CN104144256B - A kind of portable cryptographic device based on mobile terminal - Google Patents
A kind of portable cryptographic device based on mobile terminal Download PDFInfo
- Publication number
- CN104144256B CN104144256B CN201410340474.0A CN201410340474A CN104144256B CN 104144256 B CN104144256 B CN 104144256B CN 201410340474 A CN201410340474 A CN 201410340474A CN 104144256 B CN104144256 B CN 104144256B
- Authority
- CN
- China
- Prior art keywords
- cryptographic
- cryptographic function
- program
- stake
- mobile terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention relates to a kind of portable cryptographic device based on mobile terminal, this encryption apparatus includes the mobile terminal with point-to-point communication ability, run the cryptographic function program that cryptographic function is provided in the terminal, crypto module in the computing device that cryptographic application is located stays stake, and the computing device that wherein cryptographic application is located has the ability carrying out data exchange by point-to-point communication and mobile terminal;When a cryptographic application calls the cryptographic function that crypto module stays stake, cryptographic function call request is submitted to cryptographic function program in stake by point-to-point communication mode by crypto module, is completed process that cryptographic function calls and returned result by cryptographic function program;By way of staying and set up secured session between stake and cryptographic function program in crypto module or by the way of password protection, to storage, the use of key in the terminal carries out safeguard protection to described encryption apparatus.
Description
Technical field
The invention belongs to field of information security technology, particularly a kind of portable cryptographic device based on mobile terminal.
Background technology
Using the people of Net silver have such experience, when you open a Net silver account in bank, bank is often
To your cryptographic hardware providing cryptographic function by USB interface to computer, this cryptographic hardware is referred to as USB Key
(USB cipher key).Public key digital certificate and its private key has been deposited, for body during User logs in Net silver account in USB Key
The safeguard protection (signature paying or transferring accounts) that part discriminating and/or online transaction payment or fund are transferred accounts.The function master of USB Key
Generate including key, store and crypto-operation.
Main cause one using USB Key is to protect the safety of key (private key), and key is saved in special password
Can effectively prevent other people from key is usurped in hardware;Two is to provide ease of use, and user can carry with USB Key and exist
Different computers, different places realize safety protection function using digital certificate and its private key.But USB Key is in actual applications
Situation but provides the original intention of ease of use to disagree with it, this is because:One to be that user may need to carry and use multiple
For different application, the USB Key from different manufacturers is such as being provided by different bank, from different manufacturers
USB Key, and various different USB Key has each different management and mode of operation, these carry to user and use USB
Key brings very big inconvenience;Two is USB Key very little, is easily lost, and again applies for or purchase USB Key is number after loss
Tired;Three be in many cases user need payment expense to purchase USB Key (bank would generally be its Net silver client's Free distribution
USB Key, but make up to typically require and pay dues after losing;And to other application situation, user generally is intended to prop up paying for USB Key
).The problem of exactly these inconveniences, leads to the user would rather be using unsafe user name, password or using relatively
The dynamic password of safety includes SMS, is also unwilling using safe USB Key (it is understood that dynamic password includes mobile phone
Note is actually also not bery safe, has occurred in that stolen using dynamic password, the network game user of SMS, bank-user account
With, cause the situation of heavy losses).
In addition to USB Key, a kind of also portable cryptographic device, cryptographic smart cards (Smart Card).Password intelligence
The password usage of card is the same with USB Key, but needs using special card-reading apparatus, therefore, except using in special occasion
Outward (as social security card, medical insurance card, bank card), cryptographic smart cards in daily life and work using not universal, and password
Smart card is carrying and there is a problem of same with USB Key during using.
Content of the invention
It is an object of the invention to provide a kind of using the mobile terminals such as mobile phone, panel computer realize cryptographic function based on shifting
The portable cryptographic device of dynamic terminal, to overcome the deficiencies in the prior art.
To achieve these goals, the technical solution adopted in the present invention is:
A kind of portable cryptographic device based on mobile terminal, described encryption apparatus includes following assembly:
Mobile terminal:A kind of user is portable have program performing and computing capability device (as cell phone,
Panel computer);Described mobile terminal has by point-to-point (Point to Point) communication mode with other computing devices (such as
Desk computer, portable computer) carry out the ability of data exchange;
Cryptographic function program:One is run the component software providing cryptographic function on mobile terminals;Described cryptographic function
Including key management and crypto-operation;
Crypto module stays stake (Stub):Positioned at cryptographic application place computing device, to cryptographic application provide close
The component software (as dynamic base, com component etc.) of code funcall;Described cryptographic application is to realize peace using cryptographic function
The program of full purpose;Described crypto module place in stake computing device is not that cryptographic function program runs the mobile terminal being located;
Described crypto module place in stake computing device has by point-to-point communication mode and movement that the operation of cryptographic function program is located
Terminal carries out the ability of data exchange;
When the cryptographic function that a cryptographic application (by interface) calls described crypto module to stay stake, described password
Cryptographic function call request is submitted to described cryptographic function program by point-to-point communication mode, by cryptographic function in stake by module
Program completes process that cryptographic function calls and result is returned to crypto module stays stake, then by crypto module general in stake
Result returns to cryptographic application.
A kind of safety shield for the cryptographic function of mobile terminal is to stay stake in described crypto module and pass through communication
Before the cryptographic function that cryptographic function program described in mode request call provides, crypto module is stayed between stake and cryptographic function program first
Set up secured session, the foundation of secured session needs to obtain the participation of user of cryptographic function program place mobile terminal or true
Recognize.
A kind of safety shield for the key (including private key or symmetric key) being stored in described mobile terminal
It is to call cryptographic function that described cryptographic function program provide to use in stake by communication mode in described crypto module and be stored in
During one of mobile terminal key (as using private key ciphertext data or be digitally signed), the prompting of described cryptographic function program
Cryptographic application in one computing device of user is currently in use key and by allowing user be confirmed whether that permission uses key
Mode key is carried out safeguard protection (crypto module can pass to cryptographic function the name of cryptographic application in stake
Program, and it is shown to user).
Safety shield for cryptographic function and the safety shield for key can be implemented it is also possible to only simultaneously
Implement one of.
Based on the method for the present invention, the mobile terminal that people commonly use becomes the cryptographic hardware such as replacement USB Key, smart card
Portable cryptographic device, and one can be stored for different safety applications based on the portable cryptographic device of mobile terminal
Key includes public key digital certificate and private key, and user need not pay extra hardware costs, and on the one hand this bring to user
Greatly facilitate, on the other hand save the cost using security password again for user.
Brief description
Fig. 1 is the schematic diagram of the encryption apparatus of the present invention.
Specific embodiment
The invention will be further described with reference to the accompanying drawings and examples.
The solution of the present invention to be implemented, mobile terminal must have by point-to-point communication mode and operation cipher application journey
The computing device of sequence carries out the ability of data exchange.Below with the mobile terminal (including mobile phone, panel computer) based on Android
As the mobile terminal of enforcement cryptographic function, using PC computer (including desk-top and portable PC computer) as cryptographic application
As a example the computing device run, the specific embodiment of the present invention is illustrated.
Mobile terminal based on Android supports that USB (Universal Serial Bus) communication is carried out with outside mostly
Data exchange (point-to-point communication), and current PC computer (including desk-top and portable PC computer) is almost all supported
Usb communication mode, therefore, Android mobile terminal can adopt usb communication mode with the communication of PC intercomputer.How to exist
Android mobile terminal includes network forum, has Jie in blog in disclosed data with realizing usb communication between PC computer
Continue, here no longer describes.
In addition, the mobile terminal based on Android supports that line number is entered in bluetooth (Bluetooth) communication mode and outside mostly
According to interaction (bluetooth can build point-to-point peer-to-peer network), and Blue-tooth communication method all supported by almost all of portable PC computer,
Therefore Android mobile terminal may also be employed bluetooth with the communication of portable PC intercomputer.Count with PC in Android mobile terminal
How to realize the technical scheme of Bluetooth communication between calculation machine to include network forum, be all described in blog in disclosed data, its
In, cryptographic function program can be using J2ME exploitation, and using JSR82API (JABWT) exploitation for Bluetooth technology, here is not
Many introductions.
Cryptographic function program can be using J2ME exploitation.In being embodied as, cryptographic function program both can take as one
Business device program (Server) is implemented it is also possible to implement (Client) as a client-side program.
If described cryptographic function program is to implement as server program, its be one operate in mobile terminal after
Platform monitors the program of service password funcall request, and it can operate in mobile terminal backstage always, or uses in user
Started by user during cryptographic application, and crypto module is in the client-side program that stake is cryptographic function program.
If described cryptographic function program is to implement as a client-side program, also need to count at crypto module place in stake
Implement an intermediary sevices program in calculation machine;When user uses cryptographic application, cryptographic function program is as intermediary sevices
The client-side program of program is most likely initiated by a user and connects intermediary sevices program, and now, crypto module is also as intermediary's clothes in stake
The client-side program of business program;During cryptographic application calls crypto module to stay stake, crypto module stays stake through intermediary
Service routine carries out data interaction by communication mode and cryptographic function program.Intermediary sevices program can using C/C++ exploitation or
Other suitable technological development.
Crypto module stays stake can be using the program language exploitation being adapted with cryptographic application, such as C/C++, COM etc..
Crypto module stays the foundation of the secured session between stake and cryptographic function program, and a kind of scheme is to carry using to user
Show the scheme of confirmation, another kind of scheme is the scheme using password authentication.
The user's prompting confirmation scheme set up for secured session, is embodied as follows:
Crypto module stays stake before the cryptographic function calling cryptographic function program, and crypto module is first asked and password work(in stake
Program can set up secured session, cryptographic function program points out the cipher application journey in one computing device of user by mobile terminal
Using the cryptographic function in mobile terminal, (crypto module can pass to password the name of cryptographic application in stake for sequence request
Function program, and it is shown to user), ask the user whether to allow, if user confirms to allow, cryptographic function program returns one
Session identification (Session ID), all comprises this session mark in the cryptographic function call request of crypto module submission in stake afterwards
Know.Crypto module stays the name that stake can obtain the application program calling crypto module to stay stake by the function that operating system provides.
The password authentication scheme set up for secured session, is embodied as follows:
The cryptographic function of mobile terminal is protected by user password.When crypto module is calling the close of cryptographic function program in stake
Before code function, crypto module first requires the protection password of user input cryptographic function, after user input password, crypto module in stake
In stake, the password of user input is submitted to cryptographic function program, secured session, cryptographic function program verification user are set up in request
Password, password authentication pass through rear return one session identification, the cryptographic function call request of crypto module submission in stake afterwards
In all comprise this session identification.
Other is had to the mobile terminal carrying out data exchange capability by communication mode and other computing devices, in fact
It is the same for applying principle, and the developing instrument that simply different mobile terminals provides includes communication drivers can be different.
Other unaccounted particular techniques are implemented, and are it is known that not saying certainly for those skilled in the relevant art
Bright.
Claims (6)
1. a kind of portable cryptographic device based on mobile terminal, is characterized in that:Described portable cryptographic device is a replacement
The device that USB Key, cryptographic smart cardses device call towards cryptographic application offer cryptographic function;Described cryptographic application
The program realizing security purpose using cryptographic function, including using symmetric key cipher function application program, use private key
Ciphertext data and the application program being digitally signed, the application program realizing security purpose using public key digital certificate;Described
Mobile terminal, cryptographic function program and crypto module are included based on the portable cryptographic device of mobile terminal again and stays stake, wherein:
Mobile terminal:A kind of portable device with program performing and computing capability of user;Described mobile terminal tool
There is the ability carrying out data exchange by point-to-point communication mode and other computing devices;Described mobile terminal is stored with password should
Key with program;
Cryptographic function program:One is run the component software providing cryptographic function on mobile terminals;Described cryptographic function includes
Key management and crypto-operation;The algorithm of described crypto-operation includes symmetric key cipher algorithm;Described cryptographic function program carries
For crypto-operation function include using the private key ciphertext data that is stored in described mobile terminal or be digitally signed;Described
Cryptographic function program stays stake by crypto module provides cryptographic function to call to cryptographic application;
Crypto module stays stake:Cryptographic function is provided to call positioned at cryptographic application place computing device, to cryptographic application
Component software;Described crypto module is dynamic base in stake;The password that described crypto module provides to cryptographic application in stake
Funcall includes using the private key ciphertext data being stored in described mobile terminal or is digitally signed;Described cipher application
Program is stayed stake by crypto module described in interface interchange and is called in stake by described crypto module close in described mobile terminal
The cryptographic function that code function program provides;Described crypto module place in stake computing device is not that cryptographic function program runs place
Mobile terminal;Described crypto module place in stake computing device has to be transported with cryptographic function program by point-to-point communication mode
Row place mobile terminal carries out the ability of data exchange;
When the cryptographic function that a cryptographic application calls described crypto module to stay stake, described crypto module is stayed stake and is passed through point
Cryptographic function call request is submitted to described cryptographic function program by point to-point communication mode, completes password work(by cryptographic function program
Result is simultaneously returned to crypto module and stays stake by the process that can call, is then returned to result in stake by crypto module
Cryptographic application.
2. the portable cryptographic device based on mobile terminal according to claim 1, is characterized in that:For mobile terminal
The safety shield of cryptographic function is to stay stake in described crypto module and pass through cryptographic function journey described in communication mode request call
Before the cryptographic function that sequence provides, crypto module is stayed and is first set up secured session between stake and cryptographic function program, the building of secured session
The vertical participation of user or the confirmation having cryptographic function program place mobile terminal.
3. the portable cryptographic device based on mobile terminal according to claim 1, is characterized in that:Described for being stored in
The safety shield of the key in mobile terminal is to call described password work(in stake by communication mode in described crypto module
Can the cryptographic function that provides of program using when being stored in one of mobile terminal key, described cryptographic function program prompting use
Cryptographic application in the computing device of one, family is currently in use key and by allowing user to be confirmed whether to allow using key
Mode to carry out safeguard protection to key.
4. the portable cryptographic device based on mobile terminal according to claim 1, is characterized in that:
Described cryptographic function program is a server program or client-side program;
If described cryptographic function program is a server program, it operates in mobile terminal backstage always and monitors cryptographic function
The service request called, or started by user when user is using cryptographic application, then listen for what cryptographic function called
Service request, calls to the crypto module cryptographic function of offer in stake;
If described cryptographic function program is a client-side program, running in the computing device of described crypto module place in stake has
One intermediary sevices program, when user uses cryptographic application, described cryptographic function program is as intermediary sevices program
Client-side program is most likely initiated by a user and connects intermediary sevices program, and crypto module also serves as the client of intermediary sevices program in stake
End program calls the cryptographic function of cryptographic function program offer through intermediary sevices program by communication mode.
5. the portable cryptographic device based on mobile terminal according to claim 2, is characterized in that:Crypto module stay stake with
The concrete grammar setting up secured session between cryptographic function program is as follows:
Crypto module stays stake before the cryptographic function calling cryptographic function program, and crypto module is first asked and cryptographic function journey in stake
Sequence sets up secured session, and cryptographic function program points out the cryptographic application in one computing device of user to ask by mobile terminal
Ask using the cryptographic function in mobile terminal, ask the user whether to allow, if user confirms to allow, cryptographic function program returns
One session identification, all comprises this session identification in the cryptographic function call request of crypto module submission in stake afterwards.
6. the portable cryptographic device based on mobile terminal according to claim 2, is characterized in that:Crypto module stay stake with
The concrete grammar setting up secured session between cryptographic function program is as follows:
When crypto module stays stake before the cryptographic function calling cryptographic function program, crypto module first requires user input close in stake
The protection password of code function, after user input password, the password of user input is submitted to cryptographic function journey in stake by crypto module
Sequence, secured session, the password of cryptographic function program verification user are set up in request, and password authentication is by one session mark of rear return
Know, in the cryptographic function call request of crypto module submission in stake afterwards, all comprise this session identification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410340474.0A CN104144256B (en) | 2014-07-17 | 2014-07-17 | A kind of portable cryptographic device based on mobile terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410340474.0A CN104144256B (en) | 2014-07-17 | 2014-07-17 | A kind of portable cryptographic device based on mobile terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104144256A CN104144256A (en) | 2014-11-12 |
| CN104144256B true CN104144256B (en) | 2017-03-08 |
Family
ID=51853321
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410340474.0A Active CN104144256B (en) | 2014-07-17 | 2014-07-17 | A kind of portable cryptographic device based on mobile terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104144256B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105281916B (en) * | 2015-11-05 | 2018-09-25 | 武汉理工大学 | A kind of portable cryptographic system |
| CN106506152A (en) * | 2016-11-16 | 2017-03-15 | 武汉理工大学 | A kind of shared using method of encryption apparatus |
| CN107622395B (en) * | 2017-09-28 | 2020-09-01 | 杭州恒生数据安全技术有限公司 | Payment password generation method, terminal, server and system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5513245A (en) * | 1994-08-29 | 1996-04-30 | Sony Corporation | Automatic generation of private authentication key for wireless communication systems |
| CN101325774A (en) * | 2008-07-30 | 2008-12-17 | 青岛海信移动通信技术股份有限公司 | Encryption/decryption method and mobile terminal thereof |
-
2014
- 2014-07-17 CN CN201410340474.0A patent/CN104144256B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN104144256A (en) | 2014-11-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11227275B2 (en) | Person-to-person electronic payment processing | |
| CN108012268B (en) | SIM card for ensuring safe use of application software on mobile phone terminal | |
| CN104618116B (en) | A kind of cooperative digital signature system and its method | |
| CA2936810C (en) | Device, system and method of mobile identity verification | |
| US9934502B1 (en) | Contacts for misdirected payments and user authentication | |
| CN110826043B (en) | Digital identity application system and method, identity authentication system and method | |
| CN105874494A (en) | Disabling mobile payments for lost electronic devices | |
| CN104751334A (en) | Service processing method, device and system | |
| CN103164792A (en) | Providing method of payment service on wireless terminal and relevant equipment and system thereof | |
| CN104012034A (en) | Authentication for network access related applications | |
| KR20170092679A (en) | System and Method for Enabling Secure Authentication | |
| AU2018213955B2 (en) | Contacts for misdirected payments and user authentication | |
| CN104202744A (en) | Operation authentication method for intelligent terminal, terminal and system | |
| CN110210207A (en) | Authorization method and equipment | |
| CN104144256B (en) | A kind of portable cryptographic device based on mobile terminal | |
| CN103268436A (en) | Method and system for touch-screen based graphical password authentication in mobile payment | |
| CN104636917A (en) | Mobile payment system and method with secure payment function | |
| CN104112199A (en) | Multi-communication-port IC card safety terminal, access system and financial transaction payment method | |
| CN103530768A (en) | Mobile communication payment system and cost payment method thereof | |
| US9836618B2 (en) | System and method of authentication of a first party respective of a second party aided by a third party | |
| CN102693478A (en) | Trading method of bid security during bidding procedure and system thereof | |
| EP3162042B1 (en) | Identification of call participants | |
| US20170213213A1 (en) | Enhanced authentication security applicable in an at least partially insecure network environment | |
| EP3340094B1 (en) | Method for renewal of cryptographic whiteboxes under binding of new public key and old identifier | |
| CN112150151B (en) | Secure payment method, apparatus, electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |