1296771 九、發明說明: 【發明所屬之技術領域】 本發明係一種透過USB傳輸介面與HOST端通訊之安全爷 證裝置,以安全等級極高之PKI智慧IC卡存放數位簽章, ^ 可廣泛應用於需具備身份認證機制的數位憑證領域中,另外 ^ 結合方便存取資料之快閃記憶體既有之功能,成為攜帶便利 之安全認證及儲存媒體裝置,並結合了 RFID之非接觸式自 • 動識別技術以加強倉儲庫存管理、資產管理以及商品追蹤用 途’提高安全性與便於管理性。 【先前技術】 在現今資訊傳遞頻繁與網際網路通訊發達的時代中,大 量數位資料隨身攜帶已經成為數位生活中不可或缺的一 環,同時資訊安全之議題亦日益受到重視,正因資訊傳遞如 此之頻繁使得傳遞内容之正確性、不可否認性更加地受到重 鲁 視。 貝訊安全首重的就是身份確認機制,在以往有關身份確 . 認機制應用大多是透過數位憑證來完成,然因時空環境之關 係多仍停留於將憑證存放於磁片等可被簡易複製之儲存體 中’而使得電子憑證所擁有之認證及安全性大打折扣。 諸如網路交易、所得稅網路申報、網路身份的確認、電 子貧料交換時之身份確認、各式應用系統之登入等需求比比 皆是。但是將憑證存放於無法被複製冬PKI智慧1C卡中, 1296771 進⑥改進前述之缺&,然浴p需要透過額外之讀卡機之存取介 面來作為PKI智慧Ic卡與·端之連接,使得攜帶之便利 性大大的降低。 在傳統的網路系統中,當Termina丨端登入到Host端時, 所輪入的密碼皆沒有經過加密。當有駭客使用木馬程式竊聽 在網路上傳送的密碼和登人者名字,即可人侵您的帳號了。 灸對此資訊安全的角苹決之道可使用自態密石馬系統的方式,對使 用者每一次登入時,都要求輸入不同的密碼。因此下一次 登入時的密碼已不同於被擷取的密碼,所以即使密碼在網路 上傳送時遭竊聽也無妨。 【發明目的】 本發明之目的係在於提供一種滿足資訊安全的身份確認 機制的實際需求,及數位憑證的高安全性、管理性與使用便 利性的具有無線辨識系統與數位憑證及資料儲存功能之安 b 全認證的通用序列蟑隨身存取裝置。 本赉明之次要目的即在於提供一種整合pk I智慧I c卡與 讀卡機,再加入可供使用者用於一般資料存取之快閃記伊 體,而成為一個具有安全認證功能、資料存取便利、攜帶方 便的USB通訊介面裝置。 本發明之又一目的係在於提供一種可讓使用者不論是在 做PKI應用系統之登入、網路身份的確認、網路次 % 丁為料交 換或一般數位資料的存取時,皆能獲致最大之安全性、便利 6 1296771 性的具有無線辨識系統與數位憑證及資料儲存功能之安全 認證的通用序列埠隨身存取裝置。 本發明之再一目的即在於提供一種因應場合需要而需隨 身攜帶時亦能夠充分展現本發明之強大可攜性,並結合了 RFID之非接觸式自動識別技術可加強本發明所規範之裝置 應用於倉儲庫存管理、資產管理以及商品追蹤用考,提高安 全〖生與便於管理性的具有無線辨識系統與數位憑證及資料 儲存功能之安全認證的通用序列埠隨身存取裝置。 【發明内容】 本發明以USB通訊介面與H0ST端進行資料之交換,利用 微處理機技術及接觸式PKI智慧IC卡具備之憑證功能進行 身份認證,並透過對快閃記憶體之存取達成資料儲存的目的 而成。 本發明具有下列所列之特性: (一)USB既有的高通訊速度暨隨插即用特性 (一)PKI智慧IC卡之安全認證機制之高安全性 (三)便利的快閃記憶體資料儲存、體積小易於攜帶之設 計特點等,以適合使用者方便使用於有電子憑證認 證需求之系統上。 四)RFID之非接觸式自動剌技術可制於倉儲庫存 加強本發明所 管理、資產管理以及商品追蹤用途, 規範之裝置之安全性與便於管理性。 1296771 通訊協定標準來達成,使得pk I相關之應用程式得以 運用PKI智慧I c卡内之數位簽章及加密功能來完成 憑證確認工作,並以LED燈之明滅及顏色來顯示資料 交換狀況。 對快閃記憶體之一般資料存取,係利用微處理機技術 對快閃記憶體做完全之控制來達成存取動作,並以 Γ led燈之明滅及顏色來顯示存取狀況。 進行通訊資料的加解密、交易資料的處理運算與協調 指揮控制本裝置各個模組之運作。 3·無線辨識系統(RFID)之標籤(Tag): RFID Tag係固定於本發明規範之外殼機構上,每個 Tag皆有一組唯一的序號,用以識別每裝置之唯一 性。並可配合後端各式管理系統,加以記錄每裝置之 特性參數,以便於倉儲庫存管理、資產管理以及商品 追蹤用途,提高安全性與便於管理性。 4.動態密碼模組(One-Time Password, OTP)與輸入個人 識別密碼(PIN)之鍵盤(KeyPad): 動態密碼模組與個人識別密碼之輸入鍵盤亦利用微 處理機技術完成功能。當使用者欲登入帳號時,微處 理機將經由LCD顯示器提示使用者輸入PKI智慧ic 卡内的個人識別密碼。 9 1296771 此時使用者可由鍵盤輸入個人識別密碼,微處理機_ 開啟動悲岔碼模組之功能’動態密碼模組將依據〇Τρ 系統之演算法,每次自動產生一組Challenge。該組 chal lenge 是由一個 iteration(數字)與 seed (數字 與字母)組成。 同時本發明的LCD顯示器上顯出一組〇ne —Time Password,來當做此次登入所使用的密碼。 【特點及功效】 本發明透過USB介面與HOST端通訊,並配合使用接觸 式PKI智慧1C卡與無線辨識系統(rFID),特別具有下列顯 著之優點: 1 ·本發明是安全認證、資料儲存及無線辨識三項功能之 複合式裝置,兼具便於管理、安全等級高、資料存取 方便之短小精幹特性。 2·可運用PKI智慧1C卡中電子簽章來達成身份的認證 以進行系統登入,取代僅以帳號 '密碼作為登入方式 之系統,可廣泛使用於需要身份認證之ρκι應用系 統,避免駭客不當入侵應用系統所造成之破壞。 3·經由RFID之無線辨識之特性,以及每個Tag皆有一 組唯一的序號並可配合後端各式管理系統,提高安全 性與便於管理性。 1296771 4. USB介面之隨插即用特性,使得本發明在_τ端之安 裝與使用上較具便利性與簡單性。 5. 由於ΡΠ智慧IC卡本身具有不可複製性之高安全等 級,使用者若不慎遺失本發明時,亦可避免他人盜用 使用者之數位憑證。 6. 體積小易於攜帶,符合數位生活中資訊隨身攜帶之便 利性。 7·因具有咼傳輸速率通訊,故於使用者存取快閃記憶體 内資料時可隨意快速的傳輸大量的資料。 8. 本發明其中一項功能為ρκι智慧卡之讀卡裝置, 在PKI智慧IC卡之存取時,H0ST端無須另行準備讀 卡裝置,節省讀卡裝置之購置成本。 9. 提供PIN Pad讓使用者輸入自己易記的piN c〇de,再 由動態密碼模組產生每次不同的〇τρ,增加了使用方 便性與高安全性。 10·本發明除應用於個人認證應用領域,對於企業更有 許多關於資訊安全領域之衍生應用。 11.可選擇單一動態密碼模組ΟΤΡ或結合ΡΚΙ智慧1C 卡作為系統登入之方式,可增強安全控管機制。 【圖式簡單說明】 11 1296771 請參閱以下有關本發明之詳細說明及其附圖,將可進一 步瞭解本發明之技術内容及其目的功效。相關附圖為: 圖一為本發明之系統模組架構圖。 【主要元件符號說明】1296771 IX. Description of the Invention: [Technical Field] The present invention is a security device that communicates with the HOST terminal through a USB transmission interface, and stores a digital signature on a PKI smart IC card with a very high security level. In the field of digital voucher, which requires an authentication mechanism, it also combines the functions of the flash memory that facilitates access to data, and becomes a portable authentication and storage media device that is convenient to carry, and combines the non-contact type of RFID. Dynamic identification technology to enhance warehousing inventory management, asset management, and merchandise tracking purposes' to improve security and ease of management. [Prior Art] In today's era of frequent information transmission and Internet communication, a large amount of digital data has become an indispensable part of digital life. At the same time, the issue of information security is receiving more and more attention. Frequently, the correctness and non-repudiation of the delivered content are more closely esteemed. The first priority of Beixun's security is the identity verification mechanism. In the past, the application of identity authentication mechanism was mostly done through digital certificates. However, the relationship between space and time environment still remains at the time of storing the certificate on the disk and so on. In the storage body, the authentication and security of the electronic voucher are greatly reduced. Demands such as online transactions, income tax net filings, confirmation of network identities, identity verification during the exchange of electronic poor materials, and login of various application systems are everywhere. However, the voucher can be stored in the winter PKI smart 1C card, 1296771 into 6 to improve the aforementioned lack & bath p needs to access the access interface of the additional card reader as the PKI smart Ic card and the end of the connection The convenience of carrying is greatly reduced. In the traditional network system, when the Termina terminal logs in to the Host, the entered passwords are not encrypted. When a hacker uses a Trojan to eavesdrop on the password and the name of the person who is sent over the Internet, it can invade your account. Moxibustion can use the self-existing stone horse system for this information security. Every time a user logs in, they are required to enter a different password. Therefore, the password for the next login is different from the password that was retrieved, so it is no problem even if the password is eavesdropped while it is being transmitted over the Internet. [Object of the Invention] The object of the present invention is to provide a wireless identification system and digital voucher and data storage function for the actual needs of an identity verification mechanism that satisfies information security, and the high security, manageability and ease of use of digital certificates. A fully certified universal serial port 蟑 access device. The second purpose of this book is to provide an integrated pk I smart I c card and card reader, and then add a flash flash memory for users to use for general data access, and become a security authentication function, data storage A convenient and portable USB communication interface device. Another object of the present invention is to provide a user who can obtain the login, network identity confirmation, network data exchange or general digital data access of the PKI application system. Maximum security, convenient 6 1296771-type universal serial port portable access device with wireless identification system and digital certificate and data storage function. A further object of the present invention is to provide a strong portability of the present invention when required to be carried around according to the needs of the occasion, and the non-contact automatic identification technology combined with RFID can enhance the application of the device specified by the present invention. In the warehouse inventory management, asset management and commodity tracking test, improve the safety of the user and the management of the wireless identification system and digital certificate and data storage function of the security of the universal serial port portable access device. SUMMARY OF THE INVENTION The present invention exchanges data with the USB communication interface and the H0ST terminal, and uses the micro-processor technology and the certificate function of the contact PKI smart IC card for identity authentication, and obtains information through access to the flash memory. The purpose of storage is made. The invention has the following listed characteristics: (1) USB high communication speed and plug-and-play characteristics (1) High security of PKI smart IC card security authentication mechanism (3) Convenient flash memory data The storage, small size and easy-to-carry design features are suitable for users to conveniently use on systems with electronic certificate authentication requirements. 4) RFID's non-contact automatic 剌 technology can be built into warehousing stocks to enhance the management, asset management and commodity tracking purposes of the invention, and to standardize the security and ease of management of the device. The 1296771 communication protocol standard was reached, enabling the pk I-related application to use the digital signature and encryption functions in the PKI smart Ic card to complete the voucher confirmation work, and display the data exchange status with the LED lights and colors. For the general data access of the flash memory, the microprocessor is fully controlled by the microprocessor technology to achieve the access operation, and the access status is displayed by the illuminating and color of the LD lamp. Encryption and decryption of communication data, processing and calculation of transaction data, and coordination of command and control of the operation of each module of the device. 3. Wireless Identification System (RFID) tag: The RFID tag is fixed on the outer casing of the specification of the present invention, and each tag has a unique serial number for identifying the uniqueness of each device. It can be combined with various back-end management systems to record the characteristics of each device for storage inventory management, asset management and merchandise tracking purposes, improving security and management. 4. One-Time Password (OTP) and Keyboard (KeyPad) for entering a personal identification number (PIN): The input keyboard of the dynamic password module and the personal identification password is also implemented by the microprocessor technology. When the user wants to log in to the account, the microprocessor will prompt the user to enter the personal identification code in the PKI smart card via the LCD display. 9 1296771 At this point, the user can input the personal identification password from the keyboard, and the microprocessor _ starts the function of the grief code module. The dynamic crypto module will automatically generate a set of Challenge each time according to the algorithm of the 〇Τρ system. The group chal lenge consists of an iteration (number) and a seed (number and letter). At the same time, a set of 〇ne_Time Password is displayed on the LCD display of the present invention as the password used for the login. [Features and Functions] The present invention communicates with the HOST terminal through the USB interface, and uses the contact PKI smart 1C card and the wireless identification system (rFID), and has the following remarkable advantages: 1. The present invention is a security authentication, data storage and The wireless device recognizes the three functions of the composite device, which has the advantages of easy management, high security level and convenient data access. 2. You can use the electronic signature of the PKI smart 1C card to achieve identity authentication for system login, instead of using the account 'password as the login method, it can be widely used in the ρκι application system that requires identity authentication to avoid improper hackers. The damage caused by intrusion into the application system. 3. The characteristics of wireless identification via RFID, and each tag has a unique serial number and can be used with various back-end management systems to improve security and manageability. 1296771 4. The plug-and-play feature of the USB interface makes the present invention more convenient and simple to install and use at the _τ end. 5. Since the smart IC card itself has a high security level of non-reproducibility, if the user accidentally loses the invention, it can also avoid the misappropriation of the user's digital certificate. 6. Small size and easy to carry, it is convenient for carrying information in digital life. 7. Because of the transmission rate communication, a large amount of data can be transmitted freely and quickly when the user accesses the data in the flash memory. 8. One of the functions of the present invention is a card reading device of the ρκι smart card. When accessing the PKI smart IC card, the H0ST terminal does not need to prepare a card reading device separately, thereby saving the purchase cost of the card reading device. 9. Provide PIN Pad for users to enter their easy-to-remember piN c〇de, and then generate a different 〇τρ by the dynamic password module, which increases the convenience and high security. 10. In addition to being applied to the field of personal authentication applications, the present invention has many derivative applications for information security. 11. The single dynamic password module can be selected or combined with the smart 1C card as the system login method to enhance the security control mechanism. BRIEF DESCRIPTION OF THE DRAWINGS 11 1296771 Please refer to the following detailed description of the present invention and its accompanying drawings, and the technical contents of the present invention and its effects will be further understood. The related drawings are as follows: Figure 1 is a structural diagram of a system module of the present invention. [Main component symbol description]
1212