CN202150861U - Digital certificate safety lock apparatus and digital certificate authentication system - Google Patents
Digital certificate safety lock apparatus and digital certificate authentication system Download PDFInfo
- Publication number
- CN202150861U CN202150861U CN201120242947U CN201120242947U CN202150861U CN 202150861 U CN202150861 U CN 202150861U CN 201120242947 U CN201120242947 U CN 201120242947U CN 201120242947 U CN201120242947 U CN 201120242947U CN 202150861 U CN202150861 U CN 202150861U
- Authority
- CN
- China
- Prior art keywords
- digital
- digital certificate
- audio
- microcontroller
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000004891 communication Methods 0.000 claims abstract description 154
- 230000005236 sound signal Effects 0.000 claims description 44
- 230000008878 coupling Effects 0.000 claims description 20
- 238000010168 coupling process Methods 0.000 claims description 20
- 238000005859 coupling reaction Methods 0.000 claims description 20
- 238000012545 processing Methods 0.000 claims description 8
- 230000006870 function Effects 0.000 abstract description 10
- 238000010586 diagram Methods 0.000 description 19
- 238000010295 mobile communication Methods 0.000 description 16
- 238000000034 method Methods 0.000 description 13
- 230000004044 response Effects 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 239000011810 insulating material Substances 0.000 description 2
- 229920001690 polydopamine Polymers 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000001174 ascending effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000002516 radical scavenger Substances 0.000 description 1
- 230000000630 rising effect Effects 0.000 description 1
- 230000005428 wave function Effects 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The utility model relates to a digital certificate safety lock apparatus and a digital certificate authentication system. The digital certificate safety lock apparatus comprises a universal encryption and digital signature microcontroller, which is provided with an encryption and digital signature module and a memory used for storing a digital certificate, and a secret key, an encryption algorithm and a decryption algorithm thereof; and the digital certificate safety lock apparatus also comprises an audio plug and a first modulation-demodulation module, the latter is used for modulating data information from the encryption and digital signature module, so as to transmit the modulated data information through the MIC electrode of the audio plug, and used for demodulating a signal received from the first sound channel electrode of the audio plug, and thereafter transmitting the demodulated signal to the encryption and digital signature module. The digital certificate safety lock apparatus comprises a universal audio interface plug having a strong university and applicability, and supporting a communication terminal with an audio interface, such as a mobile phone, a flat computer, a PDA or a PC. The independent hardware signature and the digital certificate encryption functions can ensure the safety of a network bank or the application login and transaction of an enterprise.
Description
Technical Field
The utility model relates to a safe access authentication, more specifically say, relate to a take digital certificate safety lock device, digital certificate authentication system of audio interface.
Background
At present, communication terminal products such as mobile phones, tablet computers, PDAs and the like lack universal USB interfaces, so that U-KEY, U shields and the like which are commonly used on Personal Computers (PCs) cannot be used on the communication terminals by using digital certificates and signature algorithm technologies independent of USB interface hardware.
The popular network banking software installed on part of the communication terminals does not have a hardware-independent security key, so that the transaction security is reduced and the functions are reduced. With the enhancement of communication terminal functions, they have been confronted with security risks such as hacker intrusion and file certificate loss similar to PCs, and independent and universal hardware digital certificate devices and encryption algorithms become especially important. The same problem occurs in application environments where there is a strong demand for secure login, such as enterprise VPN, payroll, online banking, etc.
In the above applications, such as internet banking inquiry and transaction software on a PC, a USB KEY is generally used as an independent hardware device for storing digital certificates, signing and summarizing operations for security reasons. With the rapid increase of the popularity of mobile communication terminal users, the total number of mobile terminal users will far exceed the number of users having PCs. Banks and enterprises develop special mobile communication terminal software for mobile communication terminal users, but the mobile communication terminal does not have independent digital certificate hardware such as USB KEY and the like, so that the security is still not ensured.
The USB KEY currently and generally used by internet banking requires a host device (such as a PC) to have a USB interface and to be able to install a driver, or the so-called drive-free USB KEY actually shares an HID interface driver of an operating system above WINDOWS XP. The intelligent communication terminal or other personal handheld communication terminals generally do not have a USB interface, and are less likely to have a built-in driver suitable for the 'drive-free' premise of USB KEY. However, since a PC, a communication terminal, or a personal handheld communication terminal has an audio interface with an earphone and a MIC, it is necessary to develop a universal audio interface device (KEY) that employs the audio interface and has hardware functions such as a digital certificate and a signature algorithm of a USB KEY.
SUMMERY OF THE UTILITY MODEL
The to-be-solved technical problem of the utility model lies in, many communication terminals to prior art do not set up the USB interface, and the USB interface is not general, can't use current USB KEY to carry out the defect that digital certificate verified, provide a digital certificate safety lock device with audio plug, its general audio interface of accessible and communication terminal communication connection.
The to-be-solved technical problem of the utility model lies in, many communication terminals to prior art do not set up the USB interface, can't use U-KEY to carry out the defect that digital certificate verified, provide a digital certificate authentication system, wherein including the digital certificate safety lock device who has the audio frequency plug, accessible audio interface and communication terminal communication connection.
The utility model provides a technical scheme that its technical problem adopted is: the digital certificate safety lock device comprises a general encryption and digital signature microcontroller, wherein an encryption and digital signature module and a memory for storing a digital certificate, a secret key of the digital certificate and an encryption and decryption algorithm are arranged on the general encryption and digital signature microcontroller; it is characterized by also comprising:
an audio plug having a MIC pole and a first channel pole; and
and the first modulation and demodulation module is used for modulating the data information from the encryption and digital signature module so as to be transmitted out through the MIC pole of the audio plug, and demodulating a signal received from the first sound channel pole of the audio plug so as to obtain data information and then transmitting the data information to the encryption and digital signature module.
In the digital certificate safety locking device, first modem module include with general encryption and digital signature microcontroller communication link to each other, be used for carrying on audio signal's the first communication microcontroller who handles with decoding to and alternating current coupling circuit and low pass filter circuit, wherein, first communication microcontroller's output pass through low pass filter circuit connect in the Microphone (MIC) utmost point of audio plug, first communication microcontroller's input pass through alternating current coupling circuit connect in the first sound channel utmost point of audio plug.
In the digital certificate safety locking device, first modem module include with general encryption and digital signature microcontroller communication link to each other, be used for carrying on audio signal's the first communication microcontroller and the first digital analog converter of processing of decoding, wherein, first communication microcontroller's output passes through first digital analog converter connect in the MIC utmost point of audio plug, first communication microcontroller's input connect in the first sound channel utmost point of audio plug.
In the digital certificate security lock apparatus of the present invention, the first modem module further comprises a first analog-to-digital converter, the input of the first communication microcontroller is connected to the first analog-to-digital converter through the first sound channel pole of the audio plug.
Digital certificate safety locking device in, first modem module includes alternating current coupling circuit, low pass filter circuit and is integrated first audio signal codec module on general encryption and the digital signature microcontroller, wherein, general encryption and digital signature microcontroller's output pass through low pass filter circuit connect in the Microphone (MIC) utmost point of audio plug, general encryption and digital signature microcontroller's input pass through alternating current coupling circuit connect in the first sound channel utmost point of audio plug.
Digital certificate safety locking device in, first modem module includes a digital analog converter and is integrated first audio signal codec module on general encryption and the digital signature microcontroller, wherein, general encryption and digital signature microcontroller's output passes through a digital analog converter connect in the MIC utmost point of audio plug, general encryption and digital signature microcontroller's input connect in the first sound channel utmost point of audio plug.
In the digital certificate security lock device of the present invention, the first modem module further includes a first analog-to-digital converter, the input end of the general encryption and digital signature microcontroller is connected to the first analog-to-digital converter through the first audio channel pole of the audio plug.
The digital certificate safety lock device of the utility model also comprises a power supply device for supplying power to the digital certificate safety lock device; and the audio plug also has a second channel pole; wherein the power supply device comprises an electric quantity collector which is arranged in the digital certificate safety lock device and connected with the second channel pole, or the power supply device comprises a battery which is arranged in the digital certificate safety lock device.
In the digital certificate security lock apparatus of the present invention, the general encryption and digital signature microcontroller and the first communication microcontroller pass through a UART interface or a USB interface or an I interface2And C, interface communication connection.
The utility model provides a another technical scheme that its technical problem adopted is: constructing a digital certificate authentication system comprising:
a digital certificate security lock device as described above;
the communication terminal is provided with an audio interface and a communication module, and a second modulation and demodulation module for modulating and demodulating audio signals is arranged on the communication terminal;
an authentication server;
the audio plug of the digital certificate safety lock device is in communication connection with the audio interface of the communication terminal, and the communication terminal is in communication connection with the authentication server through the communication module through a communication network.
In the digital certificate authentication system of the present invention, the second modem module comprises: the second communication microcontroller is arranged on the communication terminal and is used for carrying out coding and decoding processing on the audio signals; or a second audio signal coding and decoding module integrated on the communication terminal.
In the digital certificate authentication system of the present invention, the communication terminal includes a mobile phone, a computer or a personal digital assistant equipped with internet banking software, the authentication server includes an internet banking web server and an application server communicating with the web server, and the application server is in communication connection with the database.
Implement the utility model discloses, following beneficial effect has: because the utility model discloses a digital certificate safety lock device has general audio interface plug, and its commonality and suitability are strong, can support the communication terminal who has audio interface, like cell-phone, panel computer, PDA or PC etc.. The functions of independent hardware signature, digital certificate encryption and the like can ensure the safety of network bank or enterprise application login and transaction to the maximum extent.
Drawings
The invention will be further explained with reference to the drawings and examples, wherein:
fig. 1 is a schematic structural diagram of the digital certificate security lock device of the present invention;
fig. 2A is a schematic structural diagram of a first embodiment of the digital certificate security lock apparatus of the present invention;
fig. 2B is a schematic structural diagram of a second embodiment of the digital certificate security lock apparatus of the present invention;
fig. 3A is a schematic structural diagram of a third embodiment of the digital certificate security lock apparatus of the present invention;
fig. 3B is a schematic structural diagram of a fourth embodiment of the digital certificate security lock apparatus of the present invention;
fig. 4A is a schematic structural diagram of a fifth embodiment of the digital certificate security lock apparatus of the present invention;
fig. 4B is a schematic structural diagram of a sixth embodiment of the digital certificate security lock apparatus of the present invention;
fig. 5 is a schematic structural diagram of the digital certificate authentication system of the present invention;
fig. 6A is a schematic structural diagram of a first embodiment of the digital certificate authentication system of the present invention;
fig. 6B is a schematic structural diagram of a second embodiment of the digital certificate authentication system of the present invention;
fig. 7 is a flowchart of the digital certificate authentication method of the present invention.
Detailed Description
The utility model discloses think of a digital certificate safety lock device (also can be called general audio interface KEY, A-KEY for short) with audio plug to cooperate with the communication terminal who has the audio interface, authenticate user's identity, with safe access service or application system, for example network banking system.
As shown in fig. 1, the digital certificate security lock apparatus 100 of the present invention includes a general encryption and digital signature microcontroller 10, a first modem module 20, and an audio plug 30. The general encryption and digital signature microcontroller 10 is provided with an encryption and digital signature module 12 and a memory (not shown in the figure) for storing a digital certificate and a secret key thereof and an encryption and decryption algorithm. The audio jack 30 includes a Microphone (MIC) pole 32 and a first channel pole (e.g., left or right channel pole) 34. In the present invention, alternatively, the audio plug 30 may be a headset-integrated plug. Alternatively, the audio jack 30 may be a separate jack plug with a separate earphone jack and Microphone (MIC) jack. The MIC pole 32 and the left and/or right channel poles are all disposed on the same pin on a headset-integrated plug, separated from each other by an insulating material. On the split plug, the MIC pole 32 is disposed on the MIC plug; the left and/or right channel poles are disposed on the headphone plug and are separated from each other by an insulating material.
In operation, the first modem module 20 is used to modulate data information from the encryption and digital signature module 12 for transmission out through the MIC pole 32 of the audio plug, and to demodulate a signal received from the first channel pole 34 of the audio plug to obtain data information for transmission to the encryption and digital signature module 12.
FIG. 2A is a schematic diagram of a digital certificate security lock arrangement 100A according to a first embodiment of the present invention. As shown in fig. 1, the digital certificate security lock device 100A includes a general encryption and digital signature microcontroller 10, a first modem module 20, an audio plug 30, and a power collector 52. Wherein, an encryption and digital signature module 12 and a memory (not shown in the figure) are arranged, and the memory stores a digital certificate and a key thereof and an encryption and decryption algorithm. The first modem module 20 includes a first communication microcontroller 22, a low pass filter circuit 24, and an ac coupling circuit 26. The first communication microcontroller 22 is provided with an audio encoding module 22a and an audio decoding module 22b for encoding and decoding the audio signal. The audio jack 30 includes a MIC pole 32, a right channel pole 34a, and a left channel pole 34 b.
The general encryption and digital signature microcontroller 10 is communicatively connected to a first communication microcontroller 22, for example, via a UART interface, a USB interface or I2C-interface or other suitable communication interface. The output of the first communication microcontroller 22 is connected to the MIC terminal 32 of the audio jack via the low pass filter circuit 24, and the input of the first communication microcontroller 20 is connected to the right channel terminal 34a of the audio jack 30 via the ac coupling circuit 26. The power collector 52 is connected to the left channel pole 34b of the audio jack 30 for drawing power from the connected communication terminal to power the digital certificate security lock device.
Although fig. 2A shows that the ac coupling circuit 26 is connected to the right channel electrode 34a and the electric quantity collector 52 is connected to the left channel electrode 34b, the present invention is not limited thereto, and alternatively, the ac coupling circuit 26 may be connected to the left channel electrode 34b and the electric quantity collector 52 may be connected to the right channel electrode 34 a. One of the right and left channel poles 34a, 34b may thus be represented by a first channel pole, while the other channel is represented by a second channel pole.
FIG. 2B is a schematic diagram of a digital certificate security lock arrangement 100B according to a second embodiment of the present invention. The structure of FIG. 2B is the same as that of the digital certificate lock device 100A shown in FIG. 2A, except that the digital certificate lock device is powered by a battery 54 instead of by a power harvester 52. In addition, in the embodiment shown in FIG. 2B, the AC coupling circuit 44 may be connected to the right channel pole or may be connected to the left channel pole, where the right channel pole 34a or the left channel pole 34B are collectively referred to as the right or left channel pole 34 in FIG. 2B.
FIG. 3A is a schematic diagram of a digital certificate security lock arrangement 100C according to a third embodiment of the present invention. In contrast to the embodiment shown in fig. 2A, the audio codec module in the embodiment shown in fig. 3A is integrated in the general encryption and digital signature microcontroller 10, i.e. one microcontroller is saved compared to the embodiment shown in fig. 2A. As shown in fig. 3A, in the digital certificate security lock device 100C, the general encryption and digital signature microcontroller 10 includes a first audio signal codec module 28 in addition to the encryption and digital signature module 12. The output signal of the first audio signal codec module 28 is transmitted to the microphone pole 32 of the audio plug 30 through the low pass filter circuit 24 via the output terminal of the general encryption and digital signature microcontroller 10, and the first audio signal codec module 28 can receive the signal via the input terminal of the general encryption and digital signature microcontroller 10 through the ac coupling circuit 26 and the right channel pole 34a of the audio plug 30. The power collector 52 is connected to the left channel pole 34b of the audio jack 30 for drawing power from the connected communication terminal to power the digital certificate security lock device.
Although fig. 3A shows that the ac coupling circuit 26 is connected to the right channel electrode 34a and the electric quantity collector 52 is connected to the left channel electrode 34b, the present invention is not limited thereto, and alternatively, the ac coupling circuit 26 may be connected to the left channel electrode 34b and the electric quantity collector 52 may be connected to the right channel electrode 34 a. One of the right and left channel poles 34a, 34b may thus be represented by a first channel pole, while the other channel is represented by a second channel pole.
FIG. 3B is a schematic diagram of a digital certificate security lock arrangement 100D according to a fourth embodiment of the present invention. The remainder of FIG. 3B is identical to the structure of the digital certificate security lock device 100C shown in FIG. 3A, except that a battery 54 is used in place of the power scavenger 52 to power the digital certificate security lock device. In addition, in the embodiment shown in FIG. 3B, the AC coupling circuit 44 may be connected to the right channel pole or may be connected to the left channel pole, where the right channel pole 34a or the left channel pole 34B are collectively referred to as the right or left channel pole 34 in FIG. 3B.
Fig. 4A is a schematic structural diagram of a digital certificate security lock device 100E according to a fifth embodiment of the present invention. Unlike the embodiment shown in fig. 2A, in the embodiment shown in fig. 4A, the low-pass filter circuit 24 is replaced by a digital-to-analog converter (DAC)23a, and the ac coupling circuit 26 is replaced by an analog-to-digital converter (ADC)23 b. While the rest is the same as the structure of the digital certificate security lock device 100A shown in fig. 2A.
The ADC 23b is shown as a dashed box in fig. 4A to indicate that this component is an optional component, and in other embodiments the ADC 23b may not be used, and the input of the first communicating microcontroller 22 may be connected directly to the right channel pole 34A of the audio jack 30.
FIG. 4B is a schematic diagram of a digital certificate security lock arrangement 100F according to a sixth embodiment of the present invention. Unlike the embodiment shown in fig. 3B, in the embodiment shown in fig. 4B, the low-pass filter circuit 24 is replaced by a digital-to-analog converter (DAC)23a, and the ac coupling circuit 26 is replaced by an analog-to-digital converter (ADC) 23B. While the rest is the same as the structure of the digital certificate security lock device 100A shown in fig. 2A.
The ADC 23b is shown as a dashed box in fig. 4A to indicate that this component is an optional component, and in other embodiments the ADC 23b may not be used, and the input of the first communicating microcontroller 22 may be connected directly to the right channel pole 34A of the audio jack 30.
It should be noted that although the embodiments shown in fig. 2A, 2B, 3A, 3B, 4A and 4B all include the built-in charge collector 52 or the battery 54, as will be appreciated by those skilled in the art, the digital certificate security lock device may be powered by an external power source without the built-in charge collector 52 or the battery 54.
In the operation process, the audio plug of the digital certificate security lock device of the above embodiment is inserted into the audio interface of the corresponding communication terminal, the modulated data information can be transmitted to the communication terminal (for example, a mobile phone, a tablet computer, a personal digital assistant, a desktop computer, or the like), and the restored data information is obtained through the processing of the second modem module configured in the communication terminal. This point will be described in detail later with reference to fig. 5, 6A, 6B, and 7.
Fig. 5 is a schematic structural diagram of the digital certificate authentication system of the present invention. As shown in fig. 5, the digital certificate authentication system includes a digital certificate lock apparatus 100 (such as the digital certificate lock apparatuses 100, 100A, 100B, 100C, 100D, 100E, and 100F shown in fig. 1 to 4B), a mobile communication terminal 200, an authentication server 300, and a communication network 400. The mobile communication terminal 200 includes an audio interface 202, a second modem module 204, and a communication module 206, and functional modules or devices, such as a processor, a memory, an input/output device, etc., which are not shown in the drawings but are provided in a conventional mobile communication terminal.
In operation, the audio plug 30 of the digital certificate security lock device 100 is communicatively coupled to the audio interface 202 of the mobile communication terminal 200 (i.e., the audio plug 30 is inserted into the audio interface 202), and the mobile communication terminal 200 is communicatively coupled to the authentication server 300 via the communication module 206 over the communication network 400. The second modem module 204 is configured to demodulate the audio signal received by the audio interface 202 and transmit the demodulated audio signal to the communication module 206, and modulate the signal received from the communication module 206 to obtain a modulated audio signal, and transmit the modulated audio signal to the digital certificate security lock apparatus 100 through the audio interface 202.
Fig. 6A is a schematic structural diagram of the first embodiment of the digital certificate authentication system of the present invention. As shown in fig. 6A, the digital certificate authentication system includes a digital certificate lock device 100 (e.g., the digital certificate lock devices 100, 100A, 100B, 100C, 100D, 100E, and 100F shown in fig. 1-4B), a mobile communication terminal 200, an authentication server 300, and a communication network 400. The mobile communication terminal 200 includes an audio interface 202, a second communication micro-controller 204a and a communication module 206 for encoding and decoding audio signals, and functional modules or devices, such as a processor, a memory, an input/output device, etc., which are not shown in the figure but are provided in a conventional mobile communication terminal.
In operation, the audio plug 30 of the digital certificate security lock device 100 is communicatively coupled to the audio interface 202 of the mobile communication terminal 200 (i.e., the audio plug 30 is inserted into the audio interface 202), and the mobile communication terminal 200 is communicatively coupled to the authentication server 300 via the communication module 206 over the communication network 400. The second communication microcontroller 204a is configured to decode the audio signal received by the audio interface 202 and transmit the decoded audio signal to the communication module 206, and to encode the signal received from the communication module 206 to obtain an encoded audio signal, and then transmit the encoded audio signal to the digital certificate security lock apparatus 100 through the audio interface 202.
Fig. 6B is a schematic structural diagram of a second embodiment of the digital certificate authentication system of the present invention. As shown in FIG. 6, the digital certificate authentication system includes a digital certificate security lock device 100 (such as the digital certificate security lock devices 100, 100A, 100B, 100C, 100D, 100E, and 100F shown in FIGS. 1-4B), a desktop computer 200', an authentication server 300, and a communication network 400. Among them, the desktop computer 200' includes audio interfaces, i.e., a MIC interface 202a and a headphone interface 202b, a second audio signal codec module 204b and a communication module 206 for performing encoding and decoding processes of audio signals, and functional modules or devices, such as a processor, a memory, an input-output apparatus, etc., which are not shown in the drawings but are possessed by a conventional computer. In this embodiment, the audio plug of the digital certificate security lock apparatus 100 includes a separate MIC plug 32 'and headphone plug 34'.
In operation, the audio jack of digital certificate security locker 100 is communicatively coupled to the audio interface of desktop computer 200 '(i.e., MIC jack 32' is plugged into MIC interface 202a and headset jack 34 'is plugged into headset interface 202 b), and desktop computer 200' is communicatively coupled to authentication server 300 over communication network 400 via communication module 206. The second audio signal codec module 204' is configured to decode the audio signal received from the MIC interface 202a, transmit the decoded audio signal to the communication module 206, encode the signal received from the communication module 206 to obtain an encoded audio signal, and transmit the encoded audio signal to the digital certificate lock apparatus 100 through the headphone interface 202 b.
In the above embodiment, the authentication server 300 is a server for internet banking, and includes an internet banking web server 302 and an application server 304 communicatively connected thereto, and the application server 304 is communicatively connected to a database 306. In the application of internet banking, the communication terminal device (such as the desktop computer 200' or the mobile communication terminal 200) needs to install corresponding internet banking software.
The authentication server 300 may be an authentication server for other purposes, such as an authentication server used for authentication when a branch company of a multinational company or regional group company remotely logs in a head office database, an authentication server used for authentication when a user of application software logs in a website of a software provider for software upgrade or data reporting, an enterprise VPN server, a financial middleware server, and an e-commerce website login authentication server.
The mobile communication terminal 200 in the embodiments shown in fig. 5 and 6A may be a portable communication terminal such as a mobile phone, a tablet computer, or a personal digital assistant. In the embodiment of fig. 6A, the second communication microcontroller 204a can also be replaced by a second audio signal codec module 204 b. In the embodiment of fig. 6B, the second audio signal codec module 204B may also be replaced by the second communication microcontroller 204 a.
In addition, in various embodiments, whether the audio plug is an integral headset plug or a split MIC plug and headset plug is selected may be determined according to the type of audio interface of the connected communication terminal. The choice of the specification of the audio plug, for example 2.5mm or 3.5mm, also needs to be determined depending on the type of audio interface of the connected communication terminal.
It should be further noted that the audio encoding module 22a, the audio decoding module 22b, the first audio signal encoding/decoding module 28, and the second audio signal encoding/decoding module 204b can be implemented by software, hardware, firmware, or a combination of software and hardware.
For example, the codec program residing on the digital certificate dongle is implemented in the microcontroller programming language, and resides in the code memory of the microcontroller along with other control procedures. And an independent coding and decoding chip can be designed to realize a coding and decoding algorithm. The audio coding and decoding can be realized by adopting a TI MSP430 series ultra-low power consumption microcontroller. The GPIO, the timer and the comparator of the microcontroller can be used for controlling the GPIO to output a specific waveform signal, and the signal suitable for an audio channel is obtained after low-pass filtering and is transmitted to the MIC pole. The audio signal transmitted by the left channel pole reaches the GPIO and the comparator of the MSP430 after alternating current coupling, the comparator judges the ascending or descending of the waveform, and 0 or 1 is obtained by decoding through Vcc/2 voltage comparison.
The functionality of the second communication controller, which is also located in the communication terminal, can also be implemented in software, running in a software process of the mobile phone. Or may exist in the form of a communication terminal operating system module or driver residing in an operating system firmware storage area of the communication terminal. For example, a smartphone using an Android operating system obtains an audio sample value from MIC extreme recording through an AudioRecord class, and obtains 0 or 1 by determining the positive or negative of the audio sample value and the rising or falling decoding of an audio waveform. Selecting different frequencies by judging whether the bit needing to be output is 1 or 0, and calculating a PCM value corresponding to the corresponding frequency by utilizing a sine wave function; and appointing a left sound channel to play the PCM data by using an AudioTrack class provided by an Android platform.
In addition, the communication module 206 may be a wired communication module or a wireless communication module, and the communication network may be a wired communication network, a wireless communication network, or a combination of a wired communication network and a wireless communication network.
Fig. 7 is a flowchart of the digital certificate authentication method of the present invention. As shown in fig. 7, in step 702, the communication terminal transmits a login request and transmits it to the authentication server through the communication network. In step 704, the authentication server receives a login request sent by the communication terminal via the communication network, and returns a response signal containing a data string. In step code 706, a second modem module in the communication terminal modulates the received data string. At step 708, the communication terminal transmits a modulated signal containing the data string information to the digital certificate lock device via the audio interface. In step 710, the first modem module in the digital certificate security lock apparatus demodulates the received modulated signal and then re-acquires the data string. In step 712, the encryption and digital signature module in the digital certificate security lock device performs encryption signature on the data string to obtain an encryption signature result string. At step 714, the first modem module in the digital certificate security lock device encodes the encrypted signature result string into a modulated signal. In step 716, the digital certificate security lock device returns a modulated signal containing the encrypted signature result string information to the communication terminal through the audio interface. In step 718, the second modem module in the communication terminal demodulates the received modulated signal and then obtains the encrypted signature result string again, and sends the encrypted signature result string to the authentication server through the communication network for verification. After the authentication server performs authentication processing on the encrypted signature result string, the authentication server returns a login verification result to the communication terminal in step 720.
The utility model discloses in, the processing procedure and the method among the equal compatible prior art of authentication processing among the encryption signature processing in the digital certificate safety locking device and the authentication server, therefore no longer describe here.
To assist in understanding the present invention, the following examples are given.
The utility model discloses digital certificate safety lock device (also can be called general audio interface KEY, A-KEY for short) is equipped with algorithm microcontroller such as digital certificate encryption signature, and audio interface KEY passes through audio interface and connects communication terminal. The method is provided for a Software Development Kit (SDK) of a communication terminal bank software developer. The communication terminal software developer forms the bitstream by calling a function in the SDK that shapes the incoming data plus the command word and then sends the bitstream signal to the earpiece output audio interface. The communication Microcontroller (MCU) reads a Manchester coded signal (optional MODEM modulation signal) from a left channel (optional right channel) of the audio, judges 0 or 1 according to the intermediate voltage comparison, and transmits the signal to the universal encryption signature microcontroller as a UART RX input signal. The communication MCU also encodes the output signal of the general encryption signature microcontroller into a Manchester signal (optional MODEM modulation signal) and outputs the Manchester signal to a Microphone (MIC) interface through low-pass filtering.
Because the utility model discloses digital certificate safety lock device has been connected to communication terminal's earphone output audio interface through the audio interface, consequently can read the signal, obtain command word and command data after decoding the signal, carry out to command data according to the command word and adopt publicly known message digest algorithm (for example MD5 or SHA1) to carry out digest operation, signature operation or 3-DES encryption operation etc.. The result of the operation is then formed into a bit stream, and the bit stream signal is then sent to the MIC interface of the audio interface. And the SDK software on the communication terminal provides the result bit stream data on the MIC input interface for the bank software installed on the communication terminal to use. The communication terminal bank software can send the data signed by the external independent encryption hardware (namely the utility model discloses digital certificate safety lock device) to the communication server of the bank to process functions such as transfer, remittance, inquiry and the like required by the transaction.
Specifically, the digital certificate security lock device is provided with an audio interface plug which can be inserted into an audio interface of a communication terminal. When the digital certificate security lock is used, an audio plug is inserted into an audio interface of a communication terminal, login is selected on application software of the communication terminal, bank software of the communication terminal sends an authentication request to an authentication server, then a data string response signal is obtained, the data string response signal is sent to the digital certificate security lock device after being encoded, the digital certificate security lock device decodes the received audio, encrypts the audio by a bank public key and signs a user private key, and then the encrypted signing result is encoded and then sent to the bank software of the communication terminal, and the software reads an operation result of the decoded digital certificate security lock device and then sends the operation result to the authentication server of a bank. The bank authentication server utilizes the private key for decryption, and determines whether the user is a legal user after the signature is verified by using the public key of the user, so that the safe login is completed. Other functions such as transfer, remittance, inquiry, etc. may also be similarly secured and signed.
The utility model discloses in, communication microcontroller's primary function has two points: a) completing the modulation and demodulation of the audio signal to the digital signal; b) the digital signal is forwarded to the universal encryption and digital signature microcontroller through the UART/USB/i 2C/interface. For example, a section of data is required to be subjected to MD5 operation by the communication terminal, the communication microcontroller acquires an audio signal from a left sound channel, a 01 bit stream is obtained according to the level comparison of the signal, and then the audio signal is sent to the USB port of the communication terminal according to the requirements of the universal digital signature and the encryption microcontroller. The general digital signature and encryption microcontroller acquires the MD5 request command and the data to be operated from the USB input, and obtains the MD5 digest value of the data through an internal solidified MD5 algorithm.
The universal encryption and digital signature microcontroller actually contains a smart card chip and a FLASH memory. The smart card chip hardware solidifies MD5 or SHA1 digest algorithm, and also solidifies hardware algorithms of signature, verification signature, data encryption and data decryption of a public key and private key system (PKI). For security, the user's digital certificate (public key), private key, etc. is stored in the FLASH memory of the general encryption and digital signature microcontroller. Thus, algorithm programs and data such as certificates and private keys required by PKI are independently stored in the hardware, and hacker attacks can be prevented.
For example, the audio encoder encodes the digital signals of 0 and 1 into audio frequency signals (20-20000 hz) which can be transmitted through the audio line, and the digital signals can be encoded into manchester encoded audio signals, and also encoded into Bell 202 MODEM (bhttp://en.wikipedia.org/wiki/Bell_202_modem) A signal. The process of the audio decoder is reversed. This function may also be implemented by the communication microcontroller. For example, the audio encoder and the audio decoder may be an audio encoding program and an audio decoding program running on the communication microcontroller, an audio encoding and decoding program solidified on the communication microcontroller, or an audio codec made into hardware. The encoding and decoding algorithm can be various, such as Manchester code, Morse code, and encoding and decoding method used by MODEM modulation and demodulation of dial-up network.
Corresponding audio coder and audio decoder are also arranged on the communication terminal. For example, the audio encoder and the audio decoder may be an audio encoding program and an audio decoding program running on the communication terminal, an audio encoding and decoding program solidified on the communication terminal, or an audio codec audio made into hardware. The encoder changes 0 to 10, changes 1 to 01, and then sends data such as 10, 01 to a digital to analog converter to get to the digital certificate lock device through the left channel.
An example of the necessary process for a user to log in is given below:
a) the communication terminal sends a login request to a login server;
b) the server returns a random number "123456789";
c) the communication terminal obtains the random number and then delivers the random number to an audio encoder of the communication terminal, and the audio encoder encodes the random number and plays the encoded random number to a left sound channel;
d) the communication microcontroller of the A-KEY obtains an audio signal from a left sound channel, decodes the audio signal to obtain a digital signal, and transmits the digital signal to a USB input of the general encryption and digital signature microcontroller;
e) the general encryption and digital signature microcontroller of the A-KEY carries out private KEY encryption operation on the random number '123456789', and outputs an operation result '25 d55ad283aa400af464c76d713c07 ad' to an interface;
f) the communication microcontroller of the A-KEY acquires a signature result from the USB, encodes the result and sends the result to an MIC interface;
g) audio decoding software running in the communication terminal takes an audio signal from the MIC, decodes it into digital data "25 d55ad283aa400af464c76d713c07 ad", and sends this data to the login server;
h) the login server obtains the data "25 d55ad283aa400af464c76d713c07 ad", decrypts with the user's public key, and if the decryption succeeds, it indicates that the user is the user stated in the public key certificate, and the login succeeds.
To sum up, the utility model relates to a communication terminal plug part (digital certificate safety lock device promptly) can realize hardware digital signature through general audio interface, becomes independent hardware security key when communication terminal logs in, pays, operations such as shopping, makes communication terminal reach the security level similar with PC personal computer. The utility model discloses mainly solve present USB KEY's application scope restriction problem. In addition, the utility model discloses still relate to a digital certificate authentication system including this digital certificate safety locking device and utilize this digital certificate safety locking device to carry out the method of digital certificate authentication.
Claims (10)
1. A digital certificate security lock device comprises a general encryption and digital signature microcontroller, wherein an encryption and digital signature module and a memory for storing a digital certificate, a secret key thereof and an encryption and decryption algorithm are arranged on the general encryption and digital signature microcontroller; it is characterized by also comprising:
an audio plug having a MIC pole and a first channel pole; and
and the first modulation and demodulation module is used for modulating the data information from the encryption and digital signature module so as to be transmitted out through the MIC pole of the audio plug, and demodulating the signal received from the first sound channel pole of the audio plug so as to obtain the data information and then transmitting the data information to the encryption and digital signature module.
2. The digital certificate security lock device as claimed in claim 1, wherein the first modem module comprises a first communication microcontroller connected to the general encryption and digital signature microcontroller in communication for encoding and decoding audio signals, and an ac coupling circuit and a low pass filter circuit, wherein the output terminal of the first communication microcontroller is connected to the MIC terminal of the audio plug through the low pass filter circuit, and the input terminal of the first communication microcontroller is connected to the first sound track terminal of the audio plug through the ac coupling circuit.
3. The digital certificate security lock device as claimed in claim 1, wherein the first modem module comprises a first communication microcontroller and a first digital-to-analog converter, wherein the first communication microcontroller is communicatively connected to the general encryption and digital signature microcontroller, and is configured to perform encoding and decoding processing of an audio signal, wherein an output of the first communication microcontroller is connected to the MIC pole of the audio plug through the first digital-to-analog converter, and an input of the first communication microcontroller is connected to the first sound track pole of the audio plug.
4. The digital certificate security lock device of claim 3, wherein said first modem module further comprises a first analog-to-digital converter, and wherein said first communications microcontroller input is connected to said audio plug first channel pole via said first analog-to-digital converter.
5. The device according to claim 1, wherein the first modem module comprises an ac coupling circuit, a low pass filter circuit, and a first audio signal codec module integrated on the general encryption and digital signature microcontroller, wherein an output terminal of the general encryption and digital signature microcontroller is connected to the MIC terminal of the audio plug through the low pass filter circuit, and an input terminal of the general encryption and digital signature microcontroller is connected to the first sound channel terminal of the audio plug through the ac coupling circuit.
6. The device according to claim 1, wherein the first modem module comprises a first digital-to-analog converter and a first audio signal codec module integrated on the general encryption and digital signature microcontroller, wherein an output terminal of the general encryption and digital signature microcontroller is connected to the MIC terminal of the audio plug through the first digital-to-analog converter, and an input terminal of the general encryption and digital signature microcontroller is connected to the first audio channel terminal of the audio plug.
7. The digital certificate security lock device of claim 6, wherein the first modem module further comprises a first analog-to-digital converter, and wherein the input of the universal encryption and digital signature microcontroller is connected to the first channel pole of the audio plug via the first analog-to-digital converter.
8. The digital certificate security lock arrangement as claimed in any one of claims 1 to 7, further comprising power supply means for supplying power to said digital certificate security lock arrangement; and the audio plug also has a second channel pole; wherein,
the power supply device comprises an electric quantity collector which is arranged in the digital certificate safety lock device and connected to the second channel pole; or the power supply device comprises a battery built in the digital certificate safety lock device.
9. A digital certificate authentication system, comprising:
the digital certificate security lock apparatus of any one of claims 1 to 8;
the communication terminal is provided with an audio interface and a communication module, and a second modulation and demodulation module for modulating and demodulating audio signals is arranged on the communication terminal;
an authentication server;
the audio plug of the digital certificate safety lock device is in communication connection with the audio interface of the communication terminal, and the communication terminal is in communication connection with the authentication server through the communication module through a communication network.
10. The system according to claim 9, wherein the communication terminal comprises a mobile phone, a computer or a personal digital assistant installed with internet banking software, and the authentication server comprises an internet banking web server and an application server communicatively connected therewith, and the application server is communicatively connected with the database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201120242947U CN202150861U (en) | 2011-07-11 | 2011-07-11 | Digital certificate safety lock apparatus and digital certificate authentication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201120242947U CN202150861U (en) | 2011-07-11 | 2011-07-11 | Digital certificate safety lock apparatus and digital certificate authentication system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN202150861U true CN202150861U (en) | 2012-02-22 |
Family
ID=45591910
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201120242947U Expired - Fee Related CN202150861U (en) | 2011-07-11 | 2011-07-11 | Digital certificate safety lock apparatus and digital certificate authentication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN202150861U (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102255730A (en) * | 2011-07-11 | 2011-11-23 | 吴沙林 | Digital certificate safety lock device and digital certificate authentication system and method |
| CN102938870A (en) * | 2012-08-07 | 2013-02-20 | 厦门英诺尔电子科技股份有限公司 | Low cost radio frequency recognition device and method based on audio interface |
| CN103067587A (en) * | 2012-12-26 | 2013-04-24 | 北京大唐智能卡技术有限公司 | Device, mobile phone and method based on audio interface and used for bidirectional data transmission |
| CN103220428A (en) * | 2013-04-17 | 2013-07-24 | 南京三宝科技股份有限公司 | Audio signal data communication method for cell phone |
-
2011
- 2011-07-11 CN CN201120242947U patent/CN202150861U/en not_active Expired - Fee Related
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102255730A (en) * | 2011-07-11 | 2011-11-23 | 吴沙林 | Digital certificate safety lock device and digital certificate authentication system and method |
| CN102938870A (en) * | 2012-08-07 | 2013-02-20 | 厦门英诺尔电子科技股份有限公司 | Low cost radio frequency recognition device and method based on audio interface |
| CN102938870B (en) * | 2012-08-07 | 2016-08-17 | 厦门英诺尔电子科技股份有限公司 | A kind of low cost radio frequency recognition device based on audio interface and method |
| CN103067587A (en) * | 2012-12-26 | 2013-04-24 | 北京大唐智能卡技术有限公司 | Device, mobile phone and method based on audio interface and used for bidirectional data transmission |
| CN103220428A (en) * | 2013-04-17 | 2013-07-24 | 南京三宝科技股份有限公司 | Audio signal data communication method for cell phone |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102255730A (en) | Digital certificate safety lock device and digital certificate authentication system and method | |
| CN202260046U (en) | Audio-data interface adapter device and audio-data signal conversion system | |
| US11595799B2 (en) | System and method for secure pairing of Bluetooth devices | |
| CN204965434U (en) | A strong authentication token for generating safe value of developments | |
| AU2016203487B2 (en) | A time card punching system | |
| US8336771B2 (en) | Payment card terminal dongle for communications devices | |
| CN102457378B (en) | Security model for industrial devices | |
| CN101099157B (en) | Portable electronic device accepting accessory devices | |
| CN103716794A (en) | Two-way safety verification method and system based on portable device | |
| CN102855561A (en) | Mobile phone payment device and payment method based on security chips and sound carrier wave communication | |
| CN202150861U (en) | Digital certificate safety lock apparatus and digital certificate authentication system | |
| CN103731266B (en) | Method and system for authenticating electronic certificate | |
| CN101668288A (en) | Identity authenticating method, identity authenticating system and terminal | |
| KR20120103929A (en) | Apparatus and method for short range communication in mobile terminal | |
| CN103218716A (en) | Safety certification terminal USBkey (Ukey), internet bank operation method and internet bank operation equipment | |
| CN102903044A (en) | Banking mobile terminal data signature device, banking mobile terminal data signature method and safety authentication system | |
| CN102523092A (en) | Audio-based non-contact integrated circuit (IC) card and mobile authentication data transmission device | |
| CN102592377A (en) | Method for realizing finance card terminal by Bluetooth mobile phone | |
| KR100551630B1 (en) | Private key management method using portable phone | |
| CN103237306A (en) | Usbkey of cellphone identity authentication terminal and application of Usbkey | |
| CN103902496A (en) | Device and method for USB KEY protocol conversion | |
| CN105610580A (en) | External speech encryption device based on smart phone and implementation method thereof | |
| CN102904718A (en) | Audio communication based information security equipment and communication method thereof | |
| KR100695243B1 (en) | Method and Mobile Phone for Managing Security Data at Platform Layer | |
| CN106940851A (en) | A kind of method of payment and system based on bar code |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120222 Termination date: 20130711 |