Summary of the invention
In order to solve the problems of the technologies described above, the present invention utilizes the near radio information transmission technology, many group confidential information is transferred in single Portable multi-functional identity authentication, in the corresponding dynamic cipher device of each confidential information group or digital certificate device.
According to an aspect of the present invention, provide a kind of multi-functional identity authentication, having comprised: the confidential information holder, for storing the corresponding a plurality of confidential information groups of a plurality of authenticators, the corresponding confidential information group of each authenticator wherein; Information carrying means, for inputing to the confidential information holder by described a plurality of confidential information groups; Selector, for receiving the sign of the authenticator that the user selects, according to described sign, sent the corresponding confidential information group of the authenticator of selecting with described user of storing in the confidential information holder; The authentication calculations device, for receive the corresponding confidential information group of authenticator of selecting with described user from selector, calculate authentication information according to the described confidential information batch total received; Wherein, the mode that described information carrying means comprises being reserved with line interface inputs to described a plurality of confidential information groups wired information carrying means of confidential information holder, and/or wirelessly described a plurality of confidential information groups is inputed to the wireless information carrying device of confidential information holder.
Wherein, described confidential information group comprises cryptographic key and other corresponding confidential information.
Further, described a plurality of authenticators comprise dynamic cipher device and/or digital certificate device, and described authentication calculations device comprises dynamic password algorithm device and/or digital certificate programmer.
Further, described wired information carrying means has reserved wireline interface that can the transceiver confidential information.。Described wired information carrying means is the limited information transmitting device that adopts self-defining contact host-host protocol or ISO7816 agreement or I2C agreement or SPI agreement.Described wired information carrying means adopts the contact host-host protocol.Especially, described wired information carrying means adopts the contact host-host protocol, and can be self-defining, or adopt existing agreement, such as ISO7816, I2C, the agreements such as SPI.
Further, described wireless information carrying device also comprises antenna that can the transceiver confidential information.Described wireless information carrying device is the wireless information carrying device that uses self-defining contactless host-host protocol or ISO14443A agreement or ISO14443B agreement or Felica agreement.Described near radio information carrying means adopts contactless host-host protocol.Especially, described contactless host-host protocol is self-defining, or adopts existing agreement, such as ISO14443A, and ISO14443B, or Felica.
According to a further aspect in the invention, provide a kind of for authenticator computer confidential information method, comprise: wirelessly the corresponding a plurality of confidential information groups of a plurality of authenticators are inputed to the confidential information holder in advance from outside and stored, wherein the corresponding confidential information group of each authenticator; Receive the sign of the authenticator of user's selection, and according to described sign, the corresponding confidential information group of the authenticator of selecting with described user of storing in the confidential information holder is sent; Receive the corresponding confidential information group of the described authenticator of selecting with the user, and calculate and show or provide the confidential information of authentication according to the described confidential information batch total received.And, also provide a kind of for authenticator computer confidential information device, comprise: wirelessly the corresponding a plurality of confidential information groups of a plurality of authenticators are inputed to the device that the confidential information holder is stored in advance from outside, wherein the corresponding confidential information group of each authenticator; Receive the sign of the authenticator of user's selection, and the device corresponding confidential information group of the authenticator of selecting with described user of storing in the confidential information holder sent according to described sign; Receive the corresponding confidential information group of the described authenticator of selecting with the user, and calculate and show or provide the device of the confidential information of authentication according to the described confidential information batch total received.
Embodiment
Fig. 4 has shown conventional dynamic scrambler and and the example of the internal structure of digital certificate device.This scrambler or certificate device, except its dynamic password algorithm device, digital certificate program and display screen and interface are arranged, more have the confidential information group of its specific K and C.That is to say that each confidential information group can represent a scrambler or certificate device, and a plurality of different confidential information group just can represent a plurality of scramblers or certificate device.
Fig. 5-Fig. 7 has shown respectively the embodiment of Portable identity authentication internal structure of the present invention.Scrambler of the present invention or certificate device, except cryptographic algorithm device, certificate programmer, display screen and interface are arranged, more have management system and the stocking system of its special dynamic password key (K) and corresponding other confidential information (C).Each scrambler or certificate device, different confidential information group (Ki) and (Ci) representative by each, and represent and directly be stored in numerous confidential information groups of a plurality of scramblers or certificate device in stocking system, referring to Fig. 3.
Embodiment mono-
Fig. 5 shows the Portable multi-functional identity authentication 500 based on a plurality of dynamic cipher devices according to first embodiment of the invention, and this Portable identity authentication 500 comprises scrambler confidential information holder 501, scrambler confidential information management system 502, selector 503, dynamic password algorithm device 504, information carrying means 505 and display screen 506.
A plurality of dynamic cipher devices have been integrated in Portable identity authentication 500, the representative of each dynamic cipher device confidential information group different by each, i dynamic cipher device by with i i confidential information group (Ki) and (Ci) expression that dynamic cipher device is corresponding.
Scrambler manager (enterprise, bank and units concerned) is via scrambler confidential information management system 502, the selected dynamic cipher device i that will set, and display screen 506 has also shown selected scrambler i, does confirmation.The scrambler manager is the corresponding confidential information group (Ki) and (Ci) be input to the corresponding position in scrambler confidential information holder 501 by dynamic cipher device i thereupon, and display screen 506 shows and stores successfully.By such mode, can in scrambler confidential information holder 501, to dynamic cipher device 1, to the corresponding confidential information group of dynamic cipher device n (K1) with (C1), to (Kn) with (Cn), be stored.Scrambler confidential information holder 501 has its safe encryption and decryption functions, to protect these, is stored in the safety of interior confidential information group.
The confidential information group is input in scrambler confidential information holder 501 two kinds of modes, wired and wireless information transfer can be arranged.Information carrying means 505 comprises wired information carrying means (wireline interface in Fig. 5) and/or wireless information carrying device (antenna in Fig. 5).For wired information carrying means, can see through reserved interface in advance, via contact point and scrambler confidential information management system, confidential information is input to the position of corresponding holder, this mode is also sometimes referred to as the contact communication.If the confidential information of many groups can be implanted in holder together simultaneously, the contact communication can be a good selection.If but also had follow-up confidential information to need to implant in the future, wireless information transfer (or claiming contactless communication), will be best selection.Because be exactly there is no reserved interface, confidential information still can see through antenna, contactless information transmission protocol and scrambler confidential information management system, is implanted to corresponding holder position.Contactless information transmission protocol can have many types, such as ISO14443A, and ISO14443B, Felica etc., even also can oneself define a set of specific host-host protocol, to guarantee the safety of communication.
The user, after starting dynamic cipher device safely, selects to want the dynamic cipher device i used from n dynamic cipher device, display screen 506 shows selected dynamic cipher device i, does confirmation.Scrambler confidential information holder 501 is the corresponding confidential information group (Ki) and (Ci) by dynamic cipher device i thereupon, be sent to dynamic password algorithm device 504 via selector 503, dynamic password algorithm device 504 calculates dynamic password automatically according to confidential information group (Ki) with (Ci), directly the dynamic password calculated is presented on display screen 506.
Embodiment bis-
Fig. 6 shows the Portable multi-functional identity authentication 600 based on a plurality of digital certificate devices according to second embodiment of the invention, and this Portable identity authentication 600 comprises digital certificate device confidential information holder 601, digital certificate device confidential information management system 602, selector 603, certificate programmer 604, information carrying means 605, display screen 606 and interface 607.
Integrated a plurality of certificate devices in Portable identity authentication 600, the representative of each certificate device confidential information group different by each, i certificate device by with i i confidential information group (Ki) and (Ci) expression that the certificate device is corresponding.
Certificate management person (enterprise, bank and units concerned) is via digital certificate device confidential information management system 602, the selected certificate device i that will set, and display screen 606 has also shown selected certificate device i, does confirmation.Certificate management person is the corresponding confidential information group (Ki) and (Ci) be input to the corresponding position in digital certificate device confidential information holder 601 by certificate device i thereupon, and display screen 606 shows and stores successfully.By such mode, can in digital certificate device confidential information holder 601, to certificate device 1, to the corresponding confidential information group of certificate device n (K1) with (C1), to (Kn) with (Cn), be stored.Digital certificate device confidential information holder 601 has its safe encryption and decryption functions, to protect these, is stored in the safety of interior confidential information group.
The confidential information group is input in scrambler confidential information holder 601 two kinds of modes, wired and wireless information transfer can be arranged.Information carrying means 605 can comprise wired information carrying means (wireline interface in Fig. 6) and/or wireless information carrying device (antenna in Fig. 6).For wired information carrying means, can see through reserved interface in advance, via contact point and scrambler confidential information management system, confidential information is input to the position of corresponding holder, this mode is also sometimes referred to as the contact communication.If the confidential information of many groups can be implanted in holder together simultaneously, the contact communication can be a good selection.If but also had follow-up confidential information to need to implant in the future, wireless information transfer (or claiming contactless communication), will be best selection.Because be exactly there is no reserved interface, confidential information still can see through antenna, contactless information transmission protocol and scrambler confidential information management system, is implanted to corresponding holder position.Contactless information transmission protocol can have many types, such as ISO14443A, and ISO14443B, Felica etc., even also can oneself define a set of specific host-host protocol, to guarantee the safety of communication.
The user, after starting safely the certificate device, selects to want the certificate device i used from n certificate device, display screen 606 shows selected certificate device i, does confirmation.Digital certificate device confidential information holder 601 is the corresponding confidential information group (Ki) and (Ci) by certificate device i thereupon, be sent to certificate programmer 604 via selector 603, certificate programmer 604 according to confidential information group (Ki) and (Ci) calculates digital certificate automatically, via interface 607 output digital certificates, for the user further.
Embodiment tri-
Fig. 7 shows the Portable identity authentication 700 based on a plurality of dynamic cipher devices and digital certificate device according to third embodiment of the invention, and this Portable identity authentication 700 comprises authenticator confidential information holder 701, authenticator confidential information management system 702, selector 703, dynamic password algorithm device and certificate programmer 704, information carrying means 705, display screen 706 and interface 707.
A plurality of authenticators have been integrated in Portable identity authentication 700, authenticator can be dynamic cipher device or certificate device, the confidential information group representative that each authenticator is different with each by the type (dynamic cipher device or certificate device) of this authenticator, i authenticator by the type (Ri) of this authenticator and with i i confidential information group (Ki) and (Ci) expression that authenticator is corresponding.
Authenticator manager (enterprise, bank and units concerned) is via authenticator confidential information management system 702, the selected authenticator i that will set, and display screen 706 has also shown selected authenticator i, does confirmation.The authenticator manager by the type of authenticator i (Ri) and the corresponding confidential information group (Ki) of this authenticator i and (Ci) is input to the corresponding position in authenticator confidential information holder 701 thereupon, and display screen 706 shows and stores successfully.By such mode, can be in authenticator confidential information holder 701 to authenticator 1 to the corresponding confidential information group of authenticator n (R1), (K1) with (C1) to (Rn), (Kn) He (Cn) stored.Authenticator confidential information holder 701 has its safe encryption and decryption functions, to protect these, is stored in the safety of interior confidential information group.
The confidential information group is input in scrambler confidential information holder 701 two kinds of modes, wired and wireless information transfer can be arranged.Information carrying means 705 can comprise wired information carrying means (wireline interface in Fig. 7) and/or wireless information carrying device (antenna in Fig. 7).For wired information carrying means, can see through reserved interface in advance, via contact point and scrambler confidential information management system, confidential information is input to the position of corresponding holder, this mode is also sometimes referred to as the contact communication.If the confidential information of many groups can be implanted in holder together simultaneously, the contact communication can be a good selection.If but also had follow-up confidential information to need to implant in the future, wireless information transfer (or claiming contactless communication), will be best selection.Because be exactly there is no reserved interface, confidential information still can see through antenna, contactless information transmission protocol and scrambler confidential information management system, is implanted to corresponding holder position.Contactless information transmission protocol can have many types, such as ISO14443A, and ISO14443B, Felica etc., even also can oneself define a set of specific host-host protocol, to guarantee the safety of communication.
The user, after starting authenticator safely, selects to want the authenticator i used from n authenticator, display screen 706 shows selected authenticator i, does confirmation.Authenticator confidential information holder 701 thereupon by the type of authenticator i (Ri) and the corresponding confidential information group (Ki) of authenticator i and (Ci), via selector 703, be sent in dynamic password algorithm device and certificate programmer 704, dynamic password algorithm device and certificate programmer 704 are according to authenticator type (Ri) and confidential information group (Ki) and (Ci), select to adopt dynamic password algorithm or digital certificate program automatically to calculate dynamic password or digital certificate, directly the dynamic password calculated is presented on display screen 706, or via interface 707 output digital certificates, for the user further.
Embodiment tetra-
Fig. 8 shows the method for operation of organizing confidential information according to the storage of the embodiment of the present invention more.Manager (enterprise, bank and units concerned) is via selected scrambler i or the certificate device i that will set of confidential information management system, display screen has also shown selected scrambler i or certificate device i and (Ri), does confirmation.The manager, thereupon by this scrambler i or the corresponding confidential information group (Ri) of certificate device i, (Ki) and (Ci) is input to the corresponding position in scrambler or certificate device confidential information holder, and the display screen demonstration stores successfully.By such mode, can be to a plurality of confidential information groups (R1) in scrambler or certificate device confidential information holder, (K1) with (C1) to (Rn), (Kn) He (Cn) stored.Scrambler or certificate device confidential information holder have its safe encryption and decryption functions, to protect these, are stored in the safety of interior confidential information group.
Embodiment five
Fig. 9 shows the mode of operation according to the scrambler of a plurality of dynamic cipher devices of including of the embodiment of the present invention or certificate device.The user, after setting up password device or certificate device safely, selects to want the scrambler i that uses or certificate device i and (Ri) from scrambler or certificate device, display screen shows selected scrambler i or certificate device i, does confirmation.Scrambler or certificate device confidential information holder are thereupon by scrambler i or the corresponding confidential information group (Ri) of certificate device i, (Ki) and (Ci), via selector, be sent in dynamic password algorithm device or certificate programmer, adopt dynamic password algorithm or digital certificate program automatically to calculate dynamic password or digital certificate, directly the dynamic password calculated is presented on display screen, or via interface output digital certificate, for the user further.
Embodiment six
In the present embodiment, there is executable program dynamic cipher device and/or digital certificate device inside, for calculating the authentication confidential information, step when described program is performed is as follows: (a) wirelessly the corresponding a plurality of confidential information groups of a plurality of authenticators are inputed to the confidential information holder in advance from outside and stored, wherein the corresponding confidential information group of each authenticator; (b) receive the sign of the authenticator of user's selection, and according to described sign, the corresponding confidential information group of the authenticator of selecting with described user of storing in the confidential information holder is sent; (c) receive the corresponding confidential information group of the described authenticator of selecting with the user, and calculate and show or provide the confidential information of authentication according to the described confidential information batch total received.
Obviously, those skilled in the art it should be understood that above-mentioned executable program is one embodiment of the present invention, and technical scheme of the present invention also is not limited to realize by executable program, also can realizes by hardware modes such as integrated circuit (IC) apparatus.The present invention is not restricted to any specific hardware and software combination.Use the present invention, can intactly implant the confidential information group in corresponding dynamic cipher device or digital certificate device again safely.And, after single portable multi-functional identity authentication is packed, use the present invention also can organize confidential information to another safely easy, again, implant in corresponding dynamic cipher device or digital certificate device.
In addition; although adopt above-described embodiment, principle of the present invention and embodiment have been described; but under above-mentioned instruction of the present invention; those skilled in the art can carry out various improvement and distortion on the basis of above-described embodiment, and these improvement or distortion drop in protection scope of the present invention.It will be understood by those skilled in the art that top specific descriptions are just in order to explain purpose of the present invention, not for limiting the present invention.