CN1285050C - Digital certification protecting device based on fingerprint - Google Patents
Digital certification protecting device based on fingerprint Download PDFInfo
- Publication number
- CN1285050C CN1285050C CN 03147555 CN03147555A CN1285050C CN 1285050 C CN1285050 C CN 1285050C CN 03147555 CN03147555 CN 03147555 CN 03147555 A CN03147555 A CN 03147555A CN 1285050 C CN1285050 C CN 1285050C
- Authority
- CN
- China
- Prior art keywords
- fingerprint
- microprocessor
- digital certificate
- power supply
- sram
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 claims abstract description 24
- 238000004891 communication Methods 0.000 claims abstract description 8
- 238000001514 detection method Methods 0.000 claims abstract description 8
- 230000001681 protective effect Effects 0.000 claims description 8
- WHXSMMKQMYFTQS-UHFFFAOYSA-N Lithium Chemical compound [Li] WHXSMMKQMYFTQS-UHFFFAOYSA-N 0.000 claims description 5
- 229910052744 lithium Inorganic materials 0.000 claims description 5
- 238000006243 chemical reaction Methods 0.000 claims description 3
- 230000009471 action Effects 0.000 claims description 2
- 230000006378 damage Effects 0.000 claims 1
- 239000004065 semiconductor Substances 0.000 claims 1
- 238000005516 engineering process Methods 0.000 abstract description 17
- 230000015654 memory Effects 0.000 abstract description 6
- 230000005540 biological transmission Effects 0.000 description 8
- 230000008569 process Effects 0.000 description 7
- 238000011161 development Methods 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 102000003922 Calcium Channels Human genes 0.000 description 1
- 108090000312 Calcium Channels Proteins 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000000052 comparative effect Effects 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000037361 pathway Effects 0.000 description 1
- 230000035515 penetration Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
- Image Input (AREA)
Abstract
The present invention discloses a digital certificate protecting device based on fingerprints, which comprises a non-volatile SRAM used for storing digital certificates, fingerprint authentication algorithms and communication programs, a safe microprocessor used for executing relative programs, a power supply managing circuit used for managing the power supply of the system, an intrusion detection circuit used for avoiding hacker intrusion, a fingerprint sensor used for registering fingerprint information and a universal serial bus controller used for the communication between a host machine and the microprocessor. The present invention adopts the fingerprint identification technology to verify validated users, a traditional password protection method is replaced, and therefore, problems of password stealage and password memorization are avoided. Because of the fingerprint identification technology, the use of the digital certificates is very convenient. In addition, the safe microprocessor and the SRAM are used as memories of programs and data, the problem of piracy of the digital certificates is solved. The device uses a method of combining encryption of software and hardware, and very high safety of the digital certificates is guaranteed.
Description
Technical field
The present invention relates to fingerprint identification technology, particularly based on the digital certificate guard method and the device of fingerprint.
Background technology
Along with computer technology and development of internet technology, the global economy development enters the information economy era.The birth of ecommerce and development bring huge change and far-reaching influence to world economy.But the sixty-four dollar question that ecommerce faces is exactly the safety that how to guarantee information transmission on the Internet.Generally adopt PKI technology (Public Key Infrastructure) to protect the safety of information at present.The PKI technology adopts the certificate management PKI, by third-party trusted mechanism--the CA of authentication center bundles other identification informations of user's PKI and user, in the identity of checking user on the Internet.At present, general way is to adopt the digital certificate that is based upon on the PKI basis, by the numerical information that will transmit being encrypted and sign, confidentiality, authenticity, integrality and the non-repudiation of guarantee information transmission, thereby the safe transmission of guarantee information.
Digital certificate is the proof of identification that carries out network information interchange and commercial activity, and in each link of electronic transaction, the each side of transaction all need verify the validity of the other side's certificate, thereby solves mutual trust problem.Usually digital certificate is to leave on the hard disk of user's computing machine or the floppy disk, the Web bank's certificate that uses such as the ordinary people.For the higher enterprise customer of security requirement, certificate leaves on the special-purpose IC-card.A kind of safe digital certificate guard method, should satisfy two conditions at least: article one, this digital certificate can only be used by legal users; Second, protected digital certificate should be replicated except certificate issuing authority.For article one, traditional certificate that leaves on the various media generally all uses password to encrypt.The user can require the user to import cryptographic certificate and verify legal users when using certificate.But this method exists password to be stolen easily and the memory problems of password.Because password is stolen, the case that causes depositor's money to be extracted by the disabled user has been of common occurrence.Stolen a glance at or the user used such as the birthday and these cases all are user's passwords, the password that number etc. are guessed easily causes.If the length long enough of password in theory, and setting rationally can guarantee with the security of password protection.But the memory that brings simultaneously burden is difficult to bear often, and very inconvenient when using.For article one, use fingerprint identification technology to solve in our device, we will be described in detail in the back.For second, the certificate that obviously is stored on hard disk and the floppy disk is easy to be replicated, even some deposits the certificate in the IC-card, though also through encrypting, for the veteran, it also is possible duplicating.The IC-card of the band CPU of some top grade can guarantee under existing technology it is not reproducible, but still can't solve first problem.And our device will use special encryption method and communication mechanism, guarantee the not reproducible of digital certificate.
Nineteen nineties, as a kind of living things feature recognition method of comparative maturity, fingerprint identification technology begins to be widely used.Because the decline significantly of Automated Fingerprint Identification System price, the application of fingerprint recognition no longer only is confined to law, public security field automatically.It can be used as the means that computing machine is confirmed the user, can be used as the information security technology of accesses network resource, also can be used for many aspects such as double acknowledge, employee's proof and domestic electronic door lock of the affirmation of bank ATM card and credit card use, all kinds of intellective IC cards.
Because fingerprint has uniqueness and stable advantage, and gathers conveniently, with low cost, carry out the certificate encryption so be fit to very much replace traditional password.The present invention is exactly in order to solve the safety problem of digital certificate, to utilize fingerprint technique to come a kind of device of certificate of protection.
Summary of the invention
The digital certificate protective device that the purpose of this invention is to provide a kind of practicality.
For achieving the above object, the digital certificate protective device based on fingerprint is characterized in that comprising:
Nonvolatile sram is used to store digital certificate and finger print identifying algorithm and signal procedure;
Electric power management circuit, the power supply that is used for management system, wherein, the voltage output of dc voltage conversion chip U6 is connected to microprocessor and battery charger, power supply switches the grid of the condition line connection switching tube of chip U5, by the USB passage whole device is powered, power supply is the backup lithium cell charging through intelligent charge managing chip U7;
The intrusion detection circuit is used to prevent hacker attacks;
Fingerprint sensor is used for registering fingerprint information;
USB controller is used for the communication between main frame and the microprocessor;
Secure microprocessor links to each other the action that is used to receive the information of above-mentioned parts and controls above-mentioned parts respectively with USB controller with Nonvolatile sram, electric power management circuit, intrusion detection circuit, fingerprint sensor.
The present invention uses fingerprint identification technology to verify validated user, has replaced traditional password protection method, thereby has avoided the problem of the stolen and cipher memory of password.Owing to used fingerprint identification technology, so greatly facilitate the use of digital certificate.We have used secure microprocessor and SRAM as program and memory of data in device in addition, have solved the bootlegging problem of digital certificate.This device has used software and hardware to encrypt the method that combines, and can guarantee under existing science and technology the high security of digital certificate protection.
Description of drawings
Fig. 1 is the formation block diagram of digital certificate protective device;
Fig. 2 is circuit theory diagrams.
Embodiment
Our purpose is to realize a kind of safe digital certificate guard method and device.This device should be not reproducible, and uses fingerprint identification technology to replace password to realize authentication.In order to guarantee the safety of digital certificate, this device also should be able to be resisted hacker's software and hardware and attack.
The composition of apparatus of the present invention comprises non-volatile CMOS SRAM as shown in Figure 1, secure microprocessor, electric power management circuit, USB (universal serial bus) (USB) controller, fingerprint sensor, intrusion detection circuit, serial data mouth.
The present invention adopts non-volatile CMOS SRAM to preserve digital certificate with finger print identifying algorithm and communicate by letter and wait other programs.Most of IC-cards adopt is that the flash memory of electrically-erasable comes store data, and their inner data of preserving are after power supply is eliminated, and data can keep a century.This is a safety defect the most dangerous, and it breaks through the interior physics defence line of chip for hacker's endless time, may cause divulging a secret of data.Data in this SRAM that we use only need minimum electric current just can guarantee can not lose, and use the very little lithium battery of backup volume, and can guarantee is not having under the situation of external power source, and the data in the maintenance SRAM are more than 10 years.But the SRAM response speed is very fast, when system detects intrusion behavior, can be wiped free of rapidly or " zero clearing ".
What the present invention adopted is that secure microprocessor is carried out relevant procedures.Sort processor utilizes dual key three des encryption algorithms and outside to communicate under inner bootstrap routine control.Special encryption and decryption engine is all arranged on program and the data bus.So just can prevent that the hacker from monitoring the data on the bus by logic analyser, and this uses the greatest drawback of SRAM system often.Program, data, algorithm etc. all are what to encrypt in the SRAM storer like this, have guaranteed that these contents can not be replicated.Even because these data are duplicated by the hacker, owing to can't obtain encryption key, these contents also are unreadable.To the encryption key that cryptographic operation plays a decisive role,, in the microprocessor bootstrapping, just determine in processor inside.As a part of invading response, in case find penetration phenomenon, these keys can be wiped by moment, and all the elements of external SRAM also will be wiped free of moment simultaneously.
Electric power management circuit of the present invention as shown in Figure 2, mainly by an intelligent charge managing chip U7, power supply switches chip U5, dc voltage conversion chip U6 forms.U6 chip Vout connects microprocessor and battery charger, and fingerprint sensor U4 links to each other with Vout through a switch MOS pipe with USB interface chip U3, power supply switches the grid of condition line/VDDC connection switching tube of chip, and external SRAM is by the Vcco power supply of microprocessor.When the USB passage is opened, by the USB passage whole device is powered like this, power supply is the backup lithium cell charging through the U7 chip, and can see that charging indicator light is bright.In the USB pathway closure, power supply switches chip power supply is switched to the backup lithium battery.This time, switching tube cut off the power supply of fingerprint sensor and USB controller, and reserce cell is only to microprocessor power supply and SRAM power supply.This external power switches the interrupt pin that chip status line/VDCC receives microprocessor, has no progeny during microprocessor detects, and microprocessor enters the deep sleep state of low-power consumption.
Intrusion detection circuit theory of the present invention such as Fig. 2, when the shell of device is opened, the ground wire of the self-destruction input end of microprocessor is blocked, cause self-destruction input end incoming level to raise, microprocessor will be removed inner key like this, the internal SRAM data are eliminated, and microprocessor can cut off the data sustaining voltage Vcco that outputs to external SRAM simultaneously, and the external SRAM data also are eliminated like this.
Described fingerprint sensor is based on the fingerprint collecting chip of CMOS technology, and the type of chip can be a plane, also can the strip sweep type.The characteristics of these sensors are that volume is small and exquisite, are fit to use in various embedded systems.The image that fingerprint sensor U4 collects enters microprocessor U1 by 8 I data line, and is stored among the sram chip U2.
Described USB controller U3 can make between main frame and the microprocessor U1 and transmit data by USB interface, and microprocessor links to each other with the USB controller by 8 I data-interface.Data stream process USB controller from main frame comes is forwarded to microprocessor by the USB controller.Similarly, the data stream that microprocessor sends is forwarded to main frame by the USB controller again through 8 bit parallel IO mouths.
Introduce the communication means that this device adopts below, this process can be divided into two parts:
1. the download of digital certificate
This process is generally to be to finish in certificate request, and the downloading process of this certificate is finished by certificate issuing authority.In the process of application, the applicant need register the fingerprint template information of oneself.Certificate issuing authority writes the serial port of following data by device among the SRAM.
The digital certificate of application
Program and data that the operation of this device needs
In order to guarantee the secure download of digital certificate, the downloading process separated into two parts.At first be secure microprocessor under inner bootstrap routine control, download a coded communication transmission procedure, use this coded communication transmission procedure downloading digital certificate, fingerprint template and other programs and data then from serial ports.Downloaded the device of digital certificate, unless through reset operation, downloadable authentication again.Reset operation realizes that by a reset switch back secure microprocessor that resets is booted again, and the data among the SRAM are eliminated, and apparatus of the present invention will be got back to original state.
2. the use of digital certificate
USB interface was carried out data transmission when digital certificate used, and needed to install the driver of apparatus of the present invention before use.When web application need use digital certificate to carry out digital encryption or digital signature, the read step of digital certificate was as follows:
A. at first the driver by main frame sends open command to apparatus of the present invention;
B. after this device is received open command, send response message, and send the message of waiting for the input fingerprint;
C. the user presses finger on the fingerprint sensor of this device, gathers finger print data.If for a long time not according to finger, then return to virgin state, and send message that a device closes to main frame;
D. the processor of this device uses the fingerprint algorithm of SRAM power storage that finger print data is handled, and obtains fingerprint characteristic information, and the fingerprint characteristic information of this characteristic information and original registration is mated.The match is successful then continues, and it fails to match then gets back to step B;
E. this device has been opened message to the main frame transmitting apparatus, and main frame receives that opening of device message then sends the order of reading digital certificate;
F. after receiving the order of reading digital certificate, the digital certificate content is sent to main frame;
G. after main frame is received digital certificate, send shutdown command;
H. this device returns to virgin state, and sends message that a device closes to main frame.In the use of digital certificate, the transmission of information will be used common encrypted transmission method, and this encrypting and decrypting process is realized by driver, is transparent to the application system.
Claims (4)
1. digital certificate protective device based on fingerprint is characterized in that comprising:
Nonvolatile sram is used to store digital certificate and finger print identifying algorithm and signal procedure;
Electric power management circuit, the power supply that is used for management system, wherein, the voltage output of dc voltage conversion chip U6 is connected to microprocessor and battery charger, power supply switches the grid of the condition line connection switching tube of chip U5, by the USB passage whole device is powered, power supply is the backup lithium cell charging through intelligent charge managing chip U7;
The intrusion detection circuit is used to prevent hacker attacks;
Fingerprint sensor is used for registering fingerprint information;
USB controller is used for the communication between main frame and the microprocessor;
Secure microprocessor links to each other the action that is used to receive the information of above-mentioned parts and controls above-mentioned parts respectively with USB controller with Nonvolatile sram, electric power management circuit, intrusion detection circuit, fingerprint sensor.
2. according to the described digital certificate protective device of claim 1, it is characterized in that:
Two des encryptions of described secure microprocessor support program and data bus, there is key generator inside, has the cipher key destruction function in the time of bootstrapping.
3. according to the described digital certificate protective device of claim 1, it is characterized in that:
Described fingerprint sensor adopts the cmos semiconductor sensor, links to each other with microprocessor by 8 bit parallel IO mouths.
4. according to the described digital certificate protective device of claim 1, it is characterized in that: described intrusion detection circuit comprises grounding switch.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03147555 CN1285050C (en) | 2003-07-22 | 2003-07-22 | Digital certification protecting device based on fingerprint |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03147555 CN1285050C (en) | 2003-07-22 | 2003-07-22 | Digital certification protecting device based on fingerprint |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1570954A CN1570954A (en) | 2005-01-26 |
| CN1285050C true CN1285050C (en) | 2006-11-15 |
Family
ID=34471979
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 03147555 Expired - Fee Related CN1285050C (en) | 2003-07-22 | 2003-07-22 | Digital certification protecting device based on fingerprint |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1285050C (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102916812B (en) * | 2012-10-19 | 2015-11-25 | 雷欧尼斯(北京)信息技术有限公司 | The live authentication management system of movie theatre and method |
-
2003
- 2003-07-22 CN CN 03147555 patent/CN1285050C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN1570954A (en) | 2005-01-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101470783B (en) | Identity recognition method and device based on trusted platform module | |
| CN1153147C (en) | Securely generating computer system password by utilizing external encryption algorithm | |
| US6557104B2 (en) | Method and apparatus for secure processing of cryptographic keys | |
| CN1234081C (en) | Method and device for realizing computer safety and enciphering based on identity confirmation | |
| CN100481107C (en) | An identity control method based on credibility platform module and fingerprint identifying | |
| US20070237366A1 (en) | Secure biometric processing system and method of use | |
| CN106953724A (en) | The method of dynamic encryption formula fingerprint sensor and dynamic encryption finger print data | |
| US20070226514A1 (en) | Secure biometric processing system and method of use | |
| CA2410568A1 (en) | Secure transactions with passive storage media | |
| CN100535876C (en) | Smart card and USB combined equipment and method of self-destroy forillegal access and try to pass valve value | |
| CN102664036A (en) | Fingerprint encryption intelligent digital U disk | |
| CN102024115B (en) | Computer with user security subsystem | |
| US7631348B2 (en) | Secure authentication using a low pin count based smart card reader | |
| US20220067127A1 (en) | Hardware license verification | |
| CN101237353A (en) | A method and system for monitoring mobile storage device based on USBKEY | |
| US20070226515A1 (en) | Secure biometric processing system and method of use | |
| US20030172265A1 (en) | Method and apparatus for secure processing of cryptographic keys | |
| CN1331015C (en) | Computer security startup method | |
| KR20210127278A (en) | Storage device, and data disposal method thereof | |
| CN1716841A (en) | High performance cipher algorithm SoC chip | |
| CN101127013A (en) | Enciphered mobile storage apparatus and its data access method | |
| CN109087102A (en) | Transaction protection robot system based on block chain | |
| CN1285050C (en) | Digital certification protecting device based on fingerprint | |
| CN202110552U (en) | Software protection device based on multi-body interleaved storage technology | |
| CN201845340U (en) | Safety computer provided with user safety subsystem |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20061115 Termination date: 20180722 |