捌、新型說明: 【新型所屬之技術領域】 本創作疋有關於一種切®丄K ., 種。心5且裝置,尤指—種可使該認證 裝置達I]又向保濩機制、動態密 唯-碼儲存以及加、解密魅仿一使用者貝efl和 功效 鮮在私序依時間加亂碼因子改變等 【先前技術】 按般習用者如中華民國專利公報,公告第420則 號之「設有可攜帶式電子鑰匙之電腦系統」,包含有: 一記憶體,用來儲存程式或檔案; -處理器,用來執行或處理該記憶體中之程式或檀 案; 一加/解密程式,用來對一程式或檔案進行加密或 解密; 一鑰匙埠;以及 一電子鑰匙(electronic key),以可插拔的方式連 接於該鑰匙埠,其包含有一可程式記憶體,用來儲 存密碼; 其中當一使用者欲對一程式或檔案進行加密時,該 加/解密程式會依據一密碼對該程式或檔案進行加密並 將該密碼存入該鑰匙之記憶體中,而當該使用者欲對一 程式或檔案進行解密時’該加/解密程式會自該鍮匙之 M254015 記憶體中找尋一相對應之密碼,若該密碼存在且為一正 確之密碼,則該加/解密程式會對該程式或檔案進行解 密。 又另一習用如公告第480435號之「I C智慧卡安全 系統」,其中包含: 一安裝於電腦内,用於儲存辨識資料 (authenticating data)之互補金屬氧半導體記憶體 (CMOS memory); 一用於儲存備份密碼之備份媒體;以及 一種裝置,用於處理(processing)上述互補金屬氧 半導體記憶體中之上述辨識資料、上述1C智慧卡中 之上述密碼,以及上述備份媒體中之上述備份密 碼;其中電腦於確認備份密碼與辨識資料一致後得 以啟勤。 雖然上述之習用均可達到加密及解密之功能,但是 由於其加、解密程序係為固定之模式並無法隨機改變, 且其於作加、解密時僅具有單向保護機制,又該設定之 密碼無法作動態之改變;故,以一般之習用者並無法符 合使用者之所需。 【新型内容】 因此,本創作之主要目的係在於,可藉金鑰識別主 控端設備是否具合法應用軟體,亦可藉由主控端設備應 M254015 用軟體識別是否具合法金鑰, 本創作之[目㈣在於向料機制之功效。 金錄=錄端對主控端設備作動==備對 本創作之又一目的伤+ ^ ^又I之功效。 -碼的編碼,儲存之功效。;’可達到使用者資訊和唯 依時=::二二==二使該加、解密之程序 後仍可絲密模切料行崎=財料賴證完畢 一述之目的’本創作係—種認證裝置,係包含 主控4设備及一金餘·’、 處理單元… 鑰係由一介面單元及- :且該介面單元係可與主控端設備插 f用以作為與主控端設備資料溝通交換之媒介;另咳 ::早讀與介面單元連接,用以作為與介面單元資料 溝通:換之媒介,且該處理單元係作為驅動該介面單 二:執仃加密演算、記憶體讀寫管理、檔案系統管理、 動怨密碼產生、防攻擊機制以及使用者f訊與唯一瑪之 儲存之用。可使該認證裝置達到雙向保護機制、動態密 馬改變、使用者#訊和唯—碼儲存以及加、解密程序依 時間加亂碼因子改變等功效。 【實施方式】 明參閱『第1、2圖』所示,係本創作之方塊示意圖、 本創作之電路示意圖'本創作之流程示意圖。如圖所示: 8 M254015 本創作係一種認證裝置係包含一主控端設備丄及一金鑰 ,2 ’可使該認證裝置達到雙向保護機制、動態密碼改變、 使用者資訊和唯一碼儲存以及加、解密程序依時間加亂 碼因子改變等功效。 該主控端設備1,該主控端設備係可為一個人電腦 (PC)、個人數位助理(PDA)、電子書包、電玩設備以及 收銀機(POS)· · ·等,且該主控端設備丄係可以向下 串流碼(Downstream code)加密之密碼傳輸至金鑰2。 該金鑰2係可以向上串流碼(Upstream c〇de)加密 ,密碼傳輸至主控端設備i,且該金鑰2,係由一介面 單元2 1及一處理單元2 2所構成,該金鑰2之介面單 元21與處理單元22亦可以單晶片之方式所構成,該 介面單元2 1係可與上述之主控端設備i插接,用以作 為與主控端設備1資料溝通交換之媒介,該介面單元2 1 係可為一 USB 控制器、UART/spi/IIC、SIR/RF、記憶 卡/MMC(Multi Media Card) · · ·等;另 。 該處理單元22係與上述之介面單元21連接,用 二作為與介面單元21資料溝通交換之媒介且該處理 早疋2 2係、作為驅動該介面單元2工,執行加密演算、 記憶體讀寫管理、槽案系統管理、動態密碼產生、、防攻 ,機制以及使用者資訊與唯—碼之儲存之用,而該處理 早疋2 2係可為-嵌人式快閃記憶體微控制器又該主 控端設備1與金錄之介面單元2 U處理單元2 ^資 料溝通交換係為已加密之内容。如是,藉由上述之結構 構成一全新之認證裝置。 δ使用時(请參閱第3圖所示)係於主控端設備1 插入金鑰2,並以主控端設備丄讀取存於金鑰2處理單 疋2 2中之的特定内容,若為正確時,該主控端設備工 則寫入以向下串流碼(Downstream code)加密的密碼傳 輸至金鑰2,而金鑰2係以相對應的向下串流碼解密, 若不正確則啟動防攻擊機制,若為正確該金鑰2則寫回 以向上串流碼(Upstream code)加密的密碼至主控端設 備1,使該主控端設備}#相對應的向上串流碼解密, 若解密正確則該主控端設備i與金鑰2即 對應向上與向下串流踢的更新,且使該主控端;= 金鑰2端的資料交換將以更新碼加密,並使該金鑰2與 主控端設備1的資料交換將以更新碼加密。 請參閱『第4圖』所示,係本創作之第一實施例示 。如圖所示··當本創作於單機使用時,係可將該金 意圖 錄2插到主控端設備1上,而該主控端設備丄係可為 個人電腦(PC)、個人數位助理(pda)、電子查包、雷 設備以及收銀機(pos)· · ·等,當作動時該金鑰2, 係利用金鑰2將密文解密並檢查該主控端設備i是否為 合法之主機,之後將加密後之内容上傳存回主控端設備 1執行密碼更新,並自動更新上傳/下载之密碼,待+ 成驗証並記錄使用者資料與已更新之密蝎直到再次插入 M254015 金鑰2或重新開機。 而該主控端設備1之應用軟體方面,則同時進行偵 測以取得正確之密碼(檢查金鑰2上之特定内容),下載 加密後之内容存入金鑰2中,將密文解密並檢查是否有 合法之金輪2,自動更新上傳/下載之密碼,執行密碼 更新,待完成驗註並記錄使用者資料與已更新之密碼直 到再次插入金錄2或重新開機。 立清參閱『第5圖』所示,係本創作之第二實施例示 意圖。如圖所示··本創作亦可應用於網際網路上 Client Devices),用以作為使用者資料之身分認證(可 選擇是否需要密碼),而該使用者資料可為個人基本資 料、會員等級、點數、電子錢包資料庫及加值服務,使 用時係將金鑰2插到主控端設備丄(用戶端電腦上),此 時該金鑰2即可將雄、文解密並檢查是否有合法之飼服器 主機,將内容以網路傳輸密碼加密後上存回主控端設備 1 (用戶端電腦),執行密碼更新,自動更新金鑰2與伺 服器上之網路傳輸密碼,完成驗証並記錄使用者資料與 更新之也碼直到再次插入金錄2或重新登入。 而該主控端設備1 (用戶端電腦)則同時進行偵測 以取得正確之密碼(檢查金鑰2之特定内容),將内容以 伺服器上之網路傳輸密碼加密後上傳存入金錄2中,再 將該密文解密並檢查是否有合法之金鑰2與伺服器上所 存之岔文,然後自動更新金鑰2與伺上之網路傳輸密 M254015 碼’並執行密碼踐,待完成㈣並記錄者資料盘已更 新之密碼到再次插人金錄2或重新開機。 立請參閱『第6圖』所示,係本創作之第三實施例示 思圖。如圖所示:本創作亦可應用於企網路之使用(f〇r新型 Description of the new type: [Technical field to which the new type belongs] This creation does not concern a kind of 切 K 丄., Species. Heart 5 and devices, especially one that can make the authentication device up to I] and then to the security mechanism, dynamic secret-code storage and encryption, decryption and imitation of a user shell efl and the effect of random garbled in private order and time Factor changes, etc. [Prior art] As a general user, such as the Republic of China Patent Gazette, Announcement No. 420 "Computer System with Portable Electronic Key", contains: a memory for storing programs or files; A processor to execute or process a program or a program in the memory; an encryption / decryption program to encrypt or decrypt a program or file; a key port; and an electronic key, Connectable to the key port in a pluggable manner, which contains a programmable memory for storing passwords; wherein when a user wants to encrypt a program or file, the encryption / decryption program will The program or file is encrypted and the password is stored in the key's memory, and when the user wants to decrypt a program or file, 'the encryption / decryption program will record from the key's M254015 Look for a corresponding password in the memory. If the password exists and is a correct password, the encryption / decryption program will decrypt the program or file. Yet another conventional application is the "IC Smart Card Security System" of Announcement No. 480435, which includes:-a complementary metal-oxide-semiconductor memory (CMOS memory) installed in a computer and used to store authentication data; A backup medium for storing a backup password; and a device for processing the identification data in the complementary metal-oxide-semiconductor memory, the password in the 1C smart card, and the backup password in the backup medium; Among them, the computer can start work after confirming that the backup password is consistent with the identification data. Although the above-mentioned conventional applications can achieve the functions of encryption and decryption, because the encryption and decryption procedures are fixed and cannot be changed randomly, and they have only one-way protection mechanism for encryption and decryption, and the password that should be set Dynamic changes cannot be made; therefore, the average user cannot meet the needs of the user. [New content] Therefore, the main purpose of this creation is to identify whether the master device has legitimate application software by using a key, or to identify whether the master device has a legal key by software using the master device M254015. The [headline] lies in the effectiveness of the feed mechanism. Golden Record = Recording end acts on the main control end device == Prepare for another purpose of this creation + ^ ^ 又 I efficacy. -Code encoding, storage effect. ; 'Can achieve user information and only time ==: two two == two can make the encryption and decryption process can still be silk-tight die cutting material Xing Qi = financial materials rely on the completion of the certificate' the purpose of this creation department —A kind of authentication device, which includes the main control 4 equipment and a Jinyu · ', processing unit ... The key system is composed of an interface unit and-: and the interface unit can be inserted into the main control device to serve as the main control End device data communication medium; another cough :: read early and connect to the interface unit for communication with the interface unit data: change the medium, and the processing unit is used to drive the interface single two: perform encryption calculations, memory Read and write management, file system management, complaint password generation, anti-attack mechanism, and storage of user messages and unique data. The authentication device can achieve two-way protection mechanism, dynamic password change, user #message and unique code storage, as well as encryption and decryption procedures and garbled factor changes over time. [Implementation] Please refer to [Figures 1 and 2] for details. It is a block diagram of this creation and a circuit diagram of this creation. As shown in the figure: 8 M254015 This creation is an authentication device that includes a master device and a key. 2 'enables the authentication device to achieve two-way protection mechanism, dynamic password change, user information and unique code storage, and Encryption and decryption procedures add garbled factor changes over time and other effects. The master device 1, which can be a personal computer (PC), a personal digital assistant (PDA), an electronic school bag, a video game device, and a cash register (POS), etc., and the master device That is, the password encrypted by Downstream code can be transmitted to Key 2. The key 2 can be encrypted by Upstream code, and the password is transmitted to the master device i. The key 2 is composed of an interface unit 21 and a processing unit 22. The interface unit 21 and the processing unit 22 of the key 2 can also be constituted by a single chip. The interface unit 21 can be plugged into the above-mentioned master device i for communication and exchange with the master device 1 The interface unit 2 1 can be a USB controller, UART / spi / IIC, SIR / RF, memory card / MMC (Multi Media Card), etc .; The processing unit 22 is connected to the above-mentioned interface unit 21, and uses two as a medium for data communication and exchange with the interface unit 21. The processing unit 22 is used as a driver to drive the interface unit 2 to perform encryption calculation and memory reading and writing. Management, slot system management, dynamic password generation, anti-attack, mechanism, and storage of user information and unique code, and this processing can be as early as 2 2-embedded flash memory microcontroller In addition, the master device 1 and the interface unit 2 of the Jinlu U processing unit 2 ^ The data exchange is encrypted content. If so, a new authentication device is constituted by the above structure. δ When used (see Figure 3), insert the key 2 in the master device 1 and read the specific content stored in the key 2 processing list 2 2 with the master device 若, if When it is correct, the master device writes a password encrypted with the Downstream code and transmits it to the key 2, and the key 2 is decrypted with the corresponding down stream code. If it is correct, the anti-attack mechanism is activated. If the key 2 is correct, the password encrypted with the upstream code (Upstream code) is written to the master device 1, so that the master device} # corresponding to the upstream stream Code decryption, if the decryption is correct, the master device i and the key 2 correspond to the update of upstream and downward streaming kicks, and make the master terminal; = the data exchange on the key 2 end will be encrypted with the update code, and The data exchange between the key 2 and the master device 1 will be encrypted with the update code. Please refer to "Figure 4" for the first embodiment of this creation. As shown in the figure ... When this creation is used on a single machine, the gold intent record 2 can be inserted into the master device 1, and the master device can be a personal computer (PC) or a personal digital assistant. (Pda), electronic packet checking, mine equipment, and cash register (pos), etc., when the key 2 is activated, the key 2 is used to decrypt the ciphertext and check whether the master device i is legitimate. Host, then upload the encrypted content back to the host device 1 to perform the password update, and automatically update the upload / download password, wait for + verification and record the user data and the updated secret scorpion until the M254015 key is inserted again 2 or reboot. As for the application software of the host device 1, it simultaneously detects to obtain the correct password (check the specific content on key 2), downloads the encrypted content and stores it in key 2, decrypts the ciphertext and Check if there is a legal Golden Wheel 2, automatically update the upload / download password, perform password update, complete the verification and record the user data and the updated password until you insert Golden Record 2 again or restart. Li Qing refers to "Figure 5", which is the intention of the second embodiment of this creation. As shown in the figure ... This creation can also be applied to Client Devices on the Internet) for identity authentication of user data (can choose whether or not a password is required), and the user data can be personal basic data, membership level, Credits, e-wallet database and value-added services. When using, insert the key 2 into the master device 丄 (on the client computer). At this time, the key 2 can decrypt the male and female and check whether there is any The legitimate feeder host encrypts the content with the network transmission password and stores it back to the master device 1 (the client computer), performs the password update, and automatically updates the key 2 and the network transmission password on the server. Verify and record the user data and update the code until you insert Jinlu 2 again or log in again. The master device 1 (client computer) simultaneously detects to obtain the correct password (check the specific content of key 2), encrypts the content with the network transmission password on the server, and uploads it to the gold record. 2, then decrypt the ciphertext and check whether there is a valid key 2 and the fork stored on the server, and then automatically update the key 2 and the server's network to transmit the secret M254015 code 'and execute the password practice. Complete the record and record the updated password of the recorder's data disk to insert Gold Record 2 again or restart. Please refer to "Figure 6" for the third embodiment of this creation. As shown in the figure: This creation can also be applied to the use of enterprise networks (f〇r
Devices)’用以作為使用者資料之身分認證(無 需密碼)’而該使用者資料可為個人基本資料,或使用者 權限等級。Devices) ’is used for authentication of user data (no password required)’ and the user data may be basic personal data or user permission level.
當使用時係將金鑰2插到主控端設備}(用戶端電 腦上)’將密文解密並檢查是否有合法之祠服主機,並將 内容以網路傳輸密碼後上傳存回主控端設備丄(用戶端 電腦),執行密碼更新,之後自動更新金鑰2與伺服器上 之網路傳輸密碼,待完成驗証並記錄使用者資料與已更 新之密碼直到次插入金鑰2或重新登入。When in use, insert the key 2 into the master device} (on the client computer) 'to decrypt the ciphertext and check if there is a legitimate host server, and upload the content to the master after transmitting the password over the network End device 丄 (client computer), perform password update, and then automatically update key 2 and the network transmission password on the server. Wait for verification and record user data and updated password until key 2 is inserted or re-encrypted. Sign in.
而該主控端設備1 (用戶端電腦)則同時進行偵測 以取得正確之密碼(檢查金鑰2之特定内容),將内容以 伺服器上之網路傳輸密碼後上傳存入金鑰2中,並將密 文解密並檢查是否有合法之金鑰2與伺服器上所存之密 文,再自動更新金鑰2與伺服器上之網路傳輸密碼,執 行饮碼更新’待完成驗註並記錄使用者資料與已更新之 密碼直到再次插入金鑰2或重新開機。 由上述之實施例中可知本創作之認證裝置可達到下 列之功能: 一、雙向保護機制(Two Way Protection Mechanism): 12 M254015 1. 金鑰識別主控端是否具合法應用軟體(V_Key to check the legal Host Aps)° 2. 主控端設備應用軟體識別是否具合法金鑰(Host Aps to check the legal V-key)° 二、 動態密碼改變(Dynamic Security Code Change) 1 ·從主控端設備對金錄(From Host site to V-key)。 2.從金鑰端對主控端設備(From V-key site to Host) ° 三、 使用者資訊和唯一碼的編碼,儲存(User Informat ion & Unique code encode and Storage)。 四、 加解密程序依時間加亂瑪因子改變(Procedure of encryption/decryption changed by Time with Random Code ) o 惟以上所述者,僅為本創作之較佳實施例而已,當 不能以此限定本創作實施之範圍;故,凡依本創作申請 專利範圍及創作說明書内容所作之簡單的等效變化與修 飾,皆應仍屬本創作專利涵蓋之範圍内。 M254015 【圖式簡單說明】 第1圖,係本創作之方塊示意圖。 第2圖,係本創作之電路示意圖。 第3圖,係本創作之流程示意圖。 第4圖,係本創作之第一實施例流程圖。 第5圖,係本創作之第二實施例流程圖。 第6圖,係本創作之第三實施例流程圖。 【元件標號對照】 主控端設備1 金錄2 介面單元2 1 處理單元2 2The master device 1 (client computer) simultaneously detects to obtain the correct password (check the specific content of key 2), uploads the content to the key 2 after transmitting the password over the network on the server And decrypt the ciphertext and check whether there is a valid key 2 and the cipher text stored on the server, and then automatically update the key 2 and the network transmission password on the server, and execute the code update 'to be completed. And record the user data and the updated password until key 2 is inserted again or rebooted. It can be known from the above embodiments that the authentication device of this creation can achieve the following functions: 1. Two Way Protection Mechanism: 12 M254015 1. The key identifies whether the master has legitimate application software (V_Key to check the legal Host Aps) ° 2. Application software of the master device identifies whether it has a legal key (Host Aps to check the legal V-key) ° 2. Dynamic Security Code Change 1 · From the master device Golden Record (From Host site to V-key). 2. From V-key site to Host from the key end ° Third, the user information and unique code encoding, storage (User Informat ion & Unique code encode and Storage). 4. The encryption and decryption program is changed by time with random code. (Procedure of encryption / decryption changed by Time with Random Code) o The above is only the preferred embodiment of this creation, and it should not be used to limit this creation. The scope of implementation; therefore, any simple equivalent changes and modifications made in accordance with the scope of the patent application for creation and the content of the creation description should still fall within the scope of this creation patent. M254015 [Schematic description] Figure 1 is a block diagram of this creation. Figure 2 is a circuit diagram of this creation. Figure 3 is a schematic diagram of the process of this creation. FIG. 4 is a flowchart of the first embodiment of this creation. FIG. 5 is a flowchart of the second embodiment of this creation. FIG. 6 is a flowchart of the third embodiment of this creation. [Comparison of component numbers] Master device 1 Jinlu 2 Interface unit 2 1 Processing unit 2 2