CN1186741C - Interactive multifunctional digital token - Google Patents
Interactive multifunctional digital token Download PDFInfo
- Publication number
- CN1186741C CN1186741C CNB021304351A CN02130435A CN1186741C CN 1186741 C CN1186741 C CN 1186741C CN B021304351 A CNB021304351 A CN B021304351A CN 02130435 A CN02130435 A CN 02130435A CN 1186741 C CN1186741 C CN 1186741C
- Authority
- CN
- China
- Prior art keywords
- key
- transaction
- digital token
- user
- service host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Images
Abstract
The present invention relates to an interactive multifunctional digital identity token which comprises an enhanced protocol processing program which is communicated with a service host computer and is stored in the digital identity token, the service host computer is unable to simply transmit a trading command to the digital identity token, and must transmit key information in trade to the digital identity token at the same time, and the trade can be completed after waiting a user to confirm. The present invention can be used for managing a plurality of private keys, and can independently carry out cryptography calculation. An independent user input function and an independent result displaying function are integrated, the present invention can ensure that the key information is not processed through a suspect service device of a user through the enhancement of an interactive protocol between the token and the service host computer, and the lost of the digital identity and a fraudulent action in the electronic trade are prevented.
Description
Technical field
The present invention relates to a kind of safe storage of digital identity, the portable equipment that carries and use.
Background technology
Along with the develop rapidly of Internet, people no longer content just to utilize Internet to carry out message exchange, but wish daily business activity is also moved on to digital world, the B2B that is rising, and application such as B2C are exactly the preliminary trial of moving towards digital world.But move towards primary problem of digital world and be exactly how to determine that people in the real world in the identity that digital world had, guarantees the security of transaction.Public Key Infrastructure(PKI) has begun all over the world to build as the foundation stone of setting up digital world.But PKI can not accepted by users at present.Main cause wherein is exactly depositing of private key, classification and use difficulty.
In the PKI system, the granting of Public Key Infrastructure(PKI) unit holder's public-key cryptography authenticity digital certificate file is called certificate, be exactly user's private key and the user is used for proving own identity.When using the PKI authentication system, the preservation of user's private key and use just become crucial problem.Private key is big (generally greater than 128 bytes) generally, allow general user's memory almost be impossible, must leave in certain equipment.If depositing and calculate all of private key carried out on a common computer; the security of private key security maximum and that this calculating function provides is equal to so; and we know; in computing machine; we meet and face computer virus, the threat of rogue program (Te Luoyi wooden horse etc.), and private key leaves in such environment; even the algorithm of high security is arranged, do not protect user's individual privacy yet.In order to guarantee being perfectly safe of private key and normally carrying out of authentication, a kind of self independent, safe computing equipment must be arranged.
The solution that has at present is based on palm machine (palm), mobile phone and IC-card etc., and these solutions are simply deposited in private key wherein nothing but exactly, and wherein ripe is IC-card.IC-card is integrated CPU in a chip, FLASH storer and I/O circuit, and anti-sensing circuit is arranged, its security that can reach in theory is the highest, and IC-card is cheap, easy to carry, has had widely to use.But IC-card itself is not custom-designed for the PKI system, and its existing application model has the vestige of the application of tangible symmetric key.Present most products are not all walked out this old set pattern: promptly only IC-card is used as a kind of memory device, most of key work also will rely on host computer to carry out.Even more advanced CPU card has also just solidified the algorithm of several standards, and how to have used these algorithms to be determined by the program on the host computer.Essentially, existing application based on IC-card only provides client computer to utilize IC-card to prove the means of own identity to other main frames, and really do not provide Secure Application desired independence, can't avoid the dangerous hidden danger of bringing of host computer self.
Because IC-card need be mutual by read write line and host computer, have be difficult to expand, shortcoming that the read-write equipment cost is high, at this shortcoming of IC-card, a kind of USB interface-based class IC card product has appearred in recent years, claim digital token again.This product does not need special read-write equipment, and the USB mouth of directly receiving computing machine just can use.Have price advantage than card reader, and be easy to carry equally.Just can find ikey on the Chinese market, itoken, smartkey, multiple products such as mikey, the main thought of this series products is to utilize the USB mouth directly to visit IC-card, at its device interior, or the chip of an IC-card, though saved the read write line of IC-card, do not overcome other shortcomings of IC-card.
Summary of the invention
The purpose of this invention is to provide a kind of USB interface-based portable equipment that strengthens agreement that between digital token and service host, adopts, service host can not simply send the transaction order to digital token, and must send key message in the transaction simultaneously, and wait for after the user confirms and just can finish transaction to digital token.
For achieving the above object, a kind of interactively multifunctional digital token device, this device comprises:
Memory storage, be used to store personal certificate, key and with service host between the protocol handling program of communicating by letter;
Single-chip microcomputer is used for independently finishing the processing to key message, and wherein key message is meant the use of personal information, key and to the checking of the side's of service certificate, key, Transaction Information;
Input equipment is confirmed transaction after importing user's personal information before being used to conclude the business and examining Transaction Information;
Display device is used to show key message;
USB interface is used for Connection Service main frame and digital token;
Wherein, transaction order that digital token device reception service host is sent and the key message in the transaction, on display device, show this key message, after waiting for that the user examines this message and confirming by input equipment, utilize personal certificate and the key stored to finish digital signature, encryption, the generation confirmation sends to service host and finishes transaction.
The present invention can be used for managing a plurality of private keys, and can be autonomous carry out cryptography arithmetic.Integrated independent user input and Presentation Function as a result, by enhancing to the interaction protocol between token and the service host, the processing that guarantees key message is without the incredible service equipment of user, prevent digital identity lose with electronic transaction in deceptive practices.
Description of drawings
Fig. 1 is an implementation block scheme of the present invention;
Fig. 2 is the realization system block diagram of one embodiment of the invention;
Fig. 3 is the block scheme that carries out the related agreement of electronic transaction on network.
Embodiment
Below in conjunction with accompanying drawing the present invention is described.As shown in Figure 1, the invention provides a kind of USB interface-based simple, practical portable equipment, make the user can manage a plurality of private keys of oneself easily, and can be being solidificated in the token such as the such function of stored value card.Because IC-card and USB interface-based class IC card product all do not have display device, this makes the user may be cheated by external unit when confirming that paying waits key message, the present invention is integrated display device, make the user make the user do not need by external display device when paying waits key message confirm, prevent deception that external unit may exist, repeat payment etc.
Because existing IC-card and USB interface-based class IC card product all do not have oneself independently input equipment, all information that send to IC comprise that PIN code all sends to IC-card by host computer, if the unsafe words of host computer, security of users just can not get ensureing.The present invention is integrated independently input equipment, the user can independently control mutual pilot process by this input equipment, can finish in many ways participate in, repeatedly complexity such as mutual transaction and do not rely on the credibility of host computer.For example on token, realize the input and the display device of PIN code, make token after the user imports correct PIN code, just start working, the generation of having avoided non-token owner illegally to use token or eavesdropped and usurp phenomenon by other main frame input password.In the process of exchange, just send after the user need confirm the dealing money correctness from integrated display part and confirm order, finish affirmation transaction by integrated input equipment.
Certainly, for the function of existing IC-card and USB interface-based class IC card product, the present invention all provides.
The objective of the invention is to realize by the following technical solutions.
First kind of implementation:
USB interface chip+single-chip microcomputer+IC-card chip+Liquid Crystal Module+button+light emitting diode+Flash storer.In order to guarantee exquisiteness, portable characteristics, reasonable method is that each several part does not adopt packaged chip or module, and unified encapsulation can be made size the size of product popular on the society.Synoptic diagram is seen Fig. 1.The main function of this implementation all realizes with software, as the indication of the read-write of IC-card, the driving of Liquid Crystal Module, the processing of accepting key information and control diode etc.The IC-card here can adopt storage card or CPU card.Private key management and related operation are the functions of being finished or finished by IC-card the IC-card that depends on employing by single-chip microcomputer.If IC-card is a storage card, so all functions can only be finished by single-chip microcomputer, and IC-card only plays the function of a storage.A kind of concrete realization system chart is seen Fig. 2.
The AN2131SC here (a kind of interface chip with CPU of U.S. Cypress company) is one and has USB interface, I
2The single-chip microcomputer of C (a kind of serial bus standard) interface and 3 groups of I/O interfaces.I
2C interface and USB interface take one group of I/O interface, wherein USB interface be used for and main frame between connection, I
2C interface connects the Flash storer, and 2 groups of remaining I/O interfaces are respectively as the interface of Liquid Crystal Module and button and IC-card and pilot lamp.
The AN2131SC peripheral interface is more convenient, and shortcoming is that to leave the space of code for too little, and the present invention needing to realize bigger program's memory space under such structure, therefore at I
2C interface adds the big Flash storer of a slice and preserves code and pass through I
2C interface carries out the code update in the sheet.Second kind of implementation:
Adopt the novel CPU the core of the card sheet that has USB interface, or do not have a USB interface but very strong CPU card such as the AT91SC321-USB of atmel corp on the function, the SMARTXAII series of Philips company etc. adopt these chips can meet the demands on function.
The third implementation:
Design and the special-purpose chip of exploitation.At first design following IP kernel such as the IP kernel of USB, the IP kernel of main algorithm comprises the IP kernel that RSA, AES, MD5, SHA-1 (standard cipher and hashing algorithm) and random number produce etc., the IP kernel of Flash storer and the IP kernel of single-chip microcomputer.Next is that these IP kernels are carried out function combinations, logic synthesis and simulation etc., is undertaken just passable by general IC-card design route.This mode cost is the highest, and the cycle is also long, but product is the most concise.
Because present product such as IC-card etc., itself just uses as the memory device of a safety, how to use these algorithms to determine by the program on the host computer, the present invention adopts the agreement that strengthens between digital token and service host: service host can not simply send the transaction order to digital token, and must send key message in the transaction simultaneously, and wait for after the user confirms and just can finish transaction to digital token.Fig. 3 is seen in this description that strengthens agreement, and in Fig. 3, we have provided a block diagram that carries out the related agreement of electronic transaction on network, and the key message in the transaction is a dealing money.
The above only is the explanation of a technology of the present invention design specific embodiment down, and any equivalent transformation that foundation technical scheme of the present invention is done all should belong to protection scope of the present invention.
Claims (4)
1. interactively multifunctional digital token device is characterized in that this device comprises:
Memory storage, be used to store personal certificate, key and with service host between the protocol handling program of communicating by letter;
Single-chip microcomputer is used for independently finishing the processing to key message, and wherein key message is meant the use of personal information, key and to the checking of the side's of service certificate, key, Transaction Information;
Input equipment is confirmed transaction after importing user's personal information before being used to conclude the business and examining Transaction Information;
Display device is used to show key message;
USB interface is used for Connection Service main frame and digital token device;
Wherein, transaction order that digital token device reception service host is sent and the key message in the transaction, on display device, show this key message, after waiting for that the user examines this message and confirming by input equipment, utilize personal certificate and the key stored to finish digital signature, encryption, the generation confirmation sends to service host and finishes transaction.
2. by the described digital token device of claim 1, it is characterized in that described demonstration and input equipment are integrated demonstration and input equipments.
3. by the described digital token device of claim 1, it is characterized in that described token device stores and manage the certificate and the key of a plurality of difference in functionalitys simultaneously, in transaction, use which certificate or key by the user by showing and input equipment carries out.
4. by the described digital token device of claim 1, it is characterized in that also comprising by peripheral control circuit and unify control single chip computer, memory device, display device and input equipment and service host interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021304351A CN1186741C (en) | 2002-08-19 | 2002-08-19 | Interactive multifunctional digital token |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021304351A CN1186741C (en) | 2002-08-19 | 2002-08-19 | Interactive multifunctional digital token |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1397889A CN1397889A (en) | 2003-02-19 |
| CN1186741C true CN1186741C (en) | 2005-01-26 |
Family
ID=4746399
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB021304351A Ceased CN1186741C (en) | 2002-08-19 | 2002-08-19 | Interactive multifunctional digital token |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1186741C (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012142740A1 (en) * | 2011-04-18 | 2012-10-26 | Egonexus Limited | Digital token generator, server for recording digital tokens and method for issuing digital token |
| US20140229375A1 (en) * | 2013-02-11 | 2014-08-14 | Groupon, Inc. | Consumer device payment token management |
| CN103957104A (en) * | 2014-04-22 | 2014-07-30 | 交通银行股份有限公司 | Dynamic token anti-phishing method and device |
| AU2015308090B2 (en) * | 2014-08-29 | 2018-03-29 | Kineto Mobile (Pty) Ltd | System and method for electronic payments |
-
2002
- 2002-08-19 CN CNB021304351A patent/CN1186741C/en not_active Ceased
Also Published As
| Publication number | Publication date |
|---|---|
| CN1397889A (en) | 2003-02-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1764923A (en) | Card settlement method using portable electronic equipment with fingerprint sensor | |
| CN102768744A (en) | Remote safe payment method and system | |
| WO2007121631A1 (en) | System and method of electronic bank safety certification based on cpk | |
| CN101808077B (en) | Information security input processing system and method and smart card | |
| CN107332671A (en) | A kind of safety mobile terminal system and method for secure transactions based on safety chip | |
| CN101335754B (en) | Method for information verification using remote server | |
| CN101000703A (en) | Electronic payment terminal capable of ensuring confidentiality and integrity of information transmission | |
| WO2023092025A1 (en) | Token based secure access to a locker system | |
| CN109194654B (en) | Electronic official seal management and control system and method based on certificate chain technology | |
| CN1186741C (en) | Interactive multifunctional digital token | |
| CN101212301A (en) | Authentication device and method | |
| CN101533504A (en) | Electric medical affairs system and device | |
| CN101262348A (en) | USB digital signature device and its operation method | |
| CN1141653C (en) | Computer applycation layer network safety control and management system and relative program method thereof | |
| CN1655161A (en) | Business delivery certification system | |
| Prinslin et al. | Secure online transaction with user authentication | |
| CN113302876A (en) | Offline non-interception interaction with cryptocurrency network using network-disabled devices | |
| CN102609842A (en) | Payment cipher device based on hardware signature equipment, and application method of payment cipher device | |
| CN2798192Y (en) | Trade system on network with USB encrypting device | |
| CN103475623A (en) | Dynamic barcode certification system and its certification method | |
| CN202008672U (en) | E-commerce transaction safety terminal | |
| CN201207651Y (en) | USB digital autograph device | |
| CN112150151B (en) | Secure payment method, apparatus, electronic device and storage medium | |
| CN108416588A (en) | Data processing method and device for electronic transaction verification | |
| CN102708491A (en) | Trusted computing based novel USB (universal serial bus) Key device and safety transaction method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| IW01 | Full invalidation of patent right |
Decision date of declaring invalidation: 20150413 Decision number of declaring invalidation: 25649 Granted publication date: 20050126 |
|
| IW01 | Full invalidation of patent right |