TW200818207A - Reader for one time password generating device - Google Patents

Reader for one time password generating device Download PDF

Info

Publication number
TW200818207A
TW200818207A TW96131089A TW96131089A TW200818207A TW 200818207 A TW200818207 A TW 200818207A TW 96131089 A TW96131089 A TW 96131089A TW 96131089 A TW96131089 A TW 96131089A TW 200818207 A TW200818207 A TW 200818207A
Authority
TW
Taiwan
Prior art keywords
password
connector
accessory
reader
time
Prior art date
Application number
TW96131089A
Other languages
Chinese (zh)
Inventor
Yoram Cedar
Carlos J Gonzalez
Original Assignee
Sandisk Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/467,070 external-priority patent/US20080052524A1/en
Priority claimed from US11/467,063 external-priority patent/US20080072058A1/en
Application filed by Sandisk Corp filed Critical Sandisk Corp
Publication of TW200818207A publication Critical patent/TW200818207A/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Time Recorders, Dirve Recorders, Access Control (AREA)

Abstract

A portable one time password reader for use in two factor authentication systems and methods allows for the display of a one time password when coupled to a device that generates the value of the password. The reader of the present invention provides power and if appropriate a real time clock signal to these devices in place of the host, so that the devices can generate the real time password without being connected to the host. Therefore, when connected to the generating device, the reader functions not only to display the value, but also to enable generation of the value. The reader may also be coupled to the host and device simultaneously and submit the values to the host and entities coupled thereto.

Description

200818207 九、發明說明: 【發明所屬之技術領域】 本發明一般而言係關於(例如)用以將大檔案儲存至數位 裝置及從數位裝置轉移大檔案之記憶卡及可攜式通用串列 匯流排("USB”)快閃記憶體驅動器的可攜式大量儲存裝 ’ 置,而更具體言之,本發明係關於實施在該等裝置内以便 • 存取及登入機構之安全及存取控制機制。 【先前技術】 _ 一次密碼正如其名所隱喻:僅使用一次,因而較重複使 用之密碼更隱健而且提供更多安全。一個一次密碼 ΓΌΤΡ")通常係由一演算法所產生的一數值。當由一使用 者提交時,則將其與相同演算法(在別處)所產生的一參考 數值比較。存在眾多可產生且甚至提交一次密碼數值之符 記及其他裝置供一使用者用。 歷史上,專用符記已為最普遍使用之消費者OTP產生 瞻斋。該符記具有用以顯示欲鍵入之〇Tp數值的一顯示器, 而且使用者項取該數值,並將其當作一密石馬而經常與例如· 者名稱或PIN之某些其他身分碼或驗證資訊同時輸 . 二某些符記恆定地顯示-數值,反之,其他則僅於按壓 ·_按鈕後顯示該數值。0TP產生亦可為以時間為主或以事 件為主。在以時間為主之產生中,該〇τρ數值係以一正規 頻率增量。方以宣生 在事件為主之產生中,該οτρ數值係基於譬 田一使用者按壓該〇Τρ符記 之杈鈕時的一不定期動 ^ 而增量。對於能夠進行以時間為主之ΟΤΤ產生的 123717.doc 200818207 一裝置’該裝置應具有或利用-即時時脈,以便供該裝置 以一正規基礎增量該數值。 如料’目前為止之符記的最普遍形式要求使用者從一 榮幕讀取該數值’並將其m腦巾。另—最近發展之 符記允許該符記將該數值直接傳輸至電腦,而且接著至某 -確認實體。此兩實施方案及該一次密碼概念一般而言提 供-高階之安全,但要求使用者隨身攜帶用於產生該一次 密碼數值的一符記。200818207 IX. Description of the Invention: [Technical Field of the Invention] The present invention generally relates to, for example, a memory card for storing large files to and from a digital device, and a portable universal serial convergence. A "USB" flash memory drive portable mass storage device, and more particularly, the present invention relates to implementation in such devices for access and login mechanism security and access Control mechanism [Prior technology] _ A password is metaphorized by its name: it is used only once, so it is more vague and more secure than a reusable password. A one-time password ΓΌΤΡ") is usually produced by an algorithm. Value. When submitted by a user, it is compared to a reference value generated by the same algorithm (otherwhere). There are a number of tokens and other devices that can generate and even submit a password value for a user. Historically, the special token has been produced for the most commonly used consumer OTP. The token has a 〇Tp value to display the type to be typed. a display, and the user item takes the value and treats it as a boulder horse and often loses it with some other identity code or verification information such as the name of the person or PIN. Two of the tokens are constantly displayed - The value, on the other hand, is displayed only after pressing the _ button. The 0TP generation can also be time-based or event-based. In time-based generation, the 〇τρ value is at a regular frequency. Incremental. In the event that Xuansheng is the main event, the value of οτρ is based on an irregular movement when a user of Putian presses the button of the symbol. 123717.doc 200818207 A device that has a device that should have or utilize an instant clock so that the device can increment the value on a regular basis. As expected, the most common form of the requirement The user reads the value from a glory and puts it on the brain. Another recently developed token allows the token to be transmitted directly to the computer, and then to a certain confirmation entity. The password once The concept generally provides - high level of security, but requires the user to carry a token for generating the one-time password value.

-相對較近之趨勢係將0TP功能性整合於其他較通用之 裝置中。此免除使用者必須隨身攜帶僅用於產生〇τρ數值 的-符記。在-範例中’將該οτρ產生整合於一励快閃 驅動器或快閃記憶卡中。對於此相關之更多資m,請來昭 G〇nZaleZ等人之美國專利申請案第Π/319,835號及第 11/319,259號,其以引用的方式全文併入。 【發明内容】 本發明增加一可自動甚&这拉丄 動產生及提父一使用者之密碼之裝置 的弹性。其允許一俊用本* p t ^丄 更用者在別無他法之情形中能夠產生、 項取及鍵入一個一次穷级 ra . 人在碼。因此其提供最大彈性,而且允 终在可此需要之任何情節φ伯田加 , 1月即Τ使用一個一次密碼。此外,在 」乂仫/、體貝施例巾’其係設計成與例如一 USB快閃驅動 為或吞己憶卡的-可攜式大量館存裝置同時使用,其除了大 槽案儲存能力外’亦I右一 A 6 /、有一-人费碼產生及密碼管理能力。 在此一情況中,本發明 Μ 知月之碩取器供應電力並在某些具體告 施例中供應一即時時Μ 只 了脈4就給該大量儲存裝置。沒有電 123717.doc 200818207 力,遠大量儲存裝置 者密碼產生及总评田、、 ,…、論用於檔案儲存用途或 -大量儲存震置中不可妒進:—即時時脈信號,在此 因此,當將切產生。 時,其致能連接之全體產生及顯接至此一大量儲存裝置 屋生及顯不可由一你用去丰叙綠入 的一次密碼。該宓W ®使肖者手動鍵入 而觸發,或另一i擇為了Γ猎由將該讀取器連接至該裝置 擇為可猎由按壓該讀取器上的一按鈕而 觸發。該密上的知紐而 ^ ^ ^ ^ ^ 4為主或以事件為主。當該使用 而且將碼數值直接提交時,其可斷開該讀取器, 亥大量儲存裝置直接插入一主機中。 較佳的係’該讀取器具有該大量儲存裝置之一套子或蓋 驅:器形狀因V例。如’若該大量儲存裝置係-聰快閃 :’則该讀取器可作為該裝置之USB連接器的一蓋 — U㈣閃驅動器而言’此一蓋子將為一方便而 此I·生之配件。右該大量儲存裝置係一記 =取器可作為該記憶卡的一套子或攜帶盒,其對於一記憶 卡而a ’同樣將為-方便而且具功能性之配件。 —此-配件將較例如可從一智慧卡讀取(但不直接顯 不)〇ΤΡ貧料之智慧卡讀取器又更有用’但基本上其係必須 插入—電腦中而作業之電腦周邊設備。此外,該大量儲存 裝置及讀取器組合亦具有以—智慧卡或以先前技術之οτρ =記不可能做到而能夠儲存及傳送一使用者之相片、音樂 私式館或其他大檔案的優點。 卞 【實施方式】 123717.doc 200818207 雖然系統已發展成使OTP產生及提交成為一使用者的一 自广化而且幾乎無形之程序,當一使用者可能需要或期望 讀取且然後手動鍵入一個一次密碼數值時,仍存在無可避 免之時間。本發明將此彈性新增至設計成正常下將0丁1>數 值直接自動提交給一主機裝置之0TP產生裝置。 二又雄、碼逋幂係甶例如- A relatively recent trend is to integrate 0TP functionality into other more versatile devices. This exemption user must carry the - symbol that is only used to generate the value of 〇τρ. In the -example, the οτρ generation is integrated into a flash drive or a flash memory card. For more information about this, please refer to U.S. Patent Application Serial No. 319/835, the entire disclosure of which is incorporated herein by reference. SUMMARY OF THE INVENTION The present invention adds the flexibility of a device that automatically generates and retrieves the password of a parent. It allows a singer to use this *p t ^ 丄 more users can generate, item and type a once-poor ra in the absence of other methods. People in the code. Therefore, it provides maximum flexibility and allows for any scenario that can be needed. **Butada Plus, a one-time password is used in January. In addition, the "乂仫/, 体贝例巾" is designed to be used simultaneously with a portable mass storage device such as a USB flash drive or a memory card, in addition to the large slot storage capacity. Outside 'I also right one A 6 /, one-person fee code generation and password management capabilities. In this case, the present invention provides power to the stalker and supplies the instant storage time to the mass storage device in some specific cases. No electricity 123717.doc 200818207 Force, far a large number of storage device password generation and total evaluation, ,, ..., for archival storage purposes or - a large number of storage shocks can not be broken: - instant clock signal, in this case, When the cut will be produced. At the time, all of the enabling connections are generated and displayed to the bulk of the storage device and a password that cannot be used by you. The 宓W ® triggers the manual input by the singer, or the other is selected to connect the reader to the device and is selected to be triggered by pressing a button on the reader. The secret of the New Zealand is ^ ^ ^ ^ ^ 4 dominated or dominated by events. When the usage and the code value are directly submitted, the reader can be disconnected, and the mass storage device is directly inserted into a host. Preferably, the reader has a set or cover of the mass storage device: the shape of the device is V. Such as 'If the mass storage device is - Cong flash: 'The reader can be used as a cover for the device's USB connector - U (four) flash drive - this cover will be a convenient and this I Accessories. The right storage device is a set of readers that can be used as a set or carrying case for the memory card, which will also be a convenient and functional accessory for a memory card. - This - the accessory will be more useful than, for example, a smart card reader that can be read from a smart card (but not directly). But basically it must be inserted into the computer to work around the computer. device. In addition, the mass storage device and reader combination also has the advantage of being able to store and transmit a user's photo, music private library or other large files with a smart card or with the prior art οτρ = not possible. .卞 [Embodiment] 123717.doc 200818207 Although the system has evolved into a self-generating and almost invisible program that enables OTP to be generated and submitted as a user, when a user may need or expect to read and then manually type one at a time. There is still an inevitable time when the password value is used. The present invention adds this flexibility to an OT generating device that is designed to automatically submit the value directly to a host device. Erxiong, code power system, for example

的專用符記所產生。該等符記顯示一數值,然後該使用者 將該數值敲人例如—個人電腦、蜂巢式電話、個人數位助 理或連接至一例如網際網路之網路之其他電子裝置的一主 機褒置中。,然後該主機將提交數值傳輸至—驗證實體,或 =上之伺服器’然後其比較該提交數值與該驗證實體所 =π的一數值。假設符合其他驗證準則(若存在),又若該 等數值匹配,則該使用者可獲得存取。 為了許多理由’使用該—次密碼尚未獲得廣泛接受。一 :由係該等專用符記不方便,因為其為一件額外硬體,一 =t义須一直隨身攜帶,以便獲得存取。因此,為了促 併二人=系:之較大使用及增加安全,將一次密碼產生 :之I置。一此類裝置係以快閃記憶體為主之可 1館存裝置(”_,),其可為—USB快閃驅動写, 卡。因為許多使用者已具有而且經常隨身攜帶此 其類似物同時祐田 , 4播放器、通用電腦及 之密碼管理,其係包含-次密碼產生及兩因子鑑別 該-次密碼Γ方便載具。此等裝置可產生而且自動提交 、°该驗證實體。雖然當該使用者在直接提交係 123717.doc 200818207 -選項的-情料’此大大簡化程序,但許多時候其並非 簡單地為一選項,因為該使用者確實存取一適當埠,以便 將D亥裝置連接至-主機系統,抑或可能不期望與其連接。 對於具有一次密碼產生及密碼管理的一MSD相關之更多資 訊,請參照G_alez等人之美國專利申請案第ιι/3ΐ9,835 號及第11/319,259號,其先前以引用方式全文併入。 與-個-次密碼符記相比,一娜並非自我供電,因而 對於包含產生-次密碼之所有操作,必須連接至電源。例 如,必須將-記憶卡插入一相機,以便儲存或檢視一影像 檔案,而且必須將一USB快閃驅動器插入一聰插座中, 以便操縱該驅動器上之擋案。否則雖然其在您的口袋中, 並不活動。相對地’ -專用0τρ符記具有一電池,以便在 任何時間產生數值。事實上’某些以時間為主之符記永遠 顯不该-次密碼之目前數值。其他以時間為主之符記僅於 要求時顯示該數值,而且以事件為主之符記僅當要求或觸 發時產生及顯示該數值。 乂寸間為主之OTP產生方案依賴一即時時脈,以便從 一看似亂數正規地增量至下一數值。該數值序列事實上極 好預測’而且這就是如何能夠將其與該驗證實體所計算數 值之序列比較。使用-給定演算法及種子,結果之數字系 列係已知。^而,對於沒有該種子及/或演算法之知識 者’該等數字看似隨機’因而該程序稱為虛擬亂數產生。 相對地’如前面所述,-以事件為主之οτρ產生方案依賴 用以更新(虛擬隨機)數值序列内之計數的一事件。一以 123717.doc 200818207 减回應為主之系統與一演算法同時使用某種其他秘密或身 分碼而產生該數值。 圖1說明系統100,其包括MSD 100A及OTP讀取器 100B。MSD 100A係以一 USB快閃驅動器加以說明,然而 其亦可為一大量儲存記憶卡。MSD 100A包括一連接器 102 ’在USB快閃驅動器之情況中,其包括一 USB連接器, 反之,在一記憶卡連接器1〇2之情況中,包括該卡之接 -、占較仏的係,OTP讀取器100B係MSD 100A的一蓋子或 套子之形式。以此方式作為該MSD的一配件,當耦合至該 MSDa守,其可對該使用者顯示一次密碼。該使用者必需在 忒虞置上簡單地放上該蓋子,以讀取該數值。該蓋子或套 子之本體可覆蓋MSD 100A之全部、實質上全部或僅一部 刀。如圖1A中所見到,ΟΤΡ讀取器1〇〇B覆蓋msd 之 USB連接器1G2。以—可移除蓋子/套子之形狀因子提供該 讀取器’使該使用者方便將其轉合至該MSD,而且同時當 不使用時亦傳送之。在某些具體實施例中,#該蓋子並= 直接在該連接器上時,可將其繫栓抑或連接至該刪。例 如’可將該蓋子之全部或—部分繫栓至該騰魏。此 可以任意數目之方式完成,尤其包含—撓性部件、錢鍵或 滑動機制。雖然較佳的係’該讀取器具有一蓋子或套子之 形狀因子,但該讀取器可具有任.何可輕鬆傳送或—般而令 口 f尺寸之形狀因子。雖«後將該⑽讀取器刪稱: -盍子或套子之較佳形狀因+,但應瞭解其不限於此 狀因子。 123717.doc -11 - 200818207 在某些具體實施例中,將該蓋子置放在該msd上將自動 觸發該裝置,以便在顯示器1〇6上顯示該數值。在其他具 體實施例中,提供一按鈕1〇8,而且於將顯示該數值前, 該使用者必須先壓下該按鈕。圖1B顯示耦合至OTp讀取器 100B之MSD 100A。該OTP讀取器包括一電子連接器或插The special token is generated. The tokens display a value that the user then taps into, for example, a personal computer, a cellular telephone, a personal digital assistant, or a host device connected to another electronic device such as the Internet. . The host then transmits the commit value to the -verify entity, or the server on = and then compares the committed value with a value of =π for the verifying entity. Assuming that other verification criteria (if any) are met, and if the values match, the user is given access. For many reasons, the use of this password has not been widely accepted. One: It is inconvenient to remember these special symbols, because it is an extra hardware, a =t must always be carried with you in order to gain access. Therefore, in order to promote the two people = system: the greater use and increase security, a password will be generated: I set. One such device is a flash memory-based storage device ("_,"), which can be a USB flash drive write, card. Because many users already have and often carry this analogy with them. At the same time, Youtian, 4 player, general computer and password management, including - secondary password generation and two-factor authentication - the secondary password, convenient carrier. These devices can generate and automatically submit, ° the verification entity. When the user directly submits the system 123717.doc 200818207 - option - this greatly simplifies the program, but many times it is not simply an option, because the user does access an appropriate 埠, so that D Hai The device is connected to the host system, or may not be expected to be connected to it. For more information on an MSD with one password generation and password management, please refer to G_alez et al., U.S. Patent Application Serial No. PCT/3, No. 9,835 and 11/319,259, which was previously incorporated by reference in its entirety. It is not self-powered compared to the ------------------------------------------------ For example, you must insert a memory card into a camera to store or view an image file, and you must insert a USB flash drive into a smart socket to manipulate the file on the drive. Otherwise it is in your In the pocket, it is not active. Relatively - the dedicated 0τρ character has a battery to generate a value at any time. In fact, some of the time-based tokens always show the current value of the password. The time-based token is displayed only when requested, and the event-based token is generated and displayed only when requested or triggered. The OTP generation scheme based on the inch depends on an instant clock. In order to increase from a seemingly random number to the next value. The sequence of values is in fact very predictive 'and this is how it can be compared to the sequence of values calculated by the verification entity. Use - given algorithm and Seeds, the resulting series of numbers are known. ^, and for those who do not have the knowledge of the seed and/or algorithm, 'the numbers appear to be random' and thus the program is called virtual chaotic production. Relatively, as mentioned above, the event-based οτρ generation scheme relies on an event to update the counts in the (virtual random) numerical sequence. A system with a response reduction of 123717.doc 200818207 The method uses some other secret or identity code to generate the value. Figure 1 illustrates a system 100 that includes an MSD 100A and an OTP reader 100B. The MSD 100A is described as a USB flash drive, however it can also be a The memory card is stored in a large amount. The MSD 100A includes a connector 102' in the case of a USB flash drive, which includes a USB connector, and conversely, in the case of a memory card connector 1〇2, including the card connection - The OTP reader 100B is in the form of a cover or a cover of the MSD 100A. In this way, as an accessory to the MSD, when coupled to the MSDa, it can display the password once for the user. The user must simply place the lid on the device to read the value. The body of the lid or sleeve can cover all, substantially all or only one knife of the MSD 100A. As seen in FIG. 1A, the ΟΤΡ reader 1 〇〇 B covers the USB connector 1G2 of msd. The reader is provided with a form factor that removes the lid/socket to enable the user to conveniently transfer it to the MSD and also to transfer it when not in use. In some embodiments, the lid may be tied or attached to the cartridge when it is directly on the connector. For example, 'all or part of the lid can be tied to the Tengwei. This can be done in any number of ways, including in particular - flexible parts, money keys or sliding mechanisms. Although the preferred embodiment has a cover or sleeve form factor, the reader can have any form factor that can be easily transferred or otherwise sized. Although the latter (10) reader is deleted: - The preferred shape of the tweezers or sleeve is due to +, but it should be understood that it is not limited to this factor. 123717.doc -11 - 200818207 In some embodiments, placing the cover on the msd will automatically trigger the device to display the value on display 1〇6. In other embodiments, a button 1 〇 8 is provided and the user must first depress the button before the value will be displayed. Figure 1B shows MSD 100A coupled to OTp reader 100B. The OTP reader includes an electronic connector or plug

座124(未顯示),如將於稍後說明及所述,其用於進行對 MSD 1〇〇A之連接器102之連接。如圖ic中所見到,該蓋子 亦可具有一第二連接器11〇。此連接器用於進行對一主機 裝置之連接,然而可將連接器1〇2或u〇耦合至任何種類之 電子I置。在MSD 100A係一 USB快閃驅動器之具體實施 例中,連接器1〇2較佳的係為一公USB連接器,而且連接 器124較佳的係為母的。因此在此一具體實施例中,連接 1 02車乂佺的係為公的。在此一情況中,可同時將該讀取 為100Β耦合至MSD 1〇〇Α及一主機或其他電子裝置兩者。 圖1D及1Ε說明MSD 100Α的一具體實施例,其中在一或 夕個維度上,該讀取器100B大於MSD 100A,而且覆蓋 MSD 100A之全部或幾乎全部。應注意,可曝露⑽〇 i〇〇a 的或夕個面或側。當MSD 1〇〇A相對較小,譬如若其係 相對車乂小之USB驅動器或記憶卡時,讀取器1〇〇a之此一 士,因子將較佳^若該大量儲存裝置係—記憶卡,則該讀 :器可作為該記憶卡的一套子或攜帶盒,纟同樣將為一記 :卡的方便而且具功能性之配件。雖然可將具有OTP功 能性之任何大量儲存記憶卡與本發明同時使用,㈣叩 卡、逑你SD卡或微叫(亦稱為卡)同時使用 I23717.doc -12· 200818207 尤其產生一可攜式而且所需之系統丨〇〇。 圖2A係說明MSD 100A及讀取器100B之主要組件及連接 的一概要圖。MSD l〇〇A包括連接器102、記憶體控制器 122及大量儲存快閃記憶體12〇。記憶體控制器ι〇2控制大 量儲存快閃記憶體120之讀取/寫入操作,及包含經由連接 器1〇2將資料轉移至MSD 100A及從MSD 100A轉移資料之 MSD 100A的總體操作。如前面所述,MSD 1〇〇八通常不具 有一電源,因為主要其係一主機的一資料儲存裝置,其通 常接收來自該主機之電力。同樣地,大量儲存驅動器亦可 依賴來自該主機的一時脈信號。 讀取器100B包括一連接器124、顯示器1〇6、讀取器控制 器電路126,該電路包含韌體128、電池13〇及按鈕1〇8。讀 取器控制器("RC”)或控制器電路較佳的係一特定應用積體 電路或"ASIC”。該0TP控制器内之邏輯(例如韌體128)係設 计成用以控制該讀取器,及其可能與其他裝置進行之各種 交互作用。在MSD 100A的一USB快閃驅動器具體實施例 之情況中,連接器124較佳的係一母USB連接器,或者若 MSD 100A係一大量儲存記憶卡,則為一卡插座。電池 供應電力給讀取器l〇OB&MSD 1〇〇A兩者。該電池可為可 充電、可替換,或者另一選擇為當電池13〇不再容納一電 4叶’可佈置該讀*器。較佳的係,不像當該冑池無電時 必須佈置之許多〇ΤΡ符記,可充電或替換該電池。、、 按鈕10/8可用以觸發產生及在螢幕1〇6上顯示一 〇邝數 值。另一選擇為,MSD ·ΐ〇〇Α及讀取器100B之連接可觸發 123717.doc -13- 200818207 產生及/或顯示該0ΤΡ數值。雖然、較佳的係存在按紐⑽, 但某些具體實施例可完全省略該按紐,而且簡單地依賴互 連該等裝置當作一觸發。 在大部分方面,圖2B與圖2A相同,但圖2B中之RC 126 - 亦匕括即日寸時脈132。此具體實施例係設計成與能夠進 行以犄間為主之〇TP產生及鑑別之系統1〇〇及msd 之 八體貝施例同日守工作。當將讀取器1Θ〇Β耦合至 時,其供應該即時時脈信號給該記憶體控制器,122。然後 在MSD 100A内使用此信號建立該等以時間為主的一次密 碼。在不具有一即時時脈之MSD 100A之具體實施例中, 該信號將另外來自該主機裝置,以便產生以時間為主之密 碼。RC 126及讀取器10叩亦可供應任何其他身分碼給msd 100A ’以便用於較通用之挑戰回應類型OTP產生。 在大部分方面,圖2C亦與圖2A相似,但亦包括連接器 110。在將讀取器100B與MSD 10QA連接之同時,此第二連 藝接器可用以連接至另一裝置。其可為一標準化或專屬連接 器。如前面所述,連接器124或110可用以再充電電池 13〇。在連接器124係一母USB連接器之情況中,較佳的 ♦ 係連接裔11 〇係一公usb連接器’因為可輕易地將其插 入一電腦上的一母USB插座中,以接收用於充電或其他操 作之電力。可將此一弟一連接器實施於包含具有一即時時 脈之任何具體實施例中。 圖2D再次以一較大之上下文說明系統10〇。一次密碼係 用於鑑別系統。系統100因而亦可包括一或多個遠端飼服 I23717.doc •14- 200818207 器1 50。如前面所述,將此一系統中所產生之密碼對照在 一網路上存取的一遠端伺服器150所產生之密碼而比較。 另一遠端伺服器150可視需要地用以記錄以事件為主之 OTP產生之MSD 100A的計數,而且可準備及儲存〇τρ產生 所需之資訊。較佳的係在實體間所設置之一安全會話的一 安全連接上實現對任何遠端伺服器之存取。 圖3係該系統之功能性的一概要說明。〇τρ產生3〇4發生 於MSD 100Α中。可將產生之〇τρ數值傳輸至讀取器ι〇〇β 而且可暫時儲存在MSD 1 〇〇Α的一記憶體中。若儲存該數 值,可將其儲存在一安全區域或一開放之存取區域中,而 且該讀取器可藉由讀取所期望數值之記憶體的一位置而存 取名數值。MSD 1 00A所產生之數值之顯示功能性發生於 讀取器100B内。MSD 100A能夠使用一範圍之不同演算法 及程序產生用以當作一次密碼之數值。讀取器1〇〇B可與此 等不同演算法及程序同時運#,其係藉由利用與其協調及 符合之應用程式設計介面(,,API”)。可將此等趟3〇6實施 於讀取器100B之RC 126内。 先前技術之OTP符記併入該顯示及產生機制兩者,因而 不必在該符記内併入-API。此係因為該讀取器僅與其所 整合之符記的一特定OTP產生序列/演算法同時運作。本發 明之系統係有彈性的,而且提供可㈣—廣㈣容之以時 間為主、以事件為主及挑戰回應方案以及一廣泛陣容之不 同演算法與OTP產生裝置協調0TP產生的一讀取器。 用以檢視及從另外設計成用以自動提交該等數值之裝置 123717.doc -15- 200818207 手動鍵入OTP數值之能力將另一維度之彈性新增至安全系 統,而且將不僅使該使用者較易使用,同時將增加以0TP 為主之糸統的穿透性及接受度。 雖然已說明本發明之具體實施例,應瞭解,本發明不限 於此等說明性具體實施例,而是由隨附申請專利範圍加以 定義。 【圖式簡單說明】Seat 124 (not shown), as will be described and described later, is used to make connections to connector 102 of MSD 1A. As seen in Figure ic, the cover can also have a second connector 11". This connector is used to make a connection to a host device, however connector 1〇2 or u〇 can be coupled to any type of electronic device. In the specific embodiment of the MSD 100A-based USB flash drive, the connector 1〇2 is preferably a male USB connector, and the connector 124 is preferably female. Thus, in this particular embodiment, the system that connects the 222 ruts is male. In this case, the read can be coupled to both the MSD 1 and a host or other electronic device at the same time. 1D and 1B illustrate a specific embodiment of an MSD 100A in which the reader 100B is larger than the MSD 100A in one or more dimensions and covers all or nearly all of the MSD 100A. It should be noted that (10) 〇 i〇〇a or eve or side may be exposed. When the MSD 1〇〇A is relatively small, for example, if it is a small USB drive or a memory card, the reader 1〇〇a will be better, if the mass storage device is For the memory card, the reading device can be used as a set or carrying case of the memory card, and the cymbal will also be a note: the card is convenient and functional. Although any mass storage memory card with OTP functionality can be used in conjunction with the present invention, (4) Leica, SD your SD card or micro-call (also known as card) can be used simultaneously with I23717.doc -12· 200818207 And the system required. Fig. 2A is a schematic diagram showing the main components and connections of the MSD 100A and the reader 100B. The MSD 10A includes a connector 102, a memory controller 122, and a plurality of storage flash memories 12A. The memory controller 〇2 controls the read/write operations of the mass storage flash memory 120, and the overall operation of the MSD 100A including the transfer of data to and from the MSD 100A via the connector 〇2. As mentioned earlier, the MSD 1-8 usually does not have a power supply because it is primarily a data storage device of a host that typically receives power from the host. Similarly, a mass storage drive can also rely on a clock signal from the host. The reader 100B includes a connector 124, a display unit 〇6, and a reader controller circuit 126, which includes a firmware 128, a battery 13A, and a button 1〇8. The reader controller ("RC") or controller circuit is preferably a specific application integrated circuit or "ASIC". The logic within the 0TP controller (e.g., firmware 128) is designed to control the reader and its various interactions with other devices. In the case of a USB flash drive embodiment of the MSD 100A, the connector 124 is preferably a female USB connector or, if the MSD 100A is a mass storage memory card, a card socket. The battery supplies power to both the readers 〇 OB & MSD 1 〇〇 A. The battery can be rechargeable, replaceable, or alternatively the battery can be placed when the battery 13 is no longer accommodated. Preferably, unlike the battery pack that must be placed when the battery is dead, the battery can be charged or replaced. , , button 10/8 can be used to trigger generation and display a parameter value on screen 1〇6. Alternatively, the connection between the MSD and the reader 100B can trigger 123717.doc -13 - 200818207 to generate and/or display the value of 0. Although, preferably, there is a button (10), some embodiments may omit the button altogether and simply rely on interconnecting the devices as a trigger. In most respects, Figure 2B is the same as Figure 2A, but RC 126 - in Figure 2B also includes the instant clock 132. This embodiment is designed to be the same as the system of the eight-body embodiment of the system 1〇〇 and msd capable of generating and identifying 〇TP based on the daytime. When the reader 1 is coupled, it supplies the instant clock signal to the memory controller 122. This signal is then used within the MSD 100A to establish these time-based primary passwords. In a particular embodiment of the MSD 100A that does not have an instant clock, the signal will additionally come from the host device to generate a time-based password. The RC 126 and the reader 10 can also supply any other identity code to the msd 100A' for use in the more general challenge response type OTP generation. In most aspects, Figure 2C is also similar to Figure 2A, but also includes connector 110. While the reader 100B is connected to the MSD 10QA, this second connector can be used to connect to another device. It can be a standardized or proprietary connector. As previously described, the connector 124 or 110 can be used to recharge the battery 13 〇. In the case where the connector 124 is a female USB connector, it is preferred that the connector is a male USB connector because it can be easily inserted into a female USB socket on a computer for receiving. Power for charging or other operations. This one-to-one connector can be implemented in any particular embodiment that includes an instant. Figure 2D again illustrates the system 10 in a larger context. One password is used to authenticate the system. The system 100 thus may also include one or more distal feeding suits I23717.doc • 14- 200818207. As previously described, the passwords generated in this system are compared against the password generated by a remote server 150 accessed over a network. Another remote server 150 can optionally be used to record the count of the MSD 100A generated by the event-based OTP, and can prepare and store the information needed to generate the τρρ. Preferably, access to any remote server is achieved over a secure connection of one of the secure sessions set up between the entities. Figure 3 is a summary illustration of the functionality of the system. 〇τρ produces 3〇4 in MSD 100Α. The generated 〇τρ value can be transmitted to the reader ιβ and temporarily stored in a memory of the MSD 1 。. If the value is stored, it can be stored in a secure area or an open access area, and the reader can retrieve the name by reading a location of the memory of the desired value. The display functionality of the values generated by MSD 1 00A occurs within reader 100B. The MSD 100A is capable of generating a value as a one-time password using a range of different algorithms and procedures. The reader 1〇〇B can be shipped simultaneously with these different algorithms and programs by utilizing the application programming interface (, API) that is coordinated and compliant with it. Within the RC 126 of the reader 100B. The prior art OTP token is incorporated into both the display and generation mechanisms, so that it is not necessary to incorporate the -API within the token. This is because the reader is only integrated with it. A specific OTP generation sequence/algorithm of the token operates simultaneously. The system of the present invention is flexible and provides a time-based, event-based and challenge response scheme and a broad lineup. Different algorithms and OTP generation devices coordinate a 0TP-generated reader. It is used to view and design devices that are automatically designed to automatically submit such values. 123717.doc -15- 200818207 The ability to manually type OTP values will be another dimension The flexibility is added to the security system and will not only make the user easier to use, but will also increase the penetration and acceptance of the 0TP-based system. Although specific embodiments of the invention have been described, it should be understood that The invention is not limited These illustrative embodiments are defined by the scope of the accompanying claims. [Simplified illustration]

下列圖式中,相同參考數字用於全篇圖式中之相同或相 似物件。In the following figures, the same reference numerals are used for the same or similar items throughout the drawings.

圖1A係包含大量儲存裝置100A及一次密碼讀取器1〇〇B 之本發明之一具體實施例之系統丨〇〇的一說明。 圖1B係系統100的一說明,其中將大量儲存裝置i〇〇a及 一次岔碼讀取器丨〇仙與其個別連接器耦合於一起。 圖1C係根據本發明之另一具體實施例之一次密碼讀取器 200的一說明。 圖1D係系統1〇〇之另一具體實施例的一說明。 圖1E說明圖1D中描緣之系統100之具體實施例,其中將 大量儲存衆置〃 ’ σ 〇Α及一次密碼讀取器100Β與其個別 裔輕合於一起。 -人苽々巧I買取器 之組件的一方塊圖 圖2Β係說日月可 密碼順序之大量以事件為主及以時間為主之一次 組件的-方塊圖。m〇〇A及一次密碼讀取器刪之 123717.doc -16- 200818207 圖2C係說明大量儲存裝置100A及一次密碼讀取器200B 之組件的一方塊圖。 圖2D係較大之系統100的一方塊圖。 圖3係說明系統100内之功能分佈的一圖示。 【主要元件符號說明】 100 系統 100A 大量儲存裝置 100B、200B —次密碼讀取器1A is an illustration of a system of a particular embodiment of the present invention including a plurality of storage devices 100A and a primary cryptographic reader 1B. Figure 1B is an illustration of system 100 in which a plurality of storage devices i〇〇a and a one-time weight reader are coupled to their individual connectors. Figure 1C is an illustration of a cipher reader 200 in accordance with another embodiment of the present invention. Figure 1D is an illustration of another embodiment of a system 1A. 1E illustrates a particular embodiment of the system 100 of the depiction of FIG. 1D in which a plurality of storage ’ σ 〇Α and a cipher reader 100 轻 are lightly coupled to their respective individuals. A block diagram of the components of the person-in-chief I purchaser. Figure 2 is a block diagram of a large number of event-based and time-based components. m〇〇A and one-time password reader are deleted. 123717.doc -16- 200818207 FIG. 2C is a block diagram showing the components of the mass storage device 100A and the primary password reader 200B. 2D is a block diagram of a larger system 100. FIG. 3 is a diagram illustrating the functional distribution within system 100. [Main component symbol description] 100 system 100A mass storage device 100B, 200B - secondary password reader

102、110 連接器 106 顯示器/螢幕 108 按鈕 120 大量儲存快閃記憶體 122 記憶體控制器 124 連接器或插座 126 128 130 132 150 304 306102, 110 Connector 106 Display / Screen 108 Button 120 Mass storage of flash memory 122 Memory controller 124 Connector or socket 126 128 130 132 150 304 306

RC 韌體 電池 即時時脈 遠端伺服器 一次密碼產生 應用程式設計介面 123717.doc •17-RC Firmware Battery Instant Clock Remote Server One-time password generation Application Programming Interface 123717.doc •17-

Claims (1)

200818207 十、申請專利範圍: 1 · 一種提供一個一次密碼給一可攜式快閃大量儲存装置之 一使用者之方法: 接收來自一使用者欲在耦合至該快閃大量儲存裝置之 一個一次密碼讀取器之一顯示器上檢視該一次密瑪的一 要求;以及 從該大量儲存裝置擷取該一次密碼。200818207 X. Patent application scope: 1 · A method for providing a one-time password to a user of a portable flash mass storage device: receiving a one-time password from a user to be coupled to the flash mass storage device A request on the display of one of the readers to view the first time; and the password is retrieved from the mass storage device. 月长員1之方法,其進一步包括造成該大量儲存裝置 產生該一次密碼。 3 · 如清求項1 t、土 λΧ丄 貝丄之方法,其中擷取該一次密碼包括傳送 後碼的一要求。 4 · 如請求項3夕士·、+ ^ 、 万法,其中擷取該一次密碼進一步包括接 5. 如請求項1之方法,其中擷取該 里儲存1置内的—記憶體位置。 6. 如請求項2夕古^ 利 、 ',/、進一步包括在產生該一次密碼中 ⑽—次密碼讀取器的-即時時脈。 7. 如請求項6之方法 甘丄 脈與'驗μ ,其中該-次密碼讀取器之該即時時 日也貝體的一即時時脈同步化。 用個一次密碼給一個-次密碼產生裝置之-使 :::以耦合至一次密碼產生裝置的一讀取器, 電馬產生裝置1 禺合至一主機並由該主機供 以產生及傳輸一次密碼給該主機,該讀 123717.doc 200818207 :器:操作以提供電力給該裝置代替該主機,而且在該 勺顯不裔上顯示一個一次密碼給該裝置的一使 用者。 種提彳’、虛擬亂數給一可攜式快閃大量儲存裝置之一 使用者之方法: 以在輕"至4可攜式快閃大量儲存裝置的-讀取器接收 來自一使用者對於該虛擬亂數的一要求; ^ 大里儲存裝置内的一處理器產生該虛擬亂數; 以及 在°亥°貝取為的一顯示器上顯示該虛擬亂數。 γ求員9之方法’其中造成該大量儲存裝置内之該處 理為產生忒虛擬亂數包括造成一虛擬亂數產生器增量。 11·如請求項10之方法’其中該增量係以時間為主。 12 ·如1求項1 〇之方法,其巾該增量係以事件為主。 種用於不具有一顯示器的一個一次密碼產生裝置之配 件,該配件包括: 一顯不器,其顯示由該一次密碼產生裝置所產生之數 值; 一第一連接器,該第一連接器可操作以連接至該一次 密碼產生器;以及 拴制裔電路’其控制包含顯示一由該一次密碼產生裝 置所產生之一次密碼數值之配件的操作。 14.如請求項13之配件,其中該配件具有該一次密碼產生裝 置之至少一部分之一套子之形狀因子。 123717.doc -2 - 200818207 15. 密碼產生裝置具有一 置之該USB連接器之 如請求項13之配件,其中該一次 USB連接器,而且該配件具有該裳 一套子之該形狀因子。The method of Lunar 1 further includes causing the mass storage device to generate the one-time password. 3 · For the method of clearing the item 1 t, the soil λ Χ丄 丄, wherein the retrieval of the one-time password includes a request for transmitting the post-code. 4 · In the case of claim 3, + ^, and Wanfa, wherein the retrieval of the password further includes the method of claim 1, wherein the storage location of the memory is stored. 6. If the request item 2 古古^利, ', /, is further included in the generation of the one-time password (10) - the secondary password reader - instant clock. 7. The method of claim 6 is the same as the instant verification, wherein the instant-time synchronization of the instant-time cryptophone is synchronized. One-time password is given to the one-second password generating device--::: a reader coupled to the primary password generating device, the horse-horse generating device 1 is coupled to a host and is generated and transmitted by the host once. The password is given to the host, which reads 123717.doc 200818207: Operation: to provide power to the device in place of the host, and to display a password to the user of the device on the scoop. Method of providing a virtual random number to a user of a portable flash mass storage device: receiving a user from a reader in a light "to 4 portable flash mass storage device A requirement for the virtual random number; ^ a processor in the large storage device generates the virtual random number; and displays the virtual random number on a display taken as a result. The method of gamma finder 9 wherein causing the processing in the mass storage device to generate a virtual random number comprises causing a virtual random number generator increment. 11. The method of claim 10 wherein the increment is time based. 12 · If the method of item 1 is ,, the increment of the towel is mainly event-based. An accessory for a one-time password generating device that does not have a display, the accessory comprising: a display that displays a value generated by the one-time password generating device; a first connector, the first connector Operation to connect to the one-time password generator; and the trick circuit's control includes an operation of displaying an accessory of a password value generated by the one-time password generating device. 14. The accessory of claim 13 wherein the accessory has a set of shape factors for at least a portion of the one-time password generating device. 123717.doc -2 - 200818207 15. The password generating device has a USB connector, such as the accessory of claim 13, wherein the USB connector is provided, and the accessory has the form factor of the set. 16·如請求項13之配件,其進一步 介面可操作而與一或多個一次 一次猎碼產生方法同時運作。 17 ·如請求項13之配件,其進一步 路及該顯示器的一按紐。 包括一或多個介面,每一 欲瑪產生裝置的一不同之 包括用於觸發該控制器電 18· 如 請求項13之配件’其進—步包括-第二連接器 連接器可操作以連接至一主機裝置。 19. 如請求項1 8之配件, 第二連接器係公的。 其中該第一連接器係母的 ,該第 而且該 20. 21.16. The accessory of claim 13 wherein the further interface is operable to operate concurrently with one or more of the code hunting methods. 17 • If the accessory of claim 13 is further routed to a button of the display. Including one or more interfaces, a different one of each of the devices for generating the device includes an electrical device for triggering the controller 18. The accessory of the request item 13 includes its second step connector - the second connector connector is operable to connect To a host device. 19. As requested in item 18, the second connector is male. Wherein the first connector is a mother, the second and the 20. 21. 如睛求項1 8之配件, 耦合至該主機裝置時 如睛求項2 0之配件, 一電池。 其中當經由該第二連接器將該配件 ’該主機裝置提供電力給該配件。 其中提供之電力再充電該配件内的 22 ·如請求項13之配件,宜 ,、進一步包括一即時時脈,該配件 可操作而將來自兮# 卩夺B守脈的一信號提供給該一次密碼 產生裝置。 23. —種用於鑑別一使用者之系統; 一大量儲存裝詈,甘^ 具包栝一記憶體控制器,用以控制 攸该裝置的一大|键六4 里辟存C憶體讀取資料及將資料寫入該 裝置的一大量儲存 廿心體,而且亦用以產生一虛擬亂 數;以及 123717.doc 200818207 一頊取裔,其可與該大量儲存裝置實體耦合及解耦 合, 其中該讀取器觸發該控制器,以產生該虛擬亂數, 且其中该碩取器顯示該大量儲存裝置所產生之該虛擬 亂數。 24. 25. 如明求項23之系統,其進一步包括用以接受該讀取器所 顯示之該虛擬亂數之手動輸入的一主機。If you want to use the accessories of the item 18, when you are connected to the host device, you can use the accessories of the item 20, a battery. Wherein the accessory device' provides power to the accessory via the second connector. The power provided therein recharges the component in the accessory. 22. If the accessory of claim 13 is suitable, and further includes an instant clock, the accessory is operable to provide a signal from the 兮# 卩 B B 守 pulse to the one time. Password generating device. 23. A system for identifying a user; a mass storage device, a package controller, and a memory controller for controlling a large key of the device. Taking data and writing the data into a mass storage body of the device, and also for generating a virtual random number; and 123717.doc 200818207, a scorpion, which can be coupled and decoupled from the mass storage device entity, The reader triggers the controller to generate the virtual random number, and wherein the master displays the virtual random number generated by the mass storage device. 24. The system of claim 23, further comprising a host for accepting manual input of the virtual random number displayed by the reader. 如明求項23之系統,其進一步包括一實體,其驗證該大 里儲存袭置所產生之該虛擬亂數與該實體所產生的一虛 擬亂數相同。 26· —種鑑別系統,其包括: 衣置其可操作以產生但不顯示一次密碼,該裝置 包括一主機連接器; "貝取器,其當連接至該裝置之該主機連接器時,可 操作而顯示但不產生一次密碼數值。The system of claim 23, further comprising an entity that verifies that the virtual random number generated by the global storage attack is the same as a virtual random number generated by the entity. 26. An authentication system, comprising: a garment that is operable to generate but not display a password, the device includes a host connector; " a binder, when connected to the host connector of the device, The operation is displayed but the password value is not generated once. 28. 29. 如明求項26之系統,其中該裝置產生以時間為主的一次 山馬、而且该碩取器供應該裝置所使用的一時脈信號。 明求項26之系統,其中該讀取器包括一連接器,該讀 取益可操作以透過該連接器再充電其本身。 ;不具有一顯示器的一個一次密碼產生裝置之可 移除套子,該套子包括·· 用於造成該一次密碼產生裝置以i生一個一次密碼的 構件;以及 ’、、具示态,其用於傳達產生之該一次密碼。 123717.doc 200818207 30. 一種用於不具有一顯示器的一個一 移除套子,該套子包括: 一整合控制器電路; 次密碼產生裝置 之可 一使用者輸入,其耦合 該整合控制器電路可操 產生一個一次密碼;以及 至該整合控制器電路, 作以造成該一次密碼產生 裝置28. The system of claim 26, wherein the device generates a time-based mountain horse and the pick-up device supplies a clock signal used by the device. The system of claim 26, wherein the reader includes a connector operable to recharge itself through the connector. a removable cover that does not have a display of a one-time password generating device, the cover includes: a member for causing the one-time password generating device to generate a one-time password; and ', with a state, which is used for Communicate the password generated. 123717.doc 200818207 30. A one-piece removal cover for not having a display, the cover comprising: an integrated controller circuit; a user input of a secondary password generating device coupled to the integrated controller circuit Generating a one-time password; and to the integrated controller circuit to cause the one-time password generating device 一顯示器,其對該使用者顯示該產生之一次密碼 123717.doca display that displays the generated password for the user 123717.doc
TW96131089A 2006-08-24 2007-08-22 Reader for one time password generating device TW200818207A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/467,070 US20080052524A1 (en) 2006-08-24 2006-08-24 Reader for one time password generating device
US11/467,063 US20080072058A1 (en) 2006-08-24 2006-08-24 Methods in a reader for one time password generating device

Publications (1)

Publication Number Publication Date
TW200818207A true TW200818207A (en) 2008-04-16

Family

ID=39107531

Family Applications (1)

Application Number Title Priority Date Filing Date
TW96131089A TW200818207A (en) 2006-08-24 2007-08-22 Reader for one time password generating device

Country Status (2)

Country Link
TW (1) TW200818207A (en)
WO (1) WO2008024644A2 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2939931B1 (en) * 2008-12-11 2012-11-16 Oberthur Technologies METHOD FOR PROTECTING A SECURE USB KEY.
US9531541B2 (en) 2013-09-12 2016-12-27 Carl BEAME Cryptographic storage device controller

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1139200A3 (en) * 2000-03-23 2002-10-16 Tradecard Inc. Access code generating system including smart card and smart card reader
JP4701615B2 (en) * 2004-01-23 2011-06-15 ソニー株式会社 Information storage device
GB2414612A (en) * 2004-05-25 2005-11-30 Hsiu-Chu Hsu-Li Multi-media display
US7571489B2 (en) * 2004-10-20 2009-08-04 International Business Machines Corporation One time passcode system
US20060136739A1 (en) * 2004-12-18 2006-06-22 Christian Brock Method and apparatus for generating one-time password on hand-held mobile device

Also Published As

Publication number Publication date
WO2008024644A2 (en) 2008-02-28
WO2008024644A3 (en) 2008-05-29

Similar Documents

Publication Publication Date Title
US20080072058A1 (en) Methods in a reader for one time password generating device
AU2011274360B2 (en) System and method for storing a password recovery secret
TWI363978B (en) System and method for biometrically secured, transparent encryption and decryption
TWI353522B (en) Method and apparatus for interfacing with a restri
TW200805106A (en) Data security system
TW552508B (en) System and apparatus for accessing and transporting electronic communications using a portable storage device
JP2005173197A (en) Encryption /decryption processing system and encryption/decryption processing apparatus
JP3119494B2 (en) How to verify card ownership
US20060242693A1 (en) Isolated authentication device and associated methods
JPH09510561A (en) Method and apparatus for using tokens to access resources
TW201015322A (en) Method and system for data secured data recovery
TW200837564A (en) System and method of storage device data encryption and data access
TWM290600U (en) Crypto pass-through dangle
US10839101B2 (en) Portable storage apparatus, test system and method
EP2175455B1 (en) Method for providing controlled access to a memory card and memory card
US20080052524A1 (en) Reader for one time password generating device
TW200818207A (en) Reader for one time password generating device
BRPI0807432A2 (en) PORTABLE AUTHENTICATION DEVICE
JP2020021127A (en) Information processing system and information processing method
JP2004023122A (en) Encryption system utilizing ic card
EP3761164A1 (en) Entropy provider
WO2007099716A1 (en) Date communication system, and portable memory
JP7438095B2 (en) Equipment management system, management device, equipment management method, and program
EP4102766A1 (en) Data management system, data management method, and non-transitory computer-readable medium
RU2661290C1 (en) Method of identification information entering into the working computer