TW200521799A - A security USB digital data process card - Google Patents
A security USB digital data process card Download PDFInfo
- Publication number
- TW200521799A TW200521799A TW92136647A TW92136647A TW200521799A TW 200521799 A TW200521799 A TW 200521799A TW 92136647 A TW92136647 A TW 92136647A TW 92136647 A TW92136647 A TW 92136647A TW 200521799 A TW200521799 A TW 200521799A
- Authority
- TW
- Taiwan
- Prior art keywords
- usb interface
- scope
- data processing
- item
- processing card
- Prior art date
Links
Landscapes
- Storage Device Security (AREA)
Abstract
Description
200521799 發明說明(1) 【創作所屬之技術領域] 本案為利用普遍使用的USB介面技術及一智慧棒 (Intelligent Stick)的結構,建立起具有智慧卡(Smart Card)資料安全等級的資料安全系統。 【先前之技術】 目刖廣泛使用於金融服務的記憶卡或認證卡,多係為 =慧卡(Smart Card)系統所構成,然而其統架設成本過 间,且於個人電腦系統週邊的支援上並不普及,因此有所 謂USB之介面安全認證裴置,以改善其缺點,但是其體積 厚度又大於一般的記憶卡,不易為使用者所便於攜帶。 【本案技術内容】 因此本案揭露出一新的技術,乃是將USB介面之記憶 卡,如智慧棒(11^611丨§6111:81:1(:1〇,加入運算資料的控 制,以滿足並增加資料的安全性,達到資料保密 工 (Security)的目的,而能應用於傳統智慧卡的市場且又滿 足低系統成本及USB之泛用型介面的特性,且體積甚小而 便於收納於及使用。 § 職是之故’對於作為數位資料處理設備而言,如何改 善上述缺失,使與既有之電腦介面可為相容,以達更佳之 使用方便性,同時符合吾人之操作習慣,乃值得吾人關切 之課題。200521799 Description of the invention (1) [Technical field to which the creation belongs] This case uses a commonly used USB interface technology and a structure of a smart stick to establish a data security system with a smart card data security level. [Previous technology] Memory cards or authentication cards that are widely used in financial services are mostly composed of Smart Card systems. However, their overall installation costs are excessive, and they are used to support peripheral computer systems. It is not popular, so there is a so-called USB interface security certification Pei Zhi to improve its shortcomings, but its volume thickness is larger than ordinary memory cards, and it is not easy for users to carry. [Technical content of this case] Therefore, this case reveals a new technology, which is to add a USB memory card, such as a smart stick (11 ^ 611 丨 §6111: 81: 1 (: 10), to the control of computing data to meet And increase the security of the data, to achieve the purpose of data security (Security), and can be applied to the traditional smart card market and meet the characteristics of low system cost and USB universal interface, and the volume is small and easy to store in § For the sake of job, how to improve the above-mentioned shortcomings as a digital data processing equipment, so as to be compatible with the existing computer interface, in order to achieve better ease of use, and at the same time meet our operating habits, It is a topic worthy of my concern.
第4頁 200521799Page 4 200521799
丁明 + 頁鑑於此 .” ^ 產銷之經驗,⑨心研究,期能:::::電腦產品研發齊 徑,經再三實驗,始創作出本宰失,並另闕溪 之USB介面資料處理卡』。詳細說明;下種對資料加密保護 【實施方式】 “詳細說明,請參考圖-,圖-所示為i統的方塊圖, 其中包括m、為-USB介面控制器,負責資料的傳輪, 102、為一記憶體單元,係作為儲存數位資料之地區,直 與USB介面控制器具有適當的電路連接,1〇3、則為一運管 處理器’其與USB介面控制器及記憶體單^,#具有適^ 的電路連接。f資料經由介面控制器後,經過運 田哭 之處理,如MS、TDES、RC2、RC4、RC5等對稱性演算法口口Ding Ming + Page. In view of this. ”^ Production and marketing experience, careful research, and future performance ::::: Computer product research and development, after repeated experiments, began to create this slaughter, and also processed the USB interface data of Yunxi Card ". Detailed description; the following is the data encryption protection [Implementation]" For detailed description, please refer to Figure-, Figure-shows a block diagram of the i system, including m, is-USB interface controller, responsible for the data The transfer wheel, 102, is a memory unit, which is used as a region for storing digital data, and has a proper circuit connection directly with the USB interface controller. 103, it is a transport management processor, which is connected with the USB interface controller and Memory list ^, # has appropriate circuit connections. f After the data passes through the interface controller, it is processed by the operation field, such as MS, TDES, RC2, RC4, RC5 and other symmetry algorithms.
後,即可對資料作加密或解密的功能,最後再存入至 體單元或傳輸至外部作業系統。 U ,而為了增加其資料安全性等級也可再像用非對稱性演 异法作進一步加密,如RSA、DSA、ECC等的·運算方式,以 符合並可使用於PK I的安全認證系統之運用,而進一步增 加資料加密後的安全性。至於對雜散函數(Hash)的運算曰, 在成本及安全的考量下,必要時也可以加以規劃,然:需 大幅增加卡片的成本。然而為方便並提高安全性設計,^ 於系統内加入一亂數產生器丨〇4,利用此一亂數產生器,After that, the data can be encrypted or decrypted, and finally stored in the unit or transmitted to the external operating system. U, and in order to increase its data security level, it can be further encrypted by using asymmetric differentiating methods, such as RSA, DSA, ECC, and other computing methods to comply with and be used in PK I's security authentication system. Application, and further increase the security of data after encryption. As for the calculation of the stray function (Hash), in consideration of cost and security, it can also be planned when necessary, but: the cost of the card needs to be greatly increased. However, in order to facilitate the design and improve the security, a random number generator is added to the system. Using this random number generator,
第5頁 200521799 五、發明說明(3) -- 即可隨機產生上述運算加密時所需之參數(ΚΕγ),如此則 更進一步地加強了資料的安全性。 而為了滿足圖一所示的硬體操作,在軟體的設計上, 必須完成適當的應用程式介面(API,ApplieatiQnPage 5 200521799 V. Description of the invention (3)-The parameters (KEE) required for the above operation encryption can be randomly generated, which further strengthens the security of the data. In order to meet the hardware operation shown in Figure 1, in the design of the software, an appropriate application program interface (API, ApplyieQn) must be completed.
Program Interface),以提供系統發展者,完成撰寫發展 安全保密性的操作作業業系統。Program Interface) to provide system developers to complete the development of security and confidential operating system.
而除了硬體演算的能力外,本案的設計,也針對記憶 體單元進行區塊的分割,使其成為數個區亨,分別具有不 同的特性。計有:一般使用區,唯讀防寫-(Read 〇nly)In addition to the ability of hardware calculations, the design of this case also divides the blocks of the memory unit into several blocks, each with different characteristics. Including: general use area, read-only write-protection-(Read 〇nly)
及保護區(Reserved)。一般使用區係提供使用者一般的資 料儲存與讀取。而唯讀防寫區則僅提供使用者讀取資料, 但不可寫入’刪除及修改資料,除非使用者通過一認證的 程序管制,如輸入通行密碼(password)。而保護區,則為 一般使用者不可讀取,寫入,修改,及刪除資料甚至亦無 法對其進行格式化(Format)的動作,此部份的資料,係只 保留給特定的系統服務業者,透過上述的應用程式介面 (AP I )而從遠端進行對保留區資料存取的控制,如此更能 增加本案U S B記憶卡之安全等級。此區塊分割的方式係一 般智慧卡所沒有的硬體特性。 請參考圖二,圖二所示即為一記憶體單元分割示意 圖,其中200為記憶體單元,201為一般使用區,202為唯And Reserves. The general use area provides users with general data storage and reading. The read-only and write-protected area only provides users to read data, but cannot write to delete and modify data, unless the user is controlled by an authentication process, such as entering a password. The protected area is that the general user cannot read, write, modify, and delete data, and cannot even format it. This part of the data is reserved only for specific system service providers. Through the above-mentioned application program interface (AP I), the access to the reserved area data is controlled remotely, which can increase the security level of the USB memory card in this case. This method of partitioning is a hardware feature that is not found in ordinary smart cards. Please refer to Figure 2. Figure 2 is a schematic diagram of the division of a memory unit, where 200 is a memory unit, 201 is a general use area, and 202 is a unique memory area.
第6頁 200521799 五、發明說明(4) 讀防寫區,2 0 3為保護區。 請再參考圖三’圖三所示為本案之軟^層架構,其中 30 1、實體層’在硬體的設計上,使用了一USB記憶卡之智 慧棒(Intelligent Stick)結構,3 0 2、驅動層,負責協呼 叫戶主機與實體層之間的資料交互操作和處理上層應用對 本裝置的訪問請求’其中滿足了微軟的pc/sc的設計規 fc’而303、用戶介面層,其滿足了的pKCS#n標準介面和 MS CryptoAPI介面的作業規範,304、應用層,則為本案 =兀成之南階應用程式介面(Ap丨),利用此高階應用程式 "面’開發者可以針搿已經熟悉的編程介面進行系統開 發。 — >因此藉由圖一之系統方塊圖,及圖三冬軟體層架構的 貫,:即可完成一低成本而又輕薄短小之加密性USB介面 。己ί思衣置’而進一步可使用如圖四所示之智慧棒而加以商 品化為加密型之智慧棒(Security Intelligent stick)。 ^ 而藉由本案之USB介面安全操作系統設計,使用者不 需講置叩貴的智慧卡讀卡裝置(Smart Card Reader),大 幅度減少成本,而又得以縮小卡片的大小而增加方便性, USB ;|面的$入’更提高了隨處可用的實用性。 口此 本案之糸統设计不可不謂為一重要之創作,而Page 6 200521799 V. Description of the invention (4) Read-write protection area, 2003 is protection area. Please refer to Figure 3 'Figure 3 shows the soft layer architecture of this case, of which 30 1. The physical layer' uses the Intelligent Stick structure of a USB memory card in the hardware design, 3 0 2 The driver layer is responsible for cooperating with the data interaction operation between the caller host and the physical layer and processing the upper-layer application's access request to the device 'which meets the design specifications fc of Microsoft's pc / sc', and 303, the user interface layer, which meets The pKCS # n standard interface and MS CryptoAPI interface operating specifications, 304, application layer, this case = Wu Chengzhi South-level application interface (Ap 丨), using this high-level application " face 'developers can pinpoint搿 Already familiar programming interface for system development. — ≫ Therefore, with the system block diagram in Figure 1, and the implementation of the software layer architecture in Figure 3, a low-cost, lightweight, thin and short encryption USB interface can be completed. You can think about it, and you can use the smart stick shown in Figure 4 to commercialize it into an encrypted intelligent stick (Security Intelligent stick). ^ With the design of the secure operating system of the USB interface in this case, users do not need to install expensive smart card readers (Smart Card Reader), which greatly reduces costs, while reducing the size of cards and increasing convenience. USB; | The $ in 'on the side further improves the usability available everywhere. The unified design of this case is not to be regarded as an important creation, but
200521799 五、發明說明(5) 本案所揭示者,乃較佳實施例之一種,舉凡局部之變更或 修飾而源於本案之技術思想而為熟習該項技藝之人所易於 推知者,倶不脫本案之專利權範疇。 綜上所陳,本案無論就目的、手段與功效,在在顯示 其迥異於習知之技術特徵,且其首先創作合於實用,亦在 在符合專利申請之要件,懇請 貴審查委員明察,並祈早 曰賜予專利,俾嘉惠社會,實感德便。200521799 V. Description of the invention (5) The one disclosed in this case is one of the preferred embodiments. It is easy for anyone who is familiar with the technology to derive the local changes or modifications from the technical ideas of this case. The scope of patent rights in this case. To sum up, regardless of the purpose, means and effect, this case is showing its technical characteristics that are quite different from the conventional ones. The first creation is practical and practical. It is also in line with the requirements of the patent application. I urge your reviewing committee to check and pray. The patent was granted as early as possible.
200521799 圖式簡單說明 圖示說明: 圖一,本案裝置之系統方塊圖。 圖二,記憶體單元分割示意圖。 圖三,本案軟體層架構示意圖。 圖四,本案加密型智慧棒外觀示意圖。 圖號說明: 101、USB介面控制器, 1 0 2、記憶體單元, 1 0 3、運算處理器, 1 0 4、亂數產生器。 2 0 0、記憶體單元, 2 0 1、一般使用區, 2 0 2、唯讀防寫區, 2 0 3、保護區。200521799 Brief description of diagrams Diagram description: Figure 1. System block diagram of the device in this case. Figure 2. Schematic diagram of memory cell segmentation. Figure 3. Schematic diagram of software layer architecture in this case. Figure 4 shows the appearance of the encrypted smart stick in this case. Explanation of drawing numbers: 101, USB interface controller, 102, memory unit, 103, operation processor, 104, random number generator. 2 0 0, memory unit, 2 0, general use area, 2 0, read-only write-protection area, 2 3, protection area.
Claims (1)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW92136647A TW200521799A (en) | 2003-12-24 | 2003-12-24 | A security USB digital data process card |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW92136647A TW200521799A (en) | 2003-12-24 | 2003-12-24 | A security USB digital data process card |
Publications (1)
Publication Number | Publication Date |
---|---|
TW200521799A true TW200521799A (en) | 2005-07-01 |
Family
ID=52347831
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW92136647A TW200521799A (en) | 2003-12-24 | 2003-12-24 | A security USB digital data process card |
Country Status (1)
Country | Link |
---|---|
TW (1) | TW200521799A (en) |
-
2003
- 2003-12-24 TW TW92136647A patent/TW200521799A/en unknown
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11088846B2 (en) | Key rotating trees with split counters for efficient hardware replay protection | |
KR101457451B1 (en) | Encrypted transport solidstate disk controller | |
US8505084B2 (en) | Data access programming model for occasionally connected applications | |
US10503934B2 (en) | Secure subsystem | |
CN107124271B (en) | Data encryption and decryption method and equipment | |
US10073988B2 (en) | Chipset and host controller with capability of disk encryption | |
CN113632125A (en) | Securely sharing personal data stored in a blockchain using a contactless card | |
CN109075815A (en) | A kind of system on chip and processing equipment | |
US11494220B2 (en) | Scalable techniques for data transfer between virtual machines | |
EP3526717A1 (en) | User and device authentication for web applications | |
CN104252375A (en) | Method and system for sharing USB (Universal Serial Bus) Key by multiple virtual machines positioned in different host computers | |
JP2009518742A (en) | Method and apparatus for secure handling of data in a microcontroller | |
CN116049915A (en) | Storage device of blockchain network based on space demonstration and system comprising same | |
TW201346637A (en) | A low-overhead cryptographic method and apparatus for providing memory confidentiality, integrity and replay protection | |
CN105354503A (en) | Data encryption/decryption method for storage apparatus | |
TW201530344A (en) | Application program access protection method and application program access protection device | |
CN113518978A (en) | Physically unclonable function at a memory device | |
WO2023273647A1 (en) | Method for realizing virtualized trusted platform module, and secure processor and storage medium | |
CN113420308A (en) | Data access control method and control system for encryption memory | |
CN101488112A (en) | Multi-host interface SAS//SATA hard disk real-time encryption and decryption method | |
US20150227755A1 (en) | Encryption and decryption methods of a mobile storage on a file-by-file basis | |
CN111539040B (en) | Safety intelligent card system and its cipher service method | |
US11616769B2 (en) | Runtime identity confirmation for restricted server communication control | |
US20230093105A1 (en) | Method of dynamically loading encryption engine | |
TW200521799A (en) | A security USB digital data process card |