KR100481672B1 - Card having a secret code and system using it - Google Patents

Abstract

The present invention stores the user's fingerprint information on a card with encryption information embedded therein, and when the user wants to use the card, the first authentication procedure through the encrypted information in the card and the user's input to the fingerprint authentication device. An object of the present invention is to provide an authentication system using a card with encryption information for performing a second authentication procedure for comparing fingerprint information with fingerprint information stored in the card. To this end, the present invention is an authentication system using a card with embedded encryption information, the card 10 is embedded with the encryption information is encrypted by combining the unique information of the card and the user information, or the card 10 embedded with the biometric information with the encryption information ; A user authentication device 20 for reading the encryption information stored in the card and performing a first authentication procedure; And a system control device 40 for controlling the operation of the system according to the authentication result of the user authentication device.

Description

Card with encryption information and authentication system using same {CARD HAVING A SECRET CODE AND SYSTEM USING IT}

The present invention relates to a card embedded with encryption information and an authentication system using the same.

As the scope of economic activities expands and science and technology develop, demand for various types of cards such as credit cards, access cards, and transportation cards is increasing day by day. These cards can be separated according to their purpose and function.The non-contact smart card, the contact smart card, the RF card, and the magnetic film using the information of the magnetic film and various barcodes are printed. The barcode information can be read with a reader and used as a card.

On the other hand, as the use of such cards increases, there are cases where illegal copies of other people's cards are used, and access control systems or financial transaction systems are illegally used by using the illegal copy cards. It is causing a big problem.

In other words, the security method used in the current access control system is user information that cannot be determined by theft, loss or duplication such as magnetic card, IC card, RF proximity card, etc. paid for each individual (primary security information). In most cases, the second security information is a level that confirms the user's existence only by confirming the password through the keypad. There is a problem in that the system cannot be secured if the card is lost or the password is exposed. .

In particular, when the card is used, a method of simply storing the user's identification code in the memory of the card is used, and thus, when the user's card is stolen or lost, the user's identification code is easily exposed and its duplication is easy.

On the other hand, in recent years, the development of authentication systems using biometric information has been actively performed, and in particular, the development of authentication systems using fingerprint information is also being made.

Hereinafter, the problem will be described by taking an access control system as an example among various conventional authentication systems using the card and fingerprint information.

That is, in the conventional access control system, the fingerprint information of most users is stored in a centrally located memory. In addition, since the personal fingerprint data is used without being encrypted, the personal fingerprint may be hacked, and the simple card unique number is used as the access ID, thereby limiting the information expression. In addition, even if it takes about 20 minutes to send 1000 fingerprints registered to a PC to a single terminal, there is a problem that a very long time of 200 minutes is required when sending to 10 terminals. In addition, if there are 50 terminals, the calculation is about 1000 minutes. If the data line is lost or lost due to different paths, there is a problem that the data error rate, authentication error rate, and the like increase.

In addition, there is a problem that the material is wasted in administrative and social aspects by increasing the number of cards of the individual due to the issue of access control card.

In addition, when the individual fingerprints are registered using the fingerprint module, the primary encryption is performed in the fingerprint module, but ultimately, there is a fear of hacking by using 485 communication or 422 communication when registering the terminal. That is, although the encryption is actually used fingerprint data, there is a problem that the personal information can be exposed in a defenseless state.

In addition, since the conventional access control system uses a centralized system, it is difficult to construct an independent modularity. In other words, the fingerprint data should be stored in the memory of the PC or fingerprint authentication terminal and connected to expensive equipment by connecting to LAN or communication line. The problem is that it can affect the whole system.

In addition, when decorating the system in conjunction with the card, the trouble of storing the card ID separately and fingerprint data, fingerprint ID separately and the time-consuming procedure of registering in each slave terminal may be a problem.

In addition, the current fingerprint recognition system is composed of artificial, so if you know the system can be used by others. That is, since the system is physically configured, there is a problem in that it is possible to enter a secured place without receiving other sanctions by simply registering his fingerprint information on the terminal or the system.

The present invention is to solve the above-mentioned conventional problems, the card with a built-in encryption information to prevent duplication of the card by encrypting the serial number and user information determined for each card at the time of the card production together and stored in the card The purpose is to provide.

It is still another object of the present invention to store a user's fingerprint information on a card with embedded encryption information as described above, and, if the user wants to use the card, a first authentication procedure through encrypted information in the card; An object of the present invention is to provide an authentication system using a card with encryption information for performing a second authentication procedure for comparing a fingerprint information of a user input to a fingerprint authentication device with fingerprint information stored in the card.

In the present invention for achieving the above object, in the authentication system using a card with embedded encryption information, the encryption information that is encrypted by combining the unique information and the user information of the card is embedded or the biometric information is embedded with the encryption information Card 10; A user authentication device 20 for reading the encryption information stored in the card and performing a first authentication procedure; And a system control device 40 for controlling the operation of the system according to the authentication result of the user authentication device.

In addition, the present invention provides a card in which encryption information is embedded, comprising: a serial number storage unit (11) for storing unique information (serial number) of the card as read only; And an encryption information storage unit 12 for storing the encrypted information XORed by combining the unique information of the card and the information of the user who wants to use the card as read-only.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a block diagram of an embodiment of an authentication system using a card with encryption information according to the present invention. In addition, Figure 2a is an exemplary view showing the internal structure of a card embedded with encryption information according to the present invention, Figure 2b is a flow chart of an embodiment of a method for generating encryption information applied to the present invention, Figure 2c 1 is a flowchart of a method of recording biometric information applied to a card.

As shown in the figure, an authentication system using a card with embedded encryption information according to the present invention includes a card 10 (hereinafter simply referred to as a "card") in which biometric information is embedded together with encryption information or encryption information, User authentication device 20 for reading the information stored in the card to perform the authentication procedure, and receives the biometric information of the card user for performing the authentication procedure for the biometric information and for transmitting the authentication result to the user authentication device It includes a biometric information authentication device 30 and a system control device 40 for controlling the various systems to receive the information that the user authenticated as a normal user from the user authentication device.

First, the card 10 will be described.

Cards according to the present invention can be divided into two types. First, encrypted serial number and user information (user ID, social security number, department, position, balance information in case of transportation card and telephone card) (hereinafter simply referred to as "user information") are encrypted and stored. There are two types of cards, and secondly cards that store the user's biometric information in addition to the encrypted information. On the other hand, the cards use a method of embedding personal fingerprint data using a frequency of 13.56MHz in the smart card.

The first card may be used for a traffic card, a telephone card, and an access control system (corresponding to the control device 40 of FIG. 1). In other words, the user information is not simply stored, but is encrypted and stored together with the unique serial number of the card, and it is not easy to leak user information by another person. The replication of is not available.

The second card is a card for use in a system requiring more security, and may be used in an access control system or a financial transaction system (corresponding to the control device 40 of FIG. 1) requiring extreme security maintenance.

The card may use various types of cards equipped with a memory for storing the information. Hereinafter, the RF card will be described as an example. The cards will be described in detail with reference to FIGS. 2A, 2B, and 2C as follows.

That is, in the card 10, card serial numbers of different 4-bytes given for each card at the time of manufacture of the card are stored in the serial number storage unit 11 as read-only.

On the other hand, when the user wants to use the card 10, the user information input device (the user authentication device 20 can also be used as a user information input device) (hereinafter the same) to the information of the user (hereinafter specifically the user As the information, a 4-byte user ID consisting of 8 digits will be described as an example). At this time, the 4-byte card serial number stored in the serial number storage unit 11 of the card is read (204). ). At this time, a 4-byte user code is generated with an 8-digit user ID (206). Next, after generating the encryption code using the unique key value of the serial number 4byte and the user ID 4byte (208), and generates the final encryption code (encryption information) by XORing the generated encryption code 4byte and the serial number 4byte ( 210). The generated encryption information is again stored in the encryption information storage unit 12 of the card through a user information input device.

That is, the encryption information storage unit of the encryption code 4 bytes generated by encrypting the user information used in the user authentication device 20 and 4 bytes of the unique serial number 4 byte of the card 10 with an encryption code generation algorithm. Save to (12).

In this case, the biometric information of the user together with the encryption information may be stored in the biometric information storage unit 13 as read-only. In this case, the stored biometric information may be fingerprint information, iris information, and the like. The biometric information (hereinafter, the fingerprint information will be described as an example) will be described with reference to FIG. 2C. I will explain. In this case, the overlapping portion of the encryption code generation process will be described briefly.

That is, after receiving the user ID 252 and the biometric information 254 and receiving the card serial number from the card 10 (256). At this time, it is checked whether data is normally received from the card (256). When receiving normally, the encryption code is generated by the method described above (260), and the generated encryption code and biometric information is recorded on the card 10 (262). In this case, it is determined whether the encryption code and the biometric information are normally recorded on the card (264).

On the other hand, Figure 2a is an internal structure of the card embedded with the encryption information according to the present invention, as shown in the figure 1 block has 16 bytes, 1 sector has 4 blocks. That is, 16 (byte) * 4 (block) * 16 (sector) = 1024 bytes, that is, 1 Kbyte memory. However, the third block of each sector allows the encryption key to be used, so the range that can actually write data is 752 bytes. Since the fingerprint data is 400 bytes in total, the manufacturer block is written in the 0th sector and the 1st and 2nd blocks are used.Then, the 1st sector is used to write the fingerprint data using the 0, 1, 2nd blocks and the 8th in turn. The fingerprint data was written up to the sector. Each sector has a cryptographic key block called sector trailer, so if you write a cryptographic key and issue a card, you can only read / write the card issued by the user, but you cannot use any other card. On the contrary, when a card is entered in the area of the user authentication device 20 when the card is read, the data is sent to the biometric information authentication device 30 through real-time authentication after reading a total of 400 bytes after mutual authentication with the encryption key of each sector. . In addition, the card ID is 3byte issued by the user, and the 3byte is encrypted by 4byte.Then, the card's unique number and the 4bytes obtained by Xor are written to the card. Decrypt the 4 bytes from Xor by the card unique number and Xor is sent to the control device 40 to come out as 3 bytes to receive the access permission.

The method of recording user information (4 bytes) and biometric information on the card 10 includes inputting user information for each individual through user registration software and receiving biometric information of each individual through a biometric device. Then, it is stored in the computer (or the storage unit 22 of the user authentication device) (hereinafter the same). Next, the serial number (4 bytes) of the card 10 is read through the card reader (or the transmitting / receiving unit 21 of the user authentication device) (hereinafter identical) and stored in the computer.

Generate a check-sum (1 byte) with user information (4 bytes) and encrypt it using a unique encryption code generation algorithm with a serial number (4 bytes). XOR of the serial number again to generate the final encryption code (4 bytes), and then use the generated code code (4 bytes) to write the card writer (or the transmitter / receiver 21 of the user authentication device) Read-only stored in the encrypted information storage unit 12 of the card 10 through.

The fingerprint information is stored in the biometric information storage unit 13 of the card 10 as a read-only through a card writer.

Meanwhile, in storing fingerprint information, fingerprint data is stored for each sector, but encryption is performed by providing an encryption key block for each sector. That is, after extracting the feature points of the fingerprint and encrypting it first, the second encryption is performed when storing them in the card.

Next, the user authentication apparatus 20 will be described.

As shown in the figure, the user authentication apparatus 20 applied to the present invention includes a card 10 having encryption information embedded therein, a transceiver 21 for exchanging encrypted information and biometric data, user information and various Storage unit 22 for storing and managing application programs, biometric information interface 24 for interfacing with biometric information authentication device 30, system control device for performing the functions of access control (or financial transactions, etc.) When the user authentication result is input from the biometric information authentication device 30 while performing the first authentication procedure using the control interface 25 for communicating with the 40 and the encrypted information received through the transmission and reception unit, the control accordingly It is configured to include a control unit 23 for transmitting a command to the system control device 40 via the control interface 25.

The function of the user authentication device 20 can be largely divided into two.

That is, as a process of authenticating encrypted user information, when the card 10 enters a communication area with the transceiver 21, it is checked whether the card is a duly issued card, receives an request procedure, and then performs anticollision. After the card is selected, the first authentication procedure is performed by determining whether the encryption information stored in the storage unit 22 and the encryption information input through the card 10 match through an encryption authentication method using mutual symmetric keys. At this time, the user authentication apparatus 20 reads 4 bytes, xor the card with the unique number, and decrypts the original 4 bytes of user information.

Next, after reading 16 bytes of the 400 bytes of fingerprint data, the fingerprint information is decoded by the above method, and then the fingerprint data is sent to the biometric information authentication device 30 and the fingerprint information input through the biometric information authentication device 30. Compared to the second server, the second authentication procedure is performed. At this time, the time to read the fingerprint of the individual through the transceiver 21 takes up to about 1.5 seconds.

That is, the user authentication device 20 performs the first authentication procedure by analyzing whether the card itself has been copied using an encryption key, and sends the fingerprint data transmitted from the card to the biometric information authentication device 30. 2 While the authentication process is performed, the authentication result is received and finally, the authentication process for the user is performed.

When it is determined that the final authentication procedure result is normal, the normal authentication result is transmitted to the system controller 40 to perform a unique function of the system controller. At this time, the system control device 40 may be an access control system and a financial transaction system as described above.

3A and 3B are circuit diagrams of an embodiment of a user authentication apparatus 20 according to the present invention, and FIGS. 3A and 3B are connected through A and B lines. 4A to 4H are detailed circuit diagrams applied to the present invention, which are detailed circuit diagrams included in the user authentication apparatus 20 and the biometric information authentication apparatus 30.

That is, U1 of FIG. 3A is a main 16-bit cpu, which corresponds to the controller 23 of FIG. 1, U2 is Flash Rom, and U3 is RAM, which corresponds to the storage unit 22 of FIG. 1. In addition, U5 shown in FIG. 3B is an RF CHIP for TX and RX data in the RF CARD, and corresponds to the transceiver 21 of FIG. 1, and U6 is a chip that sets a terminal address.

In addition, U7 shown in FIG. 4A and FIG. 4H is a chip which resets a CPU, U8 is a 232 chip which sends DATA to a PC, and U9 is a 485 chip which transmits DATA to the system controller 40. As shown in FIG. In addition, U10 is a power supply chip, JS1 chip is a connector that connects the antenna and LED. In addition, J2 is a connector to connect the fingerprint recognition module, J3 is a communication connector, J1 is a main connector (external power and communication).

That is, when the power is supplied through J1, the CPU is operated by the U7 RESET chip and the START program command programmed in U2 is started. Once the program is running, the U5's RF chip is activated to continuously check if the card is in range. If the card containing the encrypted fingerprint data enters the area, 400BYTE is read and sent to the biometric information authentication device 30. At this time, the biometric information authentication device 30 receives this signal, captures and compares the fingerprint of the user currently wearing the card 10, and transmits the authentication information to the user authentication device 30. Meanwhile, the user authentication device 20 combines the authentication result performed by decrypting the encrypted 4BYTE of the card and the authentication information result transmitted from the biometric information authentication device 30, and the user authentication information according to the system control device. The system controller 40 performs the corresponding function.

FIG. 5A is a flowchart illustrating an authentication method using a card with embedded encryption information applied to the present invention, and illustrates an operation of an authentication system using a card with embedded encryption information shown in FIG. 1. FIG. 5B is a flowchart illustrating an example of a process of decrypting an encryption code in an authentication method using an embedded card with encryption information applied to the present invention. Particularly, a first authentication procedure using the encryption information illustrated in FIG. 5A is performed. It shows the encryption code decryption process performed in detail. On the other hand, in the card 10 to be described below, the information encrypted by the methods described above and the fingerprint information of the user are already stored.

First, the transceiver 21 of the user authentication device 10 reads the encryption information stored in the card 10, extracts user information using a unique encryption code decryption algorithm, and compares and retrieves the user information with a previously stored access permission. In step 502, the first authentication operation for the access attempt is performed. At this time, the process of extracting the user information (user ID) using the encryption code decryption algorithm of the process is shown in Figure 5b.

That is, the serial number 4 bytes and the encryption code (encryption information) 4 bytes are read from the card 10 through the transceiver 21 (521), and the serial number 4 bytes and the encryption code 4 bytes are XORed (522). Next, when the decryption algorithm is performed using the encryption code 4 bytes generated by the XOR and the unique key value (523), an 8-digit user ID (user information) is generated from the decryption code of 4 bytes (524).

At this time, the biometric information (fingerprint information) (hereinafter identical) stored in the biometric information storage unit 13 is read and transmitted to the biometric information authentication device 30 (504).

Meanwhile, when the first authentication task is completed or at the same time, the biometric information authentication device 30 receives the biometric information of the user (506).

The biometric information authentication device 30 performs a second authentication procedure by comparing and analyzing the input biometric information and the user biometric information received from the user authentication device 20 (508).

The biometric information authentication device 30 transmits the result of the second authentication procedure to the user authentication device 20 (510).

The user authentication apparatus 20 performs a final user authentication procedure using the first authentication procedure result and the second authentication procedure result (512). That is, if any one of the two authentication procedures is not normal authentication, the user is not a normal user, and authentication of the user is completed only when all of the two authentication procedures are normally determined.

That is, if it is determined that the user is a normal user as a result of the final user authentication procedure, the user authentication apparatus 20 transmits the corresponding authentication result to the system control apparatus 40, and the system control apparatus performs the corresponding operation, that is, opening and closing of the door and finance. The transaction will proceed (514).

In other words, the present invention can be said to be a "portable database" concept that can be used for payment settlement, personal authentication, access security by storing the fingerprint information of the individual in the card.

On the other hand, in the case of a card in which only the serial number and user information of the card are encrypted, the system control device 40 operates according to the result after performing only the first authentication procedure.

6A and 6B are diagrams illustrating one embodiment of a basic code and an encryption code generation algorithm required for generating an encryption code applied to the present invention, and FIG. 6A illustrates basic code values required for an encryption code generation process. 6b shows an example of a program used for the encryption code generation method.

The present invention is not limited to the embodiments described above, and various modifications and changes can be made by those skilled in the art, which are included in the spirit and scope of the present invention as defined in the appended claims.

The present invention as described above has an excellent effect of preventing the duplication of the card by storing the encrypted information by combining the unique information of the card and the user's information.

In addition, the present invention has an excellent effect that can maximize the efficiency of the security system by performing two times the authentication process using the encrypted information and biometric information.

That is, when the present invention is used in the access control device, by reading the serial number and encryption code from the card of the access attempter and extracting the user information using the encryption code decryption algorithm, first determine whether the card of the access attempt is a duplicate card (First authentication procedure), in the case of non-duplicate cards, by comparing the biometric information stored in the card with the biometric information input through the biometric information input device (second authentication procedure) to determine whether the door is opened or closed, Theft, duplication, etc. have an excellent effect of controlling the entry of non-licensed persons in the control area.

1 is a block diagram of an embodiment of an authentication system using a card embedded with encryption information according to the present invention.

Figure 2a is an exemplary view showing the internal structure of a card embedded with encryption information according to the present invention.

Figure 2b is a flow diagram of one embodiment of a method for generating encrypted information applied to the present invention.

Figure 2c is a flow diagram of one embodiment of a method for recording biometric information on a card applied to the present invention.

Figure 3a and 3b is a circuit diagram of an embodiment of a user authentication device applied to the present invention.

4A to 4H are detailed circuit diagrams applied to the present invention.

Figure 5a is a flow diagram of an embodiment of an authentication method using a card with encryption information applied to the present invention.

Figure 5b is a flow diagram of an embodiment of the process of decrypting the encryption code of the authentication method using a card with encryption information applied to the present invention.

6A and 6B illustrate an embodiment of a basic code and an encryption code generation algorithm required for a process of generating an encryption code applied to the present invention.

Claims (4)

In an authentication system using a card with embedded encryption information, A card 10 in which encryption information for encrypting and XORing the unique information and the user information of the card is embedded or a plurality of encrypted biometric information is embedded together with the encryption information; A user authentication device 20 for reading the encryption information stored in the card and performing a first authentication procedure; A system controller 40 for controlling the operation of the system according to the authentication result of the user authentication apparatus; And The biometric information input from the user and the biometric information read and transmitted from the card by the user authentication device 20 are compared and analyzed to perform a second authentication procedure, and then the result is transmitted to the user authentication device 20. It includes a biometric information authentication device 30 for If it is determined that the first authentication result and the second authentication result are normal users, the user authentication device 20 transmits user authentication information to the system control device 40 to allow the system control device 40 to operate the system. Control Authentication system using a card with embedded encryption information, characterized in that. delete In the card with the encryption information, A serial number storage unit 11 for storing unique information (serial number) of the card as read-only; An encryption information storage unit 12 for storing read-only encryption information obtained by encrypting and XORing the unique information of the card and information of a user who wants to use the card; And Biometric information storage unit 13 for storing a plurality of encrypted user biometric information as read-only Card containing encryption information embedded. delete