KR20130053132A - Memory card and portable terminal and encrypted message exchanging method - Google Patents

Memory card and portable terminal and encrypted message exchanging method Download PDF

Info

Publication number
KR20130053132A
KR20130053132A KR1020110118712A KR20110118712A KR20130053132A KR 20130053132 A KR20130053132 A KR 20130053132A KR 1020110118712 A KR1020110118712 A KR 1020110118712A KR 20110118712 A KR20110118712 A KR 20110118712A KR 20130053132 A KR20130053132 A KR 20130053132A
Authority
KR
South Korea
Prior art keywords
session key
message
certificate
message exchange
module
Prior art date
Application number
KR1020110118712A
Other languages
Korean (ko)
Inventor
김동영
Original Assignee
주식회사 에스엠이네트웍스
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 에스엠이네트웍스 filed Critical 주식회사 에스엠이네트웍스
Priority to KR1020110118712A priority Critical patent/KR20130053132A/en
Publication of KR20130053132A publication Critical patent/KR20130053132A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Abstract

PURPOSE: A memory card and a mobile phone comprising the same, and an encoding message exchanging method using the same are provided to increase user convenience as intensifying security in an SNS(Social Network Service) or a message exchange service. CONSTITUTION: A certificate management module(140) manages a certificate stored in a certificate storing unit. A message exchange service module(120) provides a message exchange service to a user by encoding the message exchange using a certificate. A micro SD card(200) which is a certificate storing unit, includes an SD card interface(210), a storing unit(230) and a security module(240). The SD card interface inputs or outputs data according to a data communication protocol. The storing unit stores data inputted through the SD card interface. The security module stores the certificate for security of message exchange in an internal storing region by accessing through an authentication process using the SD card interface. [Reference numerals] (120) SNS executing module; (140) Certificate management module; (160) Smart SD management module; (210) SD card I/F

Description

Memory card and portable terminal having same, method for exchanging encrypted message using same {memory card and portable terminal and encrypted message exchanging method}

The present invention relates to a memory card mountable on a portable terminal such as a micro SD card, a portable terminal for the same, and a message exchange method performed in the portable terminal.

Personal informatization devices, starting with personal computers, have recently evolved into smart phones with maximum portability and applicability. Personal information devices have been connected to a network such as the Internet to enhance convenience and diversify services.

In addition, personal information devices along with the network have also changed the appearance of human relationships, starting with simply sending and receiving calls or text messages, creating a chat room and continuously sending and receiving text and multimedia messages. Can be used to bond acquaintances.

In particular, using a smart phone connected to a recent wireless network, Social Network Service (SNS) developed from the messenger service, for example, to provide a variety of complex types of services, such as disclosed in Korean Patent Laid-Open No. 10-2011-0099599 Can be.

However, the current SNS service is very weak in security of personal privacy information. For example, a device for actively preventing a third party from illegally peeping a message exchanged with a counterpart in a chat room has not been presented.

The present invention is to provide a memory card and a message exchange method that can enhance the security in the SNS or message exchange service.

Alternatively, the present invention provides user convenience while enhancing security in an SNS or a message exchange service.

It is to provide a memory card and a message exchange method that can be increased.

According to an aspect of the present invention, there is provided a portable terminal including: a certificate storage unit storing a certificate for a message exchange service; A certificate management module for managing a certificate stored in the certificate storage unit; And a message exchange service providing module for providing a message exchange service to a user and encrypting a message exchange to be transmitted to the outside using the certificate.

Here, the message exchange service performing module may be a software module that performs a peer-to-peer (P2P) type messenger operation with a conversation counterpart terminal to perform a message exchange.

Here, the certificate management module may manage the stored certificate, perform a signature using the certificate, and verify a certificate to be stored.

Here, the certificate storage unit is a micro SD card, SD card interface for inputting or outputting data in accordance with a predetermined data communication protocol; A storage unit which stores data input through the SD card interface; And it may be accessed through a predetermined authentication process through the SD card interface, and may include a security module for storing a certificate for the security of message exchange in the internal storage area.

Here, the message exchange service performing module may include accessing a message exchange service server; Creating a message chat room; Sharing a session key to be used in the generated chat room with the other party of the message chat room; Encrypting and transmitting a message to the counterpart using the session key; And decrypting an encrypted message received from the counterpart using the session key.

A memory card attachable to a portable terminal according to another aspect of the present invention includes a memory card interface for inputting or outputting data in accordance with a predetermined data communication protocol; A storage unit to store data input through the memory card interface; And a security module accessible through a predetermined authentication process through the memory card interface, and storing a certificate for security of message exchange in an internal storage area, wherein the memory card interface includes the storage unit and the security module. Switching data transmission so that the portable terminal can exchange data with the selected one, and if the data in the portable terminal is for a security task of message exchange, the data is transferred to the security module.

Here, when determining that the signal input from the portable terminal is a signal according to the ISO 7816 standard, the memory card interface transmits the signal to the security module, and the signal transmitted from the portable terminal is a signal according to the SD protocol for data access. If it is determined that it can be delivered to the storage.

The memory card interface may transmit an encrypted message to the security module to request decryption, receive the decrypted message accordingly, and receive the encrypted message from the security module and transmit the encrypted message to the mobile terminal.

The apparatus may further include a message conversation storage unit which is formed in an internal storage area of the security module and stores the contents of the message exchange in a predetermined section in an encrypted manner.

The message conversation storage unit may further include a message conversation storage unit in which access is restricted by specifying a portion of the storage area of the storage unit only for the purpose of encrypting and storing the contents of the message exchange.

Here, the memory card interface may transmit a session key generation request for message exchange in the portable terminal to the security module, and the security module may generate a session key using the certificate. In another implementation, the memory card interface may receive a session key generation request for message exchange from the mobile terminal and a seed value necessary for generating a session key, and transmit the received seed value to the security module. The session key may be generated using the certificate and the seed value.

In another implementation, the security module may store, with respect to an external server providing the message exchange service, ID information for identifying a subscriber of the service.

In another implementation, the memory card interface may copy and store an encapsulated message encrypted by the security module and delivered to the mobile terminal, and store the encapsulated message received from the mobile terminal to the security module. While copying it can be stored in the storage unit.

The memory card may have a form and contact terminals of a micro SD card, and the memory card interface may be an SD card interface for inputting and outputting data according to an SD protocol.

According to another aspect of the present invention, there is provided a message exchange method comprising: accessing a message exchange service server using a mobile terminal having a certificate stored therein; Creating a message chat room; Sharing a session key to be used in the generated chat room with the other party of the message chat room; Encrypting and transmitting a message to the counterpart using the session key; And decrypting an encrypted message received from the counterpart using the session key.

The message exchange method may further include terminating the generated chat room.

Here, the message exchange method may further include updating the session key.

Here, the message exchange method may further include storing the conversation contents performed in the chat room.

Here, in the service server access step, the ID recorded in the USIM mounted on the portable terminal is read, the ID is automatically input in the ID field of the login screen of the service server, and the micro SD card mounted on the portable terminal. The user may log in by reading the ID recorded in the method and automatically inputting the ID into the password column of the login screen of the service server.

Here, in the service server access step, the ID recorded in the micro SD card mounted in the portable terminal is read, the ID is automatically input in the ID field of the login screen of the service server, and the password is input from the user. You can log in by passing it to the service server.

The sharing of the session key may include: generating a session key for use in the generated chat room; Encrypting the generated session key with a public key of a conversation counterpart; And transmitting the generated session key to a mobile terminal of a conversation counterpart.

In the generating of the session key, a session key may be generated by applying a predetermined security algorithm for key generation. In another implementation, a session key may be generated by applying a seed value for generating the session key and a predetermined key generation security algorithm.

The transmitting of the generated session key to a mobile terminal of a conversation counterpart may include: encrypting the generated session key with the public key of the counterpart; And transmitting the encrypted session key.

The updating of the session key may include monitoring a valid condition of the session key; If a valid condition of the session key is not satisfied, generating a new session key; Deleting the existing session key and storing the generated new session key; And encrypting the generated new session key and transmitting the encrypted new session key to the counterpart mobile terminal.

Implementing a memory card or a portable terminal according to the spirit of the present invention according to the above configuration, there is an advantage that can increase user convenience while enhancing security in SNS or message exchange service.

1 is a structural diagram showing a structure of an SNS system capable of performing a secured SNS service according to an embodiment of the present invention.
2 is a block diagram showing a mobile terminal equipped with a smart micro SD card according to the spirit of the present invention.
3 is a flowchart illustrating a message exchange method according to the spirit of the present invention.

An object of the present invention is to implement a secured message exchange service performed between two or more portable terminals using a removable secure memory card mounted in the portable terminal.

The message exchange service to which the spirit of the present invention can be applied may be, for example, a form of a messenger service (for example, MSN messenger) or a form of SNS (Social Network Service) service.

1 illustrates a structure of an SNS system in which a secured SNS service may be performed according to an embodiment of the present invention.

The illustrated SNS system includes an SNS server 400 for providing SNS message chat rooms among service subscribers; An outgoing portable terminal 100-1 equipped with a first micro SD card according to the spirit of the present invention; And a receiving portable terminal 100-2 equipped with a second micro SD card according to the spirit of the present invention.

The illustrated SNS server 400 provides SNS services including chat room services to subscribed subscribers. To this end, the SNS server 400 may include a subscriber DB 440 for storing information of subscribed subscribers and a chat room execution unit 420 for providing a chat room service.

The subscriber DB 440 stores subscriber information such as ID and password of each subscriber subscribed to the corresponding SNS, and for implementing the idea of the present invention, the public key of the subscriber's personal security means is stored as the subscriber information. . The public key of the subscriber may be distributed to the general public in a private security means in the form of an asymmetric key, and may be an encryption key in encrypting specific information. The information encrypted by the encryption key, which is the public key, can be decrypted only by using the private key assigned to the specific subscriber only.

As an embodiment of the subscriber information stored in the subscriber DB 440, for a particular subscriber, the subscriber name, subscriber alias, subscriber identification code, mobile phone number, nationality of the mobile phone subscription, personal information provided in the mobile phone Information such as a public key, a public key distribution policy, and the like may be recorded.

The subscriber alias may be an alias indicating that each subscriber does not use a name on the electronic social network. The subscriber identification code may be a kind of computationally unique identification code that can computerly designate each subscriber in an SNS system including an SNS server. In other implementations, the subscriber identification code may be omitted, instead of subscriber identification / designation by a combination of other values (eg, mobile phone number and mobile phone subscription nationality).

The personal certificate may be preferably stored in a removable memory card (eg, a micro SD card) mounted in a portable terminal.

The chat room performing unit 420 may include: a chat room session forming module configured to generate a chat room session to exchange messages with specific subscribers according to a request of a particular subscriber; A chat room session maintaining module configured to transfer (bypass) messages between subscribers belonging to the chat room in the created chat room session; And a chat room session termination module for terminating a chat room that is running according to a request of a user in the chat room and / or occurrence of a chat room session termination event.

The SNS server 400 may further include a social network manager 460 for providing / managing a social network (electronic network) between subscribers.

The social network manager 460 determines / records / manages the degree of social relation between one subscriber and another subscriber, and in particular, determines the public key of one user based on the degree of social relation between each subscriber. You can decide whether or not to provide it.

The social network management unit 460 of another implementation provides only conventional SNS and may be irrelevant to security activities according to the spirit of the present invention. In this case, message exchanges between mobile terminals belonging to a specific chat room may be transmitted via an SNS server in the form of data encapsulated with an encryption key.

In some implementations, the SNS server 400 may include an authorized authentication module for verifying certificates (or electronic signatures) stored in the portable terminals 100-1 and 100-2. However, when the certification authority is required to be independent of the SNS service provider, the certification authority may include a module 480 that communicates with an external certification server.

The calling mobile terminal 100-1 and the receiving mobile terminal 100-2 are only temporarily determined based on whether a message exchange is requested first. Substantially, since the configuration of both mobile terminals is not different, the mobile terminal 100-1 is a portable terminal. Collectively, only one will be described in detail.

2 illustrates a portable terminal equipped with a smart micro SD card according to the spirit of the present invention.

The illustrated mobile terminal 100 includes a smart micro SD card 200 as a smart SD card including a certificate storage unit for storing a certificate including an encryption key and an SD controller; Certificate management module 140 for managing the certificate stored in the certificate storage unit; And providing an SNS service to a user, and may include an SNS performing module 120 encrypting SNS information to be transmitted to the outside using the certificate and transmitting the SNS information to the outside.

The SNS performing module 120 may access the SNS server 400 of FIG. 1 to perform a secure SNS service according to the spirit of the present invention. For example, the SNS execution module 120 may be a software module installed in a portable terminal in the form of a client program for the SNS server 400 that provides a message chat room service according to the spirit of the present invention. For example, the SNS execution module 120 may be a software module that performs a peer-to-peer (P2P) type messenger operation with a conversation counterpart terminal to perform a message exchange according to the spirit of the present invention.

The certificate management module 140 manages a certificate stored in the security module 240 inside the smart micro SD card 200, performs a signature using a certificate stored in the security module 240, and performs the security. Certificates stored or stored in module 240 may be verified.

According to an implementation, the portable terminal 100 may further include a smart SD management module 160 for performing an interface role and a supporting role for the smart micro SD card 200 according to the spirit of the present invention. The smart SD management module 160 may be integrated into the certificate management module 140 or implemented separately. The latter is complex and functionally redundant, but when there is a need to issue the certificate management module 140 from a more trusted authority, the issuer of the certificate management module 140 and the smart SD management module ( The issuer of 160 may satisfy another case.

The smart SD management module 160 may be paired with the SD card interface 210 of the smart micro SD card 200 to perform data input / output, and a certificate may be sent to the smart micro SD card 200. Can be stored and managed. According to an implementation, the smart SD management module 160 may store the message exchange contents in a storage area of the security module 240 in the smart micro SD card 200.

The smart micro SD card 100, as shown, SD card interface 210 as a memory card interface for inputting or outputting data in accordance with the SD card protocol; A storage unit 230 storing data input through the SD card interface 210; And a security module 240 accessible through a predetermined authentication process through the SD card interface 210.

The SD card interface 210 is configured to input / output data corresponding to an SD card protocol, which is a communication control signal according to a standard standard for a secure digital (SD) card, and is implemented as a single hardware such as a dedicated IC. May be implemented in hardware and / or software modules. In the drawing, the SD card interface 210 may perform an operation of recording or reading data in the storage unit 230 according to the SD card protocol. In other words, the SD card interface may function as a kind of SD controller for interfacing data communication signals input and output through the micro SD terminal.

For example, data packet transmission may be relayed so that an external device (in the present invention, a portable terminal) connected to the micro SD terminal and a selected one of the storage unit 230 and the security module 240 may exchange data.

For example, when the SD card interface 210 determines that the signal input from the external device is a signal according to the ISO 7816 standard, the SD card interface 210 transfers it to the security module 240, and the signal transmitted from the external device accesses data. If it is determined that the signal according to the SD protocol for the may be delivered to the storage 230.

Alternatively, when the SD card interface 210 determines that the task requires an encryption task according to a predetermined reserved signal, the SD card interface 210 transfers data about the task to the security module 240 and determines that the task does not require the encryption task. The data may be transferred to the storage 230.

Alternatively, the SD card interface 210 may record / modify / read data relatively freely in the storage unit 230, and write / modify / read data to the security chip 240 according to strict security procedures. I can ship it.

The storage unit 230 is a component for storing information desired by a user for a long time, and may be implemented as NAND, EEPROM, or the like having a relatively large capacity and a nonvolatile storage memory. The storage unit 230 is intended to provide an inherent function of a Secure Digital (SD) card as a mass portable storage device, and may be a storage area accessible by the SD card interface 210.

The security module 240 may be implemented as an independent single chip (for example, a smart chip) that performs a prescribed encryption algorithm for security. In the case of a security module implemented with a high-performance smart chip used in a Mega SIM, etc., a large amount of nonvolatile memory may be provided therein.

The security module 240 may store an identification ID for identifying the data storage device and / or an encryption key for the encryption algorithm when issuing the data storage device 100 of the present embodiment. Alternatively, the security module 240 implemented as a single chip may use the identification number of the single chip as the identification ID.

The security module 240 may perform the encryption algorithm in response to the ISO 7816 protocol. To this end, the security module 240 may receive a command for security processing from the SD card interface 210.

In performing the encrypted message exchange according to the spirit of the present invention, in each mobile terminal 100 that performs a conversation, a process of encrypting a message transmitted to a conversation counterpart and decrypting a message received from the conversation counterpart should be performed.

Herein, the security module 420 encrypts the message to be transmitted and decrypts the received message, although it is preferable in terms of enhanced security, but in terms of securing a message exchange rate, the portable device is a portable device. It is preferably performed at the terminal.

In the first (electronic) case, the SNS performing module 120 of the mobile terminal creates a conversation message, transmits it to the security module 420 to request encryption, and sends the encrypted conversation message received from the counterpart terminal. The decryption request is sent to the security module 420.

In the second (the latter) case, more specifically, the encryption / decryption of the conversation message may be performed in the SW security module of the portable terminal itself in the form of a software module executed in the CPU of the portable terminal. Can be performed in a HW security module of a mobile terminal such as a chip)

Even in the second case, for the integrated security management through the SW security module of the portable terminal itself, the encryption key that the external device encrypts / decrypts the message is a temporary encryption key having a limited validity period. The key is preferably generated by applying the symmetric key algorithm by the security module 240.

To this end, the SD card interface 210 may receive a temporary encryption key request and a seed value for generating a temporary encryption key from the portable terminal, which is the external device, and transmit the received seed value to the security module 240. have.

According to an implementation, the smart micro SD card 200 may further include a message conversation storage unit for storing the message exchange contents in an encrypted form.

The message conversation storage unit may be provided in the security module 240 in terms of security. However, considering the limitations and costs of the internal storage space of the security chip, the message conversation storage unit may be provided in the storage unit 230.

In some implementations, the encrypting of the message exchange content may be performed by the security module 240 or may be performed by the external device (mobile terminal).

Hereinafter, first, the message exchange contents encrypted by the security module 240 in the smart micro SD card are stored in the message conversation storage unit provided in the storage unit 230, and the encryption key of the security module is stored. The following is a specific example of strengthening security.

For example, the SD card interface 210 stores the message exchange contents in the storage 230 in an encrypted form by the security module 240. In this case, before the SNS performing module 120 transmits a message according to a user's input to the counterpart terminal, the encrypted data obtained by requesting encryption (encapsulation) to the smart micro SD card 200 is transmitted to the counterpart terminal. When receiving the encrypted data transmitted from the counterpart terminal, the smart micro SD card 200 may request decryption to obtain a decrypted message.

In this case, the SD card interface 210 stores the message exchange contents in the message conversation storage 230 in an encrypted form by the security module 240.

In this case, in order to enhance security, some areas of the storage area of the storage unit 230 may be specified only for the purpose of storing message exchange contents. That is, the specified area can be set as a kind of security zone so that it cannot be accessed using the SD card protocol as a general memory card. At this time, the contents of the conversation message exchange in the message conversation storage unit may be encrypted using a decryption key for storing the message which the security module inside the memory card has in advance and a symmetric key algorithm such as AES and DES.

You can also save your chats to the storage manually at the end of the conversation or when you close the chat room or at a specific time during the conversation.

Next, second, an implementation of storing the message exchange contents encrypted by the security module 240 in the smart micro SD card in the security module 240 may be implemented. Since the second implementation operates only in the security module 240, the implementation can be easily inferred, and thus a detailed description thereof will be omitted.

Third, another specific example of strengthening security by using a temporary encryption key issued by the security module in an external device will be described.

In this case, the temporary encryption key for encrypting the message exchange contents is a temporary encryption key used during a conversation, not an encryption key only for storing the message exchange contents, and a mobile terminal whose encryption subject is an external device (more specifically, FIG. 2). There is a difference between the first case and the SNS performing module 120 of the portable terminal.

For example, the SD card interface 210 stores the message exchange contents in the message conversation storage unit in an encrypted form by the SNS performing module 120. Along with the message exchange content, a seed value that was used to generate a temporary encryption key used when encrypting the message exchange content can be stored. After reading the message exchange contents, when reading an encrypted message stored in the message conversation storage unit, the security module of the external device, together with the encrypted data corresponding to the SD card interface 210, is necessary for decryption. You can request to send an encryption key.

In response to the request, the SD card interface 210 transmits an encrypted message stored in the message conversation storage unit to the external device, and transmits a seed value stored together with the transmitted encrypted message to the security module. You can request the creation of a temporary encryption key. In response to the temporary encryption key generation request, the security module generates the temporary encryption key by applying the received seed value and the private key on the certificate stored therein to a predetermined security algorithm, thereby generating the SD card interface 210. And / or to an external device.

Fourth, in the SNS performing module 120 of the portable terminal 100, simply inputs the message exchange contents to the security module 420 as unit data to be encrypted and obtains the encrypted message exchange contents as an output thereof. By doing so, it is possible to store in the storage unit 230. In this case, the encryption key for encrypting the message exchange content is a separate encryption key based on a symmetric key different from the session key for encryption in the conversation message transmission.

In another fifth implementation, when the conversation is performed with an encrypted message using the security module 240, the SD card interface 210 encrypts and forwards the security module 240 to the external device. The encapsulated message may be copied and stored in the storage 230, and the encapsulated message received from the external device may be copied to the security module 240 and copied and stored in the storage 230. In this case, the session key for encrypting the message is generated using a separate seed value, and stores the seed value together with the encrypted messages. In addition, this method can be applied only to the mobile terminal which generated the session key for a specific chat room.

The smart micro SD card 200 may store ID information for identifying the user of the mobile terminal 100 in the SNS server 400 of FIG. 1. This means that in the message exchange service, the SNS server 400 can use the smart SD card, not the mobile terminal telephone number, to identify each service subscriber. That is, as the means for identifying each service subscriber, the SNS server 400 may use at least one of a mobile phone number, an ID of a USIM card mounted in the mobile terminal, an ID of a smart micro SD card mounted in the mobile terminal, and the like. Can be.

This helps the SNS server 400 to provide services in various ways. For example, a specific subscriber may move his / her smart micro SD card 200 and use another portable terminal to access the SNS server 400 with his ID to receive a service.

3 is a flowchart illustrating a message exchange method according to the spirit of the present invention.

The illustrated message exchange method includes: accessing a service server (S110); Generating a message chat room (S120); Sharing the session key to be used in the generated chat room with the other party of the message chat room (S132 to S136); Encrypting and transmitting a message to be sent to the counterpart using the session key (S152 to S152); And decrypting an encrypted message received from the counterpart using the session key (S162 to 168).

The illustrated message exchange method may further include terminating the generated chat room (S190).

The illustrated message exchange method may further include updating the session key.

The illustrated message exchange method may further include storing the conversation contents performed in the chat room (S178).

The service server access step (S110) may be performed by logging in to the SNS server 400 in the SNS execution module 120 of the portable terminal 100 of FIG. 2. For example, the SNS execution module 120 reads the ID recorded in the security module 240 of the mobile terminal, automatically inputs the ID in the ID field of the login screen of the SNS server 400, and the password is input from the user. The login may be performed by receiving the input and transmitting the same to the SNS server 400. Alternatively, the SNS execution module 120 reads the ID recorded in the USIM (not shown) of the portable terminal, automatically inputs the ID in the ID field of the login screen of the SNS server 400, and the portable terminal. The ID recorded in the security module 240 may be read, and the login may be performed by automatically inputting the ID into the password column of the login screen of the SNS server 400. In the latter case, there is an advantage of automatically performing secure login using two security devices, USIM and Smart Micro SD.

The chat room generation step (S120), when a subscriber instructs the chat room to open, the SNS execution module 120 of the mobile terminal 100 of the subscriber, when the SNS server 400 requests a chat room, In response, the chat room execution unit 420 of the SNS server 400 may be performed by opening a chat room. In this case, the SNS execution module 120 may designate a message exchange counterpart of the chat room to be established according to the subscriber's instruction or predetermined information, and transmit the message to the SNS server 400.

The sharing of the session key may include generating a session key for use in the generated chat room (S132); Encrypting (encapsulating) the generated session key with a public key of a conversation counterpart (S134); And sharing the generated session key with a conversation counterpart (S136).

Generating the session key may be performed in a mobile terminal belonging to a chat room equipped with a smart micro SD according to the spirit of the present invention, which will generally be performed in the mobile terminal requesting the creation of a chat room. That is, the SNS execution module 120 of the mobile terminal 100 requesting the creation of a chat room requests a session key generation from the smart SD management module 160, and the session key generation request is secured through the SD card interface 210. Is passed to module 240. In response, the security module 240 generates a session key by applying a predetermined key generation security algorithm. In another implementation, a seed value for generating a session key may be passed along with the session key generation request. The seed value may be, for example, a chat room serial number, a chat room creation time, and the like. In response, the security module 240 generates a session key by applying the received seed value and the private key on the certificate stored therein to a predetermined security algorithm.

The session key generated by the security module 240 is managed in a module (depending on the implementation, may be a security module or an SNS execution module) that performs encryption / decryption of the message exchange, and is transmitted to the counterpart portable terminal. In order to transmit, the counterpart is encrypted using the public key (S134). To this end, the SNS execution module 120 requests and receives the transmission of the public key from the SNS server 400 of FIG. 1 or receives the public keys of the mobile terminals belonging to the conversation in step S120. Each mobile terminal or the SNS server 400 may be transmitted in advance.

The encrypted session key may be distributed to the other party's mobile terminal via the SD card interface 210, the smart SD management module 160, the SNS execution module 120, and the SNS server 400. (S136)

Here, the public key may be a public key of a certificate (which may be stored in a smart micro SD) of the mobile terminal of the conversation counterpart.

Depending on the implementation, the session key may be distributed equally to all mobile terminals belonging to a chat room or may be generated and distributed only for a specific conversation counterpart.

Meanwhile, the mobile terminal receiving the session key generated by the counterpart may store the distributed session key in a module (depending on implementation, which may be a security module or an SNS execution module) that performs encryption / decryption of a message exchange. .

Detailed processes in the encryption and decryption of the message may be performed according to the above-described procedure. In addition, in each mobile terminal, the step of decrypting the received encrypted message (S162, 172); And outputting the decrypted message contents to the screen of the portable terminal (S164 and S174).

The step (S190) of terminating the generated chat room may include requesting an end of the chat room from at least one of the mobile terminals belonging to the chat room; Storing the message exchange contents until the chat room termination request; And removing the chat room from the SNS server.

The updating of the session key may comprise monitoring a valid condition of the session key; If a valid condition of the session key is not satisfied, generating a new session key; Deleting the existing session key and storing the generated new session key; And encrypting the generated new session key and transmitting the encrypted new session key to the counterpart mobile terminal. In this case, the right to generate a new session key may be assigned to a mobile terminal that has generated an existing session key or may be granted to another terminal belonging to a chat room according to a policy.

As a valid condition of the session key, one or more of various conditions suitable for the purpose may be applied. For example, a session key can be given to a chat room that is currently generated. In this case, when the chat room is closed, the validity period of the session key also ends.

Alternatively, the session key can be kept valid for a certain time. In this case, each time the validity period of the session key expires, a new session key is generated and updated.

Alternatively, one session key may be given to a conversation between two specific subscribers, that is, between two portable terminals. In this case, when either subscriber leaves the chat room, the validity condition of the session key granted for exchanging messages with the subscriber out of the chat room may be terminated.

It should be noted that the above-described embodiments are intended to be illustrative, not limiting. In addition, those skilled in the art will understand that various embodiments are possible within the scope of the technical idea of the present invention.

100, 100-1, 100-2: mobile terminal
120: smart SD management module 140: certificate management module
200: Smart Micro SD Card
210: SD card interface 230: storage unit
240: security module

Claims (14)

A certificate storage unit for storing a certificate for a message exchange service;
A certificate management module for managing a certificate stored in the certificate storage unit; And
A message exchange service performing module that provides a message exchange service to a user but encrypts a message exchange to be transmitted to the outside using the certificate.
A mobile terminal comprising a.
The method of claim 1,
The certificate management module,
And managing the stored certificate, performing a signature using the certificate, and verifying a certificate to be stored.
The method of claim 1,
The certificate storage unit is a micro SD card,
An SD card interface for inputting or outputting data in accordance with a predetermined data communication protocol;
A storage unit which stores data input through the SD card interface; And
The mobile terminal can be accessed through a predetermined authentication process through the SD card interface, and includes a security module for storing a certificate for security of message exchange in an internal storage area.
The method of claim 1,
The message exchange service performing module,
Accessing a message exchange service server;
Creating a message chat room;
Sharing a session key to be used in the generated chat room with the other party of the message chat room;
Encrypting and transmitting a message to the counterpart using the session key; And
And decrypting an encrypted message received from the counterpart using the session key.
A memory card that can be attached to a mobile terminal,
A memory card interface for inputting or outputting data in accordance with a predetermined data communication protocol;
A storage unit to store data input through the memory card interface; And
Access through a predetermined authentication process through the memory card interface, and includes a security module for storing a certificate for the security of message exchange in the internal storage area,
The memory card interface is configured to switch data transfer so that the portable terminal can exchange data with a selected one of the storage unit and the security module, and if the data in the portable terminal is for secure operation of message exchange, the security module Memory card, characterized in that to deliver.
The method of claim 5, wherein
The memory card interface,
If it is determined that the signal input from the portable terminal is a signal according to the ISO 7816 standard, and transmits to the security module,
And determining that the signal transmitted from the portable terminal is a signal according to the SD protocol for data access to the storage unit.
The method of claim 5, wherein
The memory card interface,
Sends an encrypted message to the security module to request decryption,
And receiving an encrypted message from the security module and transmitting the encrypted message to the mobile terminal.
The method of claim 5, wherein
And a message conversation storage unit which is formed in an internal storage area of the security module, in which contents of the message exchange in a predetermined section are encrypted and stored.
The method of claim 5, wherein
And a message conversation storage unit for limiting access to a portion of the storage area of the storage unit for specifying only a portion of the message exchange to store the contents of the message exchange.
The method of claim 5, wherein
The memory card interface,
The mobile terminal transmits a session key generation request for message exchange to the security module.
The security module includes:
And a session key using a predetermined key generation security algorithm.
Accessing a message exchange service server using a mobile terminal having stored therein a certificate;
Creating a message chat room;
Sharing a session key to be used in the generated chat room with the other party of the message chat room;
Encrypting and transmitting a message to the counterpart using the session key; And
Decrypting an encrypted message received from the counterpart using the session key
Message exchange method comprising a.
The method of claim 11,
Sharing the session key,
Generating a session key for use in the generated chat room;
Encrypting the generated session key with a public key of a conversation counterpart; And
Transmitting the generated session key to a mobile terminal of a conversation counterpart
Message exchange method comprising a.
13. The method of claim 12,
The step of transmitting the generated session key to the mobile terminal of the conversation counterpart,
Encrypting the generated session key with a public key on a certificate of the counterpart mobile terminal; And
Transmitting the encrypted session key
Message exchange method comprising a.
The method of claim 11,
Monitoring valid conditions of the session key;
If a valid condition of the session key is not satisfied, generating a new session key; Deleting the existing session key and storing the generated new session key; And
Updating the session key comprising encrypting the generated new session key and transmitting the encrypted new session key to a counterpart mobile terminal;
Message exchange method comprising a.
KR1020110118712A 2011-11-15 2011-11-15 Memory card and portable terminal and encrypted message exchanging method KR20130053132A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020110118712A KR20130053132A (en) 2011-11-15 2011-11-15 Memory card and portable terminal and encrypted message exchanging method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020110118712A KR20130053132A (en) 2011-11-15 2011-11-15 Memory card and portable terminal and encrypted message exchanging method

Publications (1)

Publication Number Publication Date
KR20130053132A true KR20130053132A (en) 2013-05-23

Family

ID=48662438

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020110118712A KR20130053132A (en) 2011-11-15 2011-11-15 Memory card and portable terminal and encrypted message exchanging method

Country Status (1)

Country Link
KR (1) KR20130053132A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20160089616A (en) * 2015-01-20 2016-07-28 (주)텐저블소프트웨어그룹 The method of providing security chatting service
KR101689325B1 (en) * 2015-07-08 2016-12-23 주식회사 케이티 Data security method and apparatus therefor

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20160089616A (en) * 2015-01-20 2016-07-28 (주)텐저블소프트웨어그룹 The method of providing security chatting service
KR101689325B1 (en) * 2015-07-08 2016-12-23 주식회사 케이티 Data security method and apparatus therefor

Similar Documents

Publication Publication Date Title
US9843585B2 (en) Methods and apparatus for large scale distribution of electronic access clients
KR101508360B1 (en) Apparatus and method for transmitting data, and recording medium storing program for executing method of the same in computer
US10349272B2 (en) Virtual SIM card cloud platform
KR101500803B1 (en) Apparatus and methods for storing electronic access clients
JP6586446B2 (en) Method for confirming identification information of user of communication terminal and related system
CN110291754A (en) It is accessed using the system of mobile device
US20110131640A1 (en) Secure transfer of data
WO2021212928A1 (en) Blockchain data authorization access method and apparatus, and device
CN101120569A (en) Remote access system and method for user to remotely access terminal equipment from subscriber terminal
KR20120027306A (en) Service binding method and system
US20120164981A1 (en) Method for communicating data between a secure element and a network access point and a corresponding secure element
KR100834270B1 (en) Method and system for providing virtual private network services based on mobile communication and mobile terminal for the same
US11405782B2 (en) Methods and systems for securing and utilizing a personal data store on a mobile device
CN102404337A (en) Data encryption method and device
EP3541106A1 (en) Methods and apparatus for euicc certificate management
JP5485452B1 (en) Key management system, key management method, user terminal, key generation management device, and program
KR20130053132A (en) Memory card and portable terminal and encrypted message exchanging method
KR101853970B1 (en) Method for Relaying Authentication Number
JP2009501982A (en) Method and apparatus for managing rights to digital security operations
US9032210B2 (en) Mobile electronic device configured to establish secure wireless communication
Köse et al. Design of a Secure Key Management System for SIM Cards: SIM-GAYS
EP4044554B1 (en) Providing and managing mobile network operator profiles
TW202327313A (en) Message transmitting system, user device and hardware security module for use therein
CN115860017A (en) Data processing method and related device
CN113785547A (en) Security transmission method of Profile data and corresponding device

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E902 Notification of reason for refusal
E601 Decision to refuse application