KR20100110642A - Hardware security module - Google Patents

Abstract

PURPOSE: A security token device is provided to reduce the possibility of leakage of an encryption key by performing a security operation in the security token device. CONSTITUTION: A security token device(100) includes a smart card chip(104), a slot(106), a card reader unit(108) and an interface unit(114). A public key encryption system is loaded at a smart card chip, and the slot is installed for the attachment/detachment of the smart card. The card reader reads out the information of the smart chip, and performs the user authentication based on the information. The Interface unit connects the card reader or a memory unit(110) to an external device.

Description

Security Token Device {Hardware Security Module}

  The present invention relates to a security token device, and more particularly, a USB connector for connecting to an external device is installed at one end of a case, and a USB hub for data communication with an external device is installed inside the case. And a slot for attaching and detaching a smart card chip having a public key cryptographic system installed therein, and a card reader unit connected to the USB hub to read information of the smart card chip to perform user authentication. It is about.

Since the Internet is an open network environment, any information can be leaked without security. Therefore, the most important thing in the Internet environment is security and privacy.

In information protection and authentication technology, the need for the development of devices and systems that securely manage personal authentication information in hardware or cryptography has been raised with the spread of the Internet.

In particular, as certificate-based online services (eg, internet banking, internet shopping, and Internet public office work) are widely provided to the general public, the demand for secure management of certificates and related security information is increasing.

Currently, certificates and related information are stored in personal PCs, floppy diskettes, USB type flash memory tokens, and smart cards.

In the case of a PC, not only is easily accessible by others, but also it is inconvenient due to its lack of portability. In the case of a floppy disk and a memory token, the stored contents may be easily exposed to others when lost. In addition, in the case of a smart card, it is possible to steal simply by guessing the password when it is lost.

In addition, there is a risk of hacking when using a certificate-based online service, thereby reducing the risk of hacking by using a security card and OTP (One Time Password) authentication.

The method of using the security card is to perform user authentication by inputting 30 to 40 four-digit passwords written on the security card issued to the user.

The OTP is a method of receiving and using a generation number for each authentication through a mobile phone or an OTP terminal.

However, the use of security cards is an early approach and is not an alternative because Asterisk is hacked in the unlocked state.

In addition, OTP authentication is most commonly used, but this method also has a problem that security is released when a hacker accesses within a certain time.

In addition, the method using the OTP, if collecting personal information such as social security number when joining the OTP, this part is leaked to the outside can be a great threat to security.

An object of the present invention is to provide a security token device that solves security operations such as encryption key generation, key management, encryption, etc. in a security token device using its own CPU and memory.

Another invention of the present invention is to have a structure that can be attached and detached smart card chip is easy to issue OTA (Over The Air) using a terminal such as a mobile phone, it is easy to add various functions and content using a universal serial bus It is to provide a security token device.

It is still another object of the present invention to provide a security token device capable of skipping a login procedure by storing a key and storing a password of each site in the security token device.

According to an aspect of the present invention to achieve the above object, a smart card chip equipped with a public key cryptographic system, a slot for detachment / attachment of the smart card chip, read the information of the smart card chip to perform user authentication A security token device including a card reader unit, an interface unit for connecting the card reader unit or a memory to an external device is provided.

The security token device may further include a memory for storing various data and a controller connected to an external device through the interface unit to input or output data to the memory.

The interface unit, the memory, and the controller are packaged in SIP.

In addition, the security token device may further include an RF unit for transmitting and receiving a radio signal to perform the traffic charge payment, access authentication, credit card function.

The smart card chip is a SIM type, and the public key cryptosystem conforms to the PKCS # 11 standard.

The public key cryptosystem is loaded on the smart card chip in the form of an applet.

The interface unit is a USB hub, and the security token device communicates with an external device through a USB connector.

According to another aspect of the invention, one end of the case is provided with a USB connector for connecting to an external device, the case is equipped with a USB hub for data communication with the external device through the USB connector, the inside of the case A security token device is provided with a slot for detaching / attaching a smart card chip equipped with a public key cryptographic system, and a card reader connected to the USB hub to read information of the smart card chip to perform user authentication. do.

In addition, the security token device is further installed in the case an RF unit for transmitting and receiving radio signals to perform the transportation fee payment, access authentication, credit card functions.

In addition, the security token device is provided with a transparent lens so that the smart card chip inserted into the slot or the slot is visible on the surface of the case.

According to the present invention, it is possible to reduce the likelihood of leakage of the encryption key by solving the security operation in the security token device, such as encryption key generation, key management, encryption using its CPU and memory.

In addition, the removable structure of the smart card chip is easy to issue OTA using a terminal such as a mobile phone, and it is easy to add various functions and contents by using a universal serial bus.

It also has the convenience of skipping the login process by storing the key and keeping each site's password in a secure token device.

In addition, after making a financial transaction using a security token device, the account book is automatically executed when connecting to a personal PC, so that the user can conveniently check the financial transaction history.

In addition, the secure token device provides an automatic login function, so that users can surf the web quickly and manage the accounts of various websites in a batch.

Details of the above-described objects and technical configurations of the present invention and the effects thereof according to the present invention will be more clearly understood by the following detailed description based on the accompanying drawings.

1 is a view showing the external appearance of the security token device according to the present invention.

Referring to FIG. 1, the secure token device 100 is in the form of a universal serial bus (USB), and one slot (eg, the left end of FIG. 1) of the case is provided with a slot for inserting a smart card chip. The transparent lens 120 is mounted on the surface of the smart card chip to be seen from the outside, and the other end of the case is formed with a USB connector 150 for connecting to the USB port of the external device. The slot and the transparent lens for inserting the smart card chip can also form the slot and the transparent lens in the same position by forming a slot on the surface and a transparent cover that can be opened and closed thereon.

In addition, although not shown in the figure, an LED may be mounted on the surface of the security token device 100. The security token device 100 may also be referred to as a hardware security module (HSM).

The external device includes various computer devices, and includes a personal computer (PC), a personal digital assistant (PDA), and a mobile communication terminal that can be connected to a server through a wired or wireless communication network such as the Internet. Card payment terminal, Point of Sale (POS), Set-Top Box, teller terminal and cash dispenser (CD),

This includes all automated teller machines such as ATM (ATM) and bill acceptor, and means all computer devices with USB ports, input / output devices and self-operating functions.

Figure 2 is a block diagram schematically showing the internal configuration of the security token device according to the present invention.

Referring to FIG. 2, the security token device 100 includes an RF unit 102, a smart card chip 104, a slot 106 for attaching / detaching the smart card chip 104, a card reader unit 108, The memory 110 includes a controller 112 and an interface unit 114.

The RF unit 102 has a function of wirelessly transmitting the unique information in order to use the security token device 100 as a payment for a transportation cost, a pass, a credit card, or the like.

In addition, the RF unit 102 is implemented on a printed circuit board (PCB) board, so that the antenna is not easily cut and can be miniaturized.

The smart card chip 104 is equipped with a Public-Key Cryptography System (PKCS). Here, the public key cryptography system conforms to the PKCS # 11 (Public-Key Cryptography System # 11) standard, and the PKCS # 11 is called Cryptoki for cryptographic devices such as smart cards and Personal Computer Memory Card International Association (PCMCIA) cards. It defines a technology-based programming interface. The public key cryptosystem is loaded into the smart card chip 104 in the form of an applet, and the public key cryptosystem applet is loaded into the smart card chip 104 by a large smart card issuer installed in the financial sector. .

In addition, since the smart card chip 104 is equipped with a public key cryptography system, a hardware chip processes encryption algorithms such as a public key infrastructure (PKI) method and a secret key method.

In addition, the smart card chip 104 is configured in a SIM type can be attached / detached to the slot 106. Therefore, the smart card chip 104 can be easily issued in bulk using a card issuer installed in all financial institutions.

In addition, the smart card chip 104 has a built-in memory (not shown) consisting of its own CPU processor (not shown), RAM, ROM, and EEPROM, an encryption processing module (not shown), an internal memory (not shown). Data management module (not shown) for managing the data of the) is a microcomputer consisting of a single chip.

The internal memory (not shown) of the smart card chip 104 may store various financial information of an individual or a company such as financial transaction security related information and personal information such as a certificate, account related information, card related information, security card and one-time password. It also stores the information of the smart card chip 104 itself.

The card reader 108 reads the information of the smart card chip 104 and performs user authentication.

In addition, the card reader unit 108 performs the recognition of the smart card chip 104, and various information stored in the smart card chip 104, that is, the authentication certificate, account information, card information, user information and It can be implemented by a conventional reader circuit unit for reading smart card information and the like.

The memory 110 stores various data and may be configured as a flash memory. That is, the memory 110 includes data (for example, a file such as a document, an image, music, a video, etc.) transmitted or transmitted through various programs and data uploading / downloading with external devices. It is stored.

The controller 112 is connected to an external device through the interface unit 114, and serves to input or output data to the memory 110.

The interface unit 114 may be configured as a USB hub, and connects the HSM area including the card reader unit 108 and the slot 106 with the memory area including the memory 110 and the controller 112. do.

That is, the interface unit 114 serves to connect the card reader unit 108 or the memory 110 to an external device.

The interface unit 114, the memory 110, and the controller 112 package the SIP in a system, thereby miniaturizing the security token device, and easily separating the USB memory area from the smart card reader.

The secure token device 100 configured as described above is freely removable from the smart card chip 104 and is easy to issue an OTA using a terminal such as a mobile phone, and can easily add various functions and contents using a universal serial bus. .

In addition, since the security token device 100 performs encryption key generation, management, and operation, it can replace an authorized certificate, and keeps secret keys of general users, thus serving as key storage, and account and password of each site. You can skip the login operation by saving it.

As such, those skilled in the art will appreciate that the present invention can be implemented in other specific forms without changing the technical spirit or essential features thereof. Therefore, the embodiments described above are to be understood as illustrative and not restrictive in all aspects. The scope of the present invention is shown by the following claims rather than the detailed description, and all changes or modifications derived from the meaning and scope of the claims and their equivalents should be construed as being included in the scope of the present invention. do.

1 is a view showing the appearance of the security token device according to the present invention.

Figure 2 is a block diagram schematically showing the internal configuration of the security token device according to the present invention.

<Explanation of symbols for the main parts of the drawings>

100: security token device 102: RF unit

104: smart card chip 106: slot

108: card reader 110: memory

112: controller 114: interface unit

120: transparent lens 150: USB connector

Claims (12)

Smart card chip equipped with a public key cryptosystem; A slot for detaching / attaching the smart card chip; A card reader unit which reads information of the smart card chip and performs user authentication; and An interface unit for connecting the card reader unit or the memory to an external device; Security token device comprising a. The method of claim 1, A memory in which various data are stored; and A controller connected to an external device through the interface unit to input or output data to the memory; Security token device further comprising. The method according to claim 1 or 2, And the interface unit, the memory, and the controller are SIP packaged. The method of claim 1, Security token device further comprises an RF unit for transmitting and receiving wireless signals to perform the transportation fee payment, access authentication, credit card functions. The method of claim 1, The smart card chip is a security token device, characterized in that the SIM type. The method of claim 1, And the public key cryptosystem is in accordance with the PKCS # 11 standard. The method of claim 1, And the public key cryptosystem is loaded on the smart card chip in the form of an applet. The method of claim 1, The interface unit is a security token device, characterized in that the USB hub. The method of claim 1, The security token device is a security token device, characterized in that for communicating with an external device via a USB connector. Install a USB connector for connecting to an external device at one end of the case, and a USB hub for data communication with an external device through the USB connector inside the case. Inside the case, a slot for detachment / attachment of the smart card chip equipped with a public key cryptosystem, the card reader is connected to the USB hub to read the information of the smart card chip to perform user authentication Security token device. The method of claim 10, A security token device further installed inside the case, the RF unit for transmitting and receiving wireless signals to perform traffic fare payment, access authentication, credit card functions. The method of claim 10, The transparent token is characterized in that the transparent lens is installed on the surface of the case so that the slot or the smart card chip inserted into the slot.

Images