TW200521799A - A security USB digital data process card - Google Patents

A security USB digital data process card Download PDF

Info

Publication number
TW200521799A
TW200521799A TW92136647A TW92136647A TW200521799A TW 200521799 A TW200521799 A TW 200521799A TW 92136647 A TW92136647 A TW 92136647A TW 92136647 A TW92136647 A TW 92136647A TW 200521799 A TW200521799 A TW 200521799A
Authority
TW
Taiwan
Prior art keywords
usb interface
scope
data processing
item
processing card
Prior art date
Application number
TW92136647A
Other languages
Chinese (zh)
Inventor
Sheng-Shun Yen
Original Assignee
Power Quotient Int Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Power Quotient Int Co Ltd filed Critical Power Quotient Int Co Ltd
Priority to TW92136647A priority Critical patent/TW200521799A/en
Publication of TW200521799A publication Critical patent/TW200521799A/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

To utilize the popular USB interface and Intelligent Stick structure, we build up a high security level system as smare card system for reducding the system cost and improving the convenience of operation.

Description

200521799 發明說明(1) 【創作所屬之技術領域] 本案為利用普遍使用的USB介面技術及一智慧棒 (Intelligent Stick)的結構,建立起具有智慧卡(Smart Card)資料安全等級的資料安全系統。 【先前之技術】 目刖廣泛使用於金融服務的記憶卡或認證卡,多係為 =慧卡(Smart Card)系統所構成,然而其統架設成本過 间,且於個人電腦系統週邊的支援上並不普及,因此有所 謂USB之介面安全認證裴置,以改善其缺點,但是其體積 厚度又大於一般的記憶卡,不易為使用者所便於攜帶。 【本案技術内容】 因此本案揭露出一新的技術,乃是將USB介面之記憶 卡,如智慧棒(11^611丨§6111:81:1(:1〇,加入運算資料的控 制,以滿足並增加資料的安全性,達到資料保密 工 (Security)的目的,而能應用於傳統智慧卡的市場且又滿 足低系統成本及USB之泛用型介面的特性,且體積甚小而 便於收納於及使用。 § 職是之故’對於作為數位資料處理設備而言,如何改 善上述缺失,使與既有之電腦介面可為相容,以達更佳之 使用方便性,同時符合吾人之操作習慣,乃值得吾人關切 之課題。200521799 Description of the invention (1) [Technical field to which the creation belongs] This case uses a commonly used USB interface technology and a structure of a smart stick to establish a data security system with a smart card data security level. [Previous technology] Memory cards or authentication cards that are widely used in financial services are mostly composed of Smart Card systems. However, their overall installation costs are excessive, and they are used to support peripheral computer systems. It is not popular, so there is a so-called USB interface security certification Pei Zhi to improve its shortcomings, but its volume thickness is larger than ordinary memory cards, and it is not easy for users to carry. [Technical content of this case] Therefore, this case reveals a new technology, which is to add a USB memory card, such as a smart stick (11 ^ 611 丨 §6111: 81: 1 (: 10), to the control of computing data to meet And increase the security of the data, to achieve the purpose of data security (Security), and can be applied to the traditional smart card market and meet the characteristics of low system cost and USB universal interface, and the volume is small and easy to store in § For the sake of job, how to improve the above-mentioned shortcomings as a digital data processing equipment, so as to be compatible with the existing computer interface, in order to achieve better ease of use, and at the same time meet our operating habits, It is a topic worthy of my concern.

第4頁 200521799Page 4 200521799

丁明 + 頁鑑於此 .” ^ 產銷之經驗,⑨心研究,期能:::::電腦產品研發齊 徑,經再三實驗,始創作出本宰失,並另闕溪 之USB介面資料處理卡』。詳細說明;下種對資料加密保護 【實施方式】 “詳細說明,請參考圖-,圖-所示為i統的方塊圖, 其中包括m、為-USB介面控制器,負責資料的傳輪, 102、為一記憶體單元,係作為儲存數位資料之地區,直 與USB介面控制器具有適當的電路連接,1〇3、則為一運管 處理器’其與USB介面控制器及記憶體單^,#具有適^ 的電路連接。f資料經由介面控制器後,經過運 田哭 之處理,如MS、TDES、RC2、RC4、RC5等對稱性演算法口口Ding Ming + Page. In view of this. ”^ Production and marketing experience, careful research, and future performance ::::: Computer product research and development, after repeated experiments, began to create this slaughter, and also processed the USB interface data of Yunxi Card ". Detailed description; the following is the data encryption protection [Implementation]" For detailed description, please refer to Figure-, Figure-shows a block diagram of the i system, including m, is-USB interface controller, responsible for the data The transfer wheel, 102, is a memory unit, which is used as a region for storing digital data, and has a proper circuit connection directly with the USB interface controller. 103, it is a transport management processor, which is connected with the USB interface controller and Memory list ^, # has appropriate circuit connections. f After the data passes through the interface controller, it is processed by the operation field, such as MS, TDES, RC2, RC4, RC5 and other symmetry algorithms.

後,即可對資料作加密或解密的功能,最後再存入至 體單元或傳輸至外部作業系統。 U ,而為了增加其資料安全性等級也可再像用非對稱性演 异法作進一步加密,如RSA、DSA、ECC等的·運算方式,以 符合並可使用於PK I的安全認證系統之運用,而進一步增 加資料加密後的安全性。至於對雜散函數(Hash)的運算曰, 在成本及安全的考量下,必要時也可以加以規劃,然:需 大幅增加卡片的成本。然而為方便並提高安全性設計,^ 於系統内加入一亂數產生器丨〇4,利用此一亂數產生器,After that, the data can be encrypted or decrypted, and finally stored in the unit or transmitted to the external operating system. U, and in order to increase its data security level, it can be further encrypted by using asymmetric differentiating methods, such as RSA, DSA, ECC, and other computing methods to comply with and be used in PK I's security authentication system. Application, and further increase the security of data after encryption. As for the calculation of the stray function (Hash), in consideration of cost and security, it can also be planned when necessary, but: the cost of the card needs to be greatly increased. However, in order to facilitate the design and improve the security, a random number generator is added to the system. Using this random number generator,

第5頁 200521799 五、發明說明(3) -- 即可隨機產生上述運算加密時所需之參數(ΚΕγ),如此則 更進一步地加強了資料的安全性。 而為了滿足圖一所示的硬體操作,在軟體的設計上, 必須完成適當的應用程式介面(API,ApplieatiQnPage 5 200521799 V. Description of the invention (3)-The parameters (KEE) required for the above operation encryption can be randomly generated, which further strengthens the security of the data. In order to meet the hardware operation shown in Figure 1, in the design of the software, an appropriate application program interface (API, ApplyieQn) must be completed.

Program Interface),以提供系統發展者,完成撰寫發展 安全保密性的操作作業業系統。Program Interface) to provide system developers to complete the development of security and confidential operating system.

而除了硬體演算的能力外,本案的設計,也針對記憶 體單元進行區塊的分割,使其成為數個區亨,分別具有不 同的特性。計有:一般使用區,唯讀防寫-(Read 〇nly)In addition to the ability of hardware calculations, the design of this case also divides the blocks of the memory unit into several blocks, each with different characteristics. Including: general use area, read-only write-protection-(Read 〇nly)

及保護區(Reserved)。一般使用區係提供使用者一般的資 料儲存與讀取。而唯讀防寫區則僅提供使用者讀取資料, 但不可寫入’刪除及修改資料,除非使用者通過一認證的 程序管制,如輸入通行密碼(password)。而保護區,則為 一般使用者不可讀取,寫入,修改,及刪除資料甚至亦無 法對其進行格式化(Format)的動作,此部份的資料,係只 保留給特定的系統服務業者,透過上述的應用程式介面 (AP I )而從遠端進行對保留區資料存取的控制,如此更能 增加本案U S B記憶卡之安全等級。此區塊分割的方式係一 般智慧卡所沒有的硬體特性。 請參考圖二,圖二所示即為一記憶體單元分割示意 圖,其中200為記憶體單元,201為一般使用區,202為唯And Reserves. The general use area provides users with general data storage and reading. The read-only and write-protected area only provides users to read data, but cannot write to delete and modify data, unless the user is controlled by an authentication process, such as entering a password. The protected area is that the general user cannot read, write, modify, and delete data, and cannot even format it. This part of the data is reserved only for specific system service providers. Through the above-mentioned application program interface (AP I), the access to the reserved area data is controlled remotely, which can increase the security level of the USB memory card in this case. This method of partitioning is a hardware feature that is not found in ordinary smart cards. Please refer to Figure 2. Figure 2 is a schematic diagram of the division of a memory unit, where 200 is a memory unit, 201 is a general use area, and 202 is a unique memory area.

第6頁 200521799 五、發明說明(4) 讀防寫區,2 0 3為保護區。 請再參考圖三’圖三所示為本案之軟^層架構,其中 30 1、實體層’在硬體的設計上,使用了一USB記憶卡之智 慧棒(Intelligent Stick)結構,3 0 2、驅動層,負責協呼 叫戶主機與實體層之間的資料交互操作和處理上層應用對 本裝置的訪問請求’其中滿足了微軟的pc/sc的設計規 fc’而303、用戶介面層,其滿足了的pKCS#n標準介面和 MS CryptoAPI介面的作業規範,304、應用層,則為本案 =兀成之南階應用程式介面(Ap丨),利用此高階應用程式 "面’開發者可以針搿已經熟悉的編程介面進行系統開 發。 — >因此藉由圖一之系統方塊圖,及圖三冬軟體層架構的 貫,:即可完成一低成本而又輕薄短小之加密性USB介面 。己ί思衣置’而進一步可使用如圖四所示之智慧棒而加以商 品化為加密型之智慧棒(Security Intelligent stick)。 ^ 而藉由本案之USB介面安全操作系統設計,使用者不 需講置叩貴的智慧卡讀卡裝置(Smart Card Reader),大 幅度減少成本,而又得以縮小卡片的大小而增加方便性, USB ;|面的$入’更提高了隨處可用的實用性。 口此 本案之糸統设计不可不謂為一重要之創作,而Page 6 200521799 V. Description of the invention (4) Read-write protection area, 2003 is protection area. Please refer to Figure 3 'Figure 3 shows the soft layer architecture of this case, of which 30 1. The physical layer' uses the Intelligent Stick structure of a USB memory card in the hardware design, 3 0 2 The driver layer is responsible for cooperating with the data interaction operation between the caller host and the physical layer and processing the upper-layer application's access request to the device 'which meets the design specifications fc of Microsoft's pc / sc', and 303, the user interface layer, which meets The pKCS # n standard interface and MS CryptoAPI interface operating specifications, 304, application layer, this case = Wu Chengzhi South-level application interface (Ap 丨), using this high-level application " face 'developers can pinpoint搿 Already familiar programming interface for system development. — ≫ Therefore, with the system block diagram in Figure 1, and the implementation of the software layer architecture in Figure 3, a low-cost, lightweight, thin and short encryption USB interface can be completed. You can think about it, and you can use the smart stick shown in Figure 4 to commercialize it into an encrypted intelligent stick (Security Intelligent stick). ^ With the design of the secure operating system of the USB interface in this case, users do not need to install expensive smart card readers (Smart Card Reader), which greatly reduces costs, while reducing the size of cards and increasing convenience. USB; | The $ in 'on the side further improves the usability available everywhere. The unified design of this case is not to be regarded as an important creation, but

200521799 五、發明說明(5) 本案所揭示者,乃較佳實施例之一種,舉凡局部之變更或 修飾而源於本案之技術思想而為熟習該項技藝之人所易於 推知者,倶不脫本案之專利權範疇。 綜上所陳,本案無論就目的、手段與功效,在在顯示 其迥異於習知之技術特徵,且其首先創作合於實用,亦在 在符合專利申請之要件,懇請 貴審查委員明察,並祈早 曰賜予專利,俾嘉惠社會,實感德便。200521799 V. Description of the invention (5) The one disclosed in this case is one of the preferred embodiments. It is easy for anyone who is familiar with the technology to derive the local changes or modifications from the technical ideas of this case. The scope of patent rights in this case. To sum up, regardless of the purpose, means and effect, this case is showing its technical characteristics that are quite different from the conventional ones. The first creation is practical and practical. It is also in line with the requirements of the patent application. I urge your reviewing committee to check and pray. The patent was granted as early as possible.

200521799 圖式簡單說明 圖示說明: 圖一,本案裝置之系統方塊圖。 圖二,記憶體單元分割示意圖。 圖三,本案軟體層架構示意圖。 圖四,本案加密型智慧棒外觀示意圖。 圖號說明: 101、USB介面控制器, 1 0 2、記憶體單元, 1 0 3、運算處理器, 1 0 4、亂數產生器。 2 0 0、記憶體單元, 2 0 1、一般使用區, 2 0 2、唯讀防寫區, 2 0 3、保護區。200521799 Brief description of diagrams Diagram description: Figure 1. System block diagram of the device in this case. Figure 2. Schematic diagram of memory cell segmentation. Figure 3. Schematic diagram of software layer architecture in this case. Figure 4 shows the appearance of the encrypted smart stick in this case. Explanation of drawing numbers: 101, USB interface controller, 102, memory unit, 103, operation processor, 104, random number generator. 2 0 0, memory unit, 2 0, general use area, 2 0, read-only write-protection area, 2 3, protection area.

Claims (1)

200521799200521799 六、申請專利範圍 1· 一種USB介面資料處理卡,其特徵為··至小 為及Z丨思體早元,該介面控制器係處理介面資料後寫入 ^亥圮憶體早7C,或處理該記憶體單元内之資料後傳輸至 ” f上,,呤具有一運算單兀,其係提供上述USB介面控 制器的運算能力,以提供資料加密保護之功能者。 工 2·如申請專利範圍第1項所述之USB介面資料處理卡,其 記憶體單元係由至少一記憶體所組成者。 3·如申請專利範圍第1項所述之USB介面資料處理卡,其中 USB介面控制器與運算單元係整合於一半導體晶片者。 4·如申請專利範圍第1項所述之USB介面資料處理卡,其中 USB介面控制器與記憶體單元係整合於一半導體晶片者。 6·如申請專利範圍第1項所述之USB介面資料處理卡,其中 進一步包括有一亂數產生器,以作為產生資料加密處理所 需之參數者。 7·如申請專利範圍第1項所述之USB介面資料處理卡,其中 運算單元係可提供對稱性演算法、非對稱性演算法或雜散 函數(Hash)運算之演算能力者。Sixth, the scope of patent application 1. A USB interface data processing card, which is characterized by ... to Xiaowei and Z 丨 Thinking early, the interface controller is to write ^ 海 圮 忆 体 早 7C after processing the interface data, or After processing the data in the memory unit, it is transmitted to "f." The base has an arithmetic unit, which provides the computing power of the USB interface controller mentioned above to provide the function of data encryption protection. Engineering 2. If you apply for a patent The memory unit of the USB interface data processing card described in item 1 of the scope is composed of at least one memory. 3. The USB interface data processing card described in item 1 of the patent application scope, wherein the USB interface controller It is integrated with a computing chip in a semiconductor chip. 4. The USB interface data processing card as described in item 1 of the scope of patent application, wherein the USB interface controller and the memory unit are integrated in a semiconductor chip. 6. If applying The USB interface data processing card described in item 1 of the patent scope, which further includes a random number generator as a parameter required for generating data encryption processing. 7. If the scope of patent application is item 1 The USB interface of said data processing card, wherein the calculating unit may provide a symmetry-based algorithms, asymmetric algorithms or stray function (the Hash) by computing the capacity calculation. 200521799 六、申請專利範圍 8. 如申請專利範圍第1項所述之USB介面資料處理卡,其中 記憶體單元進一步區分成數個區段,其中包括有一保護區 段,使用者無法在此區段内部進行對資料的讀取、寫入、 刪除、修改及格式化等之動作。 S 9. 如申請專利範圍第8項所述之USB介面資料處理卡,其中 進一步利用適當的程式提供,可使特定之使用者對該保護 區段内部進行對資料的讀取、寫入、刪除、修改或格式化 等之動作。200521799 VI. Application for Patent Scope 8. The USB interface data processing card described in item 1 of the scope of patent application, in which the memory unit is further divided into several sections, including a protection section, users cannot be inside this section. Read, write, delete, modify, and format data. S 9. The USB interface data processing card described in item 8 of the scope of patent application, which further provides with appropriate programs to enable specific users to read, write, and delete data in the protected section. , Modify, or format. 10. 如申請專利範圍第1項所述之USB介面資料處理卡,其 中該資料處理卡係使用智慧棒(I n t e 1 1 i g e n t S t i c k )之結 構設計者。10. The USB interface data processing card described in item 1 of the scope of patent application, wherein the data processing card is a structure designer using a smart stick (I n t e 1 1 i g e n t S t i c k). 第11頁Page 11
TW92136647A 2003-12-24 2003-12-24 A security USB digital data process card TW200521799A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW92136647A TW200521799A (en) 2003-12-24 2003-12-24 A security USB digital data process card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW92136647A TW200521799A (en) 2003-12-24 2003-12-24 A security USB digital data process card

Publications (1)

Publication Number Publication Date
TW200521799A true TW200521799A (en) 2005-07-01

Family

ID=52347831

Family Applications (1)

Application Number Title Priority Date Filing Date
TW92136647A TW200521799A (en) 2003-12-24 2003-12-24 A security USB digital data process card

Country Status (1)

Country Link
TW (1) TW200521799A (en)

Similar Documents

Publication Publication Date Title
US11088846B2 (en) Key rotating trees with split counters for efficient hardware replay protection
KR101457451B1 (en) Encrypted transport solid­state disk controller
US8505084B2 (en) Data access programming model for occasionally connected applications
US10503934B2 (en) Secure subsystem
CN107124271B (en) Data encryption and decryption method and equipment
US10073988B2 (en) Chipset and host controller with capability of disk encryption
CN113632125A (en) Securely sharing personal data stored in a blockchain using a contactless card
CN109075815A (en) A kind of system on chip and processing equipment
US11494220B2 (en) Scalable techniques for data transfer between virtual machines
EP3526717A1 (en) User and device authentication for web applications
CN104252375A (en) Method and system for sharing USB (Universal Serial Bus) Key by multiple virtual machines positioned in different host computers
JP2009518742A (en) Method and apparatus for secure handling of data in a microcontroller
CN116049915A (en) Storage device of blockchain network based on space demonstration and system comprising same
TW201346637A (en) A low-overhead cryptographic method and apparatus for providing memory confidentiality, integrity and replay protection
CN105354503A (en) Data encryption/decryption method for storage apparatus
TW201530344A (en) Application program access protection method and application program access protection device
CN113518978A (en) Physically unclonable function at a memory device
WO2023273647A1 (en) Method for realizing virtualized trusted platform module, and secure processor and storage medium
CN113420308A (en) Data access control method and control system for encryption memory
CN101488112A (en) Multi-host interface SAS//SATA hard disk real-time encryption and decryption method
US20150227755A1 (en) Encryption and decryption methods of a mobile storage on a file-by-file basis
CN111539040B (en) Safety intelligent card system and its cipher service method
US11616769B2 (en) Runtime identity confirmation for restricted server communication control
US20230093105A1 (en) Method of dynamically loading encryption engine
TW200521799A (en) A security USB digital data process card