CN104144256A - Portable password device based on mobile terminal - Google Patents
Portable password device based on mobile terminal Download PDFInfo
- Publication number
- CN104144256A CN104144256A CN201410340474.0A CN201410340474A CN104144256A CN 104144256 A CN104144256 A CN 104144256A CN 201410340474 A CN201410340474 A CN 201410340474A CN 104144256 A CN104144256 A CN 104144256A
- Authority
- CN
- China
- Prior art keywords
- cryptographic function
- program
- cryptographic
- mobile terminal
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephone Function (AREA)
Abstract
The invention relates to a portable password device based on a mobile terminal. The password device comprises the mobile terminal, a password function program and a password module stub, wherein the mobile terminal has point-to-point communication capacity, the password function program runs in the mobile terminal and provides a password function, and the password module stub is located in a computing device which password application programs are in; the computing device which the password application programs are in has the capacity for data exchange with the mobile terminal through point-to-point communication; when one password application program calls the password function of the password module stub, the password module stub submits a password function call request to the password function program through a point-to-point communication mode, processing of password function calling is completed through the password function program, and a processing result is returned back; the password device carries out safety protection on usage of secret keys stored in the mobile terminal in the mode that a secure conversation is established between the password module stub and the password function program or password protection is adopted.
Description
Technical field
The invention belongs to field of information security technology, particularly a kind of portable cryptographic device based on mobile terminal.
Background technology
Used the people of Net silver to have such experience, in the time that you open a Net silver account in bank, bank tends to cryptographic hardware that cryptographic function is provided to computer by USB interface to you, and this cryptographic hardware is called as USB Key (USB cipher key).PKI digital certificate and private key thereof in USB Key, are deposited, the identity discriminating while logining Net silver account for user and/or the safeguard protection (signature that pays or transfer accounts) of online transaction payment or transfer of financial resources.The function of USB Key mainly comprises key generation, storage and crypto-operation.
Using the main cause one of USB Key is the safety of Protective Key (private key), and key is kept in special cryptographic hardware and can effectively prevents other people usurping key; Two are to provide ease of use, and user can carry USB Key and realize safety protection function at different computers, different local digital certificate and the private key thereof of using.But USB Key situation in actual applications provides the original intention of ease of use to disagree with it, this because of: the one, user may need to carry and use multiple for different application, from the USB Key of different manufacturers, such as provided by different bank, from the USB Key of different manufacturers, and various USB Key has different separately management and mode of operation, these carry to user and use USB Key to bring very large inconvenience; The 2nd, USB Key is very little, easily loses application or to buy USB Key cumbersome again after loss; The 3rd, in a lot of situations user need defrayment to purchase USB Key (bank can for its Net silver client Free distribution USB Key, pay dues but make up common needs after losing conventionally; And to other applicable cases, user will be normally USB Key defrayment).The problem of these inconveniences just, cause user would rather use unsafe user name, password or use comparatively safe dynamic password to comprise SMS, also be unwilling to use safe USB Key (we know that dynamic password comprises that SMS is in fact also not bery safe, have occurred using the situation that dynamic password, the network game user of SMS, bank-user account are stolen, cause heavy losses).
Except USB Key, also has a kind of portable cryptographic device, cryptographic smart cards (Smart Card).The password usage of cryptographic smart cards is the same with USB Key, but need to use special card-reading apparatus, therefore, except special occasion is used (as social security card, medical insurance card, bank card), cryptographic smart cards use not generally in daily life and work, and cryptographic smart cards carry with use procedure in there is the problem same with USB Key.
Summary of the invention
The object of this invention is to provide a kind of portable cryptographic device based on mobile terminal that utilizes the mobile terminal such as mobile phone, panel computer to realize cryptographic function, to overcome the deficiencies in the prior art.
To achieve these goals, the technical solution adopted in the present invention is:
A portable cryptographic device based on mobile terminal, described encryption apparatus comprises following assembly:
Mobile terminal: the portable device (as cell phone, panel computer) with program execution and computing capability of a kind of user; Described mobile terminal has the ability of carrying out exchanges data by point-to-point (Point to Point) communication mode and other calculation element (as desktop computer, portable computer);
Cryptographic function program: one operates in the component software that cryptographic function is provided on mobile terminal; Described cryptographic function comprises key management and crypto-operation;
Crypto module is stayed stake (Stub): the component software (as dynamic base, com component etc.) that is positioned at cryptographic application place calculation element, provides cryptographic function to call to cryptographic application; Described cryptographic application is that the function that accesses to your password realizes the program of security purpose; Described crypto module place in stake calculation element is not the mobile terminal at cryptographic function program operation place; Described crypto module place in stake calculation element has the ability of carrying out exchanges data by point-to-point communication mode and cryptographic function program operation place mobile terminal;
When a cryptographic application (passing through interface) call described crypto module stay stake cryptographic function time, described crypto module is stayed stake, by point-to-point communication mode, cryptographic function call request is submitted to described cryptographic function program, complete the processing that cryptographic function calls and result is turned back to crypto module by cryptographic function program and stay stake, then stay stake by crypto module result is turned back to cryptographic application.
A kind of safety shield for the cryptographic function of mobile terminal is; before described crypto module is provided by a cryptographic function providing by cryptographic function program described in communication mode request call; crypto module is stayed between stake and cryptographic function program and is first set up secured session, and the foundation of secured session need to obtain the user's of cryptographic function program place mobile terminal participation or confirmation.
For a kind of safety shield that is stored in the key (comprising private key or symmetric key) in described mobile terminal be, stay stake when calling cryptographic function that described cryptographic function program provides and use the key being stored in mobile terminal by communication mode (as used private key data decryption or carrying out digital signature) at described crypto module, with key and by allowing user be confirmed whether the mode of permission key key to be carried out to safeguard protection, (crypto module is stayed stake can pass to cryptographic function program the name of cryptographic application to cryptographic application in calculation element of described cryptographic function program prompts user, and be shown to user).
Can implement for the safety shield of cryptographic function with for the safety shield of key simultaneously, also can only implement one of them.
Based on method of the present invention, the conventional mobile terminal of people becomes the portable cryptographic device of cryptographic hardware such as substituting USB Key, smart card, and a portable cryptographic device based on mobile terminal can be stored for the key of different Secure Application and comprise PKI digital certificate and private key, and user is without the hardware costs outside amount paid, this brings great convenience to user on the one hand, on the other hand again for user has saved the cost that uses security password.
Brief description of the drawings
Fig. 1 is the schematic diagram of encryption apparatus of the present invention.
Embodiment
Below in conjunction with drawings and Examples, the invention will be further described.
Implement the solution of the present invention, mobile terminal must have the ability of carrying out exchanges data by point-to-point communication mode and the computing equipment of operation cryptographic application.The specific embodiment of the present invention is illustrated as the computing equipment of implementing the mobile terminal of cryptographic function, move taking PC computer (comprising desk-top and portable PC computer) as cryptographic application as example using the mobile terminal based on Android (comprising mobile phone, panel computer) below.
Mobile terminal based on Android supports USB (Universal Serial Bus) communication to carry out exchanges data (point-to-point communication) with outside mostly, and current PC computer (comprising desk-top and portable PC computer) is almost all supported usb communication mode, therefore, Android mobile terminal can adopt usb communication mode with the communication of PC intercomputer.How between Android mobile terminal is with PC computer, to realize usb communication and comprise in network forum, blog having introduction in disclosed data, no longer narrate at this.
In addition, mobile terminal based on Android supports bluetooth (Bluetooth) communication mode and outside to carry out data interaction (bluetooth can build point-to-point peer-to-peer network) mostly, and nearly all portable PC computer is all supported Bluetooth communication mode, therefore Android mobile terminal also can adopt bluetooth with the communication of portable PC intercomputer.The technical scheme that how to realize Bluetooth communication between Android mobile terminal is with PC computer comprises in network forum, blog having introduction in disclosed data, wherein, cryptographic function program can adopt J2ME exploitation, and use JSR82API (JABWT) exploitation for Bluetooth technology, seldom introduce at this.
Cryptographic function program can adopt J2ME exploitation.In concrete enforcement, cryptographic function program both can be used as a server program (Server) and had implemented, and also can be used as a client-side program and implemented (Client).
If described cryptographic function program is to implement as a server program, it is a program that operates in mobile terminal backstage monitoring service cryptographic function call request, it can operate in mobile terminal backstage always, or in the time that user accesses to your password application program, started by user, and crypto module is a client-side program of cryptographic function program in stake.
If described cryptographic function program is to implement as a client-side program, also need in the computer of crypto module place in stake, implement an intermediary sevices program; In the time that user accesses to your password application program, cryptographic function program is started by user and connects intermediary sevices program as the client-side program of intermediary sevices program, and now, it is also the client-side program as intermediary sevices program that crypto module is stayed stake; Call crypto module in cryptographic application and stay in the process of stake, crypto module is stayed stake and is carried out data interaction through intermediary sevices program by communication mode and cryptographic function program.Intermediary sevices program can adopt C/C++ exploitation or other suitable technological development.
Crypto module is stayed stake can adopt the program language exploitation adapting with cryptographic application, as C/C++, COM etc.
Crypto module is stayed the foundation of the secured session between stake and cryptographic function program, and a kind of scheme is to adopt to point out the scheme of confirmation to user, and another kind of scheme is the scheme that adopts password authentication.
The user who sets up for secured session points out confirmation scheme, is specifically implemented as follows:
Crypto module is stayed stake calling before the cryptographic function of cryptographic function program, crypto module is stayed first request of stake and is set up secured session with cryptographic function program, cryptographic function program is used cryptographic function in mobile terminal by the mobile terminal cryptographic application request in computing equipment of user of pointing out, and (crypto module is stayed stake can pass to cryptographic function program the name of cryptographic application, and be shown to user), whether inquiry user allows, if user confirms to allow, cryptographic function program is returned to a session identification (Session ID), in the cryptographic function call request of crypto module submission in stake afterwards, all comprise this session identification.The function that crypto module is stayed stake can be provided by operating system obtains and calls the name of crypto module in the application program of stake.
The password authentication scheme of setting up for secured session, is specifically implemented as follows:
The cryptographic function of mobile terminal is subject to user password protection.Staying stake when crypto module is calling before the cryptographic function of cryptographic function program; crypto module is stayed stake and is first required user to input the protection password of cryptographic function; user inputs after password; crypto module is stayed stake the password of user's input is submitted to cryptographic function program; secured session is set up in request; cryptographic function program verification user's password, password authentication by after return to a session identification, in the cryptographic function call request of crypto module submission in stake afterwards, all comprise this session identification.
Have for other mobile terminal that carries out data exchange capability by communication mode and other computing equipment, it implements principle is the same, is that the developing instrument that provides of different mobile terminals comprises that communication drivers can be different.
Other unaccounted concrete technology are implemented, and are well-known, self-explantory for those skilled in the relevant art.
Claims (6)
1. the portable cryptographic device based on mobile terminal, is characterized in that: described encryption apparatus comprises following assembly:
Mobile terminal: the portable device with program execution and computing capability of a kind of user; Described mobile terminal has the ability of carrying out exchanges data by point-to-point communication mode and other calculation element;
Cryptographic function program: one operates in the component software that cryptographic function is provided on mobile terminal; Described cryptographic function comprises key management and crypto-operation;
Crypto module is stayed stake: the component software that is positioned at cryptographic application place calculation element, provides cryptographic function to call to cryptographic application; Described cryptographic application is that the function that accesses to your password realizes the program of security purpose; Described crypto module place in stake calculation element is not the mobile terminal at cryptographic function program operation place; Described crypto module place in stake calculation element has the ability of carrying out exchanges data by point-to-point communication mode and cryptographic function program operation place mobile terminal;
When a cryptographic application call described crypto module stay stake cryptographic function time, described crypto module is stayed stake, by point-to-point communication mode, cryptographic function call request is submitted to described cryptographic function program, complete the processing that cryptographic function calls and result is turned back to crypto module by cryptographic function program and stay stake, then stay stake by crypto module result is turned back to cryptographic application.
2. the portable cryptographic device based on mobile terminal according to claim 1; it is characterized in that: the safety shield for the cryptographic function of mobile terminal is; before described crypto module is provided by a cryptographic function providing by cryptographic function program described in communication mode request call; crypto module is stayed between stake and cryptographic function program and is first set up secured session, and the foundation of secured session has the user's of cryptographic function program place mobile terminal participation or confirmation.
3. the portable cryptographic device based on mobile terminal according to claim 1; it is characterized in that: for the safety shield that is stored in the key in described mobile terminal be; stay stake when being called the cryptographic function that described cryptographic function program provides and used the key being stored in mobile terminal by communication mode at described crypto module, the cryptographic application in calculation element of described cryptographic function program prompts user allows, by the mode of key, key is carried out to safeguard protection with key and by allowing user be confirmed whether.
4. the portable cryptographic device based on mobile terminal according to claim 1, is characterized in that:
Described cryptographic function program is a server program or client-side program;
If described cryptographic function program is a server program, it operates in mobile terminal backstage always and monitors the service request that cryptographic function calls, or in the time that accessing to your password application program, user started by user, then monitor the service request that cryptographic function calls, staying stake to crypto module provides cryptographic function to call;
If described cryptographic function program is a client-side program, in the calculation element of described crypto module place in stake, operation has an intermediary sevices program, in the time that user accesses to your password application program, described cryptographic function program is started by user and connects intermediary sevices program as the client-side program of intermediary sevices program, and crypto module also calls by communication mode the cryptographic function that cryptographic function program provides through intermediary sevices program as the client-side program of intermediary sevices program in stake.
5. the portable cryptographic device based on mobile terminal according to claim 2, is characterized in that: crypto module stays that between stake and cryptographic function program, to set up the concrete grammar of secured session as follows:
Crypto module is stayed stake calling before the cryptographic function of cryptographic function program, crypto module is stayed first request of stake and is set up secured session with cryptographic function program, cryptographic function program is used the cryptographic function in mobile terminal by the mobile terminal cryptographic application request in computing equipment of user of pointing out, whether inquiry user allows, if user confirms to allow, cryptographic function program is returned to a session identification, in the cryptographic function call request of crypto module submission in stake afterwards, all comprises this session identification.
6. the portable cryptographic device based on mobile terminal according to claim 2, is characterized in that: crypto module stays that between stake and cryptographic function program, to set up the concrete grammar of secured session as follows:
Staying stake when crypto module is calling before the cryptographic function of cryptographic function program; crypto module is stayed stake and is first required user to input the protection password of cryptographic function; user inputs after password; crypto module is stayed stake the password of user's input is submitted to cryptographic function program; secured session is set up in request; cryptographic function program verification user's password, password authentication by after return to a session identification, in the cryptographic function call request of crypto module submission in stake afterwards, all comprise this session identification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410340474.0A CN104144256B (en) | 2014-07-17 | 2014-07-17 | A kind of portable cryptographic device based on mobile terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410340474.0A CN104144256B (en) | 2014-07-17 | 2014-07-17 | A kind of portable cryptographic device based on mobile terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104144256A true CN104144256A (en) | 2014-11-12 |
| CN104144256B CN104144256B (en) | 2017-03-08 |
Family
ID=51853321
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410340474.0A Active CN104144256B (en) | 2014-07-17 | 2014-07-17 | A kind of portable cryptographic device based on mobile terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104144256B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105281916A (en) * | 2015-11-05 | 2016-01-27 | 武汉理工大学 | Portable password system |
| CN106506152A (en) * | 2016-11-16 | 2017-03-15 | 武汉理工大学 | A kind of shared using method of encryption apparatus |
| CN107622395A (en) * | 2017-09-28 | 2018-01-23 | 杭州恒生数据安全技术有限公司 | Method, terminal, server, computing module and the system of payment cipher generation |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5794139A (en) * | 1994-08-29 | 1998-08-11 | Sony Corporation | Automatic generation of private authentication key for wireless communication systems |
| CN101325774A (en) * | 2008-07-30 | 2008-12-17 | 青岛海信移动通信技术股份有限公司 | Encryption/decryption method and mobile terminal thereof |
-
2014
- 2014-07-17 CN CN201410340474.0A patent/CN104144256B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5794139A (en) * | 1994-08-29 | 1998-08-11 | Sony Corporation | Automatic generation of private authentication key for wireless communication systems |
| CN101325774A (en) * | 2008-07-30 | 2008-12-17 | 青岛海信移动通信技术股份有限公司 | Encryption/decryption method and mobile terminal thereof |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105281916A (en) * | 2015-11-05 | 2016-01-27 | 武汉理工大学 | Portable password system |
| CN105281916B (en) * | 2015-11-05 | 2018-09-25 | 武汉理工大学 | A kind of portable cryptographic system |
| CN106506152A (en) * | 2016-11-16 | 2017-03-15 | 武汉理工大学 | A kind of shared using method of encryption apparatus |
| CN107622395A (en) * | 2017-09-28 | 2018-01-23 | 杭州恒生数据安全技术有限公司 | Method, terminal, server, computing module and the system of payment cipher generation |
| CN107622395B (en) * | 2017-09-28 | 2020-09-01 | 杭州恒生数据安全技术有限公司 | Payment password generation method, terminal, server and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104144256B (en) | 2017-03-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102044747B1 (en) | Method for providing user authentication service based on blockchain | |
| WO2020107233A1 (en) | Blockchain-based wallet system, method of use of wallet and storage medium | |
| CA2936810A1 (en) | Device, system and method of mobile identity verification | |
| CN101221641B (en) | On-line trading method and its safety affirmation equipment | |
| CN103164792A (en) | Providing method of payment service on wireless terminal and relevant equipment and system thereof | |
| CN104751334A (en) | Service processing method, device and system | |
| CN110210207A (en) | Authorization method and equipment | |
| CN104012034A (en) | Authentication for network access related applications | |
| CN104618116A (en) | Collaborative digital signature system and method | |
| AU2018213955B2 (en) | Contacts for misdirected payments and user authentication | |
| CN104021473A (en) | Safe payment method of visual financial card | |
| CN102867255A (en) | Multi-operating system platform and mobile payment equipment E-bank USB key and working method thereof | |
| CN104200359A (en) | Application method of payment encryption hardware applied to mobile equipment | |
| CN105635168A (en) | Off-line transaction device and security key using method thereof | |
| CN102780561A (en) | Method and system for achieving user-informed digital signature by using mobile terminal | |
| CN103268436A (en) | Method and system for touch-screen based graphical password authentication in mobile payment | |
| CN101335754A (en) | Method for information verification using remote server | |
| WO2017076270A1 (en) | Smart card having function of one time password (otp), and work method therefor | |
| CN104636917A (en) | Mobile payment system and method with secure payment function | |
| KR101494838B1 (en) | Account transfer method and system using transaction related otp | |
| US9836618B2 (en) | System and method of authentication of a first party respective of a second party aided by a third party | |
| CN104301288A (en) | Method and system for online identity authentication, online transaction certification, and online certification protection | |
| CN104144256A (en) | Portable password device based on mobile terminal | |
| CN104935550A (en) | Intelligent electronic commerce user management system technique and operating method thereof | |
| US9462471B2 (en) | Identification of call participants |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |