and perform first radio-frequency reading-writing device send activation command, after executing activation command, data key is in upstate, utilizes data key encryption and decryption data and completes read operation or write operation;
The destruction stage, when two interfaces cryptographic storage card enters into destroy regions, carry out identity verify by the second radio-frequency reading-writing device in RFID interface and destroy regions, differentiate by rear, receive and perform the destroy command that the second radio-frequency reading-writing device sends, destroying the data key that stores.
A kind of two interfaces cryptographic storage card, comprising: secure central processing unit CPU, Read-write Catrol CPU, radio frequency discrimination RFID interface, general-purpose serial bus USB interface, data storage area, key storage district;
Key storage district, for storing data key;
Data storage area, for the data of storage after data key encryption;
Read-write Catrol CPU, for controlling the reading and writing data of USB interface, the data after deciphering stored in data storage area, are maybe sent to USB interface by the data after encryption by the data key provided according to safe CPU;
Safe CPU, for using in region when two interfaces cryptographic storage is positioned in, when receiving read request or write request from USB interface, identity verify is carried out by RFID interface and the first radio-frequency reading-writing device used in region, differentiate by rear, receives and perform first radio-frequency reading-writing device transmission activation command, after executing activation command, access key memory block, for Read-write Catrol CPU provides data key; When two interfaces cryptographic storage card enters into destroy regions, identity verify is carried out by the second radio-frequency reading-writing device in RFID interface and destroy regions, differentiate by rear, receives and perform second radio-frequency reading-writing device send destroy command, destruction key storage district in data key.
A data management system in pair interface cryptographic storage card, comprising: initialization apparatus, personal computer PC, two interfaces cryptographic storage card, the first radio-frequency reading-writing device and the second radio-frequency reading-writing device;
Wherein, the first radio-frequency reading-writing device is arranged in and uses region, and the second radio-frequency reading-writing device is arranged in destroy regions;
Two interfaces cryptographic storage jig has two interfaces: general-purpose serial bus USB interface and radio frequency discrimination RFID interface, USB interface is used for being connected with PC carrying out reading and writing data, RFID interface is used for receiving and sending radiofrequency signal, from radiofrequency signal, receive security command, store after the data encryption in the cryptographic storage card of two interfaces;
Initialization apparatus, for carrying out initialization to two interfaces cryptographic storage card;
Two interfaces cryptographic storage card, at initial phase, is connected with initialization apparatus, under the control of initialization apparatus, completes initialization, generates data key, stores; In operational phase, be connected with the PC used in region by USB interface, data key is in disarmed state, when receiving read request or write request from USB interface, carry out identity verify by RFID interface and the first radio-frequency reading-writing device, differentiate by rear, receive and perform first radio-frequency reading-writing device send activation command, after executing activation command, data key is in upstate, utilizes data key encryption and decryption data and completes read operation or write operation; In the destruction stage, when entering into destroy regions, carrying out identity verify by RFID interface and the second radio-frequency reading-writing device, differentiating by rear, receive and perform the destroy command of the second radio-frequency reading-writing device transmission, the data key that stores of destruction;
First radio-frequency reading-writing device, for carrying out identity verify with two interfaces cryptographic storage card, differentiates by rear, sends activation command to two interfaces cryptographic storage card;
Second radio-frequency reading-writing device, for carrying out identity verify with two interfaces cryptographic storage card, differentiates by rear, sends destroy command to two interfaces cryptographic storage card.
Visible, adopt scheme of the present invention, use in region when two interfaces cryptographic storage is positioned in, when needing to carry out read operation or write operation to data wherein, only have after being used the first radio-frequency reading-writing device in region to activate, the data key stored could be utilized to complete corresponding read operation or write operation; Region is used when two interfaces cryptographic storage card leaves, when entering into destroy regions, data key in card will be destroyed, thus make two interfaces cryptographic storage card cannot carry out read operation or write operation again, and then ensure that two interfaces cryptographic storage card can only use in use region, effectively prevent leaking data, improve the security of data; In addition, two interfaces cryptographic storage cartoon can be crossed USB interface and be connected with PC, thus achieve data transmission at a high speed.
Accompanying drawing explanation
Fig. 1 is the process flow diagram of the data managing method embodiment in the cryptographic storage card of the present invention two interfaces.
Fig. 2 is the composition structural representation of the data management system embodiment in the cryptographic storage card of the present invention two interfaces.
Fig. 3 is the composition structural representation of the present invention two interfaces cryptographic storage card embodiment.
Fig. 4 is the composition structural representation of the two interface cryptographic storage card preferred embodiment of the present invention.
Embodiment
For problems of the prior art, in the present invention, provide a kind of pair of interface cryptographic storage card and data managing method wherein and system.Two interfaces cryptographic storage card possess two interfaces simultaneously, be respectively USB interface and radio-frequency (RF) identification (RFID, Radio Frequency Identification) interface, USB interface is used for being connected with PC carrying out reading and writing data, RFID interface is used for receiving and sending radiofrequency signal, from radiofrequency signal, receive security command, store after the data encryption in card.
For make technical scheme of the present invention clearly, understand, to develop simultaneously embodiment referring to accompanying drawing, the present invention program be described in further detail.
Fig. 1 is the process flow diagram of the data managing method embodiment in the cryptographic storage card of the present invention two interfaces.As shown in Figure 1, comprise the following steps:
Step 11: initial phase, two interfaces cryptographic storage card is connected with initialization apparatus, under the control of initialization apparatus, complete initialization, generates data key, stores.
At initial phase, initialization apparatus controls two interfaces cryptographic storage card and generates data key, carries out encryption and decryption operation, how to be generated as prior art, to repeat no more so that follow-up to data.Wherein, two interfaces cryptographic storage card can be connected with initialization apparatus by USB interface, also can be connected with initialization apparatus by RFID interface.
In addition, initialization apparatus also needs to obtain unique RFID mark preset in the cryptographic storage card of two interfaces, the preset overall root key of initialization apparatus is encrypted the RFID mark got, using the result after encryption as communicator key, two interfaces cryptographic storage card can from initialization apparatus obtaining communication sub-key storing, the cryptographic algorithm that initialization apparatus adopts can be the common password algorithms such as AES, DES.
After initialization completes, two interfaces cryptographic storage card enters lock-out state.
Step 12: operational phase, after two interfaces cryptographic storage cartoon is crossed USB interface and used the PC in region to be connected, data key is in disarmed state; When receiving read request or write request from USB interface, identity verify is carried out by RFID interface and the first radio-frequency reading-writing device used in region, differentiate by rear, receive and perform first radio-frequency reading-writing device send activation command, after executing activation command, data key is in upstate, utilizes data key encryption and decryption data and completes read operation or write operation.
When two interfaces cryptographic storage card receives read request or write request at every turn, first carry out identity verify with the first radio-frequency reading-writing device, differentiate by rear, receive and perform the activation command of the first radio-frequency reading-writing device transmission, specific implementation can be:
Two interfaces cryptographic storage card generates a challenge random number, utilizes communicator double secret key to challenge random number and is encrypted, and encrypted result and unencrypted RFID are identified and send to the first radio-frequency reading-writing device;
First radio-frequency reading-writing device utilizes preset overall root key to be encrypted the RFID mark received, and obtain communicator key, and the encrypted result utilizing communicator double secret key to receive is decrypted;
First radio-frequency reading-writing device utilizes communicator secret key encryption to decipher the challenge random number, activation command, the School Affairs that obtain, encrypted result is sent to two interfaces cryptographic storage card, and School Affairs deciphers the challenge random number and activation command calculating generation that obtain;
The encrypted result that cryptographic storage Cali, two interface communicator double secret key receives is decrypted, relatively decipher the challenge random number obtained whether consistent with the challenge random number sent before, if so, then calculation check and, if School Affairs is correct, then perform activation command.
Wherein, cryptographic algorithm can be the algorithms most in use such as AES, DES, and can adopt HMAC-MD5 or HMAC-SHA1 scheduling algorithm come calculation check and.
After two interfaces cryptographic storage card is activated, it will enter state of activation, usage data double secret key data could carry out encryption and decryption operation, and then realize read-write operation after being only in state of activation.
When often completing a read operation or write operation, two interfaces cryptographic storage card will revert to lock-out state, also will carry out read operation or write operation, then need to reactivate if follow-up.
Step 13: destroy the stage, when two interfaces cryptographic storage card enters into destroy regions, identity verify is carried out by the second radio-frequency reading-writing device in RFID interface and destroy regions, differentiate by rear, receive and perform the destroy command that the second radio-frequency reading-writing device sends, destroying the data key that stores.
Two interfaces cryptographic storage card and the second radio-frequency reading-writing device carry out identity verify, differentiate by rear, receive and perform the specific implementation of destroy command that the second radio-frequency reading-writing device sends can be:
Two interfaces cryptographic storage card generates a challenge random number, utilizes communicator double secret key to challenge random number and is encrypted, and encrypted result and unencrypted RFID are identified and send to the second radio-frequency reading-writing device;
Second radio-frequency reading-writing device utilizes preset overall root key to be encrypted the RFID mark received, and obtain communicator key, and the encrypted result utilizing communicator double secret key to receive is decrypted;
Second radio-frequency reading-writing device utilizes communicator secret key encryption to decipher the challenge random number, destroy command, the School Affairs that obtain, encrypted result is sent to two interfaces cryptographic storage card, and School Affairs deciphers the challenge random number and destroy command calculating generation that obtain;
The encrypted result that cryptographic storage Cali, two interface communicator double secret key receives is decrypted, relatively decipher the challenge random number obtained whether consistent with the challenge random number sent before, if, then calculation check and, if School Affairs is correct, then perform destroy command, destroy the data key stored, and destroy the communicator key stored.
Owing to not having key, therefore two interfaces cryptographic storage card can not carry out data read-write operation again, thus ensure that the security of the data in card.
In said process, in initialization apparatus, the first radio-frequency reading-writing device, the second radio-frequency reading-writing device, be all prefixed overall root key, and use the RFID mark of identical cryptographic algorithm to two interfaces cryptographic storage card to be encrypted, obtain communicator key.
It should be noted that, in actual applications, also a warning region can be set further, be provided with the 3rd radio-frequency reading-writing device in warning region, usually, be introduced into warning region, enter destroy regions more afterwards.
If after the 3rd radio-frequency reading-writing device listens to the RFID mark of any two interfaces cryptographic storage card entered in warning region, then send alarm command to warning device, warning device performs alarm command.The concrete mode that warning device carries out reporting to the police can be: audible alarm, light warning or other form.
Fig. 2 is the composition structural representation of the data management system embodiment in the cryptographic storage card of the present invention two interfaces.As shown in Figure 2, comprising: initialization apparatus, PC, two interfaces cryptographic storage card, the first radio-frequency reading-writing device and the second radio-frequency reading-writing device;
Wherein, the first radio-frequency reading-writing device is arranged in and uses region, and the second radio-frequency reading-writing device is arranged in destroy regions;
Two interfaces cryptographic storage jig has two interfaces: USB interface and RFID interface, USB interface is used for being connected with PC carrying out reading and writing data, RFID interface is used for receiving and sending radiofrequency signal, receives security command, store after the data encryption in the cryptographic storage card of two interfaces from radiofrequency signal;
Initialization apparatus, for carrying out initialization to two interfaces cryptographic storage card;
Two interfaces cryptographic storage card, at initial phase, is connected with initialization apparatus, under the control of initialization apparatus, completes initialization, generates data key, stores; In operational phase, be connected with the PC used in region by USB interface, data key is in disarmed state, when receiving read request or write request from USB interface, carry out identity verify by RFID interface and the first radio-frequency reading-writing device, differentiate by rear, receive and perform first radio-frequency reading-writing device send activation command, after executing activation command, data key is in upstate, utilizes data key encryption and decryption data and completes read operation or write operation; In the destruction stage, when entering into destroy regions, carrying out identity verify by RFID interface and the second radio-frequency reading-writing device, differentiating by rear, receive and perform the destroy command of the second radio-frequency reading-writing device transmission, the data key that stores of destruction;
First radio-frequency reading-writing device, for carrying out identity verify with two interfaces cryptographic storage card, differentiates by rear, sends activation command to two interfaces cryptographic storage card;
Second radio-frequency reading-writing device, for carrying out identity verify with two interfaces cryptographic storage card, differentiates by rear, sends destroy command to two interfaces cryptographic storage card.
Initialization apparatus can be further used for, initial phase, obtains its preset RFID and identify from the cryptographic storage card of two interfaces, and the overall root key encryption RFID utilizing self preset identifies, and encrypted result is communicator key;
Correspondingly, two interfaces cryptographic storage card can be further used for, obtaining communication sub-key from initialization apparatus, and stores;
When receiving read request or write request from USB interface, two interfaces cryptographic storage card generates a challenge random number, utilizes communicator double secret key to challenge random number and is encrypted, and encrypted result and unencrypted RFID are identified and send to the first radio-frequency reading-writing device; First radio-frequency reading-writing device utilizes preset overall root key to be encrypted the RFID mark received, and obtain communicator key, and the encrypted result utilizing communicator double secret key to receive is decrypted; First radio-frequency reading-writing device utilizes communicator secret key encryption to decipher the challenge random number, activation command, the School Affairs that obtain, encrypted result is sent to two interfaces cryptographic storage card, and School Affairs deciphers the challenge random number and activation command calculating generation that obtain; The encrypted result that cryptographic storage Cali, two interface communicator double secret key receives is decrypted, relatively decipher the challenge random number obtained whether consistent with the challenge random number sent before, if so, then calculation check and, if School Affairs is correct, then perform activation command;
When two interfaces cryptographic storage card enters into destroy regions, generate a challenge random number, utilize communicator double secret key to challenge random number and be encrypted, and encrypted result and unencrypted RFID are identified send to the second radio-frequency reading-writing device; Second radio-frequency reading-writing device utilizes preset overall root key to be encrypted the RFID mark received, and obtain communicator key, and the encrypted result utilizing communicator double secret key to receive is decrypted; Second radio-frequency reading-writing device utilizes communicator secret key encryption to decipher the challenge random number, destroy command, the School Affairs that obtain, encrypted result is sent to two interfaces cryptographic storage card, and School Affairs deciphers the challenge random number and destroy command calculating generation that obtain; The encrypted result that cryptographic storage Cali, two interface communicator double secret key receives is decrypted, relatively decipher the challenge random number obtained whether consistent with the challenge random number sent before, if so, then calculation check and, if School Affairs is correct, then perform destroy command.
In addition, also can comprise further in system shown in Figure 2: the 3rd radio-frequency reading-writing device being arranged in warning region;
3rd radio-frequency reading-writing device, for entering into warning region when two interfaces cryptographic storage card, after listening to the RFID mark of two interfaces cryptographic storage card, sends alarm command to warning device.
During specific implementation, multiple use region, warning region and destroy regions can be provided with, to ensure that two interfaces cryptographic storage card can only be available in Administrative Area, can not re-use once leave Administrative Area.
Fig. 3 is the composition structural representation of the present invention two interfaces cryptographic storage card embodiment.As shown in Figure 3, comprising: secure central processing unit (CPU, Central Processing Unit), Read-write Catrol CPU, RFID interface, USB interface, data storage area, key storage district.
Wherein, key storage district, for storing data key;
Data storage area, for the data of storage after data key encryption;
Read-write Catrol CPU, for controlling the reading and writing data of USB interface, the data after deciphering stored in data storage area, are maybe sent to USB interface by the data after encryption by the data key provided according to safe CPU;
Safe CPU, for using in region when two interfaces cryptographic storage is positioned in, when receiving read request or write request from USB interface, identity verify is carried out by RFID interface and the first radio-frequency reading-writing device used in region, differentiate by rear, receives and perform first radio-frequency reading-writing device transmission activation command, after executing activation command, access key memory block, for Read-write Catrol CPU provides data key; When two interfaces cryptographic storage card enters into destroy regions, identity verify is carried out by the second radio-frequency reading-writing device in RFID interface and destroy regions, differentiate by rear, receives and perform second radio-frequency reading-writing device send destroy command, destruction key storage district in data key.
Physically, safe CPU and Read-write Catrol CPU can be same CPU or two different CPU.
When safe CPU and Read-write Catrol CPU is two different CPU, be connected by bus between them.
In actual applications, safe CPU can adopt the SLE 66CLX800PE chip of company of Infineon to realize, SLE 66CLX800PE chip has contactless near field communication interface and supports ISO 7816 agreement, the cryptographic algorithm such as DES, 3DES, RSA, ECC can be realized, therefore, this chip can realize safe CPU, key storage district and RFID interface integrated.Such as; SLE 66CLX800PE chip can use 3DES algorithm to utilize root key to protect the communication between two interfaces cryptographic storage card and all radio-frequency reading-writing devices; meanwhile, SLE 66CLX800PE chip has solid-state FLASH storage space, can as key storage district.
Read-write Catrol CPU can adopt the ST7267 chip of STMicw Electronics to realize, and ST7267 chip has USB 2.0 interface and Embedded 8bit CPU, the polytype mass-memory unit of Supporting connectivity, and supports to carry out correspondence with foreign country by ISO 7816 agreement.
Data storage area can adopt the NAND Flash K9MDG08U5M chip of Samsung to realize, and supports 128G massive store.
Fig. 4 is the composition structural representation of the two interface cryptographic storage card preferred embodiment of the present invention.ISO 7816 agreement is adopted to communicate between SLE66CLX800PE chip and ST7267 chip, CPU in ST7267 chip can realize multiple enciphering and deciphering algorithm, to carry out encryption and decryption to the data in K9MDG08U5M chip, when carrying out encryption and decryption, required key obtains by the communication with SLE 66CLX800PE chip.
In addition, the first radio-frequency reading-writing device needs to support 13.56MHz frequency and ISO 15693 agreement, is responsible for sending activation command, and only have after two interfaces cryptographic storage card is activated, ST7267 chip could obtain data key and carry out encryption and decryption operation; Second radio-frequency reading-writing device needs to support 13.56MHz frequency and ISO 15693 agreement equally, be responsible for sending destroy command, correspondingly, SLE 66CLX800PE chip can delete data key and root key from solid-state Flash storage space, like this, the encrypt data in K9MDG08U5M chip can not be decrypted again.
These are only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment made, equivalent replacement, improvement etc., all should be included within the scope of protection of the invention.
Claims (8)
1. the data managing method in two interfaces cryptographic storage card, it is characterized in that, two interfaces cryptographic storage jig has two interfaces: general-purpose serial bus USB interface and radio frequency discrimination RFID interface, USB interface is used for being connected with personal computer PC carrying out reading and writing data, RFID interface is used for receiving and sending radiofrequency signal, from radiofrequency signal, receive security command; Store after data encryption in the cryptographic storage card of two interfaces;
Initial phase, two interfaces cryptographic storage card is connected with initialization apparatus, under the control of initialization apparatus, complete initialization, generates data key, stores; Comprise further: initialization apparatus obtains its preset RFID and identifies from the cryptographic storage card of two interfaces, and the overall root key encryption RFID utilizing self preset identifies, encrypted result is communicator key, two interfaces cryptographic storage card obtaining communication sub-key storing from initialization apparatus;
Operational phase, after two interfaces cryptographic storage cartoon is crossed USB interface and used the PC in region to be connected, data key is in disarmed state; When receiving read request or write request from USB interface, communicator key is utilized to carry out identity verify by RFID interface and the first radio-frequency reading-writing device used in region, differentiate by rear, receive and perform first radio-frequency reading-writing device send activation command, after executing activation command, data key is in upstate, utilizes data key encryption and decryption data and completes read operation or write operation;
The destruction stage, when two interfaces cryptographic storage card enters into destroy regions, communicator key is utilized to carry out identity verify by the second radio-frequency reading-writing device in RFID interface and destroy regions, differentiate by rear, receive and perform the destroy command that the second radio-frequency reading-writing device sends, destroying the data key that stores.
2. method according to claim 1, is characterized in that,
Described pair of interface cryptographic storage card and the first radio-frequency reading-writing device utilize communicator key to carry out identity verify, differentiate by rear, receive and perform first radio-frequency reading-writing device send activation command comprise:
Two interfaces cryptographic storage card generates a challenge random number, utilizes communicator double secret key to challenge random number and is encrypted, and encrypted result and unencrypted RFID are identified and send to the first radio-frequency reading-writing device;
First radio-frequency reading-writing device utilizes preset overall root key to be encrypted the RFID mark received, and obtain communicator key, and the encrypted result utilizing communicator double secret key to receive is decrypted;
First radio-frequency reading-writing device utilizes communicator secret key encryption to decipher the challenge random number, activation command, the School Affairs that obtain, encrypted result is sent to two interfaces cryptographic storage card, and School Affairs deciphers the challenge random number and activation command calculating generation that obtain;
The encrypted result that cryptographic storage Cali, two interface communicator double secret key receives is decrypted, relatively decipher the challenge random number obtained whether consistent with the challenge random number sent before, if so, then calculation check and, if School Affairs is correct, then perform activation command;
Described pair of interface cryptographic storage card and the second radio-frequency reading-writing device utilize communicator key to carry out identity verify, differentiate by rear, receive and perform second radio-frequency reading-writing device send destroy command comprise:
Two interfaces cryptographic storage card generates a challenge random number, utilizes communicator double secret key to challenge random number and is encrypted, and encrypted result and unencrypted RFID are identified and send to the second radio-frequency reading-writing device;
Second radio-frequency reading-writing device utilizes preset overall root key to be encrypted the RFID mark received, and obtain communicator key, and the encrypted result utilizing communicator double secret key to receive is decrypted;
Second radio-frequency reading-writing device utilizes communicator secret key encryption to decipher the challenge random number, destroy command, the School Affairs that obtain, encrypted result is sent to two interfaces cryptographic storage card, and School Affairs deciphers the challenge random number and destroy command calculating generation that obtain;
The encrypted result that cryptographic storage Cali, two interface communicator double secret key receives is decrypted, relatively decipher the challenge random number obtained whether consistent with the challenge random number sent before, if so, then calculation check and, if School Affairs is correct, then perform destroy command.
3. method according to claim 1 and 2, is characterized in that, the method comprises further:
When two interfaces, cryptographic storage card enters into warning region, and after the 3rd radio-frequency reading-writing device listens to the RFID mark of two interfaces cryptographic storage card, send alarm command to warning device, warning device performs alarm command.
4. two interfaces cryptographic storage card, is characterized in that, comprising: secure central processing unit CPU, Read-write Catrol CPU, radio frequency discrimination RFID interface, general-purpose serial bus USB interface, data storage area, key storage district;
Key storage district, for storing data key and communicator key;
Data storage area, for the data of storage after data key encryption;
Read-write Catrol CPU, for controlling the reading and writing data of USB interface, the data after deciphering stored in data storage area, are maybe sent to USB interface by the data after encryption by the data key provided according to safe CPU;
Safe CPU, for using in region when two interfaces cryptographic storage is positioned in, when receiving read request or write request from USB interface, communicator key is utilized to carry out identity verify by RFID interface and the first radio-frequency reading-writing device used in region, differentiate by rear, receives and perform first radio-frequency reading-writing device transmission activation command, after executing activation command, access key memory block, for Read-write Catrol CPU provides data key; When two interfaces cryptographic storage card enters into destroy regions, communicator key is utilized to carry out identity verify by the second radio-frequency reading-writing device in RFID interface and destroy regions, differentiate by rear, receive and perform the destroy command that the second radio-frequency reading-writing device sends, destroying the data key in key storage district.
5. according to claim 4 pair of interface cryptographic storage card, is characterized in that, physically, safe CPU and Read-write Catrol CPU are same CPU or two different CPU.
6. the data management system in the cryptographic storage card of two interfaces, is characterized in that, comprising: initialization apparatus, personal computer PC, two interfaces cryptographic storage card, the first radio-frequency reading-writing device and the second radio-frequency reading-writing device;
Wherein, the first radio-frequency reading-writing device is arranged in and uses region, and the second radio-frequency reading-writing device is arranged in destroy regions;
Two interfaces cryptographic storage jig has two interfaces: general-purpose serial bus USB interface and radio frequency discrimination RFID interface, USB interface is used for being connected with PC carrying out reading and writing data, RFID interface is used for receiving and sending radiofrequency signal, from radiofrequency signal, receive security command, store after the data encryption in the cryptographic storage card of two interfaces;
Initialization apparatus, for carrying out initialization to two interfaces cryptographic storage card; And from the cryptographic storage card of two interfaces, obtain its preset RFID identify, and the overall root key encryption RFID utilizing self preset identifies, encrypted result is communicator key;
Two interfaces cryptographic storage card, at initial phase, is connected with initialization apparatus, under the control of initialization apparatus, completes initialization, generate data key, store, and from initialization apparatus obtaining communication sub-key, store; In operational phase, be connected with the PC used in region by USB interface, data key is in disarmed state, when receiving read request or write request from USB interface, utilize communicator key to carry out identity verify by RFID interface and the first radio-frequency reading-writing device, differentiate by rear, receive and perform first radio-frequency reading-writing device send activation command, after executing activation command, data key is in upstate, utilizes data key encryption and decryption data and completes read operation or write operation; In the destruction stage, when entering into destroy regions, utilizing communicator key to carry out identity verify by RFID interface and the second radio-frequency reading-writing device, differentiating by rear, receive and perform the destroy command that the second radio-frequency reading-writing device sends, destroying the data key that stores;
First radio-frequency reading-writing device, for carrying out identity verify with two interfaces cryptographic storage card, differentiates by rear, sends activation command to two interfaces cryptographic storage card;
Second radio-frequency reading-writing device, for carrying out identity verify with two interfaces cryptographic storage card, differentiates by rear, sends destroy command to two interfaces cryptographic storage card.
7. system according to claim 6, is characterized in that,
When receiving read request or write request from USB interface, two interfaces cryptographic storage card generates a challenge random number, utilizes communicator double secret key to challenge random number and is encrypted, and encrypted result and unencrypted RFID are identified and send to the first radio-frequency reading-writing device; First radio-frequency reading-writing device utilizes preset overall root key to be encrypted the RFID mark received, and obtain communicator key, and the encrypted result utilizing communicator double secret key to receive is decrypted; First radio-frequency reading-writing device utilizes communicator secret key encryption to decipher the challenge random number, activation command, the School Affairs that obtain, encrypted result is sent to two interfaces cryptographic storage card, and School Affairs deciphers the challenge random number and activation command calculating generation that obtain; The encrypted result that cryptographic storage Cali, two interface communicator double secret key receives is decrypted, relatively decipher the challenge random number obtained whether consistent with the challenge random number sent before, if so, then calculation check and, if School Affairs is correct, then perform activation command;
When two interfaces cryptographic storage card enters into destroy regions, generate a challenge random number, utilize communicator double secret key to challenge random number and be encrypted, and encrypted result and unencrypted RFID are identified send to the second radio-frequency reading-writing device; Second radio-frequency reading-writing device utilizes preset overall root key to be encrypted the RFID mark received, and obtain communicator key, and the encrypted result utilizing communicator double secret key to receive is decrypted; Second radio-frequency reading-writing device utilizes communicator secret key encryption to decipher the challenge random number, destroy command, the School Affairs that obtain, encrypted result is sent to two interfaces cryptographic storage card, and School Affairs deciphers the challenge random number and destroy command calculating generation that obtain; The encrypted result that cryptographic storage Cali, two interface communicator double secret key receives is decrypted, relatively decipher the challenge random number obtained whether consistent with the challenge random number sent before, if so, then calculation check and, if School Affairs is correct, then perform destroy command.
8. the system according to claim 6 or 7, is characterized in that, this system comprises further: the 3rd radio-frequency reading-writing device being arranged in warning region;
3rd radio-frequency reading-writing device, for entering into warning region when two interfaces cryptographic storage card, after listening to the RFID mark of two interfaces cryptographic storage card, sends alarm command to warning device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210100033.4A CN102662874B (en) | 2012-04-06 | 2012-04-06 | Double-interface encryption memory card and management method and system of data in double-interface encryption memory card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210100033.4A CN102662874B (en) | 2012-04-06 | 2012-04-06 | Double-interface encryption memory card and management method and system of data in double-interface encryption memory card |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102662874A CN102662874A (en) | 2012-09-12 |
| CN102662874B true CN102662874B (en) | 2015-06-10 |
Family
ID=46772370
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210100033.4A Expired - Fee Related CN102662874B (en) | 2012-04-06 | 2012-04-06 | Double-interface encryption memory card and management method and system of data in double-interface encryption memory card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102662874B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103455768B (en) * | 2013-08-26 | 2016-04-13 | 中国科学院数据与通信保护研究教育中心 | A kind of USB method for secure storing and system |
| CN103678994B (en) * | 2013-12-05 | 2017-01-11 | 中国科学院数据与通信保护研究教育中心 | USB encrypted storage method and USB encrypted storage system with environment control function |
| CN104680054A (en) * | 2015-02-11 | 2015-06-03 | 成都布林特信息技术有限公司 | RFID (radio frequency identification devices) data processing method |
| CN104636652A (en) * | 2015-02-11 | 2015-05-20 | 成都布林特信息技术有限公司 | Information processing method based on radio frequency identification |
| CN107395340A (en) | 2017-06-14 | 2017-11-24 | 云丁网络技术(北京)有限公司 | Data transmission method, apparatus and system |
| CN111123819B (en) * | 2019-12-04 | 2021-08-03 | 山西诚鹏科技开发有限公司 | PLC operation data recording method based on master-slave station communication mode |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1516062A (en) * | 2003-01-09 | 2004-07-28 | 北京握奇数据系统有限公司 | Double-interface electronic key |
| CN201229570Y (en) * | 2008-07-18 | 2009-04-29 | 北京中科联众科技有限公司 | Mobile hard disc data protection apparatus |
| CN101667163A (en) * | 2009-10-19 | 2010-03-10 | 北京华大智宝电子系统有限公司 | Encrypting and authenticating equipment with dual safety chips |
| CN101859283A (en) * | 2010-03-22 | 2010-10-13 | 吴欣延 | Method for controlling built-in radio frequency identification (RFID) encrypted solid-state hard disk |
-
2012
- 2012-04-06 CN CN201210100033.4A patent/CN102662874B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1516062A (en) * | 2003-01-09 | 2004-07-28 | 北京握奇数据系统有限公司 | Double-interface electronic key |
| CN201229570Y (en) * | 2008-07-18 | 2009-04-29 | 北京中科联众科技有限公司 | Mobile hard disc data protection apparatus |
| CN101667163A (en) * | 2009-10-19 | 2010-03-10 | 北京华大智宝电子系统有限公司 | Encrypting and authenticating equipment with dual safety chips |
| CN101859283A (en) * | 2010-03-22 | 2010-10-13 | 吴欣延 | Method for controlling built-in radio frequency identification (RFID) encrypted solid-state hard disk |
Non-Patent Citations (1)
| Title |
|---|
| 林立峰.《论双界面卡的应用现状及其发展趋势》.《建设事业IC卡应用技术与发展》.2003, * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102662874A (en) | 2012-09-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101562040B (en) | Data processing method of high-security mobile memory | |
| CN102662874B (en) | Double-interface encryption memory card and management method and system of data in double-interface encryption memory card | |
| CN101176125B (en) | Implementation of an integrity-protected secure storage | |
| CN103415855A (en) | Mass storage device memory encryption methods, systems, and apparatus | |
| CN103678994B (en) | USB encrypted storage method and USB encrypted storage system with environment control function | |
| CN108345782B (en) | Intelligent hardware safety carrier | |
| CN103782538A (en) | Authenticator | |
| CN102156843B (en) | Data encryption method and system as well as data decryption method | |
| CN104200156A (en) | Trusted cryptosystem based on Loongson processor | |
| CN101103404A (en) | Method and portable storage device for allocating secure area in insecure area | |
| US10027639B2 (en) | IC chip performing access control based on encrypted ID | |
| CN201590091U (en) | Encryption type memory card read/write device based on password authentication | |
| CN101770559A (en) | Data protecting device and data protecting method | |
| CN201185082Y (en) | Mobile memory with high safety | |
| CN103455768B (en) | A kind of USB method for secure storing and system | |
| CN103606223A (en) | Card authentication method and device | |
| CN104700125A (en) | AES encryption and verification of ultra high frequency radio identification system | |
| CN104346586A (en) | Self-destructive data protection storage device and self-destructive data protection method | |
| US20180144347A1 (en) | Component for provisioning security data and product including the same | |
| CN102750557B (en) | RF (Radio Frequency) card read-write system | |
| CN114785503B (en) | Cipher card, root key protection method thereof and computer readable storage medium | |
| CN103324970B (en) | The receiving/transmission method of a kind of RFID of highly effective and safe and system thereof | |
| CN106778939A (en) | Electronic tag sensor-based system | |
| CN108921561B (en) | Digital hot wallet based on hardware encryption | |
| CN102129535A (en) | Encryption method of nonvolatile computer system based on hardware and computer |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150610 Termination date: 20200406 |