KR101128225B1 - System for Authenticating Electronic Record Device - Google Patents

Abstract

The present invention relates to an electronic recording device authentication system, and an electronic recording device authentication system according to the present invention includes: transmission means for transmitting a predetermined script (or a plug-in or program) to a terminal device connected to the electronic recording device; When the terminal device extracts or receives predetermined electronic recording device authentication information from the electronic recording device using the script (or a plug-in or program), and then transmits the receiving means and the received device authentication information, In the case of the encryption process, the decryption process is performed through a predetermined decryption method (or decryption algorithm) corresponding to the encryption method (or encryption algorithm) processed in the device authentication information, and the validity of authenticating the validity corresponding to the device authentication information. Authentication means.

Electronic record, web server, USB device

Description

Electronic record device authentication system {System for Authenticating Electronic Record Device}

1 is a diagram illustrating a configuration of an electronic recording device authentication system according to an exemplary embodiment of the present invention.

2 is a block diagram illustrating device components of an electronic recording apparatus according to an embodiment of the present invention.

3A and 3B illustrate an interface structure between a controller and an IC chip of an electronic recording apparatus according to an exemplary embodiment of the present invention.

4 is a diagram illustrating a functional block of an electronic recording apparatus according to an embodiment of the present invention.

5A and 5B illustrate simple functional block diagrams of a USB compatible device according to an embodiment of the present invention.

6 is a diagram illustrating a data packet structure for memory identification and data writing, reading, and erasing according to an embodiment of the present invention.

7 is a diagram illustrating a data packet structure including device authentication information according to an embodiment of the present invention.

8 is a diagram illustrating a method for encrypting and transmitting device authentication information by a symmetric key (or secret key) method in an electronic recording apparatus according to an exemplary embodiment of the present invention.

9 is a diagram illustrating a method of decrypting device authentication information encrypted and received by a server and / or a terminal on a network in a symmetric key (or secret key) manner according to an embodiment of the present invention.

 10 is a diagram illustrating a method for encrypting and transmitting device authentication information in a public key infrastructure structure in an electronic recording apparatus according to an embodiment of the present invention.

11 is a diagram illustrating a method for decrypting device authentication information encrypted and received by a server and / or a terminal on a network according to an embodiment of the present invention using a public key infrastructure.

12 is a diagram illustrating a method for encrypting and transmitting device authentication information in an electronic envelope method in an electronic recording apparatus according to an embodiment of the present invention.

FIG. 13 is a diagram illustrating a method for decrypting device authentication information encrypted and received by a server and / or a terminal on a network according to an embodiment of the present invention by an electronic envelope method.

14 is a diagram illustrating a method for encrypting and transmitting device authentication information in a key exchange method in an electronic recording apparatus according to an embodiment of the present invention.

FIG. 15 is a diagram illustrating a method of decrypting device authentication information encrypted and received by a server and / or a terminal on a network according to an embodiment of the present invention using a key exchange method.

16 is a diagram illustrating an electronic recording device initialization process according to an exemplary embodiment of the present invention.

17 is a diagram illustrating an electronic recording device authentication process according to an embodiment of the present invention.

18 is a diagram illustrating an electronic recording device authentication process according to another embodiment of the present invention.

<Description of main parts of drawing>

400: USB communication unit 405: packet transceiver

410: token packet processing unit 415: packet processing unit

420: packet extraction unit 425: packet generation unit

430: command reading unit 435: address processing unit

440: data processing unit 445: state processing unit

450: memory controller 455: memory input / output unit

460: information generating unit 465: password processing unit

470: IC chip processing unit 475: information extraction unit

The present invention provides a transmission means for transmitting a predetermined script (or a plug-in or program) to a terminal device connected to an electronic recording device, and from the electronic record device using the script (or a plug-in or program) in the terminal device. Receiving means for receiving and transmitting predetermined electronic record device authentication information after transmission, and if the received device authentication information is encrypted, an encryption method (or an encryption algorithm) processed in the device authentication information. The present invention relates to an electronic recording device authentication system including a validity authentication means for decrypting through a predetermined decryption method (or decryption algorithm) corresponding to the data, and validating the validity corresponding to the device authentication information.

An object of the present invention for solving the problem, the transmission means for transmitting a predetermined script (or plug-in, or program) to the terminal device connected to the electronic recording device, and the script (or plug-in or program) in the terminal device Extracts or receives predetermined electronic record device authentication information from the electronic record device using a) and transmits the received device authentication information to the device authentication information when the receiving means and the received device authentication information are encrypted. An electronic record apparatus authentication system including a validity authentication means for decrypting through a predetermined decryption method (or decryption algorithm) corresponding to a predetermined encryption method (or encryption algorithm) and authenticating the validity corresponding to the device authentication information; In providing.

The electronic recording device authentication system according to the present invention includes a transmission means for transmitting a predetermined script (or a plug-in or a program) to a terminal device connected to the electronic recording device, and the script (or a plug-in or a program) in the terminal device. After extracting or receiving predetermined electronic recording device authentication information from the electronic recording device using the transmission apparatus, the receiving means for receiving the transmission information and the received device authentication information are processed to the device authentication information. And a validity authentication means for decrypting through a predetermined decryption method (or decryption algorithm) corresponding to the present encryption method (or encryption algorithm), and authenticating the validity corresponding to the device authentication information.

The electronic record apparatus authentication system according to the present invention is characterized in that it further comprises a service providing means for providing the electronic record apparatus related service to the terminal device in response to the validity authentication result of the validity authentication means.

Hereinafter, with reference to the accompanying drawings and description will be described in detail the operating principle of the preferred embodiment of the present invention. However, the drawings and the following description shown below are for the preferred method among various methods for effectively explaining the features of the present invention, the present invention is not limited only to the drawings and description below. In addition, in the following description of the present invention, if it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted. In addition, terms to be described below are terms defined in consideration of functions in the present invention, which may vary according to a user's or operator's intention or custom. Therefore, the definition should be based on the contents throughout the present title.

In addition, preferred embodiments of the present invention to be carried out below are provided in each system functional configuration to efficiently describe the technical components constituting the present invention, or system functions that are commonly provided in the technical field to which the present invention belongs. The configuration will be omitted, and described mainly on the functional configuration to be additionally provided for the present invention. If those skilled in the art to which the present invention pertains, it will be able to easily understand the function of the components that are conventionally used among the omitted functional configuration not shown below, and also the configuration omitted as described above The relationship between the elements and the components added for the present invention will also be clearly understood.

In addition, the following examples will be used to appropriately modify the terms so that those skilled in the art to clearly understand the technical features of the present invention to effectively understand, but the present invention It is by no means limited.

As a result, the technical spirit of the present invention is determined by the claims, and the following examples are one means for efficiently explaining the technical spirit of the present invention to those skilled in the art to which the present invention pertains. It is only.

Web interface unit 105 is a diagram showing the configuration of the electronic recording device authentication system according to an embodiment of the present invention.

In more detail, the electronic record authenticator 120 includes an end-to-end communication between the electronic record device 130 having a predetermined universal serial bus (USB) interface and a server and / or a terminal provided on a network. End) The authentication system configuration, specifically, the server and / or terminal provided on the network to provide a predetermined electronic record-related web service to at least one or more USB-compatible device 135 having the USB communication interface In the case of the web server 100, the web server 100 implements a system configuration for authenticating the validity of the electronic recording device 130 having the USB communication interface through the USB device 135. It is shown.

Those skilled in the art to which the present invention pertains may refer to and / or modify this drawing 1 to use the electronic recording device 130 through the USB-compatible device 135 in a server and / or terminal on a network. Various implementation methods of authenticating may be inferred, but the present invention includes all implementation methods inferred above and is not limited to the implementation method shown in FIG.

For example, those skilled in the art to which the present invention pertains, the web server 100 shown in Figure 1 is an implementation method corresponding to a relay server for relaying at least two or more terminals for the exchange of electronic records, and And / or an implementation method corresponding to at least one or more terminals in which the web server 100 is connected to the USB-compatible device 135 via a predetermined P2P network for electronic music exchange, and / or the USB-compatible device 135 Is a wireless terminal connected to a code division multiple access (CDMA) based mobile communication network, the web server 100 corresponds to a server on the mobile communication network, and / or the USB device 135 is an IEEE In the case of a portable Internet terminal connected to an 802.16x-based high-speed wireless Internet, an implementation method in which the web server 100 corresponds to a server on the high-speed wireless internet, and / or the USB compatible device 135 may include a motor In the case of a wireless data communication network based on ola's DataTAC method or Erricson's Mobitex method, the web server 100 may infer an implementation method corresponding to a server on the wireless data communication network. It includes all the methods, it is not limited to the embodiment shown in FIG.

The electronic record device 130 stores at least one digitized sound source data on a memory of a USB device having a predetermined USB connector, a controller, and a memory, and then the controller controls the USB connector to store the data. By providing at least the sound source data stored in the memory to the USB-compatible device 135, the USB-compatible device 135 to reproduce the sound source data, a preferred embodiment of the electronic recording device 130 Will be described in detail with reference to FIG.

The USB compatible device 135 includes at least one USB (Universal Serial Bus) connector, a USB system program (eg, a USB drive program, a host driver program) and / or a USB application program. A connector is interfaced with the electronic recording device 130. A preferred embodiment of the USB compatible device 135 will be described in detail with reference to FIGS. 5A and 5B.

In addition, the USB-compatible device 135 may reproduce at least one or more of the USB application program to output the sound source data in order to reproduce at least one or more sound source data provided from the electronic recording device 130 It is characterized by including a sound source application program.

In addition, the USB-compatible device 135 is at least one or more of the USB application to authenticate the electronic recording device 130 through the USB-compatible device 135 in a server and / or terminal on the network in accordance with the present invention The application program is characterized in that it comprises a communication program for communicating with the server and / or the terminal on the network through a predetermined communication channel.

According to an embodiment of the present invention, the USB device 135 may include at least one USB connector, a personal computer (PC) having a USB system program and / or a USB application program, and / or a laptop. It is preferable to include at least one wired terminal.

In addition, the USB device 135 may include at least one USB connector, a portable terminal such as a personal digital assistant (PDA) and / or a portable multimedia player (PMP) having a USB system program and / or a USB application program. It is preferable to include one or more.

In addition, the USB-compatible device 135 includes at least one USB connector, a USB system program and / or a USB application program, and is connected to a CDMA-based mobile communication network and / or IEEE 802.16x-based high-speed wireless. At least one wireless terminal such as a portable Internet terminal connected to the Internet and / or a wireless data communication terminal connected to a DataTAC / Mobitex-based wireless data communication network is preferably included.

In addition, the USB device 135 may include at least one or more USB connectors, at least one home sound source output device having a USB system program and / or a USB application program, a portable sound source output device, and a vehicle sound source output device. It is preferable to comprise as mentioned above.

FIG. 1 corresponding to a web server 100 in which a server and / or a terminal provided on the network provide a predetermined electronic recording related web service to at least one or more USB devices 135 having the USB communication interface. In the embodiment shown in Figure 1, the web server 100 is a web server 100 that provides a web service for selling a new electronic record to the electronic record device 130 through the USB-compatible device 135, And / or a web server 100 for providing a web service for returning at least one sound source data provided in the electronic recording device 130, and / or at least one or more provided in the electronic recording device 130. A web server 100 that provides a web service for exchanging sound source data with another electronic recording device 130, and / or a sound of a medium different from the electronic recording device 130 through the USB compatible device 135; It may be a web server 100 that provides a web service for exchanging at least one or more sound source data with a class (for example, a mobile phone and / or MP3 player), the present invention is not limited by a specific electronic record-related web service .

In addition, in the embodiment illustrated in FIG. 1, the web server 100 provides a web server 100 that provides a membership service and / or a community service between at least one customer owning the electronic recording device 130. In this case, the electronic recording device 130 may perform a function of an authentication means for membership and / or community member authentication, and the present invention is not limited thereto.

Referring to FIG. 1 according to an embodiment of the present invention, a communication channel is connected to the USB-compatible device 135 through a predetermined network to authenticate the electronic recording device 130 through the USB-compatible device 135. The web server 100 connects a communication channel between the USB-compatible device 135 and a predetermined web communication protocol, and provides a web page corresponding to the web communication protocol to the USB-compatible device 135; And / or a web interface unit 105 for receiving predetermined information (or data) corresponding to the web page from the USB compatible device 135 and a predetermined USB device to be provided to the USB compatible device 135 to which the communication channel is connected. A web page detects at least one electronic record device 130 connected to the USB compatible device 135 by interlocking with at least one USB controller provided in the USB compatible device 135, and records the electronic record. chapter A predetermined script (and / or plug-in) for extracting and / or generating and / or encrypting predetermined device authentication information using the device 130 and then transmitting it to the web server 100 via the network. And / or a web page operating unit 110 provided to the USB-compatible device 135 via the web interface unit 105, and / or the USB-compatible device 135 receiving the web page. An information receiving unit 115 for receiving predetermined device authentication information corresponding to the electronic recording device 130 and an electronic recording authentication unit 120 for authenticating the validity of the device authentication information are provided.

In addition, the web server 100 is stored in association with at least one web page source and / or web content source for the web page operation unit 110 to generate the web page, and / or in the web page A web source D / B for storing at least one or more scripts (and / or plug-ins, and / or client programs) to be provided to the USB-compatible device 135, and / or with the web source D / B. It characterized in that the linkage process.

According to the embodiment of the present invention, the authentication information D / B is the electronic record authentication unit 120 is generated from the electronic record device 130 to the information receiving unit 115 through the USB-compatible device 135 It is preferable to further store predetermined electronic record authentication information for authenticating the received device authentication information. According to an embodiment, the electronic record authentication information may be stored in a separate database in addition to the authentication information D / B. .

In addition, after the web server 100 authenticates the electronic record device 130 according to the present invention, the web server 100 provides at least one electronic record related web service to the electronic record device 130 through the USB-compatible device 135. And at least one sound source D / B for storing at least one sound source data, and / or in association with the sound source D / B.

In addition, the web server 100 uses at least one sound source data stored in the sound source D / B when the authentication process for the electronic record apparatus 130 is normally completed through the electronic record authenticator 120. The electronic record service unit 125 is further provided with an electronic record service unit 125 for providing electronic record related services such as electronic record sales and / or return and / or exchange.

According to another exemplary embodiment of the present invention, when the web server 100 is a web server 100 that provides a predetermined membership service for the electronic record purchase customer, the web server 100 authenticates the electronic record. Membership service unit (not shown) for providing a membership service to the electronic record purchase customer via the USB-compatible device 135, when the authentication process for the electronic record device 130 is normally completed through the unit 120. It is possible to further comprise, or when the web server 100 is a web server 100 to provide a predetermined community service to the electronic record purchase customers, the web server 100 is the electronic record When the authentication process for the electronic record device 130 is normally completed through the authenticator 120, the community service is provided to the electronic record purchase customer through the USB corresponding device 135. Be formed by further comprising: a community service unit (not shown) for the ball are possible.

The web interface 105 may include a web interface for connecting a communication channel between the USB compatible device 135 and the web server 100 to a predetermined browser program included in the USB compatible device 135 through a predetermined network. A web interface for providing at least one web page generated by the web page operating unit 110 to the USB-compatible device 135 and at least one form form included in the web page. It is characterized in that it provides a web interface including at least one web interface for receiving at least one or more information (or data) that is input (and / or selected) to be transmitted from the web server (100).

According to an embodiment of the present invention, the USB-compatible device 135 is a wired terminal such as a personal computer (PC) and / or a laptop, and the USB-compatible device 135 communicates with the web server 100. When the network used to connect the channel is the Internet based on Transmission Control Protocol / Internet Protocol (TCP / IP), the web interface unit 105 uses a Hyper-Text Transfer Protocol (HTTP) based on the TCP / IP. It is preferable to connect the communication channel between the USB-compatible device 135 and the web server 100 through, and the HTML (Hyper-Text Markup Language) compatible web page generated by the web page management unit 110 (eg , * .htm, * .xml, * .asp, ...) to the USB-compatible device 135, and / or at least one form included in the webpage from the USB-compatible device 135 Information that is entered (and / or selected) through the form and transmitted (or It is preferable to receive the data) based on the HTTP.

According to another exemplary embodiment of the present invention, the USB-compatible device 135 may include at least one mobile communication terminal (eg, a personal communication system (PCS) and / or a global system for mobile communications (GSM) terminal and / or Or a WCDMA (Wide-CDMA) compliant terminal and / or a CDMA 2000 compliant terminal and / or a High Speed Downlink Packet Access (HSDPA) terminal, etc.), and the USB compatible device 135 establishes a communication channel with the web server 100. When the network used for connection is a CDMA-based mobile communication network, the web interface unit 105 may transmit the USB device 135 through the WAP (Wireless Application Protocol) and / or ME (Mobile Explorer) based on the CDMA. It is preferable to connect the communication channel between the web server 100 and the wireless markup language (WML) and / or HTML compatible web page generated by the web page operation unit 110 to correspond to the USB. Information (or data) provided to the device 135 and / or transmitted from the USB-compatible device 135 through input (and / or selection) through at least one form form included in the web page. And / or based on HTTP for mobile communication.

According to another embodiment of the present invention, the USB-compatible device 135 is at least one portable Internet terminal (eg, an IEEE 802.16x supporting terminal), and the USB-compatible device 135 is connected with the web server 100. When the network used to connect the communication channel is IEEE 802.16x based high-speed wireless Internet, the web interface unit 105 communicates with the USB compatible device 135 through HTTP for portable Internet based on the IEEE 802.16x. It is preferable to connect the communication channel between the web server 100, and to provide the HTML-compatible web page generated by the web page management unit 110 to the USB-compatible device 135, and / or the USB-compatible Receive information (or data) that is input (and / or selected) and transmitted from the device 135 via at least one form form included in the web page based on the HTTP for the portable Internet. It is preferred.

Those skilled in the art to which the present invention pertains, the web interface 105 is a web interface to at least one USB-compatible device 135 on a network based on a protocol other than the embodiment illustrated above. It will be possible to infer various embodiments that provide, and the present invention comprises all the inferred method of implementation.

The webpage operation unit 110 may provide at least one to be provided to the USB-compatible device 135 from a predetermined web source D / B included in the web server 100 (or associated with the web server 100). At least one web page source (eg, an HTML-based web document generation source, etc.) and at least one web content source (eg, at least one tag in an HTML-based web document) needed to generate the web page or more. Document content, and / or image content, and / or sound content, and / or multimedia content) to be included, and generates a predetermined webpage including the extracted at least one webpage source and a web content source. Extract a web page previously stored in the web server 100 and / or the web source D / B including at least one tag and a web content source according to an implementation method. After that), the generated (or extracted) web page is transmitted to the USB device 135 through the web interface unit 105.

According to the exemplary embodiment of the present invention, the web page generated by the webpage operation unit 110 may include at least one connected to the USB-compatible device 135 in cooperation with at least one USB controller provided in the USB-compatible device 135. A script (and / or plug-in) for detecting one or more electronic recording devices 130 and generating predetermined device authentication information in the electronic recording device 130 and transmitting them to the web server 100 via the network. Or a client program), whereby the USB-compatible device 135 receiving the webpage is based on the script (and / or plug-in, and / or client program). At least one electronic record device 130 connected to the USB-compatible device 135 in association with at least one USB controller provided in the When the electronic record device 130 is detected, predetermined electronic device authentication information is generated by the detected electronic record device 130 and transmitted to the web server 100 through the network.

Those skilled in the art to which the present invention pertains can infer various embodiments in which the webpage operation unit 110 generates (or extracts) at least one webpage corresponding to each communication protocol. Since there will be, a detailed description thereof will be omitted for convenience.

The information receiving unit 115 receives the USB page through the USB communication interface through a script (and / or a plug-in, and / or a client program) included in the web page in the USB-compatible device 135 receiving the web page. When the at least one electronic record device 130 connected to the corresponding device 135 is detected and predetermined device authentication information is generated and transmitted through the detected electronic record device 130, the device authentication information is received. Characterized in that.

According to an exemplary embodiment of the present invention, the device authentication information may include predetermined identification codes and / or device unique information stored in a memory (and / or an integrated circuit (IC) chip) provided in the electronic recording device 130. Or, at least one or more of record unique information and / or unique information assigned to the electronic record device 130 in a process of recording (or storing) a predetermined record in the electronic record device 130. To this end, the web server 100 preferably stores and manages at least one electronic record authentication information matching the device authentication information received through the information receiving unit 115 in the authentication information D / B. Do.

In the method, the predetermined identification code and / or device specific information and / or record unique information extracted from the memory (and / or IC chip) provided in the electronic recording device 130 through the information receiving unit 115 and And / or when device authentication information including at least one or more of unique information allocated to the electronic recording device 130 is received in the process of recording (or storing) a predetermined electronic recording on the electronic recording device 130, The electronic record authentication unit 120 extracts at least one electronic record authentication information matching the device authentication information from the authentication information D / B, and compares and authenticates the device authentication information with the electronic record authentication information. The electronic record device 130 connected to the USB device 135 is authenticated.

For example, when the device authentication information includes a predetermined identification code, the electronic record authentication information includes information that matches (or can be compared / authenticated) with the identification code, and the device authentication information is unique to the device. The electronic record authentication information includes information matching (or comparable / authenticable) with the device specific information, and when the device authentication information includes the record unique information, The record authentication information is information that matches (or can be compared / authenticated) with the record specific information, and the device authentication information is stored in the electronic record device 130 in the process of recording (or storing) a predetermined record. In the case of including the unique information assigned to the record device 130, the electronic record authentication information is matched with the unique information Includes information (or a comparison / authentication is possible).

According to another exemplary embodiment of the present invention, the device authentication information is a random number and / or one time password (OTP) code dynamically generated from a firmware and / or an IC chip included in the electronic recording device 130. It is preferable to comprise at least one or more.

Here, the random number included in the device authentication information is generated by the electronic record authentication unit 120 (for example, a random number is generated by the web server 100 to the USB-compatible device 135 and / or the electronic record device 130). If provided, the authentication method of encrypting the random number in the USB-compatible device 135 and / or the electronic recording device 130 to transmit to the web server 100), and / or in the electronic recording device 130 It can be generated and / or generated in any one of the USB-compatible device 135 connected to the electronic recording device 130 via a USB communication interface, thereby the present invention is not limited.

In addition, when the device authentication information includes the OTP code, OTP generation information necessary for generating the OTP is included in the electronic record authentication information and stored and managed in the authentication information D / B (for example, time synchronization). Synchoronous based OTP authentication scheme), and / or dynamically generated by the electronic record authenticator 120 and provided to the USB-compatible device 135 and / or the electronic record device 130 (eg, challenge-response). (Challenge-Response) based OTP authentication scheme) are all possible, thereby the present invention is not limited.

In the embodiment, the dynamically generated random number is encrypted by the electronic recording device 130 (or USB-compatible device 135 according to the embodiment) by an encryption method (and / or an encryption algorithm), and then, in the plain text form. A random number and a random number encrypted with a predetermined encryption method (and / or encryption algorithm) are received together through the information receiving unit 115, wherein the electronic record authentication unit 120 receives the encrypted random number from the electronic record device. The decryption scheme (and / or decryption algorithm) corresponding to the encryption scheme (and / or encryption algorithm) applied at 130 is compared with the random number in the plain text form, or the random number in the plain text form is recorded on the electronic recording apparatus. Encrypted with the encryption scheme (and / or encryption algorithm) applied at 130 and then compared with the encrypted random number, thereby accessing the USB-compatible device 135 Chair is characterized in that to authenticate the record device (130).

In addition, when the device authentication information including the OTP code is received through the information receiving unit 115, the electronic record authentication unit 120 is matched with the OTP code from the authentication information D / B Extract predetermined OTP generation information, and / or based on the OTP generation information generated by the electronic record authentication unit 120 and transmitted to the USB-compatible device 135 and / or the electronic record device 130. By generating an OTP authentication code and comparing the received OTP code with the generated OTP authentication code, it is characterized in that to authenticate the electronic recording device 130 connected to the USB-compatible device 135.

According to another exemplary embodiment of the present invention, the device authentication information may include the electronic recording device (in addition to the information extracted from the electronic recording device 130 and / or dynamically generated by the electronic recording device 130. Information dynamically generated by the USB-compatible device 135 to which 130 is connected (or connected via a USB communication interface), and / or information extracted from a storage device provided in the USB-compatible device 135, and / Alternatively, the electronic device may further include information input from a key input device included in the USB-compatible device 135, in which case the electronic record authentication information is generated and / or extracted and / or extracted from the USB-compatible device 135. Or it may be made to include information matching the input information, thereby not limited to the invention.

In the above embodiment, when the device authentication information is received by the information receiving unit 115 further including information generated and / or extracted and / or input from the USB device 135, the electronic record authentication unit ( 120 is configured to extract and compare information matching the information generated and / or extracted and / or input by the USB-compatible device 135 from the authentication information D / B, thereby connecting to the USB-compatible device 135. It is characterized in that the recording device 130 is authenticated.

According to the present invention, the device authentication information includes at least one encryption method (and / or a predetermined symmetric key encryption method, and / or public key encryption method, and / or key exchange encryption method, and / or electronic envelope encryption method, etc.). Or an encryption algorithm) and is received by the information receiving unit 115 through the web interface unit 105.

According to an exemplary embodiment of the present invention, the device authentication information may be a predetermined symmetric key method, and / or public key method, and / or key exchange method, and / or electronic envelope method in the electronic recording device 130. After being encrypted through at least one encryption method (and / or encryption algorithm), it is preferably received by the information receiving unit 115 through the web interface unit 105 via the network and the USB-compatible device 135. Do.

According to another exemplary embodiment of the present invention, the device authentication information may be transmitted in a predetermined symmetric key scheme, and / or public key scheme, and / or key exchange scheme, and / or electronic envelope scheme in the USB-compatible device 135. After being encrypted through the same at least one encryption method (and / or encryption algorithm), it is received to the information receiving unit 115 through the web interface unit 105 via a network connected by the USB-compatible device 135. It is preferable to be.

Those skilled in the art to which the present invention pertains can include encryption methods (and at least one or more of the symmetric key method, and / or public key method, and / or key exchange method, and / or electronic envelope method). And / or at least one other encryption method (and / or encryption algorithm) capable of encrypting the device authentication information in addition to the encryption method (and / or encryption algorithm) described above, Detailed description thereof is omitted for convenience, and the present invention is not limited thereto.

When the device authentication information is encrypted and received through at least one encryption method (and / or encryption algorithm) as described above, the electronic record authenticator 120 decrypts corresponding to the encryption method (and / or encryption algorithm). And decrypting the device authentication information through a method (and / or a decryption algorithm), thereby reading the device authentication information in the form of plain text.

Those skilled in the art to which the present invention pertains can include, but are not limited to, a decryption scheme (and / or a decryption scheme including at least one of the symmetric key scheme, the public key scheme, and / or the key exchange scheme, and / or the electronic envelope scheme). And / or decryption algorithms) and / or at least one or more decryption schemes capable of decrypting device authentication information corresponding to the encryption scheme (and / or encryption algorithm) in addition to the above-described decryption scheme (and / or decryption algorithm). And / or decryption algorithm), a detailed description thereof will be omitted for convenience, and the present invention is not limited thereto.

According to another exemplary embodiment of the present invention, the device authentication information is attached to a predetermined electronic signature (eg, generated through a predetermined private key) in the electronic recording device 130 and / or the USB compatible device 135. Attach a message digest to the device authentication information), and then

 It is possible to be received by the information receiving unit 115 through, thereby the present invention is not limited.

When a predetermined electronic signature is attached to the device authentication information as described above, the electronic recording certification unit 120 verifies the electronic signature, thereby authenticating the electronic recording device 130 connected to the USB compatible device 135. Characterized in that.

Those skilled in the art will already understand how to attach a predetermined digital signature to the device authentication information, and / or how to verify the electronic signature attached to the device authentication information. Therefore, detailed description thereof will be omitted for convenience, and the present invention is not limited thereto.

According to an exemplary embodiment of the present invention, the device authentication information is encrypted with at least one as described above, and / or a memory provided in the electronic recording device 130 for attaching a predetermined electronic signature, and / or the The IC chip provided in the electronic recording device 130 may store at least one encryption key (eg, symmetric key, public key, private key, etc.) for the encryption and / or electronic signature.

According to another embodiment of the present invention, a memory provided in the electronic recording device 130, and / or to at least one device authentication information is encrypted as described above, and / or a predetermined electronic signature attached; The IC chip provided in the electronic recording device 130 may store an authorized certificate including at least one encryption key (eg, symmetric key, public key, private key, etc.) for the encryption and / or electronic signature. Do.

In addition, in order for the device authentication information to be encrypted at least one or more, and / or a predetermined electronic signature is attached, firmware provided in the electronic recording device 130 (and / or USB compatible device according to the implementation method) The script (and / or the plug-in and / or the client program) provided at 135) is preferably provided with a function of encrypting the device authentication information and / or attaching an electronic signature through the encryption key.

According to an embodiment of the present invention, in order to decrypt the device authentication information encrypted as described above, and / or to verify the electronic signature, the electronic record authentication information includes at least one or more pieces for decrypting the encrypted device authentication information. The decryption key (e.g., symmetric key, public key, private key, etc.) and / or the public key on the electronic record device 130 (and / or USB compatible device 135) for verifying the electronic signature is stored. The public key of the electronic recording device 130 (and / or the USB compatible device 135) is a memory (and / or IC chip) provided in the electronic recording device 130. It is possible to be provided in the directory server (not shown) of the.

According to another embodiment of the present invention, to decrypt the encrypted device authentication information as described above, the electronic record authentication information includes at least one decryption key (for example, a symmetric key, for decrypting the encrypted device authentication information). It is preferable that the public certificate having a public key, private key, etc.) is stored.

Further, in order to decrypt the device authentication information received as encrypted and / or with an electronic signature attached thereto, and / or to confirm the electronic signature, the electronic record authentication unit 120 may generate the authentication information D /. It is preferable that a function of extracting at least one decryption key stored in B, and decrypting the device authentication information through the extracted decryption key.

2 is a block diagram illustrating a device configuration block of the electronic recording apparatus 130 according to the embodiment of the present invention.

In more detail, FIG. 2 shows in block form a preferred device configuration of the electronic recording device 130 for interfacing the predetermined USB-compatible device 135 with a predetermined USB communication interface in the system configuration shown in FIG. As one of ordinary skill in the art to which the present invention pertains, the electronic recording device 130 interfaces with the USB-compatible device 135 and the USB communication interface by referring to and / or modifying the drawing 2. Various implementation methods for the device configuration may be inferred, but the present invention includes all the inferred implementation methods, and is not limited by the implementation method shown in FIG.

Referring to FIG. 2, the electronic recording device 130 that interfaces with the USB device 135 through the USB communication interface may include at least one USB connector 235 corresponding to a USB communication standard, and A memory for storing at least one sound source data, and an interface with the USB compatible device 135 through the USB connector 235 based on a USB communication standard, and managing at least one sound source data stored in the memory; And a controller 205 for extracting predetermined sound source data from the memory 240 and providing the sound source data to the USB device 135 through the USB connector 235. Sound source data stored in 240 preferably comprises at least one copyright information.

Here, the copyright information includes at least one or more of digital rights management (DRM) information, watermark information, and finger print information applied to the sound source data and / or digital content, and is viewed according to specific copyright information. The invention is not limited.

In addition, one of ordinary skill in the art to which the present invention pertains clearly understands the technical matters to which the copyright information is applied to the sound source data and / or the digital content, and thus the detailed description thereof will be omitted for convenience.

According to an embodiment of the present invention, the memory 240 includes a predetermined identification code and / or device specific information and / or record specific information and / or a predetermined electronic record included in the device authentication information. In the process of recording (or storing) at 130, it is preferable to store at least one or more of unique information allocated to the electronic recording apparatus 130.

In addition, the memory stores at least one authentication key (and / or authentication information) required for the controller 205 to manage and control the sound source data stored in the memory 240, wherein the authentication key and And / or authentication information is an encryption key (e.g. , A symmetric key, a public key, a private key, etc.) and / or at least one OTP (One Time Password) generation code and a generation algorithm for generating a predetermined OTP code.

In addition, the electronic recording apparatus 130 further includes an IC chip 255 for storing at least one authentication key (and / or authentication information) necessary for the controller 205 to manage and control sound source data stored in the memory. Preferably, the authentication key and / or the authentication information is provided by the controller 205 (and / or USB-compatible device 135 according to the method). Or at least one encryption key (e.g., symmetric key, public key, private key, etc.) for encrypting with an encryption algorithm) and / or one time password (OTP) generation code and generation algorithm for generating a predetermined OTP code. It is preferable to comprise.

In addition, the electronic recording apparatus 130 may further include a clock source 245 (Clock Source) for generating a clock required for the controller 205 and / or the memory 240 to operate. The clock source 245 may be any clock generating circuit, such as a crystal oscillator or frequency synthesizer, but the present invention is not limited thereto.

Here, the clock source 245 may be provided in the controller 205, and thus the present invention is not limited thereto.

In addition, the electronic recording apparatus 130 further includes an amplifier 230 for generating a predetermined sound source signal generated from the sound source data stored in the memory 240 and a sound source terminal 250 for outputting the amplified sound source signal. In addition to the power input through the USB connector 235 may be made, but may further include a battery (not shown), but the present invention is not limited thereto.

However, when the amplifier 230, the sound source terminal 250, and / or a battery (not shown) are further provided in the electronic recording apparatus 130, the electronic recording apparatus 130 further functions as an electronic recording player. Will perform.

In addition, the electronic record device 130 may include a screen output device (not shown) including a predetermined LCD controlled by the controller 205 to perform a function of a more efficient electronic record player, and / or the controller ( 205) may further include a key input unit (not shown) for inputting a command such as selecting a predetermined sound source and / or playing and / or stopping, etc., but the present invention is not limited thereto. Those skilled in the art will readily be able to infer a method of including the screen output unit (not shown) and / or key input unit (not shown) in the controller 205, and thus, the detailed description thereof is provided for convenience. Omit.

In addition, the electronic recording device 130 has an additional configuration (for example, an IC chip 255 module for enhancing the security function of the electronic recording, expansion sockets for memory expansion) in addition to the configuration shown in FIG. Etc.), but the present invention includes all the above-described configurations, and is not limited to the configuration illustrated in FIG.

The USB connector 235 may be physically type A corresponding to the target USB connector 235, and / or type B corresponding to the host USB connector 235, and / or OTG. (On-The-Go) is characterized in that it conforms to the specification of at least one connector 235 of the mini-AB (Mini-AB) corresponding to the USB connector 235, the electrical through the connector 235 A function of applying power input from the USB compatible device 135 to the controller 205 and / or a memory and / or a clock, and an electrical signal input from the USB compatible device 135 through the connector 235 And a function of transferring the electrical signal input from the controller 205 to the USB compatible device 135 through the physical connector 235. .

The memory may be a NAND flash memory (e.g., a flash memory in which cells are disposed in series between a bit line and a ground line on a memory structure) and / or a NOR flash memory (e.g., a flash in which a cell is disposed in parallel between a bit line and a ground line on a memory structure). Memory) or at least one flash memory modified from the NOR flash memory, a DINOR flash memory, and a virtual ground array (VGA) flash memory. The memory may include an EEPROM. (Electrically Erasable and Programmable Read Only Memory).

According to an exemplary embodiment of the present invention, the memory 240 may include at least one or more digital contents (eg, text / image contents such as music scores corresponding to an electronic record, and / or electronics) containing predetermined copyright information in addition to the sound source data. And multimedia content such as a music video corresponding to the recording).

According to an exemplary embodiment of the present invention, it is preferable that a memory control function is provided to store sound source data and / or digital content stored in the memory 240 as read only / hidden attributes for copyright protection.

Herein, the memory control function for copyright protection may access the sound source data and / or the digital content only a sound source application which is authorized to access the sound source data among the application programs provided in the USB compatible device 135. Or / or the read-only / hidden attribute of the sound source data and / or the digital content is changed only by a sound source application that is authorized to change the attribute among applications provided in the USB compatible device 135. It is characterized in that it is controlled to be possible, it is preferably not changed by other applications and / or the operating system of the USB-compatible device (135).

According to another embodiment of the present invention, the sound source data and / or digital content stored in the memory 240 is divided into a memory area in which sound source data is stored and a memory area in which general data is stored for copyright protection. It is preferable that a memory control function is provided.

The memory control function for copyright protection may be performed such that the memory area in which the sound source data is stored accesses only a sound source application program that is authorized to access the sound source data among the application programs provided in the USB compatible device 135. It is characterized by controlling.

According to an embodiment of the present invention, the sound source data and / or digital content stored in the memory 240 are compressed with a predetermined compression codec and / or a predetermined encryption scheme (and / or encryption) according to the intention of a person skilled in the art. Algorithm), and the present invention is not limited thereto.

In addition, the memory 240 may store predetermined DRM information for preventing illegal copying of the sound source data and / or digital content, and the attribute and / or storage area of the DRM information may also be stored in the sound source data and / or the storage area. Like the digital content, the memory control function for copyright protection is preferably applied.

In addition, the data stored in the memory area where the sound source data is stored, preferably comprises a record information corresponding to the sound source data, the record information is the record name information (for example, Hong Gil-dong 1), singer information, Sound source data information (e.g., the title and playback time of each sound source), composer information and / or writer information and / or arranger information for each sound source data; Information (Barcode) or RFID (Radio Frequency Identification (RFID) code information, etc.) is preferably included.

In addition, the memory 240 may store a predetermined sound source application program for reproducing the sound source data and / or the digital content in the USB compatible device 135 connected to the electronic recording device 130. The sound source application is preferably provided and installed to the USB device 135 in the process of the first connection to the USB-compatible device 135 in the electronic recording device 130, the sound source application property is Like the sound source data and / or digital content, it is preferable that the memory control function for copyright protection is applied.

In addition, the memory 240 may store a predetermined electronic record-related program (for example, a sound source playback program) for playing the sound source data and / or digital content in the electronic record device 130. When a predetermined power is supplied to the record apparatus 130, the electronic record related program is preferably provided to the controller 205 and executed.

In addition, when the USB compatible device 135 connected to the electronic recording device 130 is connected to a predetermined network, the memory 240 interworks with a server (or a terminal) on the network through the USB compatible device 135. It is possible to store information for supporting additional purchase, return, exchange, etc. of the sound source data and / or digital content.

The data stored in the memory area in which the sound source data is stored may further include customer information and / or buyer information on the customer who purchased the electronic recording, and thus the present invention is not limited thereto. .

The controller 205 is configured to include a typical USB interface circuit configuration for communicating with the USB-compatible device 135 based on the USB communication standard, and those skilled in the art other than the configuration shown in FIG. According to the intention of the additional configuration may be further included, the present invention includes all of the additional configuration, the present invention is not limited by the configuration shown in FIG.

According to the exemplary embodiment of the present invention, the controller 205 may include a one chip including a processor 215 and a program memory 220 and a circuit constituting the same. An implementation method including a one-chip including a program memory 220, but a circuit constituting the same outside the one chip, or including the processor 215 and a circuit constituting the same inside, but the program memory 220 to the outside The implementation method or the implementation method for configuring the processor 215 and the program memory 220 and the circuits constituting the same may be variously implemented, but the controller 205 of the present invention may be implemented in the specific implementation described above. It is not limited by the method, and also by the implementation method shown in FIG.

Referring to FIG. 2 according to a preferred embodiment of the present invention, the controller 205 is connected to a USB interface 210 for interfacing the controller 205 with the USB compatible device 135 through the USB connector 235. A memory interface 225 for interfacing the memory 240 and the controller 205, a computation processing function required for USB communication, a memory control and management function according to the present invention, and / or an electronic recording process according to the present invention. It includes a processor 215 for performing arithmetic processing function, and a program memory 220 for storing a firmware program that is processed by the processor 215.

In addition, the controller 205 may further include an IC chip 255 interface 260 for interfacing the IC chip 255 and the controller 205.

The USB interface 210 is a circuit configuration for packet exchange between the USB connector 235 and the controller 205, and electrically and / or logically connects the USB connector 235 and the controller 205. It includes a bus (BUS).

The memory interface 225 is a circuit configuration for exchanging commands and / or information between the controller 205 and the memory 240, and the controller 205 receives various control signals such as chip activation, read and write signals. A control bus for controlling the memory 240 by applying it to the memory 240 and an address bus and / or data bus for exchanging information between the controller 205 and the memory 240. It includes (Data BUS).

The IC chip 255 interface 260 satisfies the ISO / IEC 7816 standard, and exchanges commands and / or information between the controller 205 and the IC chip 255 as a replacement circuit configuration. At least one contact point (eg, a power supply (VCC) contact point, a reset signal (RST) contact point, a clock signal CLK contact point, a data (D +) contact point, a ground (GND) contact point, and an input / output) provided in the IC chip 255). I / O) contact point and data (D-) contact point, etc.) and a bus BUS connecting the controller 205.

The processor 215 is a central process unit (CPU) included in the electronic recording device 130, and processes a command received from the USB compatible device 135 through the USB connector 235, and / or It is characterized by processing the function of the firmware program defined in the program memory 220.

The program memory 220 is a program storage memory included in the electronic recording device 130, and includes a memory structure that can be randomly accessed in hardware. The USB interface 210 may be software. And / or a function of controlling the operation of the memory interface 225, a function of communicating with the USB compatible device 135 in cooperation with the USB interface 210, and copyright protection in cooperation with the memory interface 225. In order to control and manage the memory 240 and / or to store a firmware program including at least one or more functions required for the electronic recording process according to the invention.

According to the exemplary embodiment of the present invention, the program memory 220 may include a nonvolatile memory including at least one of a ROM and / or an EPROM and / or an EEPROM and / or a NOR series. The program memory 220 includes a function of controlling the operation of the USB interface 210 and / or the memory interface 225, a function of communicating with the USB compatible device 135 in association with the USB interface 210, and It is preferable that a firmware program including at least one function of controlling and managing the memory for copyright protection in conjunction with the memory interface 225 and / or at least one function required for electronic music processing according to the present invention is stored and executed. .

According to another exemplary embodiment of the present invention, the program memory 220 may include at least one or more volatile memory of RAM and / or SRAM and / or DRAM, in which case the USB interface 210 and / or Or a function of controlling the operation of the memory interface 225, a function of communicating with the USB compatible device 135 by interworking with the USB interface 210, and a copyright protection by interworking with the memory interface 225. A firmware program including at least one function for controlling and managing a memory and / or a function required for an electronic recording process according to the present invention is stored in the memory, and loaded from the memory 240 to the program memory 220. And the present invention can be executed, and the present invention is not limited thereto.

According to another embodiment of the present invention, when the memory is capable of being stored and executed by the firmware as an EEPROM and / or a NOR series of programmable memory, or the memory is a NAND series of memory, When a program can be executed in a memory, the program memory 220 may be omitted by storing and executing the firmware in the memory 240, whereby the present invention is not limited thereto.

The function of controlling the operation of the USB interface 210 in the firmware program is to receive a predetermined USB packet from the USB compatible device 135 through the USB connector 235 and to perform a protocol corresponding to the received USB packet. It is desirable to include reading the stack and controlling the operation of extracting predetermined instructions and / or data from the protocol stack.

In addition, the function of controlling the operation of the USB interface 210 may generate a USB packet by applying a predetermined protocol stack to data generated in the controller 205 and / or data extracted from the memory 240. And controlling the operation of transmitting the generated USB packet to the USB device 135 through the USB connector 235.

According to an embodiment of the present invention, in order to control the operation of the USB interface 210, the firmware program sets, stores, and manages information and / or flags necessary for controlling the operation of the USB interface 210. And / or a buffer for temporarily storing data received from the USB-compatible device 135 via the USB connector 235, and / or to the USB-compatible device 135 via the USB connector 235. It is preferable to include a buffer for temporarily storing data.

The function of controlling the operation of the memory interface 225 in the firmware program is, when an input-output related command to the memory 240 is received from the USB-compatible device 135, the memory 240 in response to the command And writing data corresponding to the command to or reading data corresponding to the command from the memory 240. In particular, a function of controlling the operation of the memory interface 225 is linked. It is preferably controlled by the function of controlling and managing the memory for copyright protection.

According to an embodiment of the present invention, the firmware program is configured to store and manage information and / or flags necessary for controlling the operation of the memory interface 225 to control the operation of the memory interface 225. And / or a buffer for temporarily storing data to be stored in the memory, and / or a buffer for temporarily storing data extracted from the memory.

The function of protecting copyright through the memory property control for copyright protection in conjunction with the memory interface 225 in the firmware program is performed when predetermined sound source data and / or digital content is recorded (or stored) in the memory. Check whether the sound source data and / or the digital content includes predetermined copyright information, and if the sound source data and / or the digital content include predetermined copyright information, read the sound source data and / or the digital content. It is desirable to include a forced fixation with a dedicated / hidden attribute.

In addition, the function of controlling and managing the property of the memory 240 for copyright protection, the property of the sound source data and / or digital content stored in the memory as a read-only / hidden property fixed to the read-only / hidden property, It is possible to change only by the application for the sound source authorized to change the property among the application programs provided in the USB-compatible device 135, in addition to other applications and / or the operating system of the USB-compatible device 135 It is preferable to control so as not to change by a.

In addition, the function of controlling and managing the attributes of the memory 240 for copyright protection is one of application programs included in a predetermined USB-compatible device 135 connected through the USB connector 235 in the controller 205. It is preferable that only a sound recording application for which the authority to change the property of the sound source data and / or digital content is authorized is allowed and controlled to change the read-only / hidden property of the sound source data and / or the digital content. It is preferable that the read-only / hidden attribute of the sound source data and / or the digital content is not changed by the operating system of the USB device 135 as well as a program.

The function of protecting copyright through the memory area control for copyright protection by interworking with the memory interface 225 in the firmware program includes a memory in which the memory 240 logically stores predetermined sound source data corresponding to an electronic record. It is preferable to divide and manage the area and the memory area in which general data is stored.

In addition, the function of controlling and managing the memory area for copyright protection is performed by the controller 205 to the sound source data among application programs included in a predetermined USB-compatible device 135 connected through the USB connector 235. It is preferable to allow and control only the sound source application for which the access right is authorized to access the memory area storing the sound source data, and the non-authenticated general application processes to access the memory area where the general data is stored. It is desirable to.

The function required for the electronic recording process according to the present invention in the firmware program is provided in a predetermined USB compatible device 135 connected through the USB connector 235 for the function of controlling and managing the memory for the copyright protection. It is preferable to include the authentication of the sound source application that can change the read-only / hidden attributes of the sound source data and / or digital content of the application program.

In addition, the function required for the electronic recording process according to the present invention, when a predetermined DRM is applied to the sound source data and / or digital content stored in the memory, the DRM is confirmed and processed by the controller 205, It is desirable to identify and process the DRM applied to the sound source data and / or digital content.

In addition, a function required for the electronic recording process according to the present invention is to extract and reproduce sound source data stored in the memory in order to reproduce the sound source data in the controller 205 to generate a predetermined sound source signal. It is preferable to further comprise a functional configuration for generating a signal, whereby the present invention is not limited.

When the sound source data is reproduced in the controller 205 to generate a predetermined sound source signal according to an exemplary embodiment of the present invention, the generated sound source signal is preferably transmitted to the amplifier 230 and amplified. The amplified sound source signal is preferably output through the sound source terminal 250.

According to an embodiment of the present invention, the electronic recording device 130 is connected to a predetermined USB compatible device 135 through a USB communication standard to provide sound source data stored in the memory to the USB compatible device 135. An electronic record mode played back through a predetermined sound source application program included in the USB compatible device 135, or connected to the USB compatible device 135 through a USB communication standard to support a data storage area on the memory. Data storage mode that extends to the data storage area of the device 135, or electronic record reproduction for reproducing the sound source data stored in the memory through the amplifier 230 and the sound source terminal 250 included in the electronic record device 130 It is preferable to operate by selecting any one of the modes.

According to another exemplary embodiment of the present invention, the electronic recording device 130 is connected to a predetermined USB compatible device 135 through a USB communication standard to provide sound source data stored in the memory to the USB compatible device 135. An electronic recording mode for playing back through a predetermined sound source application program provided in the USB-compatible device 135, and / or connected to the USB-compatible device 135 via a USB communication standard to store a data storage area on the memory. Data storage mode extending to the data storage area of the USB-compatible device 135, and / or sound source data stored in the memory through the amplifier 230 and the sound source terminal 250 provided in the electronic recording device 130 It is possible to operate in a multi-mode in which at least two or more operating modes of the electronic record reproducing mode for reproducing are simultaneously executed, whereby the present invention is not limited.

For example, the electronic record device 130 may have both an electronic record mode and a data storage mode executed at the same time, and / or an electronic record play mode and a data storage mode executed at the same time, and / or the electronic record mode and an electronic record playback mode may be performed. It is possible to execute simultaneously, and / or both the electronic record mode and the data storage mode and the electronic record reproduction mode are executed simultaneously.

3A and 3B illustrate an interface structure between the controller 205 and the IC chip 255 of the electronic recording apparatus 130 according to the embodiment of the present invention.

3a and 3b are provided for authenticating the electronic recording device 130 in a server and / or a terminal on a network when the electronic recording device 130 includes a predetermined IC chip 255. As an embodiment of the interface structure between the controller 205 and the IC chip 255, those skilled in the art to which the present invention pertains, the controller (see Figures 3a and 3b) Various implementation methods for the interface structure between the 205 and the IC chip 255 may be inferred, but the present invention includes all the inferred implementation methods, and is not limited to the implementation methods shown in FIGS. 3A and 3B. No.

Referring to a standard including ISO / IEC 7816, the IC chip 255 may include a power supply (VCC), a reset signal (RST), a clock signal (CLK), a ground (GND), a programming power supply (VPP), and an input / output ( I / O interfaces to communicate with the outside (e.g., command or data exchange, etc.) through contact points such as I / O), Central Process Unit (CPU) / Micro Process Unit (MPU), and / or Coprocessor 215 (Coprocessor) A processor 215 including at least one computing element, a read only memory (ROM), a random access memory (RAM), an electrically erasable and programmable read only memory (EEPROM), a flash memory (FM), and the like. And a memory unit including at least one memory element, wherein the memory unit (eg, a ROM) stores a Chip Operating System (COS) for managing and operating an IC card internal resource. Power supply (VCC) contacts on the interface When a predetermined power source (for example, DC 5V or DC 3V) is supplied from the outside through the point of contact, the COS stored in the memory unit is loaded into a predetermined execution memory to control the overall operation of the IC chip 255, and It controls information or data exchange with the outside through an application protocol data unit (APDU) based on a clock frequency (eg, 3.57 MHz or 4.9 MHz) input through a clock signal (CLK) contact point of an input / output interface.

According to an exemplary embodiment of the present invention, the memory unit of the IC chip 255 may have a predetermined authentication key (eg, an encryption key or decryption) required for authenticating the electronic recording device 130 at a server and / or a terminal on the network. Key, or OTP generation code and generation algorithm), and in this case, when predetermined device authentication information is requested from the server and / or the terminal device on the network through the USB-compatible device 135, The controller 205 of the electronic recording device 130 extracts and / or generates predetermined device authentication information from the IC chip 255 based on an APDU protocol through the IC chip 255 interface 260. And / or encrypt the extracted (and / or generated) device authentication information.

According to another embodiment of the present invention, the IC chip 255 is provided with a predetermined authentication key necessary for authenticating the electronic recording device 130 in a server and / or a terminal on the network, and / or the device. A card program for encrypting authentication information is provided. In this case, when predetermined device authentication information is requested from the server and / or the terminal device on the network through the USB-compatible device 135, the electronic recording device ( The controller 205 of 130 extracts and / or generates predetermined device authentication information and provides the IC chip 255 through the IC chip 255 interface 260 to the IC chip 255 based on an APDU protocol. The device requesting to encrypt the device authentication information included in the IC chip 255, the IC chip 255 is provided from the controller 205 (and / or extracted / generated from the IC chip 255) Certification information The encryption, and the encryption device authentication information, characterized in that the return to the controller 205.

According to another embodiment of the present invention, in addition to the above-described implementation method, the electronic recording device 130 may extract / generate, and / or encrypt predetermined device authentication information through the IC chip 255. (E.g., an implementation method in which the IC chip 255 is provided with a public certificate including a predetermined authentication key) may be inferred, but the present invention includes all the implementation methods inferred.

Referring to the standard including ISO / IEC 7816, the input / output interface of the IC chip 255 is a power supply (VCC), a reset signal (RST), a clock signal (CLK), a ground (GND), a programming power supply (VPP). And contact points such as input / output (I / O) and the like. Referring to FIG. 3A, the IC chip 255 interface 260 included in the controller 205 of the electronic recording apparatus 130 may be the IC chip. Electrically connected and interfaced with a power supply (VCC) contact point, a reset signal (RST) contact point, a clock signal (CLK) contact point, a ground (GND) contact point, and an input / output (I / O) contact point provided at the input / output interface of 255. It is characterized by.

In FIG. 3A, the IC chip 255 interface 260 includes a DC 5V power input from a power supply (VCC) contact point of the USB connector 235 at an input / output interface of the IC chip 255. It is characterized in that to apply to the IC chip 255 through a power supply (VCC) contact point, when the power supply of DC 3V to the IC chip 255, the power supply of the USB connector 235 ( It is possible to regulate the DC 5V power input from the VCC) contact point to DC 3V and apply it to the power supply (VCC) contact point provided at the input / output interface of the IC chip 255, thereby limiting the present invention. Not.

In addition, when the IC chip 255 is supplied with a predetermined power to the IC chip 255 through a power supply (VCC) contact point provided at the input / output interface of the IC chip 255, A reset signal may be generated and applied to a reset signal RST contact point provided at the input / output interface of the IC chip 255.

In addition, the IC chip 255 interface 260 transmits a clock signal generated from the clock source 245 of the electronic recording device 130 to the clock signal CLK contact point provided at the input / output interface of the IC chip 255. When the clock signal used by the electronic recording device 130 and the clock signal used by the IC chip 255 are different from each other, the IC chip 255 interface 260 is connected to the clock source. It is possible to convert the clock signal generated by the signal 245 into a clock signal (e.g., 3.57 MHz or 4.9 MHz) usable for the IC chip 255, and to thereby apply the present invention.

According to another exemplary embodiment of the present invention, the IC chip 255 interface 260 may be applied to the IC chip 255 in addition to the clock signal input from the clock source 245 to the controller 205. A separate clock source 245 for generating a clock signal of may be provided, whereby the present invention is not limited.

In addition, the IC chip 255 interface 260 may connect the ground (GND) contact point of the USB connector 235 to the IC chip 255 through a ground (VCC) contact point provided at an input / output interface of the IC chip 255. It is characterized in that to apply.

In addition, the IC chip 255 interface 260 inputs / outputs predetermined IC chip 255 input data generated based on the APDU protocol by the controller 205 of the electronic recording device 130. It is characterized in that the input to the IC chip 255 is converted into a predetermined data signal through the input / output (I / O) contact point provided in the interface.

In addition, when a predetermined data signal is output from the IC chip 255 through an input / output (I / O) contact point provided in the input / output interface of the IC chip 255, the IC chip 255 interface 260 is The data signal is provided to the controller 205, and then the controller 205 reads predetermined IC chip 255 output data from the data signal based on the APDU protocol, and the IC chip 255. The predetermined authentication procedure corresponding to the output data is performed.

In the embodiment of the method for authenticating the electronic recording device 130 in a server and / or a terminal on the network through the IC chip 255 as described above, the controller 205 of the electronic recording device 130 is the IC chip. It is desirable to perform the function of the IC terminal for (255).

Extracting / generating the device authentication information from a script and / or a plug-in included in a communication program included in the USB compatible device 135, and / or a predetermined program linked with the communication program according to another embodiment of the present invention; In the case of encryption, the IC chip 255 input data inputted to the IC chip 255 through an input / output (I / O) contact point provided in the input / output interface of the IC chip 255 is the USB connector 235. It is preferable to extract from a predetermined USB packet received by the electronic recording device 130 through the data (D + / D-) contact of the IC chip 255, and the input data of the IC chip 255 is controlled by the controller 205 by the IC. When the IC chip 255 input data satisfies the APDU protocol and / or the APDU protocol input to the chip 255, the IC chip 255 interface 260 is a data signal corresponding to the APDU protocol. To The input is input to the IC chip 255 through an input / output (I / O) contact point provided in the input / output interface of the IC chip 255.

Subsequently, when a predetermined data signal is output from the IC chip 255 through an input / output (I / O) contact point provided in the input / output interface of the IC chip 255, the IC chip 255 interface 260 is The data signal is provided to the controller 205, and then the controller 205 reads predetermined IC chip 255 output data from the data signal based on the APDU protocol, and reads the read IC chip ( 255) The output data is processed into a USB packet and transmitted to the USB compatible device 135 through the data (D + / D-) contact of the USB connector 235.

As described above, a script and / or a plug-in included in the communication program included in the USB device 135 through the IC chip 255, and / or a predetermined program linked with the communication program encrypts the device authentication information. In the method, the electronic recording device 130 preferably performs a function of a USB based IC reader for the IC chip 255.

According to another embodiment inferred from FIG. 3A, the IC chip 255 interface 260 may exist between the USB connector 235 and the controller 205 outside the controller 205, wherein Among the contact points provided in the input / output interface of the IC chip 255, the power supply (VCC) contact point, the reset signal (RST) contact point, and the ground (GND) contact point except the input / output (I / O) contact point may be connected to the USB connector 235. The clock signal CLK contact point may be directly connected to the clock source 245, but the present invention is not limited thereto.

Of course, in addition to the above implementation method, various implementation methods for interfacing the IC chip 255 and the controller 205 and / or the USB compatible device 135 may be inferred according to the intention of the person skilled in the art. This is not limited.

Referring to a recent standard including ISO / IEC 7816 (ISO / IEC 7810-11 FDIS 0402), the C4 contact point of the input / output interface of the IC chip 255 is connected to the data (D +) contact of the USB communication standard, and the C8 The contact point is defined to communicate with the outside (for example, command or data exchange, etc.) by connecting with the data (D-) contact of the USB communication standard. Referring to FIG. 3B, the controller 205 of the electronic recording device 130 The IC chip 255 interface 260 includes a power supply (VCC) contact point, a reset signal (RST) contact point, a clock signal (CLK) contact point, and a ground (GND) contact point provided at the input / output interface of the IC chip 255. And interfacing with the data (D +) contact point and the data (D-) contact point.

In FIG. 3B, the IC chip 255 interface 260 includes a DC 5V power input from a power supply (VCC) contact point of the USB connector 235 at an input / output interface of the IC chip 255. It is characterized in that to apply to the IC chip 255 through the power supply (VCC) contact point, when the power supply of DC 3V to the IC chip 255, the power supply (VCC) of the USB connector 235 DC 5V power input from the contact point is regulated to DC 3V and applied to the power supply (VCC) contact point provided at the input / output interface of the IC chip 255, thereby limiting the present invention. No.

In addition, when the IC chip 255 is supplied with a predetermined power to the IC chip 255 through a power supply (VCC) contact point provided at the input / output interface of the IC chip 255, A reset signal may be generated and applied to a reset signal RST contact point provided at the input / output interface of the IC chip 255.

In addition, the IC chip 255 interface 260 transmits a clock signal generated from the clock source 245 of the electronic recording device 130 to the clock signal CLK contact point provided at the input / output interface of the IC chip 255. When the clock signal used by the electronic recording device 130 and the clock signal used by the IC chip 255 are different from each other, the IC chip 255 interface 260 is connected to the clock source. It is possible to convert the clock signal generated by the signal 245 into a clock signal (e.g., 3.57 MHz or 4.9 MHz) usable for the IC chip 255, and to thereby apply the present invention.

According to another exemplary embodiment of the present invention, the IC chip 255 interface 260 may be applied to the IC chip 255 in addition to the clock signal input from the clock source 245 to the controller 205. A separate clock source 245 for generating a clock signal of may be provided, whereby the present invention is not limited.

In addition, the IC chip 255 interface 260 may connect the ground (GND) contact point of the USB connector 235 to the IC chip 255 through a ground (VCC) contact point provided at an input / output interface of the IC chip 255. It is characterized in that to apply.

In addition, the IC chip 255 interface 260 is provided to the input and output interface of the IC chip 255 to the predetermined IC chip 255 input data generated by the controller 205 of the electronic recording device 130 It is characterized in that the input to the IC chip 255 through the data (D + / D-) contact point.

In addition, when predetermined IC chip 255 output data is output from the IC chip 255 through the data (D + / D-) contact point provided in the input / output interface of the IC chip 255, the IC chip 255 The interface 260 provides the IC chip 255 output data to the controller 205, after which the controller 205 performs a predetermined authentication procedure corresponding to the IC chip 255 output data. It is characterized by.

In the embodiment of the method for authenticating the electronic recording device 130 in a server and / or a terminal on the network through the IC chip 255 as described above, the controller 205 of the electronic recording device 130 is the IC chip. It is desirable to perform the function of the IC terminal for (255).

According to another exemplary embodiment of the present invention, the IC chip 255 may be included in a script and / or a plug-in included in a communication program included in the USB compatible device 135, and / or a predetermined program linked with the communication program. When extracting / generating and / or encrypting device authentication information, and performing an IC card function for generating the IC, the IC is provided through a data (D + / D-) contact point provided at an input / output interface of the IC chip 255. The IC chip 255 input data input to the chip 255 corresponds to a predetermined USB packet received by the electronic recording device 130 through the data (D + / D−) contact point of the USB connector 235. Preferably, the IC chip 255 interface 260 transmits the IC chip 255 input data through the data (D + / D-) contact point provided at the input / output interface of the IC chip 255. 255).

Subsequently, when predetermined IC chip 255 output data is output from the IC chip 255 through the data (D + / D-) contact point provided in the input / output interface of the IC chip 255, the IC chip 255 The interface 260 provides the IC chip 255 output data to the controller 205, and then the controller 205 processes the IC chip 255 output data into a USB packet to transmit the USB connector (255). The data is transmitted to the USB device 135 through the data (D + / D−) contact point 235.

As described above, a script and / or a plug-in included in the communication program included in the USB compatible device 135 through the IC chip 255, and / or a predetermined program linked with the communication program provides the device authentication information. In the encryption method, it is preferable that the electronic recording device 130 performs a function of a USB based IC reader for the IC chip 255.

According to another embodiment inferred from FIG. 3B, the IC chip 255 interface 260 may exist between the USB connector 235 and the controller 205 outside the controller 205, wherein A power supply (VCC) contact point, a reset signal (RST) contact point, a ground (GND) contact point, a data (D +) contact point, a data (D-) contact point, and the like provided in the input / output interface of the IC chip 255 may be connected to the USB connector 235. ) And / or the clock signal CLK contact point may be directly connected to the clock source 245, but the present invention is not limited thereto.

Of course, in addition to the above-described implementation method, various implementation methods for interfacing the IC chip 255 and the controller 205 and / or the USB compatible device 135 may be inferred according to the intention of the person skilled in the art. This is not limited.

4 is a block diagram illustrating a functional block of the electronic recording apparatus 130 according to the embodiment of the present invention.

In more detail, FIG. 4 illustrates a preferred functional block of the electronic recording apparatus 130 that interfaces with the predetermined USB-compatible device 135 through a predetermined USB communication interface in the system configuration shown in FIG. Specifically, the device authentication information is generated in the electronic recording device 130 (eg, firmware provided in the electronic recording device 130) (and / or extracted from the memory 240 provided in the electronic recording device 130, And / or extracted from the IC chip 255 included in the electronic recording device 130), and / or encrypting the device authentication information using a predetermined encryption method (and / or encryption algorithm). Shows a preferred functional configuration for the electronic recording device 130 for transmitting to the server and / or the terminal on the network through the ().

Those skilled in the art to which the present invention pertains may refer to and / or modify this drawing so that the electronic record device 130 authenticates the electronic record device 130 at a server and / or a terminal on the network. Various implementation methods of 130 may be inferred, but the present invention includes all the inferred implementation methods and is not limited by the implementation method shown in FIG.

For example, the present invention generates the device authentication information in the IC chip 255 provided in the electronic recording device 130 (and / or in the firmware provided in the electronic recording device 130 to generate the IC chip 255). And / or extract the device authentication information from the IC chip 255 (and / or extract it from the memory provided in the electronic recording device 130 and provide it to the IC chip 255). And encrypting the device authentication information generated (and / or extracted) by the IC chip 255 using a predetermined encryption method (and / or encryption algorithm), and the present invention is not limited thereto.

In addition, the present invention generates the device authentication information from the electronic recording device 130 (eg, firmware provided in the electronic recording device 130) (and / or the memory 240 provided in the electronic recording device 130). Extracted from the IC chip 255 provided in the electronic recording device 130, and then encrypted by the USB-compatible device 135 with the device authentication information. The invention is not limited.

The electronic record device 130 shown in FIG. 4 is a basic component which operates as the electronic record device 130 according to the present invention by firmware provided in the electronic record device 130 according to the device configuration shown in FIG. As shown in FIG. 4, a functional configuration including a functional configuration for authenticating the electronic recording device 130 in a server and / or a terminal on the network is shown in FIG. 4. For convenience of description, only the USB connector 235 and the memory are shown for convenience of the device configuration shown in FIG.

For example, the functional configuration of the electronic recording device 130 may be a functional configuration for reproducing the sound source data stored in the memory, and / or confirming the DRM of the sound source data, in addition to the functional configuration shown in FIG. 4. And it may further include a functional configuration for processing, by which the present invention is not limited.

1, referring to FIG. 4, the electronic recording device 130 communicates a USB packet between the USB compatible device 135 and the electronic recording device 130 through the USB connector 235. And a packet processing unit 415 for processing the USB packet according to the USB communication standard, wherein the USB communication unit 400 corresponds to the USB communication device 135 according to the USB communication standard. A packet transceiver 405 for transmitting and receiving a USB packet between the electronic recording device 130, a token packet processor 410 for processing the token packet among the USB packets, and / or the packet processor 415 ) Is a packet extracting unit 420 for extracting a predetermined command and / or data from the USB packet received from the USB-compatible device 135 to the electronic recording device 130, and the electronic recording device 130. Generates a USB packet to send to the USB-compatible device 135 It comprises a packet generator (425) to.

In addition, the electronic recording apparatus 130 is characterized in that it comprises a command reading unit 430 for reading and / or interpreting the command extracted by the packet extraction unit 420.

In addition, the electronic recording apparatus 130 writes the data extracted by the packet extracting unit 420 to the memory 240 through the memory input / output unit 455 or through the memory input / output unit 455. And a data processor for extracting predetermined data from the memory 240.

In addition, the electronic recording device 130 is characterized by comprising an address conversion unit 435 for converting the memory address system of the memory 240 to the memory address system provided in the USB-compatible device 135. .

In addition, the electronic recording device 130 is characterized in that it comprises a state processing unit 445 for confirming and reading the state change of the memory, and return the result to the USB-compatible device 135.

In addition, the electronic recording apparatus 130 is characterized by comprising a memory input and output unit 455 for processing the input and output of the sound source data stored in the memory.

In addition, when a predetermined IC chip 255 is provided in the electronic recording apparatus 130, a predetermined authentication key (and / or) is transmitted from the IC chip 255 through an APDU protocol corresponding to the IC chip 255 standard. Or an IC chip 255 processing unit for reading out the authentication information) and / or operating a predetermined program included in the IC chip 255 to read the result.

In addition, the electronic recording device 130 controls the memory controller 450 to control access to the sound source data by a sound source application that is authenticated to play the sound source data among the application programs included in the USB-compatible device 135. It characterized by comprising a.

According to the present invention, in order to authenticate the electronic recording device 130 in a server and / or a terminal on the network, the electronic recording device 130 extracts predetermined device authentication information provided in the memory, and And / or an information extraction unit for extracting predetermined device authentication information included in the IC chip 255 through the IC chip 255 processing unit.

In addition, the electronic recording device 130 is characterized in that it comprises an information generating unit for generating predetermined device authentication information in order to authenticate the electronic recording device 130 in the server and / or the terminal on the network. .

In addition, the electronic recording device 130 is an encryption processing unit for encrypting the generated (and / or extracted) device authentication information in order to authenticate the electronic recording device 130 in the server and / or the terminal on the network It is characterized by comprising.

The packet transceiver 405 receives a predetermined USB packet from the USB device 135 through the USB connector 235, and / or the USB device 135 through the USB connector 235. Generate a predetermined USB packet.

Referring to the USB-related standard, the minimum unit of data transmitted and received between the USB compatible device 135 and the electronic recording device 130 is a packet, and the packet is used to create a frame or a transaction.

According to an embodiment of the present invention, the USB packet includes a token packet, a data packet, a handshake packet, and a special packet. It consists of one or more fields.

The main fields included in the USB packet include a SYNC field, a PID (Packet IDentifier) field, an ADDR (ADDRess) field, an ENDP (END Point) field, a data field, and a CRC field. A field for synchronizing a start position, which appears after an IDLE state according to a Non Return to Zero Inverted (NRZI) encoding scheme, and a PID field is located after the SYNC field as a field for identifying a corresponding packet, and an ADDR field is provided for each USB. A field for identifying devices, and an ENDP field for identifying endpoints in each USB device, and a data field is a field for transmitting and receiving data, which can be freely defined within a maximum size of 1023 bytes. The CRC field is a field corresponding to a checksum for authenticating each field included in the packet.

According to an embodiment of the present invention, the USB packet is formed by combining at least one field (eg, SYNC field, PID field, ADDR field, ENDP field, data field, CRC field, etc.).

For example, the token field is a combination of an 8-bit PID field, a 7-bit ADDR field, a 4-bit ENDP field, and a 5-bit CRC5 field, and the data field includes an 8-bit PID field and 1023. It consists of a combination of a data field within bytes and a 16-bit CRC16 field, and the handshake field consists of an 8-bit PID field.

According to the exemplary embodiment of the present invention, the packet transceiver 405 transmits and receives a data packet and a handshake packet among USB packets transmitted and received between the USB-compatible device 135 and the electronic recording device 130. Token packets are preferably processed by the token packet processor 410.

According to an embodiment of the present invention, the data field of the data packet among the USB packets transmitted and received through the packet transceiver 405 may be user defined within a maximum of 1023 bytes, which is a preferred embodiment of the data field of the data packet. Will be described in detail with reference to FIG.

The packet extracting unit 420 extracts a predetermined command and / or data from a data field of a data packet received from the USB-compatible device 135 to the electronic recording device 130 through the packet transmitting / receiving unit 405. The command extracted from the data field is provided to the command reading unit 430, and the data extracted from the data field is provided to the data processing unit.

The command reading unit 430 reads and interprets a command extracted from a data field of the data packet, thereby determining whether to execute a command requested from the USB device 135.

If the command is related to the memory, the command reading unit 430 provides the read command to the memory control unit 450, and then the memory control unit 450 according to the memory control function according to the present invention. Perform the above command.

On the other hand, if the command is not related to the memory, the command reading unit 430 provides the read command to each command execution unit (not shown), thereby performing the requested command from the USB-compatible device 135. do.

If, as a result of performing the command, predetermined data to be transmitted from the electronic recording device to the USB device 135 is generated (or extracted), the packet generator 425 includes the generated (or extracted) data. Characterized by generating a predetermined data packet, the packet generation unit 425 transmits the generated data packet to the packet transceiver unit 405, and transmits to the USB-compatible device (135).

The data processor 415 processes data extracted from a data field of the data packet according to a purpose, wherein the data processing is performed by receiving the data received from the USB device 135 from the memory input / output unit ( 455 to record (or store) in the memory.

If the data is related to the memory, the data processor 415 provides the data to the memory controller 450, and then the memory controller 450 issues the command according to the memory control function according to the present invention. To perform.

On the other hand, if the data is not related to the memory 170, the data processing unit provides the data to each data operation unit (not shown) to process the data transmitted from the USB-compatible device 135.

The address conversion unit 435 converts the memory address system of the memory controlled by the memory control unit 450 into a memory address system provided in the USB device 135. The device 135 recognizes the memory provided in the electronic recording device 130 as a storage device provided in the USB compatible device 135.

The state processing units 445 and 445 confirm and read the state change of the memory and return the result to the USB device 135, wherein the state processing units 445 and 445 are performed. Since the processing of the sound source data stored in the memory controlled by the memory controller 450 cannot be confirmed by an unauthorized application program, the unauthorized access to the sound source data is blocked.

The memory input / output unit 455 processes a command for inputting / outputting sound source data and / or general data stored in the memory based on a memory attribute control function of the memory controller 450. It is preferable to be processed corresponding to the memory configuration.

For example, when the memory is a NAND memory, the memory module includes eight input / output pins (I / O0, I / O1, I / O2, ..., I / O7) (e.g., pins constituting a data bus), Command Latch Enable (CLE) Pin, Address Latch Enable (ALE) Pin, Chip Enable (CE) Pin, Read Enable (RE) Pin, Write Enable (WE) Pin, Write Protect (WP) Pin, R / B (Ready / Busy) pin, etc., the memory input / output unit 455 controls the pin configuration of the memory module based on the memory attribute control function of the memory controller 450, thereby providing data input / output commands (eg, READ1, READ2). , READ ID, etc.), and / or an initialization command (RESET), and / or a program command (PROGRAM PAGE), and / or a BLOCK ERASE, and / or READ STATUS command, etc., Thereby extracting predetermined sound source data from the memory, and / or writing predetermined sound source data into the memory, and / or It is possible to change the properties of the sound source data stored in the memory.

The memory controller 450 may be configured to force (or fix) the read-only / hidden property to protect the copyright of the sound source data stored in the memory 240, and / or the copyright of the sound source data. For protection, the memory may be divided into a memory area in which sound source data is stored and a memory area in which general data is stored.

According to an exemplary embodiment of the present invention, when the memory is forced (or fixed) to be stored as a read-only / hidden property for copyright protection of sound source data stored in the memory 240, the memory controller 450 may support the USB. Among the application programs provided in the device 135, only sound source applications authorized to access the sound source data may access the sound source data of the read-only / hidden attribute, wherein the read-only / The hidden attribute is changed only by a sound source application that is authorized to change the attribute among the application programs provided in the USB-compatible device 135, and in addition to other applications and / or operating systems of the USB-compatible device 135. It is preferable not to change by.

According to another exemplary embodiment of the present invention, when the memory is divided into a memory area in which sound source data is stored and a memory area in which general data is stored for copyright protection of the sound source data stored in the memory, the memory controller The control unit 450 may control to access only the sound source data, only the application for the sound source that is authenticated to access the memory area in which the sound source data is stored among the application programs provided in the USB device 135.

If the IC chip 255 is provided with a predetermined IC chip 255 in the electronic recording device 130, the IC chip 255 may be configured to be connected to the IC chip 255 through the interface 260 corresponding to the ISO / IEC 7816 standard. Initialize 255, and read a predetermined authentication key (and / or authentication information) from the IC chip 255 through the APDU protocol, wherein the authentication key and / or authentication information is the controller An encryption key (eg, symmetric key, public key) for encrypting the device authentication information in a predetermined encryption method (and / or encryption algorithm) at 205 (and / or USB compatible device 135 according to the implementation method). , A private key, etc.), and / or at least one OTP (One Time Password) generation code and a generation algorithm for generating a predetermined OTP code.

According to the exemplary embodiment of the present invention, when predetermined IC authentication information is provided in the IC chip 255, the IC chip 255 processing unit may transmit the device authentication information from the IC chip 255 through the APDU protocol. It is preferable to read and provide the information to the information extraction unit 475.

According to another embodiment of the present invention, when the IC chip 255 is provided with predetermined device authentication information, and the IC chip 255 is provided with a function of encrypting predetermined device authentication information, the IC chip (255) The processor requests the device authentication information included in the IC chip 255 to be encrypted through a predetermined encryption method (and / or an encryption algorithm) through the APDU protocol, and then the encryption is performed from the IC chip 255. It is possible to read the device authentication information.

According to another embodiment of the present invention, when the IC chip 255 is provided with a predetermined device authentication information generation function, and the IC chip 255 is provided with a function for encrypting predetermined device authentication information, The IC chip 255 processing unit generates predetermined device authentication information in the IC chip 255 through the APDU protocol, and encrypts the generated device authentication information through a predetermined encryption method (and / or encryption algorithm). After the request, the encrypted device authentication information can be read from the IC chip 255.

According to another exemplary embodiment of the present invention, when the IC chip 255 is provided with a function of encrypting predetermined device authentication information, the IC chip 255 processing unit performs the IC chip 255 through the APDU protocol. Provide predetermined device authentication information, request to encrypt the device authentication information through a predetermined encryption method (and / or encryption algorithm), and then read the encrypted device authentication information from the IC chip 255. It is possible.

A predetermined identification code and / or device specific information and / or record specific information and / or a predetermined electronic record is recorded in the electronic record device 130 in the memory 240 provided in the electronic record device 130. In the process of storing the device authentication information including at least one or more of the unique information assigned to the electronic recording device 130, the information extraction unit 475 is the memory (450) through the memory control unit 450 240, the device authentication information is extracted.

In addition, a predetermined identification code and / or device specific information and / or record specific information and / or a predetermined electronic record on the IC chip 255 included in the electronic record device 130 may be provided to the electronic record device 130. If device authentication information including at least one or more of unique information allocated to the electronic recording device 130 is stored in the process of being recorded (or stored), the information extracting unit 475 may process the IC chip 255 processing unit. The device authentication information is extracted from the IC chip 255.

The information generator 460 generates predetermined device authentication information including a predetermined random number and / or a one time password (OTP) code.

The information generator 460 generates a random number through a random random number generation algorithm. In this case, the information generator 460 (and / or the cryptographic processor) generates the random number in a predetermined encryption scheme (and And / or an encryption algorithm), and then generates the predetermined device authentication information by concatenating the plain text random number and the encrypted random number. In this case, the server and / or the terminal on the network may generate the device authentication information. Receive a, encrypt the plain text random number included in the device authentication information by the encryption method (and / or encryption algorithm), and then compare the encrypted random number and the encrypted random number included in the device authentication information In addition, the electronic recording device 130 may be authenticated.

Alternatively, the server and / or the terminal on the network receives the device authentication information, and decrypts (and / or) the encrypted random number included in the device authentication information corresponding to the encryption method (and / or encryption algorithm). After decrypting with a decryption algorithm), the electronic recording device 130 may be authenticated by comparing the decrypted random number with a plain text type random number included in the device authentication information.

According to another embodiment of the present invention, the random number is generated by the USB-compatible device 135 and provided to the electronic recording device 130, or generated from a server and / or a terminal on the network to support the USB-compatible device. After being provided to the electronic record device 130 through the 135, the electronic record device 130 may generate the device authentication information by encrypting it with a predetermined encryption method (and / or an encryption algorithm). The present invention is not limited by this.

The information generator 460 generates a predetermined OTP code through predetermined OTP generation information and an OTP generation algorithm, and the OTP generation algorithm is a time-synchoronous OTP generation algorithm and / or a challenge-response ( Challenge-Response) includes at least one or more of the OTP generation algorithm.

The encryption processing unit converts the device authentication information extracted by the information extraction unit 475 and / or the device authentication information generated by the information generation unit into a symmetric key (or secret key) encryption scheme, and / or a public key. And encryption through at least one encryption method (and / or encryption algorithm) such as an encryption method, and / or a key exchange encryption method, and / or an electronic envelope encryption method.

At least one device authentication information extracted by the information extraction unit 475, and / or device authentication information generated by the information generation unit, and / or device authentication information encrypted by the encryption processing unit 465. The device authentication information, which is included, is processed into a predetermined USB packet (eg, a data packet) through the packet generation unit 425 of the packet processing unit 415, and the packet transmission / reception unit 405 of the USB communication unit 400 is included. The USB connector 235 is provided to the USB-compatible device 135 through which the USB-compatible device 135 transmits the device authentication information to a server and / or a terminal on the network through a predetermined network. do.

According to another exemplary embodiment of the present invention, the information extracting unit 475 and / or the information generating unit 460 and / or the encryption processing unit 465 may be in the form of a program (eg, a card application) for the IC chip 255. The IC chip 255 may be provided. In this case, the device authentication information extracted and / or generated and / or encrypted by the IC chip 255 may be read through the IC chip 255 processing unit, and the packet may be read. It is processed into a predetermined USB packet (eg, a data packet) through the packet generator 425 of the processor 415, and the USB connector 235 is transmitted through the packet transceiver 405 of the USB communication unit 400. It is provided to the USB-compatible device 135, after which the USB-compatible device 135 transmits the device authentication information to a server and / or terminal on the network via a predetermined network.

According to another exemplary embodiment of the present invention, the information extracting unit 475 and / or the information generating unit 460 and / or the encryption processing unit 465 may be provided in the USB device 135. In this case, the information extracting unit 475 included in the USB compatible device 135 extracts predetermined device authentication information from the electronic recording device 130 through the USB communication interface, and / or the USB compatible device 135. It is possible to extract predetermined device authentication information from a storage device provided in the device, and the information generation unit included in the USB compatible device 135 can generate predetermined device authentication information. The encryption processing unit provided at 135 may encrypt the extracted and / or generated device authentication information using a predetermined encryption method (and / or encryption algorithm), and then the USB device 135 may be the device. And transmits the information to the server and / or the terminals on the network through a predetermined network.

In the above-described method, the USB device 135 may further include an information input unit (not shown) for receiving predetermined device authentication information according to the intention of a person skilled in the art, and the present invention is not limited thereto.

5A and 5B illustrate a simple functional block of the USB device 135 according to the embodiment of the present invention.

In more detail, FIGS. 5A and 5B illustrate, in block form, a preferable functional configuration for the USB compatible device 135 connected to the electronic recording device 130 through a USB communication standard. Specifically, FIG. At least one electronic recording device connected to the USB-compatible device 135 in conjunction with at least one USB controller 205 provided in the USB-compatible device 135 is connected to a predetermined communication program provided in the corresponding device 135 ( 130, and includes (or interlocks) a predetermined script / plugin to generate predetermined device authentication information in the electronic recording device 130 and transmit it to the web server 100 through the network. 5B illustrates a predetermined communication program included in the USB-compatible device 135 interoperating with at least one or more USB controllers 205 included in the USB-compatible device 135. Detect at least one electronic record device 130 connected to the USB device 135, generate the predetermined device authentication information in the electronic record device 130, and transmit it to the web server 100 through the network. A method of interworking a predetermined program is shown.

Those skilled in the art to which the present invention pertains, various types of USB-compatible device connected to the electronic recording device 130 through the USB communication standard by referring to and / or modifying the drawings 5a and 5b. 135 (e.g., wired terminals such as personal computers and / or laptops, portable terminals such as PDAs and / or PMPs, CDMA-based mobile terminals and / or IEEE 802.16x-based portable Internet terminals and / or DataTAC / Mobitex) Wireless data communication terminal, at least one or more home sound source output device, portable sound source output device, vehicle sound source output device, etc.) can be inferred, but the present invention includes all the inferred implementation method The present invention is not limited to the implementation method shown in FIGS. 5A and 5B.

The USB compatible device 135 may include a USB connector 235 electrically connected to the USB connector 235 included in the electronic recording device 130 through a predetermined USB cable, and all of the USB compatible device 135 on the USB compatible device 135. And a USB controller 205 for controlling and managing USB communication.

Those skilled in the art (for example, those familiar with the USB standard), the USB connector 235 and USB controller 205 provided in the USB-compatible device 135 in detail Since the technical specification will be understood, a detailed description thereof will be omitted for convenience.

5A and 5B, the USB-compatible device 135 may include a USB system program for interlocking the USB controller 205 to control USB communication, and the electronic recording device 130 in conjunction with the USB system program. Characterized in that it comprises at least one or more USB applications to access the functions provided in.

The USB system program is a program corresponding to the USB system software layer on a USB standard system structure, and corresponds to an operating system included in the USB compatible device 135, and a USB drive program interoperating with the USB controller 205. And / or include a host driver program.

Those skilled in the art (for example, those familiar with the USB standard) will clearly understand the technical features of the USB system program included in the USB-compatible device 135, and thus will be described in detail. Description is omitted for convenience.

The USB application program is at least one application program that accesses a function provided in the electronic recording device 130 in cooperation with the USB system program, and connects a predetermined communication channel with a server and / or a terminal on a network. A communication program for authenticating the electronic recording device 130 in a server and / or a terminal on the network through a communication channel, a sound source application program for reproducing sound source data included in the electronic recording device 130, and At least one general application program for accessing general data (and / or general data storage area) included in the electronic record apparatus 130 is included.

According to an exemplary embodiment of the present invention, the communication program may include the USB-compatible device 135 for a client / server based electronic record related service (and / or electronic record related membership service, and / or electronic record related community service). The USB-compatible device 135 for a browser program and / or a peer-to-peer (P2P) based electronic record related service (and / or electronic record related membership service, and / or electronic record related community service). At least one general-purpose communication program, such as an instant messenger program provided in the) is preferably included.

According to another embodiment of the present invention, the communication program is the USB for the electronic record-related services (and / or electronic record-related membership services, and / or electronic record-related community services) at the server and / or terminal on the network It is desirable to include a dedicated communication program distributed and installed in the corresponding device 135, and the present invention is not limited thereby.

According to another exemplary embodiment of the present invention, the communication program includes a function of connecting a predetermined communication channel with a server and / or a terminal on the network to a sound source application program included in the USB compatible device 135. It is possible to provide the sound source reproduction service and the electronic record related service (and / or the electronic record related membership service, and / or the electronic record related community service) according to the present invention, whereby the present invention is not limited thereto. .

Referring to FIG. 5A, the communication program operates at least one electronic recording device 130 connected to the USB compatible device 135 in association with at least one USB controller 205 included in the USB compatible device 135. And a script and / or a plug-in for detecting and generating predetermined device authentication information in the electronic recording device 130 and transmitting it to the web server 100 through the network.

Referring to FIG. 5B, the communication program operates at least one electronic recording device 130 connected to the USB compatible device 135 in cooperation with at least one USB controller 205 included in the USB compatible device 135. It detects and generates the predetermined device authentication information in the electronic recording device 130, characterized in that it is linked with a predetermined client program to transmit to the web server 100 via the network.

According to another exemplary embodiment of the present invention, the communication program may be configured for the USB corresponding device for an electronic record related service (and / or electronic record related membership service, and / or electronic record related community service) at a server and / or terminal on the network. A dedicated communication program distributed to and installed at 135 and / or a predetermined communication channel connected to a server and / or a terminal on the network to a sound source application program provided in the USB compatible device 135. In the case of providing the sound source reproduction service and the electronic record related service (and / or the electronic record related membership service, and / or the electronic record related community service) according to the present invention, the communication program may include The USB in cooperation with at least one USB controller 205 provided in the USB device 135 Detecting at least one electronic record device 130 connected to the device 135, and generating predetermined device authentication information in the electronic record device 130 to transmit to the web server 100 through the network. It is preferable to comprise a.

Figure 6 illustrates a data packet structure for memory identification and data writing, reading and erasing in accordance with one embodiment of the present invention.

In more detail, FIG. 6 illustrates a preferred embodiment of a data packet structure including a predetermined command and / or data among USB packets transmitted and received between the USB-compatible device 135 and the electronic recording device 130. Those skilled in the art can infer various types of data packets transmitted and received between the USB-compatible device 135 and the electronic recording device 130 by referring to and / or modifying the present invention. It will be appreciated that the present invention encompasses all of the inferred implementation methods and is not limited to the implementation method illustrated in FIG.

6A and 6B illustrate an embodiment of a structure of a data packet related to memory identification, wherein the USB-compatible device 135 includes a memory identification request data packet including a PID, a memory identification request command (CMD), and a CRC as shown in FIG. 6A. When the electronic disc device 130 is transmitted to the electronic record device 130, the electronic record device 130 reads the memory identification request command CMD and performs a memory identification procedure corresponding thereto. A memory identification reproduction data packet including an identification reproduction command (CMD), a memory size, an erase unit size (EUS) of the memory, and a CRC is generated and transmitted to the USB compatible device 135.

6C and 6D illustrate a data packet structure related to data writing to a memory. In the USB device 135, as shown in FIG. 6C, a PID, a write request command (CMD), an address (ADDR), and a length (LEN) are shown. ), And when the recording request data packet including the data DATA and the CRC is transmitted to the electronic recording device 130, the electronic recording device 130 transmits the recording request command CMD and the address to which data is to be recorded. ) Is written (or stored) to the address ADDR.

After the above data storage process is completed, the electronic recording device 130, as shown in Fig. 6d, the PID, the recording status command CMD, the address ADDR, the length LEN, the recording status STATUS, and the like. A record state data packet including a CRC is generated and transmitted to the USB device 135.

6E and 6F illustrate a data packet structure related to reading data into a memory. In the USB device 135, as shown in FIG. 6E, a PID, a read request command (CMD), an address (ADDR), and a CRC are shown. When the read request data packet including the electronic device device 130 is transmitted to the electronic record device 130, the electronic record device 130 reads the read request command CMD and the address ADDR to which data is to be read. The data DATA is read and extracted from the address ADDR.

After the process of reading (or extracting) the data DATA is completed, the electronic recording apparatus 130 may read the PID, the read status command (CMD), the address (ADDR) and the read (or extract) as shown in FIG. 6F. A read status data packet including a data length LEN and a status and the read (or extracted) data DATA and a CRC is generated and transmitted to the USB device 135.

6G and 6H illustrate an embodiment of a data packet structure related to data deletion in a memory. In the USB compatible device 135, PID, an erase request command (CMD), an address (ADDR), and a CRC, as shown in FIG. When the erase request data packet is transmitted to the electronic recording device 130, the electronic recording device 130 reads the erase request command CMD and the address ADDR to which data is to be erased, and the address of the memory. The data DATA is deleted from ADDR.

After the data deletion process is completed, the electronic recording device 130 includes an erased state data packet including a PID, an erase state command (CMD), an address (ADDR), a state (STATUS), and a CRC as shown in FIG. 6H. It generates and transmits to the USB-compatible device 135.

7 illustrates a data packet structure including device authentication information according to an embodiment of the present invention.

In more detail, FIG. 7 illustrates a data packet structure for authenticating the electronic record device 130 in a server and / or a terminal on a network among USB packets transmitted and received between the USB compatible device 135 and the electronic record device 130. As shown in the preferred embodiment, those skilled in the art to which the present invention pertains, the electronic recording device 130 in the server and / or the terminal on the network by referring to and / or modifying the present figure 7 Although various types of data packets for authentication may be inferred, the present invention includes all the inferred implementation methods and is not limited to the implementation method shown in FIG.

Referring to FIG. 7, when a server and / or a terminal on the network wants to authenticate the electronic recording device 130, a script / plug-in included in a communication program included in the USB device 135 and / or The program linked with the communication program transmits a device authentication information request data packet including a PID, an information request command (CMD), and a CRC to the electronic recording device 130 as shown in FIG. 7A, and the electronic recording device 130. After performing a predetermined device authentication information extraction / generation and / or encryption procedure, the PID and information provision command (CMD), the extraction / generation and / or encrypted device authentication information (ADATA) and The device authentication information providing data packet including the CRC is transmitted to the USB-compatible device 135, and the USB-compatible device 135 transmits the device authentication information to a server and / or a terminal on a network.

8 is a diagram illustrating a method of encrypting and transmitting device authentication information by a symmetric key (or secret key) method in the electronic recording apparatus 130 according to an embodiment of the present invention.

In more detail, FIG. 8 encrypts and transmits the device authentication information by a symmetric key (or secret key) method based on a predetermined certificate in the electronic recording device 130 having an encryption function as shown in FIG. As to a method, if one of ordinary skill in the art to which the present invention pertains, refer to and / or modify this figure 8 to convert the device authentication information in the electronic recording device 130 to a symmetric key (or secret key). It will be able to infer various implementation methods of encryption in a manner, but the present invention includes all the inferred implementation methods, and is not limited to the implementation method shown in FIG.

In this figure 8 according to the embodiment of the present invention, the symmetric key (or secret key) is preferably read from the official certificate provided in the electronic record device 130, the official certificate is the electronic record device 130 It may be stored in a predetermined memory provided in the), and / or stored in the IC chip 255 mounted on the electronic recording device 130, thereby not limited to the present invention.

According to another exemplary embodiment of the present invention, the symmetric key (or secret key) may be stored in the memory and / or the IC chip 255 of the electronic recording apparatus 130 in addition to the public certificate, thereby preventing the invention. It is not limited.

Referring to FIG. 8, when predetermined device authentication information is extracted from the information extracting unit 475 of the electronic recording device 130 and / or predetermined device authentication information is generated in the information generating unit, the encryption processing unit may be used. If the device authentication information is provided, the encryption processing unit reads a predetermined symmetric key (or secret key) for encrypting the device authentication information from the public certificate provided in the electronic recording device 130. In operation 805, the device authentication information is encrypted using the read symmetric key (or secret key).

Herein, the encryption function of the encryption processing unit is called E (Encryption), the symmetric key (or secret key) is k (key), the device authentication information is P (Plaintext), and the symmetric key (or secret key). When the encrypted device authentication information is referred to as C (Ciphertext), the encryption function of the encryption processing unit may be expressed by a formula such as "Ek (P) = C".

According to the embodiment of the present invention, the encryption processing unit encrypts the device authentication information through the symmetric key (or secret key), SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA (International) It is preferable to include at least one or more of Data Encryption Algorithm, and in addition, various types of encryption algorithms may be used, but the present invention is not limited to a specific encryption algorithm.

When the device authentication information is encrypted through the symmetric key (or the secret key) as described above, the packet generation unit 425 generates a predetermined USB packet including the device authentication information (815), and the generated USB packet. When the packet is transmitted to the packet transceiver 405 (820), the packet transceiver 405 transmits the device authentication information to the USB-compatible device 135 through the USB connector 235 (825), Thereafter, the USB device 135 transmits the device authentication information to a server and / or a terminal on a network.

9 is a diagram illustrating a method of decrypting device authentication information encrypted and received by a server and / or a terminal on a network in a symmetric key (or secret key) manner according to an embodiment of the present invention.

In more detail, FIG. 9 shows the device authentication information encrypted and received from the electronic recording apparatus 130 having the encryption function as shown in FIG. 4 at the server and / or the terminal on the network as shown in FIG. A method for decrypting using a secret key) method, and if the present invention belongs to one of ordinary skill in the art, the encrypted device in the electronic recording device 130 by referring to and / or modifying the drawing of FIG. Various implementation methods for decrypting authentication information in a symmetric key (or secret key) manner may be inferred, but the present invention includes all the inferred implementation methods and is not limited to the implementation method shown in FIG.

In this figure 9 according to the embodiment of the present invention, the symmetric key (or secret key) is preferably read from the public certificate provided in the server and / or terminal on the network, the public certificate is a server and And / or stored in a predetermined database (not shown) that cooperates with the terminal, whereby the present invention is not limited.

Referring to FIG. 9, the information receiving unit 115 of the server and / or the terminal on the network receives at least one or more packets including the encrypted device authentication information through the web interface unit 105, and receives the received information. The electronic record device 130 restores (or generates) the encrypted device authentication information through the symmetric key (or the secret key) from the packet and provides the encrypted device authentication information to the electronic record authentication unit 120 (900).

Thereafter, the electronic record authenticator 120 extracts a predetermined symmetric key (or secret key) for decrypting the encrypted device authentication information from the public certificate provided in a server and / or a terminal on a network (905). In operation 910, the encrypted device authentication information is decrypted using the extracted symmetric key (or secret key).

Here, the decryption function of the electronic record authenticator 120 is called D (Decryption), and the device authentication information encrypted with the symmetric key (or secret key) k (key) and the symmetric key (or secret key) When C (Ciphertext) and the decrypted device authentication information are P (Plaintext), the function of decrypting the encrypted device authentication information by the electronic recording authenticator 120 is "Dk = P, or Dk (Ek ( It can be expressed by an expression such as P)) = P ".

According to the embodiment of the present invention, the algorithm for decrypting the encrypted device authentication information by the electronic record authenticator 120 through the symmetric key (or secret key) is SEED, DES (Data Encryption Standard), Triple- It is preferable to include at least one or more of DES, Skipjack, International Data Encryption Algorithm (IDEA), and various forms of decryption algorithms may be used, but the decryption algorithm is an encryption used in the electronic recording device 130. Characterized by matching the algorithm, the present invention is not limited by a specific decoding algorithm.

When the device authentication information encrypted through the symmetric key (or the secret key) is decrypted as described above, the electronic record authentication unit 120 follows the authentication procedure of the electronic recording device device 130 corresponding to the decrypted device authentication information. By authenticating the device authentication information, the electronic record device 130 is validated (915).

FIG. 10 is a diagram illustrating a method for encrypting and transmitting device authentication information in a public key infrastructure structure in an electronic recording device 130 according to an embodiment of the present invention.

In more detail, FIG. 10 illustrates an embodiment of the present invention for encrypting and transmitting the device authentication information in a public key infrastructure structure based on a predetermined certificate in the electronic recording device 130 having an encryption function as shown in FIG. As those skilled in the art to which the present invention pertains, various implementation methods for encrypting the device authentication information in the electronic recording device 130 using a public key method will be described with reference to and / or modified with reference to FIG. It may be inferred, but the present invention includes all the inferred implementation methods, and is not limited to the implementation method illustrated in FIG.

In this figure 10 according to the embodiment of the present invention, the server-side public key is preferably read from the official certificate provided in the electronic recording device 130, the official certificate is provided in the electronic recording device 130 Stored in a predetermined memory and / or stored in the IC chip 255 mounted on the electronic recording device 130, and the present invention is not limited thereto.

Alternatively, the server-side public key may be extracted from a predetermined directory (not shown) operated and managed by a certification authority that issues the public certificate to the electronic recording device 130, thereby limiting the present invention. No.

Referring to FIG. 10, when predetermined device authentication information is extracted from the information extracting unit 475 of the electronic recording device 130 and / or predetermined device authentication information is generated in the information generating unit, the encryption processing unit may be used. In operation 1000, if the device authentication information is provided, the encryption processing unit extracts a predetermined server side public key for encrypting the device authentication information from the authorized certificate (1005), and extracts the extracted server side public key. The device authentication information is encrypted through a key (1010).

Here, the encryption function of the encryption processing unit is called E (Encryption), the server-side public key is k1 (key), the device authentication information is P (Plaintext), and the device authentication information encrypted with the server-side public key is C. Supposing (Ciphertext), the encryption function of the encryption processing unit can be expressed by an expression such as "Ek1 (P) = C".

According to an embodiment of the present invention, the algorithm for encrypting the device authentication information through the server-side public key, RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), DH ( It is preferable to include at least one or more of Diffie, Hellman), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, ECDH, and various other encryption algorithms may be used, but the present invention may be implemented by a specific encryption algorithm. It is not limited.

For example, in the case of encrypting the device authentication information through the RSA encryption algorithm, among the encryption algorithms, a public method (Modulus) used in the encryption process is n, and a non-disclosed prime number with different prime factors of n is a. b, if the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a- 1) (b-1) ", wherein the encryption function of the encryption processing unit may be expressed as" C = Ek1 (P) = Pe mod n ".

When the device authentication information is encrypted using the server-side public key as described above, the packet generation unit 425 generates a predetermined USB packet including the device authentication information (1015), and generates the generated USB packet into the packet. When provided to the transceiver 405 (1020), the packet transceiver 405 transmits the device authentication information to the USB-compatible device 135 through the USB connector 235 (1025). The USB compatible device 135 transmits the device authentication information to a server and / or a terminal on a network.

FIG. 11 illustrates a method for decrypting device authentication information encrypted and received by a server and / or a terminal on a network according to an embodiment of the present invention using a public key infrastructure.

In more detail, FIG. 11 illustrates a public key infrastructure of the device authentication information received from the electronic recording device 130 having the encryption function as shown in FIG. The present invention relates to an embodiment of the present invention, which, if known in the art, is encrypted with the server-side public key in the electronic recording device 130 by referring to and / or modifying the present invention. Although various implementation methods for decrypting device authentication information in a public key infrastructure scheme may be inferred, the present invention includes all the inferred implementation methods and is not limited to the implementation method shown in FIG.

In FIG. 11 according to an embodiment of the present invention, the server-side private key for decrypting the device authentication information encrypted with the server-side public key in a public key infrastructure scheme may include the public certificate provided in a server and / or a terminal on the network. Preferably, the certificate is stored in a predetermined database (not shown) that interoperates with a server and / or a terminal on the network, and the present invention is not limited thereto.

Referring to FIG. 11, the information receiving unit 115 of the server and / or the terminal on the network receives at least one or more packets including the device authentication information encrypted through the web interface unit 105, and the received packets. From (1100) restores (or generates) the device authentication information encrypted and transmitted by the electronic record device 130 from the electronic record device (120).

Thereafter, the electronic record authenticator 120 extracts a server-side private key for decrypting the encrypted device authentication information from the public certificate provided in the server and / or the terminal on the network (1105), and the extracted server. The encrypted device authentication information is decrypted using the side private key (1110).

Here, the decryption function of the electronic record authenticator 120 is called D (Decryption), the server side private key is k2 (key), the device authentication information encrypted with the server side public key is C (Ciphertext), and the When device authentication information decrypted with a server-side private key is called P (Plaintext), the function of decrypting the encrypted device authentication information by the digital record authentication unit 120 is "Dk2 = P, or Dk2 (Ek (P)). It can be expressed as an expression such as = P ".

According to the embodiment of the present invention, the algorithm for decrypting the device authentication information encrypted with the server-side public key in the electronic record apparatus 130 by the electronic record authentication unit 120, the RSA (Ron) Rivest, Adi Shamir, Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. Although a decryption algorithm may be used, the decryption algorithm is matched with an encryption algorithm used in the electronic recording apparatus 130, and the present invention is not limited to a specific decryption algorithm.

For example, when the device authentication information is decrypted through an RSA decryption algorithm among the public key based decryption algorithms, a public method (Modulus) used in the decryption process is n, a prime number which is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e, the undisclosed index is d, the n satisfies "n = a * b", d is "de = 1 mod (a-1) (b-1) ", wherein the decryption function of the electronic record authenticator 120 may be expressed as" P = Dk2 = Cd mod n ".

As described above, when the device authentication information encrypted by the server-side public key is decrypted by the electronic record device 130 through the server-side private key, the electronic record authentication unit 120 may record the electronic record corresponding to the decrypted device authentication information. By authenticating the device authentication information according to the device 130 authentication procedure, the electronic record device 130 is authenticated (1115).

12 is a diagram illustrating a method for encrypting and transmitting device authentication information by an electronic envelope method in the electronic recording apparatus 130 according to an embodiment of the present invention.

More specifically, FIG. 12 is an embodiment of the present invention for encrypting and transmitting the device authentication information in an electronic envelope method based on a predetermined certificate in the electronic recording device 130 having an encryption function as shown in FIG. 4. If one of ordinary skill in the art to which the present invention pertains, various embodiments of the present invention can be inferred by referring to and / or modifying the drawing 12 to encrypt the device authentication information in the electronic envelope method. As will be appreciated, the present invention encompasses all of the inferred implementation methods and is not limited to the implementation method illustrated in FIG.

In this figure 12 according to the embodiment of the present invention, the server-side public key is preferably read from the public certificate provided in the electronic recording device 130, and the public certificate is provided in the electronic recording device 130. Stored in a predetermined memory and / or stored in the IC chip 255 mounted on the electronic recording device 130, and the present invention is not limited thereto.

Alternatively, the server-side public key may be extracted from a predetermined directory (not shown) operated and managed by a certification authority that issues the public certificate to the electronic recording device 130, thereby limiting the present invention. No.

Referring to FIG. 12, when predetermined device authentication information is extracted from the information extracting unit 475 of the electronic recording device 130 and / or predetermined device authentication information is generated in the information generating unit, the encryption processing unit may be used. In step 1200, if the device authentication information is provided, the encryption processing unit generates a predetermined random secret key for encrypting the device authentication information in a secret key (symmetric key) manner. In operation 1205, the device authentication information is encrypted using the generated secret key.

Here, the encryption function of the encryption processing unit is called E (Encryption), the secret key is r (random secret key), the device authentication information is P (Plaintext), and the device authentication information encrypted with the secret key is C (Ciphertext). ), The encryption function of the encryption processing unit can be expressed by a formula such as "Er (P) = C".

According to an embodiment of the present invention, the algorithm for encrypting the device authentication information by the encryption processing unit through the secret key, SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA (International Data Encryption Algorithm) It is preferable to include at least one or more, and various forms of encryption algorithms may be used, but the present invention is not limited by a specific encryption algorithm.

Thereafter, the encryption processing unit encrypts the secret key (random secret key) used to encrypt the device authentication information. To this end, the encryption processing unit extracts a predetermined server-side public key from the public certificate (1215), and The secret key is encrypted using a server-side public key (1220).

Herein, the encryption function of the encryption processing unit is called E (Encryption), the server-side public key is k1 (key), the secret key is r (random Secret key), and the server-side public key is encrypted with the C-key. In the case of (Ciphertext), the encryption function of the encryption processing unit can be expressed by an expression such as "Ek1 (r) = C".

According to an embodiment of the present invention, the algorithm for encrypting the secret key through the server-side public key is RRI (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), DH (Diffie). , Hellman), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, ECDH, or at least one of the above, and may be used. In addition, various types of encryption algorithms may be used, but the present invention is not limited by a specific encryption algorithm. No.

For example, in the case of encrypting the secret key through the RSA encryption algorithm among the encryption algorithms, the public method (Modulus) used in the encryption process is n, and the non-public prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the encryption function of the encryption processing unit may be expressed as" C = Ek1 (r) = re mod n ".

If the device authentication information is encrypted with the secret key, and the secret key is encrypted with the server-side public key, the packet generator 425 generates a predetermined USB packet including the device authentication information (1225). When the generated USB packet is provided to the packet transceiver 405 (1230), the packet transceiver 405 transmits the device authentication information to the USB device 135 through the USB connector 235. In operation 1235, the USB device 135 transmits the device authentication information to a server and / or a terminal on a network.

FIG. 13 is a diagram illustrating a method for decrypting device authentication information encrypted and received by a server and / or a terminal on a network according to an embodiment of the present invention by an electronic envelope method.

In more detail, FIG. 13 illustrates a process in which a server and / or a terminal on a network as shown in FIG. 5 receives transaction data including encrypted device authentication information from an electronic recording device 130 having an encryption function as shown in FIG. 4. The present invention relates to a method of decrypting transaction data by an electronic envelope method. If the present invention has a general knowledge in the art, the electronic recording apparatus 130 may use the electronic device to refer to and / or modify the drawing. Various implementation methods for decrypting the envelope-encrypted transaction data by the same electronic envelope method may be inferred, but the present invention includes all the inferred implementation methods and is not limited to the implementation method shown in FIG. .

In this figure 13 according to an embodiment of the present invention, the server-side private key for decrypting the transaction data in an electronic envelope method is preferably read from the public certificate provided in the server and / or the terminal on the network. The certificate is preferably stored in a predetermined database (not shown) that cooperates with the server and / or the terminal on the network, whereby the present invention is not limited.

Referring to FIG. 13, the information receiving unit 115 of the server and / or the terminal on the network includes at least one packet including predetermined transaction data including device authentication information encrypted through the web interface unit 105. Receive and restore (or generate) transaction data including device authentication information encrypted and transmitted by the electronic recording device 130 to the electronic recording authentication unit 120 from the received packet (1300). .

Thereafter, the electronic record authenticator 120 extracts a server-side private key for decrypting the encrypted secret key included in the transaction data from the public certificate provided in the server and / or the terminal on the network (1305). Extracts a predetermined secret key for decrypting the device authentication information by decrypting the secret key encrypted by the server-side public key in the electronic recording device 130 through the extracted server-side private key (1310); In operation 1315, the device authentication information is decrypted using the extracted secret key in operation 1320, and the device authentication information encrypted by the secret key is extracted in operation 1325.

Here, the decryption function of the electronic record authenticator 120 is called D (Decryption), the server-side private key is k2 (key), the secret key encrypted with the server-side public key is C (Ciphertext), and the server. When the secret key decrypted with the side private key is r (random secret key), the function of decrypting the encrypted secret key by the digital record authenticator 120 is "Dk2 = r, or Dk2 (Ek1 (r)) = r ".

According to an embodiment of the present invention, the algorithm for decrypting the secret key encrypted by the electronic record apparatus 130 with the server-side public key through the server-side private key is RSA (Ron Rivest). , Adi Shamir, Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. A decryption algorithm may be used, but the decryption algorithm is matched with an encryption algorithm used in the electronic recording device 130, and the present invention is not limited to a specific decryption algorithm.

For example, when decrypting the secret key through the RSA decryption algorithm among the public key-based decryption algorithms, n is a public method (Modulus) used in the decryption process, and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decryption function of the electronic record authenticator 120 may be expressed as" P = Dk2 = Cd mod n ".

Here, the decryption function of the electronic record authenticator 120 is called D (Decryption), the secret key is r (random secret key), the device authentication information encrypted with the secret key is C (Ciphertext), and the When the device authentication information to be decrypted is called P (Plaintext), the function of decrypting the encrypted device authentication information by the electronic record authentication unit 120 is “Dr = P, or Dr (Er (P)) = P”. The same formula can be used.

According to the embodiment of the present invention, the algorithm for decrypting the encrypted device authentication information by the electronic record authentication unit 120 using the secret key is SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA. It is preferable to include at least one or more of the (International Data Encryption Algorithm), and in addition, various forms of decryption algorithms can be used, but the decryption algorithm is matched with the encryption algorithm used in the electronic recording device 130. The present invention is not limited by the specific decoding algorithm.

When the device authentication information is decrypted as described above, the electronic record authentication unit 120 authenticates the device authentication information according to the authentication procedure of the electronic record device 130 corresponding to the decrypted device authentication information. Validate 130 (1330).

FIG. 14 illustrates a method for encrypting and transmitting device authentication information in a key exchange method in the electronic recording apparatus 130 according to an embodiment of the present invention.

More specifically, FIG. 14 is a method for encrypting and transmitting the device authentication information in a key exchange method based on a predetermined certificate in the electronic recording device 130 having an encryption function as shown in FIG. 4. Those skilled in the art to which the present invention pertains can refer to and / or modify this drawing 14 to infer various implementation methods for encrypting the device authentication information in the key exchange method in the electronic recording device 130. It will be appreciated that the present invention encompasses all of the inferred practice methods and is not limited to the practice method shown in FIG.

According to the embodiment of the present invention, the device-side private key and the server-side public key are preferably read from the public certificate provided in the electronic recording device 130. The public certificate is the electronic recording device. It may be stored in a predetermined memory provided in the 130, and / or stored in the IC chip 255 mounted in the electronic recording device 130, and the present invention is not limited thereto.

Alternatively, the device-side private key and the server-side public key may be extracted from a predetermined directory (not shown) operated and managed by a certification authority that issues the certificate to the electronic recording device 130. The present invention is not limited.

Referring to FIG. 14, when predetermined device authentication information is extracted from the information extracting unit 475 of the electronic recording device 130 and / or predetermined device authentication information is generated in the information generating unit, the encryption processing unit may be used. When the device authentication information is provided, the encryption processing unit provides the device authentication information with a predetermined one-way hash function (eg, a hash code of a predetermined length regardless of the length of the device authentication information). A one-way hash function that generates a message digest including a message and cannot identify (or infer) the original message through the hash code (or message digest). And a server and / or a terminal on the network use the same hash function) to generate a predetermined message digest (1405), and the message digest is generated on the device side. Encryption and electronic signature by using the key (1410).

Here, the encryption function of the encryption processing unit is called E (Encryption), the device-side private key is t1 (15erminal side key), the message digest is m (message digest), and the message digest encrypted with the device-side private key. Speaking of C (Ciphertext), the digital signature function of the cryptographic processing unit can be expressed by an expression such as "Et1 (m) = C".

According to an embodiment of the present invention, an algorithm for encrypting the message digest by the encryption processing unit using the device-side private key includes RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), and DH (Diffie). , Hellman), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, ECDH, or at least one of the above, and may be used. In addition, various types of encryption algorithms may be used, but the present invention is not limited by a specific encryption algorithm. No.

For example, in the case of encrypting the message digest through the RSA encryption algorithm among the encryption algorithms, the public method (Modulus) used in the encryption process is n, and the non-public prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the digital signature function of the encryption processing unit may be expressed as" C = Et1 (m) = me mod n ".

In addition, the encryption processing unit generates a predetermined random secret key for encrypting the device authentication information by a secret key method (14ecret Key, Symmetric Key) method (1415), the device authentication information and the device side The message digest encrypted with the private key and a copy of a certificate (for example, a certificate including a device-side public key) included in the public certificate are linked to each other and encrypted through the generated private key (1420).

Here, the encryption function of the encryption processing unit is called E (Encryption), the secret key is r (random Secret key), the device authentication information and the copy of the certificate P (Plaintext), and the device authentication information encrypted with the secret key and If the copy of the certificate is referred to as C (Ciphertext), the encryption function of the encryption processing unit can be expressed by a formula such as "Er (P) = C".

According to an embodiment of the present invention, the algorithm for encrypting the device authentication information and the copy of the certificate through the secret key, SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, International Data Encryption It is preferable to include at least one of the algorithm (Algorithm), and various forms of encryption algorithm may be used, but the present invention is not limited by a specific encryption algorithm.

In addition, the encryption processing unit extracts a predetermined server-side public key from the public certificate (1425) to encrypt the private key encrypting the device authentication information, and uses the server-side public key to obtain the device authentication information. The encrypted secret key is encrypted (1430).

Here, the encryption function of the encryption processing unit is called E (Encryption), the server-side public key is s1 (14erver side key), the secret key is r (random Secret key), and the secret key encrypted with the server-side public key If C (Ciphertext), the encryption function of the encryption processing unit can be expressed by a formula such as "Es1 (r) = C".

According to an embodiment of the present invention, the algorithm for encrypting the secret key through the server-side public key is RRI (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), DH (Diffie). , Hellman), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, ECDH, or at least one of the above, and may be used. In addition, various types of encryption algorithms may be used, but the present invention is not limited by a specific encryption algorithm. No.

For example, in the case of encrypting the secret key through the RSA encryption algorithm among the encryption algorithms, the public method (Modulus) used in the encryption process is n, and the non-public prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the encryption function of the encryption processing unit may be expressed as" C = Es1 (r) = re mod n ".

The device authentication information, the message digest encrypted with the device-side private key, and a copy of a certificate including the device-side public key are linked to each other and encrypted through the generated secret key, and the secret key is encrypted through the server-side public key. If encrypted, the encryption processing unit encrypts a copy of a certificate including the device digest information encrypted with the secret key, the message digest encrypted with the device side private key, and the device side public key with the server side public key. In operation 1435, predetermined transaction data is generated in association with the control unit, and the generated transaction data is provided to the packet generator 425.

When the packet generator 425 generates a predetermined USB packet including the device authentication information and provides the packet to the packet transceiver 405 (1440), the packet transceiver 405 is connected to the USB connector 235. The device authentication information is transmitted to the USB-compatible device 135 through 1445, after which the USB-compatible device 135 transmits the device authentication information to a server and / or a terminal on a network.

FIG. 15 illustrates a method for decrypting device authentication information encrypted and received by a server and / or a terminal on a network according to an embodiment of the present invention using a key exchange method.

In more detail, FIG. 15 is a server and / or terminal on a network such as FIG. 5 that receives transaction data including encrypted device authentication information from an electronic recording device 130 having an encryption function as shown in FIG. 4. The present invention relates to a method of decrypting transaction data using a key exchange method, and the present invention may be modified with reference to and / or modified with reference to FIG. 15. It is possible to infer various implementation methods for decrypting the transaction data encrypted by the exchange method in the same key exchange method, but the present invention includes all the inferred implementation methods and is not limited to the implementation method shown in FIG. .

In FIG. 15 according to the embodiment of the present invention, the server-side private key and the device-side public key for decrypting the transaction data in a key exchange method are read from the public certificate provided in the server and / or the terminal on the network. Preferably, the public certificate is preferably stored in a predetermined database (not shown) interoperating with a server and / or a terminal on the network, whereby the present invention is not limited thereto.

Referring to FIG. 15, the information receiving unit 115 of the server and / or the terminal on the network receives at least one packet including transaction data including device authentication information encrypted through the web interface unit 105. And restore (or generate) the transaction data including the device authentication information encrypted and transmitted by the electronic recording device 130 from the received packet, and convert the restored (or generated) transaction data to the electronic device. Provided to the record authenticator 120 (1505).

Thereafter, the electronic record authentication unit 120 extracts the server-side private key from the public certificate provided in the server and / or the terminal on the network to decrypt the secret key encrypted with the server-side public key (1510). Decrypting the private key through the server-side private key (1515), thereby decrypting the private copy for decrypting a certificate copy that includes the device digest information and the message digest encrypted with the device-side private key and the device-side public key. Extract (1520).

Here, the decryption function of the electronic record authentication unit 120 is called D (Decryption), the server-side private key is s2 (14erver side key), the secret key encrypted with the server-side public key is C (Ciphertext), and If the secret key decrypted with the server-side private key is r (random secret key), the function of the electronic record authenticator 120 decrypting the encrypted secret key is "Ds2 = r, or Ds2 (Es1 (r)). It can be expressed as an expression such as) = r ".

According to an embodiment of the present invention, the algorithm for decrypting the secret key encrypted by the electronic record apparatus 130 with the server-side public key through the server-side private key is RSA (Ron Rivest). , Adi Shamir, Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. A decryption algorithm may be used, but the decryption algorithm is matched with an encryption algorithm used in the electronic recording apparatus 130, and the present invention is not limited to a specific decryption algorithm.

For example, when decrypting the secret key through the RSA decryption algorithm among the public key-based decryption algorithms, n is a public method (Modulus) used in the decryption process, and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decryption function of the electronic record authenticator 120 may be expressed as" P = Ds2 = Cd mod n ".

When the secret key is extracted as described above, the electronic record authenticator 120 includes the message digest encrypted with the device authentication information and the device side private key and the device side public key using the extracted secret key. By decrypting the certificate copy (1525), a certificate copy is extracted that includes the device authentication information encrypted with the secret key and the message digest encrypted with the device side private key and the device side public key.

Herein, the decryption function of the electronic record authenticator 120 is called D (Decryption), and the message is encrypted with r (random secret key), device authentication information encrypted with the secret key, and the device-side private key. A copy of the certificate including the digest and the device-side public key is C (Ciphertext), and a copy of the certificate containing the message digest and the device-side public key encrypted with the decrypted device authentication information and the device-side private key is P ( Plaintext), the electronic record authenticator 120 decrypts a copy of a certificate including the message digest encrypted with the encrypted device authentication information and the device-side private key and the device-side public key. P or Dr (Er (P)) = P ".

According to an embodiment of the present invention, a copy of a certificate including the message digest and the device-side public key encrypted by the electronic record authentication unit 120 with the encrypted device authentication information and the device-side private key through the secret key. The decryption algorithm may include at least one of SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, and International Data Encryption Algorithm (IDEA), and various types of decryption algorithms may be used. However, the decryption algorithm is characterized in that it is matched with the encryption algorithm used in the electronic recording device 130, the invention is not limited by a specific decryption algorithm.

In addition, the electronic record authenticator 120 decrypts the message digest encrypted with the device-side private key through the device-side public key (1530), thereby generating the device record information from the device authentication information in the electronic record apparatus 130. The transmitted message digest is extracted (1535).

Herein, the decryption function of the electronic record authenticator 120 is called D (Decryption), the device side public key is t2 (15erminal side key), the message digest encrypted with the device side private key is C (Ciphertext), and When the message digest decrypted with the device-side public key is m (Message Digest), the function of decrypting the encrypted message digest by the electronic record authenticator 120 is "Dt2 = m, or Dt2 (Es1 (r)). It can be expressed by an expression such as = m ".

According to an embodiment of the present invention, the algorithm for decrypting the message digest encrypted by the electronic record device 130 with the device-side private key through the device-side public key is RSA (Ron Rivest). , Adi Shamir, Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. A decryption algorithm may be used, but the decryption algorithm is matched with an encryption algorithm used in the electronic recording apparatus 130, and the present invention is not limited to a specific decryption algorithm.

For example, when decrypting the message digest through the RSA decryption algorithm of the public key-based decryption algorithm, n is a public method (Modulus) used in the decryption process and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decryption function of the electronic record authenticator 120 may be expressed as" P = Dt2 = Cd mod n ".

Subsequently, the electronic record authenticator 120 generates the predetermined message digest by using the received device authentication information through the same one-way hash function as the electronic record device 130 (1540). By comparing the decrypted message digest (1545), the validity of the received device authentication information is verified.

If the generated message digest and the decrypted message digest coincide with each other (1550), the electronic record authentication unit 120 authenticates the device according to the electronic record device 130 authentication procedure corresponding to the decrypted device authentication information. By authenticating the information, the electronic record device 130 is validated (1555).

FIG. 16 is a diagram illustrating an initialization process of the electronic recording apparatus 130 according to an exemplary embodiment of the present invention.

In more detail, FIG. 16 illustrates a case in which the USB connector 235 included in a predetermined USB terminal device and the USB connector 235 provided in the electronic record device 130 are electrically connected to each other. As one example of a preferred embodiment of the present invention, a person having ordinary skill in the art to which the present invention pertains may perform various methods of initializing the electronic recording device 130 by referring to and / or modifying the present drawing. It can be inferred that, but the present invention includes all the inferred implementation method, and is not limited to the implementation method shown in FIG.

Referring to FIG. 16, the initialization process of the electronic recording device 130 may be performed by connecting the electronic recording device 130 to a predetermined USB compatible device 135 through a predetermined USB connector 235. This is initiated by supplying predetermined power to 130 (1600).

According to another embodiment of the present invention, when a predetermined battery is provided in the electronic recording device 130, the initialization process of the electronic recording device 130 may be performed by the controller 205 of the electronic recording device 130. May be started by supplying a predetermined power supply, and the present invention is not limited thereto.

When power is supplied to the electronic record device 130 as described above, the electronic record device 130 initializes the information of the driver module, and generates an internal task and a synchronization object, initializes the driver, and the controller as necessary. 205) and at least one initialization process including initializing various registers of the related hardware, registering a priority processing routine, or registering a callback routine, and the like, while performing the initialization process. In operation 1605, a memory control function for copyright protection of sound source data included in the electronic record is included in the first processing routine.

If the above initialization process is completed (1610), the electronic record device 130 sets the memory control function included in the processing routine in the initialization process (1615).

According to an embodiment of the present invention, the memory control function for copyright protection of the sound source data may force (or fix) the property of the sound source data stored in the memory provided in the electronic recording apparatus 130 to read-only / hidden. At least one memory property control function and a memory area control function configured to divide and manage a memory provided in the electronic recording device 130 into a memory area in which sound source data is stored and a memory area in which general data is stored. It is preferable to make it.

If the memory control function setting is completed (1620), the electronic recording device 130 performs a connection notification procedure to the USB-compatible device 135 through the USB connector 235 (1625), thereby The USB compatible device 135 performs a procedure of recognizing the electronic recording device 130 as a USB device corresponding to the USB communication standard (1630).

17 is a diagram illustrating an electronic recording device 130 authentication process according to an embodiment of the present invention.

In more detail, FIG. 17 illustrates that the electronic device 130 extracts and generates predetermined device authentication information, encrypts the extracted device authentication information, and provides the encrypted device authentication information to the USB compatible device 135. The corresponding device 135 transmits the encrypted device authentication information to a server and / or a terminal on a network, decrypts the encrypted device authentication information at a server and / or a terminal on the network, and then decrypts the decrypted device authentication information. As an embodiment of the method for authenticating the electronic recording device 130 based on the present invention, those of ordinary skill in the art to which the present invention pertains may refer to and / or modify the device 17, and thus, each device authentication information. In response to this, various implementation methods for authenticating the electronic recording device 130 may be inferred by a person skilled in the art in a server and / or a terminal on a network. However, the present invention includes all implementation methods inferred from the above, and is not limited to the implementation method shown in FIG.

According to an embodiment of the present invention, in order to authenticate the electronic recording device 130, a server and / or a terminal on the network selects predetermined electronic recording authentication information corresponding to the device authentication information from predetermined authentication information D / B. In this case, the electronic record authentication information is stored in the authentication information D / B in the process of manufacturing the electronic record device 130, and / or the electronic record device 130 is predetermined. The authentication information D / B is stored in the authentication information D / B in the process of being sold to the customer of the electronic record, and / or the network information process is performed through the network registration process for the electronic record after the electronic recording device 130 is sold to a predetermined customer. It may be stored in B, whereby the present invention is not limited.

According to another embodiment of the present invention, in order to authenticate the electronic recording device 130, a server and / or a terminal on the network may use predetermined electronic recording authentication information corresponding to the device authentication information (eg, an OTP code). For example, a function of generating an OTP authentication code for authenticating an OTP code) may be provided, for which the authentication information D / B stores at least one or more information and / or data necessary for generating the electronic record authentication information. And managed, and the present invention is not limited thereby.

17 illustrates a server and / or a terminal on the network as a web server 100 shown in FIG. 1 for convenience.

Referring to FIG. 17, the USB device 135 is connected to the web server 100 through a predetermined network, and the web server 100 is connected to the web server 100 based on the authentication of the electronic recording device 130. When requesting electronic record related service (and / or electronic record related membership service, and / or electronic record related community service) (1700), the web server 100 is provided to the USB-compatible device 135 through the network. Provide a predetermined script in a web page to be performed, and / or download and remotely install a predetermined plug-in and / or program through the web page to the USB-compatible device 135 (1705), where the script (And / or a plug-in, and / or a program) is connected to at least one USB controller 205 provided in the USB-compatible device 135 at least one or more devices connected to the USB-compatible device 135 Detects the recording device 130, extracts and generates predetermined device authentication information from the electronic recording device 130, and transmits the encrypted device authentication information to the web server 100 through the network. It is preferable to include a function to make.

Thereafter, the USB-compatible device 135 connects the at least one electronic recording device 130 connected to the USB-compatible device 135 using a USB communication interface through the script (and / or a plug-in and / or a program). Search (1710).

Those skilled in the art (for example, those who understand the technical matter of searching for at least one or more USB devices connected to the USB-compatible device 135 through a USB communication interface), the USB At least one electronic recording device connected to the USB compatible device 135 through the process as shown in FIG. 16 using the USB communication interface through the script (and / or plug-in, and / or program) in the corresponding device 135. Since detailed technical matters for searching 130 will be understood, a detailed description thereof will be omitted for convenience.

If the electronic record device 130 connected through the USB communication interface is not found in the USB device 135 (1715), the USB device 135 may be connected to the USB device 135 through the USB communication interface. Outputs a message requesting to connect the predetermined electronic recording device 130 to the device 1720, and uses the USB communication interface through the script (and / or plug-in, and / or program). The process of searching for at least one electronic record device 130 connected to the same is repeated (1710).

On the other hand, when the electronic record device 130 connected through the USB communication interface is found in the USB device 135 (1715), the USB device 135 is the script (and / or plug-in, and / or program) The device requests the device authentication information to the electronic recording device 130 through the USB communication interface (1725).

According to an exemplary embodiment of the present invention, the USB device 135 transmits the USB packet shown in FIG. 7A to the electronic recording device 130, thereby providing predetermined device authentication information to the electronic recording device 130. FIG. It is desirable to request.

Thereafter, the electronic recording device 130 extracts and / or generates 1730 one or more device authentication information, and uses the at least one encryption method (and / or encryption algorithm) to extract the generated device authentication information. Encrypt process (1735).

According to an embodiment of the present invention, the device authentication information may include predetermined identification codes and / or device specific information and / or stored in a memory (and / or an integrated circuit (IC) chip) included in the electronic recording device 130. It is preferable that the record specific information and / or a predetermined electronic record includes at least one or more of unique information assigned to the electronic record device 130 in the process of recording (or storing) the electronic record device 130. .

In addition, the device authentication information, the device authentication information is a random number and / or OTP (One Time Password) code dynamically generated by the firmware (Firmware) and / or IC chip 255 provided in the electronic recording device 130 It is preferable to include at least one.

According to an embodiment of the present invention, an encryption scheme (and / or encryption algorithm) for encrypting the device authentication information may include a symmetric key encryption scheme shown in FIG. 8, and / or a public key encryption scheme shown in FIG. And / or is encrypted using at least one or more encryption methods (and / or encryption algorithms) of the electronic envelope encryption method shown in FIG. 12 and / or the key exchange encryption method shown in FIG. According to the intention, it may be encrypted by another encryption method (and / or encryption algorithm) in addition to the encryption method (and / or encryption algorithm), whereby the present invention is not limited.

According to another exemplary embodiment of the present invention, the device authentication information is extracted from the IC chip 255 provided in the electronic recording device 130, and / or is generated in the IC chip 255, and / or the It is possible to encrypt in the IC chip 255, whereby the present invention is not limited.

Thereafter, the electronic recording device 130 transmits the encrypted device authentication information to the USB corresponding device 135 using the USB communication interface (1740).

According to the exemplary embodiment of the present invention, the electronic recording device 130 preferably transmits the device authentication information to the USB-compatible device 135 in the USB packet shown in FIG. 7B.

The USB-compatible device 135 receiving the device authentication information from the electronic recording device 130 transmits the encrypted device authentication information to the web server 100 through the network (1745), and the web server ( 100 receives the encrypted device authentication information through the network, and then selects a predetermined decryption method (and / or decryption algorithm) corresponding to an encryption method (and / or an encryption algorithm) processed in the device authentication information. Decryption processing through (1750).

According to an embodiment of the present invention, a decryption scheme (and / or decryption algorithm) for decrypting the encrypted device authentication information may include a symmetric key decryption scheme illustrated in FIG. 9 and / or a public key decryption scheme illustrated in FIG. And / or the electronic envelope decryption scheme shown in FIG. 13, and / or the key exchange decryption scheme shown in FIG. 15, it is preferable to encrypt through at least one decryption scheme (and / or decryption algorithm). According to the intention of the person skilled in the art, other decryption schemes (and / or decryption algorithms) may be encrypted in addition to the decryption schemes (and / or decryption algorithms), and the present invention is not limited thereto.

When the received device authentication information is decrypted, the web server 100 performs a validity verification procedure corresponding to the decrypted device authentication information (1755).

According to one embodiment of the present invention, the device authentication information is extracted from a memory (and / or IC chip 255) provided in the electronic recording device 130 and predetermined identification code and / or device unique information and / or When the record unique information and / or a predetermined electronic record includes at least one or more of the unique information assigned to the electronic record device 130 in the process of recording (or storing) the electronic record device 130, the The web server 100 extracts at least one electronic record authentication information matching the device authentication information from the authentication information D / B, and compares and authenticates the device authentication information with the electronic record authentication information, thereby providing the USB-compatible device. It is preferable to authenticate the electronic recording device 130 connected to the 135.

According to another exemplary embodiment of the present invention, when the device authentication information includes the random number in the plain text form and a random number encrypted with a predetermined encryption method (and / or an encryption algorithm), the web server 100 performs the encryption. Decrypts the random number with a decryption scheme (and / or decryption algorithm) corresponding to the encryption scheme (and / or encryption algorithm) applied by the electronic recording apparatus 130, and compares the random number with the plain text form, or the plain text form Encrypts the random number in the encryption scheme (and / or encryption algorithm) applied by the electronic record device 130 and compares the encrypted random number to the electronic record device 130 connected to the USB-compatible device 135. It is desirable to certify.

According to another embodiment of the present invention, when the device authentication information includes a predetermined OTP code, the web server 100 may generate predetermined OTP generation information matching the OTP code from the authentication information D / B. Extract and / or generate a predetermined OTP authentication code based on the OTP generation information generated by the electronic record authentication unit 120 and transmitted to the USB-compatible device 135 and / or the electronic record device 130. The electronic record device 130 connected to the USB device 135 is authenticated by comparing the received OTP code with the generated OTP authentication code.

If the validity of the device authentication information is not authenticated after performing the validity verification procedure for the device authentication information (1760), the web server 100 generates an authentication error message of the electronic recording device 130. Transmitting and outputting to the USB-compatible device 135 through the network (1765), the process of authenticating the electronic recording device 130 is terminated.

On the contrary, if the validity of the device authentication information is authenticated after performing the validity verification procedure for the device authentication information (1760), the web server 100 requests the electronic record related service requested from the USB device 135. (And / or electronic record related membership service, and / or electronic record related community service) 1770.

18 is a diagram illustrating an electronic record device 130 authentication process according to another embodiment of the present invention.

In more detail, FIG. 18 illustrates that when the electronic recording device 130 extracts and generates predetermined device authentication information and provides the device authentication information to the USB device 135, the device authentication information is encrypted by the USB device 135. Transmitting to a server and / or a terminal on a network, decrypting the encrypted device authentication information at a server and / or a terminal on the network, and authenticating the electronic recording device 130 based on the decrypted device authentication information. As one embodiment, a person of ordinary skill in the art to which the present invention pertains may refer to and / or modify this drawing 18 to correspond to each device authentication information to a server and / or a terminal on a network. Although various implementation methods for authenticating the electronic recording device 130 may be inferred according to the intention, the present invention may infer all implementation methods inferred. It is not limited to the implementation method shown in FIG.

According to an embodiment of the present invention, in order to authenticate the electronic recording device 130, a server and / or a terminal on the network selects predetermined electronic recording authentication information corresponding to the device authentication information from predetermined authentication information D / B. In this case, the electronic record authentication information is stored in the authentication information D / B in the process of manufacturing the electronic record device 130, and / or the electronic record device 130 is predetermined. The authentication information D / B is stored in the authentication information D / B in the process of being sold to the customer of the electronic record, and / or the network information process is performed through the network registration process for the electronic record after the electronic recording device 130 is sold to a predetermined customer. It may be stored in B, whereby the present invention is not limited.

According to another embodiment of the present invention, in order to authenticate the electronic recording device 130, a server and / or a terminal on the network may use predetermined electronic recording authentication information corresponding to the device authentication information (eg, an OTP code). For example, a function of generating an OTP authentication code for authenticating an OTP code) may be provided, for which the authentication information D / B stores at least one or more information and / or data necessary for generating the electronic record authentication information. And managed, and the present invention is not limited thereby.

18 is a diagram illustrating a server and / or a terminal on the network as a web server 100 shown in FIG. 1 for convenience.

Referring to FIG. 18, the USB device 135 is connected to the web server 100 through a predetermined network, and the predetermined information based on the authentication of the electronic recording device 130 is determined by the web server 100. When requesting electronic record related service (and / or electronic record related membership service, and / or electronic record related community service) (1800), the web server 100 to the USB-compatible device 135 via the network. Provide a predetermined script in a web page to be provided, and / or download and remotely install a predetermined plug-in and / or program to the USB-compatible device 135 via the web page (1805), wherein the Scripts (and / or plug-ins, and / or programs) are linked to at least one USB controller 205 provided in the USB-compatible device 135 at least one or more devices connected to the USB-compatible device 135 Detecting the recording device 130, extracting and generating predetermined device authentication information from the electronic recording device 130, and encrypting the device authentication information to be transmitted to the web server 100 through the network. It is preferable to include a function.

Thereafter, the USB-compatible device 135 connects the at least one electronic recording device 130 connected to the USB-compatible device 135 using a USB communication interface through the script (and / or a plug-in and / or a program). Search (1810).

Those skilled in the art (for example, those who understand the technical matter of searching for at least one or more USB devices connected to the USB-compatible device 135 through a USB communication interface), the USB At least one electronic recording device connected to the USB compatible device 135 through the process as shown in FIG. 16 using the USB communication interface through the script (and / or plug-in, and / or program) in the corresponding device 135. Since detailed technical matters for searching 130 will be understood, a detailed description thereof will be omitted for convenience.

If the electronic record device 130 connected through the USB communication interface is not found in the USB compatible device 135 (1815), the USB compatible device 135 is connected to the USB compatible device 135 through the USB communication interface. Outputs a message requesting to connect a predetermined electronic recording device 130 to the USB device 130 using a USB communication interface through the script (and / or plug-in, and / or a program). The process of searching for the at least one electronic recording device 130 connected to the same is repeated (1810).

On the other hand, if the electronic record device 130 connected through the USB communication interface is found in the USB device 135 (1815), the USB device 135 is the script (and / or plug-in, and / or program) In operation 1825, predetermined device authentication information is requested to the electronic recording device 130 using the USB communication interface.

According to an exemplary embodiment of the present invention, the USB device 135 transmits the USB packet shown in FIG. 7A to the electronic recording device 130, thereby providing predetermined device authentication information to the electronic recording device 130. FIG. It is desirable to request.

Thereafter, the electronic recording device 130 extracts and / or generates 1830 one or more device authentication information, and uses the USB communication interface to extract and / or generate the device authentication information. 135) (1835).

According to an embodiment of the present invention, the device authentication information may include predetermined identification codes and / or device specific information and / or stored in a memory (and / or an integrated circuit (IC) chip) included in the electronic recording device 130. It is preferable that the record specific information and / or a predetermined electronic record includes at least one or more of unique information assigned to the electronic record device 130 in the process of recording (or storing) the electronic record device 130. .

In addition, the device authentication information, the device authentication information is a random number and / or OTP (One Time Password) code dynamically generated by the firmware (Firmware) and / or IC chip 255 provided in the electronic recording device 130 It is preferable to comprise at least one or more.

According to another exemplary embodiment of the present invention, the device authentication information may be extracted from the IC chip 255 provided in the electronic recording device 130 and / or may be generated in the IC chip 255. The present invention is not limited by this.

According to another embodiment of the present invention, the device authentication information is extracted from the USB-compatible device 135 and / or generated in the USB-compatible device 135, and / or the USB-compatible device 135 It is possible to be input through the key input device provided in, by which the present invention is not limited.

According to the exemplary embodiment of the present invention, the electronic recording device 130 preferably transmits the device authentication information to the USB-compatible device 135 in the USB packet shown in FIG. 7B.

Upon receiving the device authentication information from the electronic recording device 130, the USB compatible device 135 encrypts the device authentication information through at least one encryption method (and / or encryption algorithm) (1840).

According to an embodiment of the present invention, an encryption scheme (and / or encryption algorithm) for encrypting the device authentication information may include a symmetric key encryption scheme shown in FIG. 8, and / or a public key encryption scheme shown in FIG. And / or is encrypted using at least one or more encryption methods (and / or encryption algorithms) of the electronic envelope encryption method shown in FIG. 12 and / or the key exchange encryption method shown in FIG. According to the intention, it may be encrypted by another encryption method (and / or encryption algorithm) in addition to the encryption method (and / or encryption algorithm), whereby the present invention is not limited.

Thereafter, the USB device 135 transmits the encrypted device authentication information to the web server 100 through the network (1845), and the web server 100 transmits the encrypted device authentication information through the network. After receiving, the processor performs decryption through a predetermined decryption method (and / or decryption algorithm) corresponding to the encryption method (and / or encryption algorithm) processed in the device authentication information (1850).

According to an embodiment of the present invention, a decryption scheme (and / or decryption algorithm) for decrypting the encrypted device authentication information may include a symmetric key decryption scheme illustrated in FIG. 9 and / or a public key decryption scheme illustrated in FIG. And / or the electronic envelope decryption scheme shown in FIG. 13, and / or the key exchange decryption scheme shown in FIG. 15, it is preferable to encrypt through at least one decryption scheme (and / or decryption algorithm). According to the intention of the person skilled in the art, other decryption schemes (and / or decryption algorithms) may be encrypted in addition to the decryption schemes (and / or decryption algorithms), and the present invention is not limited thereto.

When the received device authentication information is decrypted, the web server 100 performs a validity checking procedure corresponding to the decrypted device authentication information (1855).

According to one embodiment of the present invention, the device authentication information is extracted from a memory (and / or IC chip 255) provided in the electronic recording device 130 and predetermined identification code and / or device unique information and / or When the record unique information and / or a predetermined electronic record includes at least one or more of the unique information assigned to the electronic record device 130 in the process of recording (or storing) the electronic record device 130, the The web server 100 extracts at least one electronic record authentication information matching the device authentication information from the authentication information D / B, and compares and authenticates the device authentication information with the electronic record authentication information, thereby providing the USB-compatible device. It is preferable to authenticate the electronic recording device 130 connected to the 135.

According to another exemplary embodiment of the present invention, when the device authentication information includes the random number in the plain text form and a random number encrypted with a predetermined encryption method (and / or an encryption algorithm), the web server 100 performs the encryption. Decrypts the random number with a decryption scheme (and / or decryption algorithm) corresponding to the encryption scheme (and / or encryption algorithm) applied by the electronic recording apparatus 130, and compares the random number with the plain text form, or the plain text form Encrypts the random number in the encryption scheme (and / or encryption algorithm) applied by the electronic record device 130 and compares the encrypted random number to the electronic record device 130 connected to the USB-compatible device 135. It is desirable to authenticate.

According to another embodiment of the present invention, when the device authentication information includes a predetermined OTP code, the web server 100 may generate predetermined OTP generation information matching the OTP code from the authentication information D / B. Extract and / or generate a predetermined OTP authentication code based on the OTP generation information generated by the electronic record authentication unit 120 and transmitted to the USB-compatible device 135 and / or the electronic record device 130. The electronic record device 130 connected to the USB device 135 is authenticated by comparing the received OTP code with the generated OTP authentication code.

If the validity of the device authentication information is not authenticated after performing the validity verification procedure for the device authentication information (1860), the web server 100 generates an authentication error message of the electronic recording device 130. Transmitting and outputting to the USB-compatible device 135 through the network (1865), the process of authenticating the electronic record device 130 is terminated.

On the contrary, if the validity of the device authentication information is authenticated after performing the validity verification procedure for the device authentication information (1860), the web server 100 requests the electronic record related service requested from the USB-compatible device 135. (And / or electronic record related membership service, and / or electronic record related community service) (1870).

According to the present invention, the electronic record device 130 is authenticated through at least one end-to-end authentication scheme in a server on a network, and the electronic record is sold and / or returned to the electronic record device 130 according to the authentication result. And / or provide an exchange and / or a direct transaction service, whereby the electronic record is activated.

Claims (2)

In the electronic record device authentication system, Transmitting means for transmitting a script (or a plug-in or a program) to a terminal device connected to the electronic recording device; Receiving means for receiving electronic record device authentication information extracted or received from the electronic record device using the script (or a plug-in or a program) from the terminal device; When the electronic recording device authentication information received through the receiving means is encrypted, the electronic recording through a decryption method (or decryption algorithm) corresponding to an encryption method (or an encryption algorithm) processed in the electronic recording device authentication information. Validity authentication means for decrypting device authentication information to authenticate validity of the electronic recording device authentication information; And a service providing means for providing the electronic recording device related service to the terminal device in response to the validity authentication result of the validity authentication means. delete

Images