CN107066894B - Multifunctional intelligent secret key equipment and operation instruction execution method and device thereof - Google Patents

Multifunctional intelligent secret key equipment and operation instruction execution method and device thereof Download PDF

Info

Publication number
CN107066894B
CN107066894B CN201710138730.1A CN201710138730A CN107066894B CN 107066894 B CN107066894 B CN 107066894B CN 201710138730 A CN201710138730 A CN 201710138730A CN 107066894 B CN107066894 B CN 107066894B
Authority
CN
China
Prior art keywords
application
application data
control module
operation control
called
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710138730.1A
Other languages
Chinese (zh)
Other versions
CN107066894A (en
Inventor
李东声
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tendyron Technology Co Ltd
Original Assignee
Tendyron Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tendyron Technology Co Ltd filed Critical Tendyron Technology Co Ltd
Priority to CN201710138730.1A priority Critical patent/CN107066894B/en
Publication of CN107066894A publication Critical patent/CN107066894A/en
Application granted granted Critical
Publication of CN107066894B publication Critical patent/CN107066894B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Facsimiles In General (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a multifunctional intelligent secret key device and an operation instruction execution method and a device thereof, wherein the method comprises the following steps: acquiring an application identifier of an application selected by an input instruction, judging whether the selected application is an installed application, and acquiring environment information of the selected application through a hardware driving module if the selected application is the installed application; the hardware driving module executes the following steps when receiving an externally input operation instruction each time: step 1, judging whether the operation instruction is in an instruction list, if so, executing step 2, and if not, executing step 5; step 2, judging whether the execution operation instruction needs to obtain authorization, if so, executing step 3, and if not, executing step 4; step 3, prompting a user to input authentication information, authenticating the authentication information input by the user, and executing the step 4 if the authentication is passed, or executing the step 5 if the authentication is not passed; step 4, sending the operation instruction to the selected application for execution; and 5, returning indication information of application operation failure by the operation control module.

Description

Multifunctional intelligent secret key equipment and operation instruction execution method and device thereof
Technical Field
the invention relates to the technical field of electronics, in particular to multifunctional intelligent secret key equipment and an operation instruction execution method and device thereof.
Background
The intelligent card reader-writer is an intermediate device for connecting the intelligent card and the host, and the core technology is to realize a complex intelligent card interface protocol and a USB interface protocol in the MCU so as to complete transparent data exchange between the intelligent card and the host.
the intelligent cipher Key is a hardware device (generally called USB Key) with a USB interface, a built-in intelligent card chip is arranged in the intelligent cipher Key, a cipher Key and a digital certificate of a user can be stored, and the authentication of the identity of the user is realized by utilizing a built-in cipher algorithm. Meanwhile, encryption and decryption processing, digital signature and signature verification can be realized, and important safety information can be stored.
a smart IC card is a secure product in which a CPU that is specially designed for security is packaged in a card of a standard size. The data and key inside the card are protected by the built-in smart card operating system, and the data or key inside the card cannot be directly operated by the outside through the control of the COS.
a dynamic Token (OTP Token) is a portable, hand-held, dynamic password computation and generation electronic product. Off-line, or connected to a computer. The hidden danger that the static password is intercepted, guessed, attacked and cracked is avoided. The dynamic password may be generated based on Time (Time), Event (Event), Challenge/Response (Challenge/Response), and the like.
At present, OTP, smart IC card, smart key, etc. are successfully used in various fields of commercial cipher applications, and they have advantages and disadvantages, and integrating these functions into one device (the device may be called as a multifunctional smart key device) will save more hardware cost, and at the same time, it is more convenient to carry and use. In specific application, because the integrated function of the multifunctional intelligent secret key device has a high requirement on security, how to ensure the security of each application and application data on the multifunctional intelligent secret key device is the most necessary problem for the multifunctional intelligent secret key device to solve.
Disclosure of Invention
The present invention is intended to solve the above-mentioned technical problems.
The invention mainly aims to provide an operation instruction execution method of a multifunctional intelligent secret key device.
Another object of the present invention is to provide an operation instruction execution apparatus for a multifunctional smart key device.
It is yet another object of the present invention to provide a multifunctional smart key device.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
one aspect of the present invention provides a method for executing an operation instruction of a multifunctional intelligent key device, including: the hardware driving module receives an input instruction for selecting application and sends the input instruction to the operation control module; the operation control module acquires an application identifier of the application selected by the input instruction; the operation control module judges whether the selected application is one of a plurality of applications installed by the multifunctional intelligent key device according to the application identifier; in the case that the selected application is determined to be one of a plurality of applications installed on the multifunctional smart key device, the operation control module acquires environment information of the selected application through the hardware driver module according to the application identifier, wherein the environment information includes: the instruction list and the authority information which are allowed to be executed by the application; after obtaining the environment information of the selected application, when the hardware driving module receives an externally input operation instruction each time, executing the following steps: step 1, the operation control module acquires an operation instruction input from the outside, judges whether the operation instruction is in the instruction list, if so, executes step 2, otherwise, executes step 5; step 2, judging whether the operation instruction needs to be authorized or not according to the authority information in the environment information, if so, executing step 3, otherwise, executing step 4; step 3, prompting the user to input authentication information, authenticating the authentication information input by the user, executing step 4 under the condition that the authentication is passed, and executing step 5 under the condition that the authentication is not passed; step 4, the operation instruction is sent to the selected application for execution; and 5, returning indication information of application operation failure by the operation control module.
optionally, the environment information further includes: space information for recording a physical storage space pre-allocated to the selected application; after step 4, the method further comprises: the operation control module receives an application data calling request sent by the selected application when the operation instruction is executed, wherein the application data calling request carries identification information of application data requested to be called; the operation control module judges whether the called application data belongs to the application data under the file system of the selected application according to the identification information; the operation control module judges whether the physical storage address of the called application data belongs to the physical storage space pre-allocated to the selected application according to the space information; and under the condition that the called application data belong to the application data under the file system of the selected application and the physical storage address of the called application data belongs to the physical storage space pre-allocated to the selected application, the operation control module calls the called application data and returns the called application data to the selected application.
Optionally, before the operation control module invokes the called application data, the method further includes: the operation control module inquires the authority information, judges whether the selected application has the authority of calling the called application data, and executes the operation of calling the called application data under the condition that the selected application is determined to have the authority of calling the called application data.
Optionally, the determining, by the operation control module, whether the called application data belongs to the application data under the file system of the selected application according to the identification information includes: the operation control module sends the application identifier and the identifier information to the hardware driving module; the hardware driving module judges whether the application data corresponding to the identification information is found under the file system corresponding to the application identification, and informs the operation control module of the finding result; and the operation control module judges whether the called application data belongs to the application data under the file system of the selected application according to the search result.
Optionally, after the operation control module obtains the application identifier of the selected application, the method further includes: the operation control module acquires all application data under the file system corresponding to the application identifier through the hardware driving module and loads all the application data into a memory; the operation control module judges whether the called application data belongs to the application data under the file system of the selected application according to the identification information, and the judgment comprises the following steps: and the operation control module judges whether application data corresponding to the identification information exists in the memory, if so, the called application data is determined to belong to the application data under the file system of the selected application, otherwise, the called application data is determined not to belong to the application data under the file system of the selected application.
optionally, before sending the operation instruction to the selected application for execution, the method further includes: and the operation control module judges whether the application identifier carried in the operation instruction is consistent with the application identifier of the selected application or not, and if so, executes the step of sending the operation instruction to the selected application for execution.
Another aspect of the present invention provides an apparatus for executing an operation instruction of a multifunctional smart key device, including: the hardware driving module is used for receiving an input instruction for selecting application and sending the input instruction to the operation control module; the operation control module is configured to obtain an application identifier of an application selected by the input instruction, determine, according to the application identifier, whether the selected application is one of multiple applications installed on the multifunctional smart key device, and obtain, by the hardware driving module, environment information of the selected application according to the application identifier, where the environment information includes: the instruction list and the authority information which are allowed to be executed by the application; the hardware driving module is further configured to receive an operation instruction input from the outside, and send the operation instruction to the operation control module; the operation control module is further configured to: acquiring an operation instruction input from the outside, judging whether the operation instruction is in the instruction list, judging whether the operation instruction needs to be authorized or not according to the authority information in the environment information under the condition that the operation instruction is in the instruction list, prompting a user to input authentication information and authenticating the authentication information input by the user under the condition that the operation instruction needs to be authorized, sending the operation instruction to the selected application to be executed under the condition that the authentication is passed, and sending the operation instruction to the selected application to be executed under the condition that the operation instruction does not need to be authorized; and returning indication information of application operation failure under the condition that the operation instruction is not in the instruction list or the condition that the authentication of the authentication information input by the user is not passed.
Optionally, the environment information further includes: space information for recording a physical storage space pre-allocated to the selected application; the operation control module is further configured to: receiving an application data calling request sent by the selected application when the selected application executes the operation instruction, wherein the application data calling request carries identification information of application data requested to be called; judging whether the called application data belongs to the application data under the file system of the selected application or not according to the identification information; judging whether the physical storage address of the called application data belongs to a physical storage space pre-allocated to the selected application according to the space information; and under the condition that the called application data belong to the application data under the file system of the selected application and the physical storage address of the called application data belongs to the physical storage space pre-allocated to the selected application, calling the called application data and returning the called application data to the selected application.
Optionally, the operation control module is further configured to: and inquiring the authority information before calling the called application data, judging whether the selected application has the authority to call the called application data, and executing the operation of calling the called application data under the condition that the selected application is determined to have the authority to call the called application data.
optionally, the operation control module is specifically configured to determine whether the invoked application data belongs to application data under a file system of the selected application by: sending the application identifier and the identifier information to the hardware driving module; judging whether the called application data belongs to the application data under the file system of the selected application according to a search result returned by the hardware driving module; the hardware driver module is further configured to: and judging whether the application data corresponding to the identification information is found under the file system corresponding to the application identification, and informing the operation control module of the search result.
Optionally, the operation control module is further configured to: after acquiring the application identifier of the selected application, acquiring all application data under a file system corresponding to the application identifier through the hardware driving module, and loading all the application data into a memory; the operation control module is specifically configured to determine whether the invoked application data belongs to application data under the file system of the selected application by: judging whether the application data corresponding to the identification information exists in the memory, if so, determining that the called application data belongs to the application data under the file system of the selected application, otherwise, determining that the called application data does not belong to the application data under the file system of the selected application
optionally, the operation control module is further configured to: before sending the operation instruction to the selected application for execution, judging whether the application identifier carried in the operation instruction is consistent with the application identifier of the selected application, and if so, executing the operation of sending the operation instruction to the selected application for execution.
In another aspect, the present invention provides a multifunctional smart key device, which is characterized by comprising the operating instruction execution means of the multifunctional smart key device described above.
It can be seen from the foregoing technical solutions provided by the present invention that, in the technical solution provided by the present invention, an intelligent key device provides an application selection function, a user can select an application that needs to be currently used according to an actual demand input instruction, the intelligent key device obtains environment information of the selected application under the condition that it is determined that the selected application has been installed, performs security authentication according to information recorded in the environment information after receiving an operation instruction subsequently, and sends the operation instruction to a corresponding application for execution after the security authentication is passed, thereby ensuring the security of an application program and avoiding a security problem caused by an illegal call of the application program on a multifunctional intelligent key device.
Drawings
in order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of an operation instruction execution apparatus of a multifunctional smart key device according to embodiment 1 of the present invention;
FIG. 2 is a block diagram illustrating an operation instruction execution apparatus of a multifunctional smart key device according to embodiment 1 of the present invention;
FIG. 3 is a schematic structural diagram of a multifunctional smart key device according to embodiment 2 of the present invention;
FIG. 4 is a flowchart illustrating a method for executing operating instructions of a multifunctional smart key device according to embodiment 3 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
in the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
Example 1
The embodiment provides an operation instruction execution device of a multifunctional intelligent key device. The apparatus may be located in a multifunctional smart key device and may execute the operating instructions received by the multifunctional smart key device.
fig. 1 is a schematic structural diagram of an operation instruction execution apparatus of a multifunctional smart key device provided in this embodiment, and as shown in fig. 1, the operation instruction execution apparatus of the multifunctional smart key device provided in this embodiment mainly includes: a hardware driver module 10 and an operation control module 20.
The following describes the functions and interactions of the functional modules of the operation instruction execution device of the multifunctional smart key device provided in this embodiment.
in this embodiment, the hardware driver module 10 is configured to receive an input instruction for selecting an application, and send the input instruction to the operation control module 20; an operation control module 20, configured to obtain an application identifier of an application selected by the input instruction, determine, according to the application identifier, whether the selected application is one of multiple applications installed on the multifunctional smart key device, and obtain, by the hardware driver module 10 and according to the application identifier, environment information of the selected application in the case where it is determined that the selected application is one of the multiple applications installed on the multifunctional smart key device, where the environment information includes: the instruction list and the authority information which are allowed to be executed by the application; the hardware driving module 10 is further configured to receive an operation instruction input from the outside, and send the operation instruction to the operation control module 20; the operation control module 20 is further configured to: acquiring an operation instruction input from the outside, judging whether the operation instruction is in the instruction list, judging whether the operation instruction needs to be authorized or not according to the authority information in the environment information under the condition that the operation instruction is in the instruction list, prompting a user to input authentication information and authenticating the authentication information input by the user under the condition that the operation instruction needs to be authorized, sending the operation instruction to the selected application to be executed under the condition that the authentication is passed, and sending the operation instruction to the selected application to be executed under the condition that the operation instruction does not need to be authorized; and returning indication information of application operation failure under the condition that the operation instruction is not in the instruction list or the condition that the authentication of the authentication information input by the user is not passed.
In the above-mentioned device provided in this embodiment, a plurality of applications, for example, an OTP application for implementing an OTP function, an IC card application for implementing a smart IC card function, and a smart key application for implementing a smart key function, may be installed in advance, a user may select an application that needs to be used currently according to an actual demand input instruction, after receiving the input instruction, the input instruction is distributed to the operation control module 20, and in the case where the operation control module 20 determines that the selected application has been locally installed, the environment information of the selected application is acquired by the hardware driver module 10, after receiving the operation instruction subsequently, the security authentication is carried out according to the information recorded in the environment information, after the security authentication is passed, the operation instruction is sent to the corresponding application for execution, so that the execution security of the application program is ensured, and the security problem caused by the fact that the application program on the multifunctional intelligent secret key device is illegally called is avoided.
in this embodiment, the operation control module 20 may load the environment information of the selected application into the memory, and when an input instruction to exit the currently selected application or select a new application is received, the memory is emptied, so as to increase the processing speed of the program.
In a specific implementation process, an external interface may be provided in the hardware driving module 10, including but not limited to a hardware input port (e.g., a keyboard), a wired external communication interface (e.g., a USB interface, etc.), or a wireless external communication interface (e.g., bluetooth, etc.), and a user or an external device may input an input instruction or an operation instruction for selecting an application through the external interface.
In this embodiment, in the hardware layer, for each locally installed application, the environment information of the application may be stored, and when the operation control module 20 determines that the selected application is locally installed, the hardware driver module 10 may read the environment information corresponding to the selected application.
In an optional implementation manner of this embodiment, the authority information in the environment information may record the authority that the corresponding application needs to acquire when executing some operation instructions, for example, before executing an operation instruction for reading a key, a PIN code authentication needs to be acquired; in addition, the authority information may also record whether the corresponding application has authority to execute some operation instructions, for example, the smart IC card application has no authority to read the signature key, and so on.
in an optional implementation of this embodiment, the environment information may further include: space information for recording a physical storage space pre-allocated to the selected application; the operation control module 20 may be further configured to: receiving an application data calling request sent by the selected application when the selected application executes the operation instruction, wherein the application data calling request carries identification information of application data requested to be called; judging whether the called application data belongs to the application data under the file system of the selected application or not according to the identification information; judging whether the physical storage address of the called application data belongs to a physical storage space pre-allocated to the selected application according to the space information; and under the condition that the called application data belong to the application data under the file system of the selected application and the physical storage address of the called application data belongs to the physical storage space pre-allocated to the selected application, calling the called application data and returning the called application data to the selected application.
That is, in the above-mentioned optional embodiment, when the selected application executes the operation instruction, it needs to call the application data stored in the bottom layer, and when receiving the request for calling the application data sent by the selected application, the operation control module 20 executes two determination operations to ensure the security of the application data, where one determination operation is to determine whether the application data requested to be called is the application data under the file system of the selected application, and the other determination operation is to determine whether the physical storage address of the application data requested to be called is the physical storage space pre-allocated to the selected application, and only if the two determination operations are both yes, the application data requested by the selected application is called and sent to the selected application, so as to ensure the security of the application data and avoid calling the application data across applications, for example, when executing an IC card application, a private signature key of a smart key is called.
In the foregoing optional embodiment, optionally, the operation control module 20 may be specifically configured to determine whether the invoked application data belongs to application data under a file system of the selected application by: sending the application identifier and the identifier information of the application data requested to be called to the hardware driving module 10; judging whether the called application data belongs to the application data under the file system of the selected application according to a search result returned by the hardware driving module 10; the hardware driver module 10 may further be configured to: it is determined whether the application data corresponding to the identification information is found under the file system corresponding to the application identification, and the operation control module 20 is notified of the search result. That is, in this optional embodiment, the operation control module 20 sends the application identifier and the identifier information of the application data requested to be called to the hardware driver module 10, and the hardware driver module 10 searches for the identifier information of the application data in the file system corresponding to the application identifier, and if the identifier information of the application data is found, it indicates that the application data requested to be called belongs to the file system of the application, otherwise, it indicates that the application data requested to be called does not belong to the file system of the application. By adopting the mode, the judgment can be directly carried out through the hardware driving module 10, all application data under the file system of the currently selected application do not need to be loaded to the memory in advance, and other additional processing is reduced.
In an optional implementation of the embodiment of the present invention, the operation control module 20 may be further configured to: after acquiring the application identifier of the selected application, acquiring all application data under the file system corresponding to the application identifier through the hardware driving module 10, and loading all the application data into a memory; in this optional embodiment, the operation control module 20 is specifically configured to determine whether the invoked application data belongs to application data under the file system of the selected application by: and judging whether application data corresponding to the identification information exists in the memory, if so, determining that the called application data belongs to the application data under the file system of the selected application, otherwise, determining that the called application data does not belong to the application data under the file system of the selected application. That is, in this optional embodiment, after acquiring the application identifier of the selected application, the operation control module 20 loads all application data under the file system corresponding to the application identifier into the memory through the hardware drive module 10, before invoking a certain application data, searches whether the application data requested to be invoked exists in all application data under the file system of the application loaded in the memory according to the identification information of the application data requested to be invoked, and if so, indicates that the application data requested to be invoked belongs to the application data under the file system corresponding to the selected application, otherwise, indicates that the application data requested to be invoked does not belong to the application data under the file system corresponding to the selected application. Through the optional implementation manner, the operation control module 20 may load all application data under the file system corresponding to the selected application into the memory in advance, so that the application data does not need to be called through the hardware driving module after the operation instruction corresponding to the selected application is received each time, the determination speed for determining whether the application data requested to be called belongs to the file system corresponding to the selected application can be increased, and the execution efficiency of the operation instruction can be increased.
In the above optional embodiment, after acquiring the application identifier of the selected application, the operation control module 20 loads all application data in the file system corresponding to the application identifier into the memory through the hardware driver module 10, and when the operation control module 20 calls the called application data, the operation control module may directly acquire the called application data from the memory, so as to improve the speed of calling the application data.
In the foregoing optional implementation manner, optionally, when the space information in the environment information records that a physical storage space is allocated in advance for a corresponding application, a physical address range may be recorded, or only a starting physical address and a size of the physical storage space allocated for the application may be recorded, which is not limited in this embodiment.
In the above optional embodiment, the authority information in the environment information may further record the authority to invoke each application data, and therefore, optionally, the operation control module 20 may be further configured to query the authority information of the selected application before invoking the invoked application data, determine whether the selected application has the authority to invoke the invoked application data, and execute the operation to invoke the invoked application data when it is determined that the selected application has the authority to invoke the invoked application data. Through the optional implementation mode, the illegal calling of the application data can be avoided, and the safety of the application data is ensured.
in an optional implementation manner of this embodiment of the present invention, in order to avoid performing an operation instruction of another application by mistake in the process of executing the selected application, for example, after the user selects the OTP application of the multifunctional smart key device, the external card reader sends a card reading request to the multifunctional smart key device, in this embodiment, the operation control module 20 may be further configured to: before sending the operation instruction to the selected application for execution, determining whether an application identifier carried in the operation instruction is consistent with an application identifier of the selected application (for example, a currently selected application OTP), and if so, executing an operation of sending the operation instruction to the selected application for execution. With this optional implementation, it may be ensured that after a user selects an application, the multifunction smart key device may no longer execute the operating instructions of other applications beyond the application, avoiding insecurity of application execution due to multifunction smart key device jumping between multiple application programs.
in a specific application, the operation control module 20 may be implemented by an operation control layer in the multifunctional smart key device, and the hardware driver module 10 may be implemented by a hardware driver layer in the multifunctional smart key device, where the hardware driver layer communicates with the outside through an external interface, and the hardware driver layer may directly access a storage device on the bottom layer of the multifunctional smart key device.
In an optional implementation of the embodiment of the present invention, the hardware driver layer may integrate a function of the scheduling layer, and associate, cooperatively manage and invoke a plurality of applications in the multifunctional intelligent key device, thereby normalizing the flow. Alternatively, in another alternative embodiment of this embodiment, as shown in fig. 2, the scheduling layer may be provided separately from the hardware driving layer. In the configuration shown in fig. 2, the external interface receives an externally input application selection instruction (step 1), the hardware driver layer sends the application selection instruction to the scheduling layer (step 2), the scheduling layer schedules the application selection instruction to the operation control layer (step 3), the operation control layer reads environment information of the selected application stored in the bottom layer through the hardware driver layer (step 4) in the case that the application selected by the application selection instruction is determined (in this embodiment, it is assumed that three applications, i.e., application 1, application 2, and application 3 are installed in the multifunctional smart key device, the selected application is application 2) to be a locally installed application, and then, when the external interface receives an operation instruction (step 5), the hardware driver layer sends the operation instruction to the scheduling layer (step 6), and the scheduling layer sends the operation instruction to the operation control layer (step 7), and the operation control layer judges whether the operation instruction is in an instruction list of the environment information or not according to the read environment information of the current application, if so, further judges whether the operation instruction needs to be authorized or not, and if not, returns indication information of operation failure. If the operation is judged to be executed and authorization is required, prompting the user to input authentication information, authenticating the authentication information input by the user, sending an operation instruction to the selected application (step 8) under the condition that the authentication is passed, and if the authentication is not passed, returning indication information of application operation failure; if it is determined that authorization is not required to perform the operation, the operation instruction is directly sent to the selected application (step 8). After receiving the operation instruction, the selected application executes the corresponding operation, if the application data needs to be called, the application sends a call request of the application data to the operation control layer (step 9), after the operation control layer receives the call request of the application data, determining whether the physical storage address of the application data requested to be called by the application is in the physical storage space allocated to the application and whether the application data requested to be called is under the file system of the application, and if the judgment results are yes, the operation control layer sends an application data calling request to the hardware drive layer (step 10), the hardware drive layer reads application data requested to be called from the file system of the application, the application data is returned to the operation control layer (step 11), and the operation control layer returns the application data to the application (step 12).
by the operation instruction execution device of the multifunctional intelligent key device, multiple applications can be realized on the same intelligent key device, and each application can be isolated, so that a special instruction in each application can only be effective in the application, and application data of each application can only be called by the application, thereby avoiding security loopholes among multiple applications and improving the security of the multifunctional intelligent key device.
example 2
The present embodiments provide a multifunctional smart key device.
Fig. 3 is a schematic structural diagram of a multifunctional smart key device provided in this embodiment, and as shown in fig. 3, the multifunctional key device provided in this embodiment mainly includes an operation instruction execution apparatus of the multifunctional smart key device described in embodiment 1, and the functions of the apparatus may specifically refer to the description of embodiment 1, which is not described herein again.
as shown in FIG. 3, in an alternative implementation of this embodiment, the multifunctional smart key device may further include: memory 30, display unit 40, power supply 50, and input unit 60. Those skilled in the art will appreciate that the configuration of a multi-function smart key device illustrated in FIG. 3 does not constitute a limitation of multi-function smart key devices, and may include more or fewer components than those illustrated, or some components may be combined, or a different arrangement of components.
The various components of the multifunctional smart key device will now be briefly described with reference to FIG. 3:
memory 30 may be used to store software programs and data, and may mainly include a program storage area and a data storage area, where the program storage area may store an operating system, application programs (such as OTP, smart IC card, card reader, etc.) required for the respective functions of the multifunctional smart key device, and the like; the stored data area may store application data (e.g., audio data, a phonebook, etc.) created from various applications in the multifunction smart key device, and the like.
Input unit 60 may be used to receive entered numeric or character information and generate key signal inputs relating to user settings and function controls of the multifunction smart key device. Specifically, the input unit 60 may include a touch panel 61 and other input devices 62. The touch panel 61, also called a touch screen, may collect touch operations of a user on or near the touch panel 61 (for example, operations of the user on or near the touch panel 61 by using any suitable object or accessory such as a finger or a stylus pen), and drive the corresponding connection device according to a preset program. The input unit 60 may include other input devices 62 in addition to the touch panel 61. In particular, other input devices 62 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
Display unit 40 may be used to display information entered by or provided to the user as well as various menus for the multifunction smart key device. The Display unit 40 may include a Display panel 41, and optionally, the Display panel 41 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like. Further, touch panel 61 may cover display panel 41 as an external interface for the multifunctional smart key device. Although in FIG. 3, touch panel 61 and display panel 41 are shown as two separate components to implement the input and output functions of the multifunction smart key device, in some embodiments, touch panel 61 and display panel 41 may be integrated to implement the input and output functions of the multifunction smart key device.
Multifunctional smart key device may also include a power supply 50 (such as a battery) that powers the various components.
Although not shown, the multifunctional smart key device may also include a camera, a Bluetooth module, etc., which are not described in detail herein.
Example 3
This embodiment provides a method for executing an operation instruction of a multifunctional smart key device, which may be implemented by the operation instruction executing apparatus of the multifunctional smart key device described in embodiment 1 or the multifunctional smart key device described in embodiment 2. The following mainly describes the flow of the operation instruction execution method of the multifunctional smart key device provided in this embodiment, and other relevant contents may be referred to the description of embodiment 1 or 2.
Fig. 4 is a flowchart of an operation instruction execution method of a multifunctional smart key device according to this embodiment, and as shown in fig. 4, the method mainly includes the following steps:
Step S401, a hardware driving module receives an input instruction for selecting an application and sends the input instruction to an operation control module;
step S402, the operation control module obtains the application identification of the application selected by the input instruction;
Step S403, the operation control module judges whether the selected application is one of a plurality of applications installed on the multifunctional intelligent key device according to the application identifier;
Step S404, when the selected application is determined to be one of the plurality of applications installed on the multifunctional smart key device, the operation control module obtains environment information of the selected application through the hardware driving module according to the application identifier, wherein the environment information includes: the instruction list and the authority information which are allowed to be executed by the application;
after the environment information of the selected application is acquired, when the hardware driving module receives an operation instruction input from the outside each time, the subsequent steps S405 to S409 are executed, that is, when the hardware driving module receives an operation instruction input from the outside each time, the steps S405 to S409 are executed in a loop.
Step S405, the operation control module acquires the externally input operation instruction, judges whether the operation instruction is in the instruction list, if so, executes step S406, otherwise, executes step S409;
Step S406, judging whether the operation instruction needs to be authorized or not according to the authority information in the environment information, if so, executing step S407, otherwise, executing step S408;
step 407, prompting the user to input authentication information, authenticating the authentication information input by the user, executing step 408 if the authentication is passed, and executing step 409 if the authentication is not passed;
Step S408, sending the operation instruction to the selected application for execution;
step S409, the operation control module returns indication information of application operation failure.
In the method provided by this embodiment, a user may select an application that needs to be used currently according to an actual demand input instruction, the hardware driver module allocates the input instruction to the operation control module after receiving the input instruction, the operation control module obtains environment information of the selected application through the hardware driver module under the condition that it is determined that the selected application is installed locally, after receiving the operation instruction subsequently, performs security authentication according to information recorded in the environment information, and sends the operation instruction to the corresponding application to be executed after the security authentication is passed, thereby ensuring the security of the application program and avoiding a security problem caused by the illegal invocation of the application program on the multifunctional intelligent key device.
in this embodiment, the operation control module may load the environment information of the selected application into the memory, and empty the memory when receiving an input instruction to exit the currently selected application or select a new application, so as to increase the processing speed of the program.
In a specific implementation process, an external interface may be provided in the hardware driving module, including but not limited to a hardware input port (e.g., a keyboard), a wired external communication interface (e.g., a USB interface, etc.), or a wireless external communication interface (e.g., bluetooth, etc.), and a user or an external device may input an input instruction or an operation instruction for selecting an application through the external interface.
in this embodiment, in the hardware layer, for each locally installed application, the environment information of the application may be stored in advance, and the operation control module may read the environment information corresponding to the selected application through the hardware driver module when determining that the selected application is locally installed.
In an optional implementation of the embodiment of the present invention, the environment information further includes: space information for recording a physical storage space pre-allocated to the selected application; after step S408, the method further comprises: the operation control module receives an application data calling request sent by the selected application when the operation instruction is executed, wherein the application data calling request carries identification information of application data requested to be called; the operation control module judges whether the called application data belongs to the application data under the file system of the selected application according to the identification information; the operation control module judges whether the physical storage address of the called application data belongs to the physical storage space pre-allocated to the selected application according to the space information; and under the condition that the called application data belong to the application data under the file system of the selected application and the physical storage address of the called application data belongs to the physical storage space pre-allocated to the selected application, the operation control module calls the called application data and returns the called application data to the selected application.
That is, in the above alternative embodiment, when the selected application executes the operation instruction, it needs to call the application data stored in the bottom layer, when the operation control module receives an application data calling request sent by a selected application, in order to ensure the safety of the application data, the operation control module executes two judgment operations, wherein one judgment operation is to judge whether the application data requested to be called is the application data under the file system of the selected application, the other judgment operation is to judge whether the physical storage address of the application data requested to be called is the physical storage space pre-allocated to the selected application, and the application data requested by the selected application is called only under the condition that the judgment of the two judgment operations is yes, and sending the application data to the selected application, thereby ensuring the safety of the application data and avoiding the cross-application calling of the application data.
In the foregoing optional implementation manner, optionally, the determining, by the operation control module according to the identification information, whether the called application data belongs to application data under a file system of the selected application may include: the operation control module sends the application identifier and the identifier information to the hardware driving module; the hardware driving module judges whether the application data corresponding to the identification information is found under the file system corresponding to the application identification, and informs the operation control module of the finding result; and the operation control module judges whether the called application data belongs to the application data under the file system of the selected application according to the search result. That is, in this optional embodiment, the operation control module sends the application identifier and the identifier information of the application data to the hardware driver module, and the hardware driver module searches for the identifier information of the application data in the file system corresponding to the application identifier, and if the identifier information is found, it indicates that the application data requested to be called belongs to the file system of the application, otherwise, it indicates that the application data requested to be called does not belong to the file system of the application. By adopting the mode, the judgment can be directly carried out through the hardware driving module, all application data under the file system of the currently selected application do not need to be loaded to the memory in advance, and other additional processing is reduced.
In an optional implementation of the embodiment of the present invention, after the operation control module obtains the application identifier of the selected application, the method further includes: the operation control module acquires all application data under the file system corresponding to the application identifier through the hardware driving module and loads all the application data into a memory; the operation control module judges whether the called application data belongs to the application data under the file system of the selected application according to the identification information, and the judgment comprises the following steps: and the operation control module judges whether application data corresponding to the identification information exists in the memory, if so, the called application data is determined to belong to the application data under the file system of the selected application, otherwise, the called application data is determined not to belong to the application data under the file system of the selected application. That is, in this optional embodiment, after acquiring the application identifier of the selected application, the operation control module loads, through the hardware drive module, all application data under the file system corresponding to the application identifier into the memory, before invoking a certain application data, searches whether the application data requested to be invoked exists in all application data under the file system of the application loaded in the memory according to the identifier information of the application data requested to be invoked, and if so, indicates that the application data requested to be invoked belongs to the application data under the file system corresponding to the selected application, otherwise, indicates that the application data requested to be invoked does not belong to the application data under the file system corresponding to the selected application. Through the optional implementation mode, the operation control module can load all application data under the file system corresponding to the selected application into the memory in advance, so that the application data does not need to be called through the hardware driving module after the operation instruction corresponding to the selected application is received each time, the judgment speed for judging whether the application data requested to be called belongs to the file system corresponding to the selected application can be improved, and the execution efficiency of the operation instruction is improved.
In the above optional embodiment, after the operation control module obtains the application identifier of the selected application, under the condition that all application data in the file system corresponding to the application identifier is loaded into the memory through the hardware driving module, the operation control module may directly obtain the called application data from the memory when calling the called application data, so as to improve the speed of calling the application data.
In the foregoing optional implementation manner, optionally, when the space information in the environment information records that a physical storage space is allocated in advance for a corresponding application, a physical address range may be recorded, or only a starting physical address and a size of the physical storage space allocated for the application may be recorded, which is not limited in this embodiment.
In the above optional embodiment, the authority information in the environment information may further record an invoking authority of each application data, and therefore, optionally, before the operation control module invokes the invoked application data, the method may further include: the operation control module inquires the authority information, judges whether the selected application has the authority of calling the called application data, and executes the operation of calling the called application data under the condition that the selected application is determined to have the authority of calling the called application data. Through the optional implementation mode, the illegal calling of the application data can be avoided, and the safety of the application data is ensured.
In an optional implementation manner of the embodiment of the present invention, in order to avoid that, during the process of executing a selected application, an operation instruction of another application is executed by mistake, for example, after a user selects an OTP application of a multifunctional smart key device, an external card reader sends a card reading request to the multifunctional smart key device, in this embodiment, before sending the operation instruction to the selected application for execution, the method may further include: and the operation control module judges whether the application identifier carried in the operation instruction is consistent with the application identifier of the selected application or not, and if so, executes the step of sending the operation instruction to the selected application for execution. With this optional implementation, it may be ensured that after a user selects an application, the multifunction smart key device may no longer execute the operating instructions of other applications beyond the application, avoiding insecurity of application execution due to multifunction smart key device jumping between multiple application programs.
By the operation instruction execution method of the multifunctional intelligent key device, multiple applications can be realized on the same intelligent key device, and each application can be isolated, so that a special instruction in each application can only be effective in the application, and application data of each application can only be called by the application, thereby avoiding security loopholes among multiple applications and improving the security of the multifunctional intelligent key device.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
the storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
in the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (11)

1. An operation instruction execution method of a multifunctional intelligent key device, comprising:
The hardware driving module receives an input instruction for selecting application and sends the input instruction to the operation control module;
The operation control module acquires an application identifier of the application selected by the input instruction;
The operation control module judges whether the selected application is one of a plurality of applications installed by the multifunctional intelligent key device according to the application identifier;
In the case that the selected application is determined to be one of a plurality of applications installed on the multifunctional smart key device, the operation control module acquires environment information of the selected application through the hardware driver module according to the application identifier, wherein the environment information includes: the instruction list and the authority information which are allowed to be executed by the application;
After obtaining the environment information of the selected application, when the hardware driving module receives an externally input operation instruction each time, executing the following steps:
step 1, the operation control module acquires an operation instruction input from the outside, judges whether the operation instruction is in the instruction list, if so, executes step 2, otherwise, executes step 5;
Step 2, judging whether the operation instruction needs to be authorized or not according to the authority information in the environment information, if so, executing step 3, otherwise, executing step 4;
Step 3, prompting the user to input authentication information, authenticating the authentication information input by the user, executing step 4 under the condition that the authentication is passed, and executing step 5 under the condition that the authentication is not passed;
Step 4, the operation instruction is sent to the selected application for execution;
Step 5, the operation control module returns indication information of application operation failure;
Before sending the operation instruction to the selected application for execution, the method further includes: and the operation control module judges whether the application identifier carried in the operation instruction is consistent with the application identifier of the selected application or not, and if so, executes the step of sending the operation instruction to the selected application for execution.
2. The method of claim 1,
The environment information further includes: space information for recording a physical storage space pre-allocated to the selected application;
After step 4, the method further comprises:
The operation control module receives an application data calling request sent by the selected application when the operation instruction is executed, wherein the application data calling request carries identification information of application data requested to be called;
The operation control module judges whether the called application data belongs to the application data under the file system of the selected application according to the identification information;
The operation control module judges whether the physical storage address of the called application data belongs to the physical storage space pre-allocated to the selected application according to the space information;
And under the condition that the called application data belong to the application data under the file system of the selected application and the physical storage address of the called application data belongs to the physical storage space pre-allocated to the selected application, the operation control module calls the called application data and returns the called application data to the selected application.
3. the method of claim 2, wherein prior to the operation control module invoking the invoked application data, the method further comprises:
The operation control module inquires the authority information, judges whether the selected application has the authority of calling the called application data, and executes the operation of calling the called application data under the condition that the selected application is determined to have the authority of calling the called application data.
4. The method according to claim 2, wherein the determining, by the operation control module, whether the called application data belongs to application data under a file system of the selected application according to the identification information includes:
the operation control module sends the application identifier and the identifier information to the hardware driving module;
the hardware driving module judges whether the application data corresponding to the identification information is found under the file system corresponding to the application identification, and informs the operation control module of the finding result;
And the operation control module judges whether the called application data belongs to the application data under the file system of the selected application according to the search result.
5. The method of claim 2,
After the operation control module obtains the application identifier of the selected application, the method further includes: the operation control module acquires all application data under the file system corresponding to the application identifier through the hardware driving module and loads all the application data into a memory;
The operation control module judges whether the called application data belongs to the application data under the file system of the selected application according to the identification information, and the judgment comprises the following steps: and the operation control module judges whether application data corresponding to the identification information exists in the memory, if so, the called application data is determined to belong to the application data under the file system of the selected application, otherwise, the called application data is determined not to belong to the application data under the file system of the selected application.
6. An operation instruction execution apparatus of a multifunctional smart key device, comprising:
The hardware driving module is used for receiving an input instruction for selecting application and sending the input instruction to the operation control module;
The operation control module is configured to obtain an application identifier of an application selected by the input instruction, determine, according to the application identifier, whether the selected application is one of multiple applications installed on the multifunctional smart key device, and obtain, by the hardware driving module, environment information of the selected application according to the application identifier, where the environment information includes: the instruction list and the authority information which are allowed to be executed by the application;
The hardware driving module is further configured to receive an operation instruction input from the outside, and send the operation instruction to the operation control module;
the operation control module is further configured to: acquiring an operation instruction input from the outside, judging whether the operation instruction is in the instruction list, judging whether the operation instruction needs to be authorized or not according to the authority information in the environment information under the condition that the operation instruction is in the instruction list, prompting a user to input authentication information and authenticating the authentication information input by the user under the condition that the operation instruction needs to be authorized, sending the operation instruction to the selected application to be executed under the condition that the authentication is passed, and sending the operation instruction to the selected application to be executed under the condition that the operation instruction does not need to be authorized; and returning indication information of application operation failure under the condition that the operation instruction is not in the instruction list or the condition that the authentication of the authentication information input by the user is not passed;
the operation control module is further configured to: before sending the operation instruction to the selected application for execution, judging whether the application identifier carried in the operation instruction is consistent with the application identifier of the selected application, and if so, executing the operation of sending the operation instruction to the selected application for execution.
7. the apparatus of claim 6,
the environment information further includes: space information for recording a physical storage space pre-allocated to the selected application;
the operation control module is further configured to: receiving an application data calling request sent by the selected application when the selected application executes the operation instruction, wherein the application data calling request carries identification information of application data requested to be called; judging whether the called application data belongs to the application data under the file system of the selected application or not according to the identification information; judging whether the physical storage address of the called application data belongs to a physical storage space pre-allocated to the selected application according to the space information; and under the condition that the called application data belong to the application data under the file system of the selected application and the physical storage address of the called application data belongs to the physical storage space pre-allocated to the selected application, calling the called application data and returning the called application data to the selected application.
8. the apparatus of claim 7,
the operation control module is further configured to: and inquiring the authority information before calling the called application data, judging whether the selected application has the authority to call the called application data, and executing the operation of calling the called application data under the condition that the selected application is determined to have the authority to call the called application data.
9. The apparatus of claim 7,
the operation control module is specifically configured to determine whether the invoked application data belongs to application data under the file system of the selected application by: sending the application identifier and the identifier information to the hardware driving module; judging whether the called application data belongs to the application data under the file system of the selected application according to a search result returned by the hardware driving module;
The hardware driver module is further configured to: and judging whether the application data corresponding to the identification information is found under the file system corresponding to the application identification, and informing the operation control module of the search result.
10. the apparatus of claim 7,
the operation control module is further configured to: after acquiring the application identifier of the selected application, acquiring all application data under a file system corresponding to the application identifier through the hardware driving module, and loading all the application data into a memory;
The operation control module is specifically configured to determine whether the invoked application data belongs to application data under the file system of the selected application by: and judging whether application data corresponding to the identification information exists in the memory, if so, determining that the called application data belongs to the application data under the file system of the selected application, otherwise, determining that the called application data does not belong to the application data under the file system of the selected application.
11. a multifunctional smart key device comprising the apparatus of any of claims 6 to 10.
CN201710138730.1A 2017-03-09 2017-03-09 Multifunctional intelligent secret key equipment and operation instruction execution method and device thereof Active CN107066894B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710138730.1A CN107066894B (en) 2017-03-09 2017-03-09 Multifunctional intelligent secret key equipment and operation instruction execution method and device thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710138730.1A CN107066894B (en) 2017-03-09 2017-03-09 Multifunctional intelligent secret key equipment and operation instruction execution method and device thereof

Publications (2)

Publication Number Publication Date
CN107066894A CN107066894A (en) 2017-08-18
CN107066894B true CN107066894B (en) 2019-12-10

Family

ID=59622528

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710138730.1A Active CN107066894B (en) 2017-03-09 2017-03-09 Multifunctional intelligent secret key equipment and operation instruction execution method and device thereof

Country Status (1)

Country Link
CN (1) CN107066894B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109586902B (en) * 2018-12-10 2021-07-20 飞天诚信科技股份有限公司 Intelligent key equipment and working method thereof
CN109831304B (en) * 2018-12-26 2024-04-02 北京握奇智能科技有限公司 Multi-application method and system of identity authentication equipment
CN109800561B (en) * 2018-12-29 2021-10-22 360企业安全技术(珠海)有限公司 Drive authority control method, client, system and storage medium
CN111124522B (en) * 2020-04-01 2020-08-04 广东戴维利科技有限公司 Method and system for mixing microkernel and macrokernel
CN112543454B (en) * 2020-11-30 2022-11-15 亚信科技(成都)有限公司 Authentication method and equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102222390A (en) * 2011-06-30 2011-10-19 飞天诚信科技股份有限公司 Multifunctional intelligent key device and working method thereof
CN102542323A (en) * 2010-11-16 2012-07-04 北京中电华大电子设计有限责任公司 Multifunctional visual intelligent card
CN103297243A (en) * 2013-06-14 2013-09-11 飞天诚信科技股份有限公司 Working method of multi-functional intelligent secret key device
CN105376059A (en) * 2014-08-15 2016-03-02 中国电信股份有限公司 Method and system for performing application signature based on electronic key
CN106022095A (en) * 2016-01-21 2016-10-12 李明 Safety device, safety control method and identity card card-reading terminal

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102542323A (en) * 2010-11-16 2012-07-04 北京中电华大电子设计有限责任公司 Multifunctional visual intelligent card
CN102222390A (en) * 2011-06-30 2011-10-19 飞天诚信科技股份有限公司 Multifunctional intelligent key device and working method thereof
CN103297243A (en) * 2013-06-14 2013-09-11 飞天诚信科技股份有限公司 Working method of multi-functional intelligent secret key device
CN105376059A (en) * 2014-08-15 2016-03-02 中国电信股份有限公司 Method and system for performing application signature based on electronic key
CN106022095A (en) * 2016-01-21 2016-10-12 李明 Safety device, safety control method and identity card card-reading terminal

Also Published As

Publication number Publication date
CN107066894A (en) 2017-08-18

Similar Documents

Publication Publication Date Title
CN107066894B (en) Multifunctional intelligent secret key equipment and operation instruction execution method and device thereof
US10554656B2 (en) Authentication processing method and electronic device supporting the same
US9183415B2 (en) Regulating access using information regarding a host machine of a portable storage drive
US8275994B2 (en) Information storage apparatus and password collation method
KR102058777B1 (en) Indirect authentication
US20070136804A1 (en) Method and apparatus for login local machine
US9891969B2 (en) Method and apparatus for device state based encryption key
EP3777082B1 (en) Trusted platform module-based prepaid access token for commercial iot online services
CN107944332A (en) Fingerprint recognition card and the method for operating fingerprint recognition card
KR101221272B1 (en) Mobile smartcard based authentication
CN104704505A (en) Protecting assets on a device
US20220108305A1 (en) Systems and methods for consent management by issuers on behalf of cardholders
CN107077355A (en) For the mthods, systems and devices initialized to platform
CN103279411A (en) Method and system of entering application programs based on fingerprint identification
CN104901805B (en) A kind of identification authentication methods, devices and systems
CN107451813B (en) Payment method, payment device and payment server
EP2437198B1 (en) Secure PIN reset process
EP3779765B1 (en) Radio frequency card function calling method and device
CN106255102B (en) Terminal equipment identification method and related equipment
CN108369618A (en) A kind of fingerprint identification method and terminal device
CN107615294A (en) A kind of identifying code short message display method and mobile terminal
CN109416800A (en) A kind of authentication method and mobile terminal of mobile terminal
JP2019520653A (en) System on chip and terminal
CN110941821A (en) Data processing method, device and storage medium
CN109977039A (en) HD encryption method for storing cipher key, device, equipment and readable storage medium storing program for executing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant