+

US20070180507A1 - Information security device of universal serial bus human interface device class and data transmission method for same - Google Patents

Information security device of universal serial bus human interface device class and data transmission method for same Download PDF

Info

Publication number
US20070180507A1
US20070180507A1 US11/534,955 US53495506A US2007180507A1 US 20070180507 A1 US20070180507 A1 US 20070180507A1 US 53495506 A US53495506 A US 53495506A US 2007180507 A1 US2007180507 A1 US 2007180507A1
Authority
US
United States
Prior art keywords
information security
hid
security device
usb
chip
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/534,955
Inventor
Zhou Lu
Huazhang Yu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Publication of US20070180507A1 publication Critical patent/US20070180507A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Definitions

  • the present invention relates to an information security device of Universal Serial Bus (USB) Human Interface Device (HID) class and the data transmission method for the same.
  • USB Universal Serial Bus
  • HID Human Interface Device
  • Username/password is the commonest and simplest method for identity authentication, but the password is easy to be doped out by other people.
  • the password is static data and is transmitted through computer memory and network during authentication, so it is easy to be captured by Trojan or listener on network. Therefore, it's not a good method for identity authentication.
  • ID card authentication prevents user identity from being counterfeited as ID card cannot be duplicated. But the data read from ID card is also static and it is easy to be captured by memory scan or network listening. The security problems persist.
  • Dynamic password is a technology that allows user password to change with time or the number of uses, and the password can be used only once. Since each password must be generated by dynamic token and the private hardware of dynamic token is held only by valid user, the user identity can be authenticated through password verification. But if the time or the number of uses between the client and the server is not synchronized properly, a valid user probably could not log in. And the user is required to enter a long string of ruleless password using keyboard each time the user logs in, once there is a typo, the user must enter the password again. Obviously, it is not easy to use.
  • the present invention overcomes above defects and provides a simple and secure information security device of the Universal Serial Bus (USB) Human Interface Device (HID) class, which is integrated with the features and advantages of both USB Key (Token) and HID devices, and the data transmission method for the device.
  • USB Universal Serial Bus
  • HID Human Interface Device
  • an information security device of Universal Serial Bus (USB) Human Interface Device (HID) class comprising a master chip with a built-in HID descriptor, and a USB interface module connected to the master chip.
  • USB Universal Serial Bus
  • HID Human Interface Device
  • the information security device may comprise an additional authentication module, which is an intelligent authentication module including a biometric identification module or a card reader module.
  • the USB interface module may be built in the master chip, or be a USB HID interface chip separated from the master chip.
  • the master chip may be a microprocessor or smart card chip, comprising a Central Processing Unit (CPU), a Microcontroller Unit (MCU), or a Single Chip Micyoco (SCM).
  • CPU Central Processing Unit
  • MCU Microcontroller Unit
  • SCM Single Chip Micyoco
  • a data transmission method for the information security device comprising the steps of:
  • control commands are transmitted through HID instructions between the host and the information security device.
  • the control commands may include PIN authentication, signature authentication, data downloading, file access, privilege management and/or read/write operation.
  • the control commands may be transmitted in the form of cipher text after being encrypted.
  • the HID instructions may include Set_Report and Get_Report commands.
  • the algorithm used to encrypt the control commands is RSA, DES, 3DES, HMAC-MD5 or TEA, or the combination of some of them.
  • the information security device itself may be designed to be compact and easy to use, and provide powerful functions.
  • the device user does not need to install a driver and the user can use the device anywhere and anytime.
  • the user does not need to manage the driver whose version updates constantly, consider the compatibility of various product drivers, face the risk caused by the driver when running OS, and worry about the pollution to the system resulted from the installation and uninstallation of the driver.
  • CPU, SCM or smart card chip used as the master chip ensures that the security of identity authentication is reliable.
  • the security of identity authentication device can be further improved by adding biometric identification module and/or the like.
  • FIG. 1 is a control flow diagram of the first embodiment of the present invention
  • FIG. 2 is a control flow diagram of the second embodiment of the present invention.
  • FIG. 3 is a hardware structure diagram of the first embodiment of the present invention.
  • FIG. 4 is a hardware structure diagram of the second embodiment of the present invention.
  • FIG. 5 is a hardware structure diagram of the third embodiment of the present invention.
  • USB makes the connection between peripherals and computer more effective and convenient.
  • This kind of interface applies to many devices. It is quick, supports for plug and play and hot swap, and can be connected to up to 127 devices at one time. It can solve such problems as resource conflict, interrupt request and direct data channel. Accordingly, more and more developers try to apply this kind of standard interface to their products.
  • the identity authentication based on USB Key is a convenient and secure identity authentication technology emerged in recent years. It employs a strong two-factor authentication mode that combines software with hardware and uses one-time pad technology, obtaining high security without the cost of usability.
  • the present invention integrates the features and advantages of USB Key with those of HID devices, and applies driver-free USB Key to identity identification in network security area.
  • the present invention will be further understood from the following description.
  • the driver-free USB Key thereof is a hardware device that has a USB HID interface.
  • the information security device 302 has a high performance built-in SCM or smart card chip 303 . It is connected to the host 301 via a built-in USB interface.
  • the SCM or smart card chip 303 can store user keys or digital certificates. The user identity is authenticated with the encryption algorithms built in USB Key.
  • the SCM or smart card chip has built-in operating system.
  • the hardware supports RSA, DES, 3DES and TEA algorithms.
  • RSA keys and random numbers are generated by the hardware.
  • the firmware supports downloads of 3 rd party algorithms. According to the above mentioned structure, data transmission is processed as follows:
  • the host establishes connection to the information security device 302 by enumerating a USB HID device, and then gets HID class and report descriptor and sets up communication with the information security device finally.
  • the host reads the file system of the information security device and gets related information.
  • the Host Sends a Command to the Device.
  • the host When receiving an authentication request from the user, the host sends authentication data to the device using an HID-specific request, Set_Report control transmission command.
  • This request can be PIN authentication, signature authentication, data downloading, file access, privilege management or read/write.
  • the information security device After receiving Set_Report command from the host, the information security device resolves the command according to the data resolving protocol defined previously and performs appropriate security operations, such as conducting PIN authentication and signature authentication, downloading necessary data to the specified location, reading/writing/modifying/adding/deleting files according to file access privilege, or changing operation privileges on files.
  • appropriate security operations such as conducting PIN authentication and signature authentication, downloading necessary data to the specified location, reading/writing/modifying/adding/deleting files according to file access privilege, or changing operation privileges on files.
  • the device When finishing the specified operation, or making a new request to the application, the device sends related data such as execution results to the application in response to the request of the application.
  • the identity authentication system based on USB Key has two major application schemas: the authentication schema based on challenge/response and the authentication schema based on Public Key Infrastructure (PKI).
  • PKI Public Key Infrastructure
  • the application performs the initialization process, as shown in Step 101 .
  • Step 102 When it is required to authenticate user identity on network, perform two-factor authentication, as shown in Step 102 .
  • the device will receive random numbers and encrypt them with defined algorithm(s), then return the results to the terminal which will therefore confirm the results.
  • PIN weak factor
  • the application judges whether the authentication is successful, as shown in Step 103 .
  • the application side can provide the service, as shown in Step 106 , or deny the service, as shown in Step 108 . Additionally, it can also perform file management, as shown in Step 104 , or other data operation, as shown in Step 105 , on the information security device. Finally, the operation is completed, as shown in Step 107 .
  • key calculation is run on the hardware of the information security device and the server respectively. It does not appear in client memory, or on network. Because the algorithm HMAC-MD5 is not reversible, which means that you can get the calculation result if you know the key and the random number used in the calculation, but you cannot get the key if you know the random number and the calculation result. So the key is secured, and the user identity is secured thereby.
  • the information security device 402 contains a high performance CPU chip 404 and is connected to the host via a USB interface chip 403 which is used to resolve the USB communication protocol.
  • the algorithm HMAC-MD5 is implemented and the random numbers are generated by the high performance CPU chip in combination with the USB interface chip.
  • the firmware supports 3-level file access and privilege management.
  • PKI authentication is a unified technical framework used to provide data encryption and digital signature services in the public network environment using the public key encryption technology of modern cryptography.
  • CA Certificate Authority
  • identity authentication and data encryption are embodied using a digital certificate in the present embodiment.
  • the digital certificate is issued by an authoritative and just 3 rd party authority (i.e. a CA Center).
  • the encryption technology based on the digital certificate enables the encryption and decryption, digital signature and signature verification of the information transmitted on the network, assures the confidentiality and integrity of the information, the authenticity of the identities of transaction entities and the incontestability of signature information, and therefore maintains the security of network applications.
  • Step 201 performs the initialization operation, as shown in Step 201 .
  • the server needs to authenticate the user's identity, it performs PKI authentication, as shown in Step 202 .
  • the device encrypts the received data with a private key, and returns the result to the terminal. After receiving the encryption result, the server decrypts it to verify if the authentication data is correct.
  • Step 203 After PKI authentication finishes, whether the authentication is successful will be judged, as shown in Step 203 . If it fails, the service will be denied, as shown in Step 208 . Otherwise, use the service offered by the application, as shown in Step 210 . Moreover, the services, such as data reading/writing, as shown in Step 207 , algorithm downloading, as shown in Step 206 , and data encryption/decryption, as shown in Step 205 , can be offered and used by the present embodiment, as shown in Step 204 . Then go to the end, as shown in Step 209 .
  • each user has a private key held only by himself to decrypt and sign, meanwhile, the user also has a public key which is open to the public to encrypt and verify the signature.
  • the sender encrypts the data using the public key of the receiver, and the receiver decrypts the data with his private key.
  • the information can be forwarded to the destination correctly and safely. Even if the information is captured by a 3 rd party, it can not be decrypted without the private key. It is guaranteed that the encryption process is an irreversible process by digital means, i.e. to decrypt the data, the private key is a must.
  • the user can also process the information using the private key of his own. Since the private key is held only by the foregoing user, a document that cannot be generated by others will be produced, and then a digital signature comes up. Using the digital signature can ensure that:
  • the information security device 502 comprises a biometric identification module in addition to the high performance CPU 503 referred in the 2 nd embodiment.
  • the biometric identification module comprises a sensor 505 for extracting biometric information and a control chip 504 for converting the information into control signals that can be recognized by CPU.
  • the control chip 504 is connected between the CPU 503 and the sensor 505 . Therefore, a biometric identification feature is added to the device, the security of the authentication is further increased.
  • a reader module for example can be employed for the same purpose.
  • USB HID class and the data transmission method for the information security device provided by the present invention are described in details above. It will be appreciated by those of ordinary skill in the art that the invention can be embodied in other specific forms without departing from the spirit or essential character thereof. The presently disclosed embodiments are therefore considered in all respects to be illustrative and not restrictive. The scope of the invention is indicated by the appended claims rather than the foregoing description, and all changes which come within the meaning and range of equivalents thereof are intended to be embraced therein.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to an information security device of Universal Serial Bus (USB) Human Interface Device (HID) class and the data transmission method for the same. With a master chip that has a built-in HID descriptor and a USB interface chip connected to the master chip, the device of the present invention itself may be designed to be compact and easy to use, and provide powerful functions. With the USB HID interface, the device user does not need to install a driver and the user can use the device anywhere and anytime. And the user does not need to manage the driver whose version updates constantly, consider the compatibility of various product drivers, face the risk caused by the driver when running OS, and worry about the pollution to the system resulted from the installation and uninstallation of the driver. CPU, SCM or smart card chip used as the master chip ensures that the security of identity authentication is reliable. Moreover, the security of identity authentication device can be further improved by adding biometric identification module and/or the like.

Description

    FIELD OF THE INVENTION
  • The present invention relates to an information security device of Universal Serial Bus (USB) Human Interface Device (HID) class and the data transmission method for the same.
    • BACKGROUND OF THE INVENTION
  • With the popularity of the Internet and the rise of e-business and e-government, more and more people begin to try online transactions. Meanwhile, more and more personal privacy and business secrets information is transmitted over the network. However, the malicious threats, such as virus, hacker, and phishing fraud, bring a great challenge to the security of online transactions. Endless network crimes lead to a trust crisis to the identity on network. We have to focus on the problems on how to prove “who am I?” and how to prevent identify thefts again. It is urgent to safeguard identify authentication/recognition which is the primary problem in network security. The major identify authentication/recognition methods used in computer and network systems are username/password, ID card, dynamic password and USB Key (Token).
  • Username/password is the commonest and simplest method for identity authentication, but the password is easy to be doped out by other people. In addition, the password is static data and is transmitted through computer memory and network during authentication, so it is easy to be captured by Trojan or listener on network. Therefore, it's not a good method for identity authentication.
  • ID card authentication prevents user identity from being counterfeited as ID card cannot be duplicated. But the data read from ID card is also static and it is easy to be captured by memory scan or network listening. The security problems persist.
  • Dynamic password is a technology that allows user password to change with time or the number of uses, and the password can be used only once. Since each password must be generated by dynamic token and the private hardware of dynamic token is held only by valid user, the user identity can be authenticated through password verification. But if the time or the number of uses between the client and the server is not synchronized properly, a valid user probably could not log in. And the user is required to enter a long string of ruleless password using keyboard each time the user logs in, once there is a typo, the user must enter the password again. Obviously, it is not easy to use.
    • SUMMARY OF THE INVENTION
  • The present invention overcomes above defects and provides a simple and secure information security device of the Universal Serial Bus (USB) Human Interface Device (HID) class, which is integrated with the features and advantages of both USB Key (Token) and HID devices, and the data transmission method for the device.
  • The solution of the present invention to the technical problems is: an information security device of Universal Serial Bus (USB) Human Interface Device (HID) class, comprising a master chip with a built-in HID descriptor, and a USB interface module connected to the master chip.
  • The information security device may comprise an additional authentication module, which is an intelligent authentication module including a biometric identification module or a card reader module.
    • The USB interface module may be built in the master chip, or be a USB HID interface chip separated from the master chip.
  • The master chip may be a microprocessor or smart card chip, comprising a Central Processing Unit (CPU), a Microcontroller Unit (MCU), or a Single Chip Micyoco (SCM).
  • A data transmission method for the information security device, comprising the steps of:
  • 1) the host recognizing the information security device;
  • 2) the host sending control commands to the device;
  • 3) the device resolving and processing the control commands after receiving them;
  • 4) the device responding to the application and returning the execution results.
  • The control commands are transmitted through HID instructions between the host and the information security device.
  • The control commands may include PIN authentication, signature authentication, data downloading, file access, privilege management and/or read/write operation.
  • The control commands may be transmitted in the form of cipher text after being encrypted.
  • The HID instructions may include Set_Report and Get_Report commands.
  • The algorithm used to encrypt the control commands is RSA, DES, 3DES, HMAC-MD5 or TEA, or the combination of some of them.
  • The advantages of the present invention compared with existing technologies are: the information security device itself may be designed to be compact and easy to use, and provide powerful functions. With the USB HID interface, the device user does not need to install a driver and the user can use the device anywhere and anytime. And the user does not need to manage the driver whose version updates constantly, consider the compatibility of various product drivers, face the risk caused by the driver when running OS, and worry about the pollution to the system resulted from the installation and uninstallation of the driver. CPU, SCM or smart card chip used as the master chip ensures that the security of identity authentication is reliable. Moreover, the security of identity authentication device can be further improved by adding biometric identification module and/or the like.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The present invention may be further understood from the following description in conjunction with the appended drawings. In the drawings:
  • FIG. 1 is a control flow diagram of the first embodiment of the present invention;
  • FIG. 2 is a control flow diagram of the second embodiment of the present invention;
  • FIG. 3 is a hardware structure diagram of the first embodiment of the present invention;
  • FIG. 4 is a hardware structure diagram of the second embodiment of the present invention;
  • FIG. 5 is a hardware structure diagram of the third embodiment of the present invention.
    •  DETAILED DESCRIPTION OF THE EMBODIMENTS
  • As a more and more widely used PC interconnection protocol, USB makes the connection between peripherals and computer more effective and convenient. This kind of interface applies to many devices. It is quick, supports for plug and play and hot swap, and can be connected to up to 127 devices at one time. It can solve such problems as resource conflict, interrupt request and direct data channel. Accordingly, more and more developers try to apply this kind of standard interface to their products.
  • It is so convenient that the user does not need to install a driver for a HID device for Windows 98 SE or higher. The user can use the device anywhere and anytime, without installing a driver when using a PC peripheral. And the user does not need to manage the driver whose version updates constantly, consider the compatibility of various product drivers, face the risk caused by the driver when running OS, and worry about the pollution to the system resulted from the installation and uninstallation of the driver. All these will benefit the primary users who are not very sophisticated to PCs.
  • The identity authentication based on USB Key is a convenient and secure identity authentication technology emerged in recent years. It employs a strong two-factor authentication mode that combines software with hardware and uses one-time pad technology, obtaining high security without the cost of usability.
  • The present invention integrates the features and advantages of USB Key with those of HID devices, and applies driver-free USB Key to identity identification in network security area. The present invention will be further understood from the following description.
  • The driver-free USB Key thereof is a hardware device that has a USB HID interface. Referring to FIG. 3, the information security device 302 has a high performance built-in SCM or smart card chip 303. It is connected to the host 301 via a built-in USB interface. The SCM or smart card chip 303 can store user keys or digital certificates. The user identity is authenticated with the encryption algorithms built in USB Key. The SCM or smart card chip has built-in operating system. The hardware supports RSA, DES, 3DES and TEA algorithms.
  • RSA keys and random numbers are generated by the hardware. The firmware supports downloads of 3rd party algorithms. According to the above mentioned structure, data transmission is processed as follows:
  • 1. The Host Recognizes the Device.
  • The host establishes connection to the information security device 302 by enumerating a USB HID device, and then gets HID class and report descriptor and sets up communication with the information security device finally. The host reads the file system of the information security device and gets related information.
  • 2. The Host Sends a Command to the Device.
  • When receiving an authentication request from the user, the host sends authentication data to the device using an HID-specific request, Set_Report control transmission command. This request can be PIN authentication, signature authentication, data downloading, file access, privilege management or read/write.
  • 3. The Device Resolves and Processes the Command.
  • After receiving Set_Report command from the host, the information security device resolves the command according to the data resolving protocol defined previously and performs appropriate security operations, such as conducting PIN authentication and signature authentication, downloading necessary data to the specified location, reading/writing/modifying/adding/deleting files according to file access privilege, or changing operation privileges on files.
  • 4. The Device Responds to the Application.
  • When finishing the specified operation, or making a new request to the application, the device sends related data such as execution results to the application in response to the request of the application.
  • The identity authentication system based on USB Key has two major application schemas: the authentication schema based on challenge/response and the authentication schema based on Public Key Infrastructure (PKI).
  • For the identity authentication technology of the authentication schema based on challenge/response, the application process will be described below.
    • The First Embodiment
  • Referring to FIG. 1, the application performs the initialization process, as shown in Step 101. When it is required to authenticate user identity on network, perform two-factor authentication, as shown in Step 102. Once the weak factor (PIN) authentication is passed, the device will receive random numbers and encrypt them with defined algorithm(s), then return the results to the terminal which will therefore confirm the results.
  • After the two-factor authentication finishes, the application judges whether the authentication is successful, as shown in Step 103. The application side can provide the service, as shown in Step 106, or deny the service, as shown in Step 108. Additionally, it can also perform file management, as shown in Step 104, or other data operation, as shown in Step 105, on the information security device. Finally, the operation is completed, as shown in Step 107.
  • During the application process of the present embodiment, key calculation is run on the hardware of the information security device and the server respectively. It does not appear in client memory, or on network. Because the algorithm HMAC-MD5 is not reversible, which means that you can get the calculation result if you know the key and the random number used in the calculation, but you cannot get the key if you know the random number and the calculation result. So the key is secured, and the user identity is secured thereby.
    • The Second Embodiment
  • Referring to FIG. 4, the information security device 402 contains a high performance CPU chip 404 and is connected to the host via a USB interface chip 403 which is used to resolve the USB communication protocol. The algorithm HMAC-MD5 is implemented and the random numbers are generated by the high performance CPU chip in combination with the USB interface chip. The firmware supports 3-level file access and privilege management.
  • According to the above structure and the authentication schema based on PKI system, the application process of the present invention is described in details below.
  • PKI authentication is a unified technical framework used to provide data encryption and digital signature services in the public network environment using the public key encryption technology of modern cryptography.
  • As the authentication technology based on Certificate Authority (CA) is getting completed, identity authentication and data encryption are embodied using a digital certificate in the present embodiment. The digital certificate is issued by an authoritative and just 3rd party authority (i.e. a CA Center). The encryption technology based on the digital certificate enables the encryption and decryption, digital signature and signature verification of the information transmitted on the network, assures the confidentiality and integrity of the information, the authenticity of the identities of transaction entities and the incontestability of signature information, and therefore maintains the security of network applications.
  • First, perform the initialization operation, as shown in Step 201. When the server needs to authenticate the user's identity, it performs PKI authentication, as shown in Step 202. The device encrypts the received data with a private key, and returns the result to the terminal. After receiving the encryption result, the server decrypts it to verify if the authentication data is correct.
  • After PKI authentication finishes, whether the authentication is successful will be judged, as shown in Step 203. If it fails, the service will be denied, as shown in Step 208. Otherwise, use the service offered by the application, as shown in Step 210. Moreover, the services, such as data reading/writing, as shown in Step 207, algorithm downloading, as shown in Step 206, and data encryption/decryption, as shown in Step 205, can be offered and used by the present embodiment, as shown in Step 204. Then go to the end, as shown in Step 209.
  • In the present embodiment, each user has a private key held only by himself to decrypt and sign, meanwhile, the user also has a public key which is open to the public to encrypt and verify the signature. When sending a confidential document, the sender encrypts the data using the public key of the receiver, and the receiver decrypts the data with his private key. Thereby, the information can be forwarded to the destination correctly and safely. Even if the information is captured by a 3rd party, it can not be decrypted without the private key. It is guaranteed that the encryption process is an irreversible process by digital means, i.e. to decrypt the data, the private key is a must.
  • The user can also process the information using the private key of his own. Since the private key is held only by the foregoing user, a document that cannot be generated by others will be produced, and then a digital signature comes up. Using the digital signature can ensure that:
      • 1) the information is signed and sent by the signer himself, and the signer cannot deny or is difficult to deny it's signature; and
      • 2) the information has not been modified from it is signed until it is received, and the signed document is the authentic document.
    The Third Embodiment
  • Referring to FIG. 5, the information security device 502 comprises a biometric identification module in addition to the high performance CPU 503 referred in the 2nd embodiment. The biometric identification module comprises a sensor 505 for extracting biometric information and a control chip 504 for converting the information into control signals that can be recognized by CPU. The control chip 504 is connected between the CPU 503 and the sensor 505. Therefore, a biometric identification feature is added to the device, the security of the authentication is further increased. Alternatively, a reader module for example can be employed for the same purpose.
  • The information security device of USB HID class and the data transmission method for the information security device provided by the present invention are described in details above. It will be appreciated by those of ordinary skill in the art that the invention can be embodied in other specific forms without departing from the spirit or essential character thereof. The presently disclosed embodiments are therefore considered in all respects to be illustrative and not restrictive. The scope of the invention is indicated by the appended claims rather than the foregoing description, and all changes which come within the meaning and range of equivalents thereof are intended to be embraced therein.

Claims (13)

1. An information security device of Universal Serial Bus (USB) Human Interface Device (HID) class, wherein comprising
a master chip with a built-in HID descriptor; and
a USB interface module connected to the master chip.
2. The information security device of Universal Serial Bus (USB) Human Interface Device (HID) class according to claim 1, wherein further comprising an authentication module which is an intelligent authentication module comprising a biometric identification module or a card reading module.
3. The information security device of Universal Serial Bus (USB) Human Interface Device (HID) class according to claim 1, wherein the USB interface module is built into the master chip or is a USB HID interface chip separated from the master chip.
4. The information security device of Universal Serial Bus (USB) Human Interface Device (HID) class according to claim 2, wherein the USB interface module is built into the master chip or is a USB HID interface chip separated from the master chip.
5. The information security device of Universal Serial Bus (USB) Human Interface Device (HID) class according to claim 1, wherein the master chip is a microprocessor or smart card chip, comprising a Central Processing Unit (CPU), a Microcontroller Unit (MCU), or a Single Chip Micyoco (SCM).
6. The information security device of Universal Serial Bus (USB) Human Interface Device (HID) class according to claim 2, wherein the master chip is a microprocessor or smart card chip, comprising a Central Processing Unit (CPU), a Microcontroller Unit (MCU), or a Single Chip Micyoco (SCM).
7. A data transmission method for the information security device according to claim 1, wherein comprising the steps of:
1) the host recognizing the information security device;
2) the host sending control commands to the device;
3) the device resolving and processing the control commands after receiving them;
4) the device responding to the application and returning the execution results;
and the control commands are transmitted through HID instructions between the host and the information security device.
8. The data transmission method for the information security device according to claim 7, wherein the control commands include PIN authentication, signature authentication, data downloading, file access, privilege management and/or read/write operation.
9. The data transmission method for the information security device according to claim 7, wherein the control commands are transmitted in the form of cipher text after being encrypted.
10. The data transmission method for the information security device according to claim 7, wherein the HID instructions include Set_Report and Get_Report commands.
11. The data transmission method for the information security device according to claim 8, wherein the HID instructions include Set_Report and Get_Report commands.
12. The data transmission method for the information security device according to claim 9, wherein the HID instructions include Set_Report and Get_Report commands.
13. The data transmission method for the information security device according to claim 9, wherein the algorithm used to encrypt the control commands is RSA, DES, 3DES, HMAC-MD5 or TEA, or the combination of some of them.
US11/534,955 2006-01-27 2006-09-25 Information security device of universal serial bus human interface device class and data transmission method for same Abandoned US20070180507A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200610002399.2A CN1808458A (en) 2006-01-27 2006-01-27 Safety control device and control method for production of software products
CN2006100002399.2 2006-01-27

Publications (1)

Publication Number Publication Date
US20070180507A1 true US20070180507A1 (en) 2007-08-02

Family

ID=36840353

Family Applications (2)

Application Number Title Priority Date Filing Date
US11/534,955 Abandoned US20070180507A1 (en) 2006-01-27 2006-09-25 Information security device of universal serial bus human interface device class and data transmission method for same
US11/535,412 Active 2029-03-13 US8522351B2 (en) 2006-01-27 2006-09-26 Production security control apparatus for software products and control method thereof

Family Applications After (1)

Application Number Title Priority Date Filing Date
US11/535,412 Active 2029-03-13 US8522351B2 (en) 2006-01-27 2006-09-26 Production security control apparatus for software products and control method thereof

Country Status (2)

Country Link
US (2) US20070180507A1 (en)
CN (1) CN1808458A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050228755A1 (en) * 1999-09-10 2005-10-13 Metavante Corporation Methods and systems for secure transmission of identification information over public networks
US20120102324A1 (en) * 2010-10-21 2012-04-26 Mr. Lazaro Rodriguez Remote verification of user presence and identity
US20120216047A1 (en) * 2011-02-18 2012-08-23 Walton Advanced Engineering Inc. digital key featuring encryption and web guide
US9253162B2 (en) * 2013-01-22 2016-02-02 Feitian Technologies Co., Ltd Intelligent card secure communication method
US9811671B1 (en) 2000-05-24 2017-11-07 Copilot Ventures Fund Iii Llc Authentication method and system
US9818249B1 (en) 2002-09-04 2017-11-14 Copilot Ventures Fund Iii Llc Authentication method and system
US9846814B1 (en) 2008-04-23 2017-12-19 Copilot Ventures Fund Iii Llc Authentication method and system

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080137838A1 (en) * 2006-12-06 2008-06-12 Phison Electronics Corp. Portable storage device and system with hardware key and copyright management function
CN100535918C (en) * 2008-05-21 2009-09-02 重庆四联油气设备制造有限公司 Air entraining station management system ciphering lock method

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6088802A (en) * 1997-06-04 2000-07-11 Spyrus, Inc. Peripheral device with integrated security functionality
JP4045393B2 (en) * 1999-06-01 2008-02-13 ソニー株式会社 Information signal duplication management method and information signal recording apparatus
US7032240B1 (en) * 1999-12-07 2006-04-18 Pace Anti-Piracy, Inc. Portable authorization device for authorizing use of protected information and associated method
US6952479B2 (en) * 2001-11-27 2005-10-04 Macrovision Europe Limited Dynamic copy protection of optical media
US7530116B2 (en) * 2002-06-06 2009-05-05 Macrovision Corporation Controlling the downloading and recording of digital data
TW588243B (en) * 2002-07-31 2004-05-21 Trek 2000 Int Ltd System and method for authentication
US7185204B2 (en) * 2003-08-28 2007-02-27 International Business Machines Corporation Method and system for privacy in public networks
US20060106723A1 (en) * 2004-11-12 2006-05-18 Nokia Corporation Supporting the use of encrypted media objects

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7669233B2 (en) 1999-09-10 2010-02-23 Metavante Corporation Methods and systems for secure transmission of identification information over public networks
US20050228755A1 (en) * 1999-09-10 2005-10-13 Metavante Corporation Methods and systems for secure transmission of identification information over public networks
US9811671B1 (en) 2000-05-24 2017-11-07 Copilot Ventures Fund Iii Llc Authentication method and system
US9818249B1 (en) 2002-09-04 2017-11-14 Copilot Ventures Fund Iii Llc Authentication method and system
WO2005084293A3 (en) * 2004-02-27 2009-04-16 Metavante Corp Methods and systems for secure transmission of identification information over public networks
US11200439B1 (en) 2008-04-23 2021-12-14 Copilot Ventures Fund Iii Llc Authentication method and system
US9846814B1 (en) 2008-04-23 2017-12-19 Copilot Ventures Fund Iii Llc Authentication method and system
US10275675B1 (en) 2008-04-23 2019-04-30 Copilot Ventures Fund Iii Llc Authentication method and system
US11600056B2 (en) 2008-04-23 2023-03-07 CoPilot Ventures III LLC Authentication method and system
US11924356B2 (en) 2008-04-23 2024-03-05 Copilot Ventures Fund Iii Llc Authentication method and system
US12212690B2 (en) 2008-04-23 2025-01-28 Copilot Ventures Fund Iii Llc Authentication method and system
US9197635B2 (en) * 2010-10-21 2015-11-24 Noa, Inc. Remote verification of user presence and identity
US20150113273A1 (en) * 2010-10-21 2015-04-23 Lazaro Rodriguez Remote verification of user presence and identity
US20120102324A1 (en) * 2010-10-21 2012-04-26 Mr. Lazaro Rodriguez Remote verification of user presence and identity
US20120216047A1 (en) * 2011-02-18 2012-08-23 Walton Advanced Engineering Inc. digital key featuring encryption and web guide
US9253162B2 (en) * 2013-01-22 2016-02-02 Feitian Technologies Co., Ltd Intelligent card secure communication method

Also Published As

Publication number Publication date
US8522351B2 (en) 2013-08-27
CN1808458A (en) 2006-07-26
US20070204328A1 (en) 2007-08-30

Similar Documents

Publication Publication Date Title
US8386795B2 (en) Information security device of Universal Serial Bus Human Interface Device class and data transmission method for same
US8806616B2 (en) System, method, and apparatus for allowing a service provider system to authenticate that a credential is from a proximate device
US8375220B2 (en) Methods and systems for secure remote wake, boot, and login to a computer from a mobile device
US7805614B2 (en) Secure local or remote biometric(s) identity and privilege (BIOTOKEN)
US8689290B2 (en) System and method for securing a credential via user and server verification
US7861015B2 (en) USB apparatus and control method therein
US20090158033A1 (en) Method and apparatus for performing secure communication using one time password
US20070180507A1 (en) Information security device of universal serial bus human interface device class and data transmission method for same
US20100180120A1 (en) Information protection device
CN112651036B (en) Identity authentication method based on collaborative signature and computer readable storage medium
JP7309261B2 (en) Authentication method for biometric payment device, authentication device for biometric payment device, computer device, and computer program
WO2022078367A1 (en) Payment secret key encryption and decryption method, payment authentication method, and terminal device
CN111541713A (en) Identity authentication method and device based on blockchain and user signature
CN107395589A (en) Finger print information acquisition methods and terminal
Jang et al. Biometric Enabled Portable Trusted Computing Platform
WO2024139616A1 (en) Signature authentication method and apparatus
KR102252731B1 (en) Key management method and apparatus for software authenticator
US20090327704A1 (en) Strong authentication to a network
CN2914498Y (en) Information security device based on universal serial bus human-computer interaction type device
CN115801450B (en) Multi-dimensional joint authentication method and system for time and terminal
CN115529591A (en) Token-based authentication method, device, equipment and storage medium
US20210012350A1 (en) Electronic approval system and method and program using biometric authentication
CN104767728A (en) A method and system for identity authentication based on home care
KR101804845B1 (en) OTP authentication methods and system
KR20040066396A (en) Web Automatic Connecting System Using Bio Token

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: EXPRESSLY ABANDONED -- DURING EXAMINATION

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载