CN102215108A - Encryption card certification and authority method adopting USB intelligent secret key and encryption card - Google Patents
Encryption card certification and authority method adopting USB intelligent secret key and encryption card Download PDFInfo
- Publication number
- CN102215108A CN102215108A CN2010105479495A CN201010547949A CN102215108A CN 102215108 A CN102215108 A CN 102215108A CN 2010105479495 A CN2010105479495 A CN 2010105479495A CN 201010547949 A CN201010547949 A CN 201010547949A CN 102215108 A CN102215108 A CN 102215108A
- Authority
- CN
- China
- Prior art keywords
- key
- encrypted card
- usb intelligent
- intelligent key
- usb
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 claims description 7
- 241001269238 Data Species 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 abstract description 2
- 230000000694 effects Effects 0.000 description 2
- 238000004321 preservation Methods 0.000 description 2
- 230000000875 corresponding Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
Abstract
The invention provides an encryption card certification and authority method adopting a USB intelligent secret key and an encryption card. The certification and authority method comprises two main flows, namely certification and authority, and a USB intelligent secret key is added to the encryption card. According to the encryption card certification and authority method, the safety intensity of data (especially PK) in the encryption card is obviously improved, and the secret key of the USB intelligent secret key can not be exported and copied, thereby improving the safety coefficient of an authentication medium, and avoiding the authentication medium from being copied. According to the PIN code and secret key mechanism of the USB intelligent secret key, the safety of the exported data of the encryption card is obviously improved. High transmission speed of USB (especially USB 2.0 and 3.0) ensures that authority and backup can be quickly finished.
Description
Technical field
The present invention relates to encrypted card and USB intelligent code key computer security hardware art, be specifically related to a kind of encrypted card authentication authority method and encrypted card of the USB of employing intelligent key.
Background technology
Along with people to improving constantly that computer security is paid attention to, increasing computer and server are installed encrypted card and are come protected data safety, the effect of encrypted card is also more and more important.
Authentication, management and information protection to encrypted card has simultaneously proposed new challenge, and simple password protection and backup can't be satisfied safety requirements.
Present common practice:
(1) use IC (logic) to stick into row authentication and data preservation by serial ports.Because IC (logic) card only has memory function, is easy to be replicated, and relies on the protection of IC-card fully, duplicates in case IC opens by other people, the IC-card authentication management will be performed practically no function
(2) using IC (CPU) to stick into row by serial ports authenticates and uses IC (logic) to stick into the line data preservation.Though IC (logic) card difficulty of reproduction is bigger, serial ports transmission data are slow, thereby authentication speed is influenced by it also.IC-card as for data are preserved is easy to be replicated, in case duplicated by other people, key does not have protection to say fully in the secret card.
Summary of the invention
The object of the present invention is to provide a kind of method and corresponding encrypted card that encrypted card and USB intelligent code key are combined, use the authentication of USB intelligent code key, management and preserve the encrypted card data.
A kind of encrypted card authentication authority method of the USB of employing intelligent key: comprise and authorize and authenticate two big flow processs;
Described authorization flow comprises:
A, be that each USB intelligent key is provided a certificate or key to indicate user identity;
All The data protection secret key encryptions in B, the encrypted card;
C, encrypted card be to the mandate of USB intelligent key, simultaneously the protection key of encrypted card is used be kept in the encrypted card behind the public key encryption in the USB intelligent key or the USB intelligent key in;
Described identifying procedure comprises:
D, encrypted card use PKI authentication mode authentication USB intelligent key;
The USB intelligent key of E, mandate will carry out role and right assignment according to authorization conditions, and undelegated USB intelligent key can't be by checking;
F, encrypted card use the private key in the USB intelligent key to separate the privacy protection key, decipher other desired datas simultaneously.
A kind of optimal technical scheme of the present invention is: described USB intelligent key can't be replicated and derive, and adopts the PIN code protection.
Another optimal technical scheme of the present invention is: the protected data that the USB intelligent key of the specific store derived data that process is authorized can be preserved encrypted card maybe imports to the derived data of preserving in the encrypted card.
A kind of encrypted card of supporting the USB intelligent key comprises encrypted card, and USB interface is characterized in that: comprise the USB intelligent key,
Described USB intelligent key is connected with encrypted card by USB interface.
A kind of technical scheme of the present invention is: have a certificate or key right in the described USB intelligent key, certificate or key be to can't duplicating or derive, and adopt PIN code protection USB intelligent key.
A technical scheme more of the present invention is: the internal storage The data protection cryptographic key protection of described encrypted card.
An also technical scheme of the present invention is: described encrypted card is to the mandate of USB intelligent key, simultaneously the protection key of encrypted card is used be kept in the encrypted card behind the public key encryption in the USB intelligent key or the USB intelligent key in.
Another technical scheme of the present invention is: described encrypted card uses PKI authentication mode authentication USB intelligent key, and unauthorized USB intelligent key can not authorize the USB intelligent key to carry out role and right assignment according to authorization conditions by authentication.
Another technical scheme of the present invention is: described encrypted card uses the private key in the USB intelligent key to separate the privacy protection key, deciphers other desired datas simultaneously.
Another technical scheme of the present invention is: the protected data that the USB intelligent key of the specific store derived data that process is authorized can be preserved encrypted card maybe imports to the derived data of preserving in the encrypted card.
The beneficial effect that the present invention brings is as follows:
1, the USB intelligent code key uses PKI system algorithm obviously to improve the security intensity of data (especially PK) in the encrypted card.
2, the coefficient of safety that has improved the authentication medium can not be derived and be duplicated to the private key of USB intelligent code key, avoids being replicated the puzzlement of authentication medium.
3, the PIN code of USB intelligent code key and private key mechanism, the fail safe of the derived data of encrypted card obviously improves.
4, the high-speed transfer speed of USB (especially 2.0,3.0) is finished authentication and backup fast.
Description of drawings
Fig. 1 is an encrypted card connection diagram of the present invention
Specific embodiments
At the problem of present encrypted card authentication, management and data protection, the invention provides a kind of solution safe, efficient and that easily expand.
Authorize:
(1), we are that each USB intelligent code key is provided a certificate (or key is right, approach is disregarded), in order to the identifying user identity.Because the physical characteristic of USB intelligent code key, the private key of certificate (or key to) can't duplicate and derive, and fundamentally stops the possibility that medium is replicated.Even the USB intelligent code key is lost, the PIN code protection of USB intelligent code key is still arranged, do not knowing still can't to use private key under the situation of PIN code.
(2), the equal encrypting storing of all data (this paper claims this key to be the protection key) in the encrypted card; (3), encrypted card is to the mandate of USB intelligent code key, simultaneously the protection key of encrypted card used public key encryption in the USB intelligent code key to preserve (position can be in encrypted card, also can in the USB intelligent code key).Authentication:
(1), encrypted card uses PKI authentication mode authentication USB intelligent code key, unauthorized USB intelligent code key can not be by authentication; Authorized the USB intelligent code key will carry out role and right assignment according to authorization conditions.
(2), encrypted card uses the private key in the USB intelligent code key to separate the privacy protection key, deciphers other data simultaneously as required, to guarantee that encrypted card can normally move.
Import and export data protection:
(1), the USB intelligent code key of the specific store derived data of process mandate can be preserved the protected data (can comprise the protection key) in the encrypted card.
(2), the USB intelligent code key of the specific store derived data of process mandate can import to the derived data of preserving (can comprise the protection key) in the encrypted card.
Claims (10)
1. encrypted card authentication authority method that adopts the USB intelligent key: it is characterized in that: comprise and authorize and authenticate two big flow processs;
Described authorization flow comprises:
A, be that each USB intelligent key is provided a certificate or key to indicate user identity;
All The data protection secret key encryptions in B, the encrypted card;
C, encrypted card be to the mandate of USB intelligent key, simultaneously the protection key of encrypted card is used be kept in the encrypted card behind the public key encryption in the USB intelligent key or the USB intelligent key in;
Described identifying procedure comprises:
D, encrypted card use PKI authentication mode authentication USB intelligent key;
The USB intelligent key of E, mandate will carry out role and right assignment according to authorization conditions, and undelegated USB intelligent key can't be by checking;
F, encrypted card use the private key in the USB intelligent key to separate the privacy protection key, decipher other desired datas simultaneously.
2. a kind of according to claim 1 encrypted card authentication authority method that adopts the USB intelligent key is characterized in that: described USB intelligent key can't be replicated and derive, and adopts the PIN code protection.
3. a kind of according to claim 1 encrypted card authentication authority method that adopts the USB intelligent key is characterized in that: the protected data that the USB intelligent key of the specific store derived data that process is authorized can be preserved encrypted card maybe imports to the derived data of preserving in the encrypted card.
4. an encrypted card of supporting the USB intelligent key comprises encrypted card, and USB interface is characterized in that: comprise the USB intelligent key,
Described USB intelligent key is connected with encrypted card by USB interface.
5. as a kind of encrypted card of supporting the USB intelligent key as described in the claim 4, it is characterized in that: have a certificate or key right in the described USB intelligent key, certificate or key be to can't duplicating or derive, and adopt PIN code protection USB intelligent key.
6. as a kind of encrypted card of supporting the USB intelligent key as described in the claim 4, it is characterized in that: the internal storage The data protection cryptographic key protection of described encrypted card.
7. as a kind of encrypted card of supporting the USB intelligent key as described in the claim 4; it is characterized in that: described encrypted card is to the mandate of USB intelligent key, simultaneously the protection key of encrypted card is used be kept in the encrypted card behind the public key encryption in the USB intelligent key or the USB intelligent key in.
8. as a kind of encrypted card of supporting the USB intelligent key as described in the claim 4, it is characterized in that: described encrypted card uses PKI authentication mode authentication USB intelligent key, unauthorized USB intelligent key can not authorize the USB intelligent key to carry out role and right assignment according to authorization conditions by authentication.
9. as a kind of encrypted card of supporting the USB intelligent key as described in the claim 4, it is characterized in that: described encrypted card uses the private key in the USB intelligent key to separate the privacy protection key, deciphers other desired datas simultaneously.
10. the described a kind of encrypted card of supporting the USB intelligent key of claim 4 is characterized in that: the protected data that can preserve encrypted card through the USB intelligent key of the specific store derived data of authorizing maybe imports to the derived data of preserving in the encrypted card.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105479495A CN102215108A (en) | 2010-11-17 | 2010-11-17 | Encryption card certification and authority method adopting USB intelligent secret key and encryption card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105479495A CN102215108A (en) | 2010-11-17 | 2010-11-17 | Encryption card certification and authority method adopting USB intelligent secret key and encryption card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102215108A true CN102215108A (en) | 2011-10-12 |
Family
ID=44746250
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010105479495A Pending CN102215108A (en) | 2010-11-17 | 2010-11-17 | Encryption card certification and authority method adopting USB intelligent secret key and encryption card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102215108A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103312500A (en) * | 2012-03-13 | 2013-09-18 | 北京海泰方圆科技有限公司 | Methods for protecting universal serial bus (USB) key information |
| TWI503698B (en) * | 2013-07-23 | 2015-10-11 | ||
| CN105141415A (en) * | 2015-09-15 | 2015-12-09 | 北京三未信安科技发展有限公司 | Remote management method and system of password equipment |
| CN108121903A (en) * | 2016-11-30 | 2018-06-05 | 钛能科技股份有限公司 | A kind of cipher management method of logic-based encrypted card and data encryption method for expressing |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101282220A (en) * | 2008-05-14 | 2008-10-08 | 北京深思洛克数据保护中心 | Information safety equipment for reinforcing key use security as well as implementing method thereof |
| CN101483518A (en) * | 2009-02-20 | 2009-07-15 | 北京天威诚信电子商务服务有限公司 | Customer digital certificate private key management method and system |
| CN201993769U (en) * | 2010-11-17 | 2011-09-28 | 北京曙光天演信息技术有限公司 | Encryption card supporting USB intelligent secret keys |
-
2010
- 2010-11-17 CN CN2010105479495A patent/CN102215108A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101282220A (en) * | 2008-05-14 | 2008-10-08 | 北京深思洛克数据保护中心 | Information safety equipment for reinforcing key use security as well as implementing method thereof |
| CN101483518A (en) * | 2009-02-20 | 2009-07-15 | 北京天威诚信电子商务服务有限公司 | Customer digital certificate private key management method and system |
| CN201993769U (en) * | 2010-11-17 | 2011-09-28 | 北京曙光天演信息技术有限公司 | Encryption card supporting USB intelligent secret keys |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103312500A (en) * | 2012-03-13 | 2013-09-18 | 北京海泰方圆科技有限公司 | Methods for protecting universal serial bus (USB) key information |
| TWI503698B (en) * | 2013-07-23 | 2015-10-11 | ||
| CN105141415A (en) * | 2015-09-15 | 2015-12-09 | 北京三未信安科技发展有限公司 | Remote management method and system of password equipment |
| CN105141415B (en) * | 2015-09-15 | 2018-01-16 | 北京三未信安科技发展有限公司 | The method for remote management and system of a kind of encryption device |
| CN108121903A (en) * | 2016-11-30 | 2018-06-05 | 钛能科技股份有限公司 | A kind of cipher management method of logic-based encrypted card and data encryption method for expressing |
| CN108121903B (en) * | 2016-11-30 | 2022-01-07 | 钛能科技股份有限公司 | Password management method and data encryption representation method based on logic encryption card |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN201408535Y (en) | Trusted hard disk facing to trusted computation cryptograph supporting platform | |
| CN201181472Y (en) | Hardware key device and movable memory system | |
| CN102932155A (en) | High-speed storage control SOC chip supporting adoption of hardware encryption algorithm | |
| CN104219044B (en) | A kind of key secret method for being used to encrypt storage device | |
| CN103281194B (en) | A kind of safety and lightweight RFID ownership transfer method based on Bilinear map | |
| CN108681909B (en) | Intelligent anti-counterfeiting device and source tracing anti-counterfeiting method based on block chain intelligent contract | |
| CN107908574B (en) | Safety protection method for solid-state disk data storage | |
| CN108900296B (en) | Secret key storage method based on biological feature identification | |
| CN102932140A (en) | Key backup method for enhancing safety of cipher machine | |
| CN103971426A (en) | PSAM safety control-based access control system and safe access control method using the same | |
| CN103560892A (en) | Secret key generation method and secret key generation device | |
| CN102236756A (en) | File encryption method based on TCM (trusted cryptography module) and USBkey | |
| CN101951315A (en) | Key processing method and device | |
| CN102215108A (en) | Encryption card certification and authority method adopting USB intelligent secret key and encryption card | |
| CN103336746A (en) | Safety encrypted USB (Universal Serial Bus) flash disk and data encryption method thereof | |
| CN106100824A (en) | Physics crushes and logical algorithm complex encryption technology | |
| JP2009526472A (en) | Data security including real-time key generation | |
| CN112560058B (en) | SSD partition encryption storage system based on intelligent password key and implementation method thereof | |
| CN102184144A (en) | Hardware-encryption mobile hard disk drive and application method thereof | |
| TWI476629B (en) | Data security and security systems and methods | |
| CN201993769U (en) | Encryption card supporting USB intelligent secret keys | |
| CN1953366B (en) | Password management method and system for intelligent secret key device | |
| CN101127013A (en) | Enciphered mobile storage apparatus and its data access method | |
| CN103051593A (en) | Method and system for secure data ferry | |
| KR101295038B1 (en) | How to use Certificate by using Secure Reader |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent for invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 100193 Beijing, Haidian District, northeast Wang West Road, building 8, building 36, floor 5 Applicant after: Beijing Shuguang Tianyan Information Technology Co., Ltd. Address before: 100084 Beijing city Haidian District Street office building No. 64 West mill Applicant before: Beijing Shuguang Tianyan Information Technology Co., Ltd. |
|
| C53 | Correction of patent for invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 100193 Beijing, Haidian District, northeast Wang West Road, building 8, building 36, floor 5 Applicant after: Shuguang Cloud Computing Technology Co., Ltd. Address before: 100193 Beijing, Haidian District, northeast Wang West Road, building 8, building 36, floor 5 Applicant before: Beijing Shuguang Tianyan Information Technology Co., Ltd. |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: SHUGUANG TIANYAN INFORMATION TECH CO LTD, BEIJING TO: SUGON CLOUD COMPUTING TECHNOLOGY CO., LTD. |
|
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20111012 |