JP2006227679A - USB memory key - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a USB memory key in which an IC card reader device and a flash memory device are integrated, and the use as an IC card and flash memory can be switched by a changeover switch.
A USB memory key 1 of the present invention includes a USB connector 30 and is detachable from a flash memory device 20 connected to an electronic device for recording and transmitting / receiving data, and a small IC card 2 having at least a personal authentication function. A USB memory key that is integrated with the reader device 10 to be mounted on the memory key, and is used as a small IC card reader device 10 by operating a changeover switch 40 provided on the memory key, and when used as a flash memory device 20 Are characterized in that they can be switched. The small IC card 2 can store an encryption key and a digital certificate, and the form thereof can be a SIM card, a UIM card, a USIM card, or a card having a smaller size.
[Selection] Figure 1

Description

  The present invention relates to a USB memory key in which a small IC card reader device is mounted on a flash memory (semiconductor memory) device having a USB interface. The small IC card reader device is attached for the purpose of identity authentication and encrypted content transmission / reception, but can be used as a function of the semiconductor memory device alone without going through the small IC card. The freedom of use can be secured.

In recent years, flash memory devices have been used as simple large-capacity external storage devices for personal computers (PCs). This is a device that has a USB connector and is used by connecting to a PC, digital camera, etc. For example, music content can be recorded in a large-capacity flash memory and data can be transferred through the USB interface. is there. Such a semiconductor memory device is a small, lightweight and convenient device incorporating a non-volatile, large-capacity memory or memory card such as a flash memory.
For example, as a commercially available apparatus, there is “4 in 1 (trademark)” sold by Power Global Index Co., Ltd. This has a built-in flash memory capacity of 128 Mbytes. As an additional memory, a Memory Stick (trademark) up to 128 Mbytes, an SD card (trademark) up to 128 Mbytes, and a multimedia card (trademark) up to 64 Mbytes are card slots. Can be used by expanding the memory capacity. That is, a flash memory device with an MS / SD / MMC card reader function. The USB connector is compatible with USB 2.0. There are various other commercial products.

By the way, there is a copyright problem in recording digital data, and a certain authority is required to record data. As a digital work management technique (DRM), for example, it is considered that music content is encrypted and distributed, and only a user who has obtained a decryption key for reproducing the content can use it.
Further, as a method for preventing unauthorized copying of a copyrighted work, there is an idea of solving access to the semiconductor memory device with dedicated software. For example, the access is allowed only when the authentication between the PC and the semiconductor memory device is successful, and the access is prohibited when the authentication is not successful. It has also been proposed to store encryption key data, authentication certificates, and the like in this memory portion, and to perform applications such as PKI (Public-Key Infrastructure) and data encryption.

For example, Japanese Patent Laid-Open No. 2004-151867 discloses that when writing digital data from an input device such as a digital camera to a memory device and transferring digital data from the memory device to a receiving device (for example, a PC), It proposes to perform authentication and to confirm that there is no data modification by applying digital signature to digital data. Patent Document 2 proposes that an authentication area and a non-authentication area are provided in a semiconductor memory card, and access to the authentication area is permitted only when authentication with an external device is successful.
Also, various portable devices such as Patent Document 3 and Patent Document 4 have been proposed for portable devices that have a USB connector with a small IC card such as a SIM, UIM, or USIM.

Note that SIM, UIM, and USIM cards are small IC cards in which a security ID module is incorporated, and have already been put into practical use after being mounted on the latest mobile phones.
A UIM (User Identity Module) is a small IC card in which contractor information issued by a mobile phone company is recorded, and is incorporated into a mobile phone and used to identify a user. This is an extension of functionality from a SIM (Subscriber Identity Module) that has the same function. In addition to contractor information, private information such as a phone book and personal identification information for credit payments are encrypted and registered. Is possible. Since it is based on SIM, it is sometimes called USIM (Universal SIM). The SIM is intended to use the GSM mobile phone service, but the UIM can be used, for example, by inserting it into an American cdma2000 mobile phone and receiving an international roaming service.
In the following embodiments, the term “SIM” is mainly used as a small IC card, but it is intended to include any of the above small IC cards.

JP 2000-196589 A JP 2001-14441 A JP 2004-118771 A JP 2004-133843 A

  When using an encryption key or authentication certificate data as in the devices of Patent Document 1 and Patent Document 2, the encryption key and certificate data need to be different for each device. Since the data interface is only USB, in order to write data at the time of manufacture, it must be inserted into the USB terminal each time, and there is a problem that it takes time to perform mass production. Also, a normal flash memory device cannot be said to have a complete security protection function, and there is a risk that important keys and certificate data are exposed by an external attack.

On the other hand, since a small IC card is usually manufactured in the form of a credit card and then finally cut into a card shape such as a SIM, a large amount of the conventional IC card manufacturing / issuing method is used. In addition, high-speed production is possible. It is also possible to write encryption keys and authentication certificate data. Further, an IC chip used for an IC card has excellent tamper resistance, and can securely hold important keys and certificate data.
Therefore, in the present invention, a small IC card reader device is mounted on a USB flash memory device, and a small IC card such as a SIM is mounted on the reader device portion so that an application such as PKI or data encryption is executed. Is.

  The gist of the present invention that solves the above problems is a flash memory device that includes a USB connector and is connected to an electronic device to record and transmit / receive data, and a reader device that detachably mounts a small IC card having at least a personal authentication function A USB memory key that can be used as a small IC card reader device and a flash memory device by operating a switch provided on the memory key. A USB memory key characterized by

The USB memory key of the present invention has a small IC card reader device, a large-capacity flash memory device, and two types of devices integrated, and has the convenience of being able to switch between any of these by a switch operation.
When the flash memory device transmits or receives data, the personal authentication function of the small IC card can be used, so that unauthorized use by a third party can be prevented and safe data exchange can be performed. In addition, appropriate protection of digital data related to copyrighted works can be achieved.

The USB memory key of the present invention will be described below with reference to the drawings.
1 is a conceptual diagram of a USB memory key of the present invention, FIG. 2 is a block diagram of a small IC card reader device, FIG. 3 is an explanatory diagram of a small IC card, and FIG. 4 is a configuration example of a flash memory device. FIG.

The USB memory key 1 of the present invention includes a small IC card reader device 10, a flash memory device 20, a USB connector 30, and a changeover switch 40 as shown in FIG.
The small IC card reader device 10 has a mechanism for detachably mounting a small IC card 2 such as a SIM, UIM, USIM or the like, and the flash memory device 20 itself is a large capacity flash memory device. A card 3 mounting mechanism may be included.
The small IC card reader device 10 and the flash memory device 20 can be arbitrarily switched by a changeover switch 40 and used.

  The changeover switch 40 may be attached to the outside of the USB memory key 1 and switched by a user's operation, or attached to the attachment portion of the small IC card 2 and switched in conjunction with the attachment of the small IC card 2. You may do it.

When the USB memory key 1 is used as the small IC card 2 to communicate with the PC, the ISO 7816 interface used for the IC card needs to be converted to the USB interface, and is connected to the USB connector 30 via the USB / ISO 7816 conversion IC 11.
On the other hand, the flash memory device 20 is connected to the USB connector 30 via the I / O interface 21.

The small IC card reader device 10 has the block configuration of FIG.
The small IC card reader device 10 executes various applications held by the SIM 2 with the SIM 2 mounted. The signal of the SIM 2 is transmitted to the control IC chip 13 via the reader / writer terminal board 12 and the relay 18. A signal from an external device via the USB connector is transmitted to the control IC chip 13 via the USB / ISO 7816 conversion IC 11 and the relay 18. The control IC chip 13 has a CPU and a memory, and has an ISO7816 driver. Further, the reader device may include a liquid crystal display 5, and the control IC chip 13 may include a driving liquid crystal driver. The reader / writer terminal board 12 has a structure connected to eight terminals of a contact terminal board provided in the SIM 2. The contact terminal plate is composed of eight terminals C1 to C8 defined by ISO.

  In FIG. 2, the wiring to the USB connector 30 is omitted, but C5 (GND), C1 (Vcc), C2 (RST), and C7 (I / O) are connected to the USB / ISO 7816 conversion IC 11 from the SIM2. Will be guided.

The small IC card 2 has the same function as an ordinary credit card size IC card, but has an encryption function. The shape is usually a thin plate having a short side of 15 mm, a long side of 25 mm, and a thickness of 0.76 mm, but the size is substantially the size of the area of the terminal board of the IC module, and the IC card is further reduced in size. Has also been proposed. Therefore, an IC card having a large IC module terminal board area may be used.
As shown in FIG. 3, the small IC card generally includes three types of memories, a RAM 202, a ROM 203, and an EEPROM 204, and a CPU 201 that accesses these memories. The EEPROM 204 is a rewritable nonvolatile memory and stores data such as personal information related to the IC card user. A RAM 202 is a volatile memory used as a work area when the CPU 201 executes a program. The ROM 203 is a read-only memory, and stores a program indicating processing to be executed by the CPU 201. In addition, an I / O terminal 205 is provided for communication with the outside.

  When using the small IC card 2, the IC card 2 is attached to the IC card reader device 10, and a command is transmitted from the PC or the like to the small IC card 2 via the USB connector 30. In the small IC card 2 that has received the command, the CPU 201 executes a portion corresponding to the command in the program stored in the ROM 203. As a result, command processing is performed, and processing such as writing new data to the EEPROM 204 is performed.

Recent IC cards can be classified into a static information storage type, a dynamic password generation type, a PKI compatible type, and the like according to the intended use.
The static information storage type stores a user password and a secret key, and is used for user authentication. In some cases, data is encrypted and transmitted / received to / from an external device. This is to prevent a third party from eavesdropping on a communication signal between the external device and the IC card. The received data can be decrypted with a secret key.
The dynamic password generation type is for generating a one-time password and stores a secret key. It realizes a personal authentication function stronger than the user password and secret key. The PKI-compatible type stores a digital certificate, a public key, and a private key pair. These usage methods will be described later.

Data encryption methods include, for example, RSA using a public / private key pair and a common key DES.
RSA is a kind of encryption method based on an asymmetric key (asymmetric key) method. Data is shared using a “public key” shared with a plurality of communication partners and a “secret key” different from the public key. It is characterized by encryption or decryption.

  In this respect, RSA is different from a symmetric key encryption method such as DES. In the symmetric key encryption method, the IC card and the communication partner must have a common encryption key in advance. Since this encryption key should not be known to a third party, when performing cryptographic communication with an unspecified number of partners, it is necessary to manage the delivery of a large number of keys as many as the number of communication partners, and the management becomes very complicated. . On the other hand, in RSA, a ciphertext can be generated by using a public key of a partner, instead of previously sharing a key necessary for encrypted communication. The recipient of the ciphertext can decrypt the ciphertext by using the corresponding “secret key”.

  On the other hand, in the case of a digital signature, the person who sends the data encrypts the hash value (authentication data obtained by calculating the plaintext with a hash function) using the “secret key”. Sign. The person who receives the encrypted data decrypts the encrypted data using the “public key” of the sender. That is, it is possible to prove that a ciphertext that can be decrypted with a certain public key is encrypted by a specific person having a corresponding “secret key”. The reason why the plaintext hash value is encrypted is that since the secret key cryptosystem performs enormous operations, it takes time to encrypt the plaintext as it is.

The generation and storage of an encryption key for an IC card is usually performed by an IC card issuing device when the IC card is issued. This encryption key generation method and the like are also described in JP-A-11-39437.
The encryption key is preferably stored in a tamper resistant module (an area that protects against internal analysis and tampering). There are two types of tamper resistance technology: software and hardware. In the case of hardware, it is a technology that physically and logically protects internal analysis and tampering of semiconductor chips and the like.

FIG. 4 is a diagram illustrating a configuration example of the flash memory device 20.
The USB connector 30 electrically connects an external electronic device (not shown) (for example, a PC or an electronic still camera) and the flash memory device 20 main body to transmit data and commands from the external electronic device, and from the external electronic device. This is a connector for receiving the voltage Vcc and transmitting data and signals from the flash memory 28 to the outside.
The flash memory device 20 includes a control unit 23 that decodes a command sent from an external electronic device via the USB connector 30 and controls its operation, a calculation unit 24 that performs numerical calculation according to the type of command, It comprises a ROM 25 for storing an internal control program and fixed data, a RAM 26 for temporarily storing processing data, and a flash memory 28. An additional memory card 3 can be added to the flash memory 28.

  The control unit 24 is connected to the flash memory 28. The flash memory 28 is a so-called electrically rewritable memory. While a normal EEPROM electrically erases information one by one, the flash memory has a feature that it can erase in batch and shorten the rewriting time. is there. Flash memory includes NAND type and NOR type. In principle, the NAND type is prone to memory damage and is said to have a limit of rewriting of about 1 million times. Usually, a smaller number of rewrites is set as the usage limit. Therefore, it is necessary to avoid applications that require storage certainty, but it can be used without any problem for applications such as photographs and music data that do not greatly affect even if 1-bit corruption occurs.

Next, an example of how to use the USB memory key will be described.
(1) When communicating with a device having a personal authentication function A dynamic password is used as a method for demonstrating the personal authentication function more strongly than simply inputting a password. The dynamic password includes a synchronous method and an asynchronous method. The asynchronous method is called a challenge and response method. This is a mechanism in which the server creates a code (challenge), returns the result (response) calculated by the client to the server based on that code, and authenticates if it is the same as the response value calculated by the server. .

On the other hand, as a synchronization method, an event (counter) synchronization method and a time (time) synchronization method are mainly used in the market. A system that mixes the two has also appeared, but in any case, it is a mechanism that authenticates when the server and the client calculate the same value. There are two types of methods that involve an IC card in the dynamic password.
One is to simply store a secret key (user-specific) for generating a dynamic password in the IC card. This is a method in which a device (such as a PC) obtains a dynamic password when generating the dynamic password, and a dynamic password is generated by a processor in the device.
The second is a system in which the secret key is stored in the IC card and the dynamic password is generated by the processor in the IC card. The latter has higher security and effectively uses the function of the IC card equipped with the processor.
These can be used in a mechanism for transferring contents only when authentication is obtained.

(2) When decrypting encrypted digital content with an encryption key As described above, the music content is encrypted and transmitted, and a licensed person holds an encryption key that can be decrypted. A system that decrypts and uses the mobile phone is used in a mobile phone or the like. Such a usage method can be considered for digital devices other than mobile phones.
In this case, the encrypted content is freely stored in the flash memory area from the distribution server, the encryption decryption key (license key) is stored in the IC card, and the decryption key is output to the PC or the like for use. Unless this is done, the content cannot be played back, and those who do not have the key cannot use it, so the copyright can be properly protected.

  When decrypting music content or the like, the ciphertext can be transmitted to the IC card and the ciphertext can be decrypted using the decryption key held in the IC card. In this case, the digital data stored in the flash memory is once transmitted to the PC, transmitted from the PC to the IC card, encrypted in the IC card, and returned to the PC. However, the EEPROM of the IC card has a problem that the memory amount is small and the data processing speed of the CPU is low. Therefore, when processing a large amount of music content or the like, the authentication data of the IC card can be transmitted to the external device, and the content can be decrypted by the external device authenticating.

(3) When using a digital certificate Store the recipient's public key and private key in the IC card, and use the communication means of SSL (Secure Sockets Layers) or SET (Secure Electronic Transactions). it can.
When receiving an encrypted e-mail, apply for an electronic certificate with a name or name, e-mail address, validity period, name of electronic certification authority, usage, etc. to a third-party certification body. The certificate authority encrypts the certificate and the recipient's public key with the certificate authority's private key to make a certificate, and publishes it on the server together with the certificate authority's public key.

A person who transmits electronic data obtains the public key of the certificate authority from the server of the certificate authority, and acquires the certificate of the recipient from the server of the certificate authority every time electronic data is transmitted. The sender decrypts the digital signature with the public key of the certification authority, and confirms that the certificate has been issued by the certification authority. The sender encrypts the electronic data to be encrypted with the receiver's public key and transmits the encrypted data to the receiver. The recipient decrypts the encrypted electronic data with the recipient's private key.
The recipient's public key, private key pair, and digital certificate can be stored in the IC card.
Private companies and administrative bodies can be third-party certification bodies, but certification bodies may be established as in-house systems.

  Since the USB memory key of the present invention includes a small IC card and a reader device, the above usage method can be adopted.

It is a conceptual diagram of the USB memory key of this invention. It is a block block diagram of a small IC card reader apparatus. It is explanatory drawing of a small IC card. It is a figure which shows the structural example of a flash memory device.

Explanation of symbols

1 USB Memory Key 2 Small IC Card Reader 3 Additional Memory Card 10 Small IC Card Reader Device 11 USB / ISO7816 Conversion IC
12 Reader / Writer Terminal Board 13 Control IC Chip 18 Relay 20 Flash Memory Device 21 I / O Interface 23 Control Unit 24 Calculation Unit 25 ROM
26 RAM
28 Flash memory 30 USB connector 40 Changeover switch

Claims (4)

A USB memory key in which a flash memory device having a USB connector and connected to an electronic device to record and transmit / receive data and a reader device to which a small IC card having at least a personal authentication function is detachably attached are integrated. A USB memory key characterized in that it can be switched between use as a small IC card reader device and use as a flash memory device by operating a switch provided in the memory key. 2. The USB memory key according to claim 1, wherein an encryption key is stored in the small IC card. 3. The USB memory key according to claim 1, wherein a digital certificate is stored in the small IC card. 3. The USB memory key according to claim 1, wherein the small IC card is a SIM card, a UIM card, a USIM card, or a card having a further reduced size.

Images