TWI669628B - Token device for conducting cryptography key backup or restoration operation - Google Patents

Abstract

The invention provides a signal mark device, comprising: a transmission interface, which can receive power from an external device; a biometric detection circuit capable of detecting a user's touch action and a user's biological characteristics; and a smart card access circuit capable of detecting a user's release Card action, and accessing the card end security chip on the smart card; the message end security chip; and the control circuit configured to generate the identity identification data corresponding to the detection result of the biometric detection circuit, and separately transmit the identity identification data Perform identity verification on the target security chip and the card security chip. If the identity verification at both ends of the beacon security chip and the card security chip is successful, the control circuit performs a corresponding key backup operation or key restoration operation between the beacon security chip and the card security chip.

Description

Signal device for performing key backup or restore operations

The present invention relates to a key backup and restore operation, and more particularly to a beacon device for performing a key backup or restore operation.

With the development of various information application technologies, the use of various cryptography keys such as signature keys or encryption keys has become more and more popular, and the demand for backing up these keys has increased.

For example, in the related systems of the Internet of Things, various key mechanisms are often used to verify the authenticity of the device, or to encrypt the data to ensure that the data will not be transmitted during the transmission of the IoT devices to each other. Tampering. Once the relevant key in the IoT system is lost, it will take a lot of time to redistribute the key on many related devices, otherwise it will lead to information security vulnerabilities in the entire IoT system.

For another example, in applications such as Bitcoin, Ether, Ripple, Litecoin, etc., the encrypted virtual currency can be stored in the user's private form in the form of a key. In the storage device, the user can save it by himself. However, if the key saved by the user is lost or destroyed, it will cause serious economic losses.

In view of this, how to make the backup or restore process of various keys easier and at the same time take into account data security is a technical problem to be solved.

The present specification provides an embodiment of a beacon device for use in a key backup device, comprising: a transmission interface configured to receive power required for operation of the beacon device from an external device; a biometric detection The circuit is configured to detect a user touch action and a biometric feature of the user; a smart card access circuit is configured to detect a user card release action and access a card end security chip disposed on a smart card, The card end security chip has a card end security memory built therein; a message end security chip has a built-in security memory; and a control circuit coupled to the transmission interface, the biometric detection The circuit, the smart card access circuit, and the beacon security chip are configured to generate one or more identity identification data corresponding to the detection result of the biometric detection circuit, and transmit a first identity identification data to the The beacon security chip performs identity verification, and transmits a second identity identification data to the card security chip for identity verification; wherein, if the cell security chip and the card end Identity across the full wafer verification are successful, the control circuit may perform a backup operation of the corresponding key or key information to restore the operating standard between the wafer and the card side security side security wafer.

The present specification further provides an embodiment of a beacon device used in a key backup system, comprising: a transmission interface configured to communicate with a host device and receive the host device a smart card access circuit configured to access a card end security chip disposed on a smart card, wherein the card end security chip has a card end security memory built therein; The target security chip has a built-in security memory; and a control circuit coupled to the transmission interface, the smart card access circuit, and the beacon security chip, configured to generate the host One or more identity identification data of the authentication data, transmitting a first identity identification data to the identity end security chip for identity verification, and transmitting a second identity identification data to the card security chip for identity verification; wherein, if The identity verification of both the beacon end security chip and the card end security chip is successful, and the control circuit according to the instruction of the main control device, the security chip at the beacon end and the Performing a backup operation of the corresponding key or key operation reducing end security between the wafer.

One of the advantages of the above embodiments is that the security device at both ends of the beacon device and the smart card performs user identity verification before the key backup operation or the key recovery operation, and prevents unauthorized unauthorized use of the key. Backup operation or key restore operation.

Another advantage of the above embodiment is that the key is stored in the secure memory of the security chip, so the security of the key storage can be improved, and the hacker can effectively reduce the key by stealing the beacon device or the smart card. The possibility.

Other advantages of the invention will be explained in more detail in conjunction with the following description and drawings.

Embodiments of the present invention will be described below in conjunction with the associated drawings. In the drawings, the same reference numerals indicate the same or similar elements or methods.

Please refer to Figure 1 and Figure 2. FIG. 1 is a simplified schematic diagram of a key backup device 100 according to an embodiment of the present invention. FIG. 2 is a simplified functional block diagram of the key backup device 100. The key backup device 100 includes a beacon device 110 and one or more smart cards 120. The key backup device 100 is configured to allow a user to perform a backup or restore operation of the key between the target device 110 and the smart card 120.

The term "cryptography key" as used in the specification and patent application includes electronic signature keys, electronic encryption keys, and various types of encrypted virtual currency generated based on various cryptographic algorithms. For example, Bitcoin, Ethereum, Ripple, Litecoin, etc.).

In this embodiment, the beacon device 110 includes a housing 111, a transmission interface 113, a biometric detection circuit 115, an indication circuit 117, a card slot 119, a smart card access circuit 211, a security chip 213, and a secure memory 215. And a control circuit 217 and a storage circuit 219. The secure memory 215 is built into the security chip 213 and its access rights are controlled by the security chip 213. On the other hand, the smart card 120 includes a security chip 121 and a secure memory 223. The secure memory 223 is built into the security chip 121 and its access rights are controlled by the security chip 121.

For convenience of description, the security chip 213 is hereinafter referred to as an on-token security chip 213, and the secure memory 215 is hereinafter referred to as a message-side secure memory 215, and the security chip 121 is hereinafter referred to as a card terminal. On-card security chip 121, secure memory 223 is hereinafter referred to as card-side secure memory 223.

In the beacon device 110, one or more transmission interfaces 113 capable of receiving power required for operation of the beacon device 110 from an external device may be provided. The aforementioned external device can be realized by various electronic devices such as a computer, a mobile phone, a mobile power source, and a charging line that can supply power to the beacon device 110. In addition, different transmission interfaces 113 can be implemented with different types of connection terminals to increase the number of types of external devices to which the symbol device 110 can be connected.

For example, in the embodiment of FIG. 1, the beacon device 110 includes two transmission interfaces 113 respectively protruding from opposite ends of the housing 111. One of the transmission interfaces 113 can be designed to conform to a certain connector specification (for example, USB Type). The -A specification) is in the form of another transmission interface 113 that can be designed to conform to another connector specification (eg, USB Type-C specification). When one of the transmission interfaces 113 is inserted into a corresponding power supply port of a suitable external device, the beacon device 110 can receive the power required for the operation of the internal components from the external device through the transmission interface 113.

In this way, the power supply battery is not required inside the housing 111 of the signal device 110, so the overall volume and weight of the signal device 110 can be effectively reduced.

In practice, the housing 111 of the beacon device 110 can be designed in a variety of other lightweight, easy to carry, or easy to handle shapes, and is not limited to the embodiment of FIG. For example, the beacon device 110 can be designed into a variety of smart keys for a car or a smart key for a house.

The biometric detection circuit 115 is configured to detect an action of the user touching the biometric detection circuit 115 (hereinafter referred to as a user's touch action). In addition, the biometric detection circuit 115 can also detect the user's biometric characteristics, such as fingerprints and palm prints, when the user touches the pressure (for example, the user's fingerprint, palm print, etc.) Skin texture), vein distribution (vein), or electrocardiogram (ECG), etc. As shown in FIG. 1, the sensing region of the biometric detection circuit 115 is exposed outside the housing 111. When the user touches the sensing area of the biometric detecting circuit 115 with a specific part of the body (for example, a finger, a toe, an elbow, an ear, etc.), the biometric detecting circuit 115 can detect the specific body part of the user. To obtain the user's biometrics.

The biometric detection circuit 115 can notify the control circuit 217 that a user touch action occurs each time it is touched. In practice, the biometric detection circuit 115 can adopt various existing mechanical, optical, magnetic, or electrical detection mechanisms to detect the presence or absence of a user's touch action, and can also adopt various existing biometric detection mechanisms. Detect the user's biometrics.

For example, the biometric detection circuit 115 can notify the control circuit 217 that a user touch action occurs once each time the sensing area is contacted by a particular body part of the user. The control circuit 217 may not repeatedly calculate the number of occurrences of the user's touch action until the user's particular body part is out of the sensing area.

In addition, the biometric detection circuit 115 can also set an appropriate filtering condition for each duration of the touch pressure to reduce the possibility of misjudging other situations as a user's touch action. For example, the biometric detection circuit 115 can be configured to be touched each time, and the time of the touch lasts for more than a first predetermined length of time (eg, 0.1 second, 0.3 second, or 1 second, etc.) In this case, the control circuit 217 is notified that a user touch action occurs. Conversely, if the duration of the biometric detection circuit 115 being touched is shorter than the first predetermined length of time, the biometric detection circuit 115 can ignore the touch and not report it to the control circuit 217.

The indicating circuit 117 is configured to generate indication information indicating the progress of the related operation of the beacon device 110, or generate indication information for guiding the user to change the smart card. The indicating circuit 117 can be realized by various visual effect generating circuits capable of generating light, displaying characters, displaying images, and displaying images, and can also be implemented by various audio playing devices capable of playing sounds or voices, or can be integrated to produce visual effects. And various suitable circuits for audio playback functions are implemented.

The card slot 119 is disposed at one side of the housing 111 for the smart card 120 to be inserted therein to enable the card end security chip 121 on the smart card 120 to be in contact with the smart card access circuit 211.

The smart card access circuit 211 is configured to detect an action of the user placing the smart card 120 or other card in a position detectable by the smart card access circuit 211 (hereinafter referred to as a user card-playing action, user's card-placing) Action). In addition, the smart card access circuit 211 can also perform command or data communication with the card end security chip 121 when contacting the card end security chip 121 on the smart card 120.

The smart card access circuit 211 can notify the control circuit 217 of a user card release action each time it detects that the smart card 120 or other card is placed or moved to a position detectable by the smart card access circuit 211. . In practice, the smart card access circuit 211 can employ various existing mechanical, optical, magnetic, or electrical detection mechanisms to determine whether a user has a card release action.

For example, in the embodiment of FIG. 1, the smart card access circuit 211 can notify the control circuit 217 of a user card release action each time the user detects that the smart card 120 or other card is inserted into the card slot 119. Before the user pulls the smart card 120 or other card out of the card slot 119, the control circuit 217 may not repeatedly count the number of occurrences of the user's card release action.

For another example, in some embodiments in which the smart card access circuit 211 communicates with the smart card via wireless sensing, the smart card access circuit 211 can move the smart card 120 or other card to the user each time the user is detected. When the smart card access circuit 211 is approached, the notification control circuit 217 causes a user card release action. Before the user moves the smart card 120 or other card outside the sensing range of the smart card access circuit 211, the control circuit 217 may not repeatedly calculate the number of occurrences of the user's card-fetching action.

In addition, the smart card access circuit 211 can also set appropriate filtering conditions for each time the card stays in the position (or range) that can be detected by the smart card access circuit 211, thereby reducing misjudgment to other situations. The possibility of the user placing the card.

For example, in the embodiment of FIG. 1, the smart card access circuit 211 can each time the user inserts the card into the card slot 119 and the card stays in the detectable position for more than a second predetermined time. In the case of the length (for example, 0.1 second, 0.3 second, or 1 second, etc.), the control circuit 217 is notified that a user card release operation has occurred.

For example, in some embodiments in which the smart card access circuit 211 communicates with the smart card through wireless sensing, the smart card access circuit 211 can close the smart card 120 or other cards to the smart each time the user is detected. The card access circuit 211 notifies the control circuit 217 of a user card release action only if the card continues to stay for more than the aforementioned second predetermined length of time within the detectable range.

On the contrary, if the card provided by the user stays at the position (or range) detectable by the smart card accessing circuit 211 for a duration shorter than the aforementioned second predetermined time length, the smart card accessing circuit 211 can The card release action is ignored and not reported to the control circuit 217.

The message-side secure memory 215 in the target-end security chip 213 prestores the identity identification data of the valid user of the key backup device 100 (hereinafter referred to as the eligible user identity identification data). On the other hand, the card-end secure memory 223 in the card-end security chip 121 also pre-stores the user identification data.

The foregoing suitable user identity identification data may be identification data generated according to the unique biometric characteristics of the eligible user, for example, a potential difference record corresponding to the user's fingerprint or venous blood vessel distribution, a thermal entropy record, a gray scale image, a multi-tone image, A color image, or a special spectral image that is invisible to the naked eye, or a digital data generated by the aforementioned data through various known feature algorithms.

In practice, both the message-side secure memory 215 and the card-end secure memory 223 can store the same qualified user identity identification data, and can also store different identity identification data of the same eligible user. For example, in some embodiments, the qualified user identity identification data stored in the message-side secure memory 215 is a physiological characteristic corresponding to an eligible user (eg, a right-hand index finger fingerprint), and the card-end secure memory The appropriate user identity identification data stored in 223 is another biometric corresponding to the eligible user (eg, the left index finger fingerprint).

As shown in FIG. 2, the control circuit 217 is coupled to the transmission interface 113, the biometric detection circuit 115, the indication circuit 117, the smart card access circuit 211, and the beacon end security chip 213. The control circuit 217 is arranged to control the operation of the aforementioned components, and can record the occurrence time and the number of occurrences of the user's touch action according to the notification of the biometric detection circuit 115. In addition, the control circuit 217 can also record the time when the user puts the card and the number of occurrences according to the notification of the smart card access circuit 211.

For convenience of explanation, the number of occurrences of the user's touch operation is hereinafter referred to as a touch count, and the number of occurrences of the user's card release operation is hereinafter referred to as a card-placing count.

In operation, the control circuit 217 can also generate one or more identity identification data corresponding to the detection result of the biometric detection circuit 115, and transmit the relevant identity identification data to the beacon end security chip 213 and the card end respectively. The security chip 121 performs identity verification. In this embodiment, only when the identity verification of both the beacon end security chip 213 and the card end security chip 121 is successful, the control circuit 217 judges the user's release according to the user's operation behavior for the key backup device 100. Instructing, and performing a corresponding key backup operation or key restoration operation between the target end security chip 213 and the card end security chip 121.

The storage circuit 219 is coupled to the control circuit 217 and is configured to store programs or data required for the operation of the control circuit 217.

In practice, the control circuit 217 can be implemented by various programmable processors having computing power and instruction interpretation capabilities. Both the message end security chip 213 and the card end security chip 121 can be implemented by various processors or controllers having cryptographic algorithm computing power, key generation and computing power, electronic signature algorithm computing capability, and confidentiality information. achieve. For example, the beacon security chip 213 can be implemented by various security micro-controllers, secure chips, hardware secure modules (HSMs), etc., which are certified by the International Data Security Specification. The implementation is to ensure that the appropriate user identity identification data and related keys stored in the secure memory 215 of the message end are not easily falsified. The card-end security chip 121 can be implemented by various smart card chips certified by the international data security specification to ensure that the appropriate user identity identification data and related keys stored in the card-side secure memory 223 are not easily Tampering.

Several application aspects of the key backup apparatus 100 will be described below with reference to FIGS. 3 to 5. FIG. 3 is a simplified schematic diagram of the first application aspect of the key backup device 100. FIG. 4 is a simplified schematic diagram of a second application aspect of the key backup device 100. FIG. 5 is a simplified schematic diagram of a third application aspect of the key backup device 100.

In the application aspect illustrated in FIG. 3, the user can issue a key backup instruction to the beacon device 110 in the manner described in the operation behavior table 310, so that the beacon device 110 is stored in a simple one-to-one backup mode. The target key in the target security memory 215 is copied to the card-side secure memory 223 in the single smart card 120 for storage. In this way, only the target key stored in the target device 110 can be saved in the smart card 120.

For example, in an embodiment, the user may first perform a user touch action once according to the instruction of the operation behavior mode 311, and then perform a user card release action once, thereby issuing a key backup instruction to the target device 110.

In another embodiment, the user may perform the user touch action K times according to the instruction of the operation behavior mode 312, and then perform the user card release action K times, thereby issuing a key backup instruction to the target device 110. Where K is a positive integer greater than one.

In another embodiment, the user may perform the user card release action once according to the instruction of the operation behavior mode 313, and then perform the user touch action once, thereby issuing a key backup instruction to the target device 110.

In another embodiment, the user may perform the user card release action K times according to the instruction of the operation behavior mode 314, and then perform the user touch action K times, thereby issuing a key backup instruction to the target device 110.

After the aforementioned key backup operation is completed, the target key in the symbol device 110 will be saved in the single smart card 120 in a backup version.

Thereafter, when the user wants to restore the target key stored in the smart card 120 to a certain symbol device 110, the user can operate the beacon device 110 in the manner described in the operation behavior table 320 in FIG. The key device 110 issues a key restore command, so that the target device 110 copies the target key stored in the single smart card 120 to the target end of the single target device 110 in a simple one-to-one restore mode. The memory 215 is stored inside. In this way, the target key stored in the smart card 120 can be restored to the beacon device 110.

For example, in an embodiment, the user may perform the user card release action once according to the instruction of the operation behavior mode 321, and then perform the user touch action once, thereby issuing a key restoration instruction to the target device 110.

In another embodiment, the user may perform the user card release action K times according to the instruction of the operation behavior mode 322, and then perform the user touch action K times, thereby issuing a key restoration instruction to the target device 110. Where K is a positive integer greater than one.

In another embodiment, the user may perform the user touch action once, and then perform the user card release action once, according to the instruction of the operation behavior mode 323, thereby issuing a key restoration instruction to the target device 110.

In another embodiment, the user may perform the user touch action K times in accordance with the instruction of the operation behavior mode 324, and then perform the user card release action K times, thereby issuing a key restoration instruction to the target device 110.

After the aforementioned key restoration operation is completed, the target key stored in the single smart card 120 is restored to the single symbol device 110.

In practical applications, the user operation behavior of the following key backup instruction and the user operation behavior of the instruction restoration with the following key are not identical to each other (that is, there must be a distinction between the two (Sexuality) to avoid conflicts when the symbol device 110 interprets the user's instructions.

In FIG. 3, the dotted line between the operation behavior tables 310 and 320 is a feasible combination between the operation behavior of the user's release key instruction and the operation behavior of the release key instruction.

For example, the user operation behavior described by the operation behavior pattern 311 or 312 of the following key backup instruction may be used in conjunction with the user operation behavior described by the operation behavior pattern 321 or 322 of the following key restoration instruction. .

For another example, the user operation behavior described by the operation behavior pattern 313 or 314 of the following key backup instruction may be followed by the user operation behavior described by the operation behavior pattern 323 or 324 of the following key restoration instruction. For use with.

In the application aspect illustrated in FIG. 4, the user can issue a key backup instruction to the beacon device 110 in the manner described in the operation behavior table 410, so that the beacon device 110 is stored in a simple one-to-many backup mode. The target key in the target-side secure memory 215 is copied to the card-side secure memory 223 of the plurality of smart cards 120 for storage. In this way, the target key that is originally stored only in the beacon device 110 can have multiple identical backup versions stored in the plurality of different smart cards 120.

For example, in an embodiment, the user may perform the user touch action once, and then perform the user card release action N times according to the instruction of the operation behavior mode 411, thereby issuing a key backup instruction to the target device 110. Where N is a positive integer greater than 1 and represents the number of smart cards to be used to back up the target key. For example, the user may perform the user touch action once, and then perform the user card release action twice to instruct the beacon device 110 to back up the target key into the two smart cards 120. For another example, the user may perform the user touch action once, and then perform the user card release action 3 times to instruct the beacon device 110 to back up the target key into the three smart cards 120.

In another embodiment, the user may perform the user touch action N times according to the instruction of the operation behavior mode 412, and then perform the user card release action once, thereby issuing a key backup instruction to the target device 110, wherein , N is a positive integer greater than 1, and represents the number of smart cards to be used to back up the target key. For example, the user may perform the user touch action twice, and then perform the user release action once to instruct the beacon device 110 to back up the target key into the two smart cards 120. For another example, the user may perform the user touch action three times, and then perform the user card release action once to instruct the beacon device 110 to back up the target key into the three smart cards 120.

In another embodiment, the user may perform the user card release action once according to the instruction of the operation behavior mode 413, and then perform the user touch action N times, thereby issuing a key backup instruction to the target device 110, wherein , N is a positive integer greater than 1, and represents the number of smart cards to be used to back up the target key.

In another embodiment, the user may perform the user card release action N times according to the instruction of the operation behavior mode 314, and then perform the user touch action once, thereby issuing a key backup instruction to the target device 110, wherein , N is a positive integer greater than 1, and represents the number of smart cards to be used to back up the target key.

During the key backup process, the user can replace the smart card accessed by the target device 110 according to the predetermined time interval or the indication information of the information device 110, so that the target device 110 can obtain the target key. Write multiple smart cards 120 one after another.

After the foregoing key backup operation is completed, the target key in the target device 110 has a plurality of identical backup versions stored in the plurality of different smart cards 120, that is, the plurality of smart cards 120. The target keys stored in are the same.

Thereafter, when the user wants to restore the target key stored in the smart card 120 to a certain symbol device 110, the user can operate the beacon device 110 in the manner described in the operation behavior table 320 in FIG. The key device 110 issues a key restore command, so that the target device 110 copies the target key stored in the single smart card 120 to the target end of the single target device 110 in a simple one-to-one restore mode. The memory 215 is stored inside. In this way, the target key stored in the smart card 120 can be restored to the beacon device 110.

The operation behavior table 320 in FIG. 4 is the same as the operation behavior table 320 in FIG. 3 described above, so the foregoing description regarding the operation behavior table 320 in FIG. 3 also applies to the application aspect of FIG. For the sake of brevity, the related user operations are not repeated here.

After the aforementioned key restoration operation is completed, the target key stored in the single smart card 120 is restored to the single symbol device 110.

In FIG. 4, the dashed line between the operational behavior tables 410 and 320 represents a possible match between the operational behavior of the user issuing the key backup instruction and the operational behavior of the release key instruction.

For example, the user operation behavior described by the operational behavior pattern 411 or 412 of the following key backup instruction may be matched with the user operation behavior described by the following operational behavior pattern 321 or 322 of the key restoration instruction.

For another example, the user operation behavior described by the operation behavior pattern 413 or 414 of the following key backup instruction may be followed by the user operation behavior described by the operation behavior pattern 323 or 324 of the following key restoration instruction. Match.

In the application aspect illustrated in FIG. 5, the user can issue a key backup instruction to the beacon device 110 in the manner described in the operation behavior table 510, so that the beacon device 110 has a one-to-many backup mode in a split mode. The target key stored in the target-side secure memory 215 is distributed to the card-side secure memory 223 of the plurality of smart cards 120 for storage. In this way, the target key that is originally only stored in the target device 110 can be distributed to the plurality of smart cards 120 for storage in a M of N backup manner, and only one of the reservations can be utilized in the future. The amount of information on the smart card 120 can restore the target key.

For example, in an embodiment, the user may first perform a user touch action once according to the instruction of the operation behavior mode 511, and then perform a user card release action N times, thereby issuing a key backup instruction to the target device 110. Where N is a positive integer greater than 1 and represents the number of smart cards to be used to back up the target key. For example, the user may perform the user touch action once, and then perform the user card release action 3 times to instruct the beacon device 110 to back up the target key into the three smart cards 120. For another example, the user may perform the user touch action once, and then perform the user release action 5 times to instruct the beacon device 110 to back up the target key to the five smart cards 120.

In another embodiment, the user may perform the user touch action N times according to the instruction of the operation behavior mode 512, and then perform the user card release action once, thereby issuing a key backup instruction to the target device 110, wherein , N is a positive integer greater than 1, and represents the number of smart cards to be used to back up the target key. For example, the user may perform the user touch action 3 times before performing the user card release action once to instruct the beacon device 110 to back up the target key into the three smart cards 120. For another example, the user may perform the user touch action 5 times before performing the user card release action once to instruct the beacon device 110 to back up the target key into the five smart cards 120.

In another embodiment, the user may perform the user card release action once according to the instruction of the operation behavior mode 513, and then perform the user touch action N times, thereby issuing a key backup instruction to the target device 110, wherein , N is a positive integer greater than 1, and represents the number of smart cards to be used to back up the target key.

In another embodiment, the user may perform the user card release action N times according to the instruction of the operation behavior mode 514, and then perform the user touch action once, thereby issuing a key backup instruction to the target device 110, wherein , N is a positive integer greater than 1, and represents the number of smart cards to be used to back up the target key.

In addition, in some application modes illustrated in FIG. 5, the user can also control the number of touches or the number of times the card is released, and the number of smart cards required to restore the target key in the future.

For example, in an embodiment, the user may perform the user touch action N times according to the instruction of the operation behavior mode 515, and then perform the user card release action M times, thereby issuing a key backup instruction to the target device 110. Where N is a positive integer greater than 1, representing the number of smart cards to be used to back up the target key, and M is a positive integer greater than 1 and less than N, representing the number of smart cards required to restore the target key in the future. For example, the user may perform the user touch action 3 times and then perform the user card release action 2 times to instruct the beacon device 110 to back up the target key into the three smart cards 120, and only need the three smart cards 120 in the future. The data on any two of the smart cards 120 can restore the target key. For example, the user may perform the user touch action 5 times, and then perform the user card release action 3 times to instruct the beacon device 110 to back up the target key to the five smart cards 120, and only need these five smart cards in the future. The data on any of the three smart cards 120 in 120 can restore the target key.

In another embodiment, the user may perform the user touch action M times and then perform the user card release operation N times according to the instruction of the operation behavior mode 516, thereby issuing a key backup instruction to the target device 110. Where N is a positive integer greater than 1, representing the number of smart cards to be used to back up the target key, and M is a positive integer greater than 1 and less than N, representing the number of smart cards required to restore the target key in the future. For example, the user may perform the user touch action twice, and then perform the user card release action 3 times to instruct the beacon device 110 to back up the target key into the three smart cards 120, and only need the three smart cards 120 in the future. The data on any two of the smart cards 120 can restore the target key. For example, the user may perform the user touch action 3 times and then perform the user card release action 5 times to instruct the beacon device 110 to back up the target key to the five smart cards 120, and only need these five smart cards in the future. The data on any of the three smart cards 120 in 120 can restore the target key.

In another embodiment, the user may perform the user card release action N times according to the instruction of the operation behavior mode 517, and then perform the user touch action M times, thereby issuing a key backup instruction to the target device 110. Where N is a positive integer greater than 1, representing the number of smart cards to be used to back up the target key, and M is a positive integer greater than 1 and less than N, representing the number of smart cards required to restore the target key in the future.

In another embodiment, the user may perform the user card release action M times according to the instruction of the operation behavior mode 518, and then perform the user touch action N times, thereby issuing a key backup instruction to the target device 110. Where N is a positive integer greater than 1, representing the number of smart cards to be used to back up the target key, and M is a positive integer greater than 1 and less than N, representing the number of smart cards required to restore the target key in the future.

During the key backup process, the user can replace the smart card accessed by the target device 110 according to the predetermined time interval or the indication information of the information device 110, so that the target device 110 can obtain the target key. The distributed backup data is written into the plurality of smart cards 120.

After the foregoing key backup operation is completed, the target key in the target device 110 is distributed to the plurality of smart cards 120 for storage, and two or more of the smart cards 120 are needed in the future. The stored data can be combined and combined to restore the target key.

Thereafter, when the user wants to restore the target key stored in the plurality of smart cards 120 to a certain symbol device 110, the user can perform the beacon device 110 in the manner described in the operation behavior table 520 in FIG. The operation is performed to issue a key restore command to the target device 110, so that the beacon device 110 combines the plurality of key segment data stored on the predetermined number of smart cards 120 in a multi-to-one restore mode of the split mode. The target key is restored and the target key is copied to the message-side secure memory 215 in the single-symbol device 110 for storage. In this way, the target key stored in the smart card 120 can be restored to the beacon device 110.

For example, in an embodiment, the user may perform the user card release action M times according to the instruction of the operation behavior mode 521, and then perform the user touch action once, thereby issuing a key restoration instruction to the target device 110. Where M is a positive integer greater than 1 and represents the number of smart cards required to restore the target key. For example, the user may perform the user card release action twice, and then perform the user touch action once to instruct the beacon device 110 to combine the data in the two smart cards 120 provided by the user one after another to restore the target key. For example, the user may perform the user's card-playing action 3 times, and then perform the user's touch-pressing action once to instruct the beacon device 110 to combine the data in the three smart cards 120 provided by the user one after another to restore the target key. .

In another embodiment, the user may perform the user card release action once according to the indication of the operation behavior mode 522, and then perform the user touch action M times, thereby issuing a key restoration instruction to the target device 110, wherein , M is a positive integer greater than 1, and represents the number of smart cards required to restore the target key. For example, the user may perform the user card release action once, and then perform the user touch action twice to instruct the beacon device 110 to combine the data in the two smart cards 120 provided by the user one after another to restore the target key. For example, the user may perform the user card release action once, and then perform the user touch action three times to instruct the beacon device 110 to combine the data in the three smart cards 120 provided by the user one after another to restore the target key. .

In another embodiment, the user may perform the user touch action M times first according to the instruction of the operation behavior 523, and then perform the user card release action once, thereby issuing a key restoration instruction to the target device 110, wherein , M is a positive integer greater than 1, and represents the number of smart cards required to restore the target key.

In another embodiment, the user may perform the user touch action once, and then perform the user card release operation M times according to the indication of the operation behavior 524, thereby issuing a key restoration instruction to the target device 110, wherein , M is a positive integer greater than 1, and represents the number of smart cards required to restore the target key.

During the process of performing the key restoration, the user can replace the smart card accessed by the target device 110 according to the predetermined time interval or the indication information of the information device 110, so that the information device 110 can read multiple wisdoms. The backup data in the card 120 is distributed to restore the target key.

After the foregoing key restoration operation is completed, the plurality of key segment data stored in the plurality of smart cards 120 are restored to the target key and stored in the single symbol device 110.

In FIG. 5, the dotted line between the operational behavior tables 510 and 520 represents a feasible combination between the operational behavior of the user's release key instruction and the operational behavior of the release key instruction.

For example, the user operation behavior described by the operational behavior pattern 511, 512, 515, or 516 of the following key backup instruction may be followed by the user described in the operational behavior aspect 521 or 522 of the key restoration instruction. Operational behaviors are used in conjunction with each other.

For another example, the user operation behavior described by the following operational behavior pattern 513, 514, 517, or 518 of the key-up backup instruction may be described in the following operational behavior pattern 523 or 524 of the key-key restoration instruction. User action behaviors are used in conjunction with each other.

Please note that in the application manners shown in FIG. 3 to FIG. 5, the beacon device 110 used in the key backup process and the beacon device 110 used in the key restoration process may be The same beacon device can also be a different beacon device.

It can be seen from the foregoing description that the user can issue the relevant operation instruction to the target device 110 through the foregoing operation behavior to instruct the target device 110 to perform the corresponding key backup operation or key restoration operation.

On the other hand, the beacon device 110 can recognize the operation command issued by the user according to the user's operation behavior on the beacon device 110. In practice, the beacon device 110 can determine the type of operation indicated by the user according to the order in which the user touches the action and the user releases the card.

For example, in some embodiments, the beacon device 110 may perform a user touch action before the user puts the card action, interpret the user as a key backup operation, and cause the user to perform the card release action. The user operation behavior before the user touches the action is interpreted as the user instructing the beacon device 110 to perform the key restoration operation.

Alternatively, in some embodiments, the beacon device 110 may change the user operation behavior before the user's touch action by the user's card release action, and interpret the user to instruct the beacon device 110 to perform the key backup operation, and The user touch action occurs in the user operation behavior before the user puts the card action, and is interpreted as the user instructing the beacon device 110 to perform the key restoration operation.

In some embodiments, the beacon device 110 may further depend on the number of touches (ie, the number of occurrences of the user's touch action) and the number of times the card is released (ie, the number of occurrences of the user's card-playing action). Determine the relevant operating parameters set by the user, for example, the key backup mode, the key restoration mode, or the total number of smart cards required for the key backup or restore process.

The operation of the key backup using the key backup device 100 will be further described below with reference to FIG. FIG. 6 is a simplified flowchart of a method for backing up a key according to an embodiment of the present invention.

In the flow chart of Fig. 6, the flow located in the area to which a particular device belongs is representative of the flow performed by the particular device. For example, the portion marked in the "biometric detection circuit" region is the flow performed by the biometric detection circuit 115; the portion marked in the "signal end security chip" region is the beacon security chip. The flow performed by 213; the portion marked in the "control circuit" area is the flow performed by the control circuit 217; the rest is analogous. The foregoing logic also applies to subsequent flow charts.

In the embodiment of FIG. 6, the beacon device 110 allows the user to issue an associated key backup command to the beacon device 110 through the foregoing operational behavior to indicate that the beacon device 110 is to be stored in the beacon terminal in a corresponding backup mode. The target key in the memory 215 is backed up to one or more smart cards 120 for storage.

In the process of the user performing the foregoing operations on the key backup device 100, the beacon device 110 performs processes 602, 604, 606, and 608 to recognize the user's operational behavior for the key backup device 100.

In the process 602, the biometric detection circuit 115 detects the user's touch action and reports it to the control circuit 217.

In the process 604, the control circuit 217 records the time of occurrence of each user's touch action according to the notification of the biometric detection circuit 115, and calculates the number of touches.

Since the user may repeatedly touch the biometric detection circuit 115 twice or more, the biometric detection circuit 115 and the control circuit 217 may repeat the processes 602 and 604.

In an embodiment, the control circuit 217 can directly notify the biometric detection circuit 115 of the number of times the user touches the action, and records the number of touches. For example, if the biometric detection circuit 115 reports the user touch action twice to the control circuit 217, the control circuit 217 can record the number of touches twice.

In some embodiments, the control circuit 217 can only incorporate user touch actions occurring within a reasonable period of time into the calculation of the number of touches to reduce the likelihood of misjudging the number of touches. For example, the control circuit 217 can only detect the first user touch action and the first predetermined time period (eg, 3 seconds, 5 seconds, 10 seconds, or 30 seconds, etc.) after the first user touch action occurs. The detected subsequent user touch action is included in the calculation of the number of touches, but the user touch action detected after the first predetermined time period is not included in the calculation of the number of touches.

For example, assume that the aforementioned first predetermined time period is 10 seconds. If the biometric detection circuit 115 reports the user's touch action twice within 10 seconds after the notification control circuit 217 has caused the first user touch action, and reports again after 10 seconds of the first user touch action. When the user touches the action, the control circuit 217 can only include the first user touch action and the two user touch actions detected within 10 seconds after the first user touch action occurs in the calculation of the number of touches. And the user's touch action detected after 10 seconds of the first user's touch action is ignored. In this case, the control circuit 217 in this example can record the number of touches as three times instead of four times.

In the process 606, the smart card access circuit 211 detects the user's card release action and reports it to the control circuit 217.

In the process 608, the control circuit 217 records the time of occurrence of the user's card release action according to the notification of the smart card access circuit 211, and calculates the number of times the card is released.

Since the user may repeatedly put the smart card 120 or other card into the position (or range) that can be detected by the smart card access circuit 211 twice or more, the smart card access circuit 211 and the control circuit 217 Flows 606 and 608 can be repeated.

In an embodiment, the control circuit 217 can directly notify the smart card access circuit 211 of the number of times the user releases the card, and records the number of times the card is played. For example, if the smart card access circuit 211 reports the user card release action twice to the control circuit 217, the control circuit 217 can record the number of times the card is released twice.

In some embodiments, the control circuit 217 can only include the user card release action occurring within a reasonable period of time into the calculation of the number of card release times, so as to reduce the possibility of erroneously determining the number of times the card is played. For example, the control circuit 217 may only detect the first user's card release action and the second predetermined time period (eg, 3 seconds, 5 seconds, 10 seconds, or 30 seconds, etc.) after the first user card release action occurs. The measured subsequent user card release action is included in the calculation of the number of card release times, but the user card release action detected after the second predetermined time period is not included in the calculation of the number of card release times.

For example, assume that the aforementioned second predetermined time period is 20 seconds. If the smart card access circuit 211 reports the user's card release action 3 times within 20 seconds after the notification control circuit 217 causes the first user to release the card, and reports again after 20 seconds of the first user card release action, When the user puts the card release action, the control circuit 217 can only include the first user card release action and the three user card release actions detected within 20 seconds after the first user card release action occurs in the calculation of the number of card release times. And the user's card-playing action detected after 20 seconds of the first user's card-playing action is ignored. In this case, the control circuit 217 in this example can record the number of times of card release as four times instead of five times.

In the actual application, the user may perform the user touch action before performing the user card release action, or may perform the user card release action and then perform the user touch action, so the processes 606 and 608 may occur after the processes 602 and 604. It is also possible to occur before processes 602 and 604.

On the other hand, the beacon device 110 also performs the processes 610 to 620 with the smart card 120 to perform a user identity authentication process, thereby discriminating the authenticity and correctness of the user identity.

In the process 610, the biometric detection circuit 115 detects the biometric characteristics of the user and transmits the detection result to the control circuit 217. In practice, the biometric detection circuit 115 can also perform the process 610 in the process of performing the foregoing process 602.

Alternatively, the control circuit 217 may also issue relevant indication information at a specific time control indicating circuit 117 to prompt the user to press the sensing area of the biometric detecting circuit 115 for the biometric detecting circuit 115 to perform fingerprint scanning.

In the process 612, the control circuit 217 generates the corresponding identity identification data according to the detection result of the biometric detection circuit 115, and transmits the generated identity identification data to the beacon end security chip 213 and the card end security chip 121, respectively. verification.

In the embodiment in which the qualified user identity identification data pre-stored by both the message-side secure memory 215 and the card-end secure memory 223 is the same, the control circuit 217 can transmit the same identity identification data to the target-end security chip 213 and The card end security chip 121 performs verification.

In the embodiment in which the qualified user identity identification data stored by the target end secure memory 215 and the card end secure memory 223 are different, the control circuit 217 transmits the identity identification data to the target end security chip 213 for verification. The identity identification data that can be verified by the card security chip 121 can be different from each other.

For example, the user may sequentially provide different fingerprints (eg, a right-hand index finger and a left-hand index finger fingerprint) to the biometric detection circuit 115 for scanning according to a predetermined order or according to the indication information of the indication circuit 117. In this case, the control circuit 217 can sequentially generate two distinct identity identification data. The control circuit 217 can transmit one of the identity identification data to the target end security chip 213 for verification, and transmit another identity identification data to the card end security chip 121 for verification.

In the process 614, the beacon security chip 213 verifies the identity identification data sent by the control circuit 217 to perform the user identity verification process at the cell end. The target end security chip 213 can use various existing verification methods to compare the identity identification data transmitted from the control circuit 217 with the pre-stored user identification data pre-stored in the message security memory 215.

The identity identification data sent by the control circuit 217 must match the qualified user identity identification data pre-stored in the message-side secure memory 215 to pass the identity authentication procedure of the message-side security chip 213.

If the identity end security chip 213 determines that the identity identification data sent by the control circuit 217 matches the pre-stored user identity identification data pre-stored in the message-side secure memory 215, the cell-side security chip 213 performs the process 616; otherwise, The beacon security chip 213 transmits an identity authentication failure notification to the control circuit 217.

In the process 616, the beacon security chip 213 transmits the identity authentication success notification to the control circuit 217 and agrees to accept the access request from the control circuit 217 to the beacon security memory 215.

In the process 618, the card-end security chip 121 verifies the identity identification data transmitted from the control circuit 217 for the user identity verification process of the smart card end. The card-end security chip 121 can use various existing verification methods to compare the identity identification data transmitted from the control circuit 217 with the pre-stored user identity identification data pre-stored in the card-side secure memory 223.

The identity identification data transmitted from the control circuit 217 must match the qualified user identity identification data pre-stored in the card-side secure memory 223 to pass the identity authentication procedure of the card-end security chip 121.

If the card-end security chip 121 determines that the identity identification data sent by the control circuit 217 matches the qualified user identity identification data pre-stored in the card-end secure memory 223, the card-end security chip 121 performs the process 620; otherwise, the card-side security The wafer 121 transmits an identity authentication failure notification to the control circuit 217.

In the process 620, the card-end security chip 121 transmits the identity authentication success notification to the control circuit 217 and agrees to accept the control circuit 217's access request to the card-side secure memory 223.

In the process 622, the control circuit 217 receives the identity authentication failure notification from the beacon security chip 213 and/or the card security chip 121. In this embodiment, as long as the control circuit 217 receives the identity authentication failure notification sent by one of the beacon security chip 213 and the card security chip 121, the control circuit 217 determines that the current user cannot be backed up by the key. The user identity authentication program of the device 100 refuses to perform subsequent key backup operations.

In the process 624, the control circuit 217 receives the identity authentication success notification from the beacon security chip 213 and/or the card security chip 121.

Only when the identity verification at both ends of the beacon security chip 213 and the card security chip 121 is successful, the control circuit 217 determines that the current user passes the user identity authentication procedure of the key backup device 100, and proceeds to flow 626.

In the process 626, the control circuit 217 can interpret the operation command and related operation parameters issued by the user according to the operation behavior of the user of the information device 110, and perform corresponding correspondence between the message end security chip 213 and the card end security chip 121. The key backup operation works.

As described above, the control circuit 217 can determine whether the type of operation indicated by the user is a key backup operation or a key restoration operation according to the order in which the user touches the action and the user releases the card. In addition, the beacon device 110 can also determine the relevant operational parameters set by the user according to the number of touches and the number of times the card is released, for example, a key backup mode, a key restoration state, or during a key backup or restoration process. The total number of smart cards required, etc.

In practice, the control circuit 217 can compare the occurrence time of the first user's touch action with the time of the first user's card release action to determine the order in which the user touches the action and the user releases the card. Alternatively, the control circuit 217 can compare the occurrence time of the last user touch action and the occurrence time of the last user card release action to determine the order in which the user touch action and the user release action occur.

In the embodiment of FIG. 6, if the control circuit 217 determines the sequence of occurrence of the user's touch action and the user's card release action, the number of touches, and the number of times the card is placed, the operation behavior table 310 in the foregoing FIGS. 3 to 5, When one of the specific operational behaviors described in 410, or 510 is consistent, the control circuit 217 performs a key backup operation corresponding to the particular operational behavior.

For example, if the control circuit 217 determines that the user's operational behavior for the beacon device 110 matches the operational behavior pattern 311 or 312 in the operational behavior table 310 of FIG. 3, the control circuit 217 will be in a simple one-to-one backup mode. The target key in the target security memory 215 is copied to the card-side secure memory 223 in the single smart card 120 for storage. In this example, the control circuit 217 can request the target end security chip 213 to provide the target key stored in the target security memory 215, and transmit the target key provided by the beacon security chip 213 to the smart card. The card-end security chip 121 in 120, and instructs the card-end security chip 121 to write the target key into the card-side secure memory 223 for storage.

In this way, the action of backing up the target key in the beacon device 110 into the single smart card 120 can be completed. Thereafter, the control circuit 217 can control the indication circuit 117 to generate relevant progress indication information to notify the user that the key backup operation has been completed.

For another example, if the control circuit 217 determines that the user's operating behavior for the beacon device 110 matches the operational behavior pattern 413 or 414 in the operational behavior table 410 of FIG. 4, the control circuit 217 will be in a one-to-many backup mode. The target key in the target-side secure memory 215 is copied to the card-side secure memory 223 of the plurality of smart cards 120 for storage. In this example, the control circuit 217 can transmit the target key provided by the beacon security chip 213 to the card security chip 121 in the smart card 120, and instruct the card security chip 121 to write the target key to the card end. The security memory 223 is saved.

Then, the user can replace the smart card accessed by the target device 110 according to the predetermined time interval or the relevant guiding information generated by the indicating circuit 117, so that the control circuit 217 can use the smart card accessing circuit 211 to target the key. The card-side secure memory 223 of the other smart card 120 is successively written.

After the user successively replaces the plurality of smart cards 120 according to the instructions, the target keys in the beacon device 110 have a plurality of identical backup versions stored in the plurality of different smart cards 120, respectively. Thereafter, the control circuit 217 can control the indication circuit 117 to generate relevant progress indication information to notify the user that the key backup operation has been completed.

For another example, if the control circuit 217 determines that the user's operational behavior for the beacon device 110 matches the operational behavior pattern 515 or 516 in the operational behavior table 510 of FIG. 5, the control circuit 217 will be in a pair of split configurations. The multi-backup mode distributes the target key in the target-side secure memory 215 to the card-side secure memory 223 of the plurality of smart cards 120 for storage. In this example, the control circuit 217 can split the target key provided by the beacon security chip 213 into a plurality of key segment data, or split the target key into a plurality of target security chips 213. The key fragment data is then transmitted to the control circuit 217. The control circuit 217 transmits one of the key segment data to the card-end security chip 121 in the smart card 120, and instructs the card-end security chip 121 to write the segment data into the card-side secure memory 223 for storage.

Then, the user can replace the smart card accessed by the target device 110 according to the predetermined time interval or the relevant guiding information generated by the indicating circuit 117, so that the control circuit 217 can use the smart card accessing circuit 211 to access other keys. The clip data is successively written into the card-side secure memory 223 of the other smart card 120.

After the user successively replaces the plurality of smart cards 120 according to the instructions, the target keys in the target device 110 are distributed to the plurality of smart cards 120 for storage in the backup backup mode. Thereafter, the control circuit 217 can control the indication circuit 117 to generate relevant progress indication information to notify the user that the key backup operation has been completed.

Please note that the target end security chip 213 in the foregoing embodiments may first encrypt the target key (or related key segment data) by using various encryption mechanisms pre-agreed with the card end security chip 121, and then encrypt the target key (or related key segment data). The subsequent target key (or associated key segment data) is transmitted to the card end security chip 121 via the control circuit 217 for decryption.

Thereby, the control circuit 217 can be prevented from knowing the real content of the target key during the key backup process, thereby effectively reducing the possibility of leakage of the target key content.

Thereafter, the user may need to restore the target key that has been backed up in one or more smart cards 120 to another beacon device 110 for subsequent use because the original beacon device 110 is faulty or missing. Alternatively, the target key in the original beacon device 110 may also be deleted for various reasons, so that the user needs to restore the target key that has been backed up in one or more smart cards 120 to the original beacon device 110. .

In other words, the beacon device 110 used by the user in the process of performing the key restoration may be another beacon device or may be the original beacon device.

The operation of the key restoration using the key backup apparatus 100 will be further described below with reference to FIG. FIG. 7 is a simplified flowchart of a key reduction method according to an embodiment of the present invention.

In the embodiment of FIG. 7, the beacon device 110 allows the user to issue a relevant key restoration command to the beacon device 110 through the aforementioned operational behavior to instruct the beacon device 110 to store one or more pieces of wisdom in a corresponding restore mode. The target key in the card 120 is restored to the target end secure memory 215 of the single symbol device 110 for storage.

Similarly, in the process of the user operating the key backup device 100, the beacon device 110 performs the processes 602, 604, 606, and 608 in FIG. 7 to recognize the user's operational behavior for the key backup device 100. In addition, the beacon device 110 also performs the processes 610 to 620 with the smart card 120 to perform a user identity authentication process, thereby judging the authenticity and correctness of the user identity.

The foregoing description of the implementation of the flows 602-620 in FIG. 6 and related variations also applies to the embodiment of FIG. Therefore, for the sake of brevity, the relevant details of the flow 602-620 will not be repeated here.

As shown in FIG. 7, the control circuit 217 receives the identity authentication failure notification from the beacon security chip 213 and/or the card security chip 121 in flow 722. In this embodiment, as long as the control circuit 217 receives the identity authentication failure notification sent by one of the beacon security chip 213 and the card security chip 121, the control circuit 217 determines that the current user cannot be backed up by the key. The user identity authentication program of device 100 refuses to perform subsequent key restoration operations.

In the process 624, the control circuit 217 receives the identity authentication success notification from the beacon security chip 213 and/or the card security chip 121.

Only when the identity verification of both the beacon end security chip 213 and the card end security chip 121 is successful, the control circuit 217 determines that the current user passes the user identity authentication procedure of the key backup device 100, and proceeds to flow 726.

In the process 726, the control circuit 217 can interpret the operation command and related operation parameters issued by the user according to the operation behavior of the user of the information device 110, and perform corresponding correspondence between the message end security chip 213 and the card end security chip 121. The key restore operation works.

As described above, the control circuit 217 can determine whether the type of operation indicated by the user is a key backup operation or a key restoration operation according to the order in which the user touches the action and the user releases the card. In addition, the beacon device 110 can also determine the relevant operational parameters set by the user according to the number of touches and the number of times the card is released, for example, a key backup mode, a key restoration state, or during a key backup or restoration process. The total number of smart cards required, etc.

In the embodiment of FIG. 7, if the control circuit 217 determines the sequence of occurrence of the user's touch action and the user's card release action, the number of touches, and the number of times of card release, the operation behavior table 320 in the foregoing FIGS. 3 to 5 or When one of the specific operational behaviors described in 520 is consistent, the control circuit 217 performs a key restoration operation corresponding to the particular operational behavior.

For example, if the control circuit 217 determines that the user's operational behavior for the beacon device 110 matches the operational behavior pattern 321 or 322 in the operational behavior table 320 of FIG. 3, the control circuit 217 will be in a simple one-to-one restore mode. The target key in the single smart card 120 is copied to the target end secure memory 215 in the single symbol device 110 for storage. In this example, the control circuit 217 can request the card-end security chip 121 to provide the target key stored in the card-side secure memory 223, and transmit the target key provided by the card-end security chip 121 to the target-end security chip. 213, and the instruction target end security chip 213 writes the target key into the target end secure memory 215 for storage.

In this way, the action of restoring the target key in the single smart card 120 to the single symbol device 110 can be completed. Thereafter, the control circuit 217 can control the indication circuit 117 to generate relevant progress indication information to notify the user that the key restoration operation has been completed.

For another example, if the control circuit 217 determines that the user's operating behavior for the beacon device 110 matches the operational behavior pattern 323 or 324 in the operational behavior table 320 of FIG. 4, the control circuit 217 also has a simple one-to-one restoration mode. The target key in the single smart card 120 is copied to the target end secure memory 215 in the single symbol device 110 for storage. In this example, the control circuit 217 can request the card-end security chip 121 to provide the target key stored in the card-side secure memory 223, and transmit the target key provided by the card-end security chip 121 to the target-end security chip. 213, and instructing the target end security chip 213 to write the target key into the target end secure memory 215 for saving.

In this way, the action of restoring the target key in the single smart card 120 to the single symbol device 110 can be completed. Thereafter, the control circuit 217 can control the indication circuit 117 to generate relevant progress indication information to notify the user that the key restoration operation has been completed.

For another example, if the control circuit 217 determines that the user's operating behavior for the beacon device 110 matches the operational behavior pattern 521 or 522 in the operational behavior table 520 of FIG. 5, the control circuit 217 will be in pairs of different types. A restore mode combines a plurality of key fragment data dispersed in a predetermined number of smart cards 120 to restore the target key and copy the target key to the target end secure memory 215 in the single symbol device 110. Save it inside. In this example, the control circuit 217 can request the card-end security chip 121 on the first smart card 120 to provide the key piece data stored in the card-side secure memory 223.

Then, the user can replace the smart card accessed by the target device 110 according to the predetermined time interval or the relevant guiding information generated by the indicating circuit 117, so that the control circuit 217 can read other wisdom through the smart card accessing circuit 211. The card-side secure memory 223 of the card 120 is stored in the key piece data.

In some embodiments, the control circuit 217 can restore the target key from the obtained key fragment data and instruct the target end security chip 213 to write the target key into the target end secure memory 215 for saving. .

In some other embodiments, the control circuit 217 can transmit the obtained key segment data to the beacon security chip 213, and instruct the beacon security chip 213 to restore the target key from the key segment data. And writing the target key to the message-side secure memory 215 for saving.

In this way, the plurality of key segment data stored in the plurality of smart cards 120 are re-restored into the target key and stored in the single symbol device 110. Thereafter, the control circuit 217 can control the indication circuit 117 to generate relevant progress indication information to notify the user that the key restoration operation has been completed.

Please note that the card-end security chip 121 in the foregoing embodiments may first encrypt the target key (or related key segment data) by using various encryption mechanisms pre-agreed with the target-end security chip 213, and then encrypt the target key (or related key segment data). The subsequent target key (or associated key segment data) is transmitted to the target end security chip 213 via the control circuit 217 for decryption.

Thereby, the control circuit 217 can be prevented from knowing the real content of the target key during the key restoration process, thereby effectively reducing the possibility of leakage of the target key content.

It can be seen from the foregoing description that the beacon device 110 and the security chip at both ends of the smart card 120 perform the user identity verification procedure before the target device 110 performs the key backup operation or the key restoration operation. As long as the identity verification program of one of the symbol device 110 and the smart card 120 fails, the user cannot pass the identity authentication program, thereby effectively preventing others from performing an unauthorized key backup operation or key restoration operation.

The foregoing target key and the qualified user identity identification data are stored in the secure memory of the security chip, so the storage security of the target key and the qualified user identity identification data can be improved, and the hacker can also reduce the hacker by invading the beacon. The device 110 or the smart card 120 steals the possibility of the target key and the appropriate user identity identification data.

The aforementioned beacon device 110 allows the user to use the sequence of occurrences of both the user's touch action and the user's card release action to issue relevant operational commands to control the mode of operation to be performed by the beacon device 110. In addition, the beacon device 110 also allows the user to set the relevant operating parameters of the beacon device 110 by controlling the number of touches and the number of times the card is played.

The user control mode of the above-mentioned beacon device 110 is not only simple and intuitive, but also does not need to set a conventional command input device such as a command button, a keyboard, or a touch panel for the beacon device 110, so that the circuit complexity of the beacon device 110 can be effectively reduced. With weight.

Moreover, in the process of the key device 110 performing the key backup or key restoration operation, the beacon device 110 operates completely independently without the user using other devices such as a computer, a mobile phone, or a mobile device to manipulate the beacon device. The operation of 110. Therefore, the control circuit 217 of the beacon device 110 is not controlled by other devices during the aforementioned key backup or key restoration operation. In this way, the hacker or other malicious person does not have the opportunity to steal the content of the target key by means of the intrusion control circuit 217 during the aforementioned key backup or key restoration operation.

Please refer to FIG. 8 , which is a simplified functional block diagram of a key backup system 800 according to an embodiment of the invention. As shown in FIG. 8, the key backup system 800 includes the aforementioned symbol device 110, one or more smart cards 120, and a host device 830. The key backup system 800 is configured to enable the user to instruct the target device 110 to perform a key backup operation or a key restoration operation with the one or more smart cards 120 through the host device 830.

The connection relationship and the implementation manners of the other components in the above-mentioned FIG. 1 and FIG. 2 are applicable to the embodiment of FIG. 8. However, the operation mode of the beacon device 110 in the embodiment of FIG. 1 is partially different from the beacon device 110 of FIG.

For example, in the embodiment of FIG. 8, the transmission interface 113 of the beacon device 110 is configured to receive power required for operation of the beacon device 110 from the host device 830, and can perform data communication with the host device 830. Receiving a master authentication data transmitted from the host device 830.

In practice, the host device 830 can be implemented by various desktop devices such as a desktop computer, a notebook computer, a tablet computer, and a mobile phone that can communicate with the information device 110.

In addition, the control circuit 217 in FIG. 8 is configured to generate related identity identification data including the master authentication data, and transmit the generated identity identification data to the target security chip 213 and the card security chip on the smart card 120, respectively. 121 for identity verification.

In the key backup system 800, if the identity verification at both ends of the target security chip 213 and the card security chip 121 is successful, the control circuit 217 of the beacon device 110 will be in the cell according to the indication of the host device 830. The corresponding security key or the key restoration operation is performed between the end security chip 213 and the card end security chip 121.

The operation of the key backup using the key backup system 800 will be further described below with reference to FIG. FIG. 9 is a simplified flowchart of a method for backing up a key according to another embodiment of the present invention.

In the embodiment of FIG. 9, the user can send the relevant key backup command and backup parameters to the target device 110 through the host device 830 to indicate that the target device 110 is to be stored in the target end in the corresponding backup mode. The target key in the memory 215 is backed up to one or more smart cards 120 for storage.

In practice, the host device 830 can provide an associated user operation interface for the user to issue the aforementioned key backup command and set related backup parameters.

Before performing the key backup operation, the key backup system 800 performs processes 902 to 914 to perform a user identity authentication process, thereby discriminating the authenticity and correctness of the user identity.

In the process 902, the master device 830 transmits a master authentication material to the target device 110.

In an embodiment, the master device 830 can use various existing mechanisms to actively generate identification data for verifying the authenticity of the host device 830 as the master authentication data, and transmit the message in the process 902. Target device 110. For example, the master device 830 can use its own private key to electronically sign a specific data to generate a corresponding signature value as the master authentication data. For another example, the master device 830 can generate a password or an identification code corresponding to the current time point as a master authentication data by using a suitable algorithm.

In another embodiment, the master device 830 may passively generate identification data for verifying the authenticity of the identity of the master device 830 after receiving the request from the message device 110 or the smart card 120. The terminal authenticates the data and transmits it to the beacon device 110 in flow 902. For example, the master device 830 can utilize various suitable challenge response algorithms to generate a response value corresponding to the request of the beacon device 110 or the smart card 120 as the master authentication data. For another example, the master device 830 can use the appropriate algorithm to generate a password or an identification code corresponding to the current time point as the master authentication data after receiving the request from the target device 110 or the smart card 120. .

In the process 904, the control circuit 217 of the beacon device 110 receives the host authentication data transmitted from the host device 830 through the transmission interface 113.

In flow 906, control circuitry 217 generates identity identification data including the master authentication material.

In practice, the master device 830 can require the user to provide information identifying the user's identity for the control circuit 217 to perform the foregoing process 906.

For example, in an embodiment, the master device 830 may require the user to input a set of passwords through the input interface of the master device 830 and transmit the password entered by the user to the control circuit 217. In this example, the control circuit 217 can combine or encode the master authentication data and the password input by the user in various manners to generate an identity identification data, such that the identity identification data includes the authentication information of the host and the password input by the user. .

For another example, in another embodiment, the master device 830 can require the user to press the biometric detection circuit 115 of the beacon device 110. At this time, the biometric detection circuit 115 scans the user fingerprint and transmits the detection result to the control circuit 217, and the control circuit 217 generates the fingerprint data corresponding to the detection result of the biometric detection circuit 115. In this example, the control circuit 217 can combine or encode the master authentication data and the fingerprint data in various manners to generate an identity identification data, so that the identity identification data includes the host authentication data and the user's fingerprint data. .

For another example, in another embodiment, the host device 830 can utilize other biometric capture circuits (eg, an iris scanner, a palm print scanner, a face scanner, etc.) to obtain biometric data of the user, and The acquired biometric data is transmitted to the control circuit 217. In this example, the control circuit 217 can combine the master authentication data and the foregoing biometric data in various manners to generate an identity identification data, so that the identity identification data includes the host authentication data and the biometric corresponding to the user. Characteristic data.

In addition, the control circuit 217 also transmits the generated identity identification data to the beacon end security chip 213 and the card end security chip 121 for verification.

In the key backup system 800, the message-side secure memory 215 and the card-side secure memory 223 are pre-stored with appropriate user identity identification data that can verify the correctness of the identity identification data. In some embodiments, the message-side secure memory 215 and the card-side secure memory 223 also pre-store the public key of the master device 830.

In practice, both the message-side secure memory 215 and the card-end secure memory 223 can store the same qualified user identity identification data, and can also store different identity identification data of the same eligible user.

For example, in some embodiments, the qualified user identity identification data stored in the message-side secure memory 215 is a combination of the first-party password corresponding to the authentication data of the host and the user, and the card-side security memory. The qualified user identity identification data stored in the body 223 is a combination corresponding to the master authentication material and the second group password input by the user.

For another example, in some embodiments, the qualified user identity identification data stored in the target security storage device 215 is corresponding to the authentication information of the host and a certain biometric feature of the eligible user (eg, the right index finger fingerprint). The combination of the user identity identification data stored in the card-end secure memory 223 is a combination of another biometric feature (eg, a left-hand index finger fingerprint) corresponding to the host authentication material and the eligible user.

In the embodiment in which the qualified user identity identification data pre-stored by both the message-side secure memory 215 and the card-end secure memory 223 is the same, the control circuit 217 can transmit the same identity identification data to the target-end security chip 213 and The card end security chip 121 performs verification.

In the embodiment in which the qualified user identity identification data stored by the target end secure memory 215 and the card end secure memory 223 are different, the control circuit 217 transmits the identity identification data to the target end security chip 213 for verification. The identity identification data that can be verified by the card security chip 121 can be different from each other.

For example, the user may sequentially provide different fingerprints (eg, right-hand index finger and left-hand index finger fingerprint) to the biometric detection circuit 115 for scanning in the order indicated by the host device 830. In this case, the control circuit 217 can sequentially generate two distinct identity identification data. The control circuit 217 can transmit one of the identity identification data to the target end security chip 213 for verification, and transmit another identity identification data to the card end security chip 121 for verification.

In the process 908, the beacon security chip 213 verifies the identity identification data sent by the control circuit 217 to perform the user identity verification process at the cell end. The target end security chip 213 can use various existing verification methods to compare the identity identification data transmitted from the control circuit 217 with the pre-stored user identification data pre-stored in the message security memory 215.

The identity identification data sent by the control circuit 217 must match the qualified user identity identification data pre-stored in the message-side secure memory 215 to pass the identity authentication procedure of the message-side security chip 213.

If the identity end security chip 213 determines that the identity identification data sent by the control circuit 217 matches the pre-stored user identity identification data pre-stored in the target security memory 215, the beacon security chip 213 performs the process 910; otherwise, The beacon security chip 213 transmits an identity authentication failure notification to the control circuit 217.

In the process 910, the beacon security chip 213 transmits the identity authentication success notification to the control circuit 217, and agrees to accept the access request from the control circuit 217 to the beacon security memory 215.

In the process 912, the card end security chip 121 verifies the identity identification data transmitted from the control circuit 217 to perform the user identity verification procedure of the smart card end. The card-end security chip 121 can use various existing verification methods to compare the identity identification data transmitted from the control circuit 217 with the pre-stored user identity identification data pre-stored in the card-side secure memory 223.

The identity identification data transmitted from the control circuit 217 must match the qualified user identity identification data pre-stored in the card-side secure memory 223 to pass the identity authentication procedure of the card-end security chip 121.

If the card-end security chip 121 determines that the identity identification data sent from the control circuit 217 matches the qualified user identity identification data pre-stored in the card-end secure memory 223, the card-end security chip 121 performs the process 914; otherwise, the card-side security The wafer 121 transmits an identity authentication failure notification to the control circuit 217.

In the process 914, the card-end security chip 121 transmits an identity authentication success notification to the control circuit 217 and agrees to accept the control circuit 217's access request to the card-side secure memory 223.

In the process 916, the control circuit 217 receives the identity authentication failure notification from the beacon security chip 213 and/or the card security chip 121. In this embodiment, as long as the control circuit 217 receives the identity authentication failure notification sent by one of the beacon security chip 213 and the card security chip 121, the control circuit 217 rejects the subsequent key backup operation. This result is reported to the master device 830.

In the process 918, the control circuit 217 receives the identity authentication success notification from the beacon security chip 213 and/or the card security chip 121.

Only if the identity verification at both ends of the beacon security chip 213 and the card security chip 121 is successful, the control circuit 217 determines that the current user passes the user identity authentication procedure of the key backup system 800, and proceeds to process 920.

In the process 920, the control circuit 217 reports the result of the user identity authentication procedure by the user through the beacon device 110 and the smart card 120 to the master device 830.

In the process 922, the master device 830 can transmit the key backup command set by the user and the related backup parameters to the target device 110.

In the process 924, the control circuit 217 of the beacon device 110 receives the key backup command and associated backup parameters from the host device 830.

In the process 926, the control circuit 217 can perform a corresponding key backup operation between the target security chip 213 and the card security chip 121 according to the key backup command and the related backup parameters transmitted from the host device 830. .

For example, in the case that the master device 830 instructs the beacon device 110 to perform a simple one-to-one backup operation, the control circuit 217 can request the beacon security chip 213 to provide the target gold stored in the target security memory 215. Key, and the target key provided by the beacon security chip 213 is transmitted to the card security chip 121 in the smart card 120, and the card security chip 121 is instructed to write the target key into the card security memory 223. save.

In this way, the action of backing up the target key in the single symbol device 110 into the single smart card 120 can be completed.

For another example, in a case where the master device 830 instructs the beacon device 110 to perform a simple one-to-many backup operation, the control circuit 217 can transmit the target key provided by the beacon security chip 213 to the smart card 120. The card-end security chip 121 instructs the card-end security chip 121 to write the target key into the card-side secure memory 223 for storage.

Then, the user can replace the smart card accessed by the target device 110 according to the instruction of the host device 830 or the related guidance information generated by the indication circuit 117, so that the control circuit 217 can pass the smart card access circuit 211. The target key is successively written into the card-side secure memory 223 of the other smart card 120.

After the user successively replaces the plurality of smart cards 120 according to the instructions, the target keys in the beacon device 110 have a plurality of identical backup versions stored in the plurality of different smart cards 120, respectively.

For example, in a case where the master device 830 instructs the beacon device 110 to perform a one-to-many backup operation of the split type, the control circuit 217 can split the target key provided by the beacon security chip 213 into plural numbers. The key segment data is separated from the target key by the target end security chip 213 into a plurality of key segment data and then transmitted to the control circuit 217. The control circuit 217 transmits one of the key segment data to the card-end security chip 121 in the smart card 120, and instructs the card-end security chip 121 to write the segment data into the card-side secure memory 223 for storage.

Then, the user can replace the smart card accessed by the target device 110 according to the instruction of the host device 830 or the related guidance information generated by the indication circuit 117, so that the control circuit 217 can pass the smart card access circuit 211. The other key segment data is successively written into the card-side secure memory 223 of the other smart card 120.

After the user successively replaces the plurality of smart cards 120 according to the instructions, the target keys in the target device 110 are distributed to the plurality of smart cards 120 for storage in the backup backup mode.

Please note that the target end security chip 213 in the foregoing embodiments may first encrypt the target key (or related key segment data) by using various encryption mechanisms pre-agreed with the card end security chip 121, and then encrypt the target key (or related key segment data). The subsequent target key (or associated key segment data) is transmitted to the card end security chip 121 via the control circuit 217 for decryption.

Thereby, the control circuit 217 can be prevented from knowing the real content of the target key during the key backup process, thereby effectively reducing the possibility of the malicious person stealing the target key by invading the master device 830 or the control circuit 217.

Thereafter, the user may need to restore the target key that has been backed up in one or more smart cards 120 to another beacon device 110 for subsequent use because the original beacon device 110 is faulty or missing. Alternatively, the target key in the original beacon device 110 may also be deleted for various reasons, so that the user needs to restore the target key that has been backed up in one or more smart cards 120 to the original beacon device 110. .

In other words, the beacon device 110 used by the user in the process of performing the key restoration may be another beacon device or may be the original beacon device.

The operation of the key restoration using the key backup system 800 will be further described below with reference to FIG. FIG. 10 is a simplified flowchart of a method for reducing a key according to another embodiment of the present invention.

In the embodiment of FIG. 10, the user can issue the relevant key restoration command and the restoration parameter to the target device 110 through the host device 830 to instruct the target device 110 to store one or more wisdoms in the corresponding restoration mode. The target key in the card 120 is restored to the target end secure memory 215 of the single symbol device 110 for storage.

Similarly, the host device 830 can provide an associated user operation interface for the user to release the aforementioned key restoration command and set the relevant restore parameters.

Before performing the key restoration operation, the key backup system 800 also performs the processes 902 to 914 in FIG. 10 to perform the user identity authentication process, thereby discriminating the authenticity and correctness of the user identity.

The foregoing description of the implementations and related variations of flows 902 through 914 in FIG. 9 also applies to the embodiment of FIG. Therefore, for the sake of brevity, the relevant details of the flow 902 to 914 will not be repeated here.

As shown in FIG. 10, the control circuit 217 receives the identity authentication failure notification from the beacon security chip 213 and/or the card security chip 121 in the process 1016. In this embodiment, as long as the control circuit 217 receives the identity authentication failure notification sent by one of the beacon security chip 213 and the card security chip 121, the control circuit 217 rejects the subsequent key restoration operation. This result is reported to the master device 830.

In the process 918, the control circuit 217 receives the identity authentication success notification from the beacon security chip 213 and/or the card security chip 121.

Only if the identity verification at both ends of the beacon security chip 213 and the card security chip 121 is successful, the control circuit 217 determines that the current user passes the user identity authentication procedure of the key backup system 800, and proceeds to process 920.

In the process 920, the control circuit 217 reports the result of the user identity authentication procedure by the user through the beacon device 110 and the smart card 120 to the master device 830.

In the process 1022, the master device 830 can transmit the key reset command set by the user and the associated restore parameter to the target device 110.

In the process 1024, the control circuit 217 of the beacon device 110 receives the key restoration command and the associated restoration parameters transmitted from the host device 830.

In the process 1026, the control circuit 217 can perform the corresponding key restoration operation between the target security chip 213 and the card security chip 121 according to the key restoration command and the related restoration parameter transmitted from the host device 830. .

For example, in the case that the master device 830 instructs the beacon device 110 to perform a simple one-to-one reduction operation, the control circuit 217 may request the card-end security chip 121 to provide the target key stored in the card-end secure memory 223. The target key provided by the card-end security chip 121 is transmitted to the target-end security chip 213, and the target-side security chip 213 is instructed to write the target key into the target-side secure memory 215 for storage.

In this way, the action of restoring the target key in the single smart card 120 to the single symbol device 110 can be completed.

For another example, in a case where the master device 830 instructs the beacon device 110 to perform a multi-to-one restoration operation of the split type, the control circuit 217 may request the card end security chip 121 on the first smart card 120 to provide card end security. The key fragment data stored in the memory 223.

Then, the user can replace the smart card accessed by the target device 110 according to the instruction of the host device 830 or the related guidance information generated by the indication circuit 117, so that the control circuit 217 can pass the smart card access circuit 211. The key piece data stored in the card-side secure memory 223 of the other smart card 120 is read.

In some embodiments, the control circuit 217 can restore the target key from the obtained key fragment data and instruct the target end security chip 213 to write the target key into the target end secure memory 215 for saving. .

In some other embodiments, the control circuit 217 can transmit the obtained key segment data to the beacon security chip 213, and instruct the beacon security chip 213 to restore the target key from the key segment data. And writing the target key to the message-side secure memory 215 for saving.

In this way, the plurality of key segment data stored in the plurality of smart cards 120 are re-restored into the target key and stored in the single symbol device 110.

Please note that the card-end security chip 121 in the foregoing embodiments may first encrypt the target key (or related key segment data) by using various encryption mechanisms pre-agreed with the target-end security chip 213, and then encrypt the target key (or related key segment data). The subsequent target key (or associated key segment data) is transmitted to the target end security chip 213 via the control circuit 217 for decryption.

Thereby, the control circuit 217 can be prevented from knowing the real content of the target key during the key restoration process, thereby effectively reducing the possibility of the malicious person stealing the target key by invading the master device 830 or the control circuit 217.

It can be seen from the foregoing description that the biometric detection circuit 115 in the embodiment of FIG. 8 does not need to detect the user touch action, and the smart card access circuit 211 does not need to detect the aforementioned user card release action. In addition, the control circuit 217 in FIG. 8 does not need to record the occurrence time and the number of occurrences of the user's touch operation, and it is not necessary to record the occurrence time and the number of occurrences of the user's card-playing operation.

It can be seen from the foregoing description that the beacon device 110 and the security chip at both ends of the smart card 120 perform the user identity verification procedure before the target device 110 performs the key backup operation or the key restoration operation. As long as the identity verification program of one of the symbol device 110 and the smart card 120 fails, the user cannot pass the identity authentication program, thereby effectively preventing others from performing an unauthorized key backup operation or key restoration operation.

The aforementioned target key and the appropriate user identity identification data are stored in the secure memory of the security chip, so the storage security of the target key and the appropriate user identity identification data can be improved, and the hacker can also reduce the security of the hacker. The end device 830, the beacon device 110, or the smart card 120 steals the possibility of the target key and the qualified user identity identification data.

In addition, in the key backup system 800, the identity identification data generated by the control circuit 217 of the beacon device 110 must include the host authentication information provided by the host device 830, and the opportunity is passed through the beacon device 110 and the wisdom. User identity verification procedures at both ends of the card 120. In other words, in the absence of the master authentication material, the user cannot verify the program through the user identity authentication device 110 and the smart card 120.

From another point of view, the foregoing identity verification program used by the key backup system 800 is equivalent to setting an additional limit on the backup or restore operation of the target key, that is, the backup or restore action of the target key is limited. The process can only be performed at the location where the master device 830 is located, and must be performed by a person having access to the master device 830.

In this way, the institution or enterprise to which the master device 830 belongs can effectively reduce the risk of illegally copying or stealing various keys owned by the institution or enterprise as long as the access authority of the control host device 830 is strengthened. .

It should be noted that the foregoing flow execution sequence in FIGS. 9 and 10 is merely an exemplary embodiment and is not intended to limit the actual implementation of the present invention. For example, flow 922 in FIG. 9 can be performed concurrently with process 902, or flow 922 and 924 can be adjusted prior to process 902.

For another example, the process 1022 in FIG. 10 can be performed concurrently with the process 902, or the processes 1022 and 1024 can be adjusted prior to the process 902.

In addition, the circuit architecture of the beacon device 110 in the foregoing embodiments is merely an exemplary embodiment, and is not intended to limit the actual implementation of the present invention.

For example, the location, size, and/or number of the transmission interface 113 in the aforementioned beacon device 110 can be adjusted according to the needs of the actual application.

The position, number, and/or detection mechanism of the biometric detection circuit 115 in the aforementioned beacon device 110 can also be adjusted according to the needs of the actual application. For example, in the embodiment where the biometric detection circuit 115 is used to detect the user's electrocardiogram, at least two biometric detection circuits 115 are disposed in the beacon device 110. When the user touches the two biometric detection circuits 115 with the body parts on both sides of the heart, the two biometric detection circuits 115 can be used to measure the user's heart. electric signal.

In practice, the indication circuit 117 in the signal device 110 may be omitted. At this time, the user may estimate the correlation of the target device 110 according to the operation manual of the information device 110 or other guidance documents. Operational progress.

In addition, the position of the card slot 119 in the beacon device 110 can be adjusted according to the needs of the actual circuit design. In some embodiments in which the smart card access circuit 211 is implemented in an inductive or non-contact circuit architecture, the card slot 119 may even be omitted.

In the foregoing embodiments of FIG. 6 and FIG. 7 , the control circuit 217 in the beacon device 110 may be modified to recognize the operation type indicated by the user according to the order of occurrence of the user's touch action and the user's card release action. The flow of recording the number of touches and the number of times of card release is omitted to simplify the judgment complexity of the control circuit 217 and the amount of calculation required.

In some embodiments, the beacon device 110 can also omit the transmission interface 113 and use a built-in miniature battery to provide the power required to operate the internal components of the beacon device 110.

In addition, in some embodiments, the biometric detection circuit 115 in FIG. 8 described above may also be omitted.

Certain terms are used throughout the description and claims to refer to particular elements, and those skilled in the art may refer to the same elements. This specification and the scope of the patent application do not use the difference in the name as the means for distinguishing the elements, but the difference in function of the elements as the basis for the distinction. The term "including" as used in the specification and the scope of the patent application is an open term and should be interpreted as "including but not limited to". In addition, the term "coupled" is used herein to include any direct and indirect means of attachment. Therefore, if the first element is described as being coupled to the second element, the first element may be directly connected to the second element by electrical connection or by wireless transmission, optical transmission, or the like, or by other elements or connections. The means is indirectly electrically or signally connected to the second component.

The description of "and/or" used in the specification includes any one of the listed items or any combination of items. In addition, the terms of any singular are intended to include the meaning of the plural, unless otherwise specified in the specification.

The above are only the preferred embodiments of the present invention, and equivalent changes and modifications made to the claims of the present invention are intended to be within the scope of the present invention.

100‧‧‧key backup device (cryptography key backup device)

110‧‧‧token device

111‧‧‧Housing

113‧‧‧Transmission interface

115‧‧‧physical characteristic detecting circuit

117‧‧‧indication circuit

119‧‧‧card slot

120‧‧‧Smart card

121‧‧‧on-card secure chip

211‧‧‧ smart card accessing circuit

213‧‧‧on-token secure chip

215‧‧‧on-token secure memory

217‧‧‧control circuit

219‧‧‧storage circuit

223‧‧‧on-card secure memory

310, 320, 410, 510, 520‧‧‧ user behavior table

311～314, 321～324, 411～414, 511～518, 521～524‧‧‧user behavior pattern

602-626, 722, 726, 902-926, 1016, 1022~1026‧‧‧ operation process

800‧‧‧key backup system (cryptography key backup system)

830‧‧‧Host device (host device)

FIG. 1 is a simplified schematic diagram of a key backup device according to an embodiment of the present invention.

FIG. 2 is a simplified functional block diagram of the key backup device of FIG. 1. FIG.

FIG. 3 is a simplified schematic diagram of a first application aspect of the key backup device of FIG. 1. FIG.

4 is a simplified schematic diagram of a second application aspect of the key backup device of FIG. 1.

FIG. 5 is a simplified schematic diagram of a third application aspect of the key backup device of FIG. 1. FIG.

FIG. 6 is a simplified flowchart of a method for backing up a key according to an embodiment of the present invention.

FIG. 7 is a simplified flowchart of a method for reducing a key according to an embodiment of the present invention.

FIG. 8 is a simplified functional block diagram of a key backup system according to an embodiment of the present invention.

FIG. 9 is a simplified flowchart of a method for backing up a key according to another embodiment of the present invention.

FIG. 10 is a simplified flowchart of a method for reducing a key according to another embodiment of the present invention.

Claims (26)

A beacon device (110) for use in a key backup device (100), comprising: a transmission interface (113) configured to receive power required for operation of the beacon device (110) from an external device; a biometric detection circuit (115) configured to detect a user's touch action and a biometric feature of the user; a smart card access circuit (211) configured to detect a user's card release action and to access the set a card-side security chip (121) on a smart card (120), wherein the card-end security chip (121) has a card-side security memory (223) built therein; a message-end security chip (213), a signal security memory (215) is provided; and a control circuit (217) is coupled to the transmission interface (113), the biometric detection circuit (115), the smart card access circuit (211), And the identifier end security chip (213) is configured to generate one or more identity identification data corresponding to the detection result of the biometric detection circuit (115), and transmit a first identity identification data to the identifier end The security chip (213) performs identity verification and transmits a second identity identification material to the card end security chip (121) The identity verification is performed; wherein if the identity verification of both the beacon security chip (213) and the card security chip (121) is successful, the control circuit (217) will be at the beacon security chip (213). A corresponding key backup operation or key restoration operation is performed between the card end security chip (121). The beacon device (110) of claim 1, wherein if the identity verification of both the beacon end security chip (213) and the card end security chip (121) is successful, the control circuit (217) According to the user's touch action and the order of the user's card release action, a corresponding key backup operation or key restoration operation is performed between the target end security chip (213) and the card end security chip (121). The beacon device (110) of claim 2, wherein the target end secure memory (215) is pre-stored with a target key, if the beacon security chip (213) and the card end security chip ( 121) the identity verification of both ends is successful, and the user touch action occurs before the user puts the card action, then the target end security chip (213) transmits the target key to the control circuit (217), and The control circuit (217) transmits the target key to the card-side security chip (121), so that the card-end security chip (121) stores the target key in the card-side secure memory (223). To perform a key backup operation. The symbol device (110) of claim 3, wherein the first identity identification material is the same as the second identity identification material. The symbol device (110) of claim 3, wherein the first identity identification material is different from the second identity identification material. The symbol device (110) of claim 2, wherein the card-side secure memory (223) is pre-stored with a target key, if the target-end security chip (213) and the card-end security chip (121) The identity verification at both ends is successful, and the user's card release action occurs before the user touches the action, then the card-side security chip (121) transmits the target key to the control circuit (217), and the control The circuit (217) transmits the target key to the beacon security chip (213), so that the beacon security chip (213) stores the target key in the beacon security memory (215). To perform a key restore operation. The symbol device (110) of claim 6, wherein the first identity identification material is the same as the second identity identification material. The symbol device (110) of claim 6, wherein the first identity identification material is different from the second identity identification material. The beacon device (110) of claim 2, wherein the target end secure memory (215) is pre-stored with a target key, if the beacon security chip (213) and the card end security chip ( 121) If the identity verification of both ends is successful, and the user release action occurs before the user touches the action, the target security chip (213) transmits the target key to the control circuit (217), and The control circuit (217) transmits the target key to the card-side security chip (121), so that the card-end security chip (121) stores the target key in the card-side secure memory (223). To perform a key backup operation. The symbol device (110) of claim 9, wherein the first identity identification material is the same as the second identity identification material. The symbol device (110) of claim 9, wherein the first identity identification material is different from the second identity identification material. The symbol device (110) of claim 2, wherein the card-side secure memory (223) is pre-stored with a target key, if the target-end security chip (213) and the card-end security chip (121) The identity verification of both ends is successful, and the user touch action occurs before the user puts the card action, then the card end security chip (121) transmits the target key to the control circuit (217), and the control The circuit (217) transmits the target key to the beacon security chip (213), so that the beacon security chip (213) stores the target key in the beacon security memory (215). To perform a key restore operation. The symbol device (110) of claim 12, wherein the first identity identification material is the same as the second identity identification material. The symbol device (110) of claim 12, wherein the first identity identification material is different from the second identity identification material. The device (110) of claim 1, wherein the biometric detection circuit (115) is configured to notify the control circuit (217) that a user touch action occurs each time it is touched. The smart card access circuit (211) is configured to be each time the smart card (120) or other card is detected to be placed or moved to a position detectable by the smart card access circuit (211). The control circuit (217) is notified that a user card release action has occurred. The symbol device (110) of claim 1, wherein the control circuit (217) is further configured to determine the gold in accordance with an occurrence of the user's touch action or an occurrence of the user's card release action. The number of smart cards required for key backup operations or for the key restore operation. The beacon device (110) according to any one of claims 1 to 16, further comprising: an indicating circuit (117) coupled to the control circuit (217), configured to be in accordance with the control circuit (217) The control generates an indication message for representing the progress of the related operation, or generates indication information for guiding the user to change the smart card accessed by the smart card access circuit (211). A beacon device (110) for use in a key backup system (800), comprising: a transmission interface (113) configured to be associated with a host device (830) in the key backup system (800) Carrying out data communication and receiving a master authentication data transmitted from the host device (830); a smart card access circuit (211) configured to access a set on a smart card (120) The card end security chip (121), wherein the card end security chip (121) has a card end security memory (223) built therein; a message end security chip (213) has a built-in tag end security memory ( 215); and a control circuit (217) coupled to the transmission interface (113), the smart card access circuit (211), and the beacon security chip (213), configured to generate the host One or more identity identification data of the authentication data, transmitting a first identity identification data to the identity end security chip (213) for identity verification, and transmitting a second identity identification data to the card security chip (121) Identity verification; wherein, if the identity end security chip (213) and the card end security chip (121) are verified at both ends If successful, the control circuit (217) performs a corresponding key backup between the target security chip (213) and the card security chip (121) according to the indication of the host device (830). Operation or key restoration operation. The beacon device (110) of claim 18, wherein the first identity identification material is the same as the second identity identification material. The symbol device (110) of claim 19, wherein the first identity identification data and the second identity identification material both include the master authentication material and a set of passwords input by the user. The beacon device (110) of claim 19, wherein the first identity identification data and the second identity identification material both include the master authentication material and a biometric data corresponding to the user. The beacon device (110) of claim 19, further comprising: a biometric detection circuit (115) coupled to the control circuit (217), configured to detect a biometric feature of the user; wherein The control circuit (217) is further configured to generate a biometric data corresponding to the detection result of the biometric detection circuit (115), and the first identity identification data and the second identity identification data both comprise the main control end Certification data and the biometric data. The symbol device (110) of claim 18, wherein the first identity identification material is different from the second identity identification material. The symbol device (110) of claim 23, wherein the first identity identification material includes the master authentication material and a first group of passwords input by the user, and the second identity identification material includes the master The terminal authentication data and a second group of passwords entered by the user. The symbol device (110) of claim 23, wherein the first identity identification data includes the master authentication material and a first biometric data corresponding to the user, and the second identity identification material includes the The master authentication data and a second biometric data corresponding to the user. The beacon device (110) of claim 23, further comprising: a biometric detection circuit (115) coupled to the control circuit (217), configured to detect a biometric feature of the user; wherein The control circuit (217) is further configured to generate a first biometric data corresponding to the detection result of the biometric detection circuit (115) and a second biometric data different from the first biometric data, the first The identity identification data includes the master authentication data and the first biometric data, and the second identity identification data includes the master authentication data and the second biometric data.