TW200931928A - Security management system of a secret key - Google Patents
Security management system of a secret key Download PDFInfo
- Publication number
- TW200931928A TW200931928A TW97100748A TW97100748A TW200931928A TW 200931928 A TW200931928 A TW 200931928A TW 97100748 A TW97100748 A TW 97100748A TW 97100748 A TW97100748 A TW 97100748A TW 200931928 A TW200931928 A TW 200931928A
- Authority
- TW
- Taiwan
- Prior art keywords
- key
- management system
- security management
- application
- master
- Prior art date
Links
Landscapes
- Storage Device Security (AREA)
Abstract
Description
200931928 九、發明說明: 【發明所屬之技術領域】 本發明係有關於一種密錄安全管理.系統,尤其是指一 種使得RFID Tag能有效防止被非法使用或複製内容’該密 鑰安全管理系統不僅能產生主密鑰(Master key),並且 能有效管理限制主密鑰的應用權限,提供不同權限及限制 使用的日期’並還可以提供程式開發設計的介面(API)給 應用系統即時演算個別RFID Tag的密鑰,這些裝置需接觸 或不需接觸而可使用的,是可以適用於不同應用時所需要 安全性處理,而在其整體施行使用上更增實用便利價值性 之密鑰安全管理系統創新設計者。 【先前技術】 按’無線射頻識別技術(Radio Frequency Identification, RFID)為以射頻傳輸(RF)方式進行識別 定位(ID)的無線射頻識別技術。其可以同時讀寫大量的資 訊’進而進行相關管理及決策。 RFID系統由讀寫器(Reader)、電子標籤(Transponder, 亦稱Tag)與應用系統軟體(Appl icati〇n System)所組合而 成,系統運作主要是透過無線通訊技術將電子標籤内晶片 中的數位資訊,以非接觸的通訊方式傳送到讀寫器中,讀 寫器將擷取、辨識電子標籤之資訊後,即可作為後端應用 系統軟體進一步處理、使用或加值運用。 電子標籤結構包含類比、數位與記憶體功能之晶片, 以及依不同頻率或應用材料所設計之接合天線圖騰 (Antenna Pattern)。每只電子標籤上的積體電路矽晶體 (1C)擁有唯一的電子產品代臀pr〇duct 5 200931928200931928 IX. INSTRUCTIONS: [Technical field to which the invention pertains] The present invention relates to a security management system for secret recording, in particular to an RFID tag that can effectively prevent illegal use or copying of content 'this key security management system not only Can generate the master key (Master key), and can effectively manage the application authority to limit the master key, provide different permissions and limit the date of use 'and can also provide the program development design interface (API) to the application system to calculate the individual RFID The key of Tag, which can be used with or without contact, is a key security management system that can be applied to different applications for security processing, and which is more practical and convenient in its overall implementation. Innovative designer. [Prior Art] Radio Frequency Identification (RFID) is a radio frequency identification technology that performs identification (ID) by radio frequency transmission (RF). It can read and write a large amount of information at the same time' to carry out related management and decision-making. The RFID system is composed of a reader (Reader), an electronic tag (Transponder, also known as Tag) and an application software (Appl icati〇n System). The system operates mainly by means of wireless communication technology. The digital information is transmitted to the reader by non-contact communication. After the reader reads and recognizes the information of the electronic tag, it can be further processed, used or added as a software of the back-end application system. The electronic tag structure contains analog, digital and memory function chips, and an Antenna Pattern designed for different frequencies or application materials. The integrated circuit on each electronic tag 矽 crystal (1C) has the only electronic product generation hip pr〇duct 5 200931928
Code ’ EPC) ’並貼附在物體上以標識目標物件。在不同的 領域上可選擇不同的尺寸與型態,電子標籤主要可分為: (一) 主動式電子標籤(Active Tag):透過内附電池主動傳 送訊息’傳輸距離長,但體型大且價格高’電池壽命 約兩年,之後不可再利用。 (二) 被動式電子標籤(PassiveTag):不包含電池,因此壽 命長、體積小、價格便宜。其透過讀寫器所發出電磁 波’利用内感電耦或微波反射的原理啟動晶片,反射 -❹ 傳輸資訊。 (二)半主動式電子標籤(Semi-Active Tag):平時處於沈睡 狀態,透過領域產生器(FieldGenerator)喚醒電子標 籤’可以減少電力的耗損及環境中較少的電波傳送。 右另外加上住址感應器(Motion Detector)則可以對 物件加以進行定住。 電子標籤内的晶片記憶容量以64 bits〜256 bits為 主’其在資料讀寫的特性可分為:唯讀(Read〇niy,class Q 〇)、可重複讀寫(Read-Write,class 2)、寫入一次讀取多 次(Write Once Read Many , class 1)。 應用系統軟體包含中介軟體(middleware)以及後端系 統整合(system integration) ’應用系統軟體主要存於工 作站或是個人電腦中,主要處理有關rFID驅動事件的發 生、控制前端讀寫器的讀寫以及處理有關RFID電子標籤資 訊流的解析、過濾、萃取與彙總。 在中介軟體的功能’透過XML(Extensible MarkupCode ‘ EPC) ’ and attached to the object to identify the target object. Different sizes and types can be selected in different fields. The electronic tags can be mainly divided into: (1) Active tag: Actively transmit messages through the attached battery. 'Long transmission distance, but large size and price The high 'battery life is about two years, and can't be reused later. (2) PassiveTag: It does not contain batteries, so it has a long life, small size and low price. The electromagnetic wave emitted by the reader/writer uses the principle of internal inductance or microwave reflection to start the wafer and reflect - 传输 to transmit information. (2) Semi-Active Tag: It is usually in a state of slumber, and wakes up the electronic tag through the FieldGenerator to reduce power consumption and less radio wave transmission in the environment. The object can be fixed by adding the Motion Detector to the right. The memory capacity of the chip in the electronic tag is mainly 64 bits to 256 bits. The characteristics of reading and writing data can be divided into: read-only (Read Q) and read-write (class 2). ), Write Once Read Many (class 1). Application software includes middleware and system integration. 'Application system software is mainly stored in workstations or personal computers, mainly dealing with the occurrence of rFID driver events, controlling the reading and writing of front-end readers and Handling parsing, filtering, extraction and summarization of RFID electronic tag information streams. The function of the mediation software 'through XML (Extensible Markup
Language)格式文件’並以 SOAP (Simple object AccessLanguage) format file ' and SOAP (Simple object Access
Protocol)技術傳遞 XML 的訊息’藉由 〇DBC(〇bject Data 200931928Protocol) technology to deliver XML messages' by 〇DBC (〇bject Data 200931928
Base Connectivity)技術與後端企業資訊系統、資料庫管 理系統連結溝通,提供即時且完整的RFID資料通訊網路。 應用系統軟體也可利用加密解密的方式達到保密的效果, 使知數位資料具有可變性、流通性等好處,並與網際網路、 PC、PDA、Wireless以及與未來資訊家電等產業整合。 介於上述電子標籤與應用系統軟體間之媒介裴置即為 讀寫器,讀寫器可擷取、辨識電子標簸資訊後,即傳輸資 ΟBase Connectivity technology communicates with the back-end enterprise information system and database management system to provide an instant and complete RFID data communication network. Application software can also achieve the effect of confidentiality by means of encryption and decryption, so that the digital data has the advantages of variability and liquidity, and integrates with the Internet, PC, PDA, Wireless, and future information appliances. The media device between the above-mentioned electronic tag and the application software is a reader/writer. After the reader can capture and recognize the electronic standard information, the data is transmitted.
料至後端應用系統軟體做進一步處理,目前常見之讀寫器 形式可分為: ° (一)固定式讀寫器(Fixed Reader):可以安裝於門口,對 於進入的人員進行識別。 (一)手持式讀寫器(Hand-Held Reader):以插卡式 (PCMCIA/CF卡式)嵌入至特殊設備内之裝置,如行動 數位助理(Personal Digital Assistant, PDA)。使用 時,其可以自由移動於各空間,對於較固定不動的物 件(如貴重器材)進行資料讀/寫,以建立、維護完整的 電子記錄。 然而,一般加密效果越佳者,其相對越是複雜,連帶 ,、使得其解碼逮度越慢,使得如制在需快速解碼的場合 〜,其過慢的解碼速度並不適用,而解碼速度快者,其加 =效果_得較差,容易為不肖人士所㈣破解,失去其 =保護之目的,致令如何具有一加密效果佳,且解螞速 又、之,鑰,即成為一急待研發之重要課題。 ^丄緣疋發明人有鑑於此’秉持多年該相關行業之豐富 ^開發及實際製作經驗’針對現有之結構及缺失再予以 研究改良,提供—蚀—认〜入# ^ ^種谘鑰安全管理系統,以期達到更佳實 200931928 用價值性之目的者。 【發明内容】 本發明^密鑰安全管理系統,主要提供各種密鑰的生 成機制和加密算法,並將生成的密錄存儲在具有密錄導出 功能的CPU智慧卡,即安全存取模組(Security AccessIt is expected to be processed by the back-end application system software. The current common reader format can be divided into: ° (1) Fixed Reader: It can be installed at the door to identify the entering personnel. (1) Hand-Held Reader: A device that is plugged into a special device, such as a Personal Digital Assistant (PDA), in a plug-in type (PCMCIA/CF card). When in use, it can move freely in each space, and read/write data for more fixed objects (such as valuable equipment) to establish and maintain complete electronic records. However, the better the general encryption effect, the more complicated it is, the more the link is, the slower the decoding is, so that if the system needs to decode quickly, its slow decoding speed is not applicable, and the decoding speed is not applicable. Faster, its plus = effect _ is poor, easy for the unscrupulous person (four) to crack, lose its = protection purpose, so that how to have a good encryption effect, and the solution speed, and the key, that is, an urgent need An important topic for research and development. ^丄缘疋 Inventors have in view of this 'long years of rich experience in the relevant industry development and actual production experience' to the existing structure and lack of research and improvement, provide - eclipse - recognition ~ into # ^ ^ type key security management The system, in order to achieve better 200931928 value for the purpose of the purpose. SUMMARY OF THE INVENTION The present invention provides a key security management system, which mainly provides various key generation mechanisms and encryption algorithms, and stores the generated secret records in a CPU smart card with a secret record export function, that is, a secure access module ( Security Access
Module ’ SAM)卡中,且提供密鑰管理功能;主要係利用本 系統之加密系統將-種主密鑰及一種系統密瑜基碼與一種 應用播案^數結合,根據國際標準公式演算產生各個應用 Ο 檔案的主密鑰;該解密密碼儲存於一 RFID Tag(無線射頻 姻技術電子錢)’且輕已鎖止的加密系統解密的唯一 可用密碼,並配合限制可使用的時間。 【實施方式】 為令本發明所運用之技術内容、發明目的及其達成之 功效有更完整且清楚的揭露,茲於下詳細說明之,並請一 併參閱所揭之圖式及圖號: 首先’凊參閱第一圖本發明之系統架構示意圖所示, ❹ 本發明主要係將RFID Tag(無線射頻識別技術電子標籤)記 憶體資料工間劃分為一至數個應用檔案(App 1 i cat i 〇n file),每一應用檔案皆有一個安全控管區塊,安全控管 區塊内存之密鑰以及存取權限,由密鑰管理系統產生與保 護’高安全性RFID讀寫器(Rea(jer)只能對含有正確密餘 的RFID Tag進行讀或寫的操作;密鑰安全管理系統對各個 應用檔案(Application file)產生唯一的一套主密鑰, 並且將這些主密鑰儲存在具有安全保護機制的密鑰卡内, 用戶可依密鑰卡的權限定義將應用檔案密鑰(Application file keys)載入電腦内暫存應用。 8 200931928 將系統定義的主密錄(Master Key)存入安全存取模 組(Security Access Module ; SAM)卡中,該安全存取模 組卡是一個國際標準的高安全性CPU卡(CPU Card)。 而請一併參閱第二圖本發明之主密鑰產生架構示意圖 所示,本發明密鑰安全管理系統其主密鑰(Master Key)的 產生係由多組(1〜N)基本密錄基碼(Base Key Seed)、密鑰 安全管理系統内建之系統密餘基碼(System Key)、應用樓 案參數(Application Specific Data)結合,根據國際標 〇 準演算公式(如·· MD2、3DES…)公式演算產生各個應用檔 案的主密鑰;其中: 該系統密餘基碼(System Key),其係為密鍮安全管理 系統内建的唯一密鑰,並能有效管理限制主密鑰的應用權 限’提供不同權限及限制使用的日期。 請再一併參閱第三圖本發明之應用檔案密鑰產生架構 示意圖所示,該每一個RFID Tag(無線射頻識別技術電子 標籤)内存的每一個應用檔案(Applicati〇nfile)都有一 Ο 組唯一的密鑰,當RFID讀寫器在讀寫RFID Tag的時候, 必須使用Application file實際的密鑰,才能正確的和 RFID Tag完成認證,並且讀或寫資料,這些密鑰由國際標 準演算公式(如:MD2、3DES…)公式演算,此一密鑰演算 公式運用了各個應用檔案的主密鑰(MasterKey)、應用檔 案名稱(Application File Name),以及 RFID Tag 的唯一 序號(UID)做為演算參數,進而演算出每一個RFID Tag 内存的應用檔案的唯一密鑰。 RFIDTag應用KeyMan (密錄安全管理系統)產生的安 全密鑰儲存在安全存取模组(security Access Module; 9 200931928 SAM)卡内,經由密鑰安全管理系統,依相關權限設定條件 (讀、寫、密鑰有效期限),於應用系統在啟用讀寫器進行 讀寫RFID Tag之前’必須將應用檔案密鑰(ApplicationModule 'SAM) card, and provides key management function; mainly uses the encryption system of the system to combine the master key and a system secret code with an application broadcast number, and calculate according to the international standard formula Each application 主 the master key of the file; the decrypted password is stored in an RFID Tag and the only available password that is decrypted by the locked encryption system, and is limited by the time available for use. [Embodiment] For a more complete and clear disclosure of the technical content, the purpose of the invention and the effects thereof achieved by the present invention, the following is a detailed description, and please refer to the drawings and drawings: First, the first embodiment of the present invention is shown in the schematic diagram of the system architecture. The present invention mainly divides the RFID tag (radio frequency identification technology electronic tag) memory data into one or several application files (App 1 i cat i). 〇n file), each application file has a security control block, security control block memory key and access rights, generated and protected by the key management system 'high security RFID reader (Rea (jer) can only read or write RFID tags with correct density; the key security management system generates a unique set of master keys for each application file, and stores these master keys in In the key card with security protection mechanism, the user can load the application file keys into the temporary storage application in the computer according to the permission definition of the key card. 8 200931928 The main system defined by the system The Master Key is stored in a Security Access Module (SAM) card, which is an international standard high security CPU card (CPU Card). 2 is a schematic diagram of the master key generation architecture of the present invention. The master key of the key security management system of the present invention is generated by multiple groups (1 to N) basic key record base code (Base Key Seed). ), the system security key system (System Key) built in the key security management system, and the application specific data (Application Specific Data) combined, according to the international standard quasi-calculation formula (such as · MD2, 3DES...) formula calculation The master key of each application file; where: the system key code (System Key), which is a unique key built into the security management system, and can effectively manage the application rights of the restricted master key. Permissions and restrictions on the date of use. Please refer to the third diagram of the application file key generation architecture of the present invention. Each application file of each RFID Tag (radio frequency identification technology electronic tag) memory is shown. Applicati〇nfile) has a unique set of keys. When the RFID reader reads and writes the RFID tag, it must use the actual key of the Application file to properly authenticate the RFID tag and read or write the data. These keys are calculated by the international standard calculus formula (eg, MD2, 3DES...). This key calculus formula uses the master key (ApplicationKey), application file name, and RFID tag of each application file. The unique serial number (UID) is used as the calculation parameter, and then the unique key of the application file of each RFID Tag memory is calculated. The security key generated by the RFIDTag application KeyMan (secure security management system) is stored in the security access module (9 200931928 SAM) card, and the conditions are set according to the relevant authority (read and write) via the key security management system. , the key expiration date), the application file key must be applied before the application system enables the reader to read and write RFID tags.
Key)載入系統内暫存,之後再經過國際標準的演算 公式(如:MD2、3DES…),演算出.RFIDTag上之應用播案 的正確密鑰,接著載入RFID讀寫器即可正常讀寫RFID Tag 〇 以上所述之各實施例的揭示均係為利於說明本發明之 更^手段,並非限制本發明之架構組成,故舉凡數值的變 3等效結構的簡單替換仍屬本發明之設計範疇。Key) is loaded into the system for temporary storage, and then passed the international standard calculation formula (such as: MD2, 3DES...) to calculate the correct key of the application broadcast on the RFIDTag, and then load the RFID reader to be normal. The disclosure of the various embodiments described above is intended to facilitate the description of the present invention and is not intended to limit the architectural composition of the present invention. Therefore, the simple replacement of the variable equivalent structure of the numerical value is still the present invention. The scope of design.
欵,綜上所述’本發明實施例確能達到所預期之使用功 亦未^其3斤揭露之具體構造,不僅未曾見諸於同類產品中, 求:公開於申請前,誠已完全符合專利法之規定與要 專利明專利之申請,想請惠予審查’並踢准欵, in summary, the embodiment of the present invention can achieve the expected use of the work is not the specific structure of its 3 kg exposure, not only has not been seen in similar products, seeking: open before the application, Cheng has fully met The provisions of the Patent Law and the application for patents, please apply for review
10 200931928 【圖式簡單說明】 第一圖:本發明之系統架構示意圖 第二圖:本發明之主密鑰產生架構示意圖 第三圖:本發明之應用檔案密鑰產生架構示意圖 【主要元件符號說明】10 200931928 [Simple diagram of the diagram] First diagram: schematic diagram of the system architecture of the present invention. Second diagram: Schematic diagram of the master key generation architecture of the present invention. Third diagram: Schematic diagram of the application profile key generation architecture of the present invention. 】
Claims (1)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW97100748A TW200931928A (en) | 2008-01-08 | 2008-01-08 | Security management system of a secret key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW97100748A TW200931928A (en) | 2008-01-08 | 2008-01-08 | Security management system of a secret key |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| TW200931928A true TW200931928A (en) | 2009-07-16 |
Family
ID=44865428
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW97100748A TW200931928A (en) | 2008-01-08 | 2008-01-08 | Security management system of a secret key |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TW200931928A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI469655B (en) * | 2012-02-14 | 2015-01-11 | 蘋果公司 | Methods and apparatus for large scale distribution of electronic access clients |
-
2008
- 2008-01-08 TW TW97100748A patent/TW200931928A/en unknown
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI469655B (en) * | 2012-02-14 | 2015-01-11 | 蘋果公司 | Methods and apparatus for large scale distribution of electronic access clients |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102007478B (en) | Portable computing system and portable computer for use with same | |
| US7800499B2 (en) | RFID and sensor signing algorithm | |
| BRPI0419000A (en) | method and system for secure administration of data records stored on an electronic tag, and electronic tag | |
| CN103839313A (en) | Access control system | |
| CN101520854B (en) | Smart memory card, data safety control system and method thereof | |
| CN101667163A (en) | Encrypting and authenticating equipment with dual safety chips | |
| CN103927803B (en) | Based on the Electrically operated gate lock control system of active radio frequency identification | |
| WO2012041070A1 (en) | Radio frequency identification tag access method and device | |
| CN109993250A (en) | Elevator maintenance management system | |
| CN201465116U (en) | Safe mobile storage device by using mobile communication network | |
| TW200931928A (en) | Security management system of a secret key | |
| CN102509035A (en) | Data protection method based on sliding type true skin living fingerprint identification technology | |
| JP2010102617A (en) | System, device, method and program of access management of external storage, apparatus and recording medium | |
| CN201387612Y (en) | Agricultural and animal product circulation supervising device | |
| CN109447653A (en) | A kind of IC card encryption method, device, terminal and storage medium | |
| US20070039041A1 (en) | Unified reference id mechanism in a multi-application machine readable credential | |
| CN201594276U (en) | Double-security chip encryption and authentication device | |
| AU2006203516A1 (en) | Unified reference ID mechanism in a multi-application machine readable credential | |
| JP2006318291A (en) | Radio tag management program | |
| CN2906747Y (en) | USB device with data storage and intelligent secret key | |
| KR101053636B1 (en) | Encryption/decryption method and system for rfid tag and reader using multi algorithm | |
| JP2011060136A (en) | Portable electronic apparatus, and data management method in the same | |
| Putra et al. | Design and Development of Login Security System Using Radio Frequency Identification | |
| CN101004796B (en) | Recording method, recorder and IC card | |
| JP2004210446A (en) | Book management system and information recording system |