CN104378200A - Method for controlling validity period of secret key through clock - Google Patents
Method for controlling validity period of secret key through clock Download PDFInfo
- Publication number
- CN104378200A CN104378200A CN201410665960.XA CN201410665960A CN104378200A CN 104378200 A CN104378200 A CN 104378200A CN 201410665960 A CN201410665960 A CN 201410665960A CN 104378200 A CN104378200 A CN 104378200A
- Authority
- CN
- China
- Prior art keywords
- usbkey
- clock
- time
- error
- counter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Power Sources (AREA)
Abstract
The invention discloses a method for controlling the validity period of a secret key through a clock. A hardware clock counter is additionally arranged in a USBKey and used for independent timekeeping of the USBKey, so that the situation that system time is changed purposely or a virtual machine is utilized to set time and consequently the validity period of the USBKey cannot be judged when the USBKey is used under a non-networking offline scene is eliminated; meanwhile, a rechargeable battery is additionally arranged in the USBKey and provides electricity for the clock counter and a clock crystal oscillator of the USBKey when the USBKey is disconnected from a USB primary device, and the independent timekeeping function of the USBKey is guaranteed. The USB primary device does not need to provide system time, and the situation that the service life of the USBKey is prolonged on purpose is avoided.
Description
Technical field
The present invention relates to a kind of method of the control key term of validity, be applicable to finance, traffic, business, hotel, tourism, aviation or other can use the field of key.
Background technology
Along with the development of economy, get more and more to the demand of key management aspect, generally, key is kept in cipher key carrier, such as USBKey, is called for short U shield.A cipher key system needs the term of validity of control key, regular update key.If irregularly more new key, key likely can by Brute Force, or counterfeit by the people had ulterior motives, and is also difficult to the use of managing keys in addition.
The system time of USB main equipment is read in the term of validity inspection of USBKey usually after connecting PC or other USB main equipment, the time of such as PC, or the system time of network is read in networking, with comparing by the time of USBKey inside, judge whether to exceed the time limit, if exceeded the time limit, need again to apply for USBKey certificate, to prevent premeditated Brute Force.Although this method is simple, if USBKey is under the line of not networking during use scenes, user is premeditated to be changed system time or uses virtual machine setting-up time, and the term of validity of USBKey just cannot judge.
Summary of the invention
Based on the demand, the present invention proposes a kind of method adopting clock to carry out the control key term of validity, the method provides system time without the need to USB main equipment, avoids the appearance of above-mentioned premeditated prolongation USBKey useful life situation.
Technical scheme of the present invention is as follows:
Adopt clock to carry out a method for the control key term of validity, comprise the following steps:
Step one, when USBKey initialization downloadable authentication, resets clock counter, and adjusts consistent by the internal time of USBKey with network time;
Step 2, certificate has been downloaded and has been provided to after user, and clock counter starts timing, and every K second, counter adds 1;
Step 3, when in use, USBKey and PC or other Active Terminals connect, and PMU switches supply power mode, is powered to USBKey by outside, and meanwhile, external power source charges to the rechargeable battery of USBKey inside;
Step 4, when normal work, due to the error of VCXO or TCXO itself, the system time of USBKey can be caused poor with actual system time error, this error can according to the precision of VCXO or TCXO, and the time of maximum disengaging network system or PC, calculate corresponding worst error; If after the clock of USBKey compares with PC or network time, both errors are in the error range of above-mentioned calculating, then the clock of USBKey needs to calibrate according to the time of network system or PC;
Step 5, when application software uses USBKey to carry out digital signature or data Encrypt and Decrypt, first read the current count in the clock counter of USBKey, compare with the time of PC or other Active Terminals, or do not compare with the time of PC or other Active Terminals, but only according to the clock of oneself of USBKey, judge whether to exceed the time limit, if exceeded the time limit, lock USBKey, and return USBKey and exceed the time limit, operation failure, on the contrary then normally work.
Described clock counter is used for the timing of USBKey independence, and figure place is that N, N can get 32 or 64, and every K second, counter adds 1, K can get 1 second or 1 millisecond.
Described rechargeable battery can use lithium battery; When USBKey connects USB main equipment, rechargeable battery utilizes USB port power supply to charge; When USBKey and USB main equipment disconnect, rechargeable battery is that crystal oscillator clock and clock counter are powered, and ensures that USBKey is not having the clocking capability under USB main equipment electric power thus supplied.
Advantageous Effects of the present invention is:
(1), when being connected to PC or the use of other Active Terminals, charged to the battery of USBKey by USB/ serial ports/audio port at every turn; When being connected to PC or other Active Terminals, charged to the battery of USBKey by USB/ serial ports/audio port, PMU module wherein, for doing power management, control charging or electric discharge (operating discharge), simultaneously when being connected to PC or other Active Terminals, the working power of USBKey is switched to external power source.
(2), when not being connected to PC and other Active Terminals, when namely not using, powered by the chargeable battery of USBKey inside; When not being connected to PC and other Active Terminals, when namely not using, being controlled by PMU, working power being switched to the internal charging battery of USBKey, being powered by the chargeable battery of USBKey inside.
(3) before the deadline whenever, the crystal oscillator inside USBKey all will work, and provides clock reference to the system of USBKey (COS); Crystal oscillator work exports reference clock to counter, and produced the system time of USBKey by rolling counters forward, the initial time of system can be set by USB or JTAG mouth.
(4) clock (system time of COS) of USBKey is produced by the crystal oscillator of self, when being connected to PC or other Active Terminals, after comparing with PC or network time, if in the reasonable scope, then does and calibrates; Due to the error of VCXO or TCXO itself, the system time of USBKey can be caused poor with actual system time error, this error can according to the precision of VCXO or TCXO, and the time of maximum disengaging network system or PC, calculates the worst error of correspondence; If after the clock of USBKey compares with PC or network time, both errors are in the error range of above-mentioned calculating, then the clock (system time of COS) of USBKey needs the time according to network system or PC, does and calibrates.
Accompanying drawing explanation
Fig. 1 is the graph of a relation of every aspect in the cipher key carrier in the present invention.
Fig. 2 is the hardware layer structure chart of the cipher key carrier in the present invention.
Embodiment
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described further.
The relation of the inside every aspect of cipher key carrier as shown in Figure 1.
1, application layer refers to the types of applications for USBKey exploitation, as network login software or file encryption device etc.
2, standard middleware layer is between application layer and device drives, comprise CSP (Cryptographic Service Provider) interface based on (public key cryptography standard) standard interface of the PKCS with cross-platform characteristic and WINDOWS platform, application developer, without the need to transplanting, is easy to use.
3, hardware layer comprises hardware circuit, is solidificated in the USB driver of chip operating system COS (ChipOperatingSystem) in chip and equipment end, communicates between hardware layer with subscriber's main station with USB standard agreement.
The hardware layer structure chart of cipher key carrier as shown in Figure 2.
In Fig. 2, two places the most outstanding are exactly:
1, for USBKey increases a clock counter, clock counter is used for the timing of USBKey independence, and figure place is that N, N can get 32 or 64, and every K second, counter adds 1, K can get 1 second or 1 millisecond.
2, for USBKey increases rechargeable battery, suggestion uses lithium battery.When USBKey connects USB main equipment, rechargeable battery utilizes USB port power supply to charge, when USBKey and USB main equipment disconnect, rechargeable battery is that crystal oscillator clock and clock counter are powered, and ensures that USBKey is not having the clocking capability under USB main equipment electric power thus supplied.
In the present invention, the course of work of cipher key carrier is as follows:
Step one, when USBKey initialization downloadable authentication, is reset clock counter by USBKey initializers, and adjusts consistent by the internal time of USBKey with network time;
Step 2, certificate has been downloaded and has been provided to after user, and clock counter starts timing, and every K second, it can be 1 second that counter adds 1, K, also can be 1 millisecond;
Step 3, when in use, USBKey and PC or other Active Terminals connect, and PMU switches supply power mode, is powered to USBKey by outside, and meanwhile, external power source charges to the rechargeable battery of USBKey inside;
Step 4, when normal work, due to the error of VCXO or TCXO itself, the system time of USBKey can be caused poor with actual system time error, this error can according to the precision of VCXO or TCXO, and the time of maximum disengaging network system or PC, calculate corresponding worst error; If after the clock of USBKey compares with PC or network time, both errors are in the error range of above-mentioned calculating, then the clock (system time of COS) of USBKey needs the time according to network system or PC, does and calibrates;
Step 5, when application software uses USBKey to carry out digital signature or data Encrypt and Decrypt, first the current count in the clock counter of USBKey is read, compare with the time of PC or other Active Terminals (or do not compare with the time of PC or other Active Terminals, but only according to the clock of oneself of USBKey), judge whether to exceed the time limit, if exceeded the time limit, lock USBKey, and return USBKey and exceed the time limit, operation failure, otherwise then normally work.
This method that the present invention proposes, hardware clock counter is increased for the timing of USBKey independence in USBKey, avoid USBKey under the line of not networking during use scenes, the premeditated situation changing system time or use virtual machine setting-up time to cause the term of validity of USBKey just cannot judge occurs, in USBKey, increase rechargeable battery simultaneously, rechargeable battery is that the clock counter of USBKey and clock crystal oscillator are powered when USBKey and USB main equipment disconnect, and guarantees the independent clocking capability of USBKey.
Above-described is only the preferred embodiment of the present invention, the invention is not restricted to above embodiment.Be appreciated that the oher improvements and changes that those skilled in the art directly derive without departing from the spirit and concept in the present invention or associate, all should think and be included within protection scope of the present invention.
Claims (3)
1. adopt clock to carry out a method for the control key term of validity, it is characterized in that, comprise the following steps:
Step one, when USBKey initialization downloadable authentication, resets clock counter, and adjusts consistent by the internal time of USBKey with network time;
Step 2, certificate has been downloaded and has been provided to after user, and clock counter starts timing, and every K second, counter adds 1;
Step 3, when in use, USBKey and PC or other Active Terminals connect, and PMU switches supply power mode, is powered to USBKey by outside, and meanwhile, external power source charges to the rechargeable battery of USBKey inside;
Step 4, when normal work, due to the error of VCXO or TCXO itself, the system time of USBKey can be caused poor with actual system time error, this error can according to the precision of VCXO or TCXO, and the time of maximum disengaging network system or PC, calculate corresponding worst error; If after the clock of USBKey compares with PC or network time, both errors are in the error range of above-mentioned calculating, then the clock of USBKey needs to calibrate according to the time of network system or PC;
Step 5, when application software uses USBKey to carry out digital signature or data Encrypt and Decrypt, first read the current count in the clock counter of USBKey, compare with the time of PC or other Active Terminals, or do not compare with the time of PC or other Active Terminals, but only according to the clock of oneself of USBKey, judge whether to exceed the time limit, if exceeded the time limit, lock USBKey, and return USBKey and exceed the time limit, operation failure, on the contrary then normally work.
2. employing clock according to claim 1 carrys out the method for the control key term of validity, it is characterized in that: described clock counter is used for the timing of USBKey independence, and figure place is N, N can get 32 or 64, every K second, counter adds 1, K can get 1 second or 1 millisecond.
3. employing clock according to claim 1 carrys out the method for the control key term of validity, it is characterized in that: described rechargeable battery can use lithium battery; When USBKey connects USB main equipment, rechargeable battery utilizes USB port power supply to charge; When USBKey and USB main equipment disconnect, rechargeable battery is that crystal oscillator clock and clock counter are powered, and ensures that USBKey is not having the clocking capability under USB main equipment electric power thus supplied.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410665960.XA CN104378200A (en) | 2014-11-19 | 2014-11-19 | Method for controlling validity period of secret key through clock |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410665960.XA CN104378200A (en) | 2014-11-19 | 2014-11-19 | Method for controlling validity period of secret key through clock |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104378200A true CN104378200A (en) | 2015-02-25 |
Family
ID=52556882
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410665960.XA Pending CN104378200A (en) | 2014-11-19 | 2014-11-19 | Method for controlling validity period of secret key through clock |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104378200A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106411840A (en) * | 2015-07-28 | 2017-02-15 | 瑞萨电子株式会社 | Communication terminal and program |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1912883A (en) * | 2006-08-01 | 2007-02-14 | 高玉华 | Electronic media reading USB |
| US20080155267A1 (en) * | 2006-12-24 | 2008-06-26 | Zeev Lieber | Identity management system with an untrusted identity provider |
| CN101340437A (en) * | 2008-08-19 | 2009-01-07 | 北京飞天诚信科技有限公司 | Time source regulating method and system |
| CN101840387A (en) * | 2010-04-07 | 2010-09-22 | 北京天地融科技有限公司 | USB (Universal Serial Bus) Key device and method for realizing smart card communications using USB interface |
| CN101964709A (en) * | 2010-09-02 | 2011-02-02 | 浪潮齐鲁软件产业有限公司 | USB KEY for independently transmitting information through 3G module |
| CN102402656A (en) * | 2010-09-19 | 2012-04-04 | 邹芬 | Method for realizing software authorization by using dual power supply system device independent of host computer in real time |
| CN103116720A (en) * | 2011-11-16 | 2013-05-22 | 航天信息股份有限公司 | Universal serial bus (USB) Key device and account management method and authentication application method thereof |
| CN103413070A (en) * | 2013-07-09 | 2013-11-27 | 北京深思数盾科技有限公司 | Method and device for calibrating local clock |
| CN203466831U (en) * | 2013-09-06 | 2014-03-05 | 北京握奇智能科技有限公司 | Identity authentication device |
-
2014
- 2014-11-19 CN CN201410665960.XA patent/CN104378200A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1912883A (en) * | 2006-08-01 | 2007-02-14 | 高玉华 | Electronic media reading USB |
| US20080155267A1 (en) * | 2006-12-24 | 2008-06-26 | Zeev Lieber | Identity management system with an untrusted identity provider |
| CN101340437A (en) * | 2008-08-19 | 2009-01-07 | 北京飞天诚信科技有限公司 | Time source regulating method and system |
| CN101840387A (en) * | 2010-04-07 | 2010-09-22 | 北京天地融科技有限公司 | USB (Universal Serial Bus) Key device and method for realizing smart card communications using USB interface |
| CN101964709A (en) * | 2010-09-02 | 2011-02-02 | 浪潮齐鲁软件产业有限公司 | USB KEY for independently transmitting information through 3G module |
| CN102402656A (en) * | 2010-09-19 | 2012-04-04 | 邹芬 | Method for realizing software authorization by using dual power supply system device independent of host computer in real time |
| CN103116720A (en) * | 2011-11-16 | 2013-05-22 | 航天信息股份有限公司 | Universal serial bus (USB) Key device and account management method and authentication application method thereof |
| CN103413070A (en) * | 2013-07-09 | 2013-11-27 | 北京深思数盾科技有限公司 | Method and device for calibrating local clock |
| CN203466831U (en) * | 2013-09-06 | 2014-03-05 | 北京握奇智能科技有限公司 | Identity authentication device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106411840A (en) * | 2015-07-28 | 2017-02-15 | 瑞萨电子株式会社 | Communication terminal and program |
| CN106411840B (en) * | 2015-07-28 | 2021-02-12 | 瑞萨电子株式会社 | Communication terminal and program |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106375287B (en) | Charging method of new energy automobile | |
| KR100990466B1 (en) | Battery pack authentication for a mobile device | |
| CA2564021C (en) | Mobile device with a smart battery | |
| CA2564029C (en) | Interface and communication protocol for a mobile device with a smart battery | |
| US8250398B2 (en) | Event time management in an electric vehicle charging station without a battery-backed real time clock | |
| US8346312B2 (en) | Battery authorization server | |
| CN103595718A (en) | POS terminal and method, system and service platform for activating same | |
| US20100011218A1 (en) | System and method for secure authentication of a "smart" battery by a host | |
| CN102007787A (en) | A method and apparatus for secure trusted time techniques | |
| CN112425030A (en) | Electronic device for controlling communication channel by wireless charging and operation method thereof | |
| CN101847188A (en) | Software protection method for security device based on clock and security device | |
| US20170170687A1 (en) | Wireless power transfer with improved device identification and signaling link security | |
| CN104581712A (en) | Encryption communication method and system of mobile terminal | |
| CN111464251B (en) | Synchronization method, device and system | |
| CN104867004A (en) | Mobile payment system and mobile payment method thereof | |
| CN104378200A (en) | Method for controlling validity period of secret key through clock | |
| CN106959910A (en) | Remote data management method and system | |
| JP2009171467A (en) | Authentication system, electronic device, and battery pack | |
| US8706163B2 (en) | Chip cards providing trusted time references | |
| KR20200143034A (en) | Certificate-based security electronic watt hour meter | |
| CN112074796A (en) | Device with a removable smart card | |
| CN204990547U (en) | A device is opened to invoice for taxation control system | |
| CN201828920U (en) | Computer USB encipher | |
| CN116192365B (en) | PPP-B2B signal transmission method and system based on text service system | |
| CN110111496A (en) | A kind of local charge control electric energy meter takes the change method of control data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150225 |