CN104102869A

CN104102869A - Electronic signature authentication extension equipment and information processing method

Info

Publication number: CN104102869A
Application number: CN201310127794.3A
Authority: CN
Inventors: 胡鹏; 吴匀; 陈杰; 靳松
Original assignee: Beijing Watertek Information Technology Co Ltd
Current assignee: Beijing Watertek Information Technology Co Ltd
Priority date: 2013-04-12
Filing date: 2013-04-12
Publication date: 2014-10-15
Anticipated expiration: 2033-04-12
Also published as: CN104102869B

Abstract

The invention relates to electronic signature authentication extension equipment and an information processing method. The equipment comprises a first interface, a second interface, a central control unit, an output unit and a physical control unit, wherein the first interface is connected with first equipment which has the function of running an electronic signature client, the second interface is connected with second equipment which has the function of electronic signature authentication, the central control unit is used for extracting the digital information which is received through the first interface, and sending the digital information to the output unit, the central control unit is also used for sending the digital information to the second equipment through the second interface after the physical control unit receives the verifying operation of a user, receiving the signed digital information through the second interface and sending the digital information through the first interface, the output unit is used for displaying the digital information extracted from the central control unit, and the physical control unit is used for receiving the verifying operation of the user. The equipment and the method for the electronic signature authentication extension can improve the safety of a modern E-bank identification USB (universal serial bus) Key.

Description

Electron underwriting authentication expansion equipment and information processing method

Technical field

The present invention relates to application of electronic technology field, relate in particular to a kind of electron underwriting authentication expansion equipment and information processing method.

Background technology

Electronic signature application is extensive, and application is the electron underwriting authentication of Web bank more widely.

At present, along with popularizing of Web bank, increasing people brings into use this conveniently financial service.China now the solution of the safety of generally acknowledged solution Internet-based banking services client be to use electronic signature equipment, as USBKey.It is very general that conventional USBKey carries out network security certification as the carrier of digital certificate.In the Net silver application of financial field, large-scale application is in the internet banking system of each bank of the whole nation for traditional USBKey, and custom is referred to as generation USBKey in the industry.But along with the development of Net silver and universal, for the attack of generation USBKey, with more and more many, be mainly reflected in two aspects, the one, in process of exchange, for the attack of transaction data, the key elements such as the payee account in transaction data and the amount of money are revised; Another aspect is to attack for transaction itself, forges a transaction in the unwitting situation of user.For these, attack, the Net silver application safety certified product of bank is transitioned into the two generation USBKey with LCDs and button by generation USBKey gradually.

Although at present, nationalized bank and numerous local bank are all at distribution two generation USBKey, and there has been a large amount of generation USBKey storage clients in each bank of the whole nation, and these storages client is still faced with hacker's attack.

Summary of the invention

Technical matters to be solved by this invention is to provide a kind of electron underwriting authentication expansion equipment and information processing method, to solve the potential safety hazard of existing generation Net silver authentication USBKey.

In order to solve the problems of the technologies described above, the invention provides a kind of electron underwriting authentication expansion equipment, described equipment comprises:

First interface, for the first equipment connection with having operation electronic signature client functionality;

The second interface, for the second equipment connection with having electron underwriting authentication function;

Central control unit, be connected with described first interface, the second interface, output unit and physical control unit, for extracting the numerical information receiving by described first interface, and send to output unit, and physical control unit receive user confirm operation after, by described the second interface, to the second equipment, send numerical information, also for receiving the numerical information signing and send by described first interface from the second interface;

Output unit, for the numerical information that shows that described central control unit extracts;

Physical control unit, for receiving user's confirmation operation.

Further, described central control unit also comprises the Interface status control module being realized by main control chip, the equipment interface state connecting for detection of described first interface, if interface master status, it is that interface is from equipment that described first interface is set, if it is interface main equipment that interface from equipment state, arranges described first interface, for described the second interface is set, be also interface master status.

Further, described central control unit also comprises recognition of devices module, when first interface being set being interface master status, for identifying whether the equipment of first interface connection is for having the first equipment of operation electronic signature client functionality, when the second interface being set being interface master status, for identifying whether the equipment of the second interface connection is second equipment with electron underwriting authentication function, when the equipment only connecting when first interface is the first equipment, described message processing module carry out and the first equipment between processing, and when the equipment of the second interface connection is the second equipment, described message processing module carry out and the second equipment between processing.

Further, described equipment also comprises actuating switch, for control based on described central control unit or user's operation, realize being connected and disconnection of described central control unit and described the second interface, described central control unit receives after described numerical information, controls being connected between described actuating switch conducting and described the second interface; Receive numerical information after described signature after the schedule time, control described actuating switch disconnect with described the second interface between be connected.

Further, described central control unit also comprises the electron underwriting authentication module that adopts intelligent and safe chip or integrated chip to realize, be used for realizing electron underwriting authentication function, the electron underwriting authentication module of described central control unit and described the second equipment are realized the electron underwriting authentication of identical or different business or application.

Further, described first interface is directly connected or connects by breakout box with described the second equipment with described the first equipment and described the second interface.

Further, described output unit is exported described numerical information in the mode of word demonstration or speech play.

Further, described the second interface adopts the mode that circuit is put up a bridge or interface docks to be connected with described the second equipment.

Further, described physical control unit adopts light sensation button, film key or the young sheet of pot to realize.

Further, described equipment comprises battery, and described physical control unit comprises the on & off switch of opening, closing for opertaing device, and described on & off switch is in opening state, and described battery provides power supply.

Further, described central control unit also comprises energy supply control module, for realizing power management, comprising: when the first equipment is personal computer (PC), adopting external power source is described equipment power supply, charging.

Further, described central control unit adopts intelligent and safe chip and main control chip to realize, or adopts universal cpu chip and main control chip to realize, or adopts integrated chip to realize.

For solving the problems of the technologies described above, the present invention also provides a kind of information processing method, be applied to have electron underwriting authentication Function Extension equipment, described equipment comprises first interface, the second interface, central control unit, output unit and physical control unit, and the method comprises:

Central control unit is received and is extracted the numerical information for electron underwriting authentication that the first equipment sends by first interface;

Output unit is exported described numerical information, and physical control unit receives the confirmation operation information of user's input;

Central control unit sends to described numerical information by the second interface the second equipment being connected with the second interface;

Central control unit receives the numerical information after the signature that described the second equipment sends by the second interface and sends to the first equipment.

Further, by described first interface, received, extracted before described numerical information, the method also comprises:

Central control unit detects the equipment interface state that first interface connects;

Central control unit arranges the Interface status of first interface according to testing result, if interface master status arranges described first interface and be interface from equipment, if interface from equipment state, arranges described first interface, be interface main equipment.

Further, when first interface being set being interface master status, by described first interface, received, extracted before described numerical information, the method also comprises:

The equipment that central control unit is identified described first interface connection is first equipment with operation electronic signature client functionality;

Or, by described the second interface by described numerical information send to described the second equipment before, the method also comprises that it is second equipment with electron underwriting authentication function that central control unit is identified the equipment that described the second interface connects.

Further, described equipment also comprises actuating switch, receives after the confirmation operation information of user's input, and the method also comprises: described central control unit is controlled being connected between described actuating switch conducting central control unit and the second interface; Receive numerical information after described signature after the schedule time, control described actuating switch and disconnect being connected between central control unit and the second interface.

Compared with prior art, utilize expansion equipment of the present invention and method to increase not have the security of electron underwriting authentication of the electron underwriting authentication equipment of output device and physical control function, make it be compatible with existing electron underwriting authentication system, and expansion equipment of the present invention can possess electron underwriting authentication function by concrete high intelligent and safe chip, has increased the practicality of expansion equipment.

Other features and advantages of the present invention will be set forth in the following description, and, partly from instructions, become apparent, or understand by implementing the present invention.Object of the present invention and other advantages can be realized and be obtained by specifically noted structure in instructions, claims and accompanying drawing.

Accompanying drawing explanation

Fig. 1 is the module result schematic diagram of electron underwriting authentication expansion equipment embodiment 1 of the present invention;

Fig. 2 is the modular structure schematic diagram of electron underwriting authentication expansion equipment embodiment 2 of the present invention;

Fig. 3 is the modular structure schematic diagram of electron underwriting authentication expansion equipment embodiment 3 of the present invention;

Fig. 4 is the modular structure schematic diagram of electron underwriting authentication expansion equipment embodiment 4 of the present invention;

Fig. 5 is the schematic diagram of information processing method embodiment 1 of the present invention;

Fig. 6 is the schematic diagram of information processing method embodiment 2 of the present invention;

Fig. 7 is the workflow diagram that present device is connected with PC with the first USB interface;

Fig. 8 is the constitutional diagram of actuating switch when opening after present device is connected with PC;

Fig. 9 is the constitutional diagram of actuating switch when closure after present device is connected with PC;

Figure 10 is the workflow diagram that present device is connected with intelligent mobile terminal with the first USB interface;

Figure 11 is the constitutional diagram of actuating switch when opening after present device is connected with intelligent mobile terminal;

Figure 12 is the constitutional diagram of actuating switch when closure after present device is connected with intelligent mobile terminal;

Figure 13 is the process flow diagram that present device is processed the numerical information of pending electronic signature;

Figure 14 is that present device connects the process flow diagram of the second equipment by secondary USB interface.

Accompanying drawing is used to provide the further understanding to technical solution of the present invention, and forms a part for instructions, is used from explanation technical scheme of the present invention with the application's embodiment mono-, does not form the restriction to technical solution of the present invention.

Embodiment

For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with the drawings and specific embodiments, technical scheme of the present invention is described in further detail, so that those skilled in the art can better understand the present invention also, can be implemented, but illustrated embodiment is not as a limitation of the invention.It should be noted that, in the situation that not conflicting, embodiment and the feature in embodiment in the application can combine mutually.

Embodiment 1

As shown in Figure 1, electron underwriting authentication expansion equipment embodiment 1 of the present invention comprises first interface, central control unit, the second interface, output unit and physical control unit, wherein:

Central control unit, be connected with described first interface, the second interface, output unit and physical control unit, comprise message processing module, for extracting by first interface, receive the numerical information that described the first equipment sends, and send to output unit, and the confirmation operation information based on user's input, by described the second interface, to the second equipment, send numerical information, also for receiving the numerical information signing and send by described first interface from the second interface;

Central control unit is the central processing unit of whole equipment, and it be that the core of present device is also the bridge of other modules.Particularly, described central control unit adopts intelligent and safe chip and main control chip to realize, or adopts universal cpu chip and main control chip to realize, or adopts integrated chip to realize.

Alternatively, described the second interface adopts the mode that circuit is put up a bridge or interface docks to be connected with described the second equipment.

Described first interface and described the second interface are A type or MiniB type USB interface, and described first interface is directly connected or connects by breakout box with described the second equipment with described the first equipment and described the second interface.Separately, when specific implementation, first interface, the second interface can also be audio interface.

Output unit, is connected with described central control unit, the numerical information of extracting for exporting described central control unit, and alternatively, described output unit shows with word or the mode of speech play is exported described numerical information;

Physical control unit, be connected with described central control unit, for receiving the operation information of user's input and sending to described central control unit, described operation information comprises confirmation operation information, and the implementation of described physical control unit includes but not limited to adopt light sensation button, film key or the young sheet of pot to realize.

What electron underwriting authentication expansion equipment of the present invention was selected due to master chip own is the chip that electronic signature functionality can be provided, so itself be also the equipment that independently signs electronically.Alternatively, characteristic based on intelligent and safe chip itself, described central control unit also comprises the electron underwriting authentication module that adopts intelligent and safe chip to realize, be used for realizing electron underwriting authentication function, the electron underwriting authentication module of described central control unit and described the second equipment are realized the electron underwriting authentication of identical or different bank.

Embodiment 2

As shown in Figure 2, electron underwriting authentication expansion equipment embodiment 2 of the present invention comprises first interface, central control unit, the second interface, output unit, physical control unit, wherein:

Described central control unit also comprises the Interface status control module being realized by main control chip, the equipment interface state connecting for detection of described first interface, if interface master status, it is that interface is from equipment that described first interface is set, if interface is from equipment state, it is interface main equipment that described first interface is set, and for described the second interface is set, is also interface master status.

Alternatively, described central control unit also comprises recognition of devices module, when first interface being set being interface master status, for identifying whether the equipment of first interface connection is for having the first equipment of operation electronic signature client functionality, when the second interface being set being interface master status, for identifying whether the equipment of the second interface connection is second equipment with electron underwriting authentication function, when the equipment only connecting when first interface is the first equipment, described message processing module carry out and the first equipment between processing, and when the equipment of the second interface connection is the second equipment, described message processing module carry out and the second equipment between processing.

Particularly, while being connected with the first equipment PC as present device, because PC itself is USB main equipment, so the first USB interface of present device can be set to USB by the control of central control unit, from equipment, be connected with PC, and in the first USB interface, keep USB from this feature of equipment always.But when the first equipment is intelligent mobile terminal, when present device is connected with intelligent mobile terminal, because intelligent mobile terminal itself is all that USB is from equipment, so the first USB interface of present device can be set to by the control of central control unit USB main equipment, be connected with intelligent mobile terminal, and in the first USB interface, keep this feature of USB main equipment always.

Described first interface and described the second interface are A type or MiniB type USB interface, and described first interface is directly connected or connects by breakout box with described the second equipment with described the first equipment and described the second interface.

User can browse or listen to Transaction Information by the output unit of equipment, as name, and account and the amount of money, or image information etc., but do not limit to therewith.Can adopt current LCD, OLED Screen Technology realizes output unit, simple and convenient, and its major function is that the sensitive information that user is signed electronically in transaction shows, such as: name, account, the amount of money etc.Output unit provides energy by internal cell or external power source, and is subject to the control of central control unit, the demonstration information that demonstration or speech play central control unit are issued only.

Alternatively, physical control unit can be by information page turning key, transaction cancel key, and the basic function keys such as USB interface actuating switch key (trade confirmation key) form, can also increase other a plurality of buttons such as numerical key, function switch key to meet the needs of future development, but not only be confined to this.It is the external input equipment of equipment, and user can carry out Password Input by this module, and function is switched, the control of electronic signature etc.While realizing, can adopt such as light sensation button, film key, the modes such as the young sheet of pot complete.Physical control unit provides energy by internal cell or external power source, and is subject to the control of central control unit.On physical control unit, user's all operations information signal can be processed to central control unit by the circuit transmission in equipment.

Alternatively, characteristic based on intelligent and safe chip itself, described central control unit also comprises the electron underwriting authentication module that adopts intelligent and safe chip to realize, be used for realizing electron underwriting authentication function, the electron underwriting authentication module of described central control unit and described the second equipment are realized the electron underwriting authentication of identical or different bank.

In above-described embodiment 1 and embodiment 2, alternatively, as shown in Figure 3, described electron underwriting authentication expansion equipment also comprises actuating switch, for the control based on described central control unit, realizes being connected and disconnection of described central control unit and described the second interface; Particularly, described central control unit also comprises link control module, for receiving after described numerical information, controls being connected between described actuating switch conducting and described the second interface; Receive numerical information after described signature after the schedule time, control described actuating switch disconnect with described the second interface between be connected.

Particularly, when user confirms that the numerical information of present device output unit output is errorless, by manual operation actuating switch or central control unit, control and make actuating switch in closure state, and keep the schedule time (such as 5 minutes), actuating switch switches under the control of central control unit subsequently, or automatically returns to off-state.When actuating switch is during in closure state, the central control unit of present device can be adjusted into interface master status by the second interface automatically, and the equipment of the second interface access is identified and operated, and by the second equipment USBkey, completes electronic signature.

Take below first, second interface is that USB interface is example, and the first USB interface, secondary USB interface, central control unit in embodiment 1 and embodiment 2 are elaborated:

The first USB interface: the equipment of being responsible for is connected and communication with the first equipment (as PC or intelligent mobile terminal), institute's USB communication pin that provides and usb circuit connecting communication in central control unit are provided while realizing.USB is that interface has many kinds, and modal is exactly use in PC that flat, and this is called A type USB mouth, there are 4 lines the inside, according to whom, pegging graft, who is divided into male and female interface, on general USB flash disk, electric signing tools or connecting line be public mouthful, also claim USB plug; On machine be female mouthful, also claim USB socket.Meanwhile, also have a kind of modal low profile interface on digital product that is applicable to, because digital product volume is limit, so conventionally use be Mini Type B USB interface, and be to be generally set to female mouthful, be exactly Mini Type B USB socket; But Mini Type B interface also has numerous species, there is the interface of Mini Type B 5Pin interface, Mini Type B 4Pin, interface of Mini Type B 8Pin etc.; Second equipment (such as Net silver authentication means, also referred to as USBKey or U shield) with electronic signature (also claiming electron underwriting authentication) function generally adopts this Mini Type B USB socket; Conventionally adopt Mini Type B 5Pin interface.The first USB interface in the present invention, as the USB device being connected with PC or intelligent mobile terminal, is considered in the compatibility of invention simultaneously, public mouthful of the compatible A type USB of the first USB interface needs, Mini Type B USB interface while realizing.

Secondary USB interface: the equipment of being responsible for is connected and communication with second equipment (as USBKey or electronic signature equipment) with electronic signature (also claiming electron underwriting authentication) function, institute's USB communication pin that provides and usb circuit connecting communication in central control unit are provided while realizing.While realizing, secondary USB interface needs female mouthful of compatible A type USB, Mini Type B USB interface.Especially, it should be noted that, owing to considering Cost Problems, when realizing, invention can directly adopt circuit overlapping mode to provide and USBKey or electronic signature equipment, utilize circuit or pin to be directly connected and communication with the USBKey of access or the USB interface of electronic signature equipment, and without increase female mouthful of A type USB or Mini Type B USB interface in present device, with this, reach the object of workout cost.

Below various implementations are described:

Mode one, central control unit adopt intelligent and safe chip and main control chip to realize;

The master chip that central control unit of the present invention adopts is the intelligent and safe chip that electronic signature functionality can be provided, one the safe SOC chip of height based on 8 or above risc processor, possesses the features such as high throughput, high security, low-power consumption, low cost.As the Z8D168U chip of the STM32 chip of ST or national technology or chip of the same type etc.Especially propose, adopt its chip internal in master chip described above all to have USB from equipment interface characteristic.If the first equipment is PC, because PC itself just has USB main equipment characteristic, if two equipment are both USB main equipment, cannot be connected so.In this method owing to providing USB from equipment interface in the chip of selecting, so when being connected with PC, its first USB interface is connected with PC from equipment as USB.

Because said chip does not have the characteristic of USB main equipment, so need to be connected with a USB main equipment, using that this guarantees that secondary USB interface is that generation USBKey is connected as USB main equipment and the second equipment in realization.At this, the method that can select to extend out usb bus common interface chip (above said main control chip) solves, as ISP1761USB controller scheme or CH375 scheme cheaply.

Mode two, central control unit adopt universal cpu chip and main control chip to realize;

The master chip that central control unit adopts is that performance is high, and cost is low, the AT91RM9200 of highly versatile, a microprocessor based on ARM920T kernel of Qi Shi Atmel company.It has abundant system and application peripheral hardware and standard interface, and clock frequency can reach 180MHz, and has low-power consumption, low cost, high-performance, in embedded system, is widely used.In addition, on the control for USB interface realizes, adopt the method that extends out ISP1761.ISP1761 is a high speed USB ON The Go (OTG) controller of Philips company exploitation, core Embedded the speed buffering of 64KB, promoted widely the handling property of system, and power consumption is very low, price material benefit in addition, ISP761 also has configurable 32b/16b asynchronous cpu interface, and this design ISP1761 external data bus is set to 16b pattern.Because ISP1761 provides OTG technology, so the equipment that can solve in the present invention need to have USB from equipment, possesses again this characteristic of USB main equipment.Meanwhile, in current Embedded System Design, USB interface extend out the USB controller that main employing microprocessor chip carries, generally only support low speed and agreement at full speed, cannot realize high speed data transfer.This design adopts AT91RM9200 processor to extend out ISP1761USB controller scheme, has solved the transmission speed problem of USB device under embedded system.

Especially it should be noted that, adopt its chip internal in master chip described above all to have USB from equipment interface characteristic.If the first equipment is PC, because PC itself just has USB main equipment characteristic, if two equipment are both USB main equipment, cannot be connected so.In the present invention owing to providing USB from equipment interface in the chip of selecting, so when being connected with PC, its first USB interface is connected with PC from equipment as USB.

Because said chip does not have the characteristic of USB main equipment, so need to be connected with a USB main equipment, using that this guarantees that secondary USB interface is that generation USBKey is connected as USB main equipment and the second equipment in realization.At this, can select to extend out usb bus common interface chip (above said main control chip) and solve, as ISP1761USB controller scheme or CH375 scheme cheaply.

Aforesaid way two is compared with mode one, there are stronger function and ease for use, but because master chip lacks the characteristic of intelligent and safe chip, so the central control unit of mode two can not be realized electron underwriting authentication function, cannot independently become a equipment with electronic signature functionality.But its strong USB ability to communicate is better, can support USB2.0 transmission feature at a high speed.

Mode three, central control unit adopt integrated chip to realize.

The solution of the integrated chip (being one chip) that central control unit adopts completes, and has safety, low in energy consumption, develops simple feature, especially for the electronic signature equipment in electric signing system, more specialized.Single-chip is by the current existing intelligent and safe chip for electronic signature equipment, gathers mutually, and possess following features with high performance USB main control chip:

32 high security CPU, realize and support host negotiation protocol (Host NegotiationProtocol, the USB main control function of the transmission of HNP) and two Device data, this processor can be supported the feature with USB Host*2, support high speed USB ON The Go (OTG) function, outside flash and SDRAM, with flash and the RAM of certain capacity, also can be expanded in its inside.At flash storage area, can store embedded OS program, each driver of USB, electronic signature client-side program, character library Chinese matrix etc.It has a certain amount of GPIO interface that can support display screen device and button, to guarantee the use of functions of the equipments.

Understandably, except above hardware chip, the central control unit of present device also needs to develop some software programs and drives present device, comprise: embedded OS (control to this equipment by the exploitation realization to its embedded OS on chip), USB Client Driver, USB driver and usb host controller driver.The issued transaction of application program is by USB Client Driver, when starting, USB device to be used as to system software to comprise USB driver and USB Host Controller Driver, and USB driver is responsible for the position coding, package, cyclic check, transmission, mistake processing of configuration management, user management, bus management and data transfer management and data etc.Need especially to propose, usb protocol stack need to be realized in master chip, to guarantee the normal operation of USB main equipment, if extending out usb bus common interface chip usb protocol stack can being provided of adopting can be simplified this step so.

In central control unit, also should have built-in storage area, in this region, store embedded OS program, each driver of USB, electronic signature client-side program, character library Chinese matrix etc.

In another preferred embodiment, as shown in Figure 4, described equipment is except comprising above said first interface, central control unit, the second interface, actuating switch, output unit, physical control unit, also comprise battery, described physical control unit comprises the on & off switch of opening, closing for opertaing device, described on & off switch is in opening state, and described battery provides power supply, thereby realizes the function of saves energy.

Described central control unit also comprises energy supply control module, for realizing power management, comprising: when the first equipment connecting at first interface is personal computer (PC), employing external power source is described equipment power supply and/or is battery charging.

That is, no matter on & off switch is in opening or closed condition, and during the first interface of present device access external power source, present device all can be carried out charging operations to internal cell, and this function is completed by energy supply control module.

Particularly, energy supply control module is responsible for the power management function of present device, and energy supply control module and each module are connected to following situation and energy are provided and complete charging:

When the first interface of present device is connected with PC, it is central control unit, output unit, the power supply of physical control unit that present device adopts external power source.

After actuating switch closure, energy supply control module utilizes internal cell for accessed the second equipment equipment power supply, completes identification subsequently and the work of electronic signature.

When the first interface of present device is connected with intelligent mobile terminal, it is central control unit, output unit, the power supply of physical control unit that present device adopts internal electric source.

When present device by first interface and PC or external power source when being connected, this energy supply control module adopts the electric power being provided by the USB interface on PC or external power source to charge to device interior battery.

Battery is responsible for equipment electric energy is provided, and is subject to energy supply control module and is connected with each module, adopts button-shaped rechargeable battery to realize.

The present invention also provides a kind of information processing method embodiment 1, be applied to have electron underwriting authentication Function Extension equipment, described equipment comprises first interface, the second interface, central control unit, output unit and physical control unit, and as shown in Figure 5, the method comprises:

Step 501: central control unit is received and extracted the numerical information for electron underwriting authentication that the first equipment sends by first interface;

In the method embodiment 1, the first equipment can be that PC can be also smart mobile phone, the state of first interface can be set by the mode of default setting, such as, it is that interface is from equipment state that first interface is set, thereby can only connect this first equipment with interface master status of PC, or first interface is set is interface master status, thereby can only connect, smart mobile phone is this has interface from the first equipment of equipment state.

When present device first interface is connected with PC, because the USB mouth of PC is USB main control equipment, so that present device adopts is coupled from the pattern of equipment; When present device first interface is connected with intelligent mobile terminal, because the USB mouth of intelligent mobile terminal is that USB is from equipment, so present device adopts the pattern of USB main equipment coupled.

Step 502: output unit is exported described numerical information, physical control unit receives the confirmation operation information of user's input;

Step 503: central control unit sends to described numerical information by the second interface the second equipment being connected with the second interface;

Step 504: central control unit receives the numerical information after the signature that described the second equipment sends by the second interface and sends to the first equipment.

The present invention also provides a kind of information processing method embodiment 2, be applied to have electron underwriting authentication Function Extension equipment (below also referred to as expansion equipment or equipment), described equipment comprises first interface, the second interface, central control unit, output unit and physical control unit, as shown in Figure 6, the method comprises:

Step 601: central control unit detects the equipment interface state that first interface connects;

Step 602: central control unit arranges the Interface status of first interface according to testing result, if interface master status arranges described first interface and be interface from equipment, is interface main equipment if interface from equipment state, arranges described first interface.

In the method embodiment 2, the state of first interface can switch to different equipment interface states according to the difference of the equipment interface state of the equipment of its connection, particularly, central control unit can be identified the equipment interface state that first interface connects by following four kinds of modes, thereby switches the equipment interface state of first interface: operating personnel's selection; The ID signal of 5 pin USB socket; Double-H groove weld SB socket principal and subordinate decision circuitry; Single USB socket principal and subordinate decision circuitry.

Above four kinds of modes are applicable to three kinds of implementation methods of central control unit, the first implementation method of central control unit of take below describes as example, such as central control unit adopts intelligent and safe chip (such as Z8D128 chip or Z8D256, below also referred to as single-chip microcomputer) and plug-in CH375 realization.

If use a CH375 to realize two kinds of USB communications of principal and subordinate (USB-HOST and USB-DEVICE) simultaneously, Single Chip Microcomputer (SCM) system should be decided master slave mode in its sole discretion so, holotype is generally used for controlling other USB device and (for example reads and writes USB flash disk or USBKey, be connected with mobile phone), from pattern, be generally used for being connected to computing machine.

Mode 1: operating personnel's selection

Which 1 realizes than being easier to,

For example, single-chip microcomputer makes the first interface acquiescence of CH375 chip work in holotype (being also interface master status), when equipment access first interface, CH375 chip is notice single-chip microcomputer automatically, the equipment that operating personnel find to access first interface is interface main equipment, such as computing machine, send and be switched to interface from the steering order of equipment, when single-chip microcomputer receives operating personnel's steering order, CH375 chip is switched to from pattern (being that interface is from equipment state), so as USB from equipment and computer communication.

It should be noted that, the embedded operation in single-chip microcomputer should have shake removal function, to guarantee the insertion of USB interface and the stability being connected.

The ID signal of mode 2:5 pin USB socket;

With the ID signal of 5 pin USB socket, refer to the 5 pin USB socket of using in OTG agreement, to single-chip microcomputer, provide extra principal and subordinate's identification signal, by controlling CH375 switching working mode after single-chip microcomputer judgement.

While adopting which 2, USB partly need support OTG agreement.)

Mode 3: double-H groove weld SB socket principal and subordinate decision circuitry;

Double-H groove weld SB socket principal and subordinate decision circuitry, double-H groove weld SB socket is dual-port, as is respectively port P4 and port P42, and port P4 is only for connecting USB device, and another one port P42 is only for connecting computing machine, and both can not use simultaneously.

Under idle condition, state (STATUS) is low level, and single-chip microcomputer makes CH375 work in holotype, and when having USB device to insert P4, CH375 can notify single-chip microcomputer then to process automatically.When port P42 is connected to the USB port of computing machine, it is high level that the USB of computing machine provides 5V power supply to make STATUS, so single-chip microcomputer is switched to from pattern CH375.Concrete circuit structure can adopt prior art.Understandably, while adopting which 3, expansion equipment of the present invention has two first interfaces.

Mode 4: single USB socket principal and subordinate's decision circuitry, the method is by the different switchings that judge master slave mode of voltage of access, and concrete circuit structure can adopt prior art.

Above only need to using in implementation process one or any 2 combinations just can realize the interfacing equipment state of first interface connection device, adopt dextrorsely 1 scheme and other scheme to be used in conjunction with.

Step 603: central control unit is received and extracted the numerical information for electron underwriting authentication that the first equipment sends by first interface;

Step 604: output unit is exported described numerical information, physical control unit receives the confirmation operation information of user's input;

Step 605: central control unit sends to described numerical information by the second interface the second equipment being connected with the second interface;

Step 606: central control unit receives the numerical information after the signature that described the second equipment sends by the second interface and sends to the first equipment.

Alternatively, security for guarantee information, when by first interface or the second interface transceiving data, need to identify the equipment of first interface or the connection of the second interface, particularly, when first interface being set being interface master status, by described first interface, receive, extract before described numerical information, the method also comprises: it is first equipment with operation electronic signature client functionality that central control unit is identified the equipment that described first interface connects;

Or, by described the second interface by described numerical information send to described the second equipment before, the method also comprises: it is second equipment with electron underwriting authentication function that central control unit is identified the equipment that described the second interface connects.

Understandably, when described first interface is set, be interface during from equipment state, should, by thering is expansion equipment described in the first recognition of devices of interface master status, defer to main equipment identification from the rule of equipment.

Described equipment also comprises actuating switch, receives after the confirmation operation information of user's input, and alternatively, the method embodiment also comprises: described central control unit is controlled being connected between described actuating switch conducting central control unit and the second interface; Receive numerical information after described signature after the schedule time, control described actuating switch and disconnect being connected between central control unit and the second interface.

The electron underwriting authentication of take is below example as Net silver authenticates, and take interface type as USB is example, and the present invention program is specifically described:

Application example 1

Be the workflow diagram that present device is connected with PC with the first USB interface as shown in Figure 7, its step is as follows:

Step 701, equipment adopt the first USB interface to be connected with PC;

After step 702, equipment Inspection, the first USB interface is set to USB from equipment mode;

At this, equipment the first USB interface access PC, because PC is a USB main equipment, present device is connected adjustment from equipment as USB certainly with PC, to guarantee normal communication subsequently.In the whole process connecting, until the first USB interface is during with PC disconnection, for the first USB interface be all USB from device characteristics, always constant.

Step 703, PC identification equipment, and the numerical information of pending electronic signature is sent to equipment;

At this, due to expansion equipment be USB from equipment, PC can normally identify.User can access internet banking system or corresponding financial service, in this stage, may need to carry out digital certificate authentication with the equipment of realizing Net silver authentication by internet banking system, can press by the output unit prompting user of present device actuating switch connection USBKey and verify.Foregoing while only transferring accounts due to the employing of part bank, just uses USBKey, so can be ignored.PC, at normal identification equipment, is sent to expansion equipment by the numerical information of pending electronic signature.

It should be noted that, above provided the implementation method of three kinds of central control units, wherein in method one and method three, central control unit all has the module that can independently realize electron underwriting authentication function, particularly, in this application example, for independently realizing the module of Net silver authentication function, user, when the expansion equipment of using method one and method three realizations, needs the electron underwriting authentication function of choice for use expansion equipment or the electron underwriting authentication function of the second equipment (such as USBkey) that choice for use connects by the second interface.Understandably, if employing method three realizes above-mentioned central control unit, there is not the problem of above choice for use.

In case of no particular description, the present invention realizes electron underwriting authentication function by the second equipment being connected with the second interface.

Step 704, equipment are processed the numerical information of pending electronic signature;

Particularly, comprise that expansion equipment exports described numerical information, receive the confirmation operation information of user's input, by the second interface, described numerical information is sent to the second equipment, refer to below and the description of Figure 13.

Step 705, secondary USB interface receive USBkey and complete the numerical information after the signature transmitting after electronic signature, and by the first USB interface, the numerical information after electronic signature are sent to PC.

At this, complete the process of whole electronic signature.

The constitutional diagram of actuating switch when opening after present device is connected with PC as shown in Figure 8.

At this, when present device the first USB interface is connected with PC, actuating switch is in open mode.Now, when no matter the secondary USB interface of present device connects any USB device, present device can not provide electric energy to start the USB device work accessing yet, and the safety that guarantees electronic signature with this is carried out.

The constitutional diagram of actuating switch when closure after present device is connected with PC as shown in Figure 9.

At this, present device the first USB interface is connected with PC and shows as USB from device characteristics, when user confirms this transaction, actuating switch is after closure state, present device to secondary USB interface and connect the power supply of any USB device, and start to carry out USB device identification and electronic signature work subsequently.The visible Figure 14 of detailed content.

Application example 2

Be the workflow diagram that present device is connected with intelligent mobile terminal with the first USB interface as shown in figure 10, its step is as follows:

Step 1001, equipment adopt the first USB interface to be connected with intelligent mobile terminal;

After step 1002, equipment Inspection, the first USB interface is set to USB main equipment pattern;

At this, equipment the first USB interface access intelligent mobile terminal, due to intelligent mobile terminal be a USB from equipment, by adjustments, oneself present device be connected with intelligent mobile terminal as USB main equipment, to guarantee normal communication subsequently.In the whole process connecting, until the first USB interface during with intelligent mobile terminal disconnection, is all USB main equipment characteristic for the first USB interface, always constant.

Step 1003, expanded device identification intelligent mobile terminal, and the numerical information of the pending electronic signature sending by the first USB interface reception intelligent mobile terminal;

At this, because equipment is USB main equipment, it is identification intelligent mobile terminal first.Subsequently, user can access internet banking system or corresponding financial service, in this stage, may need to carry out digital certificate authentication with user's USBKey by internet banking system, can press by the display module prompting user of present device USB interface actuating switch connection USBKey and verify.Foregoing while only transferring accounts due to the employing of part bank, just uses USBKey, so can be ignored.After the normal identification intelligent mobile terminal of equipment, the numerical information of the pending electronic signature that intelligent mobile terminal sends will be accepted.

Step 1004, equipment are processed the numerical information of pending electronic signature;

Step 1005, secondary USB interface receive USBkey and complete the numerical information after the signature transmitting after electronic signature, and by the first USB interface, the numerical information after electronic signature are sent to intelligent mobile terminal.

At this, complete the process of whole electronic signature.

The constitutional diagram of actuating switch when opening after present device is connected with intelligent mobile terminal as shown in figure 11.

At this, when present device the first USB interface is connected with intelligent mobile terminal, actuating switch is in open mode.Now, when no matter the secondary USB interface of present device connects any USB device, present device can not provide electric energy to start the USB device work accessing yet, and the safety that guarantees electronic signature with this is carried out.

The constitutional diagram of actuating switch when closure after present device is connected with intelligent mobile terminal as shown in figure 12.

At this, present device the first USB interface is connected with intelligent mobile terminal and shows as USB from device characteristics, when user confirms this transaction, actuating switch is after closure state, present device to secondary USB interface and connect the power supply of any USB device, and start to carry out USB device identification and electronic signature work subsequently.The visible Figure 14 of detailed content.

The process flow diagram that present device is processed the numerical information of pending electronic signature as shown in figure 13, under its step is shown in:

The numerical information that step 1301, reception the first USB interface are imported into;

Step 1302, numerical information is decrypted;

At this; due to the communication of electric signing system and the second equipment (as USBKey), can adopt encipherment protection; so the numerical information being received by the first USB interface need to be decrypted to processing at this; now the key of deciphering can be preset in the central control unit of present device, and utilizes this key to be decrypted processing.

In step 1303, the numerical information after deciphering, extract the numerical information that needs transaction;

At this, the sensitive information about this transaction in numerical information is extracted, as name, account, the amount of money etc., but be not limited to this.

Step 1304, at the upper Transaction Information that shows of the output unit (as display screen) of equipment;

Step 1305, user compare after Transaction Information, by physical control unit, confirm;

At this, user is by the shown information and host computer (the first equipment being connected by the first USB interface) of output unit display screen of present device, as the Transaction Information as shown on PC or intelligent mobile terminal screen is compared, if consistent each other, by physical control unit, confirm, otherwise user uses the cancellation button of present device to cancel this transaction.

Step 1306, equipment are controlled actuating switch and are connected, and keep 5 minutes;

At this, user successfully confirms after this Transaction Information by physical control unit, and present device actuating switch is closed, and starts secondary USB interface and the equipment that connects is started working.

Step 1307, equipment send to USBkey by secondary USB interface by numerical information, are completed the electronic signature of importing data message for the first USB interface into by USBkey;

At this, secondary USB interface can be identified its USB device connecting, and is correctly being identified as after USBKey, sends to USBKey to complete signature work numerical information to be signed electronically, and Figure 14 is shown in the detailed description of this part.

Being present device as shown in figure 14 connects the process flow diagram of the second equipment (take below USBKey describe for example) by secondary USB interface, under its step is shown in:

Step 1401, actuating switch are closed, opening of device USB main equipment pattern, and carry out initialization;

At this, power on or during initialization, the USB controller that first resets, initiating hardware configuration, terminal is set, Buffer is set (buffer zone) size etc.Make USB master controller in correct duty.Really for send to the data of bus be placed with inner buffer zone in.

In step 1402, judgement, draw whether level is high, if high, enter step 1413, if not, judgement repeated;

At this, first, the insertion of capture device.USB device is PnP device, and the moment that system is inserted at equipment will catch this information, and each root of the D+ of USB interface and D-has the pull down resistor in a 15k Europe.And equipment has the upper card resistance of a 1.5K on D+ or D-.When equipment is inserted into master port, first equipment judge that the level of pull-up resistor comes judgment device whether to insert.

Step 1403, confirmation USB insert from equipment;

At this, if the pull-up resistor signal of equipment is high.This signal reports to present device USB master controller, then on the interface of processor, produces look-at-me, and now processor confirms that USB inserts from equipment.

Step 1404, read from device register;

At this, present device is had no progeny in receiving, by reading relevant register, understands such as from relevant information such as device rates.

Step 1405, determine whether new equipment, if yes then enter step 1406, if not proceeding to step 1413;

At this, present device determines whether new equipment by reading from equipment related register.If new equipment, execution step 1406 main equipment USB are restarted.If the equipment of registered mistake, 1413 equipment that directly perform step enter operable state.

Step 1406, main equipment USB are restarted;

At this, present device arranges related register, makes the USB line of equipment be in rebooting status (D+, D-are logic low).

Step 1407, time delay 10ms;

Step 1408, complete and enumerate;

At this, present device discharges rebooting status, and equipment has just been in default conditions.Now equipment has been ready for sending Endpoint0 acquiescence flow process and has responded control flow.Present device is by controlling enumerating of transmission channel finishing equipment.

Step 1409, main equipment give new USB from devices allocation address;

At this, present device central control unit first send a Get_Descriptor (obtaining descriptor) request to know the size of the maximum bag of acquiescence flow process, sends request subsequently to distributing equipment address 0 end points 0.Then by sending a Set_Address (setting address) request, distribute an independent address to equipment.

Step 1410, new USB are returned and are confirmed and preserve address from equipment;

At this, new USB reads this request from equipment, returns to one and confirms and preserve new address.

Step 1411, main equipment obtain newly from the complete descriptor of equipment;

At this, main equipment, after knowing the ability of equipment, sends a Get_Descriptor to new address and asks to read the descriptor that this equipment is complete, comprises the size of the maximum bag of Endpoint0, the config. number that equipment is supported, and other information of this equipment.Main frame is used for communication backward by these information.

Step 1412, main equipment are to being newly configured from equipment;

At this, main equipment sends (Set_configuration) and sets configuring request, with this config. number configuration device.

Step 1413, from equipment, enter operable state;

To this equipment just completely in operable state.

Step 1414, main equipment are confirmed whether it is USBKey;

At this, main equipment can read from the internal information of equipment or the unique sequence number of product, judges whether it is the USBKey that USBKey and this internet banking system are supported, if correctly, enters step 1415, otherwise enters step 1418.

Step 1415, main equipment transmit data to USBKey;

At this, main equipment can send to USBKey by the numerical information to be signed electronically of being received by the first USB interface, also can require user to input the PIN password of this USBKey, with authentication of users rights of using simultaneously.

Step 1416, USBKey complete and sign electronically and upload result;

Step 1417, the USB main equipment pattern that finishes;

At this, when USBKey has completed once complete operation of electronic signature, return message requires host computer to finish this to connect, close USB main equipment pattern.

Step 1418, to host computer (be first interface connect PC or smart mobile phone), return to error message.

At this, the USB accessing due to main equipment discovery is not USBKey or is not the electronic signature equipment that this internet banking system is supported from equipment, to host computer, reports an error, and enters step 1417.

Understandably, the present invention program's range of application, except Net silver application, also comprises: online purchase lottery ticket, online card volume, declares dutiable goods and various the needs in electron underwriting authentication application such as sign up agreement on Internet on the net.

In online purchase lottery application, the lottery number that user can select it to buy on network, the lottery number that user buys can be in the demonstration screen display of equipment of the present invention, after user need to confirm by physical button, the signature function that uses present device to carry, or complete signature by the electronic signature equipment that inserts its second interface.If when utilizing the electronic signature equipment of insertion the second interface to complete electronic signature, can complete E-Payment, this process can be provided software function to complete by corresponding system.Present device only provides needed electronic signature capability in E-Payment.

Online card volume, application in declaring dutiable goods is on the net with similar above, the card volume code that user need to be bought or declare dutiable goods in key message in demonstration screen display of the present invention, and need user's physical button to confirm, the equipment that utilizes self or secondary USB interface to insert completes electronic signature.

In sign up agreement on Internet application, by contract value, the information indicating users such as contract object confirm.

Utilize expansion equipment of the present invention and method to increase not have the security of electron underwriting authentication of the electron underwriting authentication equipment of output device and physical control function, make it be compatible with existing electron underwriting authentication system, and expansion equipment of the present invention can possess electron underwriting authentication function by concrete high intelligent and safe chip, has increased the practicality of expansion equipment.

Those skilled in the art should be understood that, each ingredient of the device that above-mentioned the embodiment of the present application provides and/or system, and all or part of step in method can come instruction related hardware to complete by program, described program can be stored in computer-readable recording medium, as ROM (read-only memory), disk or CD etc.They can concentrate on single calculation element, or are distributed on the network that a plurality of calculation elements form.Alternatively, they can be realized with the executable program code of calculation element.Thereby, they can be stored in memory storage and be carried out by calculation element, or they are made into respectively to each integrated circuit modules, or a plurality of modules in them or step are made into single integrated circuit module realize.Like this, the present invention is not restricted to any specific hardware and software combination.

Various unit described in the embodiment of the present invention, module are only a kind of examples of dividing according to its function; understandably; in the situation that system/device/apparatus realizes identical function; those skilled in the art can provide one or more other function dividing mode; can be by wherein functional entity device of any one or more functional modules employing or unit are realized when concrete application; undeniable ground, above mapping mode is all within the application's protection domain.

Although the disclosed embodiment of the present invention as above, the embodiment that described content only adopts for ease of understanding the present invention, not in order to limit the present invention.Those of skill in the art under any the present invention; do not departing under the prerequisite of the disclosed spirit and scope of the present invention; can in the form of implementing and details, carry out any modification and variation; but scope of patent protection of the present invention, still must be as the criterion with the scope that appending claims was defined.

Claims

1. an electron underwriting authentication expansion equipment, is characterized in that, described equipment comprises:

Physical control unit, for receiving user's confirmation operation.

2. equipment as claimed in claim 1, it is characterized in that: described central control unit also comprises the Interface status control module being realized by main control chip, the equipment interface state connecting for detection of described first interface, if interface master status, it is that interface is from equipment that described first interface is set, if it is interface main equipment that interface from equipment state, arranges described first interface, for described the second interface is set, be also interface master status.

3. equipment as claimed in claim 2, it is characterized in that: described central control unit also comprises recognition of devices module, when first interface being set being interface master status, for identifying whether the equipment of first interface connection is for having the first equipment of operation electronic signature client functionality, when the second interface being set being interface master status, for identifying whether the equipment of the second interface connection is second equipment with electron underwriting authentication function, when the equipment only connecting when first interface is the first equipment, described message processing module carry out and the first equipment between processing, and when the equipment of the second interface connection is the second equipment, described message processing module carry out and the second equipment between processing.

4. the equipment as described in any one item in claims 1 to 3, it is characterized in that: described equipment also comprises actuating switch, for control based on described central control unit or user's operation, realize being connected and disconnection of described central control unit and described the second interface, described central control unit receives after described numerical information, controls being connected between described actuating switch conducting and described the second interface; Receive numerical information after described signature after the schedule time, control described actuating switch disconnect with described the second interface between be connected.

5. the equipment as described in any one item in claims 1 to 3, it is characterized in that: described central control unit also comprises the electron underwriting authentication module that adopts intelligent and safe chip or integrated chip to realize, be used for realizing electron underwriting authentication function, the electron underwriting authentication module of described central control unit and described the second equipment are realized the electron underwriting authentication of identical or different business or application.

6. the equipment as described in any one item in claims 1 to 3, is characterized in that: described first interface is directly connected or connects by breakout box with described the second equipment with described the first equipment and described the second interface.

7. the equipment as described in any one item in claims 1 to 3, is characterized in that: described output unit shows with word or the mode of speech play is exported described numerical information.

8. the equipment as described in any one item in claims 1 to 3, is characterized in that: described the second interface adopts circuit to put up a bridge with described the second equipment or the mode of interface docking is connected.

9. the equipment as described in any one item in claims 1 to 3, is characterized in that: described physical control unit adopts light sensation button, film key or the young sheet of pot to realize.

10. the equipment as described in any one item in claims 1 to 3, it is characterized in that: described equipment comprises battery, described physical control unit comprises the on & off switch of opening, closing for opertaing device, and described on & off switch is in opening state, and described battery provides power supply.

11. equipment as described in any one item in claims 1 to 3, it is characterized in that: described central control unit also comprises energy supply control module, be used for realizing power management, comprise: when the first equipment is personal computer (PC), adopting external power source is described equipment power supply, charging.

12. equipment as described in any one item in claims 1 to 3, is characterized in that: described central control unit adopts intelligent and safe chip and main control chip to realize, or adopt universal cpu chip and main control chip to realize, or adopt integrated chip to realize.

13. 1 kinds of information processing methods, are applied to have electron underwriting authentication Function Extension equipment, it is characterized in that, described equipment comprises first interface, the second interface, central control unit, output unit and physical control unit, and the method comprises:

14. methods as claimed in claim 13, is characterized in that: by described first interface, received, extracted before described numerical information, the method also comprises:

15. methods as claimed in claim 13, is characterized in that: when first interface being set being interface master status, by described first interface, received, extracted before described numerical information, the method also comprises:

16. methods as claimed in claim 13, it is characterized in that, described equipment also comprises actuating switch, receives after the confirmation operation information of user's input, and the method also comprises: described central control unit is controlled being connected between described actuating switch conducting central control unit and the second interface; Receive numerical information after described signature after the schedule time, control described actuating switch and disconnect being connected between central control unit and the second interface.