KR20110053030A - Security usb device and method for access control using rfid - Google Patents

Security usb device and method for access control using rfid Download PDF

Info

Publication number
KR20110053030A
KR20110053030A KR1020090109821A KR20090109821A KR20110053030A KR 20110053030 A KR20110053030 A KR 20110053030A KR 1020090109821 A KR1020090109821 A KR 1020090109821A KR 20090109821 A KR20090109821 A KR 20090109821A KR 20110053030 A KR20110053030 A KR 20110053030A
Authority
KR
South Korea
Prior art keywords
rfid tag
rfid
usb device
security function
secure usb
Prior art date
Application number
KR1020090109821A
Other languages
Korean (ko)
Inventor
서정훈
이정엽
Original Assignee
주식회사 엘립시스
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 엘립시스 filed Critical 주식회사 엘립시스
Priority to KR1020090109821A priority Critical patent/KR20110053030A/en
Publication of KR20110053030A publication Critical patent/KR20110053030A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • G06F3/0622Securing storage systems in relation to access
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • G06K17/0022Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisions for transferring data to distant stations, e.g. from a sensing device
    • G06K17/0029Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisions for transferring data to distant stations, e.g. from a sensing device the arrangement being specially adapted for wireless interrogation of grouped or bundled articles tagged with wireless record carriers

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Human Computer Interaction (AREA)
  • Storage Device Security (AREA)

Abstract

PURPOSE: A security USB(Universal Serial Bus) device and access control method using an RFID tag are provided to prevent data leakage and data damage by an illegal user by determining a comparison result of an ID which is stored in a security function key of an RFID tag. CONSTITUTION: An RFID(Radio Frequency ID) tag stores an ID which distinguishes a user ID. An RFID transceiver(130) receives a radio signal in an ID of the RFID tag from an antenna to a control unit(120). An interface(110) connects the control unit and a host computer. A security function unit(150) performs the security function and stores the ID of the user. The control unit compares the received ID with the stored ID.

Description

Security USB Device and Method for Access Control Using RDF

The present invention relates to a secure USB device and an access control method, and in particular, by using RFID as a secure USB device, data leakage by an unjust person who may occur when a legitimate user is away from a state allowed to use the secure USB device. The present invention relates to a method for preventing damages that may occur due to danger and undesired use of a secure USB device.

USB (Universal Serial Bus) is the most widely used connection between the host computer and peripherals. Various devices connect to the host computer via USB.

USB memory is the most widely used removable storage device with the convenience of use and the large capacity of NAND flash memory. However, since the security function is not implemented, anyone who can use the USB memory can leak important data stored inside if the device is lost. In order to make up for this, a secure USB memory has been developed that requires user authentication through login. Because access to the data stored in the secure USB memory requires user authentication through login, it is more effective in preventing the risk of data leakage due to device loss compared to the USB memory without the security function.

The USB security token is a hardware device that has an independent processor, storage space, and cryptographic device inside the device to enable secure secret key storage, signature key generation, digital signature and verification, and is also called a hardware security module (HSM). The public certificate can be safely stored in the memory space inside the USB security token, and the stored public certificate cannot be leaked to the outside. The use of USB security tokens is gradually increasing as the use of services that require public certificates and electronic signatures, such as Internet banking and online e-commerce, has increased.

When using a secure USB device such as the secure USB memory and the USB secure token, if the right user is away from the state while allowing the use of the secure USB device, access to the secure USB device is possible, There is a risk of data leakage and damage can occur due to the use of a secure USB device by an unauthorized person. For example, while a legitimate user is allowed to use a USB security token, he / she can access a database containing sensitive data by using a USB security token with an invalid self-certified certificate. May spill. As another example, when online e-commerce is used, if a user leaves the office while allowing the use of the USB security token, the USB security token may be utilized by an unjust person, causing financial damage. To compensate for this, if the secure USB device is not used for a certain time while the secure USB device is allowed, the secure USB device may be automatically locked. However, even in this case, data can be leaked before the secure USB device is locked after a legitimate user is left for a certain period of time, and the damage caused by the unwanted use of the secure USB device may occur. In addition, in order to use the secure USB device again, there is an inconvenience that a legitimate user must unlock the secure USB device every time.

In order to solve the above-mentioned problems, the present invention prevents the risk of data leakage by an unjust person who may occur when a legitimate user leaves the state while allowing the use of the secure USB device, and the secure USB device may be unfairly used. It is also to provide a secure USB device and access control method using RFID that can prevent damages and can be used immediately without a separate unlock process when a legitimate user tries to use the secure USB device again. .

In order to achieve the above object, the present invention provides an antenna enabling wireless reception of ID information stored in an RFID tag, and receiving a radio signal including RFID tag ID information from the antenna and transferring the received signal to a controller. Compared with the RFID transmitter / receiver, the received RFID tag ID and the registered RFID tag ID, a control unit for allowing or blocking access to the security function unit, a security function unit for storing the RFID tag ID and performing a security function, and a host computer. It provides a secure USB device, characterized in that it comprises an interface unit for connecting the control unit, and provides an RFID tag is stored with a legitimate user ID.

In addition, according to another object of the present invention, the step of registering the ID of the RFID tag possessed by a legitimate user in a secure USB device with a built-in RFID transmitter and receiver; Determining whether a registered RFID tag exists in a recognizable area by a secure USB device incorporating an RFID transmitter / receiver;

The control unit permits access to the security function unit when the RFID tag registered in the secure USB device with the RFID transmitter and receiver is recognized and the control unit is secured if the RFID tag registered in the secure USB device with the RFID transmitter and receiver is not recognized. It provides a secure USB device access control method using RFID, characterized in that it comprises the step of blocking access to the functional unit.

As described above, according to the secure USB device and the access control method using RFID, the risk of data leakage by an unjust person and an undesired secure USB device that may occur when a legitimate user leaves the state while allowing the use of the secure USB device are allowed. There is an effect to prevent the damage that can be caused by use. In addition, when a legitimate user tries to use the secure USB device again, there is an effect that can be used immediately without a separate unlocking process.

Hereinafter, an embodiment of the present invention will be described in detail with reference to the accompanying drawings. 1 is a block diagram showing an embodiment of the present invention, which is composed of a host computer 300, a secure USB device 100, and an RFID tag 200. As shown in FIG. The host computer 300 supplies power to the secure USB device 100 through the interface unit 110 and transmits and receives data. The RFID tag 200 stores a user ID in an internal memory space. The secure USB device 100 is composed of an interface unit 110, a control unit 120, an RFID transmission and reception unit 130, an antenna 140, and a security function unit 150. The antenna 140 wirelessly receives data from the RFID tag 200. The RFID transmitter / receiver 130 transmits the radio signal data received from the antenna 140 to the controller 120. The interface unit 110 connects the control unit 120 and the host computer 300. The secure USB device 100 receives power from the host computer 300 through the interface unit 110 and transmits and receives data. The security function unit 150 is a part that performs various security functions of the secure USB device.

Specifically, in the case of the secure USB memory, the security function unit 150 is configured as a nonvolatile memory, and the user's data and the RFID tag 200 ID possessed by the legitimate user are stored in the nonvolatile memory space, and the control unit 120 ) To control access. In order to access a nonvolatile memory space in which important data of a user is stored, access must be granted by the controller 120.

In the case of a USB security token, the security function consists of a cryptographic device and a storage memory space, and consists of a hardware device with a built-in independent processor that can generate digital signature keys and verify digital signatures. Can be stored, so that services such as Internet banking and online e-commerce can be used safely. In the case of the USB security token, the security function unit 150 is also controlled by the control unit 120, and the RFID tag 200 ID possessed by a legitimate user is stored in the internal memory space. In order for a user to use an accredited certificate stored in the USB security token, or to use the electronic signature function provided by the USB security token, the user must receive permission to access the security function unit 150 by the control unit 120.

The control unit 120 compares the received RFID tag 200 ID and the ID of the RFID tag 200 possessed by a legitimate user registered in the storage space of the security function unit 150, and when the comparison result is identical, Allow access to the security function unit 150, and if it does not match, blocks the access to the security function unit 150.

2 is a flowchart illustrating an embodiment of the present invention. The user registers the first RFID tag 200 ID possessed in order to use the secure USB device 100. (410) The registered RFID tag 200 ID is stored in a storage space of the security function unit 150. do. The controller 120 receives the RFID tag 200 ID values at predetermined time intervals through the RFID transmitter and receiver 130 and the antenna 140, and stores the received RFID tag 200 ID and the security function unit 150. The registered RFID tag 200 IDs stored in the space are compared. (420) In general, the ID identification of the RFID tag 200 is preferably performed at intervals of a relatively short time within several seconds. If the comparison value matches, the control unit 120 allows access to the security function unit 150. If the comparison value does not match or the RFID tag 200 ID is not received, the control unit 120. Blocks access to the security function unit 150. (440) Checking whether the registered RFID tag 200 is recognized (420) and thus allowing access to the security function unit 150 (430) The process of blocking and blocking 440 is continuously repeated while using the secure USB device.

3 is an external view of the secure USB device 100 and the RFID tag 200. The antenna 140 is implemented on an internal circuit board of the secure USB device 100. Rather than implementing the antenna 140 in a separate folding form outside the secure USB device 100, the secure USB device 100 can be manufactured in a small and portable form by implementing the antenna 140 on the internal circuit board. . The RFID tag 200 may be manufactured in various forms. For example, the RFID tag 200 may be manufactured in various forms such as a bracelet, a necklace, a key ring, and a card.

Although the above has been described as being limited to the preferred embodiment of the present invention, the present invention is not limited thereto and various changes, modifications, and equivalents may be used. Therefore, the present invention can be applied by appropriately modifying the above embodiments, it will be obvious that such application also belongs to the scope of the present invention based on the technical idea described in the claims below.

1 is a block diagram according to an embodiment of the present invention.

2 is a flowchart illustrating operations according to an embodiment of the present invention.

Figure 3 Appearance of secure USB device and RFID tag according to an embodiment of the present invention

100: secure USB device

110: interface unit

120: control unit

130: RFID transmitter and receiver

140: antenna

150: security function

200: RFID tag

300: host computer

Claims (7)

In the secure USB device 100 using the RFID, An RFID tag 200 which stores an ID for determining that the user is a legitimate user; An antenna (140) for enabling wireless reception of ID information stored in the RFID tag (200); An RFID transmitter / receiver 130 for receiving a radio signal including ID information of the RFID tag 200 from the antenna 140 and transferring the received signal to the controller 120; An interface unit 110 connecting the host computer 300 and the control unit 120; A security function unit 150 that performs a security function and stores an RFID tag 200 ID possessed by a legitimate user; Compare the received RFID tag 200 ID with the ID of the registered RFID tag 200 in the storage of the security function unit 150, and if the comparison result is matched, the access to the security function unit 150 is allowed. If it does not match the control unit 120 to block access to the security function unit 150; Security USB device using the RFID, characterized in that it comprises a. The method of claim 1, The interface unit 110 is a secure USB device, characterized in that produced in the form of USB (Universal Serial Bus). The method of claim 1, The security function unit 150 is composed of a non-volatile memory, the user's data and the RFID tag 200 ID possessed by a legitimate user is stored in the non-volatile memory space is controlled by the control unit 120 Secure USB device, characterized in that. The method of claim 1, The security function unit 150 is composed of a hardware device having a cryptographic operation device and a storage memory space, a built-in independent processor capable of digital signature key generation and digital signature verification, possessed by a legitimate user in the storage memory space An RFID tag (200) ID is stored, secure USB device characterized in that the access control by the control unit (120). In the access control method of the secure USB device 100 using RFID, Registering an ID of the RFID tag 200 possessed by a legitimate user in the secure USB device 100 having the RFID transmitter / receiver 130 embedded therein (410); Determining whether the RFID tag 200 registered in the secure USB device 100 having the RFID transmitter / receiver 130 exists in the recognizable area (420); When the RFID tag 200 registered in the secure USB device 100 having the RFID transmitter / receiver 130 is recognized, allowing the control unit 120 to access the security function unit 150 (430); If the RFID tag 200 registered in the secure USB device 100 having the RFID transmitter / receiver 130 is not recognized, the control unit 120 blocking access to the security function unit 150 (440); Security USB device access control method using RFID, characterized in that it comprises a. The method of claim 5, Registering an ID of the RFID tag 200 possessed by a legitimate user in the secure USB device 100 having the RFID transmitter / receiver 130 embedded therein (410); Receiving the ID of the RFID tag 200 to be registered, characterized in that for storing the ID of the received RFID tag 200 in the storage space of the security function unit 150 The method of claim 5, Determining whether the RFID tag 200 registered in the secure USB device 100 having the RFID transmitter / receiver 130 exists in the recognizable area (420); The RFID transmitter / receiver 130 receives a radio signal at regular intervals to receive an ID of the RFID tag 200 and is registered in the received RFID tag 200 ID and a storage space of the security function unit 150. If the comparison result is matched by comparing the ID of the RFID tag 200 possessed by a legitimate user, it is determined that the registered RFID tag 200 is recognized, and if it does not match, the registered RFID tag 200 is not recognized. Judging.
KR1020090109821A 2009-11-13 2009-11-13 Security usb device and method for access control using rfid KR20110053030A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020090109821A KR20110053030A (en) 2009-11-13 2009-11-13 Security usb device and method for access control using rfid

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020090109821A KR20110053030A (en) 2009-11-13 2009-11-13 Security usb device and method for access control using rfid

Publications (1)

Publication Number Publication Date
KR20110053030A true KR20110053030A (en) 2011-05-19

Family

ID=44362809

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020090109821A KR20110053030A (en) 2009-11-13 2009-11-13 Security usb device and method for access control using rfid

Country Status (1)

Country Link
KR (1) KR20110053030A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101445617B1 (en) * 2013-02-26 2014-10-06 (주)이퓨 Removable memory communication using a Bluetooth-based local area of security and loss prevention methods
KR101530656B1 (en) * 2013-11-25 2015-06-23 (주)세솔 USB memory device with authentication by RFID and its driving method
CN112508153A (en) * 2020-11-25 2021-03-16 中国大唐集团科学技术研究院有限公司 Power plant industrial control system USB flash disk intelligent management and control system based on RFID technology

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101445617B1 (en) * 2013-02-26 2014-10-06 (주)이퓨 Removable memory communication using a Bluetooth-based local area of security and loss prevention methods
KR101530656B1 (en) * 2013-11-25 2015-06-23 (주)세솔 USB memory device with authentication by RFID and its driving method
CN112508153A (en) * 2020-11-25 2021-03-16 中国大唐集团科学技术研究院有限公司 Power plant industrial control system USB flash disk intelligent management and control system based on RFID technology

Similar Documents

Publication Publication Date Title
CA2554300C (en) System and method for encrypted smart card pin entry
US8745395B2 (en) Enabling use of a certificate stored in a smart card
US20140282992A1 (en) Systems and methods for securing the boot process of a device using credentials stored on an authentication token
US20100293374A1 (en) Secure Portable Memory Storage Device
US20080098134A1 (en) Portable Storage Device and Method For Exchanging Data
TW201737151A (en) Data security system with encryption
KR20060134037A (en) Use authentication method, use authentication program, information processing device, and recording medium
KR20110087178A (en) Usb security device with way for secure user-authentication and method of authentication
KR20150113152A (en) Smart card and smart card system with enhanced security features
US20160246954A1 (en) Security card having fingerprint authentication, processing system and processing method therefor
KR101607935B1 (en) System for paying mobile using finger scan and method therefor
EP2590101B1 (en) Authentication using stored biometric data
US20080046739A1 (en) Hash of a Certificate Imported from a Smart Card
CA2593977C (en) Hash of a certificate imported from a smart card
JP2012094146A (en) Method and system for controlling execution of function protected by authentication of user especially relating to use of resource
KR20090002074A (en) Apparatus and method for authenticating a user based on one time password with enhanced safety
KR20110053030A (en) Security usb device and method for access control using rfid
JP2007265321A (en) Personal identification system and personal identification method
US10726160B2 (en) Localized pin management with reader verification and no disclosure
EP1870828A1 (en) Two-Factor Content Protection
Lee et al. A study on a secure USB mechanism that prevents the exposure of authentication information for smart human care services
KR101017014B1 (en) System and method for logging in game server using smart chip
KR101684905B1 (en) User authentication device for multi-authenticating by using fingerprint, security key and wireless tag
TW202234854A (en) <b>WIRELESS COMMUNICATION MODULE AND CONTROLLING SYSTEM AND METHOD FOR APPLICATION DEVICE</b>
KR20150050335A (en) Integrated circuit chip for user authentication and autentication method

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E601 Decision to refuse application
E601 Decision to refuse application