TWI464688B - Dynamic adjustment of the operation of the function of the card reader and its adjustment method - Google Patents
Dynamic adjustment of the operation of the function of the card reader and its adjustment method Download PDFInfo
- Publication number
- TWI464688B TWI464688B TW099142203A TW99142203A TWI464688B TW I464688 B TWI464688 B TW I464688B TW 099142203 A TW099142203 A TW 099142203A TW 99142203 A TW99142203 A TW 99142203A TW I464688 B TWI464688 B TW I464688B
- Authority
- TW
- Taiwan
- Prior art keywords
- module
- data
- card reader
- identification
- function
- Prior art date
Links
Landscapes
- Storage Device Security (AREA)
Description
本發明係有關於一種讀卡器(Card Reader),特別是有關於一種配合安全存取模組以動態調整運作功能的讀卡器及其調整方法。The present invention relates to a card reader, and more particularly to a card reader that cooperates with a security access module to dynamically adjust an operational function and an adjustment method thereof.
晶片卡(IC Card)又稱為智慧卡(Smart Card),其已廣泛地被運用於人類日常生活中,例如:信用卡、金融卡、捷運卡、儲值卡或一些存有個人資料的識別卡等,藉由不同種類的晶片卡之使用,使得人們的食、衣、住、行,也愈來愈便利。IC Cards, also known as Smart Cards, have been widely used in human daily life, such as credit cards, financial cards, MRT cards, stored value cards, or some identification of personal data. Cards, etc., by using different types of wafer cards, people's food, clothing, housing, and travel are becoming more and more convenient.
然而,隨著使用環境條件之不同,業者需要配置不同的讀卡器,以讀取不同種類的晶片卡之晶片資料,也就是說,通常讀卡器僅能讀取某些特定的晶片卡,因此在這種讀取器運作功能未被更新或增加的情況下,若是環境條件有所更動,業者即需更換不同類型的讀卡器設備硬體,因而造成設備汰換時的成本浪費。However, depending on the environmental conditions of use, the manufacturer needs to configure different card readers to read the wafer data of different kinds of wafer cards, that is, usually the card reader can only read certain chip cards. Therefore, in the case that the operation function of the reader is not updated or increased, if the environmental conditions are changed, the operator needs to replace the hardware of different types of card reader devices, thereby causing waste of cost when the device is replaced.
本發明提供一種不需汰換設備硬體,即能提升運作功能的讀卡器。The invention provides a card reader which can improve the operation function without replacing the hardware of the device.
依據上述之目的,本發明提供一種動態調整運作功能的讀卡器,所述讀卡器(Card Reader)包括組件配置模組、安全存取模組、運算模組及讀卡介面。安全存取模組儲存至少一附加功能資料,此安全存取模組用以配置於組件配置模組或從組件配置模組上移除。運算模組電性耦接組件配置模組,當安全存取模組配置於組件配置模組時,運算模組係鏈結安全存取模組,並於鏈結成功時執行附加功能資料。讀卡介面電性耦接運算模組,所述讀卡介面用以讀取一晶片卡的晶片資料。According to the above object, the present invention provides a card reader that dynamically adjusts an operation function. The card reader includes a component configuration module, a security access module, a computing module, and a card reading interface. The secure access module stores at least one additional functional data, and the secure access module is configured to be removed from or removed from the component configuration module. The computing module is electrically coupled to the component configuration module. When the security access module is configured in the component configuration module, the computing module is linked to the secure access module, and performs additional functional data when the link is successful. The card reader interface is electrically coupled to the computing module, and the card reading interface is configured to read the wafer data of a wafer card.
依據上述之目的,本發明亦提供一種讀卡器之動態調整運作功能方法,適用的讀卡器包括相互電性耦接的一組件配置模組與一運算模組。所述方法包括:配置一安全存取模組於組件配置模組;利用運算模組透過組件配置模組以鏈結安全存取模組;以及根據鏈結結果以決定是否執行安全存取模組之一附加功能資料。According to the above object, the present invention also provides a dynamic adjustment operation function of a card reader. The applicable card reader includes a component configuration module and an operation module electrically coupled to each other. The method includes: configuring a secure access module in the component configuration module; using the computing module to link the secure access module through the component configuration module; and determining whether to execute the secure access module according to the link result One of the additional features.
運用本發明所獲得的功效在於:The effects obtained by using the present invention are:
1.不需汰換讀卡器硬體設備,業者可預先將能夠辨識或讀取晶片卡晶片資料的程式指令儲存於附加功能資料,因此當運算模組鏈結安全存取模組成功時,即可附加讀卡器新的運作功能(例如:讀卡器可因此讀取不同類型的晶片卡),進而避免讀卡器硬體設備汰換的浪費。1. Without replacing the card reader hardware device, the operator can pre-store the program instructions that can identify or read the chip card chip data in the additional function data, so when the computing module link security access module is successful, The new operation function of the card reader can be added (for example, the card reader can read different types of wafer cards), thereby avoiding the waste of the card reader hardware device replacement.
2.在不同的使用環境條件,使用者僅需配置對應功能的安全存取模組於讀卡器,讀卡器即能驅動安全存取模組包括的功能組件或程式,以因應不同的工作需求。2. In different operating environment conditions, the user only needs to configure the corresponding function security access module to the card reader, and the card reader can drive the functional components or programs included in the security access module to respond to different work. demand.
茲配合圖式將本發明較佳實施例詳細說明如下。DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS The preferred embodiments of the present invention will be described in detail below with reference to the drawings.
請參閱圖1,圖1為本發明一實施例讀卡器的示意圖。本實施例中,讀卡器(Card Reader)1包括組件配置模組11、安全存取模組12、運算模組13及讀卡介面14。Please refer to FIG. 1. FIG. 1 is a schematic diagram of a card reader according to an embodiment of the present invention. In this embodiment, the card reader (Card Reader) 1 includes a component configuration module 11, a security access module 12, a computing module 13, and a card reading interface 14.
安全存取模組12儲存至少一附加功能資料120,此安全存取模組12用以配置於組件配置模組11或從組件配置模組11上移除。運算模組13電性耦接組件配置模組11,當安全存取模組12配置於組件配置模組11時,運算模組13係鏈結安全存取模組12,並於鏈結成功時運算模組13執行附加功能資料120。讀卡介面14電性耦接運算模組13,所述讀卡介面14例如:RFID無線感應介面、插槽介面或刷槽介面而用以讀取使用者一晶片卡2的晶片資料20,所述晶片卡2例如:使用者的信用卡、金融卡、捷運卡、儲值卡或一些存有個人資料的識別卡。The security access module 12 stores at least one additional function data 120. The security access module 12 is configured to be removed from the component configuration module 11 or removed from the component configuration module 11. The computing module 13 is electrically coupled to the component configuration module 11. When the security access module 12 is disposed in the component configuration module 11, the computing module 13 is linked to the secure access module 12, and when the link is successful, The computing module 13 executes additional functional data 120. The card reader interface 14 is electrically coupled to the computing module 13, and the card reading interface 14 is, for example, an RFID wireless sensing interface, a slot interface or a brush slot interface for reading the wafer data 20 of the user's chip card 2, The chip card 2 is, for example, a user's credit card, a financial card, a MRT card, a stored value card, or some identification card with personal data.
其中,組件配置模組11與安全存取模組12為相對應結構的組件,舉例而言,安全存取模組12為一晶片卡(例:RFID資料卡、SAM資料卡)時,組件配置模組11係為晶片插座或晶片配置槽;亦或,安全存取模組12為外接式功能介面卡(Extend Function Card),組件配置模組11即為介面卡插座(插槽),但不以此為限,只要是結構相互對應者即可。The component configuration module 11 and the security access module 12 are components of a corresponding structure. For example, when the security access module 12 is a chip card (eg, an RFID data card or a SAM data card), component configuration The module 11 is a chip socket or a chip configuration slot; or the security access module 12 is an external function interface card (Extend Function Card), and the component configuration module 11 is an interface card socket (slot), but not To this end, as long as the structure corresponds to each other.
運算模組13則電性耦接至組件配置模組11,並用以判斷是否有安全存取模組12配置於組件配置模組11。當運算模組12判斷出有安全存取模組12配置於組件配置模組11時,會透過組件配置模組11以鏈結安全存取模組12,在鏈結成功時,執行安全存取模組12的附加功能資料120。這樣的特點之一為:業者可預先將能夠辨識或讀取晶片卡2晶片資料20的程式指令儲存於附加功能資料120,因此當運算模組12鏈結安全存取模組12成功時,讀卡器1即能在不汰換硬體設備的情形下,運行新的功能服務,以讀取上述使用者不同類型的晶片卡所包含的另一種晶片資料,亦即讀卡器1能讀取不同類型的晶片卡。The computing module 13 is electrically coupled to the component configuration module 11 and configured to determine whether the secure access module 12 is disposed in the component configuration module 11. When the computing module 12 determines that the secure access module 12 is configured in the component configuration module 11, the component security module 12 is linked through the component configuration module 11 to perform secure access when the link is successful. Additional functional data 120 of module 12. One of the features is that the program instructions for identifying or reading the wafer card 2 chip data 20 can be stored in the additional function data 120 in advance, so that when the computing module 12 links the secure access module 12, the reading is successful. The card device 1 can run a new functional service without replacing the hardware device to read another type of wafer data contained in the different types of wafer cards of the user, that is, the card reader 1 can read Different types of wafer cards.
反之,若鏈結失敗時,運算模組13則運行原有的功能服務。Conversely, if the link fails, the computing module 13 runs the original functional service.
請參閱圖2,圖2為本發明另一實施例讀卡器的示意圖。本實施例中,讀卡器1更包括一儲存模組15以儲存一種以上的功能資料150。當讀卡器1啟動時,會讀取並執行此功能資料150。Please refer to FIG. 2. FIG. 2 is a schematic diagram of a card reader according to another embodiment of the present invention. In this embodiment, the card reader 1 further includes a storage module 15 for storing more than one function data 150. When the card reader 1 is started, this function data 150 is read and executed.
然而,當安全存取模組12配置於讀卡器1的組件配置模組11時,運算模組13會鏈結安全存取模組12,根據鏈結結果而有不同的執行模式,說明如下:However, when the security access module 12 is disposed in the component configuration module 11 of the card reader 1, the computing module 13 links the secure access module 12, and has different execution modes according to the link result, as illustrated below. :
(1)當運算模組13鏈結安全存取模組12失敗時,運算模組13不會讀取附加功能資料120,更甚者,運算模組13係執行讀卡器1原有的功能資料150。(1) When the computing module 13 fails to link the secure access module 12, the computing module 13 does not read the additional function data 120. Moreover, the computing module 13 performs the original function of the card reader 1. Information 150.
(2)當運算模組13鏈結安全存取模組12成功,且功能資料150與附加功能資料120為相異資料種類時,運算模組13會根據需求以執行功能資料150與附加功能資料120。(2) When the computing module 13 links the secure access module 12 successfully, and the function data 150 and the additional function data 120 are different data types, the computing module 13 performs the function data 150 and the additional function data according to requirements. 120.
(3)當運算模組13鏈結安全存取模組12成功,且功能資料150與附加功能資料120為相同資料種類時,運算模組13分析功能資料150與附加功能資料120之資料版本,從中擇一讀取並執行。舉例:當功能資料150的資料版本新於附加功能資料120的資料版本時,運算模組13讀取並執行功能資料150。反之,當附加功能資料120之資料版本新於功能資料150之資料版本時,運算模組13即讀取並執行附加功能資料120。(3) When the operation module 13 links the secure access module 12 successfully, and the function data 150 and the additional function data 120 are the same data type, the operation module 13 analyzes the data version of the function data 150 and the additional function data 120. Choose from one to read and execute. For example, when the data version of the function data 150 is new to the data version of the additional function data 120, the operation module 13 reads and executes the function data 150. On the other hand, when the data version of the additional function data 120 is newer than the data version of the function data 150, the operation module 13 reads and executes the additional function data 120.
(4)當安全存取模組12未配置於組件配置模組11時,由運算模組13讀取並執行功能資料150。(4) When the secure access module 12 is not disposed in the component configuration module 11, the function module 150 is read and executed by the computing module 13.
運算模組13鏈結安全存取模組12期間,係對安全存取模組12進行認證。認證模式有數種(但不以其為限,相關認證模式亦可),說明如下:When the computing module 13 links the secure access module 12, the secure access module 12 is authenticated. There are several types of authentication modes (but not limited to them, and related authentication modes are also available), as explained below:
(1)請參閱圖3A,圖3A為本發明一實施例運算模組對安全存取模組的認證模式之示意圖。(1) Please refer to FIG. 3A. FIG. 3A is a schematic diagram of an authentication mode of a security module by a computing module according to an embodiment of the present invention.
安全存取模組12包括附加功能資料120與識別資料121,識別資料121記錄有安全存取模組12的裝置編碼(或晶片編碼)。讀卡器1的儲存模組15儲存有一設備識別表151,儲存模組15記錄有多個裝置編碼(即可配置於讀卡器1的安全存取模組12的裝置編碼)。在運算模組13鏈結並認證安全存取模組12期間,運算模組13會利用設備識別表151分析與匹配識別資料121,當匹配成功時,運算模組13即認定鏈結成功,以讀取並執行附加功能資料120。反之,則認定鏈結失敗。此外,設備識別表151更記錄每一識別資料121對應之一功能使用權限資料,讀卡器1即可根據人員所屬、工作單位類別以啟動對應權限的功能服務。The secure access module 12 includes additional functional data 120 and identification data 121, and the identification data 121 records the device code (or wafer code) of the secure access module 12. The storage module 15 of the card reader 1 stores a device identification table 151. The storage module 15 records a plurality of device codes (ie, device codes of the security access module 12 that can be disposed in the card reader 1). During the operation of the computing module 13 and authentication of the secure access module 12, the computing module 13 analyzes and matches the identification data 121 by using the device identification table 151. When the matching is successful, the computing module 13 determines that the link is successful. The additional function data 120 is read and executed. Otherwise, the link is determined to have failed. In addition, the device identification table 151 further records one function usage permission data corresponding to each identification data 121, and the card reader 1 can activate the corresponding function service according to the category to which the person belongs and the work unit.
舉例(功能服務規劃):A單位包括A1地區、A2地區與A3地區,各地區分別配置讀卡器R1、讀卡器R2與讀卡器R3。然而,A1地區的網路設備需要功能資料F1與功能資料F2,A2地區的網路設備需要功能資料F2與功能資料F3,A3地區的網路設備需要功能資料F3。此時,將具有功能資料F1與功能資料F2的安全存取模組12配置於讀卡器R1,將具有功能資料F2與功能資料F3的安全存取模組12配置於讀卡器R2,將具有功能資料F3的安全存取模組12配置於讀卡器R3。此時,讀卡器R1即能運行功能資料F1與功能資料F2,但不具有運行功能資料F3的能力;讀卡器R2即能運行功能資料F2與功能資料F3,但不具有運行功能資料F1的能力;讀卡器R3即能運行功能資料F3,但不具有運行功能資料F1與功能資料F2的能力。如此即能限制各區域的讀卡器1所能使用的功能與使用權限。Example (Function Service Planning): The A unit includes the A1 area, the A2 area, and the A3 area. Each area is configured with a card reader R1, a card reader R2, and a card reader R3. However, the network equipment in the A1 area requires the function data F1 and the function data F2. The network equipment in the A2 area needs the function data F2 and the function data F3, and the network equipment in the A3 area needs the function data F3. At this time, the secure access module 12 having the function data F1 and the function data F2 is disposed in the card reader R1, and the secure access module 12 having the function data F2 and the function data F3 is disposed in the card reader R2. The secure access module 12 having the function data F3 is disposed in the card reader R3. At this time, the card reader R1 can run the function data F1 and the function data F2, but does not have the ability to run the function data F3; the card reader R2 can run the function data F2 and the function data F3, but does not have the running function data F1 The ability of the card reader R3 to run the function data F3, but does not have the ability to run the function data F1 and the function data F2. In this way, the functions and usage rights that can be used by the card reader 1 in each area can be restricted.
又例:A單位包括A1地區、A2地區與A3地區,在各地區分別配置一門禁感應器,各門禁感應器連接至一讀卡器1。當A單位的工作人員開放A1地區與A2地區供B單位人員自由進出時,僅需配置一安全存取模組12於讀卡器1,安全存取模組12包括B單位的認證機制資料與附加功能資料120,當B單位人員前往A1地區或A2地區時,A1地區或A2地區的門禁感應器會感應到B單位人員的認證卡(例如:晶片卡2),並協同讀卡器1以完成對晶片資料20的認證行為,讀卡器1會啟動附加功能資料120以提供相關功能服務。反之,當B單位人員前往A3地區時,A3地區的感應器會感應到B單位人員的認證卡,但B單位人員不具有進入A3地區的權限,故讀卡器1在認證時會判定不讓B單位人員進入A3地區,同時不啟動相關的附加功能資料120。For example, the A unit includes the A1 area, the A2 area, and the A3 area. Each of the areas is provided with an access sensor, and each access sensor is connected to a card reader 1. When the staff of the A unit opens the A1 area and the A2 area for the B unit personnel to enter and exit freely, only one security access module 12 needs to be configured in the card reader 1. The security access module 12 includes the B unit authentication mechanism data and Additional function data 120, when the B unit personnel go to the A1 area or the A2 area, the access control sensor of the A1 area or the A2 area will sense the authentication card of the B unit personnel (for example, the wafer card 2), and cooperate with the card reader 1 to Upon completion of the authentication of the wafer material 20, the card reader 1 will activate the additional function data 120 to provide the associated functional services. Conversely, when the B unit personnel go to the A3 area, the sensor in the A3 area will sense the certification card of the B unit personnel, but the B unit personnel do not have the authority to enter the A3 area, so the card reader 1 will determine not to allow the authentication. The B unit personnel enters the A3 area and does not activate the associated additional function data 120.
更甚者,讀卡器1係鏈結後端之一伺服設備3,其提供前述的設備識別表151至讀卡器1。Moreover, the card reader 1 is one of the servo devices 3 at the rear end of the link, which provides the aforementioned device identification table 151 to the card reader 1.
(2)請參閱圖3B,圖3B為本發明另一實施例運算模組對安全存取模組的認證模式之示意圖。本實施例中,安全存取模組12包括一辨識碼產生模組122,而運算模組13包括一識別邏輯資料152。當運算模組13認證安全存取模組12時,會執行辨識碼產生模組122以取得一辨識資料,並利用識別邏輯資料152分析辨識資料,以決定是否執行附加功能資料120。(2) Please refer to FIG. 3B. FIG. 3B is a schematic diagram of an authentication mode of a security module by a computing module according to another embodiment of the present invention. In this embodiment, the security access module 12 includes an identification code generation module 122, and the operation module 13 includes an identification logic data 152. When the computing module 13 authenticates the secure access module 12, the identification code generating module 122 is executed to obtain an identification data, and the identification data is analyzed by the identification logic data 152 to determine whether to execute the additional function data 120.
舉例(金鑰認證機制):讀卡器1包括一認證金鑰資料,其驅動安全存取模組12之同時提供認證金鑰資料給辨識碼產生模組122。辨識碼產生模組122會產生對應金鑰的回應碼,運算模組13利用識別邏輯資料152分析此回應碼,判斷所鏈結的安全存取模組12是否可為讀卡器1使用。當運算模組13判斷所鏈結的安全存取模組12是正確且能使用時,即啟用安全存取模組12包括的附加功能資料120;反之,則運算模組13判斷所鏈結的安全存取模組12為不正確,且不能為讀卡器1所使用,即不啟用安全存取模組12包括的附加功能資料120。Example (Key Authentication Mechanism): The card reader 1 includes a certificate key data, which drives the secure access module 12 while providing authentication key data to the identification code generation module 122. The ID generation module 122 generates a response code corresponding to the key, and the operation module 13 analyzes the response code by using the identification logic 152 to determine whether the linked security access module 12 can be used by the card reader 1. When the computing module 13 determines that the linked secure access module 12 is correct and can be used, the additional functional data 120 included in the secure access module 12 is enabled; otherwise, the computing module 13 determines the linked The secure access module 12 is incorrect and cannot be used by the card reader 1, i.e., the additional functional data 120 included in the secure access module 12 is not enabled.
更甚者,讀卡器1係鏈結後端之一伺服設備3,其提供前述的識別邏輯資料152(或更進一步包括認證金鑰資料)至讀卡器1。Moreover, the card reader 1 is a servo device 3 at the back end of the link, which provides the aforementioned identification logic 152 (or further including authentication key data) to the card reader 1.
當運算模組13分析辨識資料後,會將一分析結果傳輸至伺服設備3,伺服設備3會分析此分析結果以傳輸對應辨識資料的功能使用權限資料至運算模組13,令運算模組13根據功能使用權限資料判定是否執行附加功能資料120。After the computing module 13 analyzes the identification data, an analysis result is transmitted to the servo device 3, and the servo device 3 analyzes the analysis result to transmit the function usage authority data corresponding to the identification data to the computing module 13, so that the computing module 13 It is determined whether or not to execute the additional function data 120 based on the function usage authority data.
更甚者,功能使用權限資料記錄有啟動功能權限,運算模組13根據功能使用權限資料以執行附加功能資料120的局部功能單元,其對應前述辨識資料的權限,即讀卡器1可使用附加功能資料120的權限。Moreover, the function usage permission data record has a startup function permission, and the operation module 13 executes the permission function data according to the function to execute the partial function unit of the additional function data 120, which corresponds to the permission of the identification data, that is, the card reader 1 can use the additional The authority of the function data 120.
(3)請參閱圖3C,圖3C為本發明另一實施例運算模組對安全存取模組的認證模式之示意圖。本實施例與圖3A與圖3B所述認證模式相異,不同處在於,安全存取模組12更包括一裝置識別模組123,讀卡器1更包括一裝置資料153。當安全存取模組12受讀卡器1之電力時,係執行裝置識別模組123。裝置識別模組123會識別裝置資料153,判定所安置的讀卡器1是否符合可執行安全存取模組12的規格,以根據判定結果決定是否開放附加功能資料120以供運算模組13讀取並執行。此可避免安全存取模組120被盜用並安置於任一種讀卡器1,避免安全存取模組12的附加功能資料120被任意使用,同時達到權限控管的目的。(3) Referring to FIG. 3C, FIG. 3C is a schematic diagram of an authentication mode of a security module by a computing module according to another embodiment of the present invention. The embodiment is different from the authentication mode shown in FIG. 3A and FIG. 3B. The difference is that the security access module 12 further includes a device identification module 123, and the card reader 1 further includes a device profile 153. When the secure access module 12 is powered by the card reader 1, the device identification module 123 is executed. The device identification module 123 identifies the device data 153, determines whether the installed card reader 1 conforms to the specifications of the executable security access module 12, and determines whether to open the additional function data 120 for the operation module 13 to read according to the determination result. Take and execute. This prevents the secure access module 120 from being stolen and placed in any of the card readers 1 to prevent the additional function data 120 of the secure access module 12 from being used arbitrarily, and at the same time achieve the purpose of authority control.
此外,讀卡器1可配置多個組件配置模組11,以供同時安置多個安全存取模組12,讀卡器1即能同時運行多個附加功能資料120,以提供多種附加功能服務,例如:讀卡器1能在不汰換硬體設備的情形下,運行新的功能服務,來讀取上述使用者不同類型的晶片卡2的晶片資料20。而此等配置模式雷同單一組件配置模組11的配置模式,在此不贅述。In addition, the card reader 1 can be configured with a plurality of component configuration modules 11 for simultaneously arranging a plurality of security access modules 12, and the card reader 1 can simultaneously run a plurality of additional function data 120 to provide various additional function services. For example, the card reader 1 can run a new functional service without reading the hardware device to read the wafer data 20 of the different types of wafer cards 2 of the above-mentioned users. The configuration mode of the single component configuration module 11 is similar to that of the configuration mode.
請參照圖4A,圖4A為本發明一實施例讀卡器之動態調整運作功能方法示意圖。請同時參照圖1至圖3C以利於了解,方法說明如下:Please refer to FIG. 4A. FIG. 4A is a schematic diagram of a dynamic adjustment operation function of a card reader according to an embodiment of the present invention. Please refer to FIG. 1 to FIG. 3C at the same time for understanding, and the method is as follows:
配置一安全存取模組12於組件配置模組11(步驟S110)。如前述,組件配置模組11與安全存取模組12為相對應結構的組件,舉例而言,安全存取模組12為一晶片卡(例:RFID資料卡、SAM資料卡)時,組件配置模組11係為晶片插座或晶片配置槽;亦或,安全存取模組12為外接式功能介面卡(Extend Function Card),組件配置模組11即為介面卡插座(插槽),但不以此為限,只要是結構相互對應者即可。A secure access module 12 is disposed in the component configuration module 11 (step S110). As described above, the component configuration module 11 and the security access module 12 are components of a corresponding structure. For example, when the security access module 12 is a chip card (eg, an RFID data card, a SAM data card), the component The configuration module 11 is a chip socket or a chip configuration slot; or the security access module 12 is an external function interface card (Extend Function Card), and the component configuration module 11 is an interface card socket (slot), but Not limited to this, as long as the structure corresponds to each other.
利用運算模組13透過組件配置模組11以鏈結安全存取模組12(步驟S120)。運算模組13係電性耦接至組件配置模組11,並用以判斷是否有安全存取模組12配置於組件配置模組11,當運算模組13判斷出有安全存取模組12配置於組件配置模組11時,會透過組件配置模組11以鏈結安全存取模組12。The computing module 13 is used to link the secure access module 12 through the component configuration module 11 (step S120). The computing module 13 is electrically coupled to the component configuration module 11 and is configured to determine whether the secure access module 12 is disposed in the component configuration module 11. When the computing module 13 determines that the secure access module 12 is configured When the module 11 is configured, the module 11 is configured to securely access the module 12 through the component configuration module 11.
根據鏈結結果以決定是否執行安全存取模組12之一附加功能資料120(步驟S130)。根據鏈結結果而有不同的執行模式,說明如下:Based on the link result, it is determined whether or not to execute an additional function profile 120 of the secure access module 12 (step S130). There are different execution modes depending on the link result, as explained below:
(1)當運算模組13成功鏈結安全存取模組12時,執行安全存取模組12的附加功能資料120;反之,當運算模組13鏈結安全存取模組12失敗時,運算模組13不會讀取附加功能資料120,更甚者,運算模組13係執行讀卡器1原有的功能資料150。(1) when the computing module 13 successfully links the secure access module 12, the additional function data 120 of the secure access module 12 is executed; otherwise, when the computing module 13 fails to link the secure access module 12, The computing module 13 does not read the additional function data 120. Moreover, the computing module 13 executes the original function data 150 of the card reader 1.
(2)當運算模組13鏈結安全存取模組12成功,且功能資料150與附加功能資料120為相異資料種類時,運算模組13會根據需求以執行功能資料150與附加功能資料120。(2) When the computing module 13 links the secure access module 12 successfully, and the function data 150 and the additional function data 120 are different data types, the computing module 13 performs the function data 150 and the additional function data according to requirements. 120.
(3)當運算模組13鏈結安全存取模組12成功,且功能資料150與附加功能資料120為相同資料種類時,由運算模組13分析功能資料150與附加功能資料120之資料版本,從中擇一讀取並執行。(3) When the operation module 13 links the secure access module 12 successfully, and the function data 150 and the additional function data 120 are the same data type, the operation module 13 analyzes the data version of the function data 150 and the additional function data 120. , choose to read and execute from it.
請同時參照圖4B為本發明一實施例讀卡器之資料版本比對示意圖。運算模組13係比對功能資料150與附加功能資料120之資料版本,判斷附加功能資料120之資料版本是否較新(步驟S150)。Please refer to FIG. 4B as a schematic diagram of data version comparison of the card reader according to an embodiment of the present invention. The computing module 13 compares the data versions of the function data 150 and the additional function data 120 to determine whether the data version of the additional function data 120 is newer (step S150).
當功能資料150之資料版本新於附加功能資料120之資料版本時,運算模組13讀取並執行功能資料150(步驟S151)。When the data version of the function data 150 is new to the data version of the additional function data 120, the arithmetic module 13 reads and executes the function data 150 (step S151).
反之,當附加功能資料120之資料版本新於功能資料150之資料版本時,運算模組13讀取並執行附加功能資料120(步驟S152)。On the other hand, when the data version of the additional function data 120 is newer than the data version of the function data 150, the arithmetic module 13 reads and executes the additional function data 120 (step S152).
(4)當安全存取模組12未配置於組件配置模組11時,由運算模組13讀取並執行功能資料150。(4) When the secure access module 12 is not disposed in the component configuration module 11, the function module 150 is read and executed by the computing module 13.
請同時參照圖4C、圖4D、圖4E與圖4F繪示本發明讀卡器實施例之認證示意圖。運算模組13鏈結安全存取模組12期間,係對安全存取模組12進行認證,說明如下:Please refer to FIG. 4C, FIG. 4D, FIG. 4E and FIG. 4F for a schematic diagram of the authentication of the card reader embodiment of the present invention. During the operation of the security module 12 by the computing module 13, the security access module 12 is authenticated as follows:
利用運算模組13認證安全存取模組12(步驟S161)。認證模式有數種(但不以其為限,相關認證模式亦可),說明如下:The secure access module 12 is authenticated by the arithmetic module 13 (step S161). There are several types of authentication modes (but not limited to them, and related authentication modes are also available), as explained below:
第一種認證方法:利用運算模組13讀取安全存取模組12之一識別資料121(步驟S171)。請同時參照圖4D與圖3A,安全存取模組12包括附加功能資料120與識別資料121,識別資料121記錄有安全存取模組12的裝置編碼(或晶片編碼)。讀卡器1的儲存模組15儲存有一設備識別表151,其記錄有多個裝置編碼(即可配置於讀卡器1的安全存取模組12的裝置編碼)。The first authentication method: the operation module 121 reads one of the identification data 121 of the secure access module 12 (step S171). Referring to FIG. 4D and FIG. 3A simultaneously, the secure access module 12 includes additional functional data 120 and identification data 121, and the identification data 121 records the device code (or wafer code) of the secure access module 12. The storage module 15 of the card reader 1 stores a device identification table 151 in which a plurality of device codes (ie, device codes of the secure access module 12 of the card reader 1) are recorded.
由運算模組13根據設備識別表151分析識別資料121(步驟S172)。在運算模組13鏈結並認證安全存取模組12期間,運算模組13會利用設備識別表151分析與匹配識別資料121。不論分析與匹配結果為何,皆由運算模組13將分析結果記錄為認證結果(步驟S173)。The identification module 121 is analyzed by the arithmetic module 13 based on the device identification table 151 (step S172). During the operation of the computing module 13 and authentication of the secure access module 12, the computing module 13 analyzes and matches the identification data 121 using the device identification table 151. Regardless of the analysis and matching result, the calculation result is recorded by the arithmetic module 13 as the authentication result (step S173).
第二種認證方法:請同時參照圖4E與圖3B,安全存取模組12包括一辨識碼產生模組122,而運算模組13包括一識別邏輯資料152。當運算模組13認證安全存取模組12時,由運算模組13執行辨識碼產生模組122以取得一辨識資料(步驟S181)。再由運算模組13利用一識別邏輯資料152分析辨識資料(步驟S182)。最後,由運算模組13將分析結果形成認證結果(步驟S183)。The second authentication method: Referring to FIG. 4E and FIG. 3B simultaneously, the security access module 12 includes an identification code generation module 122, and the operation module 13 includes an identification logic data 152. When the computing module 13 authenticates the secure access module 12, the computing module 13 executes the identification code generating module 122 to obtain an identification data (step S181). The computing module 13 then analyzes the identification data using an identification logic 152 (step S182). Finally, the analysis result is formed by the arithmetic module 13 to form an authentication result (step S183).
舉例(金鑰認證機制):讀卡器1包括一認證金鑰資料,其驅動安全存取模組12之同時提供認證金鑰資料給辨識碼產生模組122。辨識碼產生模組122會產生對應金鑰的回應碼,運算模組13利用識別邏輯資料152分析此回應碼,判斷所鏈結的安全存取模組12是否可為讀卡器1使用。Example (Key Authentication Mechanism): The card reader 1 includes a certificate key data, which drives the secure access module 12 while providing authentication key data to the identification code generation module 122. The ID generation module 122 generates a response code corresponding to the key, and the operation module 13 analyzes the response code by using the identification logic 152 to determine whether the linked security access module 12 can be used by the card reader 1.
然而,如圖4F,當讀卡器1鏈結後端的伺服設備3時,步驟S173更包括:由運算模組13將分析結果傳輸至伺服設備3(步驟S191)。由伺服設備3分析讀卡器1傳輸的分析結果,以傳輸對應辨識資料之功能使用權限資料至運算模組13(步驟S192)。最後,由運算模組13將功能使用權限資料形成認證結果(步驟S193)。However, as shown in FIG. 4F, when the card reader 1 links the servo device 3 at the rear end, step S173 further includes: transmitting the analysis result to the servo device 3 by the operation module 13 (step S191). The analysis result transmitted by the card reader 1 is analyzed by the servo device 3 to transmit the function usage authority data corresponding to the identification data to the operation module 13 (step S192). Finally, the function usage permission data is formed by the operation module 13 to form an authentication result (step S193).
不論是以何種認證模式,運算模組13皆會記錄認證結果以形成鏈結結果(步驟S162)。Regardless of the authentication mode, the arithmetic module 13 records the authentication result to form a link result (step S162).
此外,當讀卡器1鏈結後端的伺服設備3,且運算模組13決定執行附加功能資料120時,運算模組13會根據伺服設備3傳送的功能使用權限資料以執行附加功能資料120的局部功能單元。In addition, when the reader 1 links the servo device 3 at the back end, and the computing module 13 decides to execute the additional function data 120, the computing module 13 performs the additional function data 120 according to the function usage authority data transmitted by the servo device 3. Local functional unit.
由此可知,本發明動態調整運作功能的讀卡器及其調整方法的特點如下:It can be seen that the features of the card reader and the adjustment method thereof for dynamically adjusting the operation function of the present invention are as follows:
1.不需汰換讀卡器硬體設備,業者可預先將能夠辨識或讀取晶片卡晶片資料的程式指令儲存於附加功能資料,因此當運算模組鏈結安全存取模組成功時,即可附加讀卡器新的運作功能(例如:讀卡器可因此讀取不同類型的晶片卡),進而避免讀卡器硬體設備汰換的浪費。1. Without replacing the card reader hardware device, the operator can pre-store the program instructions that can identify or read the chip card chip data in the additional function data, so when the computing module link security access module is successful, The new operation function of the card reader can be added (for example, the card reader can read different types of wafer cards), thereby avoiding the waste of the card reader hardware device replacement.
2.在不同的使用環境條件,使用者僅需配置對應功能的安全存取模組於讀卡器,讀卡器即能驅動安全存取模組包括的功能組件或程式,以因應不同的工作需求。2. In different operating environment conditions, the user only needs to configure the corresponding function security access module to the card reader, and the card reader can drive the functional components or programs included in the security access module to respond to different work. demand.
3.當安全存取模組損壞,或是附加功能資料為不正常的資料時,使用者僅需更換新的安全存取模組,並不會損害讀卡器的運作。3. When the security access module is damaged, or the additional function data is abnormal, the user only needs to replace the new security access module without damaging the operation of the card reader.
4.本發明所揭露之讀卡器可結合權限管理,在不同單位的讀卡器安置不同的安全存取模組,使得讀卡器僅能運作對應單位的程式或組件。4. The card reader disclosed in the present invention can be combined with rights management to install different security access modules in different units of the card reader, so that the card reader can only operate the program or component of the corresponding unit.
5.可預先將識別消費者金融卡、信用卡的身份確認機制建制於安全存取模組中,讀卡器在配置安全存取模組時,可執行身份確認機制以簡化電子交易行為(網路交易、電子付費、物品租借…等)的身份認證作業,且能減少資料傳輸次數以加速電子交易行為。5. The identity verification mechanism for identifying the consumer financial card and the credit card can be pre-established in the secure access module, and the card reader can perform an identity confirmation mechanism to simplify the electronic transaction behavior when configuring the secure access module (network) Identity authentication for transactions, electronic payments, item rentals, etc., and can reduce the number of data transfers to accelerate electronic trading.
綜上所述,乃僅記載本發明為呈現解決問題所採用的技術手段之實施方式或實施例而已,並非用來限定本發明專利實施之範圍。即凡與本發明專利申請範圍文義相符,或依本發明專利範圍所做的均等變化與修飾,皆為本發明專利範圍所涵蓋。In the above, it is merely described that the present invention is an embodiment or an embodiment of the technical means for solving the problem, and is not intended to limit the scope of implementation of the present invention. That is, the equivalent changes and modifications made in accordance with the scope of the patent application of the present invention or the scope of the invention are covered by the scope of the invention.
1...讀卡器1. . . Card reader
11...組件配置模組11. . . Component configuration module
12...安全存取模組12. . . Secure access module
120...附加功能資料120. . . Additional function data
121...識別資料121. . . Identification data
122...辨識碼產生模組122. . . Identification code generation module
123...裝置識別模組123. . . Device identification module
13...運算模組13. . . Computing module
14...讀卡介面14. . . Card reader interface
15...儲存模組15. . . Storage module
150...功能資料150. . . Functional data
151...設備識別表151. . . Equipment identification table
152...識別邏輯資料152. . . Identification logic
153...裝置資料153. . . Device data
2...晶片卡2. . . Wafer card
20...晶片資料20. . . Wafer data
3...伺服設備3. . . Servo device
圖1 為本發明一實施例讀卡器的示意圖;1 is a schematic diagram of a card reader according to an embodiment of the present invention;
圖2 為本發明另一實施例讀卡器的示意圖;2 is a schematic diagram of a card reader according to another embodiment of the present invention;
圖3A 為本發明一實施例運算模組對安全存取模組的認證模式之示意圖;FIG. 3A is a schematic diagram of an authentication mode of a security module by a computing module according to an embodiment of the invention; FIG.
圖3B 為本發明另一實施例運算模組對安全存取模組的認證模式之示意圖;FIG. 3B is a schematic diagram of an authentication mode of a security module by a computing module according to another embodiment of the present invention; FIG.
圖3C 為本發明另一實施例運算模組對安全存取模組的認證模式之示意圖;3C is a schematic diagram of an authentication mode of a security module by a computing module according to another embodiment of the present invention;
圖4A 為本發明一實施例讀卡器之動態調整運作功能方法示意圖;4A is a schematic diagram of a dynamic adjustment operation function of a card reader according to an embodiment of the present invention;
圖4B 為本發明一實施例讀卡器之資料版本比對示意圖;以及4B is a schematic diagram showing a comparison of data versions of a card reader according to an embodiment of the present invention;
圖4C、圖4D、圖4E與圖4F繪示本發明讀卡器實施例之認證示意圖。4C, 4D, 4E and 4F are schematic diagrams showing the authentication of the card reader embodiment of the present invention.
1...讀卡器1. . . Card reader
11...組件配置模組11. . . Component configuration module
12...安全存取模組12. . . Secure access module
120...附加功能資料120. . . Additional function data
13...運算模組13. . . Computing module
14...讀卡介面14. . . Card reader interface
2...晶片卡2. . . Wafer card
20...晶片資料20. . . Wafer data
Claims (26)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW099142203A TWI464688B (en) | 2010-12-03 | 2010-12-03 | Dynamic adjustment of the operation of the function of the card reader and its adjustment method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW099142203A TWI464688B (en) | 2010-12-03 | 2010-12-03 | Dynamic adjustment of the operation of the function of the card reader and its adjustment method |
Publications (2)
Publication Number | Publication Date |
---|---|
TW201224945A TW201224945A (en) | 2012-06-16 |
TWI464688B true TWI464688B (en) | 2014-12-11 |
Family
ID=46726016
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW099142203A TWI464688B (en) | 2010-12-03 | 2010-12-03 | Dynamic adjustment of the operation of the function of the card reader and its adjustment method |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI464688B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010040183A1 (en) * | 1998-09-30 | 2001-11-15 | Fujitsu Limited | IC card processor |
US20020030581A1 (en) * | 2000-04-14 | 2002-03-14 | Janiak Martin J. | Optical and smart card identification reader |
TW200513922A (en) * | 2003-05-22 | 2005-04-16 | Ibm | Smart card data transaction system and methods for providing high levels of storage and transmission security |
TW200616410A (en) * | 2004-11-04 | 2006-05-16 | Nat Univ Chung Cheng | System and method for digital content rights management on portable storage devices |
-
2010
- 2010-12-03 TW TW099142203A patent/TWI464688B/en not_active IP Right Cessation
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010040183A1 (en) * | 1998-09-30 | 2001-11-15 | Fujitsu Limited | IC card processor |
US20020030581A1 (en) * | 2000-04-14 | 2002-03-14 | Janiak Martin J. | Optical and smart card identification reader |
TW200513922A (en) * | 2003-05-22 | 2005-04-16 | Ibm | Smart card data transaction system and methods for providing high levels of storage and transmission security |
TW200616410A (en) * | 2004-11-04 | 2006-05-16 | Nat Univ Chung Cheng | System and method for digital content rights management on portable storage devices |
Also Published As
Publication number | Publication date |
---|---|
TW201224945A (en) | 2012-06-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6989929B2 (en) | Systems and methods for creating fingerprints of cryptographic devices | |
US8052060B2 (en) | Physical access control system with smartcard and methods of operating | |
US20120313754A1 (en) | Biometric smart card reader | |
US10255464B2 (en) | Systems and methods for determining clock rates for communicating with processing devices | |
CN109903135A (en) | A kind of jewelry electronic information shared system based on block chain | |
US11257313B2 (en) | Systems and methods for using motion pattern of a user for authentication | |
US10284552B1 (en) | Systems and methods for using micro accelerations as a biometric identification factor | |
US10354055B2 (en) | Portable electronic device and system | |
US10002268B1 (en) | Identification of desired clock rate for an externally-driven processing device | |
US11831639B2 (en) | Systems and methods for using micro accelerations as a biometric identification factor | |
CN101714216B (en) | Semiconductor element, biometric authentication method, biometric authentication system and mobile terminal | |
WO2018144591A1 (en) | Communication protocol speedup and step-down | |
US20170277879A1 (en) | Ic card, ic module, and ic card system | |
CN108229202A (en) | A kind of automatic full inspection method and device of smart card, computer installation, storage medium | |
TWI464688B (en) | Dynamic adjustment of the operation of the function of the card reader and its adjustment method | |
EP3929817B1 (en) | Signal power management circuits and smart cards including the same | |
TWI425793B (en) | Dynamic Adjustment of Operational Function of Network Gateway System and Its Adjustment Method | |
US11893581B1 (en) | Tokenization for payment devices | |
US20240022569A1 (en) | Method for processing an operation involving secret data, terminal, system and corresponding computer program | |
US20230237464A1 (en) | System and Method for Providing Transaction Report Data Using A User Device | |
Nagy | Building open profiles of certified cryptographic devices | |
US20240289908A1 (en) | System and method for identification document verification | |
KR20090074680A (en) | System for operating end-to-end security channel between server and ic card | |
KR20090001975A (en) | Affiliated store card, affiliated store terminal and program recording medium | |
Walczowski et al. | Training in the use of java smart cards for embedded applications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
MM4A | Annulment or lapse of patent due to non-payment of fees |