KR101771484B1 - Creation Method of Signature Key to use Security Token efficiently - Google Patents

Creation Method of Signature Key to use Security Token efficiently Download PDF

Info

Publication number
KR101771484B1
KR101771484B1 KR1020150140900A KR20150140900A KR101771484B1 KR 101771484 B1 KR101771484 B1 KR 101771484B1 KR 1020150140900 A KR1020150140900 A KR 1020150140900A KR 20150140900 A KR20150140900 A KR 20150140900A KR 101771484 B1 KR101771484 B1 KR 101771484B1
Authority
KR
South Korea
Prior art keywords
security token
key
certificate
public
data
Prior art date
Application number
KR1020150140900A
Other languages
Korean (ko)
Other versions
KR20170041463A (en
Inventor
김승훈
Original Assignee
주식회사 텔큐온
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 텔큐온 filed Critical 주식회사 텔큐온
Priority to KR1020150140900A priority Critical patent/KR101771484B1/en
Publication of KR20170041463A publication Critical patent/KR20170041463A/en
Application granted granted Critical
Publication of KR101771484B1 publication Critical patent/KR101771484B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A method of issuing a public key certificate using a signature key generation method for efficiently using a security token according to the present invention includes the steps of downloading and installing an applet program from a security token issuing entity to a security token, Activating an applet program installed in the security token to generate an RSA key, encrypting the serial number information of the security token using the encryption / decryption module, transmitting the authentication information to the authorized certificate issuance server and registering the same, Exchanging the RSA keys received from the personalization institution with each other, and verifying the passwords input by the authorized certificate issuing server and the security token in the PC or the smart terminal using the RSA key, The authorized certificate issuing server sends the authorized certificate It is made to grade and encrypted by a step comprising the steps of the security token to store the received certificate to transmit a security token.

Description

[0001] The present invention relates to a method of generating a signature key for efficiently using a security token,

The present invention relates to the efficient use of security tokens. Generally, a security token is to securely store and use an authorized certificate. These security tokens encrypt and decrypt the stored and outputted data, so that even if the data is hacked, the stored authorized certificate can be used safely.

       A conventional technique related to the present invention is disclosed in Korean Patent No. 10-1394147 (published on Apr. 201, 05. 27). FIG. 1 illustrates a method of using a certificate securely in a conventional mobile. In FIG. 1, in the conventional method of using a certificate securely in a mobile, a first step is to connect a security token 30 to a user PC 20 through a USB interface (S11). The second step is to register the security token in the authorized authentication server 15 through the Internet network or the like in the user PC 20 and store the authorized certificate (S12). The step of registering the security token (30) in the public authentication server (15) comprises: when the public authentication server requests the serial number of the security token, the security token transmits the random number and the serial number generated internally to the public authentication server And encrypts the encrypted random number with the random number received from the security token as described above,

The serial number is decrypted with the same serial number encryption algorithm used in the security token, and the serial number is stored and registered in the authorized authentication server. The encryption / decryption algorithm used in the above can be selectively used as mapping, XOR, symmetric key, and asymmetric key algorithm (AES, SEED, 3DES, RSA). The third step is a step of exchanging and storing the secret key with the security token and the authorized authentication server (S13). The step (S13) of exchanging and storing the secret key with the security token and the public authentication server is to check whether the serial number of the security token is valid in the public authentication server and, if valid, if mutual authentication is performed using the default private key previously stored in the security token Modifies the secret key to a serial number registered in a hardware security module (HSM) of the public authentication server, encrypts the secret key modified with the session key generated in mutual authentication, and stores the encrypted secret key in a secure area of the security token, Is carried by the user. The fourth step is a step of verifying the verification data by the security token 30 and the session key generated by the authorized authentication program 15 by using the secret key exchanged with the security token carried by the user using the mobile (S14 ). In the verification step S14 of generating the session key, a random number generated by the public authentication server is transmitted as a security token via the mobile, and the security token is encrypted using a random number received from the public authentication server and a random number generated internally Generates a session key using the mutually exchanged secret key, generates verification data for mutual authentication using the generated session key, transmits the random number and verification data generated in the security token to the authorized authentication server through the mobile Generates a session key in the same manner as the random number of the security token received from the security token and the session key generated in the security token with the random number of the public authentication server and transmits the verification data received from the security token to the mobile terminal . If the verification is successful as described above, the fifth step is to confirm that the medium is a mutually secure medium and to start a security transaction in the mobile (S15). The security algorithm used in the session key, the mutual authentication verification data, and the authentication certificate data encryption / decryption may be AES, SEED, ARIA, 3DES, and RSA, which are symmetric keys and asymmetric key algorithms. In addition, the data transmission / reception between the mobile and the security token supports a non-pitched communication method and the encryption / decryption of the transmission / reception data is mutual authentication with a mobile application installed in the mobile, and a session key is generated at every authentication, . Also, the battery of the security token is charged when connecting to the user PC, and the charged security token is portable by the user and can be used through the blue pitcher interface in mobile and wireless.

In order to store and use the public key certificate in the security token, the public key certificate is issued to the public key certificate issuing server by connecting the security token to the PC, and the public key certificate is issued, stored in the security token, will be. However, in the conventional method as described above, it takes a lot of time to issue and store the public certificate using the security token. Accordingly, an object of the present invention is to reduce the time required for storing an authorized certificate in a security token so that the authorized certificate can be issued and stored promptly.

A method for issuing a public key certificate using a signature key generation method for efficiently using a security token of the present invention having the above objects includes downloading and installing an applet program from a security token issuing entity in a security token, Accessing the smart terminal, generating an RSA key by activating an applet program installed in the security token, encrypting the serial number information of the security token using the encryption / decryption module, and transmitting the encrypted serial number information to the authorized certificate issuing server Exchanging and storing the RSA key in which the security certificate has been generated with the public certificate issuing server and the public key certificate issuing server and the security token using the RSA key in the PC or smart terminal , And if the verification result password is matched, the certificate issuance certificate That is made by issuing a certificate and encrypted, including the step of storing the certificate and the step of transmitting the security token received security token.

The signature key generation method for efficiently using the security token according to the present invention configured as above can be realized by copying the pre-generated temporary RSA key in the applet into the general RSA key, thereby using the key generation time, It is effective.

Figure 1 is a flow chart of a method for securely using a certificate in a conventional mobile,
FIG. 2 is a control flowchart of a public key certificate issuing method using the signature key generation method of the present invention;
FIG. 3 is a control flowchart of a signature key generation method required when activating an applet for issuing a public key certificate according to the present invention.
4 is a control flowchart for a signature key generation method for mutual authentication when issuing the public key certificate of the present invention.

A signature key generation method for efficiently using the security token of the present invention having the above-described objects will be described with reference to FIGS. 2 to 4. FIG.

2 is a control flowchart of a public key certificate issuing method using the signature key generation method of the present invention. 2, a public key certificate issuing method using a signature key generation method of the present invention comprises the steps of: (S11) connecting a security token to a PC or a smart terminal, downloading the applet program from a security token issuing organization and installing the security token in a security token, Activating an applet program installed in the token to generate an RSA key, encrypting the serial number information of the security token using the encryption / decryption module, transmitting the authentication information to the public certificate issuance server and registering the serial number information (S12) (S13) of storing the RSA key received from the personalization institution, a step (S14) of mutually verifying the password input by the authorized certificate issuing server and the security token in the PC or the smart terminal using the RSA key, If the password is matched, the certificate issuing server issues a public certificate and encrypts it to create a security token. It comprises a step (S15) and a step (S16) that a security token is stored the received certificate to send. When an authorized certificate is issued using the security token as described above, the RSA key is not exposed outside the security token, and when signing is performed, data for signing is processed internally and only the signature value is transmitted outside the security token. You can.

FIG. 3 is a control flowchart of a signature key generation method required when activating an applet for issuing a public certificate according to the present invention. 3, a signature key generation method required when an applet for issuing a public certificate is started includes a step S21 of starting execution of a Java card object creation command by a security token and a step of processing an applet object creation command of an existing security token Step S23) of generating a security token (step S23), step S23 of generating a temporary token RSA key data, step S24 of verifying an option of a security token, and automatic execution of an RSA key generating function in a security token applet (S26) storing the generated key value as temporary RSA key data, storing the generated key value in the temporary RSA key length data (S27), and generating the generated key value It is necessary to generate internally random data, encrypt it with the temporary RSA key generated based on this data, re-decrypt it, and transmit the decrypted data (S28) of judging whether or not the signature key is matched with the signature key, and a step (S29) of completing signature key generation and ending the signature key generation if they match. The method further includes a step S30 of storing the key length in the temporary RSA key data (storing '0000') if the options do not match in step S24. And if it does not coincide with the step S28, the process starts from the step S23. In step S24, the step of verifying the option determines whether the option is '01'.

4 is a control flowchart for a signature key generation method for mutual authentication when issuing the public key certificate of the present invention. 4, the method of generating a signature key for mutual authentication of a password when issuing a public key certificate according to the present invention includes executing (step S31) an RSA key generation command, determining whether the key length is consistent ('0000' (S33) of copying the key data from the temporary RSA key data into the general RSA key data if all the data of the temporary RSA key data are identical to each other (S32) (S34), and completing the generic RSA key generation (S35). The method further includes the step of, if the key lengths do not match in step S32, executing a key generation command and storing the generated key data as general RSA key data (S36).

15: authorized authentication server, 30: security token

Claims (8)

A signature key generation method required in the step of activating an applet stored in a security token in order to store a security token, a smart terminal and a public certificate issuance server in a network, and obtain a public certificate from the public certificate issuing server and store the public key in a security token In this case,
In the step of activating the applet pre-stored in the security token in order for the security token, the smart terminal, and the public certificate issuance server to be connected to the network and to receive the public key certificate from the public key certificate issuing server, Way,
A step (S21) in which the security token starts executing a Java card object creation command;
Processing an applet object creation command of an existing security token (S22);
A step (S23) of the security token generating temporary RSA key data;
Confirming an option of the security token (S24);
(S25) automatically executing the RSA key generation function in the security token applet if the options match;
Storing the generated key value as temporary RSA key data (S26);
Storing the length of the generated key value in the temporary RSA key length data (S27);
Generating randomly generated data internally to check whether the generated key value is normally generated, encrypting the encrypted data with the temporary RSA key generated based on the data, and decrypting the decrypted data to determine whether the decrypted data matches the data before encryption S28);
And a step (S29) of completing the generation of the signature key when it is matched (S29). The security token, the PC or the smart terminal, and the public certificate issuing server are connected to the network and the public certificate is issued from the public certificate issuing server A method of generating a signature key required in the step of activating an applet pre-stored in a security token to be issued and stored in a security token.
The method according to claim 1,
The option in step S24 is,
Option = '01', a PC or smart terminal, and a public certificate issuing server are connected to the network, and a public certificate is issued from the public certificate issuing server and stored in a security token. A method for generating a signature key required in a step of activating an applet stored in advance.
The method according to claim 1,
The signature key generation method required in the step of activating the applet pre-stored in the security token,
And storing the key length in the temporary RSA key data if the options do not match in step S24 (S30), wherein the secure token, the PC, the smart terminal, and the authorized certificate issuing server are connected to the network And activating an applet previously stored in the security token in order to issue a public certificate from the public certificate issuance server and store the public key in a security token.
The method of claim 3,
In operation S30,
And the key length is stored as '0000'. The PC or the smart terminal and the authorized certificate issuing server are connected to the network, and the authorized certificate is issued from the authorized certificate issuing server and stored in the security token A method of generating a signature key required in activating a pre-stored applet.
A security token and a signature key of a security token for mutual verification of a password at the time of issuing a public key certificate for issuing a public key certificate from the authorized certificate issuance server and being stored in a security token, In the generating method,
A signature of a security token for mutual verification of a password at issuance of a public key certificate in order to issue a public key certificate from the public key certificate server and the security token and a PC or a smart terminal and a public key certificate issuing server, In the key generation method,
(S31) the security token executing an RSA key generation instruction;
A step (S32) of judging whether or not the key length matches the temporary RSA key data;
(S33) copying the key data from the temporary RSA key data to the general RSA key data if they match;
Initializing all the data of the temporary RSA key data (S34);
And a step (S35) of completing generation and termination of the generic RSA key. The security token, the PC or smart terminal, and the public certificate issuing server are connected to the network and issued a public certificate from the public certificate issuing server A method for generating a signature key of a security token for mutual verification of a password when issuing an authorized certificate for storage in a security token.
6. The method of claim 5,
The step (S32) of judging whether or not the key length is matched ('0000') in the temporary RSA key data,
And a key length is '0000'. A PC or smart terminal and a public certificate issuing server are connected to the network, and the public key certificate is issued from the public key certificate issuing server and stored in a security token A method for generating a signature key of a security token for mutual verification of a password upon issuing a certificate.
6. The method of claim 5,
The step (S34) of initializing all the data of the temporary RSA key data includes:
And all the data are set to '00'. In order to issue a public certificate, a PC or a smart terminal and a public certificate issuing server are connected to the network and a public certificate is issued from the public certificate issuing server and stored in a security token A method for generating a signature key of a security token for mutual verification of a password.
6. The method of claim 5,
In step S32,
If the key lengths do not match,
Further comprising a step (S36) of storing the generated key data as general RSA key data by executing a key generation command and a security token, a PC or smart terminal, and a public certificate issuing server connected to the network, A method of generating a signature key of a security token for mutual verification of a password upon issuance of an authorized certificate for issuing a certificate from a certificate issuing server and storing the certificate in a security token.








KR1020150140900A 2015-10-07 2015-10-07 Creation Method of Signature Key to use Security Token efficiently KR101771484B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150140900A KR101771484B1 (en) 2015-10-07 2015-10-07 Creation Method of Signature Key to use Security Token efficiently

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150140900A KR101771484B1 (en) 2015-10-07 2015-10-07 Creation Method of Signature Key to use Security Token efficiently

Publications (2)

Publication Number Publication Date
KR20170041463A KR20170041463A (en) 2017-04-17
KR101771484B1 true KR101771484B1 (en) 2017-08-25

Family

ID=58703057

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150140900A KR101771484B1 (en) 2015-10-07 2015-10-07 Creation Method of Signature Key to use Security Token efficiently

Country Status (1)

Country Link
KR (1) KR101771484B1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102385474B1 (en) * 2017-07-19 2022-04-13 현대자동차주식회사 Vehicle system and control method thereof
CN108768928B (en) * 2018-04-04 2021-04-13 厦门集微科技有限公司 Information acquisition method, terminal and server
CN116418541B (en) * 2021-12-31 2024-06-04 龙芯中科(金华)技术有限公司 Communication method, device and equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090138703A1 (en) * 2007-11-28 2009-05-28 Schneider James P Disabling Remote Logins Without Passwords
KR101162707B1 (en) * 2010-12-22 2012-07-05 포항공과대학교 산학협력단 Method of trapdoor sanitizable signature based on an ordinary digital signature
JP2015159619A (en) * 2015-06-09 2015-09-03 株式会社東芝 Communication method, application apparatus, program, and communication system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090138703A1 (en) * 2007-11-28 2009-05-28 Schneider James P Disabling Remote Logins Without Passwords
KR101162707B1 (en) * 2010-12-22 2012-07-05 포항공과대학교 산학협력단 Method of trapdoor sanitizable signature based on an ordinary digital signature
JP2015159619A (en) * 2015-06-09 2015-09-03 株式会社東芝 Communication method, application apparatus, program, and communication system

Also Published As

Publication number Publication date
KR20170041463A (en) 2017-04-17

Similar Documents

Publication Publication Date Title
JP6117317B2 (en) Non-repudiation method, settlement management server for this, and user terminal
US8209535B2 (en) Authentication between device and portable storage
CN107358441B (en) Payment verification method and system, mobile device and security authentication device
US20160005032A1 (en) Method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors
EP3487142B1 (en) Providing and obtaining graphic payment code information
CA2990651A1 (en) Confidential authentication and provisioning
KR20170139570A (en) Method, apparatus and system for cloud-based encryption machine key injection
JP2004040717A (en) Equipment authentication system
KR101210260B1 (en) OTP certification device
CN111401901B (en) Authentication method and device of biological payment device, computer device and storage medium
CN102801730A (en) Information protection method and device for communication and portable devices
KR20170124953A (en) Method and system for automating user authentication with decrypting encrypted OTP using fingerprint in mobile phone
CN108768941B (en) Method and device for remotely unlocking safety equipment
CN108460597B (en) Key management system and method
KR20090019576A (en) Certification method and system for a mobile phone
CN110838919B (en) Communication method, storage method, operation method and device
KR101771484B1 (en) Creation Method of Signature Key to use Security Token efficiently
KR101295038B1 (en) How to use Certificate by using Secure Reader
KR101650107B1 (en) Log-in System of Home Page or Banking Trade System by Using Finger-Print Certification Device and Method thereof
KR101711024B1 (en) Method for accessing temper-proof device and apparatus enabling of the method
CN115801232A (en) Private key protection method, device, equipment and storage medium
KR102445379B1 (en) Operation method of server apparatus, operation method of terminal and server apparatus
KR101577059B1 (en) Method for Processing Server type OTP
KR101664471B1 (en) Method for Processing Mobile OTP Based On Network
KR101625036B1 (en) Simple Payment System for Improving Certification and Method thereof

Legal Events

Date Code Title Description
E701 Decision to grant or registration of patent right
GRNT Written decision to grant