CN107769927A - A kind of method and device that intelligent cipher key equipment is operated in MacOSX systems - Google Patents

A kind of method and device that intelligent cipher key equipment is operated in MacOSX systems Download PDF

Info

Publication number
CN107769927A
CN107769927A CN201710940478.6A CN201710940478A CN107769927A CN 107769927 A CN107769927 A CN 107769927A CN 201710940478 A CN201710940478 A CN 201710940478A CN 107769927 A CN107769927 A CN 107769927A
Authority
CN
China
Prior art keywords
module
access mechanism
signature
intelligent cipher
cipher key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710940478.6A
Other languages
Chinese (zh)
Other versions
CN107769927B (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201710940478.6A priority Critical patent/CN107769927B/en
Publication of CN107769927A publication Critical patent/CN107769927A/en
Application granted granted Critical
Publication of CN107769927B publication Critical patent/CN107769927B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Abstract

The present invention discloses a kind of method and device that intelligent cipher key equipment is operated in Mac OS system X, is related to computer realm.Methods described includes:The security service guarding device of system has monitored whether intelligent cipher key equipment insertion, is, security service guarding device finds corresponding access mechanism according to intelligent cipher key equipment type, otherwise continues waiting for;When reading data-interface is called, access mechanism is read and encapsulates the certificate in intelligent cipher key equipment and key information, and packaged certificate and key information are returned into system;When test password interface it is called when, whether access mechanism checking password correct after access mechanism receives system incoming signing certificate and password, is to be obtained according to signing certificate and preserve signature key, otherwise reports an error;Technical scheme in the present invention, it can accomplish to enable the system to read the certificate in intelligent cipher key equipment using access mechanism in Mac OS system X, lift Consumer's Experience, it is user-friendly.

Description

A kind of method and device that intelligent cipher key equipment is operated in MacOSX systems
Technical field
The present invention relates to computer realm, more particularly to a kind of side that intelligent cipher key equipment is operated in Mac OS system X Method and device.
Background technology
OS X are the exclusive operating system that Apple Inc. is Mac series product developments.OS X are apple Mac series of products Preloaded system, while be also the operating system on a set of Unix bases, include two main parts:The entitled Darwin of core, it is Based on FreeBSD source codes and Mach micro cores, pull together to develop by Apple Inc. and independent developer community, its body everywhere Show succinct objective, but also superpower performance, dazzling figure are provided and support internet standard.
Two-way authentication very effective can allow client and server to complete mutual authentication, but existing Have in technology, can not be read in Mac OS system X and using the certificate of intelligent cipher key equipment so that client and server Between can not carry out two-way authentication, limit the operation of user, reduce Consumer's Experience.
The content of the invention
The invention aims to solve problems of the prior art, there is provided one kind is in Mac OS system X Operate the method and device of intelligent cipher key equipment.
The technical solution adopted by the present invention is:
On the one hand, the present invention provides a kind of method that intelligent cipher key equipment is operated in Mac OS system X, including:
Step S1:The security service guarding device of system has monitored whether intelligent cipher key equipment insertion, is then security service Guarding device finds corresponding access mechanism according to intelligent cipher key equipment type, otherwise continues waiting for;
Step S2:Access mechanism waiting system calling interface, when reading data-interface is called, step S3 is performed, when Test password interface it is called when, perform step S4, when signature interface is called, perform step S5;
Step S3:Access mechanism reads and encapsulates the certificate in intelligent cipher key equipment and key information, and will be packaged Certificate and key information are returned to system, return to step S2;
Step S4:Whether just access mechanism verifies password after access mechanism receives system incoming signing certificate and password Really, it is to be obtained according to signing certificate and preserve signature key, return to step S2, otherwise reports an error;
Step S5:Access mechanism judges current entitlement, if non-user authority, reports an error, return to step S2;If with Family authority then performs pre-signature operation after access mechanism receives the incoming signed data of system, calls signature key to number of signature According to being signed, and judge whether signature succeeds, be then to return to signature result to system, return to step S2, otherwise report an error, return Step S2.
On the other hand, the present invention provides a kind of device that intelligent cipher key equipment is operated in Mac OS system X, including:
Monitoring module, the security service guarding device for system have monitored whether intelligent cipher key equipment insertion;
Searching modul, for when monitoring module has monitored intelligent cipher key equipment insertion, security service guarding device root Corresponding access mechanism is found according to intelligent cipher key equipment type;
Detection module, for detecting system calling interface situation;
Package module is read, for when detection module detects that reading data-interface is called, reading and encapsulating intelligence Certificate and key information in key devices;
First returns to module, and system, triggering inspection are returned to for will read the packaged certificate of package module and key information Survey module;
First receiving module, for the label that when detection module detects that testing password interface is called, reception system is passed to Name certificate and password;
First judge module, for judging whether the password that the first receiving module receives is correct;
First acquisition module, for the label when the first judge module judges that password is correct, received according to receiving module Name certificate acquisition simultaneously preserves signature key;
Report an error module, for when the first judge module judges password mistake, reporting an error, detection trigger module;It is additionally operable to work as Second judge module judges current entitlement when being user right, reports an error, detection trigger module;It is additionally operable to when the 3rd judge module is sentenced During disconnected signature blocks signature failure, report an error, detection trigger module;
Second judge module, for when detection module detects that signature interface is called, judging current entitlement;
Second receiving module, for when it is user right that the second judge module, which judges current entitlement, reception system to be passed to Signed data;
Pre-signature module, the signed data for being received to the second receiving module carry out pre-signature operation;
Signature blocks, for calling signature key to sign signed data;
3rd judge module, for judging whether signature blocks signature succeeds;
Second returns to module, for when the 3rd judge module judges that signature blocks are signed successfully, returning and signing to system As a result, detection trigger module.
The beneficial effect that the present invention obtains is:Using the technical method of the present invention, access is utilized in Mac OS system X Device is enabled the system to read the certificate in intelligent cipher key equipment, and two-way authentication can be carried out between client and server, Consumer's Experience is lifted, it is user-friendly.
Brief description of the drawings
, below will be to embodiment or existing for the clearer explanation embodiment of the present invention or technical scheme of the prior art There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is a kind of side that intelligent cipher key equipment is operated in Mac OS system X provided in the embodiment of the present invention two Method;
Fig. 2 is a kind of side that intelligent cipher key equipment is operated in Mac OS system X provided in the embodiment of the present invention three Method;
Fig. 3 is a kind of dress that intelligent cipher key equipment is operated in Mac OS system X provided in the embodiment of the present invention four Put.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other under the premise of creative work is not made Embodiment, belong to the scope of protection of the invention.
Embodiment one
The present embodiment one provides a kind of method that intelligent cipher key equipment is operated in Mac OS system X, wherein access mechanism Refer to tokend engineerings, including:
Step S1:The security service guarding device of system has monitored whether intelligent cipher key equipment insertion, is then security service Guarding device finds corresponding access mechanism according to intelligent cipher key equipment type, otherwise continues waiting for;
Specifically, also include before step S1:Installation access mechanism is registered in operating system;
Further, installation access mechanism is registered in operating system to specifically include:System version is judged, if system version Less than default version, directly by access mechanism file copy to system, user right is added;If system version is not less than pre- If version, by access mechanism file copy to assigned catalogue, user right is added.
Further, by before in access mechanism file copy to assigned catalogue, in addition to:Whether judge assigned catalogue In the presence of if it does, directly adding user right for assigned catalogue;If it does not exist, then assigned catalogue is created, by access mechanism File copy is in assigned catalogue, being then assigned catalogue addition user right.
Step S2:Access mechanism waiting system calling interface, when reading data-interface is called, step S3 is performed, when Test password interface it is called when, perform step S4, when signature interface is called, perform step S5;
Specifically, step S2 also includes:When termination interface is called, access mechanism, which is called, terminates function termination access dress Put, return to step S2.
When data encryption interface is called, access mechanism obtains intelligent cipher key equipment category identities, is obtained by identifying Corresponding encryption function, after access mechanism receives the incoming AES of system and encryption data, encryption function pair is called to add Operation, return to step S2 is encrypted in ciphertext data.
Step S3:Access mechanism reads and encapsulates the certificate in intelligent cipher key equipment and key information, and will be packaged Certificate and key information are returned to system, return to step S2;
Specifically, also include before performing step S3:Access mechanism obtains the device identification of intelligent cipher key equipment, will obtain To device identification matched with default device identification, access mechanism does not support current intelligent key to set if inconsistent It is standby, report an error;If consistent, access mechanism supports current intelligent cipher key equipment, performs step S3.
Specifically, the certificate and key information of intelligent cipher key equipment are encapsulated, is specifically included:
Step B1:Initialize standard relationship model;
Specifically, step B1 is specifically included:Create the standard relationship for the certificate for meeting form;The standard for creating key is closed System.
More specifically, creating the standard relationship of key, specifically include:The standard relationship of private key is created, writes attribute;Create The standard relationship of public key, attribute is write, and public key relation on attributes is returned to system.
Step B2:By certificate and key information according to standard relationship model encapsulation.
Specifically, step B2 is specifically included:Access mechanism obtains certificate, public key, private key respectively from standard relationship model Relation after, be packaged according still further to reference format.
Step S4:Whether just access mechanism verifies password after access mechanism receives system incoming signing certificate and password Really, it is to be obtained according to signing certificate and preserve signature key, the current entitlement of the access mechanism is arranged to user right, Return to step S2, the current entitlement of the access mechanism is otherwise arranged to non-user authority, reported an error;
Step S5:Access mechanism judges current entitlement, if non-user authority, reports an error, return to step S2;If with Family authority then performs pre-signature operation after access mechanism receives the incoming signed data of system, calls signature key to number of signature According to being signed, and judge whether signature succeeds, be then to return to signature result to system, return to step S2, otherwise report an error, return Step S2.
Pre-signature operation is performed in step S5, is specifically included:Access mechanism receives the incoming signature algorithm of system, conversion The form of signature algorithm simultaneously recombinates signed data.
Specifically, also include before recombinating signed data:Data head is determined according to signature algorithm.
Signed data is recombinated, is specifically included:Access mechanism is signed data interpolation data head, and signed data is filled out Fill.
The form of signature algorithm is changed, is specially:The string format of signature algorithm is converted into binary format.
Embodiment two
The present embodiment two provides a kind of method that intelligent cipher key equipment is operated in Mac OS system X, wherein access mechanism Refer to tokend engineerings, as shown in figure 1, including:
Step 101:Registration installation access mechanism;
In the present embodiment, access mechanism file is to have specific installation mesh in Mac OS X 10.10 and following version Record, Mac OS X 10.10 and descends the version installation directory to be:/ System/Library/Security/tokend/, due to Mac OS X 10.11 and above version, it with the addition of SIP (Session Initiation Protocol, session initiation protocol) Protection mechanism, do not allow operation/System catalogues, can only by tokend be arranged on/Library/Security/tokend/ And ensure that it has execution authority.
Specifically, installation method is:Judge system version by performing installation script, if system version is less than 10.11, Directly by access mechanism file copy to/System/Library/Security/tokend/, user's power is added for this catalogue Limit;If system be 10.11 and above version, it is necessary to first judgement/Library/Security/tokend catalogues whether there is, If it does, directly add user right for this catalogue;If it does not exist, then creating the catalogue, then add and use for this catalogue Family authority.
More specifically, in the present embodiment, instruction chmod 755 is /Library/Security/tokend owner adds Read-write is added to perform authority, and category group user and other users only have the authority read and performed, and are then intended to the visit of installation registration again Ask device file copy to/Library/Security/tokend catalogues.
Step 102:The security service guarding device of system has monitored whether intelligent cipher key equipment insertion, is then security service Guarding device finds corresponding access mechanism according to intelligent cipher key equipment type, performs step 103;Otherwise continue waiting for, return Step 102;
Step 103:Access mechanism waiting system calling interface, when reading data-interface is called, step 104 is performed, When test password interface it is called when, perform step 108, when signature interface is called, performs step 110, be such as other interfaces It is called then according to instruction perform corresponding operating, return to step 103;
Step 104:Access mechanism performs initialization operation;
In the present embodiment, access mechanism calls initialization function to initialize its own.
Specifically, in the present embodiment, the security service guarding device of system can have been at monitor state, monitor whether There is intelligent cipher key equipment insertion.When intelligent cipher key equipment inserts, the driving file (Driver) in intelligent cipher key equipment can quilt Security service finger daemon is guarded engineering monitoring and arrived, and security service finger daemon is guarded engineering and pacified automatically in specified access mechanism All access mechanisms are traveled through in dress catalogue.
Specifically, start and also include before initializing access mechanism:Mac OS X determine whether intelligent cipher key equipment Insertion, if so, performing step 101, otherwise return to failure error code;
Step 105:Access mechanism judges itself whether support the intelligent cipher key equipment of insertion, is, obtains intelligent key and sets Standby relevant information, performs step 106, otherwise returns to failure error code, return to step 103;
In the present embodiment, after access mechanism obtains the mark of current intelligent cipher key equipment, and the equipment mark that will be got Know and matched with default intelligent cipher key equipment mark, if inconsistent, return to failure error code to access mechanism, exit;If Unanimously, the response that the match is successful is returned to access mechanism, represents that access mechanism supports the intelligent cipher key equipment of insertion.
Specifically, the mark of intelligent cipher key equipment includes:The information such as OEMID, PID and VID.Wherein, OEMID (Original Equipment Manufacturer Identification) is original equipment manufacturer's identity, PID (Product ID) is producer ID, and VID (Vendor ID) is supplier ID.
Further, in the present embodiment, after judging that access mechanism supports the intelligent cipher key equipment of insertion, system is obtained In groove list, then in acquisition system groove where current intelligent cipher key equipment information, then current intelligence is close in acquisition system After the information of key equipment, the intelligent cipher key equipment information got is returned into system;
More specifically, intelligent cipher key equipment information includes:The title of intelligent cipher key equipment.
In the present embodiment, access mechanism loads MDS resource files by calling establish () function.Wherein, MDS Resource file defines some relations and corresponding pattern information on access mechanism, including some attributes to access mechanism Description, including the title of access mechanism, mark of system etc..By these pattern informations, application program can pass through system The service module that its resource file selection is adapted to current task is inquired about in service (MDS).
Wherein, Mac OS system X mechanism safe to use is CDSA (Common Data Security Architecture, conventional data security architecture frame), wherein CDSA core is exactly CSSM (Common Security Server Manager, public safety service managerZ-HU).CSSM is serviced by MDS (Module Directory Services) Record the information such as function, service, certification and the realization positioning of modules.The resource file Information locating that i.e. system passes through MDS Access mechanism, and then find the intelligent cipher key equipment of insertion.
Step 106:Access mechanism reads the certificate and key information of intelligent cipher key equipment, and judges whether to read successfully, It is then to perform step 107, otherwise returns to failure error code, return to step 103;
In the present embodiment, pair of groove and current intelligent cipher key equipment where access mechanism opens current intelligent cipher key equipment Words, session handle is preserved, reads the certificate and key information of intelligent cipher key equipment, successfully preserve certificate and key if read In correlated variables in the engineering of access mechanism.
Step 107:Access mechanism encapsulates certificate and key information, return to step 103;
In the present embodiment, using the standard API of data repository (data storage library (DL)) by data Form is encapsulated as DL forms.CSSM manages the metamessage of DL forms, and these metamessages describe retrieval and the store function of data. Application program can be supplied to the service of needs by MDS service retrievals to useful DL information.DL services are responsible for obtaining and pipe The establishment and storage of the metadata defined on each application program are managed, application program uses CSSM_DL_GetDbNames () Function obtains corresponding DL data.
In the present embodiment, encapsulate certificate and key information specifically includes:
Step 107-1:Initialize standard relationship model;
In the present embodiment, initialization standard relationship model is specially:Call create Standard Relation letters Number, create one meet SecKeychain layer requirements, on CSSM_DL_DB_RECORD_X509_CERTIFICATE certificates The standard relationship of form;The standard relationship of key is created, and the information such as the association attributes of key, service condition are write.
More specifically, creating the standard relationship of key, it is specially:First call createKeyRelation function creations private The standard relationship of key, and write attribute;Recall the standard relationship of createKeyRelation function creation public keys, write-in category Property, and return to public key relation on attributes.
Step 107-2:By certificate and key information according to standard relationship model encapsulation, and public and private key and certificate are established and closed Connection.
In the present embodiment, in the standard relationship net that access mechanism creates, CSSM_DL_DB_RECORD_ is obtained respectively X509_CERTIFICATE, CSSM_DL_DB_RECORD_PRIVVATE_KEY and CSSM_DL_DB_RECORD_PUBLIC_KEY Relationship example, then the certificate of preservation and key object are initialized to the entry pattern of standard, are added separately to correspondingly Relationship example in, and establish the corresponding relation of a data object and corresponding record item.
It should be noted that if certificate object, certificate object and its CKA_ID corresponding relations are also established.Time Go through out with the public private key pair that each certificate CKA_ID is matched as, and obtain its relation record item, by its relation record item with should The relation record item of certificate establishes associated record.
In the present embodiment, access mechanism calls correlation function to be demonstrate,proved respectively from the standard relationship model of initialization Book, public key, private key relation after, be packaged according still further to reference format.
Step 108:Checking password is after access mechanism receives the incoming signing certificate of system and the password of user's input It is no correct, it is then to perform step 109, otherwise returns to failure error code, return to step 103;
In the present embodiment, system is entered by server agent mechanism offer User Interface for user's input password Row checking, after user inputs password, judge the password of user's input and the password prestored in current intelligent cipher key equipment Whether consistent, the password authentication success if consistent, password authentication is unsuccessful if inconsistent.
It should be noted that when access mechanism judges that password is correct, the current entitlement of the access mechanism is arranged to User right;When access mechanism judges that password is correct, the current entitlement of the access mechanism is arranged to non-user authority, reported It is wrong.
Step 109:Access mechanism obtains according to signing certificate and preserves signature key, return to step 103;
Step 110:Access mechanism judges current entitlement, if non-user authority, returns to failure error code, return to step 103;If user right then performs step 111;
Step 111:After the incoming signed data of access mechanism reception system, pre-signature operation is performed;
In the present embodiment, pre-signature operation is performed, is specifically included:State access mechanism and receive the incoming signature calculation of system Method, change the form of signature algorithm and recombinate signed data.
Specifically, because signature algorithm is various, each signature algorithm is owned by corresponding signature rule and form, need to sign The signature algorithm that system is selected is entered into row format conversion before name.
Specifically, the string format of incoming signature algorithm is converted into binary format.
Usually, signature algorithm has:SHA1, MD5 etc..
In the present embodiment, data head is determined according to the species of signature algorithm, and by data head length and incoming signature Data length, which is added, obtains new incoming length, then according to incoming fill pattern filling data, obtains brand-new number of signature According to.
For example, be below sha1 data head it is as follows:
Step 112:Access mechanism calls signature key to sign incoming signed data, and judge signature whether into Work(, be then return signature result and intelligent cipher key equipment certificate, return to step 103;Otherwise failure error code is returned, returns to step Rapid 103.
Specifically, in the present embodiment, generate Signature functions are called to carry out signature operation.
In the present embodiment, terminate signature operation, obtain the backward client browser of signature result and return to signature result.
In the present embodiment, after terminating signature operation, the certificate read and signature result are back to by access mechanism The certificate of sign result and client itself is issued server and verified by client browser, browser.
In the present embodiment, other interfaces include:Terminate interface, data encryption interface and data decryption interface etc..
Specifically, when termination interface is called, access mechanism, which is called, terminates the function termination access mechanism, return step Rapid 103;When data encryption interface is called, access mechanism calls encryption function that incoming data are encrypted, and returns to step Rapid 103;When data deciphering interface is called, access mechanism calls decryption function that incoming data are decrypted, and returns to step Rapid 103.
Embodiment three
The present embodiment three provides a kind of method that intelligent cipher key equipment is operated in Mac OS system X, wherein access mechanism Refer to tokend engineerings, as shown in Fig. 2 including:
Step 201:Registration installation access mechanism;
In the present embodiment, access mechanism is to have specific installation directory, Mac in Mac OS X 10.10 and following version OS X 10.10 and the version installation directory is descended to be:/ System/Library/Security/tokend/, due to Mac OS X 10.11 and above version, it with the addition of the protection machine of SIP (Session Initiation Protocol, session initiation protocol) System, does not allow operation/System catalogues, access mechanism can only be arranged on/Library/Security/tokend/ and be ensured It has execution authority.
Specifically, installation method is:User selects installation, goes to judge system version by performing installation script, if being Version of uniting is less than 10.11, directly by access mechanism file copy to/System/Library/Security/tokend/, if System be 10.11 and above version, it is necessary to which first judgement/Library/Security/tokend catalogues whether there is, if deposited Directly all user rights are being added for this catalogue;If it does not exist, then the catalogue is created, it is then all for the addition of this catalogue User right.
More specifically, in the present embodiment, instruction chmod 755 is /owners of Library/Security/ access mechanisms Addition read-write performs authority, and category group user and other users only have the authority read and performed, and is then intended to installation registration again Access mechanism copies/Library/Security/tokend catalogues to.
Step 202:The security service guarding device of system has monitored whether intelligent cipher key equipment insertion, is then security service Guarding device finds corresponding access mechanism according to intelligent cipher key equipment type, performs step 203, otherwise continues waiting for, and returns Step 202;
Specifically, in the present embodiment, the security service finger daemon of system can have been at monitor state, monitor whether There is intelligent cipher key equipment insertion.When intelligent cipher key equipment inserts, the driving file in intelligent cipher key equipment can be by security service Guarding device monitors that security service guarding device travels through all access dresses in specified access mechanism installation directory automatically Put.
Step 203:Access mechanism waiting system calling interface, when reading data-interface is called, step 204 is performed, When test password interface it is called when, perform step 210, when signature interface is called, performs step 212, be such as other interfaces When called, corresponding operating, return to step 203 are performed according to instruction;
Step 204:Access mechanism performs initialization operation;
In the present embodiment, access mechanism calls initialization function to initialize its own.
Step 205:Access mechanism judges itself whether support the intelligent cipher key equipment of insertion, if it is, performing step 206, otherwise return to failure error code, return to step 203;
In the present embodiment, after access mechanism obtains the mark of the intelligent cipher key equipment of insertion, and the equipment that will be got Mark is matched with default intelligent cipher key equipment mark, and the response that it fails to match is returned to access mechanism if inconsistent, Exit;If consistent, return to the response that the match is successful to access mechanism and perform step 203.
Specifically, obtaining the mark for the intelligent cipher key equipment that device identification function obtains includes:OEMID, PID and VID etc. Information.Wherein, OEMID is original equipment manufacturer's identity, and PID (Product ID) is producer ID, and VID (Vendor ID) is Supplier ID.
Step 206:Obtain intelligent cipher key equipment relevant information;
Further, in the present embodiment, after judging that access mechanism supports the intelligent cipher key equipment of insertion, system is obtained In groove list, then in acquisition system groove where current intelligent cipher key equipment information, then current intelligence is close in acquisition system After the information of key equipment, the intelligent cipher key equipment information got is returned into system;
More specifically, intelligent cipher key equipment information includes:The title of intelligent cipher key equipment.
In the present embodiment, access mechanism loads MDS resource files by calling establish () function.Wherein, MDS Resource file defines some relations and corresponding pattern information on access mechanism, including some attributes to access mechanism Description, including the title of access mechanism, mark of system etc..By these pattern informations, application program can pass through system The service module that its resource file selection is adapted to current task is inquired about in service (MDS).
Wherein, in the present embodiment, Mac OS system X mechanism safe to use is CDSA (Common Data Security Architecture), wherein CDSA core is exactly CSSM (Common Security Server Manager, public safety Service managerZ-HU).The work(that CSSM module passes through MDS (Module Directory Services) service log modules The information such as energy, service, certification and realization positioning.That is system by the resource file Information locating access mechanisms of MDS system services, And then find the intelligent cipher key equipment of insertion.
Step 207:Access mechanism reads the certificate and key information of intelligent cipher key equipment, and judges whether to read successfully, It is then to perform step 208, otherwise returns to failure error code, return to step 203;
In the present embodiment, pair of groove and current intelligent cipher key equipment where access mechanism opens current intelligent cipher key equipment Words, session handle is preserved, then starts the search to the token and session object of matching template, the order to be sought to matching template After board and session object, the handle of data object in equipment is obtained, and obtains one or more property values of object, so as to read The certificate and key information of intelligent cipher key equipment, successfully certificate and key information are preserved to the engineering of access mechanism if read In interior correlated variables.
Step 208:Access mechanism initializes standard relationship model;
In the present embodiment, using the standard API of data repository (data storage library (DL)) by data Form is encapsulated as DL forms.CSSM manages the metamessage of DL forms, and these metamessages describe retrieval and the store function of data. Application program can retrieve the service that useful DL information is supplied to needs by MDS.DL is responsible for obtaining and managed on every The metadata that individual application program defines is created and storage, application program are obtained using CSSM_DL_GetDb Names () functions Corresponding DL data.
In the present embodiment, initialization standard relationship model is specially:Access mechanism, which is called, creates standard relationship function, wound Build one meet SecKeychain layer requirements, on CSSM_DL_DB_RECORD_X509_CERTIFICATE certificate formats Standard relationship;The standard relationship of key is created, and the information such as the association attributes of key, service condition are write.
More specifically, creating the standard relationship of key, it is specially:First call the mark for creating cipher key relation function creation private key Quasi- relation, and write attribute;The standard relationship for creating cipher key relation function creation public key is recalled, writes attribute, and return to public affairs Key relation on attributes.
Step 209:Access mechanism is according to standard relationship model encapsulation certificate and key information;
In the present embodiment, in the standard relationship net that access mechanism creates, CSSM_DL_DB_RECORD_ is obtained respectively X509_CERTIFICATE, CSSM_DL_DB_RECORD_PRIVVATE_KEY and CSSM_DL_DB_RECORD_PUBLIC_KEY Relationship example, then the certificate of preservation and key object are initialized to the entry pattern of standard, are added separately to correspondingly Relationship example in, and establish the corresponding relation of a data object and corresponding record item.
It should be noted that if certificate object, certificate object and its CKA_ID corresponding relations are also established.Time Go through out with the public private key pair that each certificate CKA_ID is matched as, and obtain its relation record item, by its relation record item with should The relation record item of certificate establishes associated record.
In the present embodiment, access mechanism calls correlation function to obtain certificate, public affairs respectively from the basic model of initialization Key, private key relation after, be packaged according still further to standard relationship model.
Step 210:It is then to perform step after access mechanism receives the incoming signing certificate of system and the password of user's input Rapid 211, otherwise return to failure error code, return to step 203;
In the present embodiment, system is entered by server agent mechanism offer User Interface for user's input password Row checking, after user inputs password, judge the password of user's input and the password prestored in current intelligent cipher key equipment Whether consistent, the password authentication success if consistent, password authentication is unsuccessful if inconsistent.
It should be noted that when access mechanism judges that password is correct, the current entitlement of the access mechanism is arranged to User right;When access mechanism judges that password is correct, the current entitlement of the access mechanism is arranged to non-user authority, reported It is wrong.
Step 211:Access mechanism obtains according to signing certificate and preserves signature key, return to step 203;
Specifically, after password success is tested, access mechanism obtains according to the signing certificate and preserves signature key.
Step 212:Access mechanism judges current entitlement, if non-user authority, returns to failure error code, return to step 203;If user right then performs step 213;
Step 213:After the incoming signed data of access mechanism reception system, pre-signature operation is performed;
Pre-signature operation is performed to specifically include:The form of the incoming signature algorithm of conversion, data head is set and recombinates signature Data;
Specifically, because signature algorithm is various, each signature algorithm is owned by corresponding signature rule and form, need to sign The signature algorithm that system is selected is entered into row format conversion before name.
Specifically, the string format of incoming signature algorithm is converted into binary format.
Usually, signature algorithm has:SHA1, MD5 etc..
In the present embodiment, data head is determined according to the species of signature algorithm, and by data head length and incoming signature Data length, which is added, obtains new incoming length, then according to incoming fill pattern filling data, obtains brand-new number of signature According to.
For example, be below sha1 data head it is as follows:
Step 214:Access mechanism calls signature key to sign incoming signed data, and judge signature whether into Work(, it is the certificate for then returning to signature result and intelligent cipher key equipment, otherwise returns to failure error code, return to step 203;
It should be noted that in the present embodiment, other instructions can include:Extract instruction, data encryption instruction, data Decryption instructions etc..
Wherein, when intelligent cipher key equipment is extracted, the instruction that access mechanism receives system transmission instructs to extract, and calls Terminate the process that function terminates two-way authentication;When the instruction that access mechanism receives system transmission instructs for data encryption, visit Ask that device calls encryption function, incoming data are encrypted using corresponding AES.
Example IV
The present embodiment four provides a kind of device that intelligent cipher key equipment is operated in Mac OS system X, wherein access mechanism Refer to tokend engineerings, as shown in figure 3, including:
Monitoring module 401, the security service guarding device for system have monitored whether intelligent cipher key equipment insertion;
Searching modul 402, for when monitoring module 401 has monitored intelligent cipher key equipment insertion, security service to be guarded Device finds corresponding access mechanism according to intelligent cipher key equipment type;
Detection module 403, for detecting system calling interface situation;
Package module 404 is read, for when detection module 403 detects that reading data-interface is called, reading and sealing Fill the certificate and key information in intelligent cipher key equipment;
First returns to module 405, and system is returned to for will read the packaged certificate of package module 404 and key information, Detection trigger module 403;
First receiving module 406, for when detection module 403 detects that testing password interface is called, reception system to pass The signing certificate and password entered;
First judge module 407, for judging whether the password that the first receiving module 406 receives is correct;
First acquisition module 408, for when the first judge module 407 judges that password is correct, being received according to receiving module To signing certificate obtain and preserve signature key, the current entitlement of the access mechanism is arranged to user right;
The module that reports an error 409, for when the first judge module 407 judges password mistake, by the current of the access mechanism Priority assignation is non-user authority, is reported an error, detection trigger module 403;It is additionally operable to when the second judge module 410 judges current entitlement When being non-user right, report an error, detection trigger module 403;It is additionally operable to when the 3rd judge module 414 judges the signature blocks label During name failure, report an error, detection trigger module 403;
Second judge module 410, for when detection module 403 detects that signature interface is called, judging current entitlement;
Second receiving module 411, for when it is user right that the second judge module 410, which judges current entitlement, receiving system The incoming signed data of system;
Pre-signature module 412, the signed data for being received to the second receiving module 411 carry out pre-signature operation;
Signature blocks 413, for calling signature key to sign signed data;
3rd judge module 414, whether succeed for judging that signature blocks 413 are signed;
Second returns to module 415, for when the 3rd judge module 414 judges that signature blocks 413 are signed successfully, to system Return to signature result, detection trigger module 403.
Specifically, device also includes:4th judge module, copy module and add module;
4th judge module, for judging system version;
Copy module, for when the 4th judge module judge system version less than preset version when, by access mechanism file Copy assigned catalogue to;
Add module, for adding user right;It is additionally operable to when the 4th judge module judges system version not less than default It is directly addition user right during version.
Specifically, device also includes:5th judge module;
5th judge module, for judging that assigned catalogue whether there is;
Add module, in the presence of the 5th judge module judges assigned catalogue, directly adding user for assigned catalogue Authority;The assigned catalogue for being additionally operable to create to creation module adds user right;
Creation module, in the presence of the 5th judge module judges assigned catalogue, creating assigned catalogue;
Module is copied, is additionally operable in the assigned catalogue that creates access mechanism file copy to creation module.
Device also includes:6th judge module;
6th judge module, for judging itself whether support the intelligent cipher key equipment inserted.
Specifically, the 6th judge module includes:Acquiring unit and judging unit;
Acquiring unit, for obtaining the device identification of intelligent cipher key equipment;
Judging unit, for judging whether device identification that acquiring unit gets and default device identification are consistent;
The module that reports an error 409, be additionally operable to when the 5th judge module judge device identification that acquiring unit gets with advance If device identification it is inconsistent when, then access mechanism do not support insertion intelligent cipher key equipment, report an error, detection trigger module 403;
The reading package module 404, is additionally operable to when the 5th judge module judges the equipment that acquiring unit is got When mark is consistent with default device identification, reads and encapsulate certificate and key information in the intelligent cipher key equipment;
Further, reading package module 404 includes:Initialization submodule and encapsulation submodule;
Initialization submodule, for when the detection module 403 detects that reading data-interface is called, initialization to be marked Semirelational model;
Encapsulate submodule, for by certificate and key information according to standard relationship model encapsulation.
Further, initialization submodule includes:First creating unit and the second creating unit;
First creating unit, for creating the standard relationship for the certificate for meeting form;
Second creating unit, for creating the standard relationship of key.
Encapsulation submodule includes:Acquiring unit and encapsulation unit;
Acquiring unit, for obtaining the relation of certificate, public key, private key respectively from standard relationship model;
Encapsulation unit, for being packaged according to reference format to the information that acquiring unit is got.
Yet further, the second creating unit includes:First creates subelement, the second establishment subelement and returns to son list Member;
First creates subelement, for creating the standard relationship of private key, writes attribute;
Second creates subelement, creates the standard relationship of public key, writes attribute;
Subelement is returned to, for returning to public key relation on attributes to system.
Specifically, pre-signature module 412 includes:Transform subblock and restructuring submodule;
Second receiving module 411, it is additionally operable to the incoming signature algorithm of reception system;
Transform subblock, the form of the signature algorithm received for changing the second receiving module 411;
More specifically, transform subblock is specifically used for:The string format of signature algorithm is converted into binary format.
Submodule is recombinated, the signed data received for recombinating the second receiving module 411.
Preferably, pre-signature module also includes:Determination sub-module;
Determination sub-module, the signature algorithm for being received according to the second receiving module 411 determine data head.
Specifically, recombinate submodule to be specifically used for being signed data interpolation data head, signed data is filled.
Preferably, device also includes:
Module is terminated, is filled for when detection module detects that terminating interface is called, calling termination function to terminate to access Put, detection trigger module 403.
Preferably, device also includes:
Second acquisition module, set for when detection module detects that data encryption interface is called, obtaining intelligent key Standby category identities, by identifying encryption function corresponding to acquisition;
3rd receiving module, the AES being passed to for reception system and encryption data;
Encrypting module, for calling encryption function encryption data to be encrypted operation, detection trigger module 403.
The foregoing is only a preferred embodiment of the present invention, but protection scope of the present invention be not limited thereto, Any one skilled in the art is in technical scope disclosed by the invention, the change or replacement that can readily occur in, It should all be included within the scope of the present invention.Therefore, protection scope of the present invention should be with scope of the claims It is defined.

Claims (28)

  1. A kind of 1. method that intelligent cipher key equipment is operated in Mac OS system X, it is characterised in that including:
    Step S1:The security service guarding device of system has monitored whether intelligent cipher key equipment insertion, is the then security service Guarding device finds corresponding access mechanism according to intelligent cipher key equipment type, otherwise continues waiting for;
    Step S2:The access mechanism waiting system calling interface, when reading data-interface is called, step S3 is performed, when Test password interface it is called when, perform step S4, when signature interface is called, perform step S5;
    Step S3:The access mechanism reads and encapsulates certificate and key information in the intelligent cipher key equipment, and will encapsulation The good certificate and the key information is returned to system, return to step S2;
    Step S4:The access mechanism judges whether password is correct after receiving system incoming signing certificate and password, is then Obtained according to the signing certificate and preserve signature key, the current entitlement of the access mechanism is arranged to user right, returned Return step S2;Otherwise the current entitlement of the access mechanism is arranged to non-user authority, reported an error, return to step S2;
    Step S5:The access mechanism judges current entitlement, if the non-user authority, reports an error, return to step S2;If It is after the user right signed data that then the access mechanism reception system is passed to, performs pre-signature operation, call signature Key is signed to the signed data, and judges whether signature succeeds, and is then to return to signature result, return to step to system S2, otherwise report an error, return to step S2.
  2. 2. according to the method for claim 1, it is characterised in that also include before the step S1:Registered in operating system Access mechanism is installed;
    It is described to be specifically included in operating system registration installation access mechanism:System version is judged, if system version is less than default Version, by access mechanism file copy to assigned catalogue, add user right;If system version is not less than default version, Directly add user right.
  3. 3. according to the method for claim 2, it is characterised in that it is described by access mechanism file copy to assigned catalogue it Before, in addition to:Judge that the assigned catalogue whether there is, if it does, directly adding user right for the assigned catalogue;Such as Fruit is not present, then creates the assigned catalogue, is then the assigned catalogue by access mechanism file copy to assigned catalogue Add user right.
  4. 4. according to the method for claim 1, it is characterised in that also include before the step S3:The access mechanism is sentenced The disconnected intelligent cipher key equipment for itself whether supporting insertion.
  5. 5. according to the method for claim 4, it is characterised in that the access mechanism judges itself whether support the intelligence of insertion Energy key devices, it is specially:The access mechanism obtains the device identification of the intelligent cipher key equipment of insertion, and judge to get sets Whether standby mark is consistent with the default device identification of the access mechanism itself, and access mechanism does not support insertion if inconsistent Intelligent cipher key equipment, report an error, return to step S2;If consistent, access mechanism supports the intelligent cipher key equipment of insertion, performs step S3。
  6. 6. according to the method for claim 1, it is characterised in that certificate in the encapsulation intelligent cipher key equipment and close Key information, is specifically included:
    Step B1:Initialize standard relationship model;
    Step B2:By the certificate and the key information according to the standard relationship model encapsulation.
  7. 7. according to the method for claim 6, it is characterised in that the step B1 is specifically included:Create the card for meeting form The standard relationship of book;Create the standard relationship of key.
  8. 8. according to the method for claim 7, it is characterised in that the standard relationship for creating key, specifically include:Create The standard relationship of private key, write attribute;The standard relationship of public key is created, writes attribute, and public key relation on attributes is returned to system.
  9. 9. according to the method for claim 6, it is characterised in that the step B2 is specifically included:The access mechanism is from institute After stating the relation for obtaining certificate, public key, private key in standard relationship model respectively, it is packaged according still further to reference format.
  10. 10. according to the method for claim 1, it is characterised in that pre-signature operation is performed described in the step S5, specifically Including:The access mechanism receives the incoming signature algorithm of system, changes the form of the signature algorithm and recombinates the label Name data.
  11. 11. according to the method for claim 10, it is characterised in that also include before the restructuring signed data:Root Data head is determined according to the signature algorithm;
    The restructuring signed data, is specifically included:The access mechanism is signed data interpolation data head, to signed data It is filled.
  12. 12. according to the method for claim 10, it is characterised in that the form of the conversion signature algorithm, be specially: The string format of the signature algorithm is converted into binary format.
  13. 13. according to the method for claim 1, it is characterised in that the step S2 also includes:It is called when terminating interface When, the access mechanism, which is called, terminates the function termination access mechanism, return to step S2.
  14. 14. according to the method for claim 1, it is characterised in that the step S2 also includes:When data encryption interface is adjusted Used time, the access mechanism obtain intelligent cipher key equipment category identities, described by encryption function corresponding to the mark acquisition After access mechanism receives the incoming AES of system and encryption data, the encryption function is called to enter the encryption data Row cryptographic operation, return to step S2.
  15. A kind of 15. device that intelligent cipher key equipment is operated in Mac OS system X, it is characterised in that including:
    Monitoring module, for having monitored whether intelligent cipher key equipment insertion;
    Searching modul, for when the monitoring module has monitored intelligent cipher key equipment insertion, according to intelligent cipher key equipment class Type finds corresponding access mechanism;
    Detection module, for detecting system calling interface situation;
    Package module is read, for when the detection module detects that reading data-interface is called, reading and encapsulating described Certificate and key information in intelligent cipher key equipment;
    First returns to module, for the reading packaged certificate of package module and the key information to be returned to and be System, detection trigger module;
    First receiving module, for the label that when the detection module detects that testing password interface is called, reception system is passed to Name certificate and password;
    First judge module, for judging whether the password that first receiving module receives is correct;
    First acquisition module, for when first judge module judges that password is correct, being received according to the receiving module Signing certificate obtain and preserve signature key, the current entitlement of the access mechanism is arranged to user right;
    Report an error module, for when first judge module judges password mistake, the current entitlement of the access mechanism to be set Non-user authority is set to, is reported an error, detection trigger module;It is additionally operable to when the second judge module judges that current entitlement is non-user right When, report an error, detection trigger module;It is additionally operable to, when the 3rd judge module judges signature blocks signature failure, report an error, detection trigger Module;
    Second judge module, for when the detection module detects that signature interface is called, judging current entitlement;
    Second receiving module, for when it is user right that second judge module, which judges current entitlement, reception system to be passed to Signed data;
    Pre-signature module, the signed data for being received to second receiving module carry out pre-signature operation;
    Signature blocks, for calling signature key to sign the signed data;
    3rd judge module, for judging whether the signature blocks signature succeeds;
    Second returns to module, for when the 3rd judge module judges that the signature blocks are signed successfully, being returned to system Signature result, detection trigger module.
  16. 16. device according to claim 15, it is characterised in that also include:4th judge module, copy module and addition Module;
    4th judge module, for judging system version;
    The copy module, for when the 4th judge module judges that system version is less than default version, by access mechanism File copy is to assigned catalogue;
    The add module, for adding user right;It is additionally operable to when the 4th judge module judges that system version is not less than During default version, user right is directly added.
  17. 17. device according to claim 16, it is characterised in that described device also includes:5th judge module;
    5th judge module, for judging that the assigned catalogue whether there is;
    The add module, in the presence of judging the assigned catalogue when the 5th judge module, directly specified to be described Catalogue adds user right;The assigned catalogue for being additionally operable to create to creation module adds user right;
    Creation module, in the presence of judging the assigned catalogue when the 5th judge module, create the assigned catalogue;
    The copy module, it is additionally operable in the assigned catalogue that creates access mechanism file copy to the creation module.
  18. 18. device according to claim 15, it is characterised in that described device also includes:6th judge module;
    6th judge module, for judging itself whether support the intelligent cipher key equipment inserted.
  19. 19. device according to claim 18, it is characterised in that the 6th judge module includes:Acquiring unit and sentence Disconnected unit;
    The acquiring unit, for obtaining the device identification of intelligent cipher key equipment;
    The judging unit, for judge device identification that the acquiring unit gets and default device identification whether one Cause;
    The module that reports an error, be additionally operable to when the 5th judge module judge device identification that the acquiring unit gets with advance If device identification it is inconsistent when, then access mechanism do not support insertion intelligent cipher key equipment, report an error, detection trigger module;
    The reading package module, it is additionally operable to when the 5th judge module judges the device identification that the acquiring unit is got When consistent with default device identification, read and encapsulate certificate and key information in the intelligent cipher key equipment.
  20. 20. device according to claim 15, it is characterised in that the reading package module includes:Initialization submodule With encapsulation submodule;
    The initialization submodule, for when the detection module detects that reading data-interface is called, initializing standard Relational model;
    The encapsulation submodule, for by the certificate and the key information according to the standard relationship model encapsulation.
  21. 21. device according to claim 20, it is characterised in that the initialization submodule includes:First creating unit With the second creating unit;
    First creating unit, for when the detection module detects that reading data-interface is called, establishment to meet lattice The standard relationship of the certificate of formula;
    Second creating unit, for creating the standard relationship of key.
  22. 22. device according to claim 21, it is characterised in that second creating unit includes:First creates son list Member, second create subelement and return to subelement;
    Described first creates subelement, for creating the standard relationship of private key, writes attribute;
    Described second creates subelement, creates the standard relationship of public key, writes attribute;
    The return subelement, for returning to public key relation on attributes to system.
  23. 23. device according to claim 20, it is characterised in that the encapsulation submodule includes:Acquiring unit and encapsulation Unit;
    The acquiring unit, for obtaining the relation of certificate, public key, private key respectively from the standard relationship model;
    The encapsulation unit, the information for being got according to reference format to the acquiring unit are packaged.
  24. 24. device according to claim 15, it is characterised in that the pre-signature module includes:Transform subblock and again Group submodule;
    Second receiving module, it is additionally operable to the incoming signature algorithm of reception system;
    The transform subblock, the form of the signature algorithm received for changing second receiving module;
    The restructuring submodule, the signed data received for recombinating second receiving module.
  25. 25. device according to claim 24, it is characterised in that the pre-signature module also includes:Determination sub-module;
    The determination sub-module, the signature algorithm for being received according to second receiving module determine data head;
    The restructuring submodule is specifically used for being signed data interpolation data head, and signed data is filled.
  26. 26. device according to claim 24, it is characterised in that the transform subblock is specifically used for:By the signature The string format of algorithm is converted to binary format.
  27. 27. device according to claim 15, it is characterised in that also include:
    Module is terminated, for when the detection module detects that terminating interface is called, calling termination function to terminate the visit Ask device, detection trigger module.
  28. 28. device according to claim 15, it is characterised in that also include:
    Second acquisition module, set for when the detection module detects that data encryption interface is called, obtaining intelligent key Standby category identities, pass through encryption function corresponding to the mark acquisition;
    3rd receiving module, the AES being passed to for reception system and encryption data;
    Encrypting module, for calling the encryption function encryption data to be encrypted operation, detection trigger module.
CN201710940478.6A 2017-09-30 2017-09-30 Method and device for operating intelligent key equipment in MacOSX system Active CN107769927B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710940478.6A CN107769927B (en) 2017-09-30 2017-09-30 Method and device for operating intelligent key equipment in MacOSX system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710940478.6A CN107769927B (en) 2017-09-30 2017-09-30 Method and device for operating intelligent key equipment in MacOSX system

Publications (2)

Publication Number Publication Date
CN107769927A true CN107769927A (en) 2018-03-06
CN107769927B CN107769927B (en) 2021-11-26

Family

ID=61267908

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710940478.6A Active CN107769927B (en) 2017-09-30 2017-09-30 Method and device for operating intelligent key equipment in MacOSX system

Country Status (1)

Country Link
CN (1) CN107769927B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5781723A (en) * 1996-06-03 1998-07-14 Microsoft Corporation System and method for self-identifying a portable information device to a computing unit
CN1805338A (en) * 2005-01-14 2006-07-19 中兴通讯股份有限公司 Cipher device and its user management method
CN101645124A (en) * 2009-09-03 2010-02-10 北京飞天诚信科技有限公司 Method for unlocking PIN code and intelligent secret key device
US20150188714A1 (en) * 2009-03-31 2015-07-02 Topaz Systems, Inc. Distributed system for multi-function secure verifiable signer authentication
CN105117033A (en) * 2015-08-28 2015-12-02 小米科技有限责任公司 Connection method and device of external equipment
CN106161037A (en) * 2016-08-19 2016-11-23 北京小米移动软件有限公司 Digital signature method and device
CN106250750A (en) * 2016-07-18 2016-12-21 深圳市文鼎创数据科技有限公司 USB device cut-in method based on MacOSX system and device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5781723A (en) * 1996-06-03 1998-07-14 Microsoft Corporation System and method for self-identifying a portable information device to a computing unit
CN1805338A (en) * 2005-01-14 2006-07-19 中兴通讯股份有限公司 Cipher device and its user management method
US20150188714A1 (en) * 2009-03-31 2015-07-02 Topaz Systems, Inc. Distributed system for multi-function secure verifiable signer authentication
CN101645124A (en) * 2009-09-03 2010-02-10 北京飞天诚信科技有限公司 Method for unlocking PIN code and intelligent secret key device
CN105117033A (en) * 2015-08-28 2015-12-02 小米科技有限责任公司 Connection method and device of external equipment
CN106250750A (en) * 2016-07-18 2016-12-21 深圳市文鼎创数据科技有限公司 USB device cut-in method based on MacOSX system and device
CN106161037A (en) * 2016-08-19 2016-11-23 北京小米移动软件有限公司 Digital signature method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
LUDOVIC.ROUSSEAU AT GMAIL.CO: "[SmartcardServices-Changes] [73] trunk/Tokend", 《HTTP://TRAC.MACOSFORGE.ORG》 *

Also Published As

Publication number Publication date
CN107769927B (en) 2021-11-26

Similar Documents

Publication Publication Date Title
CN109643285B (en) Encrypted user data transmission and storage
CN105871838B (en) A kind of log-in control method and customer center platform of third party's account
CN108959982B (en) Mobile terminal file encryption and decryption system and method based on hardware encryption TF card
CN107645486B (en) login authentication method and device
CN106899566A (en) A kind of authentication method, equipment and Authentication Client
CN108322461A (en) Method, system, device, equipment and the medium of application program automated log on
JP2005012732A (en) Device authentication system, terminal device, authentication server, service server, terminal device method, authentication method, terminal device program, authentication program, service server program, and storage medium
EP1419462A2 (en) Method to remotely query, safely measure, and securely communicate configuration information of a networked computational device
CN108270739B (en) Method and device for managing encryption information
CN105827683A (en) Data synchronization method, server and electronic device
CN105306423B (en) Unified login method for distribution Web web station system
CN108965222A (en) Identity identifying method, system and computer readable storage medium
CN109376133A (en) File access method and file access system
CN112054899A (en) Container mirror image encryption management method based on encryption machine
CN107294921A (en) The processing method and processing device that a kind of web terminal is accessed
CN110071924A (en) Big data analysis method and system based on terminal
CN105656979B (en) A kind of method, client, server and the platform of unstructured message processing
CN109697163A (en) Program testing method and equipment
CN113963464A (en) Bank safe deposit box unlocking system and method based on block chain
CN109040129A (en) A kind of method and server obtaining identifying code
CN107769927A (en) A kind of method and device that intelligent cipher key equipment is operated in MacOSX systems
CN106685938B (en) A kind of method and apparatus generating protection configuration for login page
CN106856471A (en) AD domains login authentication method under 802.1X
CN106453273B (en) A kind of information insurance management system and method based on cloud
CN108390753A (en) A kind of application program account logon method and system based on the retrieval of ciphertext Hash

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant