KR20120082778A - Secure digital memory card - Google Patents

Secure digital memory card Download PDF

Info

Publication number
KR20120082778A
KR20120082778A KR1020110004276A KR20110004276A KR20120082778A KR 20120082778 A KR20120082778 A KR 20120082778A KR 1020110004276 A KR1020110004276 A KR 1020110004276A KR 20110004276 A KR20110004276 A KR 20110004276A KR 20120082778 A KR20120082778 A KR 20120082778A
Authority
KR
South Korea
Prior art keywords
target information
inquiry target
terminal
inquiry
chip
Prior art date
Application number
KR1020110004276A
Other languages
Korean (ko)
Inventor
박동호
Original Assignee
시큐어플랫폼즈테크놀로지(주)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 시큐어플랫폼즈테크놀로지(주) filed Critical 시큐어플랫폼즈테크놀로지(주)
Priority to KR1020110004276A priority Critical patent/KR20120082778A/en
Publication of KR20120082778A publication Critical patent/KR20120082778A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/10Program control for peripheral devices
    • G06F13/102Program control for peripheral devices where the programme performs an interfacing function, e.g. device driver
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Human Computer Interaction (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to an SD memory card, wherein the SD memory card according to the present invention comprises an SD interface for connecting a terminal and an SD contact point, and an inquiry target information storage area for storing inquiry target information to be inquired by the terminal. A memory module, an IC card interface that connects the contact IC card contact with the terminal separately from the SD interface, and the query target information stored in the query target information storage area of the memory module is directly connected to the terminal via the SD interface. And an IC chip which controls not to be queried, recorded and read by a memory access, wherein the IC chip receives the inquiry target information to be stored in the inquiry target information storage area of the memory module through the IC card interface. Encrypts the data to be inquired, recorded, and read by access to the inquiry target information storage area. Or to process the terminal connected through the IC card interface to encrypt the inquiry target information to be stored in the inquiry target information storage area of the memory module and store the encrypted inquiry target information in the inquiry target information storage area through the SD interface; Alternatively, the server connected to the terminal is encrypted so that the inquiry target information to be stored in the inquiry target information storage area of the memory module is provided to the terminal.

Description

SD Memory Card {Secure Digital Memory Card}

The present invention relates to an SD memory card having an SD interface and an IC card interface separately, and including a memory module connected to the SD interface and an IC chip connected to the IC card interface.

Secure Digital (SD) memory cards are stamp-sized flash memory cards managed by the SCA (SD Card Association), and are used as storage devices for small digital devices such as personal digital assistants (PDAs), mobile phones, digital cameras, and digital camcorders. do.

Recently, as the number of devices utilizing the SD memory card as a main storage medium has increased, a method of implementing various security functions by providing an IC chip in the SD memory card has been proposed. In the conventional method of providing an IC chip in an SD memory card, the SD interface of the SD memory card is shared between the memory module provided in the SD memory card and the IC chip, so that the IC chip is connected to the memory module through the SD interface. Blocking / allowing access is adopted. However, this method cannot interrupt the unauthorized access to the memory module by interrupting the access right to the memory module once the memory module using the SD interface is allowed through the IC chip. It has

SUMMARY OF THE INVENTION An object of the present invention for solving the above problems is a memory module having an SD interface connecting a terminal and an SD contact point, and a query subject information storage area for storing query subject information to be inquired by the terminal; The IC card interface which connects the contact IC card contact with the terminal separately from the SD interface, and the inquiry target information stored in the inquiry target information storage area of the memory module are inquired by the direct memory access of the terminal through the SD interface. The present invention provides an SD memory card having an IC chip for controlling writing and reading.

The SD memory card according to the present invention comprises a memory module having an SD interface for connecting a terminal and an SD contact point, a query object information storage area for storing inquiry object information to be inquired by the terminal, and separately from the SD interface. The IC card interface connecting the terminal and the contact type IC card contact point and the inquiry object information stored in the inquiry object information storage area of the memory module are not queried, recorded and read by the direct memory access of the terminal through the SD interface. And an IC chip configured to control to prevent the IC chip from receiving the inquiry target information to be stored in the inquiry target information storage area of the memory module through the IC card interface so as not to be queried, recorded and read by the direct memory access. Encrypt and store in the inquiry target information storage area or the IC card interface A terminal connected through the memory is processed to encrypt the inquiry target information to be stored in the inquiry target information storage area of the memory module and to store it in the inquiry target information storage area through the SD interface, or a server connected to the terminal Processing to encrypt the inquiry target information to be stored in the inquiry target information storage area of the memory module to provide to the terminal.

According to the present invention, when the IC chip encrypts the inquiry target information, the IC chip encrypts the inquiry target information input through the IC card interface and transmits the inquiry target information to the terminal through the IC card interface. The terminal may store the encrypted inquiry target information in the inquiry target information storage area of the memory module through the SD interface.

According to the present invention, when the IC chip encrypts the inquiry target information, the IC chip is connected to the memory module, and the inquiry target information of the memory module is encrypted by encrypting the inquiry target information input through the IC card interface. Can be stored in the information storage area.

According to the present invention, when the terminal encrypts the inquiry target information, the IC chip transmits a fixed key value for encrypting the inquiry target information to the terminal via the IC card interface, or the terminal and the inquiry. Dynamically generates a dynamic key value for encrypting the target information and transmits the dynamic key value to the terminal through the IC card interface, and maintains the dynamically generated dynamic key value, and the terminal encrypts the inquiry target information through the key value. The SD interface may be stored in the inquiry target information storage area of the memory module.

According to the present invention, when the server encrypts the inquiry target information, the IC chip transmits a fixed key value for encrypting the inquiry target information to the server via the terminal via the IC card interface, or After agreeing the dynamic key value for encrypting the inquiry target information with the server through the terminal, the agreed dynamic key value is maintained, and the server encrypts the inquiry target information through the key value and then through the SD interface. The data may be stored in the inquiry target information storage area of the memory module.

According to the present invention, the IC chip may process the inquiry target information to be encrypted for each specified information unit.

According to the present invention, when the terminal requests the inquiry of the inquiry target information stored in the inquiry target information storage area of the memory module through the IC card interface, the IC chip authenticates the user of the terminal through the IC card interface. And, based on the authentication result of the user, the inquiry target information stored in the inquiry target information storage area of the memory module can be processed in real time by the inquiry request of the terminal through the SD interface, the IC chip May process the query target information to be decoded and searched for each designated information unit.

According to the present invention, when the IC chip is connected to the memory module, the IC chip may logically connect and manage the inquiry target information storage area provided in the memory module to an extended area of the memory area provided in the IC chip.

According to the present invention, the SD memory card is provided with an IC card interface separate from the SD interface, and the inquiry target information is stored in the memory module connected to the SD interface through the IC chip connected to the IC card interface, thereby storing the SD memory card. There is an advantage of keeping the search target information stored in the memory module securely.

1 is a diagram showing the configuration of an SD memory card according to an embodiment of the present invention.
2 is a diagram illustrating a process of storing inquiry target information according to a first embodiment of the present invention.
3 is a diagram illustrating a process of storing inquiry target information according to a second embodiment of the present invention.
4 is a diagram illustrating a process of storing inquiry target information according to a third exemplary embodiment of the present invention.
5 is a diagram illustrating a process of storing inquiry target information according to a third exemplary embodiment of the present invention.
6 is a diagram illustrating an inquiry process of inquiry target information according to the first embodiment of the present invention.
7 is a diagram illustrating an inquiry process of inquiry target information according to the second embodiment of the present invention.

Hereinafter, with reference to the accompanying drawings and description will be described in detail the operating principle of the preferred embodiment of the present invention. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical spirit of the present invention is determined by the claims, and the following examples are one means for efficiently explaining the technical spirit of the present invention to those skilled in the art to which the present invention pertains. It is only.

1 is a diagram illustrating a configuration of an SD memory card 100 according to an embodiment of the present invention.

In more detail, FIG. 1 includes an IC card interface 125 and an IC chip 130 including a COB in an SD (Secure Digital) memory card, and the SD memory card 100 through the IC chip 130. The present invention relates to an SD memory card (100) configured to control the inquiry target information stored in the inquiry target information storage area included in the memory module (110) so as not to be arbitrarily viewed, recorded, and read through the terminal (300). Those skilled in the art may refer to and / or modify this drawing to implement various methods of the SD memory card 100 configuration (e.g., some components may be omitted or subdivided), or Combined implementation method), but the present invention includes all the implementation methods inferred, and the technical features are not limited to the implementation method shown in FIG.

Referring to FIG. 1, the SD memory card 100 includes an SD interface 105 for connecting a terminal 300 to an SD contact point and inquiry target information for storing inquiry target information to be inquired by the terminal 300. Inquiry of the memory module 110 having a storage area, the IC card interface 125 connecting the contact IC card contact with the terminal 300 separately from the SD interface 105, and the memory module 110. And an IC chip 130 for controlling the inquiry target information stored in the target information storage area to not be queried, recorded and read by the direct memory access of the terminal 300 through the SD interface 105. The memory card 100 may further include an interworking module for connecting the IC chip 130 and the memory module 110. Here, the inquiry target information may include an unspecified number of identification information.

The SD interface 105 is a DATA0 contact, a DATA1 contact, a DATA2 contact, and a DATA3 that are in physical contact with an SD card contact of a terminal interface on which the SD memory card 100 is inserted according to a standard defined by an SCA (SD Card Association). It consists of contacts, GND contacts, VCC contacts, CLK contacts and CMD contacts.

The memory module 110 manages the storage unit 120 corresponding to a non-volatile memory (eg, a flash memory) capable of reading / writing information to be stored, and a file system of the non-volatile memory. And a management unit 115 that communicates with the terminal 300 through 105 to process memory access of the terminal 300.

According to the present invention, the storage unit 120 of the memory module 110 is allocated an inquiry target information storage area for storing the inquiry target information.

The IC card interface 125 includes a VCC contact, an RST contact, a CLK contact, a D + contact, a GND contact, a VPP contact, an I / O contact, and a D- contact corresponding to the ISO / IEC 7816 standard. The contact is electrically connected to each contact of a chip on board (COB) of ISO / IEC 7816 standard, and the COB is in physical contact with the COB contact of the terminal-side interface of the terminal-side interface into which the SD memory card 100 is inserted. do.

The IC chip 130 may include a memory unit 140 corresponding to a nonvolatile memory (for example, a flash memory, an EEPROM, a ROM, etc.) in which program codes and data sets are written, and an execution memory in which the program codes and data sets are loaded. (Eg, RAM) and a controller 135 having a processor that executes the program code and inputs and outputs the data set, wherein the controller 135 further includes a co-processor that processes an encryption operation. It can be provided.

According to an exemplary embodiment of the present disclosure, the memory unit 140 may store and maintain at least one fixed key value for encrypting the inquiry target information. If the fixed key value is a symmetric key infrastructure, the fixed key value can be used both when encrypting and decrypting the inquiry target information. On the other hand, if the fixed key value is a public key infrastructure, the fixed key value is formed by distinguishing an encryption key value for encrypting the search target information and a decryption key value for decryption according to the public key infrastructure.

According to another exemplary embodiment of the present invention, the memory unit 140 may store and maintain at least one seed value necessary for generating a dynamic key value for encrypting the inquiry target information, and according to the intention of the person skilled in the art When a value is provided from the terminal 300 through the IC card interface 125 or is agreed with the terminal 300 in real time, the memory unit 140 may not store the seed value. If the dynamic key value is a symmetric key based structure, the dynamically generated dynamic key value may be used both when encrypting and decrypting the inquiry target information. On the other hand, if the dynamic key value is a public key infrastructure, the dynamically generated dynamic key value may be dynamically generated by dividing an encryption key value for encrypting inquiry target information and a decryption key value for decryption according to the public key infrastructure. . The dynamic key value for decrypting the encrypted inquiry target information among the dynamically generated dynamic key values is stored and maintained in the memory unit 140 after the key generation.

When the fixed key value is maintained in the memory unit 140 according to an embodiment of the present invention, the processor executes the program code recorded in the memory unit 140 through the IC card interface 125. The inquiry target information input from the terminal 300 may be encrypted using a fixed key value maintained in the memory unit 140. Alternatively, the processor executes the program code recorded in the memory unit 140 and transmits the inquiry target information to the memory unit 140 by a key value request command input from the terminal device through the IC card interface 125. The fixed fixed key value may be provided to the terminal 300.

When the dynamic key value is dynamically generated according to another embodiment of the present invention, the processor executes the program code (for example, a program code including a key generation function) recorded in the memory unit 140 to perform the The dynamic key value is dynamically changed using a seed value held in the memory unit 140 and at least one seed value provided from the terminal 300 through the IC card interface 125 or agreed in real time. After generating, the inquiry target information input from the terminal 300 through the IC card interface 125 may be encrypted using the dynamically generated dynamic key value. Alternatively, the processor may provide the dynamically generated dynamic key value to the terminal 300 through the IC card interface 125.

On the other hand, the memory unit 140 of the IC chip 130 stores and maintains at least one PIN (Personal Identification Number) authentication value, biometric authentication value, the PIN authentication request command through the IC card interface 125 or When a biometric authentication request command is input, the controller 135 of the IC chip 130 processes PIN authentication or biometric authentication.

The interworking module includes an IC chip 130 connected to the terminal 300 through the IC card interface 125 in the SD memory card 100 and the terminal 300 through the SD interface 105. As a generic term for a module that connects the memory module 110 to be connected to exchange data, the interworking module may include a SPI (Serial Peripheral Interface).

According to the exemplary embodiment of the present invention, when the IC chip 130 is connected to the memory module 110 through the interworking module, the control unit 135 of the IC chip 130 is provided in the memory module 110. The stored query target information storage area can be managed by connecting the memory area provided in the memory unit 140 of the IC chip 130 to a logically extended area. For example, if the last address of the memory unit 140 is '0XFFFF', the controller 135 may determine a physical start address of the storage area for the query target information allocated to the storage unit 120 of the memory module 110. Logically connect to the '0X00010000' connected to the last address of the memory unit 140, '0XFFFFFFFF' Rkwldml is stored from the '0X00010000' assigned to the storage unit 120 of the memory module 110 The inquiry target information storage area may be set and managed as an extended memory area managed by the controller 135. Here, the management of the inquiry target information storage area of the memory module 110 as an extended area of the memory unit 140 means that the inquiry target information storage area corresponds to various security functions provided in the IC chip 130. Protected by, it means that the memory area is blocked access without the various authorization authentication through the IC chip (130).

According to the present invention, the IC chip 130 is a query target information stored in the query target information storage area of the memory module 110 by the direct memory access of the terminal 300 through the SD interface 105 Control to prevent the inquiry, recording and reading arbitrarily, and to control the inquiry target information stored in the inquiry target information storage area to be inquired, recorded and read in cooperation with the IC chip 130.

According to an exemplary embodiment of the present invention, the IC chip 130 receives the inquiry target information to be stored in the inquiry target information storage area of the memory module 110 through the IC card interface 125 and accesses the direct memory. The data can be encrypted and stored in the inquiry target information storage area so as not to be queried, recorded, and read by the C.

When the IC chip 130 encrypts the inquiry target information according to the exemplary embodiment of the present invention, the IC chip 130 may query the inquiry target information to be encrypted through the IC card interface 125 and the inquiry. Receive an encryption command for the target information. When encrypting the inquiry target information through a dynamic key value, the IC chip 130 may dynamically generate a dynamic key value to encrypt the inquiry target information. After the inquiry target information and the encryption command are input, the IC chip 130 at least one of a fixed key value and the dynamically generated dynamic key value held on the IC chip 130 based on the encryption command. The input inquiry target information is encrypted using a key value. The IC chip 130 provides the encrypted inquiry target information to the terminal 300 through the IC card interface 125, and the terminal 300 provides the memory module (s) through the SD interface 105. 110 can be stored in the inquiry target information storage area.

Meanwhile, when the IC chip 130 encrypts the inquiry target information according to an embodiment of the present invention, if the IC chip 130 and the memory module 110 are connected through the interworking module, The IC chip 130 may store the encrypted inquiry target information in the inquiry target information storage area of the memory module 110 through the interworking module.

Meanwhile, the IC chip 130 may maintain or dynamically generate one or more key values for each designated information unit of the inquiry target information. In this case, the IC chip 130 may generate the at least one key value through the one or more key values. The inquiry target information can be encrypted for each designated information unit.

According to another exemplary embodiment of the present invention, the IC chip 130 may include: query target information to be stored in the query target information storage area of the memory module 110 by the terminal 300 connected through the IC card interface 125; May be encrypted so as not to be queried, recorded and read by the direct memory access of the terminal 300 and stored in the inquiry target information storage area through the SD interface 105.

According to another embodiment of the present invention, when the terminal 300 encrypts the inquiry target information, the IC chip 130 requests an encryption key from the terminal 300 through the IC card interface 125. Receive a command. In response to the encryption key request command, the IC chip 130 provides the fixed key value held in the memory unit 140 to the terminal 300 through the IC card interface 125 or the inquiry target information. And dynamically generate one or more dynamic key values to be encrypted and decrypted, and provide the terminal 300 with a dynamic key value for encrypting the inquiry target information among the dynamically generated dynamic key values. The dynamic key value to be decrypted is maintained in the memory unit 140. The terminal 300 encrypts the inquiry target information through a key value provided from the IC chip 130 through the IC card interface 125 to inquire the memory module 110 through the SD interface 105. Can be stored in the target information storage area.

On the other hand, the IC chip 130 may maintain or dynamically generate one or more key values for each designated information unit of the inquiry target information, and provide them to the terminal 300. In this case, the terminal 300 The inquiry target information may be encrypted for each designated information unit using one or more key values provided.

According to another exemplary embodiment of the present invention, the IC chip 130 may display the inquiry target information to be stored in the inquiry target information storage area of the memory module 110 by the server 200 connected to the terminal 300. The terminal 300 may be encrypted and provided to the terminal 300 so as not to be queried, recorded, or read by the direct memory access of the terminal 300.

According to another exemplary embodiment of the present invention, when the server 200 communicating with the terminal 300 encrypts the inquiry target information, the IC chip 130 is connected to the IC card interface 125. The server 300 receives the server 200 authentication information and the encryption key request command that identify the server 200 connected to the terminal 300. The IC chip 130 reads the server 200 authentication information and encrypts the inquiry target information to be stored in the inquiry target information storage area of the memory module 110 by the server 200 connected to the terminal 300. The authentication server 200 is authenticated. For example, the IC chip 130 stores and maintains the server 200 verification information capable of encrypting the inquiry target information (or dynamically generates it according to a verification information generation rule previously agreed with the server 200). By comparing the server 200 authentication information with the server 200 verification information and confirming whether or not the result of the specified operation matches the predicted result, the server 200 connected to the terminal 300 is the object of inquiry. It authenticates whether it is an authorized server 200 that encrypts the information. When the server 200 connected with the terminal 300 is authenticated with the authenticated server 200 that encrypts the inquiry target information, the IC chip 130 is connected to the terminal 300 through the IC card interface 125. Delivering a fixed key value for encrypting the inquiry target information to the server 200 via the server, or dynamically generating one or more dynamic key values for encrypting and decrypting the inquiry target information and then dynamically generating the dynamic key value. The dynamic key value for encrypting the inquiry target information is transmitted to the server 200 via the terminal 300, and the dynamic key value for decrypting the encrypted inquiry target information is maintained in the memory unit 140. . Alternatively, the IC chip 130 agrees with the server 200 via the IC card interface 125 via the terminal 300 through one or more random number exchanges, and then the agreed dynamic key. The dynamic key value for decrypting the encrypted inquiry target information among the values may be maintained in the memory unit 140. The server 200 encrypts the inquiry target information to be provided to the terminal 300 using the key value provided or agreed from the IC chip 130 via the terminal 300, and the encrypted inquiry target. The information is transmitted to the terminal 300. The terminal 300 receives the encrypted inquiry target information from the server 200 and transmits the received inquiry target information to the inquiry target information storage area of the memory module 110 through the SD interface 105. Can be saved.

On the other hand, the IC chip 130 maintains or dynamically generates one or more key values for each designated information unit of the inquiry target information, and delivers them to the server 200 via the terminal 300 or the server. One or more key values may be agreed with the server 200. In this case, the server 200 may encrypt the inquiry target information for each designated information unit through the one or more key values provided / agreed.

After being stored in the inquiry target information storage area of the memory module 110, the terminal 300 inquires the query target information stored in the inquiry target information storage area of the memory module 110 through the IC card interface 125. When requesting, the IC chip 130 authenticates the user of the terminal 300 through at least one of a PIN authentication value or a biometric authentication value stored in the memory unit 140.

When the user is authenticated, the IC chip 130 decrypts the inquiry target information encrypted and stored in the inquiry target information storage area of the memory module 110 by the terminal 300 through the SD interface 105. Do it so you can.

According to the exemplary embodiment of the present invention, the IC chip 130 receives a decryption key request command for the encrypted and stored inquiry target information through the IC card interface 125. By the decryption key request command, the IC chip 130 transmits one or more key values held in the memory unit 140 to the terminal 300 for decryption of the inquiry target information, and the terminal 300. Decodes and retrieves the inquiry target information encrypted and stored in the inquiry target information storage area of the memory module 110 through the key value.

If the inquiry target information encrypted and stored in the inquiry target information storage area of the memory module 110 is encrypted for each specified information unit, the terminal 300 uses the one or more key values transmitted to the memory module 110. Inquiry can be made by decoding the inquiry target information encrypted in the inquiry target information storage area for each information unit.

According to an embodiment of the present invention, when the IC chip 130 and the memory module 110 are connected, the IC chip 130 inquires about the encrypted and stored inquiry target information through the IC card interface 125. Get the request command. By the inquiry request command, the IC chip 130 enters the inquiry target information storage area of the memory module 110 based on one or more key values held in the memory unit 140 to decrypt the inquiry target information. After decrypting and querying the encrypted search target information, the inquiry result may be provided to the terminal 300 through the IC card interface 125.

If the inquiry target information encrypted and stored in the inquiry target information storage area of the memory module 110 is encrypted for each designated information unit, the IC chip 130 may use the one or more key values for the memory module 110. The inquiry target information encrypted and stored in the inquiry target information storage area may be decrypted and searched for each information unit.

2 is a diagram illustrating a process of storing inquiry target information according to a first embodiment of the present invention.

In more detail, in FIG. 2, when the IC chip 130 of the SD memory card 100 encrypts the inquiry target information and transmits the inquiry target information to the terminal 300, the terminal 300 transmits the encrypted inquiry target information to the memory module. The process of storing the information to be stored in the inquiry object information storage area provided at 110, and a person of ordinary skill in the art to which the present invention pertains, refer to and / or modify this drawing 2 to Various implementation methods (e.g., some steps may be omitted, or the order may be changed) for the storage process may be inferred, but the present invention includes all the implementation methods inferred, as shown in FIG. The technical features are not limited only to the implemented method.

Referring to FIG. 2, the server 200 provides inquiry target information to the terminal 300 (205), and the terminal 300 authenticates a user with the IC chip 130 provided in the SD memory card 100. Request 210. When the user authentication is completed through the IC chip 130 (215), the terminal 300 inputs the inquiry target information to the IC chip 130 (220), the IC chip 130 is the city After extracting or dynamically generating one or more key values for encrypting the target information (225), the inquiry target information is encrypted (230) through the key value and transmitted to the terminal (300) (235). The terminal 300 stores the encrypted inquiry target information in the inquiry target information storage area of the memory module 110 provided in the SD memory card 100 (240).

3 is a diagram illustrating a process of storing inquiry target information according to a second embodiment of the present invention.

In more detail, in FIG. 3, when the IC chip 130 and the memory module 110 of the SD memory card 100 are connected, the IC chip 130 encrypts the inquiry target information and is provided in the memory module 110. As a process of storing the search target information storage area, a person having ordinary knowledge in the technical field to which the present invention pertains may refer to FIG. It is possible to infer an implementation method (for example, an implementation method in which some steps are omitted or the order is changed), but the present invention includes all the implementation methods inferred above, and only the implementation method shown in FIG. The technical features are not limited.

Referring to FIG. 3, the server 200 provides inquiry target information to the terminal 300 (305), and the terminal 300 authenticates a user with the IC chip 130 provided in the SD memory card 100. Request (310). When the user authentication is completed through the IC chip 130 (315), the terminal 300 inputs the inquiry target information to the IC chip 130 (320), the IC chip 130 is the city After extracting or dynamically generating one or more key values for encrypting the target information (325), encrypting the query target information through the key value (330), the memory module provided in the SD memory card 100 The encrypted inquiry target information is stored in the inquiry target information storage area of the operation 110 (335).

4 is a diagram illustrating a process of storing inquiry target information according to a third exemplary embodiment of the present invention.

In more detail, in FIG. 4, when the IC chip 130 of the SD memory card 100 transmits one or more key values to encrypt the inquiry target information to the terminal 300, the terminal 300 transmits the inquiry target information. The process of encrypting and storing the information to be stored in the inquiry target information storage area provided in the memory module 110 is illustrated by those skilled in the art to which the present invention pertains. Although various implementation methods (for example, some steps may be omitted or the order may be changed) may be inferred about the storing process of the inquiry target information, the present invention includes all the implementation methods inferred. The technical features are not limited only to the implementation method shown in FIG.

Referring to FIG. 4, the server 200 provides inquiry target information to the terminal 300 (405), and the terminal 300 authenticates a user with an IC chip 130 provided in the SD memory card 100. Request (410). When user authentication is completed through the IC chip 130 (415), the terminal 300 requests the IC chip 130 one or more key values to encrypt the inquiry target information (420), the IC The chip 130 extracts or dynamically generates one or more key values for encrypting the urban object information (425), and transmits them to the terminal 300 (430). After the terminal 300 encrypts the inquiry target information through the key value (435), the encrypted query target is stored in the inquiry target information storage area of the memory module 110 provided in the SD memory card 100. The information is stored (440).

5 is a diagram illustrating a process of storing inquiry target information according to a third exemplary embodiment of the present invention.

In more detail, FIG. 5 illustrates that the server 200 receives one or more key values for encrypting the inquiry target information from the IC chip 130 via the terminal 300 or agrees therewith, and then encrypts the inquiry target information. When provided to the terminal 300, the terminal 300 shows the process of storing the encrypted query target information in the query target information storage area provided in the memory module 110, the present invention belongs to If one of ordinary skill in the art with reference to Figure 5 and / or modified to infer various implementation methods (e.g., some steps are omitted, or the order of the implementation method changed) for the storage of the inquiry target information. As will be appreciated, the present invention includes all implementation methods inferred, and the technical features are not limited to the implementation method illustrated in FIG.

Referring to FIG. 5, the terminal 300 requests user authentication to the IC chip 130 provided in the SD memory card 100 (505). When the user authentication is completed through the IC chip 130 (510), the terminal 300 requests the IC chip 130 to authenticate the server 200 to provide the inquiry target information and the server. After the 200 requests one or more key values required to encrypt the inquiry target information (515), the IC chip 130 authenticates the server 200 (520), and then the server 200 After extracting or dynamically generating one or more key values necessary for encrypting the inquiry target information (525), the server 300 transmits the data to the server 200 via the terminal 300 or via the terminal 300. The server 200 and 530 agree one or more key values necessary for encrypting the inquiry target information.

The server 200 encrypts the inquiry target information through the key value (535), provides the terminal 300 to the terminal 300 (540), and the terminal 300 is provided in the SD memory card 100. The encrypted inquiry target information is stored in the inquiry target information storage area of the memory module 110 (545).

6 is a diagram illustrating an inquiry process of inquiry target information according to the first embodiment of the present invention.

In more detail, FIG. 6 illustrates that the terminal 300 is stored in the inquiry target information storage area of the memory module 110 using one or more key values provided from the IC chip 130 provided in the SD memory card 100. As a process of inquiring information to be queried, a person having ordinary knowledge in the technical field to which the present invention pertains may refer to and / or modify this drawing 6 to implement various methods for inquiring of the information to be queried. For example, some steps may be omitted, or the order of implementation may be changed), but the present invention includes all the implementation methods inferred above, and the technical features may be modified only by the implementation method shown in FIG. It is not limited.

Referring to FIG. 6, the terminal 300 requests user authentication to the IC chip 130 provided in the SD memory card 100 (605). When user authentication is completed through the IC chip 130 (610), the terminal 300 transmits the inquiry target information encrypted and stored in the inquiry target information storage area of the memory module 110 by the IC chip 130. One or more key values required for decryption are requested (615), and the IC chip 130 extracts the requested one or more key values (620) and transfers them to the terminal 300 (625).

The terminal 300 inquires the inquiry object information encrypted and stored in the inquiry object information storage area of the memory module 110 through the key value (630), and inquires the inquiry object information from the memory module 110. Verify the result (635).

7 is a diagram illustrating an inquiry process of inquiry target information according to the second embodiment of the present invention.

In more detail, in FIG. 7, when the IC chip 130 and the memory module 110 of the SD memory card 100 are connected, the IC chip 130 is stored in the inquiry target information storage area of the memory module 110. As a process of inquiring inquiry target information and providing the terminal 300 to the terminal 300, a person having ordinary knowledge in the technical field to which the present invention pertains may refer to and / or modify this drawing to query the inquiry target information. Various implementation methods (e.g., some steps may have been omitted or reordered) may be inferred for the process, but the present invention includes all the implementation methods inferred, as shown in FIG. The technical features are not limited only by the implementation method.

Referring to FIG. 7, the terminal 300 requests user authentication from the IC chip 130 provided in the SD memory card 100 (705). When the user authentication is completed through the IC chip 130 (710), the terminal 300 encrypts the inquiry target information stored in the inquiry target information storage area of the memory module 110 by the IC chip 130. After requesting an inquiry (715), the terminal 300 extracts one or more key values necessary for decrypting the inquiry target information encrypted and stored in the inquiry target information storage area of the memory module 110 (720). After querying the query target information encrypted and stored in the query target information storage area of the memory module 110 through a value (725), and checking the query result of the query target information from the memory module 110 (730), The verified inquiry result is provided to the terminal 300 (735).

100: SD memory card 105: SD interface
110: memory module 125: IC card interface
130: IC chip 300: terminal

Claims (9)

An SD interface connecting the terminal to the SD contact point;
A memory module having a query target information storage area for storing query target information to be queried by the terminal;
An IC card interface for connecting a contact type IC card contact with the terminal separately from the SD interface; And
And an IC chip for controlling the inquiry target information stored in the inquiry target information storage area of the memory module to not be queried, recorded, and read by the direct memory access of the terminal through the SD interface.
The IC chip,
Receives the inquiry target information to be stored in the inquiry target information storage area of the memory module through the IC card interface and encrypts it so as not to be inquired, recorded and read by the direct memory access, and stores the inquiry target information in the inquiry target information storage area; or
A terminal connected through the IC card interface encrypts the query target information to be stored in the query target information storage area of the memory module and stores the encrypted query target information in the query target information storage area through the SD interface; or
And a server, which is connected with the terminal, to encrypt the inquiry target information to be stored in the inquiry target information storage area of the memory module and provide the encrypted encryption target information to the terminal.
The method of claim 1,
When the IC chip encrypts the inquiry target information,
The IC chip,
Encrypting the inquiry target information input through the IC card interface and transmitting the encrypted information to the terminal through the IC card interface;
The terminal comprises:
And storing the encrypted inquiry target information in the inquiry target information storage area of the memory module through the SD interface.
The method of claim 1,
When the IC chip encrypts the inquiry target information,
The IC chip,
Is connected to the memory module,
And encrypting the inquiry target information input through the IC card interface and storing the encrypted inquiry target information in the inquiry target information storage area of the memory module.
The method of claim 1,
When the terminal encrypts the inquiry target information,
The IC chip,
Delivering a fixed key value for encrypting the inquiry target information to the terminal through the IC card interface, or dynamically generating a dynamic key value for encrypting the terminal and the inquiry target information to the terminal through the IC card interface. Maintains the dynamically generated dynamic key value after passing,
The terminal comprises:
And encrypting the inquiry target information through the key value and storing the inquiry target information in the inquiry target information storage area of the memory module through the SD interface.
The method of claim 1,
If the server encrypts the inquiry target information,
The IC chip,
The fixed key value for encrypting the inquiry target information is transmitted to the server via the terminal via the IC card interface, or after agreeing a dynamic key value for encrypting the inquiry target information with the server through the terminal. Keep the agreed dynamic key value,
The server,
And encrypting the inquiry target information through the key value and storing the inquiry target information in the inquiry target information storage area of the memory module through the SD interface.
The method of claim 1, wherein the IC chip,
And processing the data to be encrypted so as to be encrypted for each designated information unit.
The method of claim 1, wherein the IC chip,
When the terminal requests the inquiry of the inquiry target information stored in the inquiry target information storage area of the memory module through the IC card interface,
Authenticate the user of the terminal through the IC card interface,
And an inquiry object information stored in an inquiry object information storage area of the memory module is decoded in real time by an inquiry request of the terminal through the SD interface, based on the authentication result of the user.
The method of claim 7, wherein the IC chip,
And processing so that the inquiry target information is decoded for each designated information unit and inquired.
The method of claim 1, wherein the IC chip,
When connected to the memory module,
And managing the inquiry target information storage area provided in the memory module logically by connecting to an extended area of the memory area provided in the IC chip.
KR1020110004276A 2011-01-14 2011-01-14 Secure digital memory card KR20120082778A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020110004276A KR20120082778A (en) 2011-01-14 2011-01-14 Secure digital memory card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020110004276A KR20120082778A (en) 2011-01-14 2011-01-14 Secure digital memory card

Publications (1)

Publication Number Publication Date
KR20120082778A true KR20120082778A (en) 2012-07-24

Family

ID=46714451

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020110004276A KR20120082778A (en) 2011-01-14 2011-01-14 Secure digital memory card

Country Status (1)

Country Link
KR (1) KR20120082778A (en)

Similar Documents

Publication Publication Date Title
US9100187B2 (en) Authenticator
TWI524275B (en) Storage device and method of operating a storage device
US7469837B2 (en) Storage device
KR100676087B1 (en) Secure data storage apparatus with USB interface, and method thereof
JP4360422B2 (en) Authentication information management system, authentication information management server, authentication information management method and program
CN108345782B (en) Intelligent hardware safety carrier
TW200928997A (en) Critical security parameter generation and exchange system and method for smart-card memory modules
CN108345785B (en) Built-in intelligent safety action device
KR20140126976A (en) apparatus and user terminal for mobile identification
JP4578132B2 (en) Portable information storage medium system
JP5976458B2 (en) IC card and portable electronic device
CN101883357A (en) Method, device and system for mutual authentication between terminal and intelligent card
CN113595714A (en) Contactless card with multiple rotating security keys
KR20070094108A (en) Data security device and method and mobile terminal including the same
JP2009032003A (en) Portable electronic device, terminal device, authentication system, and authentication method
KR101666591B1 (en) One time password certifacation system and method
CN103699853B (en) A kind of intelligent SD card and control system thereof and method
JP4832926B2 (en) Portable data storage device and data read control method
TWI596547B (en) Card application service anti-counterfeiting writing system and method based on multi-card combination
KR20150017374A (en) Method for Settlement by using IC Chip
KR20200013494A (en) System and Method for Identification Based on Finanace Card Possessed by User
KR100574238B1 (en) Data storage apparatus with usb interface ic chip, and storing method thereof
JP2006227679A (en) Usb memory key
KR20120082778A (en) Secure digital memory card
TWI651624B (en) Smart hardware safety carrier

Legal Events

Date Code Title Description
A201 Request for examination
AMND Amendment
E601 Decision to refuse application
AMND Amendment
J201 Request for trial against refusal decision
J301 Trial decision

Free format text: TRIAL DECISION FOR APPEAL AGAINST DECISION TO DECLINE REFUSAL REQUESTED 20130513

Effective date: 20140723