CN104811309B - A kind of long-range method and system using intelligent cipher key equipment - Google Patents
A kind of long-range method and system using intelligent cipher key equipment Download PDFInfo
- Publication number
- CN104811309B CN104811309B CN201510130567.5A CN201510130567A CN104811309B CN 104811309 B CN104811309 B CN 104811309B CN 201510130567 A CN201510130567 A CN 201510130567A CN 104811309 B CN104811309 B CN 104811309B
- Authority
- CN
- China
- Prior art keywords
- pending information
- information
- cipher key
- intelligent cipher
- sent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of long-range methods using intelligent cipher key equipment, including:Terminal obtains pending information, pending information is sent to terminal subsystem, terminal is the equipment that can not carry out network communication;Terminal subsystem verifies whether pending information is legal information, if legal, encrypt pending information and obtains encrypting pending information, and will encrypt pending information by remote information channel and be sent to terminal apart from long-range service subsystem;Pending information is encrypted in service subsystem decryption, obtains pending information, pending information is sent to intelligent cipher key equipment connected to it;The pending information of intelligent cipher key equipment processing.
Description
Technical field
The present invention relates to a kind of electronic technology field more particularly to a kind of long-range method using intelligent cipher key equipment and it is
System.
Background technology
With the development of online transaction, more and more people use for the selection of Logistics networks transaction security with signature work(
Energy intelligent cipher key equipment, intelligent cipher key equipment are usually connect by a wire jack plug or other wireless modules with terminal, still,
All it is either very limited at a distance from terminal connection by having line jack or wireless module, is led to intelligent cipher key equipment
It crosses for USB (Universal Serial Bus) connect with terminal, intelligent cipher key equipment is by USB plug and terminal
USB interface connection uses, but is only capable of supporting, into hundred meters of maximum distance, setting with intelligent key using USB connections transmission data
For connecting with terminal by bluetooth module, it is only capable of supporting tens of meters of distances using bluetooth connection transmission data.It is above-mentioned various
Mode is unable to reach long-range use (strange land use) or the debugging of intelligent cipher key equipment, is the long-range use of intelligent cipher key equipment
(strange land use) forms certain obstacle, also, in order to ensure information safety, many to use or debug intelligent cipher key equipment
Terminal can not carry out network communication, therefore, in the case where terminal can not carry out network communication, how safety strange land use or
Intelligent cipher key equipment is debugged, is those skilled in the art's technical problem urgently to be resolved hurrily.
Invention content
Present invention seek to address that the above problem.
The main purpose of the present invention is to provide a kind of long-range methods using intelligent cipher key equipment, which is characterized in that packet
It includes:Terminal obtains pending information, pending information is sent to terminal subsystem, terminal is that can not carry out setting for network communication
It is standby;Terminal subsystem verifies whether pending information is legal information, if legal, encrypt pending information and obtains encrypting and wait locating
Information is managed, and pending information will be encrypted by remote information channel and be sent to terminal apart from long-range service subsystem;Clothes
Pending information is encrypted in business subsystem decryption, obtains pending information, it is close that pending information is sent to intelligence connected to it
Key equipment;The pending information of intelligent cipher key equipment processing.
The main purpose of the present invention is to provide another methods for remotely using intelligent cipher key equipment, which is characterized in that
Including:Terminal obtains pending information, verifies whether pending information is legal information, if legal, pending information is added
It obtains encrypting pending information after close, pending information will be encrypted and be sent to terminal subsystem, terminal is that can not carry out network to lead to
The equipment of news;Terminal subsystem, which receives, encrypts pending information, and is sent to terminal distance remotely by remote information channel
Service subsystem;Pending information is encrypted in service subsystem decryption, obtains pending information, by pending information be sent to
Its intelligent cipher key equipment connected;The pending information of intelligent cipher key equipment processing.
In addition, pending information is encrypted in service subsystem decryption, obtain pending information, by pending information be sent to
Its intelligent cipher key equipment connected, including:Pending information is encrypted in service subsystem decryption, is obtained pending information, will be waited locating
Reason information carries out protocol conversion and obtains the accessible information of intelligent cipher key equipment, and is sent to intelligent key connected to it and sets
It is standby.
In addition, pending information includes at least:Data to be stored;Intelligent cipher key equipment handles pending information:Intelligence
Data to be stored is stored in the safety chip of intelligent cipher key equipment by energy key devices.
In addition, pending information includes at least:Tune-up data;Intelligent cipher key equipment handles pending information:Intelligence
Key devices are debugged according to tune-up data.
In addition, pending information includes at least:Transaction data;Before terminal obtains pending information, method further includes:Eventually
Terminal system receives pending information, and pending information is sent to terminal;The pending information of intelligent cipher key equipment processing, packet
It includes:Intelligent cipher key equipment signs to transaction data, generates signing messages;Intelligent cipher key equipment handles the step of pending information
After rapid, method further includes:Signing messages is sent to service subsystem connected to it by intelligent cipher key equipment;Service subsystem
Ciphering signature information obtains ciphering signature information, and ciphering signature information is sent to by remote information channel and is set with intelligent key
For apart from long-range terminal subsystem;Terminal subsystem receives ciphering signature information, and decryption ciphering signature information obtains A.L.S.
Breath, terminal is sent to by signing messages.
In addition, pending information includes at least:Transaction data;Before terminal obtains pending information, method further includes:Eventually
Terminal system receives pending information, and pending information is sent to terminal;The pending information of intelligent cipher key equipment processing, packet
It includes:Intelligent cipher key equipment signs to transaction data, generates signing messages;Intelligent cipher key equipment handles the step of pending information
After rapid, method further includes:Signing messages is sent to service subsystem connected to it by intelligent cipher key equipment;Service subsystem
Ciphering signature information obtains ciphering signature information, and ciphering signature information is sent to long-range null terminator Null by remote information channel
System;Terminal subsystem receives ciphering signature information, ciphering signature information is sent to terminal, terminal receives ciphering signature information
And decrypt, obtain signing messages.
In addition, terminal obtains pending information, the step of pending information is sent to terminal subsystem, further includes:Terminal
Pending information and identity are sent to terminal subsystem by the identity for obtaining pending information and intelligent cipher key equipment
System;Terminal subsystem verifies whether pending information is legal information, if legal, encrypt pending information and obtains encrypting and wait locating
Information is managed, and pending information will be encrypted by remote information channel and be sent to step with terminal apart from long-range service subsystem
Suddenly further include:Terminal subsystem verifies whether pending information is legal information, if legal, encrypt pending information and is added
Close pending information, and pending information will be encrypted by remote information channel and identity be sent to it is long-range with terminal distance
Service subsystem;Pending information is sent to intelligent cipher key equipment connected to it by service subsystem, including:Service subsystem
Pending information is sent to intelligent cipher key equipment corresponding with identity connected to it by system.
In addition, the step of terminal acquisition pending information, includes:Terminal obtains pending information and intelligent cipher key equipment
Identity;Terminal will encrypt the step of pending information is sent to terminal subsystem and include:Terminal will encrypt pending information
It is sent to terminal subsystem with identity;Terminal subsystem, which receives, encrypts pending information, and is sent out by remote information channel
It send to terminal and further includes apart from the step of long-range service subsystem:Terminal subsystem, which receives, encrypts pending information and identity
Mark, and be sent to terminal apart from long-range service subsystem by remote information channel;Service subsystem is by pending letter
Breath is sent to intelligent cipher key equipment connected to it, including:Service subsystem by pending information be sent to it is connected to it with
The corresponding intelligent cipher key equipment of identity.
It is set in addition, pending information is sent to intelligent key corresponding with identity connected to it by service subsystem
It is standby, including:Service subsystem pair intelligent cipher key equipment corresponding with identity carries out authentication, after certification passes through, will wait for
Processing information is sent to intelligent cipher key equipment.
In addition, remote information channel is transmission control protocol TCP or User Datagram Protocol UDP connection networks.
In addition, intelligent cipher key equipment includes:It is one or more.
The main purpose of the present invention is to provide a kind of long-range systems using intelligent cipher key equipment, which is characterized in that packet
It includes:Pending information is sent to terminal subsystem, terminal is that can not carry out network to lead to by terminal for obtaining pending information
The equipment of news;Terminal subsystem, if legal, encrypts pending information for verifying whether pending information is legal information
It obtains encrypting pending information, and pending information will be encrypted by remote information channel and be sent to terminal apart from long-range clothes
Business subsystem;Service subsystem encrypts pending information for decrypting, obtains pending information, pending information is sent to
Intelligent cipher key equipment connected to it;Intelligent cipher key equipment, for handling pending information.
The main purpose of the present invention is to provide another systems for remotely using intelligent cipher key equipment, which is characterized in that
Including:Terminal if legal, obtains pending information, by pending letter for verifying whether pending information is legal information
It obtains encrypting pending information after encryption for information, pending information will be encrypted and be sent to terminal subsystem, terminal is that can not carry out net
The equipment of network communication;Terminal subsystem encrypts pending information for receiving, and is sent to by remote information channel and terminal
Apart from long-range service subsystem;Service subsystem encrypts pending information for decrypting, obtains pending information, will wait locating
Reason information is sent to intelligent cipher key equipment connected to it;Intelligent cipher key equipment, for handling pending information.
In addition, service subsystem, encrypts pending information for decrypting, obtains pending information, pending information is sent out
It send to intelligent cipher key equipment connected to it, including:Service subsystem is encrypted pending information for decrypting, is obtained pending
Information is sent to intelligent cipher key equipment connected to it after converting pending information protocol.
In addition, pending information includes at least:Data to be stored;Intelligent cipher key equipment, for handling pending packet
It includes:Intelligent cipher key equipment, for data to be stored to be stored in the safety chip of intelligent cipher key equipment.
In addition, pending information includes at least:Tune-up data;Intelligent cipher key equipment includes for handling pending information:
Intelligent cipher key equipment, for being debugged according to tune-up data.
In addition, pending information includes at least:Transaction data;Terminal subsystem is additionally operable to receive pending information concurrent
It send to terminal;Intelligent cipher key equipment is additionally operable to be signed to obtain signing messages to transaction data;By signing messages be sent to
Its service subsystem connected;Service subsystem is additionally operable to receive signing messages, and ciphering signature information obtains ciphering signature letter
Breath, ciphering signature information is sent to intelligent cipher key equipment by remote information channel apart from long-range terminal subsystem;Eventually
Terminal system is additionally operable to receive ciphering signature information and decrypt, obtains signing messages, signing messages is sent to terminal;Terminal,
It is additionally operable to receive signing messages.
In addition, pending information further includes:Transaction data;Terminal subsystem is additionally operable to receive pending information and send
To terminal;Intelligent cipher key equipment is additionally operable to be signed to obtain signing messages to transaction data, by signing messages be sent to and its
The service subsystem of connection;Service subsystem is additionally operable to receive signing messages, and ciphering signature information obtains ciphering signature information,
Ciphering signature information is sent to intelligent cipher key equipment by remote information channel apart from long-range terminal subsystem;Null terminator Null
System is additionally operable to receive ciphering signature information, ciphering signature information is sent to terminal;Terminal is additionally operable to receive ciphering signature
Information, decryption ciphering signature information obtain signing messages.
In addition, pending information is sent to terminal subsystem by terminal for obtaining pending information, including:Terminal,
Pending information and identity are sent to null terminator Null by the identity for obtaining pending information and intelligent cipher key equipment
System;Terminal subsystem, if legal, encrypted pending information and is obtained for verifying whether pending information is legal information
Pending information is encrypted, and pending information will be encrypted by remote information channel and be sent to terminal apart from long-range service
System, including:Terminal subsystem, if legal, encrypts pending information for verifying whether pending information is legal information
Obtain encrypting pending information, and pending information will be encrypted by remote information channel and identity be sent to terminal away from
From long-range service subsystem;Service subsystem encrypts pending information for decrypting, obtains pending information, will be pending
Information is sent to intelligent cipher key equipment connected to it, including:Service subsystem is encrypted pending information for decrypting, is obtained
Pending information is sent to intelligent cipher key equipment corresponding with identity connected to it by pending information.
In addition, terminal, for obtaining pending information, including:Terminal is set for obtaining pending information and intelligent key
Standby identity;Terminal is sent to terminal subsystem for that will encrypt pending information, including:Terminal is waited for for that will encrypt
Processing information and identity are sent to terminal subsystem;Terminal subsystem encrypts pending information for receiving, and by remote
Journey information channel is sent to terminal apart from long-range service subsystem, including:Terminal subsystem, it is pending for receiving encryption
Information and identity, and be sent to terminal apart from long-range service subsystem by remote information channel;Service subsystem,
For pending information to be sent to intelligent cipher key equipment connected to it, including:Service subsystem is used for pending information
It is sent to intelligent cipher key equipment corresponding with identity connected to it.
In addition, service subsystem, for pending information to be sent to intelligence corresponding with identity connected to it
Key devices, including:Service subsystem, for carrying out authentication to the corresponding intelligent cipher key equipment of identity, certification is logical
Later, pending information is sent to intelligent cipher key equipment corresponding with identity connected to it.
In addition, terminal subsystem includes:First verification encryption and decryption equipment and first data transmission equipment;Wherein:First tests
Encryption and decryption equipment is demonstrate,proved, for receiving pending information, and whether legal, if legal, encrypt and wait locating if verifying pending information
Information is managed, obtains encrypting pending information, pending information will be encrypted and be sent to first data transmission equipment;First data transmission
Equipment encrypts pending information for receiving, will encrypt pending information and be sent to and terminal distance by remote information channel
Long-range service subsystem.
In addition, terminal includes:Acquisition module, the first verification encryption/decryption module and transceiver module;Wherein:Acquisition module is used
In the pending information of acquisition, and pending information is sent to the first verification encryption/decryption module;First verification encryption/decryption module, is used
In receiving pending information, whether legal, if legal, encrypt pending information, obtain encrypting and wait locating if verifying pending information
Information is managed, pending information will be encrypted and be sent to transceiver module;Transceiver module is sent to terminal for that will encrypt pending information
Subsystem;Terminal subsystem, including first data transmission equipment;First data transmission equipment encrypts pending letter for receiving
Breath, will encrypt pending information and is sent to long-range service subsystem by remote information channel.
In addition, service subsystem, including:Second data transmission set, the second encryption and decryption equipment and third data transmission are set
It is standby;Wherein:Second data transmission set encrypts pending information for receiving, and will encrypt pending information and be sent to second
Encryption and decryption equipment;Second encryption and decryption equipment encrypts pending information for receiving, and decrypts the pending information of encryption, is waited for
Information is handled, pending information is sent to third data transmission set;Third data transmission set, for receiving pending letter
Breath, intelligent cipher key equipment connected to it is sent to by pending information.
In addition, service subsystem, including:Second encryption and decryption equipment and the second data transmission set;Wherein:Second encryption and decryption
Equipment encrypts pending information for receiving, and decrypts the pending information of encryption, pending information is obtained, by pending information
It is sent to the second data transmission set;Pending information is sent to by the second data transmission set for receiving pending information
Intelligent cipher key equipment connected to it.
In addition, service subsystem, including:Second data transmission set, the second encryption and decryption equipment;Wherein:Second data pass
Transfer device encrypts pending information for receiving, and will encrypt pending information and be sent to the second encryption and decryption equipment;Second adds solution
Close equipment encrypts pending information for receiving, and decrypts the pending information of encryption, pending information is obtained, by pending letter
Breath is sent to the second data transmission set;Second data transmission set is additionally operable to the pending information after receiving and deciphering, will wait locating
Reason information is sent to intelligent cipher key equipment connected to it.
In addition, service subsystem, further includes protocol conversion device, protocol conversion device is used for pending information protocol
After conversion, it is sent to intelligent cipher key equipment connected to it.
In addition, remote information channel is transmission control protocol TCP or User Datagram Protocol UDP connection networks.
In addition, intelligent cipher key equipment includes:It is one or more.
As seen from the above technical solution provided by the invention, the present invention provides one kind remotely to be set using intelligent key
Standby method and system, terminal obtain pending information, pending information are sent to terminal subsystem, using terminal subsystem
It verifies the legal rear encryption of pending information and the pending information of remote transmission, service subsystem remotely receives and decrypt to obtain and wait locating
Information is managed, obtained pending information is sent to intelligent cipher key equipment and handled by terminal subsystem, before ensuring information security
It puts, solves the problems, such as that progress information exchange can not be connected between long-range terminal and intelligent cipher key equipment, realize
The terminal of network communication and the remote information interaction of intelligent cipher key equipment, can reach long-range and use or debug intelligent cipher key equipment
Technique effect, the user experience is improved.
Description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, required use in being described below to embodiment
Attached drawing be briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this
For the those of ordinary skill in field, without creative efforts, other are can also be obtained according to these attached drawings
Attached drawing.
Fig. 1 is the flow chart for the long-range method using intelligent cipher key equipment that the embodiment of the present invention 1 provides;
Fig. 2 is the flow chart for the long-range method using intelligent cipher key equipment that the embodiment of the present invention 1 provides;
Fig. 3 is the flow chart for the long-range method using intelligent cipher key equipment that the embodiment of the present invention 2 provides;
Fig. 4 is the flow chart for the long-range method using intelligent cipher key equipment that the embodiment of the present invention 2 provides;
Fig. 5 is the structural schematic diagram for the long-range system using intelligent cipher key equipment that the embodiment of the present invention 3 provides;
Fig. 6 is another structural schematic diagram for the long-range system using intelligent cipher key equipment that the embodiment of the present invention 3 provides;
Fig. 7 is the structural schematic diagram for the long-range system using intelligent cipher key equipment that the embodiment of the present invention 4 provides;
Fig. 8 is another structural schematic diagram for the long-range system using intelligent cipher key equipment that the embodiment of the present invention 4 provides.
Specific implementation mode
With reference to the attached drawing in the embodiment of the present invention, technical solution in the embodiment of the present invention carries out clear, complete
Ground describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Based on this
The embodiment of invention, every other implementation obtained by those of ordinary skill in the art without making creative efforts
Example, belongs to protection scope of the present invention.
In the description of the present invention, it is to be understood that, term "center", " longitudinal direction ", " transverse direction ", "upper", "lower",
The orientation or positional relationship of the instructions such as "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outside" is
It is based on the orientation or positional relationship shown in the drawings, is merely for convenience of description of the present invention and simplification of the description, rather than instruction or dark
Show that signified device or element must have a particular orientation, with specific azimuth configuration and operation, therefore should not be understood as pair
The limitation of the present invention.In addition, term " first ", " second " are used for description purposes only, it is not understood to indicate or imply opposite
Importance or quantity or position.
In the description of the present invention, it should be noted that unless otherwise clearly defined and limited, term " installation ", " phase
Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can
Can also be electrical connection to be mechanical connection;It can be directly connected, can also indirectly connected through an intermediary, Ke Yishi
Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition
Concrete meaning in invention.
The embodiment of the present invention is described in further detail below in conjunction with attached drawing.
Embodiment 1
According to an embodiment of the invention, a kind of long-range method using intelligent cipher key equipment is provided.
In the present embodiment, intelligent cipher key equipment can be to have electronic signature, certificate verification and/or encryption and decryption functions
Mini-plant, for example, KEY (the K treasured etc. that U-shield that industrial and commercial bank uses, agricultural bank use).Terminal subsystem can be by have verification and
The system of equipment and the data transmission set composition of encryption and decryption functions, wherein the equipment with verification encryption and decryption functions can be tool
It can appoint to have the intelligent cipher key equipment of authentication function or the combination of other verification equipment and encryption and decryption equipment, data transmission set
What sends and receivees the equipment (such as mobile phone, PC and tablet computer) of function with network data.Service subsystem can be several
According to transmission device and the equipment with encryption and decryption functions and with connection intelligent cipher key equipment function equipment composition system,
Wherein, data transmission set can be any equipment (such as mobile phone, PC and tablet electricity that function is sended and received with network data
Brain etc.), the equipment with encryption and decryption functions can be intelligent cipher key equipment, have the equipment of connection intelligent cipher key equipment function can
To be mobile phone, PC and tablet apparatus such as computer.
Fig. 1 is the long-range method for using intelligent cipher key equipment that the embodiment of the present invention 1 provides, and this method includes mainly following
Step:
S101, terminal obtain pending information, pending information are sent to terminal subsystem, terminal is that can not carry out net
The equipment of network communication;
In the present embodiment, terminal be can not carry out network communication equipment (such as relating computer, without network card computer or
Bank server etc., terminal can not carry out network communication, ensure the safety of terminal storage information, can not be infected or
Illegally it can not read or distort).
In a kind of optional embodiment of the present embodiment, terminal and terminal subsystem wired connection.Wired connection is compared
Wireless connection has better safety, is not easy to be tampered after illegal intercepted and captured, wired connection mode can be USB connections or
UART connections etc..
Can include that processing refers in a kind of optional embodiment of the present embodiment, in the pending information that terminal obtains
It enables, which can be the process instruction that terminal generates, and can also be the processing for the other equipment transmission that terminal receives
Instruction, process instruction can be trading instruction or the instructions such as instruction of shaking hands.Enable intelligent cipher key equipment according to receiving
Process instruction handles pending information accordingly.
In a kind of optional embodiment of the present embodiment, pending information may include:Data to be stored.Optionally,
It can also include store instruction in pending information.Intelligent cipher key equipment is waited for according to the store instruction received
Store the storage of data.
In a kind of optional embodiment of the present embodiment, pending information may include:Tune-up data.Optionally, it waits for
It can also includes debugging instruction to handle in information.Intelligent cipher key equipment is adjusted according to the debugging instruction received
Examination.
In a kind of optional embodiment of the present embodiment, pending information may include:Transaction data.Optionally, it waits for
It can also includes trading instruction to handle in information.Intelligent cipher key equipment is enable to complete transaction according to the trading instruction received
Flow.
Certainly, in a kind of optional embodiment of this implementation, pending information can also include:Data to be stored, tune
Try the arbitrary combination in data and transaction data.Allow intelligent cipher key equipment carry out as needed data storage, debugging and
Complete transaction.
In a kind of optional embodiment of the present embodiment, terminal obtains pending information and the identity of intelligent cipher key equipment
Mark, terminal subsystem is sent to by pending information and identity;Enable service subsystem according to identity into
The identification of row intelligent cipher key equipment carries out remote debugging or use convenient for user to specified intelligent cipher key equipment.
S102, terminal subsystem verify whether pending information is legal information, if legal, encrypt pending information and obtain
To the pending information of encryption;
In the present embodiment, terminal subsystem is encrypted pending information and can also be passed through by symmetric key encryption
Asymmetric-key encryption.Verify whether pending information is legal information, the hardware chip built in terminal subsystem can be passed through
Verify whether pending information is information type (the equipment class that such as intelligent cipher key equipment should receive that intelligent cipher key equipment should receive
Type is store instruction, Transaction Information, then the other information other than both information is disposed as invalid information), if not
The pending information is then determined as that invalid information is intercepted, prevented to end by the information type that intelligent cipher key equipment should receive
The encryption key of terminal subsystem is known in the attack of terminal system.
S103, terminal subsystem by remote information channel will encrypt pending information be sent to it is long-range with terminal distance
Service subsystem;
In the present embodiment, long-range with terminal distance, refer to that service subsystem can not be directly by terminal and intelligence with terminal
The distance that the connection type of energy key devices is transmitted.
In an optional embodiment of the present embodiment, remote information channel is transmission control protocol TCP or number of users
According to datagram protocol UDP connection networks.Information is transmitted using general information network, there is good convenience.
In an optional embodiment of the present embodiment, terminal subsystem is waited for the encryption by remote information channel
Processing information and identity are sent to terminal apart from long-range service subsystem.Enable service subsystem according to identity
Mark carries out the identification of intelligent cipher key equipment, and remote debugging or use are carried out to specified intelligent cipher key equipment convenient for user.
S104, service subsystem decryption encrypt pending information, obtain pending information, by pending information be sent to
Its intelligent cipher key equipment connected;
In an optional embodiment of the present embodiment, can also include in step 104:Service subsystem decryption encryption
Pending information obtains pending information, after pending information protocol is converted, is sent to intelligent key connected to it and sets
It is standby.Through protocol conversion, terminal meets the pending of the connection type standard by it with what terminal subsystem connection type was sent out
Information can be converted the arbitrary pending information for meeting service subsystem and intelligent cipher key equipment connection type standard.For example,
Terminal is connect with terminal subsystem by USB, and pending information is to meet the information of USB standard, and service subsystem and intelligence are close
Key equipment bluetooth connection, service subsystem, which can be converted to pending information by the information for meeting USB standard, meets bluetooth mark
Accurate information is convenient for the information exchange of service subsystem and intelligent cipher key equipment.In this way, service subsystem and intelligence
The connection type of key devices is not limited by terminal and terminal subsystem connection type, easy to use.
In the present embodiment, pending information is sent to intelligent cipher key equipment connected to it, connection side by service subsystem
Formula can be wired connection (such as by USB interface connection, UART (Universal Asynchronous Receiver/
Transmitter, universal asynchronous receiving-transmitting transmitter) interface connection etc.), can also be wirelessly connected (such as by bluetooth, it is infrared,
WIFI, NFC, 2.4G etc.).
In the present embodiment, null terminator Null in the decryption method and S102 that pending information uses is encrypted in service subsystem decryption
The cipher mode that the pending information of system encryption uses corresponds to.
In a kind of optional embodiment of the present embodiment, pending information is sent to intelligence connected to it by service subsystem
Energy key devices, including:It is close that pending information is sent to intelligence corresponding with identity connected to it by service subsystem
Key equipment.Be conducive to improve the accuracy that pending information is sent, and user can remotely specify intelligent cipher key equipment, complete
The remote control of specified intelligent cipher key equipment, such as when being remotely connected with multiple intelligent cipher key equipments, user may be selected use and refer to
Fixed intelligent cipher key equipment completes transaction.Further, pending information is sent to connected to it and body by service subsystem
Part identifies corresponding intelligent cipher key equipment, can also be:Service subsystem pair intelligent cipher key equipment corresponding with identity into
Pending information after certification passes through, is sent to intelligent cipher key equipment by row authentication.After intelligent cipher key equipment authentication
Pending information is sent to intelligent cipher key equipment again, the accuracy of information transmission is can further improve, improves the safety of information
Property.
S105, the pending information of intelligent cipher key equipment processing;
In the present embodiment, the mode that intelligent cipher key equipment handles pending information may include following manner at least it
One:
Mode one:Include process instruction in pending information, then intelligent cipher key equipment is handled pending according to process instruction
Information;
Mode two:According to the pending information of the contents processing of pending information;
Mode three:According to the format of pending information and/or the type of the pending information of content recognition, (for example, when waiting locating
When managing the interior perhaps format that information is # account information # transaction amount # payees #, it is identified as transaction data), according to pending letter
The pending information of type of process of breath.
Specifically, in a kind of optional embodiment of the present embodiment, if in pending information including data to be stored, intelligence
Energy key devices handle pending information:Data to be stored is stored in the safety of intelligent cipher key equipment by intelligent cipher key equipment
In chip.Optionally, the storage operation into row storage data can be instructed according to be stored in pending information, it also can be according to waiting for
It handles the format of information and/or content judges that pending information is data to be stored, storage operation is carried out to data to be stored.
Specifically, in another optional embodiment of the present embodiment, if in pending information including tune-up data, intelligence
Energy key devices handle pending information:Intelligent cipher key equipment is debugged according to tune-up data.It optionally, can be according to waiting for
The debugging operations that the debugging instruction in information carries out are handled, also can judge to wait for according to the format and/or content of pending information
Processing information is tune-up data, carries out debugging operations.
Specifically, in another optional embodiment of the present embodiment, if in pending information including transaction data, by
Network communication can not be carried out in terminal itself, therefore can not be communicated with bank backstage, in the present embodiment, terminal, which obtains, to be waited locating
Before managing information, the method flow of the present embodiment further includes:Terminal subsystem receives pending information, and pending information is sent
To terminal;(there is also various other embodiments for this step, for example, it is also possible to be other equipment with network communicating function
Pending information is received, pending information is sent to terminal.) the pending information of intelligent cipher key equipment processing, including:Intelligence is close
Key equipment signs to transaction data, generates signing messages.
In the optional embodiment, as shown in Fig. 2, the step of intelligent cipher key equipment handles pending information (S105)
Later, method provided in this embodiment further includes:
S106, intelligent cipher key equipment will handle the signing messages that pending information obtains and be sent to service connected to it
System;
S107, service subsystem ciphering signature information obtains ciphering signature information, by ciphering signature information by remotely believing
Breath channel is sent to intelligent cipher key equipment apart from long-range terminal subsystem;
S108, terminal subsystem receive ciphering signature information, and decryption ciphering signature information obtains signing messages, by A.L.S.
Breath is sent to terminal;
S109, terminal will sign signing messages by terminal subsystem (or other equipment with network communicating function)
Information is sent to bank server;
S110, bank server receive signing messages and sign test, and sign test completes transaction flow after passing through.
Optionally, the signature operation that intelligent cipher key equipment can be carried out according to the trading instruction in pending information, also can root
Judge that pending information is transaction data according to the format and/or content of pending information, carries out signature operation.This optional implementation
In mode, signature flow is known in the art technology, and details are not described herein.
In a kind of optional embodiment of the present embodiment, intelligent cipher key equipment can be one, can also be multiple.Clothes
Business subsystem connects multiple intelligent cipher key equipments simultaneously, and the efficiency of information processing can be improved.
As can be seen from the above-described embodiment, terminal obtains pending information, and pending information is sent to terminal subsystem,
Using terminal subsystem verifies the legal rear encryption of pending information and the pending information of remote transmission, service subsystem remotely receive
And decrypt and obtain pending information, obtained pending information is sent to intelligent cipher key equipment and handled by service subsystem, true
Under the premise of protecting information security, carry out information exchange can not be connected between long-range terminal and intelligent cipher key equipment by solving
The problem of, the terminal of network communication and the remote information interaction of intelligent cipher key equipment are realized, can reach long-range and use or adjust
The technique effect of intelligent cipher key equipment is tried, the user experience is improved.
Embodiment 2
According to an embodiment of the invention, a kind of long-range method using intelligent cipher key equipment is provided.
In the present embodiment, intelligent cipher key equipment can be to have electronic signature, certificate verification and/or encryption and decryption functions
Mini-plant, for example, KEY (the K treasured etc. that U-shield that industrial and commercial bank uses, agricultural bank use).Terminal subsystem can be by have verification and
The system of equipment and the data transmission set composition of encryption and decryption functions, wherein the equipment with verification encryption and decryption functions can be tool
It can appoint to have the intelligent cipher key equipment of authentication function or the combination of other verification equipment and encryption and decryption equipment, data transmission set
What sends and receivees the equipment (such as mobile phone, PC and tablet computer) of function with network data.Service subsystem can be several
According to transmission device and the equipment with encryption and decryption functions and with connection intelligent cipher key equipment function equipment composition system,
Wherein, data transmission set can be any equipment (such as mobile phone, PC and tablet electricity that function is sended and received with network data
Brain etc.), the equipment with encryption and decryption functions can be intelligent cipher key equipment, have the equipment of connection intelligent cipher key equipment function can
To be mobile phone, PC and tablet apparatus such as computer.
Fig. 3 is the long-range method for using intelligent cipher key equipment that the embodiment of the present invention 2 provides, and this method includes mainly following
Step:
S201, terminal obtain pending information, verify whether the pending information is legal information, will if legal
It obtains encrypting pending information after pending information encryption, pending information will be encrypted and be sent to terminal subsystem, terminal is nothing
The equipment that method carries out network communication;
In the present embodiment, the pending information of terminal encryption can be by symmetric key encryption, can also be by asymmetric
Key is encrypted.Terminal be can not carry out network communication equipment (such as relating computer, without network card computer or bank server
Deng terminal can not carry out network communication, ensure the safety of terminal storage information, can not be infected or can not illegally read
It takes or distorts).Verify whether pending information is legal information, pending letter can be verified by the hardware chip of terminal built-in
Breath whether be intelligent cipher key equipment should receive information type (device type that such as intelligent cipher key equipment should receive be storage refer to
Enable, Transaction Information, then the other information other than both information be disposed as invalid information), it is set if not intelligent key
The standby information type that should be received, then be determined as that invalid information is intercepted by the pending information, prevent the attack to terminal, obtain
Know the encryption key of terminal.
In a kind of optional embodiment of the present embodiment, terminal and terminal subsystem wired connection.Wired connection is compared
Wireless connection has better safety, is not easy to be tampered after illegal intercepted and captured, wired connection mode can be USB connections or
UART connections etc..
Can include that processing refers in a kind of optional embodiment of the present embodiment, in the pending information that terminal obtains
It enables, which can be the process instruction that terminal generates, and can also be the processing for the other equipment transmission that terminal receives
Instruction, process instruction can be trading instruction or the instructions such as instruction of shaking hands.Enable intelligent cipher key equipment according to receiving
Process instruction handles pending information accordingly.
In a kind of optional embodiment of the present embodiment, pending information may include:Data to be stored.Optionally,
It may also include store instruction in pending information.Intelligent cipher key equipment is enable to carry out waiting depositing according to the store instruction received
Store up the storage of data.
In a kind of optional embodiment of the present embodiment, pending information may include:Tune-up data.Optionally, it waits for
It may also include debugging instruction in processing information.Intelligent cipher key equipment is debugged according to the debugging instruction received.
In a kind of optional embodiment of the present embodiment, pending information may include:Transaction data.Optionally, it waits for
It may also include trading instruction in processing information.Intelligent cipher key equipment is enable to complete transaction flow according to the trading instruction received
Journey.
Certainly, in a kind of optional embodiment of this implementation, pending information can also include:Data to be stored, tune
Try the arbitrary combination in data and transaction data.Allow intelligent cipher key equipment carry out as needed data storage, debugging and
Complete transaction.
In a kind of optional embodiment of the present embodiment, terminal obtains pending information and the identity of intelligent cipher key equipment
Mark, will encrypt pending information and identity is sent to terminal subsystem;Enable service subsystem according to identity mark
Know the identification for carrying out intelligent cipher key equipment, remote debugging or use are carried out to specified intelligent cipher key equipment convenient for user.
S202, terminal subsystem, which receives, encrypts pending information, and is sent to and terminal distance by remote information channel
Long-range service subsystem;
In the present embodiment, long-range with terminal distance, refer to that service subsystem can not be directly by terminal and intelligence with terminal
The distance that the connection type of energy key devices is transmitted.
In an optional embodiment of the present embodiment, remote information channel is transmission control protocol TCP or number of users
According to datagram protocol UDP connection networks.Information is transmitted using general information network, there is good convenience.
In an optional embodiment of the present embodiment, terminal subsystem is waited for the encryption by remote information channel
Processing information and identity are sent to terminal apart from long-range service subsystem.Enable service subsystem according to identity
Mark carries out the identification of intelligent cipher key equipment, and remote debugging or use are carried out to specified intelligent cipher key equipment convenient for user.
S203, service subsystem decryption encrypt pending information, obtain pending information, by pending information be sent to
Its intelligent cipher key equipment connected;
In the present embodiment, service subsystem decryption is encrypted terminal in the decryption method and S201 that pending information uses and is added
The cipher mode that close pending information uses corresponds to.
In an optional embodiment of the present embodiment, can also include in step 203:Service subsystem decryption encryption
Pending information obtains pending information, after pending information protocol is converted, is sent to intelligent key connected to it and sets
It is standby.Through protocol conversion, terminal meets the pending of the connection type standard by it with what terminal subsystem connection type was sent out
Information can be converted the arbitrary pending information for meeting service subsystem and intelligent cipher key equipment connection type standard.For example,
Terminal is connect with terminal subsystem by USB, and pending information is to meet the information of USB standard, and service subsystem and intelligence are close
Key equipment bluetooth connection, service subsystem, which can be converted to pending information by the information for meeting USB standard, meets bluetooth mark
Accurate information is convenient for the information exchange of service subsystem and intelligent cipher key equipment.In this way, service subsystem and intelligence
The connection type of key devices is not limited by terminal and terminal subsystem connection type, easy to use.
In a kind of optional embodiment of the present embodiment, pending information is sent to connected to it by service subsystem
Intelligent cipher key equipment, including:Pending information is sent to intelligence corresponding with identity connected to it by service subsystem
Key devices.Be conducive to improve the accuracy that pending information is sent, and user can remotely specify intelligent cipher key equipment, it is complete
At the remote control of specified intelligent cipher key equipment, such as when being remotely connected with multiple intelligent cipher key equipments, user may be selected to use
Specified intelligent cipher key equipment completes transaction.Further, service subsystem by pending information be sent to it is connected to it with
The corresponding intelligent cipher key equipment of identity, can also be:Service subsystem pair intelligent cipher key equipment corresponding with identity
Authentication is carried out, after certification passes through, pending information is sent to intelligent cipher key equipment.To intelligent cipher key equipment authentication
Pending information is sent to intelligent cipher key equipment again afterwards, the accuracy of information transmission is can further improve, improves the peace of information
Quan Xing.
In the present embodiment, pending information is sent to intelligent cipher key equipment connected to it, connection side by service subsystem
Formula can be wired connection (such as being connected by USB interface connection, UART interface), can also be to be wirelessly connected (such as to pass through indigo plant
Tooth, infrared, WIFI, NFC, 2.4G etc.).
S204, the pending information of intelligent cipher key equipment processing;
In the present embodiment, the mode that intelligent cipher key equipment handles pending information may include following manner at least it
One:
Mode one:Include process instruction in pending information, then intelligent cipher key equipment is handled pending according to process instruction
Information;
Mode two:According to the pending information of the contents processing of pending information;
Mode three:According to the format of pending information and/or the type of the pending information of content recognition, (for example, when waiting locating
When managing the interior perhaps format that information is # account information # transaction amount # payees #, it is identified as transaction data), according to pending letter
The pending information of type of process of breath.
In a kind of optional embodiment of the present embodiment, if in pending information including data to be stored, intelligent key
Equipment handles pending information:Data to be stored is stored in the safety chip of intelligent cipher key equipment by intelligent cipher key equipment
In.Optionally, can be according to the storage operation to be stored instructed into row storage data in pending information, it also can be according to pending
The format and/or content of information judge that pending information is data to be stored, and storage operation is carried out to data to be stored.
Specifically, in another optional embodiment of the present embodiment, if in pending information including tune-up data, intelligence
Energy key devices handle pending information:Intelligent cipher key equipment is debugged according to tune-up data.It optionally, can be according to waiting for
The debugging operations that the debugging instruction in information carries out are handled, also can judge to wait for according to the format and/or content of pending information
Processing information is tune-up data, carries out debugging operations.
Specifically, in another optional embodiment of the present embodiment, if in pending information including transaction data, eventually
Before end obtains pending information, the flow of the present embodiment further includes:Terminal subsystem receives pending information, by pending letter
Breath is sent to terminal;(there is also various other embodiments for this step, for example, it is also possible to be other with network communicating function
Equipment receive pending information, pending information is sent to terminal.) the pending information of intelligent cipher key equipment processing, including:
Intelligent cipher key equipment signs to transaction data, generates signing messages.
In the optional embodiment, as shown in figure 4, the step of intelligent cipher key equipment handles pending information (S204)
Afterwards, further include that method provided in this embodiment further includes:
S205, intelligent cipher key equipment will handle the signing messages that pending information obtains and be sent to service connected to it
System;
S206, service subsystem ciphering signature information obtains ciphering signature information, by ciphering signature information by remotely believing
Breath channel is sent to intelligent cipher key equipment apart from long-range terminal subsystem;
S207, terminal subsystem receive ciphering signature information, ciphering signature information are sent to terminal, terminal receives encryption
Signing messages is simultaneously decrypted, and signing messages is obtained;
S208, terminal will sign signing messages by terminal subsystem (or other equipment with network communicating function)
Information is sent to bank server;
S209, bank server receive signing messages and sign test, and sign test completes transaction flow after passing through.
Optionally, the signature operation that intelligent cipher key equipment can be carried out according to the trading instruction in pending information, also can root
Judge that pending information is transaction data according to the format and/or content of pending information, carries out signature operation.This optional implementation
In mode, the flow of signature operation is known in the art technology, and details are not described herein.
In a kind of optional embodiment of the present embodiment, intelligent cipher key equipment can be one, can also be multiple.Clothes
Business subsystem connects multiple intelligent cipher key equipments simultaneously, and the efficiency of information processing can be improved.
As can be seen from the above-described embodiment, terminal obtains pending information, verify pending information it is legal after, encrypt and wait locating
Reason information obtains encrypting pending information, will encrypt pending information and is sent to terminal subsystem, using terminal subsystem is long-range
Pending information is transmitted, service subsystem remotely receives and decrypt to obtain pending information, and service subsystem waits locating by what is obtained
Reason information is sent to intelligent cipher key equipment processing, under the premise of ensuring information security, solves apart from long-range terminal and intelligence
It can not connect the problem of carrying out information exchange between key devices, realize the terminal and intelligent cipher key equipment of network communication
Remote information interacts, and can reach the long-range technique effect used or debug intelligent cipher key equipment, the user experience is improved.
Embodiment 3
The present embodiment provides a kind of long-range system using intelligent cipher key equipment, the system be with it is long-range in embodiment 1
One-to-one using the method for intelligent cipher key equipment, details are not described herein, is only briefly described as follows:
In the present embodiment, intelligent cipher key equipment 304 can be to have electronic signature, certificate verification and/or encryption and decryption work(
Can mini-plant, for example, KEY (the K treasured etc. that U-shield that industrial and commercial bank uses, agricultural bank use).
Fig. 5 is the long-range system for using intelligent cipher key equipment that the embodiment of the present invention 3 provides, which includes:Terminal
301, terminal subsystem 302, service subsystem 303, intelligent cipher key equipment 304.
Pending information is sent to terminal subsystem 302, terminal 301 is by terminal 301 for obtaining pending information
The equipment that can not carry out network communication;
In the present embodiment, terminal 301 be can not carry out network communication equipment (such as relating computer, without network interface card calculate
Machine or bank server etc., terminal 301 can not carry out network communication, ensure the safety of terminal storage information, can not be sick
Poison infection illegally can not read or distort).In a kind of optional embodiment of the present embodiment, what terminal 301 obtained waits locating
It can includes process instruction to manage in information, which can be the process instruction that terminal generates, and can also be that terminal receives
The process instruction that the other equipment arrived is sent, process instruction can be trading instruction or the instructions such as instruction of shaking hands.So that intelligence is close
Key equipment 304 can be handled pending information accordingly according to the process instruction received.
In a kind of optional embodiment of the present embodiment, pending information may include:Data to be stored.Optionally,
It may also include store instruction in pending information.Intelligent cipher key equipment 304 is enable to carry out number to be stored according to store instruction
According to storage.
In a kind of optional embodiment of the present embodiment, pending information may include:Tune-up data.Optionally, it waits for
It may also include debugging instruction in processing information.Intelligent cipher key equipment 304 is adjusted according to the debugging instruction received
Examination.
In a kind of optional embodiment of the present embodiment, pending information may include:Transaction data.Optionally, it waits for
It may also include trading instruction in processing information.Intelligent cipher key equipment 304 is enable to complete to hand over according to the trading instruction received
Easy flow.
Certainly, in a kind of optional embodiment of this implementation, pending information can also include:Data to be stored, tune
Try the arbitrary combination in data and transaction data.Allow intelligent cipher key equipment carry out as needed data storage, debugging and
Complete transaction.In a kind of optional embodiment of the present embodiment, terminal 301, for obtaining pending information and intelligent key
Pending information and identity are sent to terminal subsystem 302 by the identity of equipment 304;Make service subsystem 303
The identification that intelligent cipher key equipment 304 can be carried out according to identity, carries out specified intelligent cipher key equipment 304 convenient for user
Remote debugging or use.
Terminal subsystem 302, it is whether legal for verifying pending information, if the legal pending information of encryption is added
Close pending information, and pending information will be encrypted by remote information channel and be sent to terminal 301 apart from long-range service
Subsystem 303;
In the present embodiment, terminal subsystem 302 is encrypted pending information and can also be led to by symmetric key encryption
Cross asymmetric-key encryption.Verify whether pending information is legal information, the hardware built in terminal subsystem 302 can be passed through
Whether the pending information of chip checking is that (what such as intelligent cipher key equipment should receive sets the information type that should receive of intelligent cipher key equipment
Standby type is store instruction, Transaction Information, then the other information other than both information is disposed as invalid information), if
It is not the information type that intelligent cipher key equipment 304 should receive, then the pending information is determined as that invalid information is intercepted, prevents
Only to the attack of terminal subsystem 302, the encryption key of terminal subsystem is known.
In the present embodiment, refer to that service subsystem 303 can not directly pass through with terminal 301 with terminal 301 apart from long-range
At a distance from terminal 301 and the connection type of intelligent cipher key equipment 304 are transmitted.
In an optional embodiment of the present embodiment, remote information channel is transmission control protocol TCP or number of users
According to datagram protocol UDP connection networks.Information is transmitted using general information network, there is good convenience.
In an optional embodiment of the present embodiment, terminal subsystem 302, for passing through remote information channel by institute
It states the pending information of encryption and identity is sent to terminal 301 apart from long-range service subsystem 303.So that service subsystem
System 303 can carry out the identification of intelligent cipher key equipment 304 according to identity, convenient for user to specified intelligent cipher key equipment
304 carry out remote debugging or use.Service subsystem 303 encrypts pending information for decrypting, obtains pending information, will
Pending information is sent to intelligent cipher key equipment 304 connected to it;
In the present embodiment, the decryption method and the present embodiment that pending information uses are encrypted in the decryption of service subsystem 303
Middle terminal subsystem 302 is encrypted the cipher mode that pending information uses and is corresponded to.In an optional embodiment of the present embodiment
In, service subsystem 303 can be also used for:Pending information is encrypted in decryption, pending information is obtained, by pending information protocol
After conversion, it is sent to intelligent cipher key equipment 304 connected to it.Through protocol conversion, terminal 301 passes through itself and terminal subsystem
What 302 connection types were sent out meets the pending information of the connection type standard, can be converted and arbitrarily meets service subsystem
303 with the pending information of 304 connection type standard of intelligent cipher key equipment.For example, terminal 301 passes through with terminal subsystem 302
USB connections, pending information are to meet the information of USB standard, service subsystem 303 and 304 bluetooth connection of intelligent cipher key equipment,
Pending information can be converted to the information for meeting bluetooth standard by service subsystem 303 by the information for meeting USB standard, be convenient for
The information exchange of service subsystem and intelligent cipher key equipment 304.In this way, service subsystem 303 is set with intelligent key
Standby 304 connection type is not limited by terminal 301 and 302 connection type of terminal subsystem, easy to use.
In the present embodiment, pending information is sent to intelligent cipher key equipment 304 connected to it by service subsystem 303,
Connection type can be wired connection (such as by USB interface connection, UART (Universal Asynchronous
Receiver/Transmitter, universal asynchronous receiving-transmitting transmitter) interface connection etc.), can also be to be wirelessly connected (such as to pass through indigo plant
Tooth, infrared, WIFI, NFC, 2.4G etc.).
In a kind of optional embodiment of the present embodiment, service subsystem 303, for by pending information be sent to
Its intelligent cipher key equipment 304 connected, including:Service subsystem 303 is additionally operable to pending information being sent to connected to it
Intelligent cipher key equipment corresponding with identity 304.Be conducive to improve the accuracy that pending information is sent.Further, it takes
Business subsystem 303 can also be for pending information to be sent to intelligent cipher key equipment 304 corresponding with identity:Clothes
Business subsystem 303 is additionally operable to a pair intelligent cipher key equipment 304 corresponding with identity and carries out an authentication, will after certification passes through
Pending information is sent to the corresponding intelligent cipher key equipment of identity connected to it 304.To 304 identity of intelligent cipher key equipment
Pending information is sent to intelligent cipher key equipment 304 again after certification, can further improve the accuracy of information transmission, improves letter
The safety of breath.
Intelligent cipher key equipment 304, for handling pending information.
In the present embodiment, the mode that intelligent cipher key equipment 304 handles pending information may include following manner at least
One of:Mode one:Include process instruction in pending information, then intelligent cipher key equipment 304 is handled pending according to process instruction
Information;Mode two:According to the pending information of the contents processing of pending information;Mode three:According to the format of pending information and/
Or the type of the pending information of content recognition, (for example, when pending information is the interior of # account information # transaction amount # payees #
Perhaps format when, be identified as transaction data) according to the pending information of type of process of pending information.
In a kind of optional embodiment of the present embodiment, if in pending information including data to be stored, intelligent key
Equipment 304 includes for handling pending information:Intelligent cipher key equipment 304, for data to be stored to be stored in intelligent key
In the safety chip of equipment 304.Optionally, it can be grasped according to the storage of the store instruction in pending information into row storage data
Make, can also judge that pending information is data to be stored according to the format and/or content of pending information, to data to be stored
Carry out storage operation.
In another optional embodiment of the present embodiment, if in pending information including tune-up data, intelligent key
Equipment 304 includes for handling pending information:Intelligent cipher key equipment 304, for being debugged according to tune-up data.It is optional
, the debugging operations that can be carried out according to the debugging instruction in pending information also can be according to the format of pending information and/or interior
Appearance judges that pending information is tune-up data, carries out debugging operations.
In another optional embodiment of the present embodiment, if including transaction data in pending information, terminal 301 obtains
Before taking pending information, in the system of the present embodiment:Terminal subsystem 302 is additionally operable to receive pending information, will be pending
Information is sent to terminal 301;(there is also various other embodiments, for example, it is also possible to be other with network communicating function
Equipment receives pending information, and pending information is sent to terminal 301.) intelligent cipher key equipment 304, it is additionally operable to number of deals
According to signing, signing messages is generated;Signing messages is sent to service subsystem 303 connected to it;Service subsystem
303, it is additionally operable to receive signing messages, ciphering signature information obtains ciphering signature information, by ciphering signature information by remotely believing
Breath channel is sent to intelligent cipher key equipment apart from long-range terminal subsystem 302;Terminal subsystem 302 is additionally operable to reception and adds
Close signing messages, decryption ciphering signature information obtain signing messages, signing messages are sent to terminal 301;Terminal 301, is also used
In reception signing messages;Signing messages is passed through (or other the setting with network communicating function of terminal subsystem 302 by terminal 301
It is standby) signing messages is sent to bank server;Bank server receives signing messages and sign test, and sign test completes transaction after passing through
Flow.Optionally, the signature operation that intelligent cipher key equipment 304 can be carried out according to the trading instruction in pending information, also can root
Judge that pending information is transaction data according to the format and/or content of pending information, carries out signature operation.This optional implementation
In mode, signature operation is known in the art technology, and details are not described herein.In a kind of optional embodiment of the present embodiment,
Intelligent cipher key equipment 304 can be one, can also be multiple.Service subsystem connects multiple intelligent cipher key equipments 304 simultaneously,
The efficiency of information processing can be improved.
In a kind of optional embodiment of the present embodiment, as shown in fig. 6, terminal subsystem 302, it may include the first verification
Encryption and decryption equipment 3021 and first data transmission equipment 3022;First verification encryption and decryption equipment 3021, for receiving pending letter
It ceases and whether verify pending information legal, if the legal pending information of encryption, obtains encrypting pending information, encryption is waited for
Processing information is sent to first data transmission equipment 3022;First data transmission equipment 3022 encrypts pending letter for receiving
Breath, will encrypt pending information and is sent to terminal 301 apart from long-range service subsystem 303 by remote information channel.
In a kind of optional embodiment of the present embodiment, as shown in fig. 6, service subsystem 303, including the second data pass
Transfer device 3031, the second encryption and decryption equipment 3032 and third data transmission set 3033;Second data transmission set 3031, is used for
It receives and encrypts pending information, pending information will be encrypted and be sent to the second encryption and decryption equipment 3032;Second encryption and decryption equipment
3032, pending information is encrypted for receiving, decryption encrypts pending information, obtains pending information, pending information is sent out
It send to third data transmission set 3033;Third data transmission set 3033, for receiving pending information, by pending information
It is sent to intelligent cipher key equipment 304 connected to it.
Further, in this optional embodiment, third data transmission set 3033, for sending pending information
To intelligent cipher key equipment 304 connected to it, including:Third data transmission set 3033 is additionally operable to send pending information
To intelligent cipher key equipment corresponding with identity 304.Be conducive to improve the accuracy that pending information is sent.Further,
Third data transmission set 3033, for pending information to be sent to intelligent cipher key equipment 304 corresponding with identity, also
Can be:Second encryption and decryption equipment 3032 is additionally operable to pair progress of an intelligent cipher key equipment 304 identity corresponding with identity and recognizes
Card, after certification passes through, pending information is sent to intelligent cipher key equipment 304 by third data transmission set 3033.It is close to intelligence
Pending information is sent to intelligent cipher key equipment 304 again after 304 authentication of key equipment, can further improve information transmission
Accuracy improves the safety of information.
Further, in the optional embodiment of above-mentioned two the present embodiment, if in pending information including number of deals
According to before terminal 304 obtains pending information, in the system of the present embodiment:First data transmission equipment 3022 is additionally operable to receive
Pending information is sent directly to terminal 301 or is pass-through to terminal 301 by the first encryption and decryption equipment 3021 by pending information
(there is also various other embodiments, for example, it is also possible to be that other equipment with network communicating function receive pending letter
Breath, terminal 301 is sent to by pending information);Intelligent cipher key equipment 304 is additionally operable to sign to transaction data, generates label
Name information;The signing messages is sent to the third data transmission set 3033 of service subsystem 303 connected to it;Third
Data transmission set 3033 is additionally operable to receive signing messages, signing messages is sent to the second encryption and decryption equipment 3032;Second adds
Decryption device 3032 is additionally operable to receive signing messages, and ciphering signature information obtains ciphering signature information, ciphering signature information is sent out
It send to the second data transmission set 3032;Second data transmission set 3031 is additionally operable to receive ciphering signature information, encryption is signed
Name information is sent to the first number with intelligent cipher key equipment 304 apart from long-range terminal subsystem 302 by remote information channel
According to transmission device 3022;First data transmission equipment 3022 is additionally operable to receive ciphering signature information, ciphering signature information is sent
To the first encryption and decryption equipment 3021;First encryption and decryption equipment 3021 is additionally operable to receive ciphering signature information, decryption ciphering signature letter
Breath obtains signing messages, and signing messages is sent to terminal 301;Terminal 301 is additionally operable to receive signing messages.Optionally, intelligence
The signature operation that key devices 304 can be carried out according to the trading instruction in pending information, also can be according to the lattice of pending information
Formula and/or content judge that pending information is transaction data, carry out signature operation.In this optional embodiment, signature operation
It is known in the art technology, details are not described herein.
In the optional embodiment of the present invention, service subsystem 303, including:Second encryption and decryption equipment, 3032 He
Second data transmission set 3031;Wherein:Second encryption and decryption equipment 3032 encrypts pending information for receiving, and decrypts and add
Close pending information, obtains pending information, and pending information is sent to the second data transmission set 3031;Second data pass
Pending information is sent to intelligent cipher key equipment 304 connected to it by transfer device 3031 for receiving pending information.
In the optional embodiment of the present invention, service subsystem 303, including:Second data transmission set 3031,
Second encryption and decryption equipment 3032;Wherein:Second data transmission set 3031 encrypts pending information for receiving, and will encryption
Pending information is sent to the second encryption and decryption equipment 3032;Second encryption and decryption equipment 3032 encrypts pending information for receiving,
And the pending information of encryption is decrypted, pending information is obtained, pending information is sent to the second data transmission set 3031;The
Two data transmission sets 3031 are additionally operable to the pending information after receiving and deciphering, pending information are sent to connected to it
Intelligent cipher key equipment 304.
In a kind of optional embodiment of embodiment, service subsystem 303 further includes:Protocol conversion device 3034 is used
After by the pending information protocol conversion, it is sent to intelligent cipher key equipment 304 connected to it.It need not be according to terminal 301
The connection type of intelligent cipher key equipment 304 and service subsystem 303 is set with the connection type of terminal subsystem 302.By above-mentioned
Embodiment can be seen that terminal 301 and obtain pending information, and pending information is sent to terminal subsystem 302, using terminal
Subsystem 302 verifies the legal rear encryption of pending information and the pending information of remote transmission, service subsystem 303 remotely receive simultaneously
Decryption obtains pending information, and obtained pending information is sent to intelligent cipher key equipment processing 304 by service subsystem 303,
Under the premise of ensuring information security, solve can not be connected between long-range terminal 301 and intelligent cipher key equipment 304 into
The problem of row information interaction realizes the terminal 301 of network communication and the remote information interaction of intelligent cipher key equipment 304, can be with
Reach the long-range technique effect used or debug intelligent cipher key equipment 304, the user experience is improved.
Embodiment 4
The present embodiment provides a kind of long-range system using intelligent cipher key equipment, the system be with it is long-range in embodiment 2
One-to-one using the method for intelligent cipher key equipment, details are not described herein, is only briefly described as follows:
In the present embodiment, intelligent cipher key equipment 404 can be to have electronic signature, certificate verification and/or encryption and decryption work(
Can mini-plant, for example, KEY (the K treasured etc. that U-shield that industrial and commercial bank uses, agricultural bank use).
Fig. 7 is the long-range system for using intelligent cipher key equipment that the embodiment of the present invention 4 provides, which includes:Terminal
401, terminal subsystem 402, service subsystem 403, intelligent cipher key equipment 404.
Terminal 401, for obtaining pending information, whether the verification pending information is legal information, if legal,
It obtains encrypting pending information after pending information is encrypted, pending information will be encrypted and be sent to terminal subsystem 402, terminal
401 be the equipment that can not carry out network communication;
In the present embodiment, terminal 401 be can not carry out network communication equipment (such as relating computer, without network interface card calculate
Machine or bank server etc., terminal 401 can not carry out network communication, ensure the safety of terminal storage information, can not be sick
Poison infection illegally can not read or distort).Verify whether pending information is legal information, the hard of terminal built-in can be passed through
Whether the pending information of part chip checking is the information type that should receive of intelligent cipher key equipment (as intelligent cipher key equipment should receive
Device type is store instruction, Transaction Information, then the other information other than both information is disposed as invalid information), such as
Fruit is not the information type that intelligent cipher key equipment should receive, then the pending information is determined as that invalid information is intercepted, and is prevented
Only to the attack of terminal, the encryption key of terminal is known.
In a kind of optional embodiment of the present embodiment, terminal 401 and 402 wired connection of terminal subsystem.Wired company
Connect has better safety compared to wireless connection, is not easy to be tampered after illegal intercepted and captured, wired connection mode can be USB
Connection or UART connections etc..
Can include processing in a kind of optional embodiment of the present embodiment, in the pending information that terminal 401 obtains
Instruction, the process instruction can be the process instructions that terminal generates, and can also be that the other equipment that receives of terminal 401 is sent
Process instruction, process instruction can be trading instruction or the instructions such as instruction of shaking hands.Enable intelligent cipher key equipment 404 according to connecing
The process instruction received handles pending information accordingly.
In a kind of optional embodiment of the present embodiment, pending information may include:Data to be stored.Optionally,
It may also include store instruction in pending information.Intelligent cipher key equipment 404 is carried out according to the store instruction received
The storage of data to be stored.
In a kind of optional embodiment of the present embodiment, pending information may include:Tune-up data.Optionally, it waits for
It may also include debugging instruction in processing information.Intelligent cipher key equipment 404 is adjusted according to the debugging instruction received
Examination.
In a kind of optional embodiment of the present embodiment, pending information may include:Transaction data.Optionally, it waits for
It may also include trading instruction in processing information.Intelligent cipher key equipment 404 is enable to complete to hand over according to the trading instruction received
Easy flow.
Certainly, in a kind of optional embodiment of this implementation, pending information can also include:Data to be stored, tune
Try the arbitrary combination in data and transaction data.Allow intelligent cipher key equipment carry out as needed data storage, debugging and
Complete transaction.In a kind of optional embodiment of the present embodiment, terminal 401 obtains pending information and intelligent cipher key equipment
404 identity, will encrypt pending information and identity is sent to terminal subsystem 402;Make service subsystem 403
The identification that intelligent cipher key equipment 404 can be carried out according to identity, carries out specified intelligent cipher key equipment 404 convenient for user
Remote debugging or use.
Terminal subsystem 402 encrypts pending information for receiving, and is sent to by remote information channel and terminal
401 apart from long-range service subsystem 403;
In the present embodiment, refer to that service subsystem 403 can not directly pass through with terminal 401 with terminal 401 apart from long-range
At a distance from terminal and the connection type of intelligent cipher key equipment are transmitted.
In an optional embodiment of the present embodiment, remote information channel is transmission control protocol TCP or number of users
According to datagram protocol UDP connection networks.Information is transmitted using general information network, there is good convenience.
In an optional embodiment of the present embodiment, terminal subsystem 402 described will be added by remote information channel
Close pending information and identity are sent to terminal 401 apart from long-range service subsystem 403.Make service subsystem
403 can carry out the identification of intelligent cipher key equipment 404 according to identity, convenient for user to specified intelligent cipher key equipment 404
Carry out remote debugging or use.Service subsystem 403 encrypts pending information for decrypting, obtains pending information, will wait locating
Reason information is sent to intelligent cipher key equipment 404 connected to it;
In the present embodiment, the decryption method and the present embodiment that pending information uses are encrypted in the decryption of service subsystem 403
Middle terminal subsystem 402 is encrypted the cipher mode that pending information uses and is corresponded to.
In an optional embodiment of the present embodiment, service subsystem 403 can also include:Decryption encryption is pending
Information obtains pending information, after pending information protocol is converted, is sent to intelligent cipher key equipment 404 connected to it.Through
Protocol conversion, terminal 401 meet the pending of the connection type standard by it with what 402 connection type of terminal subsystem was sent out
Information can be converted the arbitrary pending letter for meeting service subsystem 403 and 404 connection type standard of intelligent cipher key equipment
Breath.For example, terminal 401 is connect with terminal subsystem 402 by USB, pending information is to meet the information of USB standard, service
Subsystem 403 and 404 bluetooth connection of intelligent cipher key equipment, service subsystem 403 can be by pending information by meeting USB standard
Information be converted to the information for meeting bluetooth standard, be convenient for service subsystem 403 and intelligent cipher key equipment 404 information exchange.
In this way, the connection type of service subsystem 403 and intelligent cipher key equipment 404 is not by terminal 401 and terminal subsystem
The limitation of 402 connection types, it is easy to use.
In a kind of optional embodiment of the present embodiment, service subsystem 403, for by pending information be sent to
Its intelligent cipher key equipment 404 connected, including:Service subsystem 403 is additionally operable to pending information being sent to connected to it
Intelligent cipher key equipment corresponding with identity 404.Be conducive to improve the accuracy that pending information is sent.Further, it takes
Business subsystem can also be for pending information to be sent to intelligent cipher key equipment 404 corresponding with identity:Service
Subsystem 403 is additionally operable to a pair intelligent cipher key equipment 404 corresponding with identity and carries out authentication, after certification passes through, will wait for
Processing information is sent to the corresponding intelligent cipher key equipment of identity connected to it 404.404 identity of intelligent cipher key equipment is recognized
Pending information is sent to intelligent cipher key equipment 404 again after card, can further improve the accuracy of information transmission, improves information
Safety.
In the present embodiment, pending information is sent to intelligent cipher key equipment 404 connected to it by service subsystem 403,
Connection type can be wired connection (such as being connected by USB interface connection, UART interface), can also be to be wirelessly connected (such as
Pass through bluetooth, infrared, WIFI, NFC, 2.4G etc.).Intelligent cipher key equipment 404, for handling pending information;
In the present embodiment, the mode that intelligent cipher key equipment 404 handles pending information may include following manner at least
One of:
Mode one:Include process instruction in pending information, then intelligent cipher key equipment 404 is handled according to process instruction waits locating
Manage information;
Mode two:According to the pending information of the contents processing of pending information;
Mode three:According to the format of pending information and/or the type of the pending information of content recognition, (for example, when waiting locating
When managing the interior perhaps format that information is # account information # transaction amount # payees #, it is identified as transaction data), according to pending letter
The pending information of type of process of breath.
In a kind of optional embodiment of the present embodiment, if in pending information including data to be stored, intelligent key
Equipment 404 includes for handling pending information:Intelligent cipher key equipment 404, for data to be stored to be stored in intelligent key
In the safety chip of equipment 404.Optionally, it can be grasped according to the storage of the store instruction in pending information into row storage data
Make, can also judge that pending information is data to be stored according to the format and/or content of pending information, to data to be stored
Carry out storage operation.
In another optional embodiment of the present embodiment, if in pending information including tune-up data, intelligent key
Equipment 404 includes for handling pending information:Intelligent cipher key equipment 404, for being debugged according to tune-up data.It is optional
, the debugging operations that can be carried out according to the debugging instruction in pending information also can be according to the format of pending information and/or interior
Appearance judges that pending information is tune-up data, carries out debugging operations.
In another optional embodiment of the present embodiment, if pending information further includes transaction data, terminal 401 obtains
Before taking pending information, in the system of the present embodiment:Terminal subsystem 402 is additionally operable to receive pending information and be sent to
(there is also various other embodiments, for example, it is also possible to be that other equipment receptions with network communicating function wait for for terminal 401
Information is handled, pending information is sent to terminal 401.);Intelligent cipher key equipment 404 is additionally operable to sign to transaction data
Signing messages is obtained, signing messages is sent to service subsystem 403 connected to it;Service subsystem 403 is additionally operable to receive
Signing messages, ciphering signature information obtain ciphering signature information, by ciphering signature information by remote information channel be sent to
Intelligent cipher key equipment 404 is apart from long-range terminal subsystem 402;Terminal subsystem 402 is additionally operable to receive ciphering signature information,
Ciphering signature information is sent to terminal 401;Terminal 401 is additionally operable to receive ciphering signature information, and decryption ciphering signature information obtains
To signing messages;Terminal 401 will by terminal subsystem 402 (or other equipment with network communicating function) by signing messages
Signing messages is sent to bank server;Bank server receives signing messages and sign test, and sign test completes transaction flow after passing through.
Optionally, the signature operation that intelligent cipher key equipment 404 can be carried out according to the trading instruction in pending information, also can be according to waiting locating
It manages the format of information and/or content judges that pending information is transaction data, carry out signature operation.This optional embodiment
In, signature operation is known in the art technology, and details are not described herein.
In a kind of optional embodiment of the present embodiment, intelligent cipher key equipment 404 can be one, can also be more
It is a.Service subsystem connects multiple intelligent cipher key equipments 404 simultaneously, and the efficiency of information processing can be improved.
In a kind of optional embodiment of the present embodiment, as shown in figure 8, terminal 401, including:4011 He of acquisition module
First verification encryption/decryption module 4012 and transceiver module 4013;Acquisition module 4011 for obtaining pending information, and will wait locating
Reason information is sent to the first verification encryption/decryption module 4012;First verification encryption/decryption module 4012, for receiving pending information,
It whether legal verifies pending information, if legal, encrypts pending information, pending information will be encrypted and be sent to transceiver module
4013;Transceiver module 4013 is sent to terminal subsystem 402 for that will encrypt pending information.Terminal subsystem 402, including
First data transmission equipment 4021;First data transmission equipment 4021 is encrypted pending information for receiving, will be encrypted pending
Information is sent to terminal 401 by remote information channel apart from long-range service subsystem 403.
In a kind of optional embodiment of the present embodiment, as shown in figure 8, service subsystem 403, including:Second data
Transmission device 4031, the second encryption and decryption equipment 4032 and third data transmission set 4033;Second data transmission set 4032 is used
Pending information is encrypted in receiving, and pending information will be encrypted and be sent to the second encryption and decryption equipment 4032;Second encryption and decryption is set
Standby 4032, pending information is encrypted for receiving, and decrypt the pending information of encryption, pending information is obtained, by pending letter
Breath is sent to third data transmission set 4033;Third data transmission set 4033 will be pending for receiving pending information
Information is sent to intelligent cipher key equipment 404 connected to it.
In a kind of optional embodiment of the present embodiment, third data transmission set 4033 is used for pending information
It is sent to intelligent cipher key equipment 404 connected to it, including:Third data transmission set 4033 is additionally operable to pending information
It is sent to intelligent cipher key equipment corresponding with identity 404.Be conducive to improve the accuracy that pending information is sent.Further
, third data transmission set 3033, for pending information to be sent to intelligent cipher key equipment corresponding with identity
404, it can also be:Second encryption and decryption equipment 4032 is additionally operable to a pair intelligent cipher key equipment 404 corresponding with identity and carries out body
Part certification, after certification passes through, pending information is sent to intelligent cipher key equipment 404 by third data transmission set 4033.To intelligence
Pending information can be sent to intelligent cipher key equipment 404 again after 404 authentication of key devices, can further improve information hair
The accuracy sent improves the safety of information.
Further, in the optional embodiment of above-mentioned two the present embodiment, if in pending information including number of deals
According to, intelligent cipher key equipment is additionally operable to be signed to obtain signing messages to the transaction data, by signing messages be sent to and its
The third data transmission set 4033 of the service subsystem 403 of connection;Third data transmission set 4033 is additionally operable to receive signature
Signing messages is sent to the second encryption and decryption equipment 4032 by information;Second encryption and decryption equipment 4032 is additionally operable to receive A.L.S.
Breath, ciphering signature information obtain ciphering signature information, ciphering signature information are sent to the second data transmission set 4031;Second
Data transmission set 4031 is additionally operable to receive ciphering signature information, ciphering signature information is sent to by remote information channel
The first data transmission equipment 4021 of the terminal subsystem 402 long-range with intelligent cipher key equipment 404;First data transmission equipment
4021, it is additionally operable to receive ciphering signature information, ciphering signature information is sent to the first verification encryption and decryption mould of the terminal 401
Block 4012;First adds verification deciphering module 4012, is additionally operable to receive ciphering signature information, decryption ciphering signature information is signed
Information.Signing messages is also sent to silver by terminal 401 by the first transmission device 4021 or other equipment with communication function
Row server, bank server carry out sign test to signing messages, and sign test is merchandised by then completing.Optionally, intelligent cipher key equipment
404 signature operations that can be carried out according to the trading instruction in pending information, also can be according to the format of pending information and/or interior
Appearance judges that pending information is transaction data, carries out signature operation.In this optional embodiment, the flow of signature operation is this
Field known technology, details are not described herein.
In another optional embodiment of the present embodiment, service subsystem 403, including:Second encryption and decryption equipment
4032 and second data transmission set 4031;Wherein:Second encryption and decryption equipment 4032 encrypts pending information for receiving, and
Pending information is encrypted in decryption, obtains pending information, pending information is sent to the second data transmission set 4031;Second
Pending information is sent to intelligent cipher key equipment connected to it by data transmission set 4031 for receiving pending information
404。
In another optional embodiment of the present embodiment, service subsystem 403, including:Second data transmission set
4031, the second encryption and decryption equipment 4032;Wherein:Second data transmission set 4031 encrypts pending information for receiving, and will
It encrypts pending information and is sent to the second encryption and decryption equipment 4032;Second encryption and decryption equipment 4032, it is pending for receiving encryption
Information, and the pending information of encryption is decrypted, pending information is obtained, pending information is sent to the second data transmission set
4031;Second data transmission set 4031 is additionally operable to the pending information after receiving and deciphering, by pending information be sent to and its
The intelligent cipher key equipment 404 of connection.
In a kind of optional embodiment of embodiment, service subsystem 403 further includes:Protocol conversion device 4034 is used
After by the pending information protocol conversion, it is sent to intelligent cipher key equipment 404 connected to it.It need not be according to terminal 401
The connection type of intelligent cipher key equipment 404 and service subsystem 403 is set with the connection type of terminal subsystem 402.
As can be seen from the above-described embodiment, terminal 401 obtains pending information, verify pending information it is legal after, encryption
Pending information obtains encrypting pending information, will encrypt pending information and is sent to terminal subsystem 402, using terminal subsystem
The pending information of 402 remote transmissions of uniting, service subsystem 403 remotely receive and decrypt to obtain pending information, service subsystem
Obtained pending information is sent to intelligent cipher key equipment processing 404 by 403, under the premise of ensuring information security, is solved
The problem of carrying out information exchange can not be connected between long-range terminal 401 and intelligent cipher key equipment 404, and it is logical to realize network
The terminal 401 of news and the remote information interaction of intelligent cipher key equipment 404, can reach long-range and use or debug intelligent cipher key equipment
404 technique effect, the user experience is improved.
Any process described otherwise above or method description are construed as in flow chart or herein, and expression includes
It is one or more for realizing specific logical function or process the step of executable instruction code module, segment or portion
Point, and the range of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discuss suitable
Sequence, include according to involved function by it is basic simultaneously in the way of or in the opposite order, to execute function, this should be of the invention
Embodiment person of ordinary skill in the field understood.
It should be appreciated that each section of the present invention can be realized with hardware, software, firmware or combination thereof.Above-mentioned
In embodiment, software that multiple steps or method can in memory and by suitable instruction execution system be executed with storage
Or firmware is realized.It, and in another embodiment, can be under well known in the art for example, if realized with hardware
Any one of row technology or their combination are realized:With the logic gates for realizing logic function to data-signal
Discrete logic, with suitable combinational logic gate circuit application-specific integrated circuit, programmable gate array (PGA), scene
Programmable gate array (FPGA) etc..
Those skilled in the art are appreciated that realize all or part of step that above-described embodiment method carries
Suddenly it is that relevant hardware can be instructed to complete by program, the program can be stored in a kind of computer-readable storage medium
In matter, which includes the steps that one or a combination set of embodiment of the method when being executed.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, it can also
That each unit physically exists alone, can also two or more units be integrated in a module.Above-mentioned integrated mould
The form that hardware had both may be used in block is realized, can also be realized in the form of software function module.The integrated module is such as
Fruit is realized in the form of software function module and when sold or used as an independent product, can also be stored in a computer
In read/write memory medium.
Storage medium mentioned above can be read-only memory, disk or CD etc..
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example
Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not
Centainly refer to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be any
One or more embodiments or example in can be combined in any suitable manner.
Although the embodiments of the present invention has been shown and described above, it is to be understood that above-described embodiment is example
Property, it is not considered as limiting the invention, those skilled in the art are not departing from the principle of the present invention and objective
In the case of can make changes, modifications, alterations, and variations to the above described embodiments within the scope of the invention.The scope of the present invention
By appended claims and its equivalent limit.
Claims (22)
1. a kind of long-range method using intelligent cipher key equipment, which is characterized in that including:
Terminal obtains the identity of pending information and intelligent cipher key equipment, by the pending information and the identity
It is sent to terminal subsystem, the terminal is the equipment that can not carry out network communication, wherein the pending information is at least wrapped
It includes:Data to be stored and tune-up data;
The terminal subsystem verifies whether the pending information is legal information, if legal, encrypts the pending letter
Breath obtains encrypting pending information, and is sent the pending information of the encryption and the identity by remote information channel
Extremely with the terminal apart from long-range service subsystem;
The service subsystem decryption pending information of encryption, obtains the pending information, by the pending information
It is sent to intelligent cipher key equipment corresponding with the identity connected to it, wherein the service subsystem connection is multiple
Intelligent cipher key equipment;
The intelligent cipher key equipment handles the pending information, wherein the intelligent cipher key equipment handles the pending letter
Breath includes:The data to be stored is stored in the safety chip of the intelligent cipher key equipment by the intelligent cipher key equipment, and
It is debugged according to the tune-up data.
2. a kind of long-range method using intelligent cipher key equipment, which is characterized in that including:
Terminal obtains the identity of pending information and intelligent cipher key equipment, verifies whether the pending information is legal letter
Breath will obtain encrypting pending information, by the pending information of the encryption and institute if legal after the pending information encryption
It states identity and is sent to terminal subsystem, the terminal is the equipment that can not carry out network communication, wherein the pending letter
Breath includes at least:Data to be stored and tune-up data;
The terminal subsystem receives the pending information of the encryption and the identity, and is sent by remote information channel
Extremely with the terminal apart from long-range service subsystem;
The service subsystem decryption pending information of encryption, obtains the pending information, by the pending information
It is sent to intelligent cipher key equipment corresponding with the identity connected to it, wherein the service subsystem connection is multiple
Intelligent cipher key equipment;
The intelligent cipher key equipment handles the pending information, wherein the intelligent cipher key equipment handles the pending letter
Breath includes:The data to be stored is stored in the safety chip of the intelligent cipher key equipment by the intelligent cipher key equipment, and
It is debugged according to the tune-up data.
3. method according to claim 1 or 2, which is characterized in that the service subsystem decryption encryption is pending
Information obtains the pending information, the pending information is sent to connected to it corresponding with the identity
Intelligent cipher key equipment, including:
The service subsystem decryption pending information of encryption, obtains the pending information, by the pending information
It carries out protocol conversion and obtains the accessible information of the intelligent cipher key equipment, and be sent to the connected to it and identity
Corresponding intelligent cipher key equipment.
4. method according to claim 1 or 2, which is characterized in that
The pending information further includes:Transaction data;
Before terminal obtains the identity of pending information and intelligent cipher key equipment, the method further includes:
The terminal subsystem receives the pending information, and the pending information is sent to the terminal;
The intelligent cipher key equipment handles the pending information, including:
The intelligent cipher key equipment signs to the transaction data, generates signing messages;
After the intelligent cipher key equipment handles the step of pending information, the method further includes:
The signing messages is sent to the service subsystem connected to it by the intelligent cipher key equipment;
The service subsystem encrypts the signing messages and obtains ciphering signature information, the ciphering signature information is passed through described
Remote information channel is sent to the terminal subsystem long-range with intelligent cipher key equipment distance;
The terminal subsystem receives the ciphering signature information, decrypts the ciphering signature information and obtains the signing messages,
The signing messages is sent to the terminal.
5. according to the method described in claim 3, it is characterized in that,
The pending information further includes:Transaction data;
Before terminal obtains the identity of pending information and intelligent cipher key equipment, the method further includes:
The terminal subsystem receives the pending information, and the pending information is sent to the terminal;
The intelligent cipher key equipment handles the pending information, including:
The intelligent cipher key equipment signs to the transaction data, generates signing messages;
After the intelligent cipher key equipment handles the step of pending information, the method further includes:
The signing messages is sent to the service subsystem connected to it by the intelligent cipher key equipment;
The service subsystem encrypts the signing messages and obtains ciphering signature information, the ciphering signature information is passed through long-range
Information channel is sent to the long-range terminal subsystem;
The terminal subsystem receives the ciphering signature information, and the ciphering signature information is sent to the terminal, described
Terminal receives the ciphering signature information and decrypts, and obtains the signing messages.
6. according to claim 1,2 or 5 any one of them methods, which is characterized in that
It is close that the pending information is sent to intelligence corresponding with the identity connected to it by the service subsystem
Key equipment, including:
The service subsystem pair intelligent cipher key equipment corresponding with the identity carries out authentication, after certification passes through,
The pending information is sent to the intelligent cipher key equipment.
7. according to claim 1,2 or 5 any one of them methods, which is characterized in that the remote information channel is that transmission is controlled
Agreement TCP processed or User Datagram Protocol UDP connection networks.
8. a kind of long-range system using intelligent cipher key equipment, which is characterized in that including:
Terminal, the identity for obtaining pending information and intelligent cipher key equipment, by the pending information and the body
Part mark is sent to terminal subsystem, and the terminal is the equipment that can not carry out network communication, wherein the pending information is extremely
Include less:Data to be stored and tune-up data;
The terminal subsystem waits locating for verifying whether the pending information is legal information if legal, described in encryption
Reason information obtains encrypting pending information, and by remote information channel by the pending information of the encryption and the identity
It is sent to the terminal apart from long-range service subsystem;
The service subsystem obtains the pending information for decrypting the pending information of the encryption, will be described pending
Information is sent to intelligent cipher key equipment corresponding with the identity connected to it, wherein the service subsystem connection
Multiple intelligent cipher key equipments;
The intelligent cipher key equipment, for handling the pending information, wherein wait locating described in the intelligent cipher key equipment processing
Managing information includes:The data to be stored is stored in the safety chip of the intelligent cipher key equipment by the intelligent cipher key equipment
In, and debugged according to the tune-up data.
9. a kind of long-range system using intelligent cipher key equipment, which is characterized in that including:
Terminal, if legal, obtain the pending information and intelligence is close for verifying whether pending information is legal information
The identity of key equipment will obtain encrypting pending information, by the pending letter of encryption after the pending information encryption
Breath and the identity are sent to terminal subsystem, and the terminal is the equipment that can not carry out network communication, wherein described to wait for
Processing information includes at least:Data to be stored and tune-up data;
The terminal subsystem, for receiving the pending information of the encryption and the identity, and it is logical by remote information
Road is sent to the terminal apart from long-range service subsystem;
The service subsystem obtains the pending information for decrypting the pending information of the encryption, will be described pending
Information is sent to intelligent cipher key equipment corresponding with the identity connected to it, wherein the service subsystem connection
Multiple intelligent cipher key equipments;
Intelligent cipher key equipment, for handling the pending information, wherein the intelligent cipher key equipment handles the pending letter
Breath includes:The data to be stored is stored in the safety chip of the intelligent cipher key equipment by the intelligent cipher key equipment, and
It is debugged according to the tune-up data.
10. system according to claim 8 or claim 9, which is characterized in that the service subsystem, for decrypting the encryption
Pending information obtains the pending information, and the pending information is sent to the connected to it and identity
Corresponding intelligent cipher key equipment, including:
The service subsystem obtains the pending information for decrypting the pending information of the encryption, will be described pending
It is sent to intelligent cipher key equipment corresponding with the identity connected to it after information protocol conversion.
11. system according to claim 8 or claim 9, which is characterized in that
The pending information further includes:Transaction data;
The terminal subsystem is additionally operable to receive the pending information and is sent to terminal;
The intelligent cipher key equipment is additionally operable to be signed to obtain signing messages to the transaction data;By the signing messages
It is sent to the service subsystem connected to it;
The service subsystem is additionally operable to receive the signing messages, encrypts the signing messages and obtains ciphering signature information, will
The ciphering signature information is sent to the null terminator Null long-range with intelligent cipher key equipment distance by remote information channel
System;
The terminal subsystem is additionally operable to receive the ciphering signature information and decrypt, the signing messages obtained, by the label
Name information is sent to the terminal;
The terminal is additionally operable to receive the signing messages.
12. system according to claim 10, which is characterized in that
The pending information further includes:Transaction data;
The terminal subsystem is additionally operable to receive the pending information and is sent to terminal;
The intelligent cipher key equipment is additionally operable to be signed to obtain signing messages to the transaction data, by the signing messages
It is sent to the service subsystem connected to it;
The service subsystem is additionally operable to receive the signing messages, encrypts the signing messages and obtains ciphering signature information, will
The ciphering signature information is sent to the null terminator Null long-range with intelligent cipher key equipment distance by remote information channel
System;
The terminal subsystem, is additionally operable to receive the ciphering signature information, and the ciphering signature information is sent to the end
End;
The terminal is additionally operable to receive the ciphering signature information, decrypts the ciphering signature information and obtains the signing messages.
13. according to claim 8,9 or 12 any one of them systems, which is characterized in that
The service subsystem, for the pending information to be sent to intelligence corresponding with the identity connected to it
Energy key devices, including:
The service subsystem carries out authentication, certification for the intelligent cipher key equipment corresponding to the identity
By rear, the pending information is sent to intelligent cipher key equipment corresponding with the identity connected to it.
14. system according to claim 8, which is characterized in that
The terminal subsystem includes:First verification encryption and decryption equipment and first data transmission equipment;Wherein:
The first verification encryption and decryption equipment, for receiving the pending information, and verifies whether the pending information closes
Method encrypts pending information if legal, obtains encrypting pending information, and the pending information of encryption is sent to institute
State first data transmission equipment;
The first data transmission equipment passes through the pending information of encryption for receiving the pending information of encryption
Remote information channel is sent to the terminal apart from long-range service subsystem.
15. the system according to claim 9 or 12, which is characterized in that
The terminal includes:Acquisition module, the first verification encryption/decryption module and transceiver module;Wherein:
The acquisition module is sent to first verification for obtaining the pending information, and by the pending information
Encryption/decryption module;
The first verification encryption/decryption module, for receiving the pending information, whether the verification pending information is legal,
If legal, the pending information is encrypted, obtains encrypting pending information, the pending information of encryption is sent to described
Transceiver module;
The transceiver module, for the pending information of encryption to be sent to the terminal subsystem;
Terminal subsystem, including first data transmission equipment;
The first data transmission equipment passes through the pending information of encryption for receiving the pending information of encryption
Remote information channel is sent to long-range service subsystem.
16. the system according to claim 9 or 12, which is characterized in that
The service subsystem, including:Second data transmission set, the second encryption and decryption equipment and third data transmission set;Its
In:
Second data transmission set is sent out for receiving the pending information of encryption, and by the pending information of encryption
It send to the second encryption and decryption equipment;
The second encryption and decryption equipment for receiving the pending information of encryption, and is decrypted the pending information of encryption, is obtained
To the pending information, the pending information is sent to the third data transmission set;
The pending information is sent to and connects with it for receiving the pending information by the third data transmission set
The intelligent cipher key equipment connect.
17. the system according to claim 9 or 12, which is characterized in that
The service subsystem, including:Second encryption and decryption equipment and the second data transmission set;Wherein:
The second encryption and decryption equipment for receiving the pending information of encryption, and is decrypted the pending information of encryption, is obtained
To the pending information, the pending information is sent to second data transmission set;
The pending information is sent to and connects with it for receiving the pending information by second data transmission set
The intelligent cipher key equipment connect.
18. the system according to claim 9 or 12, which is characterized in that
The service subsystem, including:Second data transmission set, the second encryption and decryption equipment;Wherein:
Second data transmission set is sent out for receiving the pending information of encryption, and by the pending information of encryption
It send to the second encryption and decryption equipment;
The second encryption and decryption equipment for receiving the pending information of encryption, and is decrypted the pending information of encryption, is obtained
To the pending information, the pending information is sent to second data transmission set;
Second data transmission set is additionally operable to the pending information after receiving and deciphering, and the pending information is sent out
It send to intelligent cipher key equipment connected to it.
19. system according to claim 16, which is characterized in that the service subsystem further includes protocol conversion device,
The protocol conversion device, for by after the pending information protocol conversion, being sent to intelligent cipher key equipment connected to it.
20. system according to claim 17, which is characterized in that the service subsystem further includes protocol conversion device,
The protocol conversion device, for by after the pending information protocol conversion, being sent to intelligent cipher key equipment connected to it.
21. system according to claim 18, which is characterized in that the service subsystem further includes protocol conversion device,
The protocol conversion device, for by after the pending information protocol conversion, being sent to intelligent cipher key equipment connected to it.
22. the system according to claim 9 or 12, which is characterized in that the remote information channel is transmission control protocol
TCP or User Datagram Protocol UDP connection networks.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510130567.5A CN104811309B (en) | 2015-03-24 | 2015-03-24 | A kind of long-range method and system using intelligent cipher key equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510130567.5A CN104811309B (en) | 2015-03-24 | 2015-03-24 | A kind of long-range method and system using intelligent cipher key equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104811309A CN104811309A (en) | 2015-07-29 |
CN104811309B true CN104811309B (en) | 2018-07-17 |
Family
ID=53695826
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510130567.5A Active CN104811309B (en) | 2015-03-24 | 2015-03-24 | A kind of long-range method and system using intelligent cipher key equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104811309B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105827601A (en) * | 2016-03-11 | 2016-08-03 | 李华 | Data encryption application method and system of mobile device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1780938A2 (en) * | 2002-06-12 | 2007-05-02 | Hitachi, Ltd. | Public key infrastructure and certification authority system |
CN101013942A (en) * | 2007-01-24 | 2007-08-08 | 北京飞天诚信科技有限公司 | System and method for improving the safety of intelligent key equipment |
CN103401844A (en) * | 2013-07-12 | 2013-11-20 | 天地融科技股份有限公司 | Operation request processing method and system |
-
2015
- 2015-03-24 CN CN201510130567.5A patent/CN104811309B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1780938A2 (en) * | 2002-06-12 | 2007-05-02 | Hitachi, Ltd. | Public key infrastructure and certification authority system |
CN101013942A (en) * | 2007-01-24 | 2007-08-08 | 北京飞天诚信科技有限公司 | System and method for improving the safety of intelligent key equipment |
CN103401844A (en) * | 2013-07-12 | 2013-11-20 | 天地融科技股份有限公司 | Operation request processing method and system |
Also Published As
Publication number | Publication date |
---|---|
CN104811309A (en) | 2015-07-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101873587B (en) | Wireless communication device and method for realizing service security thereof | |
CN103155613B (en) | For the method and apparatus providing access certificate | |
CN104380299B (en) | The technology that short range for user's checking is mutually authenticated | |
CN106027250B (en) | A kind of ID card information safe transmission method and system | |
CN104010297B (en) | Wireless terminal configuration method and device and wireless terminal | |
CN103178961B (en) | Safe information interaction method and related device | |
CN113595744B (en) | Network access method, device, electronic equipment and storage medium | |
CN105009618A (en) | Method, device and system for configuring wireless terminal | |
TWI619371B (en) | Communication information transmission method and system | |
JP2016539605A (en) | Method in network security and system in network security | |
CN106027249B (en) | Identity card card reading method and system | |
CN109450648A (en) | Key generating device, data processing equipment and stream compression system | |
CN109756451B (en) | Information interaction method and device | |
CN104506502A (en) | Method for connecting converged communication network with master station | |
CN108401028A (en) | A kind of cloud server, control device and operation managing and control system | |
CN107483639A (en) | The method, apparatus and equipment converted between serial data and wireless network data | |
CN107947927A (en) | A kind of id password cipher key processing method and system | |
CN104299133A (en) | On-line mobile payment system based on somatosensory network and credibility authentication method | |
CN104811309B (en) | A kind of long-range method and system using intelligent cipher key equipment | |
ES2757964T3 (en) | Procedure, configuration to process information on a home appliance as well as a home appliance | |
CN103136667B (en) | There is the smart card of electronic signature functionality, smart card transaction system and method | |
CN110278077B (en) | Method, device, equipment and storage medium for acquiring data information of electric energy meter | |
CN103745149B (en) | Information safety devices, real-time guard system and method based on wireless communication | |
CN203984458U (en) | A kind of Internet of Things safety system, smart machine and Hub equipment | |
CN104734855A (en) | Communication methods and system of intelligent secret key device and intelligent secret key device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
EXSB | Decision made by sipo to initiate substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |