CN201408424Y - Authentication device used for mobile storage device - Google Patents
Authentication device used for mobile storage device Download PDFInfo
- Publication number
- CN201408424Y CN201408424Y CN2009201066693U CN200920106669U CN201408424Y CN 201408424 Y CN201408424 Y CN 201408424Y CN 2009201066693 U CN2009201066693 U CN 2009201066693U CN 200920106669 U CN200920106669 U CN 200920106669U CN 201408424 Y CN201408424 Y CN 201408424Y
- Authority
- CN
- China
- Prior art keywords
- authentication
- storage device
- movable storage
- trusted
- credible
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
An authentication device used for a mobile storage device relates to the technical field of mobile storage. The authentication device comprises the mobile storage device; the authentication process for the mobile storage device comprises the authentication for two or more authentication factors including a credible computer authentication factor; a credible computer is internally provided with anelectric interface II and a TCM credible crypto module; and the mobile storage device comprises an electric interface I, a controlling and processing unit, a cryptography service unit and a data storage unit. Compared with the prior art, in the utility model, a plurality of factors including the credible computer authentication factor are used for the authentication of the mobile storage device, thus not only guaranteeing the credibility of the authentication factors of the mobile storage device, but also improving the degree of reliability of the authentication.
Description
Technical field
The utility model relates to the mobile storage technical field, especially for the authenticate device of movable storage device.
Background technology
Current era, the importance of information security is particularly outstanding, and hidden danger that the information security leak brings and threat are also increasing.All relate to the information safety protection problem in every field such as finance, IT, digital publishing rights, ecommerce, E-Government.Simultaneously, these fields need also to use that some movable storage devices are stored or the transfer confidential information.But, this movable storage device often is in unsafe applied environment, the confidential information of storing in the memory device is easy to be stolen by other people, and be used for illegal purposes, may make individual, enterprise, unit, or even army, country be faced with the danger that secret is revealed, and causes immeasurable loss.Common movable storage device adopts the scheme of safety chip to protect confidential data; for the dynamics of strengthening protecting; also having on movable storage device increases authentication, has only by after the authentication, and movable storage device just can be authorized to use or carry out next step operation.
In the prior art, the normal authentication factor that uses comprises knowledge factors such as password, password, occupancy factors such as USBKey, electronics one-time password maker, and biological characteristic factors such as fingerprint, iris, each factor provides the unique identification to the user.In movable storage device, adopt the mechanism of single factor authentication usually, this authentication mechanism is easy to be cracked, and causes the illegal mandate of movable storage device.Attack means such as wooden horse is to the threat of user identity under the open environment, reducing illegal authentication passes through, bring into use dual both at home and abroad or the multiple identities authentication means, as the two-factor authentication mode of password+e-token, the multifactor authentication mode in conjunction with fingerprint recognition, certificate and identity token USBKey is arranged also.This multifactor authentication mode has been strengthened the reliability of authentication, but but can't guarantee its credibility as the authentication factor of movable storage device.
Summary of the invention
At above-mentioned problems of the prior art, the purpose of this utility model provides a kind of authenticate device that is used for movable storage device.It is authenticated movable storage device by a plurality of factors that comprise the trusted computer authentication factor, and the trusted computer authentication has guaranteed the credibility of movable storage device authentication factor, and multifactor authentication has improved the reliability of authentication.
In order to reach the foregoing invention purpose, the technical solution of the utility model realizes as follows:
A kind of authenticate device that is used for movable storage device, its design feature is, it comprises movable storage device, to the authentication of movable storage device authentication, be provided with electric interfaces two and TCM (Trusted Cryptography Module) credible password module in the trusted computer through two or more authentication factors of comprising the trusted computer authentication factor.Movable storage device comprises:
Electric interfaces one---mate mutually with the electric interfaces two in the trusted computer, be used for Data transmission and reading writing information;
Controlled processing unit---interconnect with electric interfaces one, access control, data processing and data transport service be provided, be used to control electric interfaces one communication, authentication protocol, control verification process and result are provided;
The cryptography service unit---interconnect with controlled processing unit, be used to provide the cryptography service;
Data storage cell---interconnect canned data or data with controlled processing unit.
In above-mentioned authenticate device, described trusted computer authentication factor is based on the TCM credible password module is made up trusted computation environment as trusted root.
In above-mentioned authenticate device, described trusted root comprises credible tolerance root, credible report root and trusted storage root.
The utility model with the authentication factor of trusted computer as movable storage device, has been guaranteed the credibility of authentication factor owing to adopted said structure.Simultaneously, multifactor authentication mechanism guarantees the reliability of movable storage device authentication, has reached the authentication requesting of higher level of security when movable storage device uses.The utility model Verification System can be applicable to the legitimacy that every field guarantees the donor, unite use through movable storage device and trusted computer after the authentication of the utility model Verification System, more can guarantee the credibility of environment for use, can realize the effectively identification etc. of user identity that the safety of the safe read-write of movable storage device storage inside data and deletion, movable storage device and other equipment shares, licenses.
The utility model is described in further detail below in conjunction with the drawings and specific embodiments.
Description of drawings
Fig. 1 is the utility model structural representation;
Fig. 2 is the structural representation of the credible gauging system of trusted computer among the utility model embodiment;
Fig. 3 is the multifactor authentication synoptic diagram of movable storage device among the utility model embodiment;
Fig. 4 carries out the process flow diagram of trusted computer authentication for movable storage device among the utility model embodiment;
Fig. 5 carries out the process flow diagram of password authentication for movable storage device among the utility model embodiment;
Fig. 6 carries out the process flow diagram of finger print identifying for movable storage device among the utility model embodiment.
Embodiment
Referring to Fig. 1, in the utility model the authentication process of movable storage device is comprised the authentication of two or more authentication factors of trusted computer authentication factor, the trusted computer authentication factor is based on the TCM credible password module is made up trusted computation environment as trusted root.Trusted root comprises credible tolerance root, credible report root and trusted storage root.Be provided with electric interfaces two and TCM credible password module in the trusted computer.Movable storage device comprises:
Electric interfaces one---mate mutually with the electric interfaces two in the trusted computer, be used for Data transmission and reading writing information.
Controlled processing unit---interconnect with electric interfaces one, access control, data processing and data transport service be provided, be used to control electric interfaces one communication, authentication protocol, control verification process and result are provided.
The cryptography service unit---interconnect with controlled processing unit, be used to provide the cryptography service; Mainly comprise random number generator, digest algorithm, enciphering and deciphering algorithm, Digital Signature Algorithm and digital signature verification algorithm etc.
Data storage cell---interconnect canned data or data with controlled processing unit.
The Verification System that the utility model is used for movable storage device also comprises the authentication of other factors except that trusted computer.
Referring to Fig. 2, innerly among the utility model embodiment be embedded with the credible gauging system that makes up on the trusted computer of TCM credible password module and comprise following content:
Trusted computer adopts homemade TCM credible password module to make up trusted computation environment as trusted root, and whole trusted computation environment comprises TCM credible password module, credible BIOS (BasicInput and Output System)/EFI (Extended Firmware Interface), credible startup load module (Boot Loader), trusted operating system kernel (OS Kernel) and trusted application.Trusted application can be carried out authentication to the movable storage device of the utility model embodiment provide service.
Referring to Fig. 3, the utility model movable storage device will pass through multifactor authentication when being authorized to visit.Wherein Bi Yao authentication factor is the trusted computer authentication, and other authentication factors can be various factorss such as password factor, fingerprint factor, iris factor, USBKey factor.Only each authentication factor all press pre-conditioned authentication by the time, movable storage device just can be accessed or operation.Need to prove: this movable storage device can design arrangement arbitrarily according to demand through the order of multiple authentication.
Referring to Fig. 4, Fig. 5 and Fig. 6, the movable storage device in the utility model is chosen the mode that three kinds of authentication factors authenticate, be respectively trusted computer authentication, password authentication and finger print identifying.Have only when these three kinds of authentication factors all authenticate pass through after, movable storage device just can be authorized to use or visit.
Wherein, the trusted computer identifying procedure is: movable storage device generates one section check code at random, and use at random check code to make signing messages to send to trusted computer, trusted computer is utilized the legitimacy of TCM credible password module certifying signature, if do not conform to the rule authentification failure; If it is legal, trusted computer is used movable storage device certificate public key encryption signing messages, send to movable storage device, after movable storage device is received this ciphertext, call the cryptography Elementary Function, decipher this ciphertext with private key by controlled processing unit, and information after will deciphering and signing messages contrast verification, the then authentification failure if contrast is failed, if contrast successfully then authentication success, trusted computer is promptly finished the authentication to movable storage device.In order to unify mutually with the cryptographic algorithm that the TCM credible password module uses, the cryptographic algorithm service unit provides randomizer, SMS4 algorithm, ECC cryptographic algorithm, SM3 algorithm, ECC signature and signature authentication algorithm in the movable storage device, in order to finish the authentication of trusted computer to movable storage device.
The password authentication flow process is: movable storage device sends the password authentication request by electric interfaces; After the user receives request, the input user password, this password information is transferred to movable storage device; The controlled processing unit of movable storage device calls cryptography service unit and data storage cell function, by calculation process, and the legitimacy of checking user password.If legal, the user password authentication success, if illegal, the user password authentification failure.
The finger print identifying flow process is: movable storage device sends the finger print identifying request; After the user receives request, brush into finger print information by the fingerprint sensor module, the finger print information eigenwert is sent to controlled processing unit by the fingerprint sensor module, controlled processing unit calls cryptography service unit and data storage cell function, by calculation process, the legitimacy of checking user fingerprints information.If legal, the finger print identifying success, if illegal, the finger print identifying failure.In the utility model embodiment, movable storage device can increase the fingerprint sensor module, is used for the authentication of fingerprint factor.
The Verification System that is used for movable storage device in the foregoing description is utilized the credibility of authentication factor and credibility and the reliability that multiplicity has guaranteed authentication.Movable storage device by the method for present embodiment is made can effectively prevent illegal authentication, satisfies the needs of confidential information storage.Simultaneously, can suitably increase the module of movable storage device according to actual needs, satisfy the demand of different authentication factor authentication.
Should be noted that: the foregoing description only in order to the explanation the technical solution of the utility model, but not limits it.Although the foregoing description has been done detailed explanation to the utility model; those of ordinary skill in the art is to be understood that: make amendment according to the technical scheme that the foregoing description is put down in writing; or part technical characterictic wherein is equal to replacement; do not make the essence of appropriate technical solution break away from the technical thought of technical scheme described in the utility model, all belong to protection domain of the present utility model.
Claims (3)
1, a kind of authenticate device that is used for movable storage device, it is characterized in that, it comprises movable storage device, the authentication process of movable storage device is comprised the authentication of two or more authentication factors of trusted computer authentication factor, be provided with electric interfaces two and TCM credible password module in the trusted computer, movable storage device comprises:
Electric interfaces one---mate mutually with the electric interfaces two in the trusted computer, be used for Data transmission and reading writing information;
Controlled processing unit---interconnect with electric interfaces one, access control, data processing and data transport service be provided, be used to control electric interfaces one communication, authentication protocol, control verification process and result are provided;
The cryptography service unit---interconnect with controlled processing unit, be used to provide the cryptography service;
Data storage cell---interconnect canned data or data with controlled processing unit.
According to the described authenticate device that is used for movable storage device of claim 1, it is characterized in that 2, described trusted computer authentication factor is based on the trusted computation environment that the TCM credible password module is made up as trusted root.
3, according to claim 1 or the 2 described authenticate devices that are used for movable storage device, it is characterized in that described trusted root comprises credible tolerance root, credible report root and trusted storage root.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009201066693U CN201408424Y (en) | 2009-04-02 | 2009-04-02 | Authentication device used for mobile storage device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009201066693U CN201408424Y (en) | 2009-04-02 | 2009-04-02 | Authentication device used for mobile storage device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN201408424Y true CN201408424Y (en) | 2010-02-17 |
Family
ID=41679364
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009201066693U Expired - Fee Related CN201408424Y (en) | 2009-04-02 | 2009-04-02 | Authentication device used for mobile storage device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN201408424Y (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102368230A (en) * | 2011-10-31 | 2012-03-07 | 北京天地融科技有限公司 | Mobile memory and access control method thereof as well as system |
-
2009
- 2009-04-02 CN CN2009201066693U patent/CN201408424Y/en not_active Expired - Fee Related
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102368230A (en) * | 2011-10-31 | 2012-03-07 | 北京天地融科技有限公司 | Mobile memory and access control method thereof as well as system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10116453B2 (en) | Method for distributed trust authentication | |
| CN101853360A (en) | Authentication system for mobile memory device | |
| CN102685110B (en) | Universal method and system for user registration authentication based on fingerprint characteristics | |
| Khan et al. | Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic ID-based remote user authentication scheme’ | |
| EP2991267B1 (en) | Apparatus for providing puf-based hardware otp and method for authenticating 2-factor using same | |
| US9112681B2 (en) | Method and apparatus for secure information transfer to support migration | |
| US10867058B2 (en) | Method and system for protecting secure computer systems from insider threats | |
| CN101051908B (en) | Dynamic cipher certifying system and method | |
| CN104184743B (en) | Towards three layers of Verification System and authentication method of cloud computing platform | |
| CN101452514B (en) | User data protection method for safety computer | |
| CN109040067A (en) | A kind of user authentication device and authentication method based on the unclonable technology PUF of physics | |
| Lim et al. | Security issues and future challenges of cloud service authentication | |
| JP2007522540A (en) | User authentication methods and related architectures based on the use of biometric identification technology | |
| US20110314288A1 (en) | Circuit, system, device and method of authenticating a communication session and encrypting data thereof | |
| KR20110111257A (en) | Methods and systems for secure remote wake, boot, and login to a computer from a mobile device | |
| CN103138939A (en) | Secret key use time management method based on credible platform module under cloud storage mode | |
| CN103067390A (en) | User registration authentication method and system based on facial features | |
| CN103856468A (en) | Authentication system and method | |
| CN104662941A (en) | Supporting the use of a secret key | |
| CN109347858A (en) | Cipher code protection method, auth method, device, equipment and storage medium | |
| CN102163267A (en) | Solid state disk as well as method and device for secure access control thereof | |
| Khan et al. | A brief review on cloud computing authentication frameworks | |
| Wang et al. | A new fingerprint authentication scheme based on secret-splitting for enhanced cloud security | |
| CN201408424Y (en) | Authentication device used for mobile storage device | |
| KR101947408B1 (en) | Puf-based hardware device for providing one time password, and method for 2-factor authenticating using thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100217 Termination date: 20170402 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |