CN103714276B - The system of connected equipment framework, mobile platform and the user authentication for safety - Google Patents

The system of connected equipment framework, mobile platform and the user authentication for safety Download PDF

Info

Publication number
CN103714276B
CN103714276B CN201310454739.5A CN201310454739A CN103714276B CN 103714276 B CN103714276 B CN 103714276B CN 201310454739 A CN201310454739 A CN 201310454739A CN 103714276 B CN103714276 B CN 103714276B
Authority
CN
China
Prior art keywords
safety element
host
processor
interface
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310454739.5A
Other languages
Chinese (zh)
Other versions
CN103714276A (en
Inventor
文森特·塞德里克·科尔诺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Koninklijke Philips NV
Original Assignee
Koninklijke Philips Electronics NV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US13/632,870 external-priority patent/US9495524B2/en
Application filed by Koninklijke Philips Electronics NV filed Critical Koninklijke Philips Electronics NV
Publication of CN103714276A publication Critical patent/CN103714276A/en
Application granted granted Critical
Publication of CN103714276B publication Critical patent/CN103714276B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The present invention relates to the systems of connected equipment framework, mobile platform and user authentication for safety.The connected equipment framework of the present invention includes:User input equipment and the host-processor for being conductively coupled to main safety element.Main safety element includes processor, memory and logic unit, and main safety element at least controls the user of handheld terminal to input, to ensure the safety of the user authentication based on PIN inputs.PIN code is directly inputted in main safety element, and host-processor can not possibly intercept and capture PIN code or malicious software program and can not possibly be injected into PIN code in main safety element.

Description

The system of connected equipment framework, mobile platform and the user authentication for safety
Technical field
The present invention relates to the systems of a kind of connected equipment framework, mobile platform and user authentication for safety.
U.S. Patent application (the application number that on October 1st, 2012 submits:US13/632,907, denomination of invention:Verification has Safety input and the transaction of non-security output) it is all incorporated by reference herein.
U.S. Patent application (the application number that on October 1st, 2012 submits:US13/632,932, denomination of invention:It is defeated with safety Enter without inputting PIN code to verify transaction) it is all incorporated by reference herein.
Background technology
Mobile platform or connected equipment such as smart mobile phone, PC, tablet computer and intelligent electric meter, are integrated with peace Full element is to be authenticated platform, so as to protect the authentication information of user or ensure the safety of transaction.Safety element is typically High tamper resistant device provides the performing environment for the safety isolated with host-processor.Safety element can be integrated into various In the element of form, for example, SIM card, SD card or compact package (embedded-type security member on a printed circuit is directly connected to Part).
The operation that the function of activation equipment or verification are related to equipment usually requires user and is authenticated by safety element.It is logical Often, user directly inputs PIN on the touchscreen or on the keyboard of equipment.The PIN of input is sent to peace by host-processor Full element, host-processor are located in open, non-security environment.Since user equipment is typically connected to one or more nets Network, so user equipment can be intercepted and captured the malware infection of the PIN of user.
Safety element is integrated into the mobile handheld terminal or PC for example controlled by host-processor.Safety element is typically Slave device (slave device), it is impossible to which it is by input by user or inputted by Malware to distinguish PIN.In both feelings Under condition, safety element receives identical order from host-processor.In typical mobile handheld terminal framework, in physical keyboard PIN is inputted on the upper or dummy keyboard of touch-screen.User's input is the host-processor under the control of host-processor always Cause security breaches.It is software solution usually to the solution of loophole, may or may not special by hardware It levies to attempt to input PIN to operate, be run including the PIN of keyboard and display driver inputs operation and on host-processor Other operation isolations.The various technologies of processing isolation or virtualization establish safe environment, which is not usually Anti-tamper, and the complexity of required software architecture would generally be increased.A kind of embodiment of this technology is 2011 The TEE (credible performing environment) that year is proposed for 2 months by global platform in TEE white paper, entire contents are combined by quoting Herein, including following content:
TEE is the independent performing environment run parallel with the operating system (Rich OS) enriched, and is carried for a variety of environment For the service of safety.What TEE was provided, which performs space, has the security than abundant operating system higher level, but without safety Element (SE) safety, the security that TEE is provided are sufficient for most of applications.In this way, TEE is realized than abundant operation system System has higher security, and has lower cost than safety element.
The connected equipment framework 100 (such as mobile handheld terminal framework) of the prior art is shown in Fig. 1.Display 110 and keyboard 120 (keyboard 120 can be physical keyboard or dummy keyboard) be connected to host-processor 130 and safety element (SE) 150 and user identification module (SIM) 140.User identification module 140 is safety element, generally comprises the world Mobile user identification (IMSI) and the association key for carrying out authentication to user over the mobile network.Safety element 150 and user identification module 140 safely store application program, such as mobile wallet application program.Pass through two passwords To protect safety element 150 and user identification module 140:General purpose personal identification number (PIN) and for PIN unlock Personal unblocking code (PUK).When safety element 150 or user identification module 140 ask PIN, host-processor 130 can To notify user that it is to run in the secure mode by showing safety instruction, safety instruction is, for example, to be pre-selected by user , the name or selected photo thumbnail of all mothers in this way.Although safety instruction provide the user valuable instruction, But it does not ensure that the PIN that safety element 150 receives is by input by user.
The content of the invention
The present invention proposes a kind of connected equipment framework, including:It is conductively coupled to the host of main safety element;And user Input equipment, the user's input equipment are directly conductively coupled to main safety element, so that being used by the control of main safety element for safety User's input of family certification.
Description of the drawings
Fig. 1 shows the connected equipment framework of the prior art.
Fig. 2A is shown according to an embodiment of the invention.
Fig. 2 B are shown according to an embodiment of the invention.
Fig. 3 is shown according to an embodiment of the invention.
Fig. 4 shows the alphanumeric keyboard of the prior art.
Fig. 5 A are shown according to an embodiment of the invention.
Fig. 5 B are shown according to an embodiment of the invention.
Fig. 6 is shown according to an embodiment of the invention.
Fig. 7 is shown according to an embodiment of the invention.
Specific embodiment
According to the present invention, connected equipment framework 100 shown in FIG. 1 is had modified.As shown in Figure 2 A, according to the present invention In one embodiment, when the safety input of such as user PIN is requested, connected equipment framework 200 is the control to keyboard 220 System gives main safety element (MSE) 250.When main safety element 250 asks PIN inputs from user, keyboard 220 is by main safety member Part 250 controls completely.It is operated for all non-security inputs, keyboard 220 is maintained under the control of host-processor 230.By The PIN that main safety element 250 receives will not be intercepted and captured by host-processor 230.According to the present invention, because only that user knows PIN, And only user can input PIN or other input safely such as password, so user passes through certification.By means of safety indicator 215, user is usually very vigilance to the mode of operation of connected equipment framework 200, and wherein safety indicator 215 is by main peace What full element 250 directly controlled, to prevent from inputting PIN under non-security mode.Safety indicator 215 for example can be luminous two Pole pipe or the mask layer polarized or the colour filter being integrated into display 210, activate safety indicator 215 to notify user's phase Even equipment framework 200 just operate in the secure mode, keyboard 220 be under the control of main safety element 250 rather than Under the control of host-processor 230.
As shown in Figure 2 A, according to one embodiment of present invention, connected equipment framework 200 is it may also be ensured that example Such as the safety of other safety elements input PIN of SIM card 240.The application program run in SIM card 240 only receives to pass through single line The PIN that agreement (SWP) is inputted from main safety element 250.Main safety element 250 become host-processor 230 trusted-extension or Security extension, for inputting relevant all operations with PIN, main safety element 250 provides anti-for connected equipment framework 200 The safety guarantee distorted.
As shown in Figure 2 B, according to one embodiment of present invention, when the safety input of such as user PIN is requested When, connected equipment framework 205 is giving the control of touch-screen 218 main safety element (MSE) 250.When main safety element 250 When asking PIN inputs from user, touch-screen 218 is controlled completely by main safety element 250.It is operated for all non-security inputs, Touch-screen 218 is maintained under the control of host-processor 230.The PIN received by main safety element 250 will not be by host process Device 230 is intercepted and captured.According to the present invention, because only that user knows PIN, and only user can input PIN or other safety are defeated Enter such as password, so user passes through certification.By means of safety indicator 215, user is usually to the behaviour of connected equipment framework 200 It is very vigilance as state, wherein safety indicator 215 is directly controlled by main safety element 250, to prevent for example non- PIN is inputted under safe mode.Safety indicator 215 for example can be the mask layer of light emitting diode or polarization or be integrated into aobvious Show the colour filter in device 210, activation safety indicator 215 is to notify equipment framework 200 that user is connected just in the secure mode Operation, touch-screen 218 is under the control of main safety element 250 rather than under the control of host-processor 230.
With reference to shown in Fig. 2 B, according to one embodiment of present invention, the device architecture 205 of connection may also be ensured that To the safety of other safety elements input PIN of such as SIM card 240.The application program run in SIM card 240 only passes through list Wire protocol (SWP) receives PIN inputs from main safety element 250.Main safety element 250 becomes the credible expansion of host-processor 230 Exhibition or security extension, for inputting relevant all operations with PIN, main safety element 250 provides for connected equipment framework 200 Anti-tamper safety guarantee.
In addition, the connected equipment framework 205 in Fig. 2 B provides communication capacity, such as main safety element 250 and outside Near field communications capability between safety element 255.In general, external safety element 255 can be have NFC abilities non-contact Formula smart card or with NFC abilities other movement equipment a part.Main safety element 250 is pacified PIN by NFC Complete to be input in external safety element 255, main safety element 250 becomes the safe pivot that external safety element is transmitted Knob.
According to the present invention, main safety element 250 allows embedded-type security application program that user is at least controlled to input and connect The communication interface of other safety elements (for example, SIM card 240).Main safety element 250 provides general security context, supports to move The security service of non-physical in dynamic equipment, such as bank card, mobile wallet, mobile sale point, virtual SIM, authentication token, number Word copyright management, automatic ticket inspection etc..Because the PIN code intercepted and captured by Malware cannot enter main safety element 250, therefore main Machine processor 230 is simultaneously not required integrated security feature, such as process isolation, virtualization, and safety instruction etc. protects PIN to input Journey.Main safety element 250 ensures that by PIN input by user keyboard 220 or touch-screen 218 can only be come from.
Fig. 3 shows safe PIN input processes according to an embodiment of the invention.In the step 310, main safety element 250 ask user to provide PIN by host-processor 230.In step 320, host-processor 230 activates display 210, with PIN input fields are shown to user.In a step 330, user confirms that safety indicator 215 is activated, and uses touch-screen 218 (or keyboard 220) inputs PIN*, and touch-screen 218 (or keyboard 220) is directly connected to main safety element 250.In step 340, Main safety element 250 is defeated using keyboard 220 or touch-screen 218 with user by the PIN being securely stored in main safety element 250 The PIN* entered is compared.If PIN is equal to PIN*, user passes through certification.It note that only user and main safety element 250 can access correct PIN.If PIN* input by user is different from the PIN being stored in main safety element 250, use Family will not be by certification, and merchandises and be terminated.It note that if keyboard 220 or touch-screen 218 support letter, number P1N can be easy to be replaced by password.Keyboard 420 shown in Fig. 4 is an example of the keyboard for supporting number and letter.
As shown in Figure 5A, according to one embodiment of present invention, main safety element 500 includes being conductively coupled to memory 520th, the processor of host-processor interface 570 and SIM interface 560 (CPU) 510.Keyboard interface 530 and it is connected to host process The keyboard interface 550 of device is conductively coupled to multiplexer (MUX) 540, and multiplexer 540 is conductively coupled to CPU510.Multichannel is answered It is controlled with device 540 and (being connected by safety indicator interface 555) safety indicator 215 by application program (APP) 525, it should It is run and is stored in memory 520 (referring to Fig. 2A -2B and Fig. 5 A-5B) in main safety element 250 with program 525.It is logical Control multiplexer 540 is crossed, is stored in the application program 525 run in memory 520 and on CPU510, it is suitable as needed Locality will be redirected to from the user of keyboard interface 530 input to be connected to the keyboard interface 550 of host-processor or resets To CPU510.
It is defeated for multiple point touching and gesture that for example main safety element 250 of main safety element can integrate complete driver Enter or reduced driver can be integrated, single-touch input is only supported for PIN or Password Input operation.
Except PIN or Password Input, the connected equipment framework 205 of the present invention according to Fig. 5 B is not equipped with key Disk 220, and touch-screen 218 (for example, the touch-screen used in smart mobile phone) is equipped with, such as can be according to the gesture of finger Or handwritten signature is authenticated user using biometric discrimination method.It should be noted that touch-screen 218 can serve as virtually Keyboard allows PIN and Password Input.
In figure 5B it is shown according to one embodiment of present invention in, main safety element 505 includes processor (CPU) 510, processor (CPU) 510 is conductively coupled to memory 520, host-processor interface 570 and SIM interface 560.Touch screen interface 531 are conductively coupled to multiplexer (MUX) 540, multiplexer 540 with the touch screen interface 551 for being connected to host-processor It is conductively coupled to CPU510.Multiplexer 540 and (being connected by safety indicator interface 555) safety indicator 215 are by answering Controlled with program 525, application program 525 run in main safety element 250 and be stored in memory 520 (referring to Fig. 2A- 2B and Fig. 5 A-5B).By controlling multiplexer 540, the application journey run in memory 520 and on CPU510 is stored in Sequence 525 will be redirected to from the user of touch screen interface 531 input be connected to touching for host-processor as suitably desired Touch screen interface 551 is redirected to CPU510.In addition, NFC interface 590, is typically radio-frequency front-end, is directly connected to main safety The CPU510 of element 505.Main safety element 505 plays the role of safe NFC controller.
Fingerprint sensor or other suitable biometric sensors can optionally be embedded in the equipment framework of connection In 200 and 205, to be authenticated to user.In main safety element 600 directly to sensor provide bio-identification template into Row verification is (referring to Fig. 6).
In figure 6 it is shown according to one embodiment of present invention in, main safety element 600, which includes being electrically connected to multichannel, answers With the touch screen interface 630 of device 640.In addition, the touch screen interface 650 for being connected to host-processor is electrically connected to multiplexer 640, multiplexer 640 is electrically connected to CPU610.CPU610 is also connected electrically to memory 620, host-processor interface 670, NFC interface 615, SIM interface 660, safety indicator interface 655 and optional fingerprint sensor interface 605.Pass through control Multiplexer 640 is stored in the application program 625 run in memory 620 and on CPU610, as suitably desired will User's input from touch screen interface 630 is redirected to the touch screen interface 650 for being connected to host-processor or redirects To CPU610.Application program 625 also controls safety indicator 215 by safety indicator interface 655.
Under normal conditions, in order to verification purpose, it is necessary to more powerful CPU handles handwritten signature 610, finger gesture or Fingerprint template.These inputs and PIN inputs can be by main safety element 600 or the processing in real time of main safety element 500 or by leading Safety element 600 or 500 encrypting and transmitting of main safety element are handled (with reference to Fig. 7) to back-end server 710.For example, these are defeated Back-end server 710 can be sent to or if the data connection to back-end server 710 is temporary in real time with PIN inputs by entering When it is unavailable if, these input and PIN input can be stored in memory 620 or memory 520, after being respectively used to Back-end server 710 verified.
Fig. 7 shows the connection structure 700 with back-end server 710 according to one embodiment of present invention. Arrow 1,2 and 3 represents secure connection.Application program 525 is run on MSE750, and main safety element 750 is safely connected to touch It touches screen 218, back-end server 710 and safety such as smart card or other mobile platforms is safely connected to by NFC connections Element 255.All security features are all handled by main safety element 750.It note that main safety element 750 and back-end server Communication between 710 is encrypted, to provide the end to end connection of safety.
Although the present invention is described with reference to specific embodiment, but it is clear that those skilled in the art, Many alternative solutions, modification and change programme can be obtained as described above.Therefore, it is contemplated that comprising all Other such alternative solutions, modification and change programme, these schemes both fall within the spirit and model of the appended claims Within enclosing.

Claims (19)

1. a kind of connected equipment framework, which is characterized in that including:
It is conductively coupled to the host-processor of main safety element;
User input equipment, the user's input equipment are directly conductively coupled to main safety element, so that recognizing for being used for secured user The user of card inputs operation, and user input equipment is controlled completely by main safety element;And
SIM card, is conductively coupled to host-processor and main safety element, and the SIM card only receives to carry out the user of autonomous safety element Certification;
Wherein described main safety element is configured to that user is inputted safe other safety for being input to outside via near-field communication NFC Element.
2. connected equipment framework according to claim 1, which is characterized in that user input equipment is touch-screen.
3. connected equipment framework according to claim 1, which is characterized in that further include and be directly electrically connected to main safety member The safety indicator of part.
4. connected equipment framework according to claim 1, which is characterized in that further include and be connected to the aobvious of host-processor Show device.
5. connected equipment framework according to claim 1, which is characterized in that user's input is from including PIN and password Combination in choose.
6. connected equipment framework according to claim 1, which is characterized in that further include and be directly conductively coupled to main safety member The second user input equipment of part.
7. connected equipment framework according to claim 6, which is characterized in that second user input equipment is fingerprint sensing Device.
8. connected equipment framework according to claim 1, which is characterized in that main safety element includes:
It is conductively coupled to the CPU of memory, multiplexer and host-processor interface;
It is conductively coupled to the keyboard interface of multiplexer;And
It is conductively coupled to the keyboard interface for being connected to host-processor of multiplexer, wherein host-processor interface and is connected to The keyboard interface of host-processor is all conductively coupled to host-processor.
9. connected equipment framework according to claim 1, which is characterized in that main safety element includes:
It is conductively coupled to the CPU of memory, multiplexer and host-processor interface;
It is conductively coupled to the touch screen interface of multiplexer;And
It is conductively coupled to the touch screen interface for being connected to host-processor of multiplexer, wherein host-processor interface and connection Touch screen interface to host-processor is all conductively coupled to host-processor.
10. connected equipment framework according to claim 9, which is characterized in that main safety element, which further includes, to be conductively coupled to The fingerprint sensor interface of CPU.
11. connected equipment framework according to claim 10, which is characterized in that fingerprint sensor interface is conductively coupled to finger Line sensor.
12. connected equipment framework according to claim 9, which is characterized in that main safety element, which further includes, to be conductively coupled to The SIM interface of CPU.
13. connected equipment framework according to claim 12, which is characterized in that SIM interface is conductively coupled to SIM card.
14. connected equipment framework according to claim 9, which is characterized in that main safety element further includes NFC interface.
15. connected equipment framework according to claim 14, which is characterized in that NFC interface allows direct NFC to be connected to Contact type intelligent card.
16. connected equipment framework according to claim 1, which is characterized in that after main safety element is safely couple to Hold server.
17. a kind of mobile platform, which is characterized in that including connected equipment framework according to claim 1.
18. a kind of mobile platform, which is characterized in that including connected equipment framework according to claim 9.
19. the system of a kind of user authentication for safety, which is characterized in that including according to claim 9 connected Equipment framework and the back-end server for being safely couple to main safety element.
CN201310454739.5A 2012-10-01 2013-09-29 The system of connected equipment framework, mobile platform and the user authentication for safety Active CN103714276B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US13/632,870 2012-10-01
US13/632,870 US9495524B2 (en) 2012-10-01 2012-10-01 Secure user authentication using a master secure element

Publications (2)

Publication Number Publication Date
CN103714276A CN103714276A (en) 2014-04-09
CN103714276B true CN103714276B (en) 2018-06-01

Family

ID=

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101536008A (en) * 2006-09-20 2009-09-16 诺基亚公司 Near field connection establishment
CN102100121A (en) * 2008-07-20 2011-06-15 三星电子株式会社 Method and system for managing multiple applications in near field communication
CN102546571A (en) * 2010-12-31 2012-07-04 国民技术股份有限公司 Identity authentication system and method
CN102667800A (en) * 2009-11-09 2012-09-12 德国捷德有限公司 Method for securely interacting with a security element

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101536008A (en) * 2006-09-20 2009-09-16 诺基亚公司 Near field connection establishment
CN102100121A (en) * 2008-07-20 2011-06-15 三星电子株式会社 Method and system for managing multiple applications in near field communication
CN102667800A (en) * 2009-11-09 2012-09-12 德国捷德有限公司 Method for securely interacting with a security element
CN102546571A (en) * 2010-12-31 2012-07-04 国民技术股份有限公司 Identity authentication system and method

Similar Documents

Publication Publication Date Title
US9495524B2 (en) Secure user authentication using a master secure element
JP6239788B2 (en) Fingerprint authentication method, apparatus, intelligent terminal, and computer storage medium
CN103714460B (en) Inputted using safety and the non-security method for exporting to verify transaction
EP2706699B1 (en) User terminal and payment system
US20160092877A1 (en) Secure user authentication interface technologies
US20180268415A1 (en) Biometric information personal identity authenticating system and method using financial card information stored in mobile communication terminal
BR112015000980B1 (en) COMPUTER IMPLEMENTED VERIFICATION METHOD
US20150332038A1 (en) Secure entry of secrets
US20150121510A1 (en) Method, device and system for entering data
CN103714457B (en) Method for verifying transaction
EP2738707B1 (en) Interactive reader commander
KR20110002968A (en) Method and system for providing financial trading service by using biometrics and portable memory unit therefor
US20190171803A1 (en) Method and apparatus for user authentication based on touch input including fingerprint information
TWM564228U (en) System for executing transaction based on a mobile communication device
CN103714276B (en) The system of connected equipment framework, mobile platform and the user authentication for safety
KR20110002967A (en) Method and system for providing authentication service by using biometrics and portable memory unit therefor
CN105989490A (en) Electronic device and fingerprint recognition control method
Nandhini et al. Mobile communication based security for atm pin entry
KR20110001475A (en) Method and system for the right of using service via network and portable memory unit therefor
US10296902B2 (en) Payment device with data entry keys
KR20150029251A (en) Method for securing object of electronic device and the electronic device therefor
TWI748415B (en) System and method for executing transaction based on a mobile communication device
JP2022184078A (en) Information input device and information processing system
KR20070017764A (en) Drive-up automatic teller machine and wireless communication device for financial dealings connected with drive-up automatic teller machine
CN108009433A (en) Electronic equipment, display system and its integrated control device, control method

Legal Events

Date Code Title Description
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant