CN111428226B - Method for safely calling password card interface - Google Patents
Method for safely calling password card interface Download PDFInfo
- Publication number
- CN111428226B CN111428226B CN202010211099.5A CN202010211099A CN111428226B CN 111428226 B CN111428226 B CN 111428226B CN 202010211099 A CN202010211099 A CN 202010211099A CN 111428226 B CN111428226 B CN 111428226B
- Authority
- CN
- China
- Prior art keywords
- session management
- password
- handle
- management middleware
- parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
Abstract
The invention discloses a method for safely calling a password card interface, which relates to the technical field of information security, in particular to a method for safely calling the password card interface, and comprises a session management middleware, wherein the session management middleware is a set of software programs running in a service system and connected between the service system and an application interface of password equipment.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a method for safely calling a password card interface.
Background
The GM/T0018 plus 2012 password device application interface specification (hereinafter referred to as the "specification") specifies the application interface standard for service-class password devices under the public key cryptography infrastructure application technology system. A service class cryptographic device that conforms to the specification needs to implement all the interfaces defined within the specification. The specification describes formal definitions of interfaces, but does not specify the implementation of interface internal device handles and session handles. The service system needs to call the cryptographic device through the interface in the specification, and with the increase of the scale and the number of the service system, the development and the test of the service system will be very large workload, and the abnormal use of the device handle and the session handle in the interface will bring about serious errors, and even cause the crash of the service system. To solve this problem, a great deal of cost is required to be invested in the development and test processes of each business system.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a method for safely calling a password card interface, which solves the problems in the background technology.
In order to achieve the purpose, the invention is realized by the following technical scheme: a method for safely calling a password card interface comprises a session management middleware, wherein the session management middleware is a set of software programs running in a service system and connected between the service system and a password device application interface, and the method comprises the following specific steps:
firstly, reading a configuration file: the session management middleware reads a configuration file of the password equipment and acquires connection information of the password equipment;
step two, parameter encapsulation: according to the parameter encapsulation mode of the session management middleware program, encapsulating the parameters of the connection information of the password equipment;
and the third part is used for acquiring the use right of the application interface of the password equipment: the session management middleware acquires the use rights of all the password device application interfaces according to the parameters of the password device connection information and locks all handle resources;
step four, session management: the service system calls the application interface of the password equipment through the session management middleware;
fifthly, releasing the use right of the application interface of the password equipment: and when the password is operated, the session management middleware transmits the locked handle resource to the password device application interface, unlocks the handle resource after the password operation is finished, and can release the use right of the password device application interface if the handle resource is not required to be used subsequently.
Optionally, the session management process includes:
I. the service system calls the session management middleware, and the used handle is used as a parameter and is transmitted into the session management middleware;
II. The session management middleware detects the introduced handle parameter, and if the handle parameter is invalid, failure is returned; if the handle parameter is valid, locking the handle;
III, the session management middleware detects whether the handle parameter is locked or not, and if the handle parameter is locked, overtime waiting is carried out within the specified time; if the handle parameter is not locked by other callers, the locking operation is performed.
The invention provides a method for safely calling a password card interface, which has the following beneficial effects:
1. the method for safely calling the password card interface abandons a method for managing the handle by the service system and the password device application interface, achieves the effect of safely calling the handle resource by adding the session management middleware for handle centralized management, avoids the direct data transmission between the service system and the password device, thereby reducing the interface serious errors caused by abnormal use of the handle and ensuring the normal connection between the password device and the service system.
2. According to the method for safely calling the password card interface, the handle resource of the password equipment is called through the session management middleware, and the used handle of the business system is transmitted to the session management middleware as a parameter, so that the development and test workload of the business system can be reduced, the development and test cost is reduced, and the project development progress of the business system is accelerated.
3. According to the method for safely calling the password card interface, the password equipment application interface use right is obtained and released through the session management middleware, the password equipment application interface use right can be released in time after handle resources of the password equipment are used, channels and memories occupied by session management middleware data operation are reduced, and the operation speed of the session management middleware is improved.
Drawings
FIG. 1 is a schematic diagram of the process steps of the present invention;
FIG. 2 is a connection diagram of a service system, a session management middleware and a cryptographic device according to the present invention;
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Referring to fig. 1 to 2, the present invention provides a technical solution: a method for safely calling a password card interface comprises a session management middleware which is a software program running in a service system and is an application programming interface, is mainly responsible for session management between the service system and a password device application interface, namely data transmission exchange and method calling and is connected between the service system and the password device application interface, and comprises the following specific steps:
firstly, reading a configuration file: the session management middleware reads a configuration file of the password equipment and acquires connection information of the password equipment;
step two, parameter encapsulation: according to the parameter encapsulation mode of the session management middleware program, encapsulating the parameters of the connection information of the password equipment, wherein the encapsulated parameters can be transmitted;
and the third part is used for acquiring the use right of the application interface of the password equipment: the session management middleware acquires the use rights of all the password equipment application interfaces according to the parameters of the password equipment connection information, the use rights of the password equipment application interfaces are acquired, namely the password equipment handles and resources such as context handles of password operation are acquired, the subsequent password operation is based on the handles, if the handle acquisition fails, the use rights of the password equipment application interfaces cannot be acquired, all the handle resources are locked, after the handle resources are acquired, the handle resources are uniformly managed by session management, the session management middleware sequentially detects the validity of the handle resources after acquiring the handle resources, if the handle resources are unavailable, the operation returns to fail, and the use rights of the password equipment application interfaces need to be acquired again;
step four, session management: the business system calls the password equipment application interface through the session management middleware, and the password operation can be carried out by finding the corresponding password equipment application interface after calling, wherein the session management process comprises the following steps:
I. the service system calls the session management middleware, and the used handle is used as a parameter and is transmitted into the session management middleware;
II. The session management middleware detects the introduced handle parameter, and if the handle parameter is invalid, failure is returned; if the handle parameter is valid, locking the handle;
III, the session management middleware detects whether the handle parameter is locked or not, and if the handle parameter is locked, overtime waiting is carried out within specified time; if the handle parameter is not locked by other callers, executing the locking operation;
fifthly, releasing the use right of the application interface of the password equipment: and when the password is operated, the session management middleware transmits the locked handle resource to the password equipment application interface, after the password operation is finished, the session management middleware unlocks the handle resource, and if the handle resource is not required to be used any more subsequently, the use right of the password equipment application interface can be released, the occupied memory of the session management middleware is reduced, and the running speed of the session management middleware is improved.
In summary, when the method for securely calling the password card interface is used, firstly, the session management middleware acquires the information of the password device, acquires the right of use of the application interface of the password device through the password device connection information, and gives the handle information to the session management, secondly, the service system transmits the used handle information to the session management of the session management middleware, and finally, calls the application interface of the password device through the session management.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.
Claims (2)
1. A method for safely calling a password card interface comprises a session management middleware, and is characterized in that: the session management middleware is a set of software program running in the service system and connected between the service system and the application interface of the password equipment, and the method specifically comprises the following steps:
firstly, reading a configuration file: the session management middleware reads a configuration file of the password equipment and acquires connection information of the password equipment;
step two, parameter encapsulation: according to the parameter encapsulation mode of the session management middleware program, encapsulating the parameters of the connection information of the password equipment;
and the third part is used for acquiring the use right of the application interface of the password equipment: the session management middleware acquires the use rights of all the password device application interfaces according to the parameters of the password device connection information and locks all handle resources;
step four, session management: the service system calls the application interface of the password equipment through the session management middleware;
fifthly, releasing the use right of the application interface of the password equipment: and when the password is operated, the session management middleware transmits the locked handle resource to the password device application interface, unlocks the handle resource after the password operation is finished, and can release the use right of the password device application interface if the handle resource is not required to be used subsequently.
2. The method of claim 1, wherein the method comprises the steps of: the session management process is as follows:
I. the service system calls the session management middleware, and the used handle is used as a parameter and is transmitted into the session management middleware;
II. The session management middleware detects the introduced handle parameter, and if the handle parameter is invalid, failure is returned; if the handle parameter is valid, locking the handle;
III, the session management middleware detects whether the handle parameter is locked or not, and if the handle parameter is locked, overtime waiting is carried out within the specified time; if the handle parameter is not locked by other callers, the locking operation is performed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010211099.5A CN111428226B (en) | 2020-03-24 | 2020-03-24 | Method for safely calling password card interface |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010211099.5A CN111428226B (en) | 2020-03-24 | 2020-03-24 | Method for safely calling password card interface |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111428226A CN111428226A (en) | 2020-07-17 |
| CN111428226B true CN111428226B (en) | 2022-06-10 |
Family
ID=71548638
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010211099.5A Active CN111428226B (en) | 2020-03-24 | 2020-03-24 | Method for safely calling password card interface |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111428226B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112270000B (en) * | 2020-09-18 | 2023-10-27 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Cryptographic service providing method, device and computer readable storage medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8930713B2 (en) * | 2010-03-10 | 2015-01-06 | Dell Products L.P. | System and method for general purpose encryption of data |
| CN105303093A (en) * | 2014-07-04 | 2016-02-03 | 上海交通大学深圳研究院 | Token verification method for cryptographic smart token |
| CN104199680B (en) * | 2014-08-04 | 2017-08-11 | 中国电子科技集团公司第三十研究所 | A kind of processing method for supporting to call a variety of safety means |
| CN106201747B (en) * | 2016-07-22 | 2019-04-23 | 浪潮软件集团有限公司 | Method for accessing intelligent password equipment under limited user of WINDOWS system |
| EP3297242B1 (en) * | 2016-09-20 | 2018-09-05 | Deutsche Telekom AG | A system and a method for providing a user with an access to different services of service providers |
-
2020
- 2020-03-24 CN CN202010211099.5A patent/CN111428226B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111428226A (en) | 2020-07-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2020248768A1 (en) | Method and apparatus for managing application program service | |
| CN108881111B (en) | Method and device for realizing multi-tenant system | |
| EP2368382B1 (en) | Locking of communication device | |
| WO2022179076A1 (en) | Machine-card binding method, communication module, communication device, and storage medium | |
| CN101697136B (en) | Method and device for controlling resource | |
| CN110795174B (en) | Application program interface calling method, device, equipment and readable storage medium | |
| CN111428226B (en) | Method for safely calling password card interface | |
| CN115189896B (en) | Virtual cloud password service system and method | |
| CN111130922A (en) | Airborne information safety automatic test method and test platform | |
| CN106169042A (en) | The method and device of administration authority | |
| CN106506565B (en) | Remote command execution method and device | |
| CN113485824A (en) | API (application programming interface) interface management method of integrated operation and maintenance platform | |
| CN111221511A (en) | Development system of plug-in type micro-service interface | |
| CA2248634C (en) | Common connector framework | |
| CN102025728A (en) | Scheduling method under client-side/server-side architecture and server | |
| CN111786995B (en) | Account password management method, management middleware, system, equipment and storage medium | |
| CN111159141A (en) | Decentralized distributed data synchronization method, distributed node and system | |
| CN113364820A (en) | Equipment control method and device of Internet of things service system | |
| CN112542002A (en) | Car renting system control method and device | |
| CN108363613A (en) | A kind of locking method of exclusive lock, electronic equipment and storage medium | |
| CN111736830A (en) | Page integration method based on symbolic path analysis | |
| CN115589341B (en) | Platform migration system and method without perception of user | |
| CN112349003A (en) | Door lock password transmission method, lock body, server and readable storage medium | |
| CN111367617A (en) | Computing resource trusted management linkage system and method | |
| CN110572430A (en) | identity data synchronization system and method based on timing task |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A method for securely calling the password card interface Effective date of registration: 20230525 Granted publication date: 20220610 Pledgee: Jinan Free Trade Zone sub branch of Qilu Bank Co.,Ltd. Pledgor: Zhongan Yunke technology development (Shandong) Co.,Ltd. Registration number: Y2023980041898 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |