CN201590091U - Encryption type memory card read/write device based on password authentication - Google Patents
Encryption type memory card read/write device based on password authentication Download PDFInfo
- Publication number
- CN201590091U CN201590091U CN2009202463784U CN200920246378U CN201590091U CN 201590091 U CN201590091 U CN 201590091U CN 2009202463784 U CN2009202463784 U CN 2009202463784U CN 200920246378 U CN200920246378 U CN 200920246378U CN 201590091 U CN201590091 U CN 201590091U
- Authority
- CN
- China
- Prior art keywords
- password
- interface
- module
- memory card
- processing unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Abstract
An encryption type memory card read/write device based on password authentication comprises a reader-writer and a memory card, wherein the reader-writer comprises a central processing unit, a first interface, a second interface, a keyboard, a data encryption module, a key-managing module and an identity authentication module, wherein the central processing unit is used for realizing central management control; the first interface is used for the connection of the reader-writer and the computer; the second interface is used for the connection of the reader-writer and the memory card; the keyboard is used for inputting operating commands and passwords; the data encryption module is connected with the central processing unit and used for date encryption and decryption; the key-managing module is connected with the central processing unit for achieving the functions of on-chip key management, including key generation, storage, distribution, updating and destruction; and the identity authentication module is connected with the central processing unit, the key-managing module and the keyboard for authenticating identity authentication information of users. The memory card comprises an encrypted partition used for storing encrypted input data. Data in the memory card written through the reader-writer can only be read out through the reader-writer.
Description
Technical field
The utility model relates to a kind of card reader of data storage card, particularly be a kind of memory card read/write device of high security.
Background technology
Advantages such as various types of data storage cards and read write line thereof are the new types of data memory devices that develops rapidly in recent years, have that capacity is big, volume is little, and the life-span is long, easily use, portable.But these equipment have also brought great potential safety hazard when bringing convenience to the user, these safety problems such as for example user's identity can't authenticate, the easy leakage of data stored in clear.In case user's memory device is lost or by illegal possessor's visit, will cause the leakage of inner sensitive data, can cause an immeasurable loss to the user.
In order to solve the data security problem of storage card, the solution that exists has at present:
One inserts card reader with storage card, is connected with computing machine, utilizes the encryption software of computing machine that storage card is encrypted;
One for the storage card that uses in the mobile phone, utilizes the Control Software of mobile phone itself that storage card is encrypted.
Above method can be encrypted the data in the storage card, but needs computing machine or mobile phone or the like external accessory, uses inconvenient.
Summary of the invention
The purpose of this utility model is, solves the technical matters that existing storage card need use a computer or other aid is encrypted.
For achieving the above object, the utility model provides a kind of ciphering type memory card read/write device based on password authentication, is made up of card reader and storage card, and described card reader comprises:
One central processing unit is in order to realize central management control;
One first interface is used for described read write line and is connected with computing machine, realizes the output and the input of data;
One second interface is used for described read write line and is connected with storage card;
One keyboard is in order to input operation order and password;
One data encryption module is connected with described central processing unit, is used for data are carried out encryption and decryption;
One key management module is connected with described central processing unit, realizes key management functions on the sheet, comprises generation, storage, distribution, renewal, the destruction of key;
One identity authentication module is connected with described central processing unit, key management module and keyboard respectively, and user's ID authentication information is authenticated;
Described storage card comprises an encrypted partition, and described encrypted partition is in order to the ciphertext of storage input data.
Preferably, described key management module has a true Random Number Generator, is used for producing working key.
Preferably, described authentication module stores first ciphertext of the password information that shows user identity.
Preferably, described authentication module uses the password of keyboard input to carry out second ciphertext that produces after the computations user, and first ciphertext and second ciphertext are compared.
Preferably, described key management module obtains the protection key from first ciphertext, utilize described protection secret key encryption working key, is stored in the key management module with the ciphertext form.
Preferably, described read write line also comprises a box body, described central processing unit, memory module, data encryption module, key management module and authentication module are arranged in the described box body, and described keyboard and described first interface and second interface are arranged on described box surface.
Preferably, described read write line also comprises a LCD display, is arranged on described box surface, and the operation information of store status and execution is shown.
Preferably, described first interface is a USB interface.
Preferably, described storage card be SD, miniSD, microSD, MMC, MMCmini, MMCmicro one of them.
Preferably, described second interface adopts the interface standard of mating with described storage card.
The utility model adopts data encryption module that the data that write storage card are carried out encipherment protection earlier, is stored on the storage card with the ciphertext form again.When data when storage card is read, through the deciphering of encryption chip, read by the user with the plaintext form more earlier.The password authentication function that also has this equipment realizes the user identity discriminating; guarantee that validated user just can read the data in the storage card; can effectively prevent to lose or visited the risk of the data leak that brings by illegal possessor because of storage card; satisfy the requirement of user, effectively protect the safety of various sensitivities, important information the data safe storage.This card reader is integrated with keyboard and LCD realizes that the user imports and state output, can independently carry out the password input and carry out verification on this card reader, need not by computing machine, thereby avoids password to be intercepted and intercept and capture on computers.In addition, the storage space of storage card can be divided into encrypted partition and non-encrypted subregion, non-encrypted subregion can be visited by Any user, and encrypted partition can only be visited by validated user, and each partition size can be adjusted voluntarily by the user, and is easy to use.
Description of drawings
Figure 1 shows that the functional block diagram of the utility model based on the ciphering type memory card read/write device of password authentication;
Figure 2 shows that the subregion synoptic diagram of storage card;
Figure 3 shows that the process flow diagram of user password verification;
Figure 4 shows that the process flow diagram of change user password;
Figure 5 shows that the process flow diagram of release user password;
Figure 6 shows that the process flow diagram that reinitializes;
Figure 7 shows that the process flow diagram of readjusting subregion.
Description of reference numerals:
1-ciphering type storage card reader; The 11-box body; The 12-authentication module; The 13-display screen; The 14-keyboard; The 15-central processing unit; The 16-data encryption module; The 17-memory module; The 171-encrypted partition; The non-encrypted subregion of 172-; The read-only subregion of 173-; The 18-key management module; The 19-interface.
Embodiment
Below in conjunction with accompanying drawing, be described in more detail with other technical characterictic and advantage the utility model is above-mentioned.
See also shown in Figure 1ly, it is the functional block diagram of the utility model based on the ciphering type memory card read/write device of password authentication.Described read-write equipment comprises read write line 1 and storage card 2.Described read write line 1 comprises box body 11, authentication module 12, display screen 13, keyboard 14, central processing unit 15, data encryption module 16, interface 17, key management module 18 and interface 19.
The utility model adopts password to realize authentication.Adopt two kinds of passwords, comprise user password and super password.The authority that user password provides is the enciphered data in the reading and writing memory card 2, and the change user password; The authority that super password provides is for separating lock password, and initialization read write line 1.
Introduce the function of each module below in detail:
Display screen 13 can be LCD, shows in order to the operation information to store status and execution, can show Chinese character, and the prompting user carries out various operations.
Keyboard 14, in order to enter password, the user uses keyboard 14 to carry out password verification, password release, change user password, the operation of change super password or the like.
Central processing unit 15 is the center of data processing of the present utility model and control command scheduling, in order to realize central management control.
Data encryption module 16 is connected with described central processing unit 15, in order to data are carried out encryption and decryption.
See also shown in Figure 2ly, storage card 2 comprises encrypted partition 21, non-encrypted subregion 22 and read-only subregion 23.
The input data are stored in the encrypted partition 21 with the ciphertext form after data encryption module 16 is encrypted, to its visit palpus authenticated password; 22 pairs of non-encrypted subregions are any addressable per capita, carry out data read and storage; Read-only subregion 23 internal memories contain a tool software, and the user moves this tool software on computers by behind the password authentication, can readjust the size of encrypted partition 21 and non-encrypted subregion 22.
Authentication module 12 is connected with described key management module 18, central processing unit 15, display screen 13 and keyboard 14 respectively, and it stores first ciphertext of the password information that shows user identity.Password to user's input carries out verification in use, confirms user identity, and the execution password is revised, operations such as password is locked, password release.
Described first ciphertext is first eap-message digest that authentication module 12 is carried out digest algorithm SHA-1 calculating back generation with the password of system's setting, and its length is 160 bits.The password that described system is provided with can be user password, the super password of system default, user password, super password that also can the person of being to use oneself setting.
Authentication module 12 also produces one second ciphertext, and described second ciphertext is that authentication module 12 uses the password of keyboard 14 inputs to carry out second eap-message digest that digest algorithm SHA-1 calculates the back generation user, and its length is 160 bits.Authentication module 12 compares first ciphertext and second ciphertext, if the two unanimity, then the user password authentication is passed through, otherwise the user password authentication is not passed through.By first ciphertext or second ciphertext, oppositely backstepping obtains user password, and this kind mode can effectively be protected the safety of password.
Key management module 18 is connected with authentication module 12 with described central processing unit 15, and it stores key information.Key management module 18 realizes key management functions on the sheet, comprises generation, storage, distribution, renewal, the destruction of key.In order fully to guarantee the security of key, the utility model adopts the two-stage key management mechanism: working key and protection key, described working key are the key that described data encryption module 16 is used when carrying out the encryption and decryption computing.Key management module 18 comprises a true Random Number Generator (not shown), and described true Random Number Generator is in order to produce described working key.Key management module 18 is obtained the protection key by authentication module 12,128 bit data of described protection key for extracting arbitrarily from described first eap-message digest (its length is 160 bits).The mode of extracting has multiple, not in order to limit protection domain of the present utility model.Key management module 18 adopts described protection key that working key is encrypted, and encrypts the back working key and only is stored in the key management module 18 with the ciphertext form.
In use; when the user passes through password authentication; key management module 18 adopts described protection key that the working key ciphertext of its storage inside is decrypted; thereby obtain the plaintext of working key; again working key is expressly sent to central processing unit 15, be transmitted to data encryption module 16 to carry out encryption and decryption by central processing unit 15.
Interface 19 carries out data communication in order to realize card reader 1 and subscriber's main station, realizes the input and output of data, and it can be existing data-interface, as USB interface; Card reader 1 gets final product by the USB interface that USB cable is connected to subscriber computer during use, need not to install any driving.
Described central processing unit 15, data encryption module 16, key management module 18 and authentication module 12 are arranged in the box body 11, and described display screen 13, keyboard 14, interface 17 and interface 19 are arranged on box body 11 surfaces.
The utility model is integrated with display screen 13 and keyboard 14, on mobile memory of the present utility model, can carry out operations such as password input, release, change password, the user is under the prompting of display screen 13, on this keyboard 14, enter password, need not by computing machine, thereby avoid password on calculating, to be intercepted and intercept and capture.
The user imports user password by the keyboard on the equipment 14, finishes the password verification in authentication module 12, and verification demonstrates corresponding status information by the LCD display on the equipment 13 after finishing.In the whole process of password authentication, password can not appear at device external, effectively protects the safety of password; And the storage and the verification of password realized in password with the form of ciphertext in authentication module.
See also shown in Figure 3ly, be the process flow diagram of the utility model user password verification, the step 30 of user password verification comprises:
After above-mentioned steps 304 was finished, authentication module 12 allowed the user that the data in the encrypted partition 171 are conducted interviews, and the user can be by the data in the interface 19 read-write encrypted partitions 171.After above-mentioned steps 304 was finished, the user can also change user password.
The flow process of the utility model super password verification and the checking process of user password are similar.
See also shown in Figure 4ly, for the user changes the process flow diagram of user password, it step that comprises is:
Step 402 is carried out the step 30 of user password verification, and is passed through password authentication;
Key management module 18 adopts former protection key that the working key ciphertext of its storage inside is decrypted, thereby obtains the plaintext of working key;
Key management module 18 obtains new protection key from the 3rd message digest value;
Key management module 18 adopts described new protection key that the plaintext of working key is encrypted, encrypting the back working key is stored in the key management module 18 with the ciphertext form, store the 3rd eap-message digest into authentication module 12 simultaneously, former first message stored summary is lost immediately, revises successfully by display screen 13 prompting user passwords;
The flow process of the utility model change super password is similar with the flow process of change user password.
See also shown in Figure 5ly, be the process flow diagram of release user password, it step that comprises is:
Step 501, the user uses the order of keyboard 14 input release user passwords;
Step 502 is carried out the super password verification, and by authentication;
Step 503, central processing unit 15 is by display screen 13 prompting release user password successes;
Step 504, it is the operation of default value that authentication module 12 is carried out the recovery user password:
Key management module 18 adopts former protection key that the working key ciphertext of its storage inside is decrypted, thereby obtains the plaintext of working key;
Authentication module 12 is carried out digest algorithm SHA-1 calculating according to the default value of user password, produces the 5th eap-message digest;
Key management module 18 obtains the protection key of acquiescence from the 5th message digest value;
Key management module 18 adopts the protection key of described acquiescence that the plaintext of working key is encrypted, encrypting the back working key is stored in the key management module 18 with the ciphertext form, store the 5th eap-message digest into authentication module 12 simultaneously, authentication module 12 original first message stored summaries are lost immediately;
Step 505, prompting user release user password is finished.
See also shown in Figure 6ly, be initialized process flow diagram again, it step that comprises is:
Step 602 is carried out the super password verification, and by authentication;
In initialized process, key management module 18 produces new working key, originally the ciphertext of preserving in the encrypted partition 21 in the storage card 2 can not be deciphered with new working key, therefore, if the user wishes to keep the data of original storage, then need before initialization operation, former storage data be derived, reinitialize.
See also shown in Figure 7ly, for readjusting the process flow diagram of subregion, it step that comprises is:
Step 701 is connected storer 2 with interface 17, read write line 1 is connected with computing machine;
Step 703 is moved the tool software in the read-only subregion 23 on computers, and the user regulates the capacity of encrypted partition 21 and non-encrypted subregion 22 in this software interface, carry out sectoring function then;
The utility model has the function of key management on authentication, data encryption and the sheet simultaneously, user's identity that can thoroughly solve common card reader and faced can't authenticate, the data stored in clear is easily leaked this two big safety problem, can prevent effectively that finally storage card from losing or be brought the data leak risk by illegal possessor's visit.In addition, the storage space of storage card can be divided into encrypted partition and non-encrypted subregion, non-encrypted subregion can be visited by Any user, and encrypted partition can only be visited by validated user, and each partition size can be adjusted voluntarily by the user, and is easy to use.
In addition, the storage card through this card reader was write can only come sense data by the card reader of the type, and the also necessary input right user of user password, and the card reader of other types can't be read the data of storage card.What also keep the generic storage card reader simultaneously and had need not to install advantages such as any driving.
More than be illustrative to description of the present utility model; and it is nonrestrictive; those skilled in the art is understood, and can carry out many modifications, variation or equivalence to it within spirit that claim limits and scope, but they will fall in the protection domain of the present utility model all.
Claims (7)
1. the ciphering type memory card read/write device based on password authentication is made up of read write line and storage card, it is characterized in that described read write line comprises:
One central processing unit is in order to realize central management control;
One first interface is used for described read write line and is connected with computing machine, realizes the output and the input of data;
One second interface is used for described read write line and is connected with storage card;
One keyboard is in order to input operation order and password;
One data encryption module is connected with described central processing unit, is used for data are carried out encryption and decryption;
One key management module is connected with described central processing unit;
One identity authentication module is connected with described central processing unit, key management module and keyboard respectively, and user's ID authentication information is authenticated;
Described storage card comprises an encrypted partition, and described encrypted partition is in order to the ciphertext of storage input data.
2. the ciphering type memory card read/write device based on password authentication as claimed in claim 1 is characterized in that described key management module has a true Random Number Generator, is used for producing working key.
3. the ciphering type memory card read/write device based on password authentication as claimed in claim 1, it is characterized in that, described read write line also comprises a box body, described central processing unit, memory module, data encryption module, key management module and authentication module are arranged in the described box body, and described keyboard and described first interface and second interface are arranged on described box surface.
4. the ciphering type memory card read/write device based on password authentication as claimed in claim 1 is characterized in that described read write line also comprises a LCD display, is arranged on described box surface, and the operation information of store status and execution is shown.
5. the ciphering type memory card read/write device based on password authentication as claimed in claim 1 is characterized in that described first interface is a USB interface.
6. the ciphering type memory card read/write device based on password authentication as claimed in claim 1 is characterized in that, described storage card be SD, miniSD, microSD, MMC, MMCmini, MMCmicro one of them.
7. the ciphering type memory card read/write device based on password authentication as claimed in claim 6 is characterized in that, described second interface adopts the interface standard with described storage card coupling.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009202463784U CN201590091U (en) | 2009-10-13 | 2009-10-13 | Encryption type memory card read/write device based on password authentication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009202463784U CN201590091U (en) | 2009-10-13 | 2009-10-13 | Encryption type memory card read/write device based on password authentication |
Publications (1)
Publication Number | Publication Date |
---|---|
CN201590091U true CN201590091U (en) | 2010-09-22 |
Family
ID=42749880
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2009202463784U Expired - Lifetime CN201590091U (en) | 2009-10-13 | 2009-10-13 | Encryption type memory card read/write device based on password authentication |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN201590091U (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102480353A (en) * | 2010-11-26 | 2012-05-30 | 航天信息股份有限公司 | Method of password authentication and secret key protection |
CN102567235A (en) * | 2011-12-29 | 2012-07-11 | 武汉市工程科学技术研究院 | Intelligent active anti-virus U disk based on partition authentication and anti-virus method of U disk |
CN102902903A (en) * | 2012-10-10 | 2013-01-30 | 山东中孚信息产业股份有限公司 | Electronic commerce intelligent password key with button and implementation method for electronic commerce intelligent password key |
CN103297399A (en) * | 2012-03-01 | 2013-09-11 | 董建飞 | Method and system for improving safety of intelligent secret key equipment |
WO2016065517A1 (en) * | 2014-10-27 | 2016-05-06 | 宇龙计算机通信科技(深圳)有限公司 | Method for setting encrypted storage area, apparatus for setting encrypted storage area, and terminal |
CN106897603A (en) * | 2017-03-10 | 2017-06-27 | 南方城墙信息安全科技有限公司 | Write the method and system of chip and initialization |
CN109672521A (en) * | 2018-12-26 | 2019-04-23 | 贵州华芯通半导体技术有限公司 | Safe storage system and method based on encription algorithms approved by the State Password Administration Committee Office engine implementation |
-
2009
- 2009-10-13 CN CN2009202463784U patent/CN201590091U/en not_active Expired - Lifetime
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102480353A (en) * | 2010-11-26 | 2012-05-30 | 航天信息股份有限公司 | Method of password authentication and secret key protection |
CN102567235A (en) * | 2011-12-29 | 2012-07-11 | 武汉市工程科学技术研究院 | Intelligent active anti-virus U disk based on partition authentication and anti-virus method of U disk |
CN102567235B (en) * | 2011-12-29 | 2015-01-21 | 武汉市工程科学技术研究院 | Intelligent active anti-virus U disk based on partition authentication and anti-virus method of U disk |
CN103297399A (en) * | 2012-03-01 | 2013-09-11 | 董建飞 | Method and system for improving safety of intelligent secret key equipment |
CN102902903A (en) * | 2012-10-10 | 2013-01-30 | 山东中孚信息产业股份有限公司 | Electronic commerce intelligent password key with button and implementation method for electronic commerce intelligent password key |
CN102902903B (en) * | 2012-10-10 | 2016-03-30 | 中孚信息股份有限公司 | A kind of ecommerce intelligent code key with button and its implementation |
WO2016065517A1 (en) * | 2014-10-27 | 2016-05-06 | 宇龙计算机通信科技(深圳)有限公司 | Method for setting encrypted storage area, apparatus for setting encrypted storage area, and terminal |
CN107077325A (en) * | 2014-10-27 | 2017-08-18 | 宇龙计算机通信科技(深圳)有限公司 | Encrypt storage region method to set up, encryption storage region and device and terminal are set |
CN106897603A (en) * | 2017-03-10 | 2017-06-27 | 南方城墙信息安全科技有限公司 | Write the method and system of chip and initialization |
CN106897603B (en) * | 2017-03-10 | 2019-11-08 | 南方城墙信息安全科技有限公司 | Write the method and system of chip and initialization |
CN109672521A (en) * | 2018-12-26 | 2019-04-23 | 贵州华芯通半导体技术有限公司 | Safe storage system and method based on encription algorithms approved by the State Password Administration Committee Office engine implementation |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN201590091U (en) | Encryption type memory card read/write device based on password authentication | |
CN101562040B (en) | Data processing method of high-security mobile memory | |
CN101650693B (en) | Security control method for mobile hard disk and security mobile hard disk | |
US7861015B2 (en) | USB apparatus and control method therein | |
CN100533459C (en) | Data safety reading method and safety storage apparatus thereof | |
CN102156843B (en) | Data encryption method and system as well as data decryption method | |
CN101685425A (en) | Mobile storage device and method of encrypting same | |
CN201518127U (en) | Encrypted mobile memory based on password authentication | |
CN101008974A (en) | Protection method and system of electronic document | |
CN102136048A (en) | Mobile phone Bluetooth-based ambient intelligent computer protection device and method | |
CN103701757A (en) | Identity authentication method and system for service access | |
CN101795450A (en) | Method and device for carrying out security protection on mobile phone data | |
CN103684786A (en) | Method and system for storing digital certificate and binding digital certificate to hardware carrier | |
CN103294969A (en) | File system mounting method and file system mounting device | |
CN106789024A (en) | A kind of remote de-locking method, device and system | |
CN201185082Y (en) | Mobile memory with high safety | |
CN109903052A (en) | A kind of block chain endorsement method and mobile device | |
CN102662874B (en) | Double-interface encryption memory card and management method and system of data in double-interface encryption memory card | |
CN101866411A (en) | Security certification and encryption method and system of multi-application noncontact-type CPU card | |
CN206515828U (en) | The data storage device of safety encryption | |
CN105303093A (en) | Token verification method for cryptographic smart token | |
CN103596175A (en) | Mobile intelligent terminal certification system and method based on near field communication technology | |
CN101127013A (en) | Enciphered mobile storage apparatus and its data access method | |
CN201742425U (en) | Non-contact type CPU card multi-application security authentication and encryption system | |
CN102270182B (en) | Encrypted mobile storage equipment based on synchronous user and host machine authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CX01 | Expiry of patent term |
Granted publication date: 20100922 |
|
CX01 | Expiry of patent term |