CN106874800B - Access method and system of smart card device - Google Patents
Access method and system of smart card device Download PDFInfo
- Publication number
- CN106874800B CN106874800B CN201611196195.7A CN201611196195A CN106874800B CN 106874800 B CN106874800 B CN 106874800B CN 201611196195 A CN201611196195 A CN 201611196195A CN 106874800 B CN106874800 B CN 106874800B
- Authority
- CN
- China
- Prior art keywords
- smart card
- application program
- service
- pipeline
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Information Transfer Between Computers (AREA)
- Telephonic Communication Services (AREA)
Abstract
The embodiment of the invention discloses a smart card device access method and a smart card device access system, and belongs to the application technology of smart card devices. The method comprises the following steps: a first naming pipe between a first smart card application in the first terminal device and a system smart card service of the first terminal device; the first smart card application program sends a first smart card device access request to a system smart card service through the first naming pipeline; and the system smart card service receives the access request of the first smart card device, calls a corresponding smart card service interface to perform corresponding operation on the smart card device according to the type of the request, acquires first response information returned by the smart card device, and returns the response information to the first smart card application program. The smart card equipment access method and the smart card equipment access system solve the problem that the smart card service interface cannot be called under the condition of insufficient authority of the application program in the prior art, and better meet the actual application requirements of users.
Description
Technical Field
The invention relates to the technical field of intelligent card equipment application, in particular to an access method and system of intelligent card equipment.
Background
In the Internet age where hacking is rampant and viruses are inundated, the security of personal computers is more and more threatened, and the security risks faced by servers are more serious. In such situations, the use of restricted accounts for the operating system and the use of server fort machines is becoming more and more widespread.
In many cases, an administrator of the server is remotely connected to the server through a fort machine to perform daily management and maintenance, and a smart card for identity authentication is connected to a server host. While the process initiated by the telnet account cannot operate the smartcard device due to the limitations of windows smart card service. Likewise, under some restricted user accounts, an account that is logged into the local may not operate the smart card device for the same reasons.
Disclosure of Invention
In view of the drawbacks of the prior art, an object of an embodiment of the present invention is to provide a method and a system for accessing a smart card device, which can overcome or at least partially solve the above-mentioned problems.
To achieve the above object, in one embodiment of the present invention, there is provided an access method for a smart card device, including the steps of:
connecting a first terminal device and a smart card device; a first smart card application program corresponding to the smart card device is installed in the first terminal device;
establishing a first naming pipeline between a first smart card application program and a system smart card service of a first terminal device;
the first smart card application program sends a first smart card device access request to a system smart card service through the first naming pipeline;
the system smart card service receives the access request of the first smart card device, calls a corresponding smart card service interface to perform corresponding operation on the smart card device according to the type of the request, and acquires first response information returned by the smart card device;
the system smart card service sends the first response message to the first smart card application program through the first naming channel.
Further, an access method for a smart card device as described above, the method further comprising:
establishing a connection between a second terminal device and the first terminal device; a second smart card application program corresponding to the smart card device is installed in the second terminal device;
establishing a second naming pipeline between a second smart card application program and a system smart card service of the first terminal device, and sending a second smart card device access request to the system smart card service by the second smart card application program through the second naming pipeline;
the system smart card service receives the access request of the second smart card device, and calls a corresponding smart card service interface to perform corresponding operation on the smart card device according to the type of the request, so as to acquire second response information returned by the smart card device;
the system smart card service sends the second response message to the second smart card application program through a second naming channel.
Further, an access method for a smart card device as described above, the method further comprising:
after the system smart card service detects that the smart card device is inserted, the system smart card service tries to connect the first named pipeline according to a preset first time interval by calling a named pipeline opening function createfile according to the pipeline name of the first named pipeline until connection is successful;
after the first smart card application program is started, a first named pipe is created according to the pipe name of the first named pipe, and a function ConnectNamedPipe waiting for connecting the named pipe is called to wait for the connection of the system smart card service;
the system smart card service communicates to the first named pipe through the call named pipe open function createfile.
Further, in the method for accessing a smart card device as described above, the first smart card access request includes a smart card device enumeration request, a device connection request, a device operation instruction, and a disconnection device connection request.
Further, the method for accessing a smart card device as described above, before the first smart card application program sends the access request of the first smart card device to the system smart card service through the first naming pipe, further includes:
and the system smart card service performs security authentication on the first smart card application program, and receives a first smart card access request sent by the first smart card application program after the authentication is passed.
Further, according to the access method of the smart card device, as described above, communication is performed between the first smart card application program and the system smart card service according to the data formats agreed by the first smart card application program and the system smart card service;
before the system smart card service sends the first response information to the first smart card application program, the system smart card service further comprises: and according to the data formats agreed by the first response information and the second response information, performing format conversion on the first response information, and sending the converted first response information to the first intelligent card application program.
The embodiment of the invention also provides an access system of the smart card device, which comprises a first terminal device and the smart card device; the first terminal equipment is connected with the intelligent card equipment, and a first intelligent card application program corresponding to the intelligent card equipment is installed in the first terminal equipment;
the first terminal device includes:
the first named pipe establishing module is used for establishing a first named pipe between the first smart card application program and the system smart card service of the first terminal equipment;
the first request sending module is used for sending a first smart card device access request to a system smart card service by a first smart card application program through the first naming pipeline;
the first request processing module is used for calling a corresponding intelligent card service interface to perform corresponding operation on the intelligent card device according to the type of the request after the system intelligent card service receives the access request of the first intelligent card device, and acquiring first response information returned by the intelligent card device;
the first response sending module is used for sending first response information to the first smart card application program through the first naming pipeline by the system smart card service;
and the first response receiving module is used for receiving the first response information by the first smart card application program through the first naming pipeline.
Further, the access system of the smart card device as described above further includes a second terminal device connected to the first terminal device, where a second smart card application corresponding to the smart card device is installed in the second terminal device;
the second terminal device includes:
the second named pipe establishing module is used for establishing a first named pipe between the second smart card application program and the system smart card service of the first terminal equipment;
the second request sending module is used for sending the first smart card equipment access request to the system smart card service by the second smart card application program through the first naming pipeline;
the second response receiving module is used for acquiring second response information sent by the system smart card service through a second naming pipeline by a second smart card application program;
the first terminal device further includes:
the second request processing module is used for calling a corresponding intelligent card service interface to perform corresponding operation on the intelligent card device according to the type of the request after the system intelligent card service receives the access request of the second intelligent card device, and obtaining second response information returned by the intelligent card device;
and the second response sending module is used for sending second response information to the second smart card application program through the second naming pipeline by the system smart card service.
Further, in the access system of a smart card device as described above, the first named pipe building module includes:
a connection attempting unit, configured to, after the system smart card service is started, attempt to connect the first named pipes by calling a named pipe opening function createfile according to a preset first time interval when the system smart card service detects that the smart card device is inserted, until connection is successful;
the pipeline re-establishing unit is used for establishing a first named pipeline according to the pipeline name of the first named pipeline after the first smart card application program is started, and calling a function ConnectNamedPipe waiting for the named pipeline to be connected to wait for the connection of the system smart card service;
and the pipeline communication unit is used for communicating the system smart card service to the first named pipeline through the calling named pipeline opening function createfile.
Further, in the access system of a smart card device as described above, the first smart card access request includes a smart card device enumeration request, a device connection request, a device operation instruction, and a disconnection device connection request.
The invention has the beneficial effects that: according to the smart card equipment access method and system provided by the embodiment of the invention, the smart card service interface is called by using the system service with high authority, the application program tells the service program (system smart card service) what the equipment needs to do through the naming pipeline, the scheme can communicate with the service program through the naming pipeline no matter whether the authority of the application program is high or low, the problem that the smart card service interface cannot be called under the condition of insufficient authority of the application program in the prior art is solved, and the actual application requirements of users are better met.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions of the prior art, the drawings which are required in the description of the embodiments or the prior art will be briefly described below, it being evident that the drawings in the following description are only some embodiments of the invention and are only intended to illustrate preferred embodiments and are not to be considered limiting of the invention, and that other drawings may be obtained according to these drawings without inventive effort to a person skilled in the art.
FIG. 1 is a flow chart of a method for accessing a smart card device according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method for accessing a smart card device according to another embodiment of the present invention;
FIG. 3 is a schematic diagram of an access system of a smart card device according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a framework of the access system of FIG. 3 in accordance with the present invention;
FIG. 5 is a schematic diagram of a first named pipe building block according to one embodiment of the invention;
fig. 6 is a schematic structural diagram of an access system of a smart card device according to another embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Fig. 1 shows a schematic flow chart of a method for accessing a smart card device according to an embodiment of the present invention, and as can be seen from the figure, the method mainly includes the following steps:
step S110: establishing a first naming pipeline between a first smart card application program of a first terminal device and a system smart card service;
step S120: the first smart card application program of the first terminal equipment sends a first smart card equipment access request to the system smart card service of the first smart card equipment through a first naming pipeline;
the access method provided by the embodiment is applicable to between a smart card device and a first terminal device, wherein the smart card device refers to a smart card device with identity recognition and/or security verification based on a smart card (with a smart card chip), the smart card device comprises but is not limited to security authentication devices such as a U shield, a USBKey and the like, the first terminal device comprises but is not limited to a PC (personal computer) or a server and the like, a first smart card application program corresponding to the smart card recognition, namely an application client, is installed on the first terminal device, and when the first terminal device runs the application client thereon, communication with the smart card device is needed to access and operate the smart card device.
In this embodiment, after the first terminal device and the smart card device are connected, in order to ensure that the first smart card application can operate the smart card device, after the first smart card application program is started, a first naming pipe for communication with a system smart card service (an operating system service program, smart card service) of the first terminal device is first established between the first smart card application program and the system smart card service of the first terminal device, the first smart card application program is used as a server end of the naming pipe, the system smart card service is used as a client end of the naming pipe, and the first naming pipe between the process where the first smart card application program is located and the process where the system smart card service is located is established. The specific establishment process of the named pipes is the prior art and will not be described here. The connection mode between the first terminal device and the smart card device includes, but is not limited to, a USB connection mode and the like.
After the establishment of the first naming channel is completed, the first smart card application program sends a first smart card access request to the system smart card service through the first naming channel. Wherein the first smart card access request includes, but is not limited to, a smart card device enumeration request, a device connection request, a device operation instruction, a disconnection device connection request, and the like.
In practical application, in order to avoid that the illegal application program operates the smart card through the system smart card service, before the first smart card application program sends the first smart card access request to the smart card device through the system smart card service, the method further comprises:
and the system smart card service performs security authentication on the first smart card application program, and receives a first smart card access request sent by the first smart card application program after the authentication is passed.
The identity of the smart card application program is identified after the named pipes are communicated, so that the situation that illegal programs establish the named pipes to operate the smart card device is avoided. The method for carrying out security authentication on the first smart card application program can be determined according to actual needs. For example, the following may be employed:
after the first named pipeline is connected, in the authentication stage, the system smart card service requirement firstly carries out security verification on the first smart card application program, and sends a random number to the first smart card application program, the application program encrypts the random number sent by the service program by using a agreed secret key through a symmetric algorithm, after encryption, ciphertext is sent back to the system smart card service program through the pipeline, the system service program decrypts the encrypted ciphertext by using the agreed secret key to obtain a random number original text, and when the random number is compared with the random number sent to the application program in the prior art, authentication is passed, and other types of information can be processed through the post service program.
In practical application, after the first named pipe between the first smart card application program and the system smart card service is established successfully, both the first named pipe and the system smart card service store the pipe name of the first named pipe so as to facilitate reconnection communication between the first named pipe and the system smart card service. Wherein the pipe name is defined between the first smart card application and the system smart card service.
In one embodiment of the present invention, establishing a first named pipe for the return of the first smart card application and the system smart card service may further include:
starting the system smart card service;
after the system smart card service detects that the smart card device is inserted, the system smart card service tries to connect the first named pipeline according to a preset first time interval by calling a named pipeline opening function createfile according to the pipeline name of the first named pipeline until connection is successful;
after the first smart card application program is started, a first named pipe is created according to the pipe name of the first named pipe, and a function ConnectNamedPipe waiting for connecting the named pipe is called to wait for the connection of the system smart card service;
the system smart card service communicates to the first named pipe through the call named pipe open function createfile.
In practical application, the system smart card service always runs in the background of the device in the form of system service, in this embodiment, the service program calls an operating system interface to detect the insertion and extraction of the smart card device, and when the insertion of the smart card device is detected, calls the name pipenam of the first named pipe, which is transmitted into the first named pipe, to try to connect the pipe, if the first smart card application program does not create a session between the first named pipe and the smart card system server, then the connection fails, the system smart card service again tries after waiting for a first set time interval (for example, 100 milliseconds), after the first smart card application program is started, creates the first named pipe through CreateNamedPipe, then calls ConnectNamedPipe to wait for the connection of the system smart card service, and at this time, the system smart card service attempting to connect can connect the pipe through CreateEFIle.
Step S130: the system smart card service receives the access request of the first smart card device, calls a corresponding smart card service interface to perform corresponding operation on the smart card device according to the type of the request, and acquires first response information returned by the smart card device;
step S140: the system smart card service sends the first response message to the first smart card application program through the first naming channel.
After receiving the access request of the first smart card device sent by the first smart card application program through the first naming pipeline, the system smart card service calls a corresponding smart card service interface to complete corresponding operation on the smart card device according to the type of the request, obtains first response information returned by the smart card device for the corresponding operation, and then sends the response information to the first smart card application program through the first naming pipeline, so that indirect operation of the application client on the smart card device is completed.
The type of the request refers to what specific access request is, such as an enumeration request of a smart card device or a connection request of the smart card device, and the system smart card service calls a corresponding smart card server interface according to the type of the request, that is, the system smart card service calls a system function for completing the first smart card access request, and the corresponding operation on the smart card device is completed by calling the corresponding system function, for example, the access request is the enumeration request of the smart card device, and after receiving the request, the system smart card service calls a function of the system for completing the enumeration operation of the smart card device, and completes the enumeration operation on the smart card device by the function, thereby obtaining response information of the smart card device for the enumeration operation.
In one embodiment of the present invention, the first smart card application and the system smart card service may communicate according to a data format agreed between the first smart card application and the system smart card service, that is, two processes may agree on a command transmission mode by themselves, and before the system smart card service sends the first response information to the first smart card application, the method further includes: and converting the first response information of the smart card equipment according to the data formats agreed by the first response information and the second response information, and sending the converted first response information to the first smart card application.
Fig. 2 shows a flowchart of a method for accessing a smart card device according to another embodiment of the present invention, where the embodiment is applicable between a second terminal device, a first terminal device and a smart card device, where the second terminal device is connected to the first terminal device, and the first terminal device is connected to the smart card device.
In this embodiment, the second terminal device includes, but is not limited to, a PC or a server, and a second smart card application corresponding to the smart card device, that is, an application client, is installed in the second terminal device; the connection mode of the first terminal device and the second terminal device comprises a mode such as remote connection and the like, and the connection mode of the first terminal device and the smart card device comprises a mode such as USB connection and Bluetooth connection and the like.
As can be seen from fig. 2, the smart card device access method mainly includes the following steps:
step S210: establishing a second naming pipeline between a second smart card application program and system smart card services of the first terminal equipment;
step S220: the second smart card application program sends a second smart card device access request to a system smart card service through the second naming pipeline;
step S230: the system smart card service receives the access request of the second smart card device, and calls a corresponding smart card service interface to perform corresponding operation on the smart card device according to the type of the request, so as to acquire second response information returned by the smart card device;
step S240: the system smart card service sends the second response message to the second smart card application program through a second naming channel.
The smart card access method in this embodiment is different from the smart card access method shown in fig. 1 in that: in the method shown in fig. 2, the smart card application program, i.e. the smart card application client, is located in a second terminal device, which is connected to the first terminal device by means of a connection to the first terminal device, and which is in complete operation with respect to the smart card device connected to the first terminal device by means of a system smart card service communication with the first terminal device.
It can be seen that the smart card access method provided by the invention is not only suitable for the scenario of remote smart card equipment, but also suitable for the scenario of local smart card equipment operation, for example, an administrator of a server (first terminal equipment) can be remotely connected to the server through a fort machine (second terminal equipment), the smart card equipment for identity authentication connected to the server is operated through a process (second smart card application program) started by remotely logging in an account on the fort machine, or the smart card equipment is directly operated through a process (first smart card application program) started by logging in a local account on the server.
Corresponding to the method shown in fig. 1, in one embodiment of the present invention there is also provided an access system for a smart card device, as shown in fig. 3, the system comprising a first terminal device 100 and a smart card device 200; the first terminal device 100 is connected with the smart card device 200, and a first smart card application corresponding to the smart card device is installed in the first terminal device 100.
In this embodiment, the first terminal device 100 includes a first named pipe establishment module 110, a first request sending module 120, a first request processing module 130, a first response sending module 140, and a first response receiving module 150. Wherein:
a first named pipe establishing module 110, configured to establish a first named pipe between a first smart card application and a system smart card service of a first terminal device;
a first request sending module 120, configured to send, by the first smart card application, a first smart card device access request to a system smart card service through the first naming channel;
the first request processing module 130 is configured to invoke a corresponding smart card service interface to perform a corresponding operation on the smart card device according to a type of the request after the system smart card service receives the access request of the first smart card device, so as to obtain first response information returned by the smart card device;
a first response sending module 140, configured to send, by the system smart card service, first response information to the first smart card application program through the first naming pipe;
a first response receiving module 150, configured to receive the first response information by the first smart card application through the first naming pipe.
Wherein the first smart card access includes, but is not limited to, a smart card device enumeration request, a device connection request, a device operation instruction, a disconnection device connection request, and the like.
In the smart card access system provided in this embodiment, a first smart card application on the first terminal device 100 implements communication with a system smart card service (smart card service of an operating system) through a naming pipeline, and the system smart card service invokes a corresponding smart card service interface to send an instruction to the smart card device according to an access request of the smart card application to the smart card, completes operation on the smart card device, receives a response instruction returned by the smart card device, and returns data returned by the smart card device to the application through the naming pipeline, thereby implementing indirect operation of the smart card application on the smart card device, as shown in fig. 4.
Because the system service is the process with the highest authority and runs in the memory independently of the application program, the system service is not influenced by the authority of the current login account, and has enough authority to call the smart card service interface to operate the smart card device, so that the problem that the smart card service interface cannot be called under the condition of insufficient authority of the application program can be effectively solved through the access system.
In one embodiment of the present invention, as shown in fig. 5, the first named pipe setup module 110 may further include a connection attempt unit 111, a pipe re-establishment unit 112, and a pipe communication unit 113. Wherein:
a connection attempting module 111, configured to, after the system smart card service is started, attempt to connect the first named pipes by calling a named pipe opening function createfile according to a preset first time interval until connection is successful, where after the system smart card service detects that the smart card device 200 is inserted, the system smart card service determines that the first named pipes are connected according to the pipe names of the first named pipes;
a pipe re-establishing module 112, configured to create a first named pipe according to a pipe name of the first named pipe after the first smart card application is started, and call a function ConnectNamedPipe waiting for the named pipe to be connected to wait for connection of the system smart card service;
and the pipeline communication module 113 is used for communicating the system smart card service to the first named pipeline through the calling named pipeline opening function createfile.
Corresponding to the method shown in fig. 2, in one embodiment of the present invention, there is provided an access system for a smart card device, which includes a second terminal device 300, a first terminal device 100, and a smart card device 200, the second terminal device 300 being connected to the first terminal device 100, and a second smart card application corresponding to the smart card device 100 being installed in the second terminal device 300, as shown in fig. 6.
In this embodiment, the second terminal device 300 includes a second named pipe establishment module 310, a second request sending module 320, and a second response receiving module 330, and the first terminal device 100 further includes a second request processing module 160 and a second response sending module 170. Wherein:
a second named pipe establishing module 310, configured to establish a first named pipe between the second smart card application and the system smart card service of the first terminal device;
a second request sending module 320, configured to send, by the second smart card application, the first smart card device access request to the system smart card service through the first naming channel;
a second response receiving module 330, configured to obtain, by the second smart card application, second response information sent by the system smart card service through a second naming channel;
the second request processing module 160 is configured to invoke a corresponding smart card service interface to perform a corresponding operation on the smart card device according to the type of the request after the system smart card service receives the access request of the second smart card device, so as to obtain second response information returned by the smart card device;
and a second response sending module 170, configured to send second response information to the second smart card application program through the second naming channel by using the system smart card service.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments in part.
Those of ordinary skill in the art will appreciate that all or part of the means embodiments described above may be implemented in hardware, or in software modules running on one or more hardware, and that all or part of the steps in method embodiments may be performed by program instructions to the associated hardware. It will be appreciated by persons skilled in the art that the methods and apparatus of the present invention are not limited to the examples described in the detailed description, which are provided for the purpose of illustrating the invention only and are not intended to limit the invention. Other embodiments will occur to those skilled in the art from a consideration of the specification and practice of the invention as claimed and as claimed in the claims and their equivalents.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (8)
1. A method of accessing a smart card device, comprising the steps of:
connecting a first terminal device and a smart card device; a first smart card application program corresponding to the smart card device is installed in the first terminal device;
establishing a first naming pipeline between a first smart card application program and a system smart card service of a first terminal device;
the first smart card application program sends a first smart card device access request to a system smart card service through the first naming pipeline;
the system smart card service receives the access request of the first smart card device, calls a corresponding smart card service interface to perform corresponding operation on the smart card device according to the type of the request, and acquires first response information returned by the smart card device;
the system smart card service sends the first response information to the first smart card application program through the first naming pipeline;
establishing a connection between a second terminal device and the first terminal device; a second smart card application program corresponding to the smart card device is installed in the second terminal device;
establishing a second naming pipeline between a second smart card application program and a system smart card service of the first terminal device, and sending a second smart card device access request to the system smart card service by the second smart card application program through the second naming pipeline;
the system smart card service receives the access request of the second smart card device, and calls a corresponding smart card service interface to perform corresponding operation on the smart card device according to the type of the request, so as to acquire second response information returned by the smart card device;
the system smart card service sends the second response message to the second smart card application program through a second naming channel.
2. A method of accessing a smart card device as claimed in claim 1, further comprising:
after the system smart card service detects that the smart card device is inserted, the system smart card service tries to connect the first named pipeline according to a preset first time interval by calling a named pipeline opening function createfile according to the pipeline name of the first named pipeline until connection is successful;
after the first smart card application program is started, a first named pipe is created according to the pipe name of the first named pipe, and a function ConnectNamedPipe waiting for connecting the named pipe is called to wait for the connection of the system smart card service;
the system smart card service communicates to the first named pipe through the call named pipe open function createfile.
3. The method of claim 1, wherein the first smart card access request includes a smart card device enumeration request, a device connection request, a device operation instruction, and a disconnection device connection request.
4. The method of claim 1, wherein before the first smart card application program sends the first smart card device access request to the system smart card service via the first naming channel, the method further comprises:
and the system smart card service performs security authentication on the first smart card application program, and receives a first smart card access request sent by the first smart card application program after the authentication is passed.
5. A method of accessing a smart card device according to any one of claims 1 to 4, wherein the first smart card application communicates with the system smart card service in accordance with a data format agreed upon by the first smart card application;
before the system smart card service sends the first response information to the first smart card application program, the system smart card service further comprises: and according to the data formats agreed by the first response information and the second response information, performing format conversion on the first response information, and sending the converted first response information to the first intelligent card application program.
6. An access system of a smart card device comprises a first terminal device and the smart card device; the method is characterized in that: the first terminal equipment is connected with the intelligent card equipment, and a first intelligent card application program corresponding to the intelligent card equipment is installed in the first terminal equipment;
the first terminal device includes:
the first named pipe establishing module is used for establishing a first named pipe between the first smart card application program and the system smart card service of the first terminal equipment;
the first request sending module is used for sending a first smart card device access request to a system smart card service by a first smart card application program through the first naming pipeline;
the first request processing module is used for calling a corresponding intelligent card service interface to perform corresponding operation on the intelligent card device according to the type of the request after the system intelligent card service receives the access request of the first intelligent card device, and acquiring first response information returned by the intelligent card device;
the first response sending module is used for sending first response information to the first smart card application program through the first naming pipeline by the system smart card service;
the first response receiving module is used for receiving the first response information by the first smart card application program through the first naming pipeline;
the system also comprises a second terminal device connected with the first terminal device, wherein a second smart card application program corresponding to the smart card device is installed in the second terminal device;
the second terminal device includes:
the second named pipe establishing module is used for establishing a first named pipe between the second smart card application program and the system smart card service of the first terminal equipment;
the second request sending module is used for sending the first smart card equipment access request to the system smart card service by the second smart card application program through the first naming pipeline;
the second response receiving module is used for acquiring second response information sent by the system smart card service through a second naming pipeline by a second smart card application program;
the first terminal device further includes:
the second request processing module is used for calling a corresponding intelligent card service interface to perform corresponding operation on the intelligent card device according to the type of the request after the system intelligent card service receives the access request of the second intelligent card device, and obtaining second response information returned by the intelligent card device;
and the second response sending module is used for sending second response information to the second smart card application program through the second naming pipeline by the system smart card service.
7. The access system of a smart card device of claim 6, wherein the first named pipe setup module comprises:
a connection attempting unit, configured to, after the system smart card service is started, attempt to connect the first named pipes by calling a named pipe opening function createfile according to a preset first time interval when the system smart card service detects that the smart card device is inserted, until connection is successful;
the pipeline re-establishing unit is used for establishing a first named pipeline according to the pipeline name of the first named pipeline after the first smart card application program is started, and calling a function ConnectNamedPipe waiting for the named pipeline to be connected to wait for the connection of the system smart card service;
and the pipeline communication unit is used for communicating the system smart card service to the first named pipeline through the calling named pipeline opening function createfile.
8. An access system for a smart card device according to any one of claims 6 to 7, wherein the first smart card access request includes a smart card device enumeration request, a device connection request, a device operation instruction, and a disconnect device connection request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611196195.7A CN106874800B (en) | 2016-12-22 | 2016-12-22 | Access method and system of smart card device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611196195.7A CN106874800B (en) | 2016-12-22 | 2016-12-22 | Access method and system of smart card device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106874800A CN106874800A (en) | 2017-06-20 |
| CN106874800B true CN106874800B (en) | 2023-06-23 |
Family
ID=59164117
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611196195.7A Active CN106874800B (en) | 2016-12-22 | 2016-12-22 | Access method and system of smart card device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106874800B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109901935B (en) * | 2017-12-11 | 2021-12-17 | 航天信息股份有限公司 | Method and equipment for communicating with USB Key |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102867255A (en) * | 2012-07-27 | 2013-01-09 | 郑州信大捷安信息技术股份有限公司 | Multi-operating system platform and mobile payment equipment E-bank USB key and working method thereof |
| CN103235910A (en) * | 2013-03-27 | 2013-08-07 | 公安部第三研究所 | Method achieving network account protection control based on smart card in iOS operation system |
| CN105404503A (en) * | 2015-10-22 | 2016-03-16 | 成都卫士通信息产业股份有限公司 | Method for supporting multiple terminals to remotely access to intelligent card in parallel |
| CN106201747A (en) * | 2016-07-22 | 2016-12-07 | 浪潮软件集团有限公司 | Method for accessing intelligent password equipment under limited user of WINDOWS system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102752375B (en) * | 2012-06-21 | 2015-10-28 | 惠州Tcl移动通信有限公司 | Realize the remote-operated method and system of smart card |
-
2016
- 2016-12-22 CN CN201611196195.7A patent/CN106874800B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102867255A (en) * | 2012-07-27 | 2013-01-09 | 郑州信大捷安信息技术股份有限公司 | Multi-operating system platform and mobile payment equipment E-bank USB key and working method thereof |
| CN103235910A (en) * | 2013-03-27 | 2013-08-07 | 公安部第三研究所 | Method achieving network account protection control based on smart card in iOS operation system |
| CN105404503A (en) * | 2015-10-22 | 2016-03-16 | 成都卫士通信息产业股份有限公司 | Method for supporting multiple terminals to remotely access to intelligent card in parallel |
| CN106201747A (en) * | 2016-07-22 | 2016-12-07 | 浪潮软件集团有限公司 | Method for accessing intelligent password equipment under limited user of WINDOWS system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106874800A (en) | 2017-06-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2017107732A1 (en) | Login status synchronization method and system | |
| US20090158033A1 (en) | Method and apparatus for performing secure communication using one time password | |
| CN104811455A (en) | Cloud computing identity authentication method | |
| CN106101147A (en) | A kind of method and system realizing smart machine and remote terminal dynamic encryption communication | |
| CN103037323B (en) | Based on random code verification system and the verification method thereof of mobile terminal | |
| US8856900B2 (en) | Method for authorising a connection between a computer terminal and a source server | |
| CN107113613B (en) | Server, mobile terminal, network real-name authentication system and method | |
| US20180255032A1 (en) | Wireless information passing and authentication | |
| CN110213247A (en) | A kind of method and system improving pushed information safety | |
| CN109150800A (en) | Login access method, system and storage medium | |
| WO2015131524A1 (en) | Remote access server method and web server | |
| CN103916848A (en) | Data backup and recovery method and system for mobile terminal | |
| CN105075219A (en) | Network system comprising a security management server and a home network, and method for including a device in the network system | |
| CN111541776A (en) | Safe communication device and system based on Internet of things equipment | |
| CN104702562A (en) | Terminal fusion service access method, terminal fusion service access system, and terminal | |
| CN106060042A (en) | Data processing method and device | |
| US20090129378A1 (en) | Surreptitious web server bias towards desired browsers | |
| CN103179564B (en) | Based on the network application login method of mobile terminal authentication | |
| CN106874800B (en) | Access method and system of smart card device | |
| CN102412969B (en) | Method for carrying out authentication by remotely using certificate and secret key, apparatus and system thereof | |
| CN107820136A (en) | A kind of video transmission method and system based on P2P | |
| WO2021143028A1 (en) | Internet of things equipment authentication method, electronic device and storage medium | |
| CN103108316A (en) | Authentication method, device and system for aerial card writing | |
| CN115129518A (en) | Backup and recovery method, device, equipment and medium for TEE (trusted execution environment) stored data | |
| CN114584971A (en) | Account registration method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |