CN102662874A - Double-interface encryption memory card and management method and system of data in double-interface encryption memory card - Google Patents
Double-interface encryption memory card and management method and system of data in double-interface encryption memory card Download PDFInfo
- Publication number
- CN102662874A CN102662874A CN2012101000334A CN201210100033A CN102662874A CN 102662874 A CN102662874 A CN 102662874A CN 2012101000334 A CN2012101000334 A CN 2012101000334A CN 201210100033 A CN201210100033 A CN 201210100033A CN 102662874 A CN102662874 A CN 102662874A
- Authority
- CN
- China
- Prior art keywords
- interfaces
- key
- encrypted
- radio frequency
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a double-interface encryption memory card with a USB (universal serial bus) interface and a RFID (radio-frequency identification) interface, and a management method and system of data in the double-interface encryption memory card. The management method comprises the steps that the USB interface is used for connecting with a PC (personal computer) to carry out data reading/writing, and the RFID interface is used for receiving and sending radio-frequency signal, and receiving a security command from the radio-frequency signal; the data in the card is stored after encryption; in an initialization stage, the double-interface encryption memory card generates a data key and stores the data key; in a use state, the data key in the double-interface encryption memory card is in a null state, when a first radio-frequency reading/writing device is activated in a used area, the data key is in a usable state, and the data key is used for encrypting and decrypting the data and completing the reading/writing operation; and in a destroy stage, when the double-interface encryption memory card enters a destroy area, the destroy command sent by a second radio-frequency reading/writing device is received and executed so as to destroy the stored data key. By the adoption of the scheme disclosed by the invention, the data security and data transmission speed are improved.
Description
Technical field
The present invention relates to data processing technique, particularly the data managing method in the storage card is encrypted at a kind of pair of interface encryption storage card, a kind of pair of interface, and the data management system in the storage card is encrypted at a kind of pair of interface.
Background technology
In the prior art; Utilize portable memory apparatus such as USB flash disk to come to carry out quickly and easily data transfer through regular meeting; Along with the raising and technological continuous development of user to the data security requirement, lose the leakage of back user data in order to prevent USB flash disk, occurred several kinds to Data Protection method in the USB flash disk.
1) software cryptography: itself does not have encryption function USB flash disk, through the encryption software on the personal computer (PC, Personal Computer) data is encrypted, and then data encrypted is stored on the USB flash disk.
2) file hiding USB flash disk: file is a hidden file in the USB flash disk, after the user passes through password authentication, and the ability reading and writing of files; Just can carry out read-write operation to the file in the USB flash disk as long as know password, in fact the data of storing in the USB flash disk not encrypted, data are to store with form expressly.
3) hardware encipher USB flash disk: AES and ciphering process are solidificated in the steering logic of USB flash disk, and the cryptographic operation of data is accomplished in USB flash disk, need not carry out extra encryption and decryption operation at the PC end; Similar with the file hiding USB flash disk, the encryption and decryption process all needs the user to import correct password; But different with the file hiding USB flash disk, the data in the hardware encipher USB flash disk are to store with the form of ciphertext.
4) double-interface card is another kind of common mobile memory medium; Be the smart card that integrates contact and non-contact interface, have two operation interfaces, can be to the visit of chip through the contact of contact; Also can conduct interviews with RF-wise through separated by a distance; Different standards is followed at two interfaces respectively, and wherein, contact interface is followed ISO/IEC 7816 standards; ISO/IEC 14443 standards are followed at the noncontact interface, can carry out identical operations through contact interface and noncontact interface, the identical data district on the access card.
But all can there be certain problem in above-mentioned modes in practical application, as:
For mode 1) therefore not too convenient for the user owing to need carry out extra cryptographic operation to data, in case the user forgets data is encrypted that when USB flash disk was lost, data wherein will be revealed so;
For mode 2), data wherein are to store with form expressly, and like this, in a single day USB flash disk is lost, and will there be the risk of leakage in data wherein;
For mode 3), though data wherein store with the form of ciphertext, can prevent USB flash disk lose after wherein data leak, can not prevent the premeditated data of leaking wherein of user rights of using, that know password;
For mode 4); Integrated circuit (IC is adopted in the contact communication of double-interface card; Integrate Circuit) therefore card can cause data rate very slow, is not suitable for storing mass data; And the transfer rate of non-contact interface also is nothing like the speed of USB (USB, Universal Serial Bus) interface.
Summary of the invention
In view of this, the invention provides that storage card is encrypted at a kind of pair of interface, the data managing method in the storage card is encrypted at a kind of pair of interface, and a kind of pair of interface encrypt the data management system in the storage card, can improve safety of data and data rate.
For achieving the above object, technical scheme of the present invention is achieved in that
The data managing method in the storage card is encrypted at a kind of pair of interface; Two interfaces are encrypted storage card and are had two interfaces: general-purpose serial bus USB interface and radio frequency discrimination RFID interface; USB interface is used for linking to each other with personal computer PC and carries out reading and writing data; The RFID interface is used for receiving and sending radiofrequency signal, from radiofrequency signal, receives security command; Store after encrypting the data encryption in the storage card at two interfaces;
Initial phase, two interfaces are encrypted storage card and are linked to each other with initialization apparatus, under the control of initialization apparatus, accomplish initialization, generate data key, store;
After operational phase, two interfaces encryption storage cards linked to each other through the PC in USB interface and the use zone, data key was in disarmed state; When receiving read request from USB interface or write request; Carry out the identity discriminating through the RFID interface with using the first radio frequency read-write equipment in the zone; After discriminating is passed through, receive and carry out the activation command that the first radio frequency read-write equipment sends, execute activation command after; Data key is in upstate, utilizes the data key encryption and decryption data and accomplishes read operation or write operation;
The destruction stage; When two interfaces encryption storage cards enter into the destruction zone, carry out the identity discriminating through RFID interface and the second radio frequency read-write equipment of destroying in the zone, after discriminating is passed through; Receive and carry out the destroy command that the second radio frequency read-write equipment sends, destroy the data key of being stored.
Storage card is encrypted at a kind of pair of interface, comprising: safe central processing unit CPU, read-write control CPU, radio frequency discrimination RFID interface, general-purpose serial bus USB interface, data storage area, key memory block;
The key memory block is used to store data key;
The data storage area is used for storage and uses the data key data encrypted;
CPU is controlled in read-write, is used to control the reading and writing data of USB interface, and the data key that provides according to safety CPU deposits data encrypted in data storage area, and the data after maybe will deciphering send to USB interface;
Safe CPU is used for encrypting storage cards when two interfaces and is positioned at and uses the zone, when USB interface receives read request or writes request; Carry out the identity discriminating through the RFID interface with using the first radio frequency read-write equipment in the zone; After discriminating is passed through, receive and carry out the activation command that the first radio frequency read-write equipment sends, execute activation command after; The access key memory block, CPU provides data key for read-write control; When two interfaces encryption storage cards enter into the destruction zone; Carry out the identity discriminating through RFID interface and the second radio frequency read-write equipment of destroying in the zone; After discriminating is passed through, receive and carry out the destroy command that the second radio frequency read-write equipment sends, destroy the data key in the key memory block.
The data management system in the storage card is encrypted at a kind of pair of interface, comprising: storage card, the first radio frequency read-write equipment and the second radio frequency read-write equipment are encrypted in initialization apparatus, personal computer PC, two interface;
Wherein, the first radio frequency read-write equipment is arranged in and uses zone, the second radio frequency read-write equipment to be arranged in the destruction zone;
Two interfaces are encrypted storage card and are had two interfaces: general-purpose serial bus USB interface and radio frequency discrimination RFID interface; USB interface is used for linking to each other with PC and carries out reading and writing data; The RFID interface is used for receiving and sending radiofrequency signal; From radiofrequency signal, receive security command, store after encrypting the data encryption in the storage card at two interfaces;
Initialization apparatus is used for that storage card is encrypted at two interfaces and carries out initialization;
Storage card is encrypted at two interfaces, is used at initial phase, links to each other with initialization apparatus, under the control of initialization apparatus, accomplishes initialization, generates data key, stores; In operational phase, link to each other with PC in using the zone through USB interface, data key is in disarmed state; When receiving read request from USB interface or write request, carry out identity through the RFID interface and the first radio frequency read-write equipment and differentiate, after discriminating is passed through; Receive and carry out the activation command that the first radio frequency read-write equipment sends; After executing activation command, data key is in upstate, utilizes the data key encryption and decryption data and accomplishes read operation or write operation; In the destruction stage, when entering into the destruction zone, carry out identity through the RFID interface and the second radio frequency read-write equipment and differentiate, after discriminating is passed through, receive and carry out the destroy command that the second radio frequency read-write equipment sends, destroy the data key of being stored;
The first radio frequency read-write equipment is used for encrypting storage card with two interfaces and carries out the identity discriminating, after discriminating is passed through, encrypts storage card to two interfaces and sends activation command;
The second radio frequency read-write equipment is used for encrypting storage card with two interfaces and carries out the identity discriminating, after discriminating is passed through, encrypts storage card to two interfaces and sends destroy command.
It is thus clear that; Adopt scheme according to the invention; Encrypt storage card when two interfaces and be arranged in the use zone; In the time of need carrying out read operation or write operation to data wherein, have only the first radio frequency read-write equipment in being used the zone to activate after, could utilize the data key of being stored to accomplish corresponding read operation or write operation; Encrypt storage card when two interfaces and leave the use zone; Enter into when destroying the zone; Data key in blocking will be destroyed, and can't carry out read operation or write operation again thereby make two interfaces encrypt storage cards, and then has guaranteed that two interfaces encryption storage cards can only use in using the zone; Prevent data disclosure effectively, improved safety of data; In addition, can storage card be encrypted at two interfaces and linked to each other with PC, thereby realize high-speed data transmission through USB interface.
Description of drawings
Fig. 1 encrypts the process flow diagram of the data managing method embodiment in the storage card for the two interfaces of the present invention.
Fig. 2 encrypts the composition structural representation of the data management system embodiment in the storage card for the two interfaces of the present invention.
Fig. 3 encrypts the composition structural representation of storage card embodiment for the two interfaces of the present invention.
Fig. 4 encrypts the composition structural representation of storage card preferred embodiment for the two interfaces of the present invention.
Embodiment
To the problem that exists in the prior art, provide a kind of pair of interface to encrypt storage card and wherein data managing method and system among the present invention.Encrypt on the storage card at two interfaces possesses two interfaces simultaneously; Be respectively USB interface and RF identification (RFID; Radio Frequency Identification) interface, USB interface are used for linking to each other with PC and carry out reading and writing data, and the RFID interface is used for receiving and sending radiofrequency signal; From radiofrequency signal, receive security command, store after the data encryption in the card.
For make technical scheme of the present invention clearer, understand, below with reference to the accompanying drawing embodiment that develops simultaneously, the present invention program is done to specify further.
Fig. 1 encrypts the process flow diagram of the data managing method embodiment in the storage card for the two interfaces of the present invention.As shown in Figure 1, may further comprise the steps:
Step 11: initial phase, two interfaces are encrypted storage card and are linked to each other with initialization apparatus, under the control of initialization apparatus, accomplish initialization, generate data key, store.
At initial phase, the two interfaces of initialization apparatus control are encrypted storage cards and are generated data keys, so that follow-up data are carried out the encryption and decryption operation, how to be generated as prior art, repeat no more.Wherein, two interfaces are encrypted storage card and can be linked to each other with initialization apparatus through USB interface, also can link to each other with initialization apparatus through the RFID interface.
In addition; Initialization apparatus also need obtain two interfaces and encrypt the unique RFID sign that presets in the storage card; Initialization apparatus is encrypted the RFID sign that gets access to the overall root key that presets; With the result after encrypting as the communicator key, two interfaces encrypt storage cards can be from initialization apparatus obtaining communication sub-key and storing, the AES that initialization apparatus adopts can be common password algorithms such as AES, DES.
After initialization was accomplished, two interfaces were encrypted storage card and are got into lock-out state.
Step 12: after operational phase, two interfaces encryption storage cards linked to each other through the PC in USB interface and the use zone, data key was in disarmed state; When receiving read request from USB interface or write request; Carry out the identity discriminating through the RFID interface with using the first radio frequency read-write equipment in the zone; After discriminating is passed through, receive and carry out the activation command that the first radio frequency read-write equipment sends, execute activation command after; Data key is in upstate, utilizes the data key encryption and decryption data and accomplishes read operation or write operation.
When two interfaces encryption storage cards receive read request at every turn or write request, carry out identity with the first radio frequency read-write equipment earlier and differentiate, after discriminating is passed through, receive and carry out the activation command that the first radio frequency read-write equipment sends, the concrete realization can be:
Two interfaces are encrypted storage card and are generated a challenge random number, utilize the communicator key that the challenge random number is encrypted, and encrypted result and unencrypted RFID sign are sent to the first radio frequency read-write equipment;
The overall root key that the first radio frequency read-write equipment utilization is preset is encrypted the RFID sign that receives, and obtains the communicator key, and utilizes the communicator key that the encrypted result that receives is deciphered;
The first radio frequency read-write equipment utilize challenge random number that communicator secret key encryption deciphering obtains, activation command, verification and, encrypted result is sent to two interfaces encrypts storage cards, verification and the challenge random number and activation command calculating generation that obtain with deciphering;
Two interfaces are encrypted storage card and are utilized the communicator key that the encrypted result that receives is deciphered; Relatively whether the challenge random number that obtains of deciphering consistent with the challenge random number of sending before, if, then calculation check and; If verification is then carried out activation command with correct.
Wherein, AES can be algorithms most in use such as AES, DES, and can adopt HMAC-MD5 or HMAC-SHA1 scheduling algorithm come calculation check with.
After two interfaces are encrypted storage cards and are activated, it will get into state of activation, only be in could use data key that data are carried out encryption and decryption after the state of activation to operate, and then the realization read-write operation.
When a read operation of every completion or write operation, storage cards are encrypted at two interfaces will revert to lock-out state, if follow-uply also will carry out read operation or write operation, then need to activate again.
Step 13: destruction stage; When two interfaces encryption storage cards enter into the destruction zone; Carry out the identity discriminating through RFID interface and the second radio frequency read-write equipment of destroying in the zone; After discriminating is passed through, receive and carry out the destroy command that the second radio frequency read-write equipment sends, destroy the data key of being stored.
Storage card is encrypted at two interfaces and the second radio frequency read-write equipment carries out the identity discriminating, and after discriminating was passed through, the concrete realization that receives and carry out the destroy command of second radio frequency read-write equipment transmission can be:
Two interfaces are encrypted storage card and are generated a challenge random number, utilize the communicator key that the challenge random number is encrypted, and encrypted result and unencrypted RFID sign are sent to the second radio frequency read-write equipment;
The overall root key that the second radio frequency read-write equipment utilization is preset is encrypted the RFID sign that receives, and obtains the communicator key, and utilizes the communicator key that the encrypted result that receives is deciphered;
The second radio frequency read-write equipment utilize challenge random number that communicator secret key encryption deciphering obtains, destroy command, verification and, encrypted result is sent to two interfaces encrypts storage cards, verification and the challenge random number and destroy command calculating generation that obtain with deciphering;
Two interfaces are encrypted storage card and are utilized the communicator key that the encrypted result that receives is deciphered; Relatively whether the challenge random number that obtains of deciphering consistent with the challenge random number of sending before, if, then calculation check and; If verification is with correct; Then carry out destroy command, destroy the data key of being stored, and destroy institute's communication stored sub-key.
Owing to there is not key to exist, storage card is encrypted at therefore two interfaces can not carry out data read-write operation again, thereby guarantee the safety of data in the card.
In the said process, all preset overall root key in initialization apparatus, the first radio frequency read-write equipment, the second radio frequency read-write equipment, and used identical AES that the RFID sign of two interfaces encryption storage cards is encrypted, obtained the communicator key.
Need to prove, in actual applications, also a warning region can be set further, be provided with one the 3rd radio frequency read-write equipment in the warning region, usually, be introduced into warning region, get into again afterwards and destroy the zone.
If the 3rd radio frequency read-write equipment then sends alarm command to warning device after listening to the RFID sign of the two interfaces encryption storage cards in any entering warning region, warning device is carried out alarm command.The concrete mode that warning device is reported to the police can be: audible alarm, light warning or other form.
Fig. 2 encrypts the composition structural representation of the data management system embodiment in the storage card for the two interfaces of the present invention.As shown in Figure 2, comprising: storage card, the first radio frequency read-write equipment and the second radio frequency read-write equipment are encrypted in initialization apparatus, PC, two interface;
Wherein, the first radio frequency read-write equipment is arranged in and uses zone, the second radio frequency read-write equipment to be arranged in the destruction zone;
Two interfaces are encrypted storage card and are had two interfaces: USB interface and RFID interface; USB interface is used for linking to each other with PC and carries out reading and writing data; The RFID interface is used for receiving and sending radiofrequency signal, from radiofrequency signal, receives security command, and store after encrypting the data encryption in the storage card at two interfaces;
Initialization apparatus is used for that storage card is encrypted at two interfaces and carries out initialization;
Storage card is encrypted at two interfaces, is used at initial phase, links to each other with initialization apparatus, under the control of initialization apparatus, accomplishes initialization, generates data key, stores; In operational phase, link to each other with PC in using the zone through USB interface, data key is in disarmed state; When receiving read request from USB interface or write request, carry out identity through the RFID interface and the first radio frequency read-write equipment and differentiate, after discriminating is passed through; Receive and carry out the activation command that the first radio frequency read-write equipment sends; After executing activation command, data key is in upstate, utilizes the data key encryption and decryption data and accomplishes read operation or write operation; In the destruction stage, when entering into the destruction zone, carry out identity through the RFID interface and the second radio frequency read-write equipment and differentiate, after discriminating is passed through, receive and carry out the destroy command that the second radio frequency read-write equipment sends, destroy the data key of being stored;
The first radio frequency read-write equipment is used for encrypting storage card with two interfaces and carries out the identity discriminating, after discriminating is passed through, encrypts storage card to two interfaces and sends activation command;
The second radio frequency read-write equipment is used for encrypting storage card with two interfaces and carries out the identity discriminating, after discriminating is passed through, encrypts storage card to two interfaces and sends destroy command.
Initialization apparatus can be further used for, and initial phase obtains its RFID that presets sign, and utilizes the overall root key that self presets to encrypt the RFID sign from two interfaces encryption storage cards, and encrypted result is the communicator key;
Correspondingly, two interfaces are encrypted storage card and can be further used for, obtaining communication sub-key from initialization apparatus, and store;
When receiving read request from USB interface or write request, two interfaces are encrypted storage card and are generated a challenge random number, utilize the communicator key that the challenge random number is encrypted, and encrypted result and unencrypted RFID sign are sent to the first radio frequency read-write equipment; The overall root key that the first radio frequency read-write equipment utilization is preset is encrypted the RFID sign that receives, and obtains the communicator key, and utilizes the communicator key that the encrypted result that receives is deciphered; The first radio frequency read-write equipment utilize challenge random number that communicator secret key encryption deciphering obtains, activation command, verification and, encrypted result is sent to two interfaces encrypts storage cards, verification and the challenge random number and activation command calculating generation that obtain with deciphering; Two interfaces are encrypted storage card and are utilized the communicator key that the encrypted result that receives is deciphered; Relatively whether the challenge random number that obtains of deciphering consistent with the challenge random number of sending before, if, then calculation check and; If verification is then carried out activation command with correct;
When two interfaces encryption storage cards enter into the destruction zone, generate a challenge random number, utilize the communicator key that the challenge random number is encrypted, and encrypted result and unencrypted RFID sign are sent to the second radio frequency read-write equipment; The overall root key that the second radio frequency read-write equipment utilization is preset is encrypted the RFID sign that receives, and obtains the communicator key, and utilizes the communicator key that the encrypted result that receives is deciphered; The second radio frequency read-write equipment utilize challenge random number that communicator secret key encryption deciphering obtains, destroy command, verification and, encrypted result is sent to two interfaces encrypts storage cards, verification and the challenge random number and destroy command calculating generation that obtain with deciphering; Two interfaces are encrypted storage card and are utilized the communicator key that the encrypted result that receives is deciphered; Relatively whether the challenge random number that obtains of deciphering consistent with the challenge random number of sending before, if, then calculation check and; If verification is then carried out destroy command with correct.
In addition, also can further comprise in the system shown in Figure 2: the 3rd radio frequency read-write equipment that is arranged in warning region;
The 3rd radio frequency read-write equipment is used for encrypting storage cards when two interfaces and enters into warning region, listens to after two interfaces encrypt the RFID sign of storage cards, sends alarm command to warning device.
When specifically realizing, can be provided with a plurality of uses zone, warning region and destruction zone,, can not re-use in case leave Administrative Area to guarantee that two interfaces encryption storage cards can only be available in Administrative Area.
Fig. 3 encrypts the composition structural representation of storage card embodiment for the two interfaces of the present invention.As shown in Figure 3, comprising: safe CPU (CPU, Central Processing Unit), read-write control CPU, RFID interface, USB interface, data storage area, key memory block.
Wherein, the key memory block is used to store data key;
The data storage area is used for storage and uses the data key data encrypted;
CPU is controlled in read-write, is used to control the reading and writing data of USB interface, and the data key that provides according to safety CPU deposits data encrypted in data storage area, and the data after maybe will deciphering send to USB interface;
Safe CPU is used for encrypting storage cards when two interfaces and is positioned at and uses the zone, when USB interface receives read request or writes request; Carry out the identity discriminating through the RFID interface with using the first radio frequency read-write equipment in the zone; After discriminating is passed through, receive and carry out the activation command that the first radio frequency read-write equipment sends, execute activation command after; The access key memory block, CPU provides data key for read-write control; When two interfaces encryption storage cards enter into the destruction zone; Carry out the identity discriminating through RFID interface and the second radio frequency read-write equipment of destroying in the zone; After discriminating is passed through, receive and carry out the destroy command that the second radio frequency read-write equipment sends, destroy the data key in the key memory block.
Physically, safe CPU can be same CPU or two different CPU with read-write control CPU.
When safety CPU and read-write control CPU are two different CPU, link to each other through bus between them.
In practical application; Safe CPU can adopt the SLE 66CLX800PE chip of company of Infineon to realize; SLE 66CLX800PE chip has contactless near field communication interface and supports ISO 7816 agreements; Can realize AESs such as DES, 3DES, RSA, ECC, therefore, this chip can be realized the integrated of safe CPU, key memory block and RFID interface.For example; SLE 66CLX800PE chip can use the 3DES algorithm to utilize root key that communicating by letter between storage cards and all radio frequency read-write equipments encrypted at two interfaces and protect; Simultaneously, SLE 66CLX800PE chip has solid-state FLASH storage space, can be used as the key memory block.
Read-write control CPU can adopt the ST7267 chip of STMicw Electronics to realize, the ST7267 chip has USB 2.0 interfaces and Embedded 8bit CPU, supports to connect polytype mass-memory unit, and supports to carry out correspondence with foreign country through ISO 7816 agreements.
The data storage area can adopt the NAND Flash K9MDG08U5M chip of Samsung to realize, supports the storage of 128G high capacity.
Fig. 4 encrypts the composition structural representation of storage card preferred embodiment for the two interfaces of the present invention.Adopt ISO 7816 agreements to communicate between SLE66CLX800PE chip and the ST7267 chip; CPU in the ST7267 chip can realize multiple enciphering and deciphering algorithm; So that the data in the K9MDG08U5M chip are carried out encryption and decryption, key required when carrying out encryption and decryption can be through obtaining with communicating by letter of SLE 66CLX800PE chip.
In addition, the first radio frequency read-write equipment need be supported 13.56MHz frequency and ISO 15693 agreements, is responsible for sending activation command, has only after two interfaces encryption storage cards are activated, and the ST7267 chip could obtain data key and carry out the encryption and decryption operation; The second radio frequency read-write equipment need be supported 13.56MHz frequency and ISO 15693 agreements equally; Be responsible for sending destroy command; Correspondingly; SLE 66CLX800PE chip can be from solid-state Flash storage space deleted data key and root key, like this, the encrypt data in the K9MDG08U5M chip can not be deciphered again.
More than be merely preferred embodiment of the present invention, or not all within spirit of the present invention and principle in order to restriction the present invention, any modification of being made, be equal to replacement, improvement etc., all should be included within the scope that the present invention protects.
Claims (8)
1. the data managing method in the storage card is encrypted at two interfaces; It is characterized in that; Two interfaces are encrypted storage card and are had two interfaces: general-purpose serial bus USB interface and radio frequency discrimination RFID interface; USB interface is used for linking to each other with personal computer PC and carries out reading and writing data, and the RFID interface is used for receiving and sending radiofrequency signal, from radiofrequency signal, receives security command; Store after encrypting the data encryption in the storage card at two interfaces;
Initial phase, two interfaces are encrypted storage card and are linked to each other with initialization apparatus, under the control of initialization apparatus, accomplish initialization, generate data key, store;
After operational phase, two interfaces encryption storage cards linked to each other through the PC in USB interface and the use zone, data key was in disarmed state; When receiving read request from USB interface or write request; Carry out the identity discriminating through the RFID interface with using the first radio frequency read-write equipment in the zone; After discriminating is passed through, receive and carry out the activation command that the first radio frequency read-write equipment sends, execute activation command after; Data key is in upstate, utilizes the data key encryption and decryption data and accomplishes read operation or write operation;
The destruction stage; When two interfaces encryption storage cards enter into the destruction zone, carry out the identity discriminating through RFID interface and the second radio frequency read-write equipment of destroying in the zone, after discriminating is passed through; Receive and carry out the destroy command that the second radio frequency read-write equipment sends, destroy the data key of being stored.
2. method according to claim 1 is characterized in that,
This method further comprises: initial phase, initialization apparatus are encrypted from two interfaces and are obtained its RFID that presets sign the storage card, and utilize the overall root key that self presets to encrypt the RFID sign, and encrypted result is the communicator key; Storage cards obtaining communication sub-key and storing from initialization apparatus is encrypted at two interfaces;
The said pair of interface encrypted storage card and carried out identity with the first radio frequency read-write equipment and differentiate, differentiate pass through after, the activation command that receives and carry out the transmission of the first radio frequency read-write equipment comprises:
Two interfaces are encrypted storage card and are generated a challenge random number, utilize the communicator key that the challenge random number is encrypted, and encrypted result and unencrypted RFID sign are sent to the first radio frequency read-write equipment;
The overall root key that the first radio frequency read-write equipment utilization is preset is encrypted the RFID sign that receives, and obtains the communicator key, and utilizes the communicator key that the encrypted result that receives is deciphered;
The first radio frequency read-write equipment utilize challenge random number that communicator secret key encryption deciphering obtains, activation command, verification and, encrypted result is sent to two interfaces encrypts storage cards, verification and the challenge random number and activation command calculating generation that obtain with deciphering;
Two interfaces are encrypted storage card and are utilized the communicator key that the encrypted result that receives is deciphered; Relatively whether the challenge random number that obtains of deciphering consistent with the challenge random number of sending before, if, then calculation check and; If verification is then carried out activation command with correct;
The said pair of interface encrypted storage card and carried out identity with the second radio frequency read-write equipment and differentiate, differentiate pass through after, the destroy command that receives and carry out the transmission of the second radio frequency read-write equipment comprises:
Two interfaces are encrypted storage card and are generated a challenge random number, utilize the communicator key that the challenge random number is encrypted, and encrypted result and unencrypted RFID sign are sent to the second radio frequency read-write equipment;
The overall root key that the second radio frequency read-write equipment utilization is preset is encrypted the RFID sign that receives, and obtains the communicator key, and utilizes the communicator key that the encrypted result that receives is deciphered;
The second radio frequency read-write equipment utilize challenge random number that communicator secret key encryption deciphering obtains, destroy command, verification and, encrypted result is sent to two interfaces encrypts storage cards, verification and the challenge random number and destroy command calculating generation that obtain with deciphering;
Two interfaces are encrypted storage card and are utilized the communicator key that the encrypted result that receives is deciphered; Relatively whether the challenge random number that obtains of deciphering consistent with the challenge random number of sending before, if, then calculation check and; If verification is then carried out destroy command with correct.
3. method according to claim 1 and 2 is characterized in that, this method further comprises:
Encrypt storage card when two interfaces and enter into warning region, the 3rd radio frequency read-write equipment sends alarm command to warning device after listening to the RFID sign of two interfaces encryption storage cards, and warning device is carried out alarm command.
4. storage card is encrypted at two interfaces, it is characterized in that, comprising: safe central processing unit CPU, read-write control CPU, radio frequency discrimination RFID interface, general-purpose serial bus USB interface, data storage area, key memory block;
The key memory block is used to store data key;
The data storage area is used for storage and uses the data key data encrypted;
CPU is controlled in read-write, is used to control the reading and writing data of USB interface, and the data key that provides according to safety CPU deposits data encrypted in data storage area, and the data after maybe will deciphering send to USB interface;
Safe CPU is used for encrypting storage cards when two interfaces and is positioned at and uses the zone, when USB interface receives read request or writes request; Carry out the identity discriminating through the RFID interface with using the first radio frequency read-write equipment in the zone; After discriminating is passed through, receive and carry out the activation command that the first radio frequency read-write equipment sends, execute activation command after; The access key memory block, CPU provides data key for read-write control; When two interfaces encryption storage cards enter into the destruction zone; Carry out the identity discriminating through RFID interface and the second radio frequency read-write equipment of destroying in the zone; After discriminating is passed through, receive and carry out the destroy command that the second radio frequency read-write equipment sends, destroy the data key in the key memory block.
5. encrypt storage card based on described pair of interface of claim 4, it is characterized in that, physically, safe CPU is same CPU or two different CPU with read-write control CPU.
6. the data management system in the storage card is encrypted at two interfaces, it is characterized in that, comprising: storage card, the first radio frequency read-write equipment and the second radio frequency read-write equipment are encrypted in initialization apparatus, personal computer PC, two interface;
Wherein, the first radio frequency read-write equipment is arranged in and uses zone, the second radio frequency read-write equipment to be arranged in the destruction zone;
Two interfaces are encrypted storage card and are had two interfaces: general-purpose serial bus USB interface and radio frequency discrimination RFID interface; USB interface is used for linking to each other with PC and carries out reading and writing data; The RFID interface is used for receiving and sending radiofrequency signal; From radiofrequency signal, receive security command, store after encrypting the data encryption in the storage card at two interfaces;
Initialization apparatus is used for that storage card is encrypted at two interfaces and carries out initialization;
Storage card is encrypted at two interfaces, is used at initial phase, links to each other with initialization apparatus, under the control of initialization apparatus, accomplishes initialization, generates data key, stores; In operational phase, link to each other with PC in using the zone through USB interface, data key is in disarmed state; When receiving read request from USB interface or write request, carry out identity through the RFID interface and the first radio frequency read-write equipment and differentiate, after discriminating is passed through; Receive and carry out the activation command that the first radio frequency read-write equipment sends; After executing activation command, data key is in upstate, utilizes the data key encryption and decryption data and accomplishes read operation or write operation; In the destruction stage, when entering into the destruction zone, carry out identity through the RFID interface and the second radio frequency read-write equipment and differentiate, after discriminating is passed through, receive and carry out the destroy command that the second radio frequency read-write equipment sends, destroy the data key of being stored;
The first radio frequency read-write equipment is used for encrypting storage card with two interfaces and carries out the identity discriminating, after discriminating is passed through, encrypts storage card to two interfaces and sends activation command;
The second radio frequency read-write equipment is used for encrypting storage card with two interfaces and carries out the identity discriminating, after discriminating is passed through, encrypts storage card to two interfaces and sends destroy command.
7. system according to claim 6 is characterized in that,
Initialization apparatus is further used for, and initial phase obtains its RFID that presets sign, and utilizes the overall root key that self presets to encrypt the RFID sign from two interfaces encryption storage cards, and encrypted result is the communicator key;
Two interfaces are encrypted storage card and are further used for, obtaining communication sub-key from initialization apparatus, and store;
When receiving read request from USB interface or write request, two interfaces are encrypted storage card and are generated a challenge random number, utilize the communicator key that the challenge random number is encrypted, and encrypted result and unencrypted RFID sign are sent to the first radio frequency read-write equipment; The overall root key that the first radio frequency read-write equipment utilization is preset is encrypted the RFID sign that receives, and obtains the communicator key, and utilizes the communicator key that the encrypted result that receives is deciphered; The first radio frequency read-write equipment utilize challenge random number that communicator secret key encryption deciphering obtains, activation command, verification and, encrypted result is sent to two interfaces encrypts storage cards, verification and the challenge random number and activation command calculating generation that obtain with deciphering; Two interfaces are encrypted storage card and are utilized the communicator key that the encrypted result that receives is deciphered; Relatively whether the challenge random number that obtains of deciphering consistent with the challenge random number of sending before, if, then calculation check and; If verification is then carried out activation command with correct;
When two interfaces encryption storage cards enter into the destruction zone, generate a challenge random number, utilize the communicator key that the challenge random number is encrypted, and encrypted result and unencrypted RFID sign are sent to the second radio frequency read-write equipment; The overall root key that the second radio frequency read-write equipment utilization is preset is encrypted the RFID sign that receives, and obtains the communicator key, and utilizes the communicator key that the encrypted result that receives is deciphered; The second radio frequency read-write equipment utilize challenge random number that communicator secret key encryption deciphering obtains, destroy command, verification and, encrypted result is sent to two interfaces encrypts storage cards, verification and the challenge random number and destroy command calculating generation that obtain with deciphering; Two interfaces are encrypted storage card and are utilized the communicator key that the encrypted result that receives is deciphered; Relatively whether the challenge random number that obtains of deciphering consistent with the challenge random number of sending before, if, then calculation check and; If verification is then carried out destroy command with correct.
8. according to claim 6 or 7 described systems, it is characterized in that, further comprise in this system: the 3rd radio frequency read-write equipment that is arranged in warning region;
The 3rd radio frequency read-write equipment is used for encrypting storage cards when two interfaces and enters into warning region, listens to after two interfaces encrypt the RFID sign of storage cards, sends alarm command to warning device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210100033.4A CN102662874B (en) | 2012-04-06 | 2012-04-06 | Double-interface encryption memory card and management method and system of data in double-interface encryption memory card |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210100033.4A CN102662874B (en) | 2012-04-06 | 2012-04-06 | Double-interface encryption memory card and management method and system of data in double-interface encryption memory card |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102662874A true CN102662874A (en) | 2012-09-12 |
CN102662874B CN102662874B (en) | 2015-06-10 |
Family
ID=46772370
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210100033.4A Expired - Fee Related CN102662874B (en) | 2012-04-06 | 2012-04-06 | Double-interface encryption memory card and management method and system of data in double-interface encryption memory card |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102662874B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103455768A (en) * | 2013-08-26 | 2013-12-18 | 中国科学院数据与通信保护研究教育中心 | Method and system for safe storage of USB (universal serial bus) |
CN103678994A (en) * | 2013-12-05 | 2014-03-26 | 中国科学院数据与通信保护研究教育中心 | USB encrypted storage method and USB encrypted storage system with environment control function |
CN104636652A (en) * | 2015-02-11 | 2015-05-20 | 成都布林特信息技术有限公司 | Information processing method based on radio frequency identification |
CN104680054A (en) * | 2015-02-11 | 2015-06-03 | 成都布林特信息技术有限公司 | RFID (radio frequency identification devices) data processing method |
WO2018228061A1 (en) * | 2017-06-14 | 2018-12-20 | 云丁网络技术(北京)有限公司 | Data transmission method, device, and system |
CN111123819A (en) * | 2019-12-04 | 2020-05-08 | 山西诚鹏科技开发有限公司 | PLC operation data recording method based on master-slave station communication mode |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1516062A (en) * | 2003-01-09 | 2004-07-28 | 北京握奇数据系统有限公司 | Double-interface electronic key |
CN201229570Y (en) * | 2008-07-18 | 2009-04-29 | 北京中科联众科技有限公司 | Mobile hard disc data protection apparatus |
CN101667163A (en) * | 2009-10-19 | 2010-03-10 | 北京华大智宝电子系统有限公司 | Encrypting and authenticating equipment with dual safety chips |
CN101859283A (en) * | 2010-03-22 | 2010-10-13 | 吴欣延 | Method for controlling built-in radio frequency identification (RFID) encrypted solid-state hard disk |
-
2012
- 2012-04-06 CN CN201210100033.4A patent/CN102662874B/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1516062A (en) * | 2003-01-09 | 2004-07-28 | 北京握奇数据系统有限公司 | Double-interface electronic key |
CN201229570Y (en) * | 2008-07-18 | 2009-04-29 | 北京中科联众科技有限公司 | Mobile hard disc data protection apparatus |
CN101667163A (en) * | 2009-10-19 | 2010-03-10 | 北京华大智宝电子系统有限公司 | Encrypting and authenticating equipment with dual safety chips |
CN101859283A (en) * | 2010-03-22 | 2010-10-13 | 吴欣延 | Method for controlling built-in radio frequency identification (RFID) encrypted solid-state hard disk |
Non-Patent Citations (1)
Title |
---|
林立峰: "《建设事业IC卡应用技术与发展》", 30 April 2003 * |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103455768A (en) * | 2013-08-26 | 2013-12-18 | 中国科学院数据与通信保护研究教育中心 | Method and system for safe storage of USB (universal serial bus) |
CN103455768B (en) * | 2013-08-26 | 2016-04-13 | 中国科学院数据与通信保护研究教育中心 | A kind of USB method for secure storing and system |
CN103678994A (en) * | 2013-12-05 | 2014-03-26 | 中国科学院数据与通信保护研究教育中心 | USB encrypted storage method and USB encrypted storage system with environment control function |
CN103678994B (en) * | 2013-12-05 | 2017-01-11 | 中国科学院数据与通信保护研究教育中心 | USB encrypted storage method and USB encrypted storage system with environment control function |
CN104636652A (en) * | 2015-02-11 | 2015-05-20 | 成都布林特信息技术有限公司 | Information processing method based on radio frequency identification |
CN104680054A (en) * | 2015-02-11 | 2015-06-03 | 成都布林特信息技术有限公司 | RFID (radio frequency identification devices) data processing method |
WO2018228061A1 (en) * | 2017-06-14 | 2018-12-20 | 云丁网络技术(北京)有限公司 | Data transmission method, device, and system |
US11362838B2 (en) | 2017-06-14 | 2022-06-14 | Yunding Network Technology Beijing Co., Ltd. | Systems and methods for secure data transmission |
US11831784B2 (en) | 2017-06-14 | 2023-11-28 | Yunding Network Technology (Beijing) Co., Ltd. | Systems and methods for secure data transmission |
CN111123819A (en) * | 2019-12-04 | 2020-05-08 | 山西诚鹏科技开发有限公司 | PLC operation data recording method based on master-slave station communication mode |
CN111123819B (en) * | 2019-12-04 | 2021-08-03 | 山西诚鹏科技开发有限公司 | PLC operation data recording method based on master-slave station communication mode |
Also Published As
Publication number | Publication date |
---|---|
CN102662874B (en) | 2015-06-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10341091B2 (en) | Secure memory storage | |
US10460314B2 (en) | Pre-generation of session keys for electronic transactions and devices that pre-generate session keys for electronic transactions | |
CN101176125B (en) | Implementation of an integrity-protected secure storage | |
CN201181472Y (en) | Hardware key device and movable memory system | |
US8947211B2 (en) | Communication data protection method based on symmetric key encryption in RFID system, and apparatus for enabling the method | |
CN101562040B (en) | Data processing method of high-security mobile memory | |
CN103678994B (en) | USB encrypted storage method and USB encrypted storage system with environment control function | |
KR100676087B1 (en) | Secure data storage apparatus with USB interface, and method thereof | |
CN103415855A (en) | Mass storage device memory encryption methods, systems, and apparatus | |
CN102063601B (en) | Radio frequency identification system, radio frequency identification method and reader | |
CN102662874B (en) | Double-interface encryption memory card and management method and system of data in double-interface encryption memory card | |
CN108345782B (en) | Intelligent hardware safety carrier | |
CN101103404A (en) | Method and portable storage device for allocating secure area in insecure area | |
US10027639B2 (en) | IC chip performing access control based on encrypted ID | |
CN103440462A (en) | Embedded control method for improving security and secrecy performance of security microprocessor | |
CN105095945A (en) | SD card capable of securely storing data | |
CN101770559A (en) | Data protecting device and data protecting method | |
CN201590091U (en) | Encryption type memory card read/write device based on password authentication | |
CN103455768B (en) | A kind of USB method for secure storing and system | |
CN103606223A (en) | Card authentication method and device | |
CN104700125A (en) | AES encryption and verification of ultra high frequency radio identification system | |
US20180144347A1 (en) | Component for provisioning security data and product including the same | |
CN102750557B (en) | RF (Radio Frequency) card read-write system | |
CN103324970B (en) | The receiving/transmission method of a kind of RFID of highly effective and safe and system thereof | |
CN106778939A (en) | Electronic tag sensor-based system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150610 Termination date: 20200406 |