CN102377567A - Intelligent key system - Google Patents
Intelligent key system Download PDFInfo
- Publication number
- CN102377567A CN102377567A CN201010257893XA CN201010257893A CN102377567A CN 102377567 A CN102377567 A CN 102377567A CN 201010257893X A CN201010257893X A CN 201010257893XA CN 201010257893 A CN201010257893 A CN 201010257893A CN 102377567 A CN102377567 A CN 102377567A
- Authority
- CN
- China
- Prior art keywords
- module
- management module
- command analysis
- data
- safety chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a password system. An intelligent key system provided by the invention comprises a security chip module, a transmission management module, an instruction resolution module and a file management module, wherein the security chip module is connected with the transmission management module by a universal serial bus (USB) interface; the transmission management module is connected with the file management module by the instruction resolution module; the instruction resolution module is connected with a security communication module; and the file management module is connected with a right management module. The system can provide comprehensive and high-efficiency data management and secure encryption service of different levels for a user. An intelligent key with 32 bits adopts a standard USB interface, can be used in any environment supporting USB communication, and can conveniently support kinds of application in combination with rich upper-layer interfaces to actually realize multifunction.
Description
Technical field
The present invention relates to a kind of cryptographic system.
Background technology
Fast development along with the Internet technology; The world has got into cybertimes; Network is not only the platform of people's information interaction, requestor message, amusement and leisure; Also become the platform of commercial activity, state affairs gradually, traditional commercial activity, state affairs utilize this simple and fast carrier of network to accomplish one after another.But the virtual property of network, anarchy property make these activities be in danger, and do not have certain safe practice guarantee, and ecommerce, E-Government just can't develop in a healthy way.Be applied as the basic so just information security technology of PKI technology with digital certificate, its adopts technology such as data encryption, deciphering, digital signature, authentication is that carrying out of ecommerce, E-Government provides safety guarantee.
China had issued Electronic Signature Law in 2004, had affirmed the validity of PKI technology from the angle of law.In recent years; The construction development of Electronic Commerce in China platform, E-government Platform, teleworking platform, electronic entertainment platform rapidly; This makes based on the information security market development of PKI technology swift and violent, and representational incident is exactly the construction and the application at numerous digital certificate authentications center (CA center).That these CA have is zonal, professional is arranged, and the certificate issued amount increases sharply year by year, and the certificate issued amount of many CA has been the growth of year 1000000 orders of magnitude, and this explanation begins high speed development based on the application of digital certificate.Current, be badly in need of product and the solution that digital certificate is used in the society.
Along with the popularization that ecommerce, E-Government are used, the PKI The Application of Technology is more and more important.Can realize the strong identity authentication in the network application through using digital certificate; Can realize in the critical data storage or the encipherment protection in transmitting, to guarantee the confidentiality of data; Crucial business can be done electronic signature, to realize the anti-repudiation of business activity.Intelligent code key as the digital certificate carrier can guarantee the safety that key and certificate are used by hardware mode.
Summary of the invention
Technique effect of the present invention can overcome above-mentioned defective, and a kind of intelligent code key system is provided, and it is easy to use, and security performance is high.
For realizing above-mentioned purpose; The present invention adopts following technical scheme: it comprises safety chip module, transport management module, command analysis module, document management module; Be connected through USB interface between safety chip module and the transport management module; Transport management module is connected with document management module through command analysis module, command analysis module attachment security communication module, and document management module connects authority management module.
Wherein transport management module, command analysis module, document management module have been formed the main flow of command process, and the module that secure communication module, authority management module are respectively corresponding provides functional support.If any module is found mistake and all will be returned corresponding error message in processing.
Transport management module is responsible for the data communication between intelligent code key and the interface equipment, will carry out buffered to the input data in the receiving course, is responsible for the transmission of data in the answering.Intelligent code key (32) uses between USB Mass Storage agreement and the interface equipment and transmits data.Transport management module is after correctly receiving order; At first judgment data whether arrange by protocol compliant; Do not meet and directly to return mistake; Meet and then give next module and handle, wait for returning of next module afterwards, return to interface equipment to the result data that returns by the protocol format of regulation at last.
Command analysis module is done syntactic analysis to every order of outside input; Whether analysis and inspection command parameter be correct; Carry out corresponding functional modules according to the implication of command parameter then; After functional module was finished dealing with, data turned back to command analysis module, sent data to transport management module by this module.If find that parameter is wrong, will directly return error message from this module.If data transmit with the ciphertext mode, then call the secure communication module and carry out corresponding encryption and decryption or checking processing, handle the back data and turn back to command analysis module.This module is responsible for the encryption and decryption of communication data is handled, for command analysis module provides functional support.Order data and response data have four types on transmission means: clear-text way, plaintext verification mode, encrypted test mode and ciphertext verification mode.Except that the data that clear-text way is transmitted, other data are given this resume module by command analysis module, and result data will be given back command analysis module.
Document management module is responsible for operation and the visit to file.Before doing data manipulation, document management module at first obtains the security attribute of file, then the safe condition through authority management module inspection intelligent code key whether with this attributes match, to confirm the feasibility of operation.In a single day the security attribute of file and file structure produce and just are under the control of document management module and authority management module.
The safety chip module adopts SSX20-E model chip.The SSX20-E chip has passed through the security screening of the close office of state.This chip has adopted the homemade high safety kernel Arca2sc of custom-made, adopts 32 risc processors, supports the instruction of 5 level production lines; Changeable frequency; The highest support 96MHz, the support hardware safe access control possesses characteristics such as high throughput, high security, low-power consumption.Intelligent code key is supported the homemade symmetry algorithm of the close office of state approval, meets national relevant regulations, and algorithm can download to SSX20-E chip internal memory block and supply COS to call, and algorithm stores is regional for carrying out, not readable can not writing.
Intelligent code key guarantees that through strict security mechanism under any circumstance the key of storage is not read.Use the FLASH area stores intelligent code key inner core program that encryption logic is arranged in the intelligent code key, prevent illegally to read.Different password grades can be set in the intelligent code key, give different authorities respectively, the realization authority is cut apart, and can realize different managerial classes.After the checking password passes through, could obtain associated rights, data and the key of preserving in the intelligent code key conducted interviews, with the fail safe of data and program in the assurance equipment.
The overall price/performance ratio of intelligent code key is higher, and stronger competitiveness can be arranged on market.The chip operating system of development provides abundant command set, and supports the abstraction layer interface standard that national Password Management office formulates, and this makes this product for the user applicability preferably is provided, the function easy expansion.Abundant high-level interface and application tool also is provided in addition, to satisfy the many-sided application demand of user.
The safety chip module comprises microprocessor, public key algorithm module, randomizer, memory cell, USB device controller, and microprocessor is connected with public key algorithm module, randomizer, memory cell, USB device controller respectively; The safety chip module is connected with USB interface through the USB device controller.Pass through clear-text way or plaintext verification mode or encrypted test mode or ciphertext verification mode transmission data between command analysis module and the secure communication module.
Microprocessor has adopted the CPU nuclear Arca2sc of the high safety of custom-made, and 32 RISC has 5 level production lines, changeable frequency, the highest 96MHz that is operated in of dominant frequency; Possess high-performance CACHE, comprise 1K byte instruction CACHE and 1K byte data CACHE; Possess storage administration and protected location (MMU).
Memory cell, 256K FLASH is used for program, function library and the storage of incremental data seldom, and page-size is the 1K byte, minimum erasable number of times 100,000 times, minimum 100 years of data holding time under the room temperature; The ram space size is 8KB.The EEPROM of 32KB is used for data and procedure stores, can carry out that byte/word/multibyte is read, wiped, write operation, minimum erasable number of times 300,000 times, minimum 100 years of data holding time under the room temperature.
The public key algorithm module has realized that the necessary mould of RSA public key algorithm is taken advantage of, Montgomery Algorithm.Support that the 128-1024bit mould is taken advantage of, Montgomery Algorithm, support ahb bus and operation core doubleclocking, the operation core clock can be 1,2,4 times of ahb bus clock; The highest 96MHz; Calculating 1024 mould power max calculation speed is 75 times/second 96MHZ dominant frequency, and the ahb bus interface is supported interrupt mode.
Randomizer, the randomizer that the safety chip inside modules is integrated 1 32 is used for the generation of random key, and the randomizer module is by control register RNGCTRL, data register RNGDATA, control circuit and analog circuit rng-ip form.Analog circuit rng-ip forms the non-linear RC vibration of employing to produce the clock of on-fixed frequency; The initial value of generator is indefinite; Random generator work is set through random number control register RNGCTRL and is started, and the random number of generation is kept at data register RNGDATA.
The USB device controller, the safety chip inside modules is integrated USB device controller provides the interface between USB function device and the usb host.Compatible USB1.1 agreement, the transmission rate of support full rate (12Mbps), support hardware is handled the part of standards request among the USB Specification; Support suspension/recovery and far-end wakeup logic; Support a configured port and two interfaces with a replaceable setting; Support 4 physical endpoint (end points 0,1,2,3) and 5 logical endpoints (IN end points 0,1,3, OUT end points 0,2); Support control transmission, bulk transfer and interruption transmission.
Intelligent code key adopts the chip operating system of independent development; Realize file system structure in the sheet in strict accordance with relevant criterion; Support various file formats such as binary file, log file, secure file, RSA file; And the COS handling process carried out effective optimization, the safety encipher service of data management efficiently comprehensively and different levels can be provided for the user.Intelligent code key (32) has adopted the USB interface of standard, can be used in the environment of any support usb communication, cooperates abundant high-level interface in addition, and intelligent code key can be supported multiple application easily, realizes that really an intelligent code key uses more.
Description of drawings
Fig. 1 is a module diagram of the present invention;
Fig. 2 is the module diagram of safety chip module of the present invention.
Embodiment
Native system comprises safety chip module, transport management module, command analysis module, document management module; Be connected through USB interface between safety chip module and the transport management module; Transport management module is connected with document management module through command analysis module; Command analysis module attachment security communication module, document management module connects authority management module.
The safety chip module adopts SSX20-E model chip.The safety chip module comprises microprocessor, public key algorithm module, randomizer, memory cell, USB device controller, and microprocessor is connected with public key algorithm module, randomizer, memory cell, USB device controller respectively; The safety chip module is connected with USB interface through the USB device controller.Pass through clear-text way or plaintext verification mode or encrypted test mode or ciphertext verification mode transmission data between command analysis module and the secure communication module.
The workflow of native system is following:
1. the safety chip module of intelligent code key is after powering on, and the COS system that brings into operation carries out initialization operation by COS to each parts.
2. after initialization was accomplished, COS got into transport management module, waited for receiving director data.When the interface equipment transmit operation was instructed, transport management module can receive director data, and whether the judgment data form meets communication protocol afterwards, if meet and then do not return mistake, met and then gave command analysis module with data and handle.
3. whether command analysis module parsing command code and parameter be correct, correctly then data consigned to document management module, the incorrect mistake of then returning.If instruction ciphertext pattern is then called the secure communication module earlier data are handled, result consigns to document management module after turning back to command analysis module again.
4. mainly be to call the corresponding processing module according to concrete command code at document management module, as creating file, reading file operation such as binary file, can action need call the authority management module decision operation and carry out.The result of each processing module (comprising the mistake of returning) turns back to transport management module via command analysis module, if return data ciphertext load mode is then at first called the secure communication module and handled.
5. the result of returning is assembled by transport management module again, to meet transmission format protocol, sends reply data afterwards and gives interface equipment.So far accomplished the processing of an instruction, system turns back to and waits for the reception command status subsequently, begins another time cycle of treatment.
, the mistake of transport management module and command analysis module generation returns to interface equipment after also all being to be assembled by transport management module.
Claims (4)
1. intelligent code key system; It is characterized in that; Comprise safety chip module, transport management module, command analysis module, document management module, be connected through USB interface between safety chip module and the transport management module that transport management module is connected with document management module through command analysis module; Command analysis module attachment security communication module, document management module connects authority management module.
2. intelligent code key according to claim 1 system is characterized in that, the safety chip module adopts SSX20-E model chip.
3. intelligent code key according to claim 2 system; It is characterized in that; The safety chip module comprises microprocessor, public key algorithm module, randomizer, memory cell, USB device controller, and microprocessor is connected with public key algorithm module, randomizer, memory cell, USB device controller respectively; The safety chip module is connected with USB interface through the USB device controller.
4. intelligent code key according to claim 1 system is characterized in that, between command analysis module and the secure communication module through clear-text way or expressly verification mode or encrypted test mode or ciphertext verification mode transmission data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010257893XA CN102377567A (en) | 2010-08-17 | 2010-08-17 | Intelligent key system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010257893XA CN102377567A (en) | 2010-08-17 | 2010-08-17 | Intelligent key system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102377567A true CN102377567A (en) | 2012-03-14 |
Family
ID=45795593
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010257893XA Pending CN102377567A (en) | 2010-08-17 | 2010-08-17 | Intelligent key system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102377567A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105138891A (en) * | 2015-07-30 | 2015-12-09 | 山东超越数控电子有限公司 | USBKey based drive-free encryption and decryption certification communication circuit and method |
| CN105337731A (en) * | 2015-11-24 | 2016-02-17 | 北京三未信安科技发展有限公司 | Improvement of code equipment and data synchronizing method and system after improvement |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101394411A (en) * | 2008-11-12 | 2009-03-25 | 北京飞天诚信科技有限公司 | Safe packet transmission system and method |
| CN101587519A (en) * | 2008-05-21 | 2009-11-25 | 北京飞天诚信科技有限公司 | System and method for realizing multifunctional information security device |
| US20100049875A1 (en) * | 2008-08-19 | 2010-02-25 | Feitian Technologies Co., Ltd. | Method for time source calibration and system thereof |
| CN101676925A (en) * | 2008-09-16 | 2010-03-24 | 联想(北京)有限公司 | Computer system and method of setting authentication information in security chip |
-
2010
- 2010-08-17 CN CN201010257893XA patent/CN102377567A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101587519A (en) * | 2008-05-21 | 2009-11-25 | 北京飞天诚信科技有限公司 | System and method for realizing multifunctional information security device |
| US20100049875A1 (en) * | 2008-08-19 | 2010-02-25 | Feitian Technologies Co., Ltd. | Method for time source calibration and system thereof |
| CN101676925A (en) * | 2008-09-16 | 2010-03-24 | 联想(北京)有限公司 | Computer system and method of setting authentication information in security chip |
| CN101394411A (en) * | 2008-11-12 | 2009-03-25 | 北京飞天诚信科技有限公司 | Safe packet transmission system and method |
Non-Patent Citations (1)
| Title |
|---|
| 汤荣生: "基于PKI_ECC的USBKEY的研究与设计实现", 《中国优秀硕士学位论文数据库信息科技辑》, 30 November 2008 (2008-11-30) * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105138891A (en) * | 2015-07-30 | 2015-12-09 | 山东超越数控电子有限公司 | USBKey based drive-free encryption and decryption certification communication circuit and method |
| CN105138891B (en) * | 2015-07-30 | 2018-02-23 | 山东超越数控电子股份有限公司 | It is a kind of based on USBKey without driving encryption and decryption certification telecommunication circuit and method |
| CN105337731A (en) * | 2015-11-24 | 2016-02-17 | 北京三未信安科技发展有限公司 | Improvement of code equipment and data synchronizing method and system after improvement |
| CN105337731B (en) * | 2015-11-24 | 2018-02-09 | 北京三未信安科技发展有限公司 | Method of data synchronization and system after a kind of improvement of encryption device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104202161B (en) | A kind of SoC crypto chips | |
| CN105027136B (en) | Safe key for integrated circuit derives and cryptologic | |
| CN101854243B (en) | Circuit system design encryption circuit and encryption method thereof | |
| CN1878055B (en) | Separation type mass data encryption/decryption device and implementing method therefor | |
| CN201054140Y (en) | Information security control chip | |
| CN100454321C (en) | USB device with data memory and intelligent secret key and control method thereof | |
| CN102571348B (en) | Ethernet encryption and authentication system and encryption and authentication method | |
| CN108345806A (en) | A kind of hardware encryption card and encryption method | |
| CN104160652A (en) | Method and system for distributed off-line logon using one-time passwords | |
| US9152576B2 (en) | Mode-based secure microcontroller | |
| CN102663326A (en) | SoC-used data security encryption module | |
| CN101561751A (en) | USB encryption and decryption bridging chip | |
| CN104834873A (en) | U disk for cloud data information encryption and decryption, and realization method | |
| CN103902402A (en) | Radio frequency tag safety chip device and data processing method thereof | |
| CN106933764A (en) | A kind of credible password module and its method of work based on domestic TCM chips | |
| CN104951688A (en) | Special data encryption method and encryption card suitable for Xen virtualized environment | |
| CN109977702A (en) | A kind of FPGA device encrypted authentication system and method based on DS2432 chip | |
| CN103427989A (en) | Data encryption and identity authentication method oriented in environment of internet of things | |
| CN204669402U (en) | A kind of cloud data message encrypting and decrypting system based on USB flash disk | |
| RU2009131703A (en) | SINGLE-CRYST COMPUTER AND TACHOGRAPH | |
| CN110321725A (en) | A kind of method and device for preventing from distorting system data and clock | |
| CN102377567A (en) | Intelligent key system | |
| CN201051744Y (en) | A secure encryption network card device | |
| CN201804336U (en) | Intelligence password key system | |
| CN1808457B (en) | Portable trusted device for remote dynamic management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120314 |