USB security key based on palmar vein authentication
The USB security key uses palmar vein authentication to address security and environmental limitations of traditional methods, offering high security, hygiene, and convenience through contactless palm vein pattern matching.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Utility models
- Current Assignee / Owner
- EBIP CO LTD
- Filing Date
- 2026-05-13
- Publication Date
- 2026-07-09
AI Technical Summary
Existing personal authentication methods such as password, fingerprint, and face authentication face security risks and environmental limitations, while palm vein authentication's high stability and security are not fully utilized.
A USB security key incorporating a palmar vein authentication module, MCU main control chip, and USB interface, which performs contactless palm vein pattern matching using near-infrared light and CMOS image sensor, generating authentication data via FIDO2/U2F protocols.
Provides high security, hygiene, improved accuracy, and convenience by eliminating the need for passwords and ensuring difficult replication, with fast authentication times and compact portability.
Smart Images

Figure 0003256527000001_ABST
Abstract
Description
Technical Field
[0001] The present invention relates to the field of secure personal authentication technology, particularly to a USB security key using biometric authentication technology. More specifically, it relates to a USB authentication device that realizes passwordless authentication based on palm vein authentication.
Background Art
[0002] In recent years, with the rapid development of information technology and the increasing threats of network security, data security and personal authentication have become important issues in the field of information security.
[0003] Conventionally, in the fields of personal authentication and access control, technologies such as password authentication, fingerprint authentication, and face authentication have been widely used.
[0004] However, password authentication has the risks of password forgetting, leakage, and unauthorized analysis. Also, although fingerprint authentication is widely popular, there are risks of fingerprint wear and forgery, and there is an issue that the authentication accuracy is easily affected by the condition of the fingertips. Furthermore, face authentication is easily affected by lighting conditions, face shielding, and forgery using photos and videos, etc., and there are limitations in terms of security.
[0005] Furthermore, in recent years, technologies related to palm vein authentication have also been proposed (see Patent Document 1). Palm vein authentication is a technology that uses near-infrared light to acquire the vein pattern inside the palm and uses this for personal authentication. Since palm veins exist inside the human body, they have extremely high uniqueness and difficulty in replication, are less affected by the external environment, and have high stability and security.
Prior Art Documents
Patent Documents
[0006]
Patent Document 1
Summary of the Invention
[0007] However, there was a problem in that the high stability and security of palmar vein authentication technology were not being fully utilized.
[0008] Therefore, in order to meet the demands for advanced identity verification and data protection, as well as ease of use, there is a need to develop new devices using palmar vein authentication.
[0009] This invention was made to solve the problems of the above-mentioned prior art, and aims to provide a USB security key with high security. [Means for solving the problem]
[0010] To solve the above problems, this invention adopts the following configuration.
[0011] In other words, the USB security key according to the present invention is A circuit board fixed inside the outer casing by structural members, An embedded MCU main control chip, which is mounted on the aforementioned circuit board and incorporates a secure element, A palmar vein authentication module is connected to the above circuit board and electrically connected to the embedded MCU main control chip, A USB data interface is provided at the end of the circuit board and electrically connected to the embedded MCU main control chip, It is equipped with.
[0012] The palmar vein authentication module acquires a palmar vein image and generates an authentication result signal.
[0013] The embedded MCU main control chip generates authentication data based on the authentication result signal, packages the authentication data into authentication response data according to a predetermined protocol, and outputs it as USB communication data. [Effects of the Invention]
[0014] According to the present invention, the following effects can be achieved. (1) High security can be achieved by palm vein authentication. (2) Authentication without using a password becomes possible. (3) It is hygienic because it is contactless. (4) Authentication accuracy and user convenience are improved.
Brief Description of the Drawings
[0015] [Figure 1] Figure 1 is a block diagram showing the connection configuration of each module according to the present invention. [Figure 2] Figure 2 is a plan view showing the structure of the USB security key according to the present invention.
Modes for Carrying Out the Invention
[0016] Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
[0017] (Configuration of USB Security Key 1) Figure 1 is a block diagram showing the connection configuration of each module according to the present invention. As shown in Figure 1, the USB security key 1 according to the present embodiment includes a circuit board 11, an embedded MCU main control chip 12, a palm vein authentication module 13, a USB data interface 14, and an operation status indicator light 15.
[0018] The circuit board 11 is fixed inside the exterior case 10 and provides electrical connection and mechanical support for each component.
[0019] The embedded MCU main control chip 12 has a control unit 20, a secure element 21, and a communication unit 22. The control unit 20 includes a CPU (Central Processing Unit), a RAM (Random Access Memory), a ROM (Read Only Memory), and the like.
[0020] The control unit 20 includes a CPU (Central Processing Unit) and cooperates with the secure element 21 and / or the communication unit 22 as necessary. The control unit 20 realizes software components such as a protocol processing unit 30, an authentication control unit 31, a data packaging unit 32, and a communication interface unit 33, which are software components of the program executed by the USB security key 1. The functions provided by each of the software components of the program in this embodiment will be shown in the description of the preferred flow of the management process described later.
[0021] The secure element 21 stores a user authentication key and palm vein data, which is characteristic data for identifying the user. This palm vein data becomes template data for performing palm vein authentication.
[0022] The communication unit 22 enables communication between the embedded MCU main control chip 12 and devices connected to the embedded MCU main control chip 12, such as an external device (e.g., PC100) and an operation status indicator light 15 connected to the palm vein authentication module 13 and the USB data interface 14.
[0023] In this embodiment, ESP32-S3 can be used as the embedded MCU main control chip 12. ESP32-S3 is compatible with the FIDO2 and U2F protocols.
[0024] The palm vein authentication module 13 includes a near-infrared light source 40, a CMOS image sensor 41, and a signal processor 42.
[0025] The near-infrared light source 40 irradiates the palm with near-infrared light, and the CMOS image sensor 41 receives the reflected light and converts it into an image electrical signal.
[0026] The signal processor 42 is electrically connected to the CMOS image sensor 41. Based on the image electrical signals acquired by the CMOS image sensor 41, it extracts the user's characteristic palm vein pattern from the palm vein image data to generate the user's palm vein data. Furthermore, it compares this palm vein data with template data to generate an authentication result signal.
[0027] Thus, palmar vein authentication by the palmar vein authentication module 13 is performed using a contactless method. The imaging distance of the CMOS image sensor 41 is 5 cm to 30 cm, and the authentication time is less than 1 second.
[0028] The USB data interface 14 is provided at the end of the circuit board 11. According to this embodiment, the USB Type-C standard is adopted as the USB data interface 14.
[0029] The protocol processing unit 30, authentication control unit 31, data packaging unit 32, and communication interface unit 33 implement the following functions. The protocol processing unit 30 determines the operating protocol based on the data received from the USB data interface 14. The authentication control unit 31 receives an authentication result signal from the palmar vein authentication module 13 and generates authentication data. The authentication data is generated only if palmar vein authentication is successful and is signed with the user authentication key. The data packaging unit 32 packages the authentication data into authentication response data, such as FIDO2 protocol data or U2F protocol data, based on the authentication data and the operating protocol. The communication interface unit 33 converts the packaged data into USB communication data.
[0030] The operating status indicator light 15 is composed of a full-color LED and changes color according to the authentication status of the palmar vein authentication module 13. The operating status indicator light 15 is electrically connected to the embedded MCU main control chip 12 and sets the display color based on the display control signal sent from the embedded MCU main control chip 12. For example, the embedded MCU main control chip 12 sends a display control signal to the operating status indicator light 15 that displays green if the authentication result signal received by the embedded MCU main control chip 12 is successful, red if authentication fails, and blue when waiting to receive the authentication result signal.
[0031] Figure 2 is a plan view showing the structure of the USB security key according to the present invention. Figure 2(a) shows the key with the cover removed, and Figure 2(b) shows the key with the cover closed. The outer case 10 is portable in size and consists of a main body that is roughly rectangular in shape with an open top and a lid that closes the top of the main body.
[0032] As shown in Figure 2(a), the circuit board 11 is fixed to the bottom surface of the outer case 10, and the palmar vein authentication module 13 and the operating status indicator light 15 are positioned above the surface of the circuit board 11. Holes 10a, 10b, and 10c are formed in the lid of the outer case 10 in the areas where the near-infrared light source 40, CMOS image sensor 41, and operating status indicator light 15 face each other. Therefore, when the various components are attached to the main body of the outer case 10 and the top of the main body is closed with the lid, hole 10a faces the near-infrared light source 40, hole 10b faces the CMOS image sensor 41, and hole 10c faces the operating status indicator light 15. As a result, holes 10a, 10b, and 10c act as windows, exposing the near-infrared light source 40, CMOS image sensor 41, and operating status indicator light 15 to the outside from the top surface of the outer case 10.
[0033] Furthermore, a hole 10d is formed in the main body of the outer case 10 where the tip of the USB data interface 14 faces. As a result, the tip of the USB data interface 14 is exposed to the outside through the hole 10d, making it possible to plug a USB terminal into the USB data interface 14.
[0034] (Operation of USB Security Key 1)
[0035] The user can begin using USB Security Key 1 by connecting it to the USB port of an external device.
[0036] However, the first time USB security key 1 is used, the palmar vein authentication module 13 reads the user's palm and registers the palmar vein data in the secure element 21.
[0037] During authentication, the user holds their palm above the CMOS image sensor 41, and the palmar vein authentication module 13 performs vein authentication, that is, compares the read palmar vein data with template data.
[0038] Upon successful authentication, authentication data signed with the user authentication key is generated and transmitted to an external device via the USB data interface 14.
[0039] An example of an external device is the personal computer 100 (hereinafter referred to as PC100) shown in Figure 1. When operating PC100 to log in to a specific server, the user needs to connect the USB security key 1 to the USB port of PC100. When the USB security key 1 is connected to PC100, the operation status indicator light 15 turns blue. Then, when the user holds their palm over the CMOS image sensor 41, the palmar vein authentication module 13 reads the user's palm and generates an authentication result signal.
[0040] If the authentication result signal indicates successful authentication, the operation status indicator light 15 changes from blue to green, and the USB security key 1 sends authentication data to the PC 100, causing the PC 100 to log in to a specific server.
[0041] If authentication fails, the status indicator light 15 will change from blue to red. When the status indicator light 15 turns red, you will need to reinsert the USB security key 1 into the USB port of the PC100 to make the status indicator light 15 blue again, and then perform palmar vein authentication again.
[0042] (Effects and Benefits) As described above, the embodiment of the present invention, when combined with palmar vein authentication and the FIDO2 / U2F protocol, offers the following advantages compared to the prior art. Because user authentication is based on palmar vein pattern matching, it is difficult to forge, achieving high security and safety. Moreover, it improves authentication accuracy and user convenience. By holding the palm over the CMOS image sensor, the user's palmar vein data is read, eliminating the need for the user to touch the USB security key 1 during authentication. This contactless authentication method is therefore hygienic. The USB connection ensures high compatibility. Furthermore, the compact size of the USB security key 1 provides excellent portability and expandability. [Explanation of symbols]
[0043] 1. Security Key 10 Outer Case 10a, 10b, 10c, 10d holes 11 Circuit board 12 Main control chip 13. Palmar vein authentication module 14 Data Interfaces 15. Operation status indicator light 20 Control Unit 21 Secure Elements 22 Communications Department 30 Protocol Processing Unit 31 Authentication Control Unit 32 Data Packaging Department 33 Communication Interface Section 40 Near-infrared light source 41 Image Sensor 42 Signal Processors 100 Personal Computers
Claims
1. A USB security key based on palmar vein authentication, A circuit board fixed inside the outer casing by structural members, An embedded MCU main control chip, which is mounted on the aforementioned circuit board and incorporates a secure element, A palmar vein authentication module is connected to the above circuit board and electrically connected to the embedded MCU main control chip, A USB data interface is provided at the end of the circuit board and electrically connected to the embedded MCU main control chip, Equipped with, The palmar vein authentication module acquires a palmar vein image and generates an authentication result signal. The embedded MCU main control chip receives the authentication result signal, generates authentication data based on the authentication result signal, packages the authentication data into authentication response data according to a predetermined protocol, and outputs it via the USB data interface. A USB security key characterized by the following features.
2. The palmar vein authentication module is An infrared light source that emits near-infrared light, A CMOS image sensor that receives the near-infrared light reflected by the palmar veins and converts it into an image electrical signal, A signal processor electrically connected to the CMOS image sensor, which converts the image electrical signal into digital image data, extracts features from the digital image data to generate vein feature data, and compares the vein feature data with stored template data to generate the authentication result signal, The USB security key according to claim 1, characterized by comprising the following:
3. The palmar vein authentication module is By acquiring palmar vein images using a non-contact method, The imaging distance is between 5 cm and 30 cm. The acquisition window is exposed on the upper surface of the outer casing. The USB security key according to feature 2.
4. Furthermore, it includes an operating status indicator light mounted on the circuit board and electrically connected to the embedded MCU main control chip, The embedded MCU main control chip outputs a control signal to the operating status indicator light to display the operating status of the device. A USB security key according to any one of claims 1 to 3, characterized by the features described herein.
5. The embedded MCU main control chip includes a protocol processing unit that determines the operating protocol based on the data received from the USB data interface, An authentication control unit that receives an authentication result signal from the palmar vein authentication module and generates authentication data, A data packaging unit that packages the authentication data into FIDO2 protocol data or U2F protocol data based on the authentication data and the operating protocol, The USB security key according to claim 4, further comprising a communication interface unit that converts the packaged data into USB communication data.
6. The secure element stores user authentication key and palmar vein feature template data. The aforementioned operating status indicator light is a full-color LED. The USB security key according to claim 5, characterized in that the embedded MCU main control chip outputs display control signals of different colors to display authentication success status, authentication failure status, and device readiness status on the operating status indicator light.
7. The aforementioned USB data interface is a USB Type-C interface. The USB security key according to feature 1.
8. The aforementioned embedded MCU main control chip supports passwordless authentication based on the FIDO2 protocol and the U2F protocol. The USB security key according to feature 5.