CN106250750A - USB equipment accessing method and device based on MacOSX system - Google Patents

USB equipment accessing method and device based on MacOSX system Download PDF

Info

Publication number
CN106250750A
CN106250750A CN201610571570.5A CN201610571570A CN106250750A CN 106250750 A CN106250750 A CN 106250750A CN 201610571570 A CN201610571570 A CN 201610571570A CN 106250750 A CN106250750 A CN 106250750A
Authority
CN
China
Prior art keywords
usb device
protocol
ccid
support
usb
Prior art date
Application number
CN201610571570.5A
Other languages
Chinese (zh)
Other versions
CN106250750B (en
Inventor
陈柳章
Original Assignee
深圳市文鼎创数据科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市文鼎创数据科技有限公司 filed Critical 深圳市文鼎创数据科技有限公司
Priority to CN201610571570.5A priority Critical patent/CN106250750B/en
Priority claimed from CN201610571570.5A external-priority patent/CN106250750B/en
Publication of CN106250750A publication Critical patent/CN106250750A/en
Application granted granted Critical
Publication of CN106250750B publication Critical patent/CN106250750B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems

Abstract

The invention is suitable for the field of information security, and provides a USB equipment accessing method and device based on a MacOSX system. The MacOSX system comprises a PC/SC card reader drive stored in a specified path, and the PC/SC card reader drive simulates equipment supporting a non-chip intelligent card interface equipment CCID protocol as a card reader to identify the equipment supporting the non-CCID protocol. According to the MacOSX system, the types of the equipment which can be assessed to the system can be widened.

Description

基于MacOSX系统的USB设备接入方法及装置 USB-based device access system method and apparatus MacOSX

技术领域 FIELD

[0001 ]本发明实施例属于信息安全领域,尤其涉及一种基于MacOSX系统的USB设备接入方法及装置。 Example belongs to the field of information security [0001] The present invention particularly relates to a method and device for the USB device MacOSX system.

背景技术 Background technique

[0002]目前,不同系统可能默认支持通过不同协议的USB设备接入系统,比如,在MacOSX系统下默认只支持通过芯片智能卡接口设备(Chip/Smart Card Interface Devices,CCID)协议的USB设备接入系统。 [0002] Currently, different systems may default access systems support USB devices via different protocols, for example, in the MacOSX system by default only supports the chip Smart Card Interface Devices (Chip / Smart Card Interface Devices, CCID) protocol access USB devices system.

[0003] 由于USB协议不仅包括CCID协议,也包括与人交互设备(Human InterfaceDevice,HID)、小型计算机系统接口(Small Computer System Interface,SCSI)等其他协议,因此,若只支持通过某种协议的USB设备接入系统,将导致能够接入系统的USB设备的类型过少。 [0003] Since the USB CCID protocol includes not only the agreement, but also with human interaction devices (Human InterfaceDevice, HID), small computer system interface (Small Computer System Interface, SCSI) and other protocols, therefore, if only through the support of some sort of agreement USB device to the system, will result in the type of the USB device to access the system is too small.

发明内容 SUMMARY

[0004]本发明实施例提供了一种基于MacOSX系统的USB设备接入方法及装置,旨在解决现有系统只支持通过CCID协议的USB设备接入系统,从而导致能够接入系统的USB设备的类型过少的问题。 [0004] Example embodiments provide a method and an access device based on USB device MacOSX system only supports the USB device protocol CCID systems intended to address the conventional system of the present invention, thereby causing the system to access a USB device the type is too small problem.

[0005]本发明实施例是这样实现的,一种MacOSX系统,其特征在于,所述MacOSX系统包括: [0005] Embodiments of the invention are implemented as a MacOSX system, characterized in that said MacOSX system comprising:

[0006]存储在指定路径的PC/SC读卡器驱动,所述PC/SC读卡器驱动将支持非芯片智能卡接口设备CCID协议的设备模拟为读卡器,以识别所述支持非CCID协议的设备。 [0006] stored in the specified path PC / SC card reader driver, the PC / SC card reader driver will support the non-chip analog devices Smart Card Interface Devices CCID protocol card reader, to identify the protocol supports non CCID device of.

[0007]本发明实施例的另一目的在于提供一种基于MacOSX系统的USB设备接入方法,所述USB设备接入方法包括: [0007] Another object of an embodiment of the present invention to provide a USB device to MacOSX based system, the USB device access method comprising:

[0008] 在检测到USB设备插入后,若判断出USB设备为不支持CCID协议的USB设备,则通过存储在指定路径的PC/SC读卡器驱动获取所述不支持CCID协议的USB设备的信息; [0008] In the inserted USB device is detected, if it is determined that the USB device does not support the protocol of USB device CCID, then / SC card reader driver acquired by the specified path stored in the PC does not support the protocol of USB device CCID information;

[0009]根据获取的所述不支持CCID协议的USB设备的信息判断所述不支持CCID协议的USB设备是否为系统支持的USB设备; [0009] determining whether the protocol does not support CCID USB device is a USB device supported by the system according to the obtained information does not support the protocol of USB device CCID;

[0010]在所述不支持CCID协议的USB设备为系统支持的USB设备时,获取并注册所述不支持CCID协议的USB设备的证书和密钥,以便系统调用。 [0010] When the CCID protocol does not support USB devices for the system supports USB devices, and register to obtain the certificate and key CCID protocol does not support USB devices to the system call.

[0011]本发明实施例的另一目的在于提供一种基于MacOSX系统的USB设备接入装置,所述USB设备接入装置包括: [0011] Another object of an embodiment of the present invention to provide a device of the USB device MacOSX-based system, the USB device access apparatus comprising:

[0012]第一 USB设备的信息获取单元,用于在检测到USB设备插入后,若判断出USB设备为不支持CCID协议的USB设备,则通过存储在指定路径的PC/SC读卡器驱动获取所述不支持CCID协议的USB设备的信息; [0012] The first USB device information obtaining unit, configured to insert the USB device is detected, if it is determined that the USB device does not support the protocol CCID USB device, is driven in a specified path PC / SC card reader by storing CCID information acquisition protocol does not support the USB device;

[0013]第一系统支持设备判断单元,用于根据获取的所述不支持CCID协议的USB设备的信息判断所述不支持CCID协议的USB设备是否为系统支持的USB设备; [0013] The system supports a first device determining means for determining whether the protocol does not support the CCID according to the obtained information does not support the protocol CCID USB device is a USB device is a USB device supported by the system;

[0014]第一信息注册单元,用于在所述不支持CCID协议的USB设备为系统支持的USB设备时,获取并注册所述不支持CCID协议的USB设备的证书和密钥,以便系统调用。 [0014] The first information registration unit, configured to, when the CCID protocol does not support the USB device is a USB device supported by the system, and acquires the registration certificate and the key does not support CCID USB device protocol, so that the system call .

[0015]在本发明实施例中,由于所述MacOSX系统包括存储在指定路径的PC/SC读卡器驱动,而所述PC/SC读卡器驱动能够将支持非芯片智能卡接口设备CCID协议的设备模拟为读卡器,因此,所述MacOSX系统能够识别支持非CCID协议的设备,从而扩大了MacOSX系统能够识别的设备的类型。 [0015] In an embodiment of the present invention, since the system comprises a PC MacOSX stored in the specified path / SC card reader driver, and the PC / SC card reader driver chip capable of supporting non-smart card interface device protocol CCID device for the simulation of a card reader, therefore, the system can identify MacOSX non CCID protocol support apparatus, thereby expanding the type of device MacOSX system can be recognized.

附图说明 BRIEF DESCRIPTION

[0016]图1是本发明第一实施例提供的一种MacOSX系统的结构图; [0016] FIG. 1 is a configuration diagram of a MacOSX system according to a first embodiment of the present invention;

[0017]图2是本发明第二实施例提供的一种基于MacOSX系统的USB设备接入方法的流程图; [0017] FIG 2 is a flowchart of a method for the USB device to the second embodiment of the present invention provides a system based MacOSX;

[0018]图3是本发明第三实施例提供的一种基于MacOSX系统的USB设备接入装置的结构图。 [0018] FIG. 3 is a third embodiment of the present invention provides a configuration diagram of the USB device to device MacOSX System.

具体实施方式 Detailed ways

[0019]为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。 [0019] To make the objectives, technical solutions and advantages of the present invention will become more apparent hereinafter in conjunction with the accompanying drawings and embodiments of the present invention will be further described in detail. 应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。 It should be understood that the specific embodiments described herein are only intended to illustrate the present invention and are not intended to limit the present invention.

[0020]本发明实施例中,MacOSX系统包括存储在指定路径的PC/SC读卡器驱动,所述PC/SC读卡器驱动将支持非芯片智能卡接口设备CCID协议的设备模拟为读卡器,以识别所述支持非CCID协议的设备。 [0020] Example embodiments of the present invention, MacOSX system includes a specified path stored in the PC / SC card reader driver, the PC / SC card reader driver will support the non-chip analog devices smart card interface device to the card reader protocol CCID , to identify the protocol supports non CCID device.

[0021]为了说明本发明所述的技术方案,下面通过具体实施例来进行说明。 [0021] In order to describe the technical solutions of the present invention will be illustrated by specific examples.

[0022] 实施例一: [0022] Example a:

[0023]图1示出了本发明第一实施例提供的一种MacOSX系统的结构图,为了便于说明,仅不出了与本实施例相关的部分: [0023] FIG 1 shows a structural diagram of a MacOSX system according to a first embodiment of the present invention, for convenience of description, not only the parts related to the present embodiment:

[0024] 所述MacOSX系统包括: [0024] MacOSX said system comprising:

[0025] PC/SC读卡器驱动11,所述PC/SC读卡器驱动11存储在指定路径,所述PC/SC读卡器驱动将支持非芯片智能卡接口设备(Chip/Smart Card Interface Devices,CCID)协议的设备模拟为读卡器,以识别所述支持非CCID协议的设备。 [0025] PC / SC card reader driver 11, the PC / SC card reader driver 11 stored in the specified path, the PC / SC card reader driver to support non-smart card interface device chip (Chip / Smart Card Interface Devices , device emulation CCID) protocol to the reader, to identify the protocol supports non CCID device.

[0026] 其中,PC/SC是一套程序接口规范,提供了一个从个人电脑(Personal Computer,PC)到智能卡(SmartCarcUSC)的操作接口。 [0026] wherein, PC / SC specification is a set of programming interfaces, providing a user interface from a PC (Personal Computer, PC) to the smart card (SmartCarcUSC) a. PC/SC规范由微软公司与世界其它著名的智能卡厂商组成的PC/SC工作组提出,PC/SC体系由三个主要部件组成,分别规定操作系统厂商、读写器(IFD)厂商、智能卡(ICC)厂商的职责。 PC / SC Working Group PC / SC specification by Microsoft and other world famous manufacturers of smart cards consisting proposed, PC / SC system consists of three main components, namely the provisions of the operating system vendors, the reader (IFD) vendors, smart card ( ICC) responsibilities manufacturers.

[0027]由于现有的MacOSX系统并不支持非CCID设备(即不采用CCID协议的设备),因此,为了实现MacOSX系统支持非CCID设备的功能,需要开发一个对应PC/SC接口的驱动库,该PC/SC接口的驱动库包括能够将支持非CCID协议的设备模拟为读卡器的PC/SC读卡器驱动。 [0027] Since the existing system does not support non-MacOSX CCID devices (i.e., without using the device CCID protocol), and therefore, in order to achieve non MacOSX system supporting functions of the CCID, the corresponding need to develop a PC / SC driver library interface, the PC / SC driver library interface comprising analog devices capable of supporting non-driven protocol CCID reader PC / SC card reader.

[0028] 可选地,所述MacOSX系统还包括:调用密码设备的密码运算功能的密码接口12。 [0028] Alternatively, said system further comprising MacOSX: Password arithmetic function call interface 12 of cryptographic device.

[0029] 具体地,假设Tokend为一个密码接口12,系统可以通过Tokend与对应的密码设备通信,调用密码设备的密码运算的功能。 [0029] Specifically, assuming that a password Tokend interface 12, the system may communicate with a corresponding password Tokend device, calling a cryptographic operation of the cryptographic device functions. 该Tokend安装到系统规定的路径(如/System/Library/Security/tokend目录),以便系统调用Tokend时,直接到规定的路径查找。 Tokend mounted to the path (e.g., / System / Library / Security / tokend directory) specified in the system so that the system call Tokend, a direct path to a predetermined lookup. 通过增加密码接口12,便于后续调用密码运算功能对相应的通信内容进行加密。 By increasing the password interface 12 to facilitate the subsequent call function to encrypt the cryptographic operation corresponding to the contents of the communication.

[0030] 可选地,所述非CCID协议包括: [0030] Alternatively, the non-CCID protocol comprises:

[0031 ] 与人交互设备(Human Interface Device,HID)、小型计算机系统接口(SmallComputer System Interface,SCSI)。 [0031] The human interaction device (Human Interface Device, HID), Small Computer System Interface (SmallComputer System Interface, SCSI). 例如,所述非CCID协议可以为HID协议,也可以为SCSI协议。 For example, the protocol may be a non-CCID HID protocol, it may be a SCSI protocol.

[0032]本发明第一实施例中,MacOSX系统包括存储在指定路径的PC/SC读卡器驱动,由于所述PC/SC读卡器驱动能够将支持非芯片智能卡接口设备CCID协议的设备模拟为读卡器,因此,本发明实施例提供的MacOSX系统能够识别所述支持非CCID协议的设备,从而扩大了能够识别的设备的范围。 [0032] The first embodiment of the present invention, MacOSX system includes a specified path stored in the PC / SC card reader driver, since the PC / SC card reader driver support apparatus capable of analog chip non-smart card interface device protocol CCID the card reader, therefore, embodiments of the present invention MacOSX system provided that can identify the non CCID protocol support, thus expanding the range of the device can be recognized.

[0033] 实施例二: [0033] Example II:

[0034]图2示出了本发明第二实施例提供的一种基于MacOSX系统的USB设备接入方法的流程图,详述如下: [0034] FIG. 2 shows a flowchart of the USB device access method based MacOSX present invention provides a system provided in a second embodiment, detailed below:

[0035]步骤S21、在检测到USB设备插入后,若判断出USB设备为不支持芯片智能卡接口设备CCID协议的USB设备,则通过存储在指定路径的的PC/SC读卡器驱动获取所述不支持CCID协议的USB设备的信息。 [0035] In step S21, the USB device is detected after the insertion, if it is determined that the USB device does not support the smart card interface device chip CCID protocol USB device, by storing the driver acquires the specified path PC / SC card reader of the CCID protocol information does not support USB devices.

[0036]由于在USB设备为不支持CCID协议的USB设备时,系统默认并不支持该类设备,因此,需要开发一个对应PC/SC接口的驱动库(存储至少一种驱动的库),以通过开发的驱动将对应的USB设备模拟为读卡器。 [0036] Since the USB device does not support the protocol CCID USB device, such devices not supported by default, therefore, a need to develop a corresponding PC / SC driver library interface (at least one storage drive library) to by driving the development of analog USB device corresponding to the card reader. 另外,为了便于后续的调用,需要将开发的驱动库安装到系统对应的路径。 Further, in order to facilitate subsequent calls, the need to develop a drive path mounted to the library system corresponding.

[0037]该步骤中,系统检测出USB设备插入后,判断该USB设备是否为不支持芯片智能卡接口设备(Chip/Smart Card Interface Devices,CCID)协议的USB设备,若是,系统将不支持CCID协议的USB设备识别为PC/SC读卡器,再在安装在指定路径的PC/SC读卡器驱动中查找与所述不支持CCID协议的USB设备对应的PC/SC驱动,并获取所述不支持CCID协议的USB设备的信息,若否,系统将支持CCID协议的USB设备识别为智能卡读卡器,并通过系统的CCID读卡器驱动获取所述支持CCID协议的USB设备的信息。 [0037] In this step, the system detects the USB device is inserted, judges whether the USB device does not support the chip smart card interface device (Chip / Smart Card Interface Devices, CCID) protocol USB device, if the system will not support the CCID protocol USB device is identified as PC / SC card reader, then look in the PC installed in the specified path / SC card reader driver does not support in the CCID USB device protocol corresponding PC / SC driver, and acquires the non- information of the USB device protocol supports CCID, if not, the system supports the protocol CCID USB device is identified as a smart card reader, and obtain information of the driving CCID protocol supported by the USB device CCID reader system.

[0038]步骤S22,根据获取的所述不支持CCID协议的USB设备的信息判断所述不支持CCID协议的USB设备是否为系统支持的USB设备。 Determining whether the information [0038] Step S22, the acquired according to the protocol does not support CCID USB device does not support the protocol of USB devices CCID system support USB devices.

[0039]由于USB协议除了CCID协议外,还有HID,SCSI等协议,因此,只有当系统开发并安装了与支持HID、SCSI协议的USB设备对应的驱动之后,系统才会支持HID、SCSI协议的USB设备。 [0039] In addition to the USB protocol since CCID protocol, as well as HID, SCSI and other protocols, therefore, only when the system is developed and the USB device driver corresponding to the support HID, SCSI protocol installed, the system will support the HID, SCSI protocol USB device.

[0040]在该步骤中,若所述不支持CCID协议的USB设备的信息包括所述不支持CCID协议的USB设备对应的读卡器名字和/或复位信息,则所述根据获取的所述不支持CCID协议的USB设备的信息判断所述不支持CCID协议的USB设备是否为系统支持的USB设备,具体包括:[0041 ] Al、将获取的所述不支持CCID协议的USB设备对应的读卡器名字和/或复位信息与预存的标准读卡器名字和/或复位信息比较。 Information [0040] In this step, if the protocol does not support CCID USB devices include CCID protocol does not support the USB device corresponding to the name of the reader and / or reset information, according to the acquired the Analyzing the information does not support the protocol CCID USB device does not support the protocol of USB device CCID whether the system supports a USB device comprises: USB device corresponding to the [0041] Al, the acquired protocol does not support read CCID comparing the name of the card reader and / or reset information prestored standard reader name and / or reset information. 其中,USB设备对应的读卡器名字包括的名字特征和复位信息从驱动获取,且USB设备对应的复位信息符合IS07816标准,包括厂商特征信息字节。 Wherein the reset information and the name feature corresponding to the USB device comprises a card reader name acquired from the drive, and USB device information corresponding to the reset line with IS07816 standard, including manufacturers feature information bytes. 具体地,将USB设备对应的读卡器名字包括的名字特征与预存的标准读卡器名字包括的名字特征比较,和/或,将USB设备对应的复位信息的厂商特征信息字节与预存的标准复位信息的厂商特征信息字节比较。 Specifically, comparing USB device name feature name feature corresponding to the name of the card reader comprises a card reader and a standard prestored names included, and / or the USB device manufacturers feature information bytes corresponding to the reset information and prestored comparison of standard reset feature vendor information bytes of information. 由于复位信息包括厂商特征信息字节,因此,结合复位信息判断USB设备是否为系统支持的USB设备能够使得判断结果更准确。 Since the reset feature information includes vendor information bytes, and therefore, in conjunction with the reset information, whether the USB device is a USB device supported by the system enables more accurate determination.

[0042] A2、在获取的所述不支持CCID协议的USB设备对应的读卡器名字和/或复位信息与预存的标准读卡器名字和/或复位信息相同时,判定所述不支持CCID协议的USB设备为系统支持的USB设备,否则,判定所述不支持CCID协议的USB设备为系统不支持的USB设备。 [0042] A2, the CCID acquired protocol does not support the USB device corresponding to the name of the reader and / or card reader standard reset information pre-stored names and / or reset information is the same, the determination is not supported CCID protocol system supports USB devices to the USB device, otherwise, determining that the CCID protocol does not support USB devices for the system does not support USB devices.

[0043]当开发出支持某类协议的USB设备的驱动时,设置该某类协议的USB设备对应的读卡器名字,包括设置该某类协议的USB设备对应的读卡器名字的名字特征,并存储。 [0043] When a certain protocol developed to support the USB device driver, the device name of the USB card reader is provided a class corresponding to the protocol, the name of a certain protocol comprises features reader USB device corresponding to the name and storage. 在上述Al和A2中,若系统已将USB设备识别为PC/SC读卡器(当系统已将USB设备识别为智能卡读卡器也与上述Al、A2步骤类似),则启动一个Tokend进程并且传入USB设备的读卡器名字和/或复位信息,Tokend启动以后,根据读卡器名字(由于USB设备的复位信息一般都含有厂商特征信息字节,因此还可根据USB设备的复位信息来进一步区分USB设备)判断是否是系统自己支持的USB设备。 In the Al and A2, if the system has been recognized as a USB device PC / SC card reader (USB device when the system has been identified as a smart card reader and also the Al, A2 similar step), and then starts a process Tokend incoming USB card reader device name and / or reset information after Tokend start, according to the name of the reader (since the reset information of the USB device manufacturers typically contains feature information bytes, so the information may be reset according to the USB device further distinguishing USB devices) to determine whether the systems it supports USB devices. 其中,Tokend是MacOSX系统下原生应用如Safari与USB设备(智能卡设备)交互的接口。 Which, Tokend is a native application, such as Safari under MacOSX system with a USB device (smart card device) interaction interface.

[0044]步骤S23,在所述不支持CCID协议的USB设备为系统支持的USB设备时,获取并注册所述不支持CCID协议的USB设备的证书和密钥,以便系统调用。 [0044] step S23, when the CCID protocol does not support the USB device is a USB device supported by the system, and acquires the registration certificate and the key does not support CCID USB device protocol, so that the system call.

[0045]在所述不支持CCID协议的USB设备为系统支持的USB设备时,则向系统注册设备上的证书和密钥(这里的密钥可能为I个,也可能为2个,比如,当加密算法为公钥加密算法(RSA)时,需要I个公钥和I个私钥,此时的密钥为2个密钥(密钥对)),并且返回对应的操作接口函数指针,等待系统进行调用。 [0045] When the CCID protocol does not support USB devices supported by the system for the USB device, the certificate and key registered device on the system (where the key may be the I also may be two, for example, when the encryption algorithm is a public key encryption algorithm (the RSA), I need a public key and a private key I, the key in this case is two keys (key pair)), and returns to operation corresponding to the interface function pointer, wait for the system call. 当然,在所述支持CCID协议的USB设备为系统支持的USB设备时,执行的步骤与步骤S23类似,此处不再赘述。 Of course, when the CCID protocol support USB devices to the USB device supported by the system, and steps similar to step S23, omitted here.

[0046] 可选地,在步骤S23之后,包括: [0046] Optionally, after step S23, the comprising:

[0047] B1、接收应用访问请求。 [0047] B1, receives the application access requests. 当完成USB设备的证书和密钥的注册后,若用户点击某个应用,则系统接收用户发出的应用访问请求,例如,当用户插入USB设备,并点击Safari浏览器,则系统接收到Safari浏览器的访问请求。 Once registered USB device certificates and keys, if a user clicks on an application, the system receives access requests issued by the user application, for example, when the user inserts a USB device, and click on the Safari browser, the system receives the Safari browser access is requested.

[0048] B2、判断所述应用访问请求携带的网络信息是否为需要客户端认证的网络信息。 [0048] B2, determines the application to access network information carried in the request whether the client authentication network information. 这里的网络信息包括网站信息,比如https网站的信息等。 Network information here includes site information, such as information https websites and so on. 具体地,可预先设置需要客户端认证的网络信息,当接收到应用访问请求后,解析出该应用访问请求携带的网络信息,再将解析出的网络信息与预先设置的需要客户端认证的网络信息比较,以判断解析出的网络信息是否为需要客户端认证的网络信息。 In particular, the network information can be pre-set client authentication, the application after receiving an access request, parses the request to access the network information carried in the application, and then the parsed network information and client authentication preset network comparing information to determine whether the network information is parsed network information to the client authentication.

[0049] B3、在所述应用访问请求携带的网络信息为需要客户端认证的网络信息时,显示已注册的证书。 [0049] B3, in the application of information network access request when the client authentication is required network information, display registered certificates. 具体地,若系统已注册多个证书,则显示已注册的多个证书,比如,以列表的形式显示系统已注册的多个证书,以提示用户选择证书。 Specifically, if the system has registered multiple certificates, multiple registered certificates show, for example, to display more than one certificate system has been registered in the form of a list, the user is prompted to select a certificate.

[0050] B4、接收用户发出的证书选择指令以及用户输入的USB设备的认证口令。 [0050] B4, receives the certificate issued by the user command and selects an authentication password input by the user of the USB device. 该步骤中,可在显示已注册证书的时候,同时显示密钥输入框,这样,用户在选择证书后能够输入对应的密钥。 In this step, you may be displayed at the time the certificate is registered, a key input boxes displayed simultaneously, so that the user has selected the key corresponding to the certificate can be input. 或者,当接收到用户发出的证书选择指令后,系统根据被选中的证书对应的Tokend,提示用户输入密钥。 Alternatively, after receiving the certificate sent by the user selection instruction, based on the certificate corresponds to the system selected Tokend, prompting the user to enter the key.

[0051] B5、根据所述用户发出的证书选择指令、用户输入的USB设备的认证口令以及已注册的证书和USB设备的认证口令判断用户是否为合法的用户。 [0051] B5, a certificate selection instruction given by the user, the user inputs the authentication password authentication password, and the certificate of USB devices and USB registered device determines whether the user is a legitimate user. 该步骤中,可将用户选中的证书、输入的USB设备的认证口令分别与已注册的证书、USB设备的认证口令比较,若证书与对应的USB设备的认证口令都相同,则判定用户为合法的用户,否则,判定用户为不合法的用户;只有在用户为合法的用户时,才能获得进行密码算法的权限。 In this step, can be selected by the user credentials, authentication password USB device input, the authentication password for the USB device is compared with registered certificates, respectively, if the password authentication certificate corresponding to the USB device are the same, it is determined that the user is legitimate users, otherwise, determines that the user is not a legitimate user; only when the user is a legitimate user, in order to obtain permission to carry out the cryptographic algorithm.

[0052] B6、在用户为合法的用户时,加密发送至服务端的数据,以使所述服务端验证所述用户的合法性。 [0052] B6, when the user is a legitimate user, the encrypted data sent to the server so that the server verifies the validity of the user. 具体地,当USB设备判断出用户为合法的用户后,USB设备需要采用用户的证书对应的密钥中的私钥加密将要发送至服务端(如银行服务端)的数据,并将用户的证书以及用户的证书对应的密钥(该密钥包括公钥和密钥)发送至服务端,当服务端接收到采用用户的证书对应的密钥中的私钥加密的数据后,采用密钥中的公钥解密所述私钥加密的数据,当解密出符合要求的数据时,服务端判定当前使用USB设备的用户为合法的用户,并与USB设备建立SSL握手,S卩USB设备成功与服务端建立SSL握手,否则,服务端拒绝连接,SSL握手失败。 Specifically, when the USB device is judged that the user as a legitimate user, the USB device using private key encryption requires a certificate corresponding to the key of the user will be sent to the server (bank server) data, and user certificates and a user key corresponding to the certificate (including the public key and keys) is sent to the server, when the server receives the user credentials using the key corresponding to the private key to encrypt data, using the key in the the public key to decrypt the encrypted private data, when decrypted data to meet the requirements, the server determines that the user is currently using the USB device is a legitimate user, and to establish the SSL handshake and the USB device, S Jie USB device successfully services establish an SSL handshake ends, otherwise, the server denies the connection, the SSL handshake fails. 通过USB设备和服务端的两次验证,提高了判断用户合法性的结果的准确性。 Through two USB devices and server-side validation, improved user to determine the legality of the accuracy of the results. 具体地,通过Tokend返回给外面的接口函数指针调用USB设备的密钥,并通过调用的密钥对SSL握手数据进行加密,比如,进行RSA签名等功能,实现服务端对USB设备上证书所代表的用户的认证,最终完成安全套接字(SecuritySocketLayer,SSL)握手。 Specifically, the pointer returns to the calling by Tokend USB device outside interface function key, and encrypts the key by the SSL handshake data call, such as, for RSA signature function, implemented on the server certificate on behalf of the USB device user authentication, and ultimately secure socket (SecuritySocketLayer, SSL) handshake. 其中,使用SSL可以对通讯内容进行高强度的加密,从而可以有效防止黑客盗取您的用户名、密钥和通讯内容,保证通讯的安全性。 Which can be encrypted using SSL high strength for the content of communications, which can effectively prevent hackers to steal your user name, keys, and the content of communications, to ensure the security of communications. 通过上述步骤,使得除了MacOSX系统下的原生应用(如Safari)能够使用CCID设备(如通过CCID协议的USB设备)来进行SSL连接外,非CCID协议的USB设备也能进行SSL连接,从而提高非CCID协议的USB设备的通讯内容的安全性。 Through the above steps, so that in addition to the native application under MacOSX system (e.g., Safari) can be used CCID devices (USB devices such as by CCID protocol) to the outer SSL connection, USB devices, a non-CCID protocol can be performed SSL connection, thereby improving the non- the security content of communications USB devices CCID protocol.

[0053]进一步地,在USB设备成功与服务端建立SSL握手之后,USB设备接收服务端发送的加密算法和密钥,并采用所述加密算法和密钥加密发送至服务端的的通讯内容。 [0053] Further, after the USB device successfully SSL handshake with the server, the encryption algorithm and key USB device receives the service sent by the server, and uses the encryption algorithm and the encryption key sent to the server of the communication contents.

[0054] 可选地,在B6之后,包括: [0054] Alternatively, after B6, comprising:

[0055]在USB设备移除后,删除已注册的所述不支持CCID协议的USB设备的证书和密钥。 Certificate and key [0055] After the USB device is removed, delete the registered CCID protocol does not support USB devices. 当用户使用完毕拔出USB设备时,系统检测到USB设备移除,则查找到对应的Tokend进程,并通知该Tokend进程退出,然后该Tokend进行清理操作并退出,比如,清理已注册的所述不支持CCID协议的USB设备的证书和密钥。 When the user is finished unplug the USB device when the system detects the USB device is removed, the corresponding process Tokend find and notify the Tokend process to exit, then the Tokend the cleaning operation and exit, for example, to clean up the registered certificate and key CCID protocol does not support USB devices.

[0056]当然,由于用户在使用USB设备的一段时间内,可能会再次使用该USB设备,因此,为了避免后续仍需注册相应的证书及密钥,可在删除已注册的所述不支持CCID协议的USB设备的证书和密钥之前,判断USB设备删除时间是否小于预设时间,若是,不执行任何动作,否则,删除已注册的所述不支持CCID协议的USB设备的证书和密钥。 [0056] Of course, since the user is within a period of time using a USB device, the USB device may be used again, and therefore, still in order to avoid subsequent registration certificate and corresponding key, may be registered in the remove unsupported CCID before the certificate and key USB device protocol, judge USB device removal time is less than a preset time, if the certificate and key, no action, otherwise, delete the registered CCID protocol does not support USB devices. 由于在USB设备删除时间小于预设时间时,不删除已注册的所述不支持CCID协议的USB设备的证书和密钥,因此,在用户在小于预设时间的时间内再次插入USB设备时,无需再次注册该USB设备的证书和密钥,从而减少了系统的操作,节省了系统资源。 Because when the USB device removal time is less than the preset time, do not delete the registered certificate and key does not support USB devices CCID protocol, therefore, the user inserts a USB device again in less than a preset period of time, the USB device without having to register again certificates and keys, thereby reducing the operating system, saving system resources.

[0057]可选地,Cl、若判断出USB设备为支持CCID协议的USB设备,则通过系统的CCID读卡器驱动获取所述支持CCID协议的USB设备的信息。 [0057] Alternatively, Cl, if it is determined that the USB device is a USB device supports CCID protocol, acquiring the information of the driving CCID protocol supported by the USB device CCID reader system.

[0058] C2、根据获取的所述支持CCID协议的USB设备的信息判断所述支持CCID协议的USB设备是否为系统支持的USB设备。 [0058] C2, whether the protocol supports the CCID according to the acquired information to determine the protocol supported CCID USB device is a USB device USB devices supported by the system.

[0059] C3、在所述支持CCID协议的USB设备为系统支持的USB设备时,获取并注册所述支持CCID协议的USB设备的证书和密钥,以便系统调用。 [0059] C3, when the CCID protocol support for USB devices for the system supports USB devices, and obtain a certificate of registration and the key support CCID protocol of USB devices to the system call.

[0060] 上述Cl〜C3中,USB设备对应的读卡器名字包括的名字特征和复位信息从驱动获取,且USB设备对应的复位信息符合IS07816标准,其包括厂商特征信息字节。 [0060] The Cl~C3, the name and the reset feature information corresponding to the USB device comprises a card reader name acquired from the drive, and USB device information corresponding to the reset line with IS07816 standard, the feature information including a vendor bytes. 具体地,将USB设备对应的读卡器名字包括的名字特征与预存的标准读卡器名字包括的名字特征比较,和/或,将USB设备对应的复位信息的厂商特征信息字节与预存的标准复位信息的厂商特征信息字节比较,若相同,则判定所述支持CCID协议的USB设备为系统支持的USB设备,否则,判定所述支持CCID协议的USB设备为系统不支持的USB设备。 Specifically, comparing USB device name feature name feature corresponding to the name of the card reader comprises a card reader and a standard prestored names included, and / or the USB device manufacturers feature information bytes corresponding to the reset information and prestored Manufacturer information bytes standard reset feature information comparison, if the same, it is determined that the USB device supports CCID protocol system support USB devices, otherwise, determining that the supporting device is a USB protocol CCID system does not support USB devices.

[0061 ]本发明第二实施例中,在检测到USB设备插入后,若判断出USB设备为不支持芯片智能卡接口设备CCID协议的USB设备,则通过存储在指定路径的PC/SC读卡器驱动获取所述不支持CCID协议的USB设备的信息,根据获取的所述不支持CCID协议的USB设备的信息判断所述不支持CCID协议的USB设备是否为系统支持的USB设备,在所述不支持CCID协议的USB设备为系统支持的USB设备时,获取并注册所述不支持CCID协议的USB设备的证书和密钥,以便系统调用。 [0061] The second embodiment of the present invention, upon detection of a USB device is plugged, if it is determined that the USB device does not support the smart card interface device chip CCID protocol USB device, by storing the specified path in the PC / SC card reader the driving information acquiring CCID USB device does not support the protocol, according to the acquired information to determine the protocol does not support CCID USB device does not support the protocol CCID USB device is a USB device supported by the system, not the when CCID protocol support USB devices for the system supports USB devices, acquiring and registering the CCID protocol does not support the certificate and key USB devices to the system call. 由于在指定路径安装了PC/SC读卡器驱动,因此,能够获取不支持CCID协议的USB设备的信息,进而根据获取的信息判断所述不支持CCID协议的USB设备是否为系统支持的USB设备,并在所述不支持CCID协议的USB设备为系统支持的USB设备时,获取并注册所述不支持CCID协议的USB设备的证书和密钥,从而使得系统能够调用不支持CCID协议的USB设备,扩大系统能够接入的USB设备的类型。 Since the USB device is mounted in the specified path of the PC / SC card reader driver, it is possible to obtain information of the USB device does not support the protocol of the CCID, CCID and thus does not support the protocol according to the acquired information to determine whether the USB device supported by the system when the certificate and key, and the CCID protocol does not support USB devices for the system supports USB devices, acquiring and registering the CCID protocol does not support USB devices, thereby enabling the system to call CCID protocol does not support USB devices , to expand the type of system can access the USB device.

[0062]应理解,在本发明实施例中,上述各过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本发明实施例的实施过程构成任何限定。 [0062] It should be understood, in the embodiment of the present invention, the sequence numbers of the above-described processes do not indicate execution order, the order of execution processes should be determined by its function and internal logic, not for an embodiment of the present invention, constitute any limitation on the process embodiment.

[0063] 实施例三: [0063] Example III:

[0064]图3示出了本发明第三实施例提供的一种基于MacOSX系统的USB设备接入装置的结构图,该基于MacOSX系统的USB设备接入装置可应用于智能终端中,该智能终端可以包括经无线接入网RAN与一个或多个核心网进行通信的用户设备,该用户设备可以是移动电话(或称为“蜂窝”电话)、具有移动设备的计算机等,例如,用户设备还可以是便携式、袖珍式、手持式、计算机内置的或者车载的移动装置,它们与无线接入网交换语音和/或数据。 [0064] FIG. 3 illustrates a third embodiment of the present invention provides a configuration diagram of the USB device to device based MacOSX system, the USB device to the apparatus may be applied to systems based MacOSX intelligent terminal, the smart the terminal may include a user equipment communicating via a radio access network RAN ​​to one or more core networks, the user equipment may be a mobile phone (or "cellular" phone), a mobile device like a computer, e.g., a user equipment It may also be a portable, pocket, handheld, computer-included, or car mobile device, which the radio access network to exchange voice and / or data. 又例如,该移动设备可以包括智能手机、平板电脑、个人数字助理PDA、销售终端POS或车载电脑等。 As another example, the mobile device may include smart phones, tablet computers, personal digital assistants PDA, POS terminal sales or car computers. 为了便于说明,仅示出了与本发明实施例相关的部分。 For ease of description, only the parts related to the embodiment of the present invention.

[0065] 该基于MacOSX系统的USB设备接入装置包括: [0065] The USB device access apparatus based MacOSX system comprising:

[0066]第一 USB设备的信息获取单元31,用于在检测到USB设备插入后,若判断出USB设备为不支持CCID协议的USB设备,则通过存储在指定路径的PC/SC读卡器驱动获取所述不支持CCID协议的USB设备的信息。 [0066] The first USB device information acquisition unit 31, a USB device is detected after the insertion, if it is determined that the USB device does not support the protocol CCID USB device, through a specified path stored in the PC / SC card reader USB drive information acquisition device does not support the protocol of the CCID.

[0067]由于在USB设备为不支持CCID协议的USB设备时,系统默认并不支持该类设备,因此,需要开发一个对应PC/SC接口的驱动库(存储至少一种驱动的库),以通过开发的驱动将对应的USB设备模拟为读卡器。 [0067] Since the USB device does not support the protocol CCID USB device, such devices not supported by default, therefore, a need to develop a corresponding PC / SC driver library interface (at least one storage drive library) to by driving the development of analog USB device corresponding to the card reader. 另外,为了便于后续的调用,需要将开发的驱动库安装到系统对应的路径。 Further, in order to facilitate subsequent calls, the need to develop a drive path mounted to the library system corresponding.

[0068]第一系统支持设备判断单元32,用于根据获取的所述不支持CCID协议的USB设备的信息判断所述不支持CCID协议的USB设备是否为系统支持的USB设备。 [0068] The system supports a first device determining unit 32 for determining whether the acquired information does not support the protocol CCID USB device does not support the protocol CCID USB devices supported by the system according to the USB device.

[0069]可选地,所述不支持CCID协议的USB设备的信息包括所述不支持CCID协议的USB设备对应的读卡器名字和/或复位信息,此时,所述第一系统支持设备判断单元32包括: [0069] Alternatively, the information does not support the protocol of USB CCID device comprises CCID protocol does not support the USB device corresponding to the name of the reader and / or reset information at this time, the first support apparatus system Analyzing unit 32 comprises:

[0070] USB设备的信息比较模块,用于将获取的所述不支持CCID协议的USB设备对应的读卡器名字和/或复位信息与预存的标准读卡器名字和/或复位信息比较。 [0070] USB device information comparison module, for acquiring the CCID protocol does not support USB device corresponding to the name more readers and / or a standard card reader reset information prestored names and / or reset information. 其中,USB设备对应的读卡器名字包括的名字特征和复位信息从驱动获取,且USB设备对应的复位信息符合IS07816标准,包括厂商特征信息字节。 Wherein the reset information and the name feature corresponding to the USB device comprises a card reader name acquired from the drive, and USB device information corresponding to the reset line with IS07816 standard, including manufacturers feature information bytes. 具体地,将USB设备对应的读卡器名字包括的名字特征与预存的标准读卡器名字包括的名字特征比较,和/或,将USB设备对应的复位信息的厂商特征信息字节与预存的标准复位信息的厂商特征信息字节比较。 Specifically, comparing USB device name feature name feature corresponding to the name of the card reader comprises a card reader and a standard prestored names included, and / or the USB device manufacturers feature information bytes corresponding to the reset information and prestored comparison of standard reset feature vendor information bytes of information. 由于复位信息包括厂商特征信息字节,因此,结合复位信息判断USB设备是否为系统支持的USB设备能够使得判断结果更准确。 Since the reset feature information includes vendor information bytes, and therefore, in conjunction with the reset information, whether the USB device is a USB device supported by the system enables more accurate determination.

[0071 ]系统支持设备判定模块,用于在获取的所述不支持CCID协议的USB设备对应的读卡器名字和/或复位信息与预存的标准读卡器名字和/或复位信息相同时,判定所述不支持CCID协议的USB设备为系统支持的USB设备,否则,判定所述不支持CCID协议的USB设备为系统不支持的USB设备。 [0071] The support system apparatus determining module, configured to not support the protocol of the CCID acquired USB device corresponding to the name of the reader and / or card reader standard reset information pre-stored names and / or reset the same information, determining that the CCID protocol does not support USB devices support USB devices to the system, otherwise, determining that the CCID protocol does not support USB devices for the system does not support USB devices.

[0072]当开发出支持某类协议的USB设备的驱动时,设置该某类协议的USB设备对应的读卡器名字,包括设置该某类协议的USB设备对应的读卡器名字的名字特征,并存储。 [0072] When a certain protocol developed to support the USB device driver, the device name of the USB card reader is provided a class corresponding to the protocol, the name of a certain protocol comprises features reader USB device corresponding to the name and storage. 具体地,若系统已将USB设备识别为PC/SC读卡器(当系统已将USB设备识别为智能卡读卡器也与上述USB设备的信息比较模块和系统支持设备判定模块的执行动作类似,此处不再赘述),则启动一个Tokend进程并且传入USB设备的读卡器名字和/或复位信息,Tokend启动以后,根据读卡器名字(由于USB设备的复位信息一般都含有厂商特征信息字节,因此还可根据USB设备的复位信息来进一步区分USB设备)判断是否是系统自己支持的USB设备。 In particular, if the system has been recognized as a USB device PC / SC card reader (operation executed when the system has been identified as a USB smart card reader device similar to the above information comparison module and system support USB devices similar to the device determination module, not be repeated here), then start the process and pass a Tokend USB card reader device name and / or reset information after Tokend start, according to the reader name (since the reset information USB device manufacturers generally contain feature information bytes, and therefore also the reset information of the USB device to the USB device further distinguish) the system determines whether it supports USB devices.

[0073]第一信息注册单元33,用于在所述不支持CCID协议的USB设备为系统支持的USB设备时,获取并注册所述不支持CCID协议的USB设备的证书和密钥,以便系统调用。 [0073] The first information registration unit 33, configured to, when the CCID protocol does not support the USB device is a USB device supported by the system, and acquires the registration certificate and the key does not support CCID USB device protocol, so that the system transfer.

[0074]在所述不支持CCID协议的USB设备为系统支持的USB设备时,则向系统注册设备上的证书和密钥(这里的密钥可能为I个,也可能为2个,比如,当加密算法为公钥加密算法(RSA)时,需要I个公钥和I个私钥,此时的密钥为2个密钥(密钥对)),并且返回对应的操作接口函数指针,等待系统进行调用。 [0074] When the CCID protocol does not support USB devices supported by the system for the USB device, the certificate and key registered device on the system (where the key may be the I also may be two, for example, when the encryption algorithm is a public key encryption algorithm (the RSA), I need a public key and a private key I, the key in this case is two keys (key pair)), and returns to operation corresponding to the interface function pointer, wait for the system call.

[0075] 可选地,所述基于MacOSX系统的USB设备接入装置包括: [0075] Alternatively, USB-based device access apparatus MacOSX system comprising:

[0076]应用访问请求接收单元,用于接收应用访问请求。 [0076] Applications access request receiving means for receiving a request to access the application.

[0077]网络信息判断单元,用于判断所述应用访问请求携带的网络信息是否为需要客户端认证的网络信息。 [0077] The network information determination means for determining whether the network information carried in the access request to the application whether the network client authentication information. 这里的网络信息包括网站信息,比如https网站的信息等。 Network information here includes site information, such as information https websites and so on. 具体地,可预先设置需要客户端认证的网络信息,当接收到应用访问请求后,解析出该应用访问请求携带的网络信息,再将解析出的网络信息与预先设置的需要客户端认证的网络信息比较,以判断解析出的网络信息是否为需要客户端认证的网络信息。 In particular, the network information can be pre-set client authentication, the application after receiving an access request, parses the request to access the network information carried in the application, and then the parsed network information and client authentication preset network comparing information to determine whether the network information is parsed network information to the client authentication.

[0078]证书显示单元,用于在所述应用访问请求携带的网络信息为需要客户端认证的网络信息时,显示已注册的证书。 [0078] The display unit certificate, a certificate for the application in the network access request information to the network client authentication information registered display. 具体地,若系统已注册多个证书,则显示已注册的多个证书,比如,以列表的形式显示系统已注册的多个证书,以提示用户选择证书。 Specifically, if the system has registered multiple certificates, multiple registered certificates show, for example, to display more than one certificate system has been registered in the form of a list, the user is prompted to select a certificate.

[0079]密钥接收单元,用于接收用户发出的证书选择指令以及用户输入的USB设备的认证口令。 [0079] The key reception unit for receiving a certificate issued by a user command and selects an authentication password input by the user of the USB device. 具体地,可在显示已注册证书的时候,同时显示密钥输入框,这样,用户在选择证书后能够输入对应的USB设备的认证口令。 Specifically, when the registration certificate is displayed while displaying a key input box, so that, after selecting the user to enter the certificate authentication password corresponding to the USB device. 或者,当接收到用户发出的证书选择指令后,系统根据被选中的证书对应的Tokend,提示用户输入USB设备的认证口令。 Alternatively, after receiving the certificate sent by the user selection instruction, based on the certificate corresponds to the system selected Tokend, prompts the user for the password authentication USB device.

[0080]用户合法性判断单元,用于根据所述用户发出的证书选择指令、用户输入的USB设备的认证口令以及已注册的证书和USB设备的认证口令判断用户是否为合法的用户。 [0080] User legitimacy judgment unit, for issuing a certificate according to the user selection instruction, the user inputs the authentication password authentication password, and the certificate of USB devices and USB registered device determines whether the user is a legitimate user. 具体地,可将用户选中的证书、输入的USB设备的认证口令分别与已注册的证书、USB设备的认证口令比较,若证书与对应的USB设备的认证口令都相同,则判定用户为合法的用户,否则,判定用户为不合法的用户。 Specifically, can be selected by the user certificate authentication password input USB device, authentication password USB device compared with registered certificates, respectively, if the certificate authentication password corresponding to the USB device are the same, it is determined that the user is legitimate user, otherwise, determines that the user is not a legitimate user.

[0081]通讯内容加密单元,用于在用户为合法的用户时,加密发送至服务端的数据,以使所述服务端验证所述用户的合法性。 [0081] Corresponding content encryption unit configured to, when the user is a legitimate user, the legitimacy of the encrypted data sent to the server so that the server authenticating the user. 具体地,当USB设备判断出用户为合法的用户后,USB设备需要采用用户的证书对应的密钥中的私钥加密将要发送至服务端(如银行服务端)的数据,并将用户的证书以及用户的证书对应的密钥(该密钥包括公钥和密钥)发送至服务端,当服务端接收到采用用户的证书对应的密钥中的私钥加密的数据后,采用密钥中的公钥解密所述私钥加密的数据,当解密出符合要求的数据时,服务端判定当前使用USB设备的用户为合法的用户,并与USB设备建立SSL握手,S卩USB设备成功与服务端建立SSL握手,否则,月艮务端拒绝连接,SSL握手失败。 Specifically, when the USB device is judged that the user as a legitimate user, the USB device using private key encryption requires a certificate corresponding to the key of the user will be sent to the server (bank server) data, and user certificates and a user key corresponding to the certificate (including the public key and keys) is sent to the server, when the server receives the user credentials using the key corresponding to the private key to encrypt data, using the key in the the public key to decrypt the encrypted private data, when decrypted data to meet the requirements, the server determines that the user is currently using the USB device is a legitimate user, and to establish the SSL handshake and the USB device, S Jie USB device successfully services establish an SSL handshake ends, otherwise, that works to end May denies the connection, the SSL handshake fails. 通过USB设备和服务端的两次验证,提高了判断用户合法性的结果的准确性。 Through two USB devices and server-side validation, improved user to determine the legality of the accuracy of the results.

[0082]进一步地,在USB设备成功与服务端建立SSL握手之后,USB设备接收服务端发送的加密算法和密钥,并采用所述加密算法和密钥加密发送至服务端的的通讯内容。 [0082] Further, after the USB device successfully SSL handshake with the server, the encryption algorithm and key USB device receives the service sent by the server, and uses the encryption algorithm and the encryption key sent to the server of the communication contents.

[0083] 可选地,所述基于MacOSX系统的USB设备接入装置包括: [0083] Alternatively, USB-based device access apparatus MacOSX system comprising:

[0084]信息删除单元,用于在USB设备移除后,删除已注册的所述不支持CCID协议的USB设备的证书和密钥。 Certificate and key [0084] information deletion unit for the USB device is removed, delete the registered CCID protocol does not support USB devices.

[0085]当用户使用完毕拔出U SB设备时,系统检测到USB设备移除,则查找到对应的Tokend进程,并通知该Tokend进程退出,然后该Tokend进行清理操作并退出,比如,清理已注册的所述不支持CCID协议的USB设备的证书和密钥。 [0085] When the user is finished pull out the U SB device, the system detects the USB device is removed, the corresponding process Tokend find and notify the Tokend process to exit, then the Tokend the cleaning operation and exit, for example, clean up the registration certificate and key CCID protocol does not support USB devices.

[0086]当然,由于用户在使用USB设备的一段时间内,可能会再次使用该USB设备,因此,为了避免后续仍需注册相应的证书及密钥,可在删除已注册的所述不支持CCID协议的USB设备的证书和密钥之前,判断USB设备删除时间是否小于预设时间,若是,不执行任何动作,否则,删除已注册的所述不支持CCID协议的USB设备的证书和密钥。 [0086] Of course, since the user is within a period of time using a USB device, the USB device may be used again, and therefore, still in order to avoid subsequent registration certificate and corresponding key, may be registered in the remove unsupported CCID before the certificate and key USB device protocol, judge USB device removal time is less than a preset time, if the certificate and key, no action, otherwise, delete the registered CCID protocol does not support USB devices. 由于在USB设备删除时间小于预设时间时,不删除已注册的所述不支持CCID协议的USB设备的证书和密钥,因此,在用户在小于预设时间的时间内再次插入USB设备时,无需再次注册该USB设备的证书和密钥,从而减少了系统的操作,节省了系统资源。 Because when the USB device removal time is less than the preset time, do not delete the registered certificate and key does not support USB devices CCID protocol, therefore, the user inserts a USB device again in less than a preset period of time, the USB device without having to register again certificates and keys, thereby reducing the operating system, saving system resources.

[0087] 可选地,所述基于MacOSX系统的USB设备接入装置包括: [0087] Alternatively, USB-based device access apparatus MacOSX system comprising:

[0088]第二 USB设备的信息获取单元,用于若判断出USB设备为支持CCID协议的USB设备,则通过系统的CCID读卡器驱动获取所述支持CCID协议的USB设备的信息。 [0088] The second USB device information acquisition unit, the information for determining if the USB device is a USB device supports CCID protocol, the driving CCID acquired the protocol supported by the USB device CCID reader system.

[0089]第二系统支持设备判断单元,用于根据获取的所述支持CCID协议的USB设备的信息判断所述支持CCID协议的USB设备是否为系统支持的USB设备。 [0089] The second support device system determining unit for determining whether the protocol supports the CCID according to the acquired information to determine the protocol supported CCID USB device is a USB device USB devices supported by the system.

[0090]第二信息注册单元,用于在所述支持CCID协议的USB设备为系统支持的USB设备时,获取并注册所述支持CCID协议的USB设备的证书和密钥,以便系统调用。 [0090] The second information registration unit, configured to support said device is a USB protocol CCID system supports a USB device, and acquires a key registration certificate and said support CCID USB device protocol, so that the system call.

[0091]上述第二 USB设备的信息获取单元、第二系统支持设备判断单元、第二信息注册单元中,USB设备对应的读卡器名字包括的名字特征和复位信息从驱动获取,且USB设备对应的复位信息符合IS07816标准,其包括厂商特征信息字节。 [0091] USB device information of the second acquisition unit, a second support system apparatus determining unit, the second information registration unit, and a reset feature name information corresponding to the USB device comprises a card reader name acquired from the driver, and the USB device information corresponding to the reset line with IS07816 standard, the feature information including a vendor bytes. 具体地,将USB设备对应的读卡器名字包括的名字特征与预存的标准读卡器名字包括的名字特征比较,和/或,将USB设备对应的复位信息的厂商特征信息字节与预存的标准复位信息的厂商特征信息字节比较,若相同,则判定所述支持CCID协议的USB设备为系统支持的USB设备,否则,判定所述支持CCID协议的USB设备为系统不支持的USB设备。 Specifically, comparing USB device name feature name feature corresponding to the name of the card reader comprises a card reader and a standard prestored names included, and / or the USB device manufacturers feature information bytes corresponding to the reset information and prestored Manufacturer information bytes standard reset feature information comparison, if the same, it is determined that the USB device supports CCID protocol system support USB devices, otherwise, determining that the supporting device is a USB protocol CCID system does not support USB devices.

[0092]本发明第三实施例中,由于开发并安装了PC/SC读卡器驱动,因此,能够获取不支持CCID协议的USB设备的信息,进而根据获取的信息判断所述不支持CCID协议的USB设备是否为系统支持的USB设备,并在所述不支持CCID协议的USB设备为系统支持的USB设备时,获取并注册所述不支持CCID协议的USB设备的证书和密钥,从而使得系统能够调用不支持CCID协议的USB设备,扩大系统能够接入的USB设备的类型。 [0092] The third embodiment of the present invention, due to the development and installation of PC / SC card reader driver, it is possible to obtain information of the USB device does not support the protocol of the CCID, CCID and thus does not support the protocol according to the acquired information is determined certificate and key when the USB device is a USB device is supported by the system, and does not support the protocol of USB devices CCID system support USB devices, obtain and register the CCID protocol does not support the USB device, so that the system can call CCID protocol does not support USB devices, expanding the type of system can access the USB device.

[0093]本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。 [0093] Those of ordinary skill in the art can appreciate that various units and algorithm steps described in the exemplary embodiments disclosed herein, can be combined with electronic hardware, computer software and electronic hardware, or be implemented. 这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。 Whether these functions are performed by hardware or software depends upon the particular application and design constraints of the technical solutions. 专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。 Professional technical staff may use different methods for each specific application to implement the described functionality, but such implementation should not be considered outside the scope of the present invention.

[0094]所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。 [0094] Those skilled in the art may clearly understand that, for convenience and brevity of description, specific working process of the foregoing system, apparatus, and unit may refer to the corresponding process in the foregoing method embodiments, not described herein again .

[0095]在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。 [0095] In several embodiments provided herein present embodiment, it should be understood that the system, apparatus and method disclosed may be implemented in other manners. 例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。 For example, the described apparatus embodiments are merely illustrative of, for example, the unit division is merely logical function division, there may be other division in actual implementation, for example, a plurality of units or components may be combined or It can be integrated into another system, or some features may be ignored or not performed. 另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。 Another point, displayed or coupling or direct coupling or communication between interconnected in question may be through some interface, device, or indirect coupling or communication connection unit, may be electrical, mechanical, or other forms.

[0096]所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。 [0096] The unit described as separate components may be or may not be physically separate, parts displayed as units may be or may not be physical units, i.e. may be located in one place, or may be distributed to a plurality of networks unit. 可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。 You can select some or all of the units according to actual needs to achieve the object of the solutions of the embodiments.

[0097]另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。 [0097] Additionally, functional units may be integrated in various embodiments of the present invention in a processing unit, separate units may be physically present, may be two or more units are integrated into one unit.

[0098]所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。 [0098] If the function is implemented as a separate product sold or used in the form of a software functional unit may be stored in a computer-readable storage medium. 基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。 Based on such understanding, the technical solutions of the present invention per se or contributing to the prior art or part of the technical solutions may be embodied in a software product, which computer software product is stored in a storage medium, comprising several instructions that enable a computer device (may be a personal computer, a server, or network device) to perform all or part of the steps of the methods of the various embodiments of the present invention. 而前述的存储介质包括:U盘、移动硬盘、只读存储器(R0M,Read-0nly Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。 The storage medium includes: U disk, mobile hard disk, a read-only memory (R0M, Read-0nly Memory), a random access various memories (RAM, Random Access Memory), a magnetic disk, or an optical medium can store program codes .

[0099]以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。 [0099] The above are only specific embodiments of the present invention, but the scope of the present invention is not limited thereto, any skilled in the art in the art within the technical scope of the present invention is disclosed, variations may readily occur or Alternatively, it shall fall within the protection scope of the present invention. 因此,本发明的保护范围应所述以权利要求的保护范围为准。 Accordingly, the scope of the present invention should be in the scope of the claims and their equivalents.

Claims (12)

1.一种MacOSX系统,其特征在于,所述MacOSX系统包括: 存储在指定路径的PC/SC读卡器驱动,所述PC/SC读卡器驱动将支持非芯片智能卡接口设备CCID协议的设备模拟为读卡器,以识别所述支持非CCID协议的设备。 A MacOSX system, characterized in that said MacOSX system comprising: a specified path stored in the PC / SC card reader driver, the PC / SC card reader driver devices support non-smart card interface device chip CCID protocol simulation of the card reader, to identify the non-support apparatus CCID protocol.
2.根据权利要求1所述的MacOSX系统,其特征在于,所述MacOSX系统还包括: 调用密码设备的密码运算功能的密码接口。 2. The system of claim MacOSX according to claim 1, wherein said system further comprises MacOSX: calling a cryptographic operation Interface cryptographic function of the cryptographic device.
3.根据权利要求1或2所述的MacOSX系统,其特征在于,所述非CCID协议包括: 与人交互设备HID协议和小型计算机系统接口SCSI协议。 MacOSX system according to claim 1 or claim 2, wherein said non-CCID protocol comprising: a human interaction device HID protocol and Small Computer Systems Interface SCSI protocol.
4.一种基于MacOSX系统的USB设备接入方法,其特征在于,所述USB设备接入方法包括: 在检测到USB设备插入后,若判断出USB设备为不支持CCID协议的USB设备,则通过存储在指定路径的PC/SC读卡器驱动获取所述不支持CCID协议的USB设备的信息; 根据获取的所述不支持CCID协议的USB设备的信息判断所述不支持CCID协议的USB设备是否为系统支持的USB设备; 在所述不支持CCID协议的USB设备为系统支持的USB设备时,获取并注册所述不支持CCID协议的USB设备的证书和密钥,以便系统调用。 A USB device access method based MacOSX system, characterized in that the access method to the USB device comprising: a USB device is detected after the insertion, if it is determined that the USB device does not support the protocol CCID USB device, driving information acquired in the specified path PC / SC card reader is not supported by the storage protocol CCID USB device; determining information does not support the protocol of the CCID according to the acquired USB device does not support the protocol of USB device CCID does the system support USB devices; when the CCID protocol does not support USB devices for the system supports USB devices, acquiring and registering the protocol does not support USB CCID certificate and key equipment for the system call.
5.根据权利要求4所述的USB设备接入方法,其特征在于,所述不支持CCID协议的USB设备的信息包括所述不支持CCID协议的USB设备对应的读卡器名字和/或复位信息,此时,所述根据获取的所述不支持CCID协议的USB设备的信息判断所述不支持CCID协议的USB设备是否为系统支持的USB设备,具体包括: 将获取的所述不支持CCID协议的USB设备对应的读卡器名字和/或复位信息与预存的标准读卡器名字和/或复位信息比较; 在获取的所述不支持CCID协议的USB设备对应的读卡器名字和/或复位信息与预存的标准读卡器名字和/或复位信息相同时,判定所述不支持CCID协议的USB设备为系统支持的USB设备,否则,判定所述不支持CCID协议的USB设备为系统不支持的USB设备。 The USB device according to the access method as claimed in claim 4, wherein the information does not support the protocol of USB CCID device comprises CCID protocol does not support the USB device corresponding to the name of the reader and / or reset information, at this time, the determination information does not support the protocol of the CCID according to the acquired USB device does not support the protocol CCID USB device is a USB devices supported by the system, comprises: the support is not acquired CCID reader USB device corresponding to the name of the protocol and / or standard reader reset information pre-stored names and / or reset the comparison information; CCID protocol does not support the USB device corresponding to the acquired name and card reader / standard names or reader to reset pre-stored information and / or information to reset the same, determines that the protocol does not support CCID USB device is a USB device supported by the system, otherwise, determining that the protocol does not support the USB device CCID system It does not support USB devices.
6.根据权利要求5所述的USB设备接入方法,其特征在于,在所述在所述不支持CCID协议的USB设备为系统支持的USB设备时,获取并注册所述不支持CCID协议的USB设备的证书和密钥,以便系统调用之后,包括: 接收应用访问请求; 判断所述应用访问请求携带的网络信息是否为需要客户端认证的网络信息; 在所述应用访问请求携带的网络信息为需要客户端认证的网络信息时,显示已注册的证书; 接收用户发出的证书选择指令以及用户输入的USB设备的认证口令; 根据所述用户发出的证书选择指令、用户输入的USB设备的认证口令以及已注册的证书和USB设备的认证口令判断用户是否为合法的用户; 在用户为合法的用户时,加密发送至服务端的数据,以使所述服务端验证所述用户的合法性。 The USB device according to the access method as claimed in claim 5, wherein, when the CCID protocol not supported by the USB device is a USB device supported by the system, and acquires the registration protocol is not supported CCID USB device certificate and key, so that after the system call, comprising: receiving a request to access application; Analyzing the application access network information carried in the request whether the client authentication information network; network information carried in the access request to the application when client authentication is required network information, displays registered certificates; receiving a user certificate issued by the selection instruction input by the user and an authentication password USB device; selection instruction issued by a certificate of the user, the user authentication input device USB password, and the certificate authentication password registered USB device and determines whether the user is a legal user; when the user is a legitimate user, the encrypted data sent to the server so that the server verifies the validity of the user.
7.根据权利要求6所述的USB设备接入方法,其特征在于,在所述在用户为合法的用户时,加密发送至服务端的数据,以使所述服务端验证所述用户的合法性之后,包括: 在USB设备移除后,删除已注册的所述不支持CCID协议的USB设备的证书和密钥。 7. USB device access method according to claim 6, wherein, when the user is a legitimate user, encrypted data is transmitted to the service terminal, so that the legality of the user authentication server certificate and key in the USB device is removed, delete the registered CCID protocol does not support USB devices: after including.
8.一种基于MacOSX系统的USB设备接入装置,其特征在于,所述USB设备接入装置包括: 第一USB设备的信息获取单元,用于在检测到USB设备插入后,若判断出USB设备为不支持CCID协议的USB设备,则通过存储在指定路径的PC/SC读卡器驱动获取所述不支持CCID协议的USB设备的信息; 第一系统支持设备判断单元,用于根据获取的所述不支持CCID协议的USB设备的信息判断所述不支持CCID协议的USB设备是否为系统支持的USB设备; 第一信息注册单元,用于在所述不支持CCID协议的USB设备为系统支持的USB设备时,获取并注册所述不支持CCID协议的USB设备的证书和密钥,以便系统调用。 An apparatus based on the USB device MacOSX system, wherein the access device to the USB device comprising: a first USB device information obtaining unit, configured to insert the USB device is detected, if it is determined that USB the device does not support the protocol of USB device CCID, then / SC card reader driver PC acquired by the information stored in the specified path CCID protocol does not support the USB device; a first supporting device system determining unit for acquisition Analyzing the information of the USB device does not support the protocol CCID USB device does not support the protocol CCID whether the USB device supported by the system; the first information registration unit, configured to not support the protocol of USB devices CCID support system when the USB device, obtain and register the CCID protocol does not support the certificate and key USB devices to the system call.
9.根据权利要求8所述的USB设备接入装置,其特征在于,所述不支持CCID协议的USB设备的信息包括所述不支持CCID协议的USB设备对应的读卡器名字和/或复位信息,此时,所述第一系统支持设备判断单元包括: USB设备的信息比较模块,用于将获取的所述不支持CCID协议的USB设备对应的读卡器名字和/或复位信息与预存的标准读卡器名字和/或复位信息比较; 系统支持设备判定模块,用于在获取的所述不支持CCID协议的USB设备对应的读卡器名字和/或复位信息与预存的标准读卡器名字和/或复位信息相同时,判定所述不支持CCID协议的USB设备为系统支持的USB设备,否则,判定所述不支持CCID协议的USB设备为系统不支持的USB设备。 9. USB device access apparatus according to claim 8, wherein the information of CCID protocol does not support USB devices include CCID protocol does not support the USB device corresponding to the name of the reader and / or reset information, at this time, the first determination unit comprises a support apparatus system: USB device information comparison module, for acquiring the CCID protocol does not support USB device corresponding to the name of the reader and / or reset information prestored standard reader name and / or reset information comparison; support system apparatus determining means for obtaining the CCID protocol does not support the USB device corresponding to the name of the reader and / or reset information reader standard prestored device name and / or reset information is the same, determines that the protocol does not support CCID USB device is a USB device supported by the system, otherwise, determining that the protocol does not support CCID USB device is a USB device not supported by the system.
10.根据权利要求9所述的USB设备接入装置,其特征在于,所述USB设备接入装置包括: 应用访问请求接收单元,用于接收应用访问请求; 网络信息判断单元,用于判断所述应用访问请求携带的网络信息是否为需要客户端认证的网络信息; 证书显示单元,用于在所述应用访问请求携带的网络信息为需要客户端认证的网络信息时,显示已注册的证书; 密钥接收单元,用于接收用户发出的证书选择指令以及用户输入的USB设备的认证口令; 用户合法性判断单元,用于根据所述用户发出的证书选择指令、用户输入的USB设备的认证口令以及已注册的证书和USB设备的认证口令判断用户是否为合法的用户; 通讯内容加密单元,用于在用户为合法的用户时,加密发送至服务端的数据,以使所述服务端验证所述用户的合法性。 10. USB device access apparatus according to claim 9, wherein the USB device access apparatus comprising: application access request receiving unit for receiving a request to access applications; network information judging means for judging the application of whether said access request of the network client authentication information to the network information; certificate display unit in a network access request information of the application certificate is registered web client authentication information display; key reception means for receiving a certificate issued by a user to select the USB device and authentication password command input by the user; user legitimacy determining means for issuing a certificate according to the user selection instruction, the user inputs the authentication password USB device and an authentication certificate and a password registered USB device determines whether the user is a legal user; content encryption when communicating unit for the user as a legitimate user, the encrypted data sent to the server so that the server verifying the the validity of users.
11.根据权利要求10所述的USB设备接入装置,其特征在于,所述USB设备接入装置包括: 信息删除单元,用于在USB设备移除后,删除已注册的所述不支持CCID协议的USB设备的证书和密钥。 11. The apparatus according to the USB device according to claim 10, wherein said USB device access apparatus comprising: an information deleting unit configured to, after the USB device is removed, the deletion does not support registered CCID certificate and key USB device protocol.
12.根据权利要求8至11任一项所述的USB设备接入装置,其特征在于,所述USB设备接入装置包括: 第二USB设备的信息获取单元,用于若判断出USB设备为支持CCID协议的USB设备,则通过系统的CCID读卡器驱动获取所述支持CCID协议的USB设备的信息; 第二系统支持设备判断单元,用于根据获取的所述支持CCID协议的USB设备的信息判断所述支持CCID协议的USB设备是否为系统支持的USB设备; 第二信息注册单元,用于在所述支持CCID协议的USB设备为系统支持的USB设备时,获取并注册所述支持CCID协议的USB设备的证书和密钥,以便系统调用。 12. A USB device access apparatus according to any one of claims 8 to 11, characterized in that, the access device to the USB device comprising: a second USB device information acquisition unit configured to, if it is determined that the USB device is CCID protocol supports USB device, CCID is driven by a card reader system to obtain information the protocol supports CCID USB device; system support a second device determination means for support based on the acquired USB device protocol CCID determining whether the information of CCID protocol support USB devices to the USB device supported by the system; second information registration unit, configured to support said device is a USB protocol CCID system support USB devices, and registering the acquired support CCID USB device protocol certificates and keys for system calls.
CN201610571570.5A 2016-07-18 USB device cut-in method and device based on MacOSX system CN106250750B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610571570.5A CN106250750B (en) 2016-07-18 USB device cut-in method and device based on MacOSX system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610571570.5A CN106250750B (en) 2016-07-18 USB device cut-in method and device based on MacOSX system

Publications (2)

Publication Number Publication Date
CN106250750A true CN106250750A (en) 2016-12-21
CN106250750B CN106250750B (en) 2019-08-16

Family

ID=

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1904864A (en) * 2006-08-15 2007-01-31 北京飞天诚信科技有限公司 Device and method for making HID apparatus provide smart card interface
CN1954345A (en) * 2004-05-28 2007-04-25 国际商业机器公司 Smart card data transaction system and method for providing storage and transmission security
US20080148388A1 (en) * 2006-10-25 2008-06-19 Microsoft Corporation Platform authentication via a transparent second factor
CN101329661A (en) * 2008-07-31 2008-12-24 北京飞天诚信科技有限公司 System and method for implementing PC / SC interface of HID / SCSI apparatus
CN101266590B (en) * 2008-04-22 2010-09-08 Beijing Feitian Technologies Method and system for dynamically switching equipment arrangement
CN104750630A (en) * 2015-04-14 2015-07-01 飞天诚信科技股份有限公司 Working method of PC/SC driving base in IOS device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1954345A (en) * 2004-05-28 2007-04-25 国际商业机器公司 Smart card data transaction system and method for providing storage and transmission security
CN1904864A (en) * 2006-08-15 2007-01-31 北京飞天诚信科技有限公司 Device and method for making HID apparatus provide smart card interface
US20080148388A1 (en) * 2006-10-25 2008-06-19 Microsoft Corporation Platform authentication via a transparent second factor
CN101266590B (en) * 2008-04-22 2010-09-08 Beijing Feitian Technologies Method and system for dynamically switching equipment arrangement
CN101329661A (en) * 2008-07-31 2008-12-24 北京飞天诚信科技有限公司 System and method for implementing PC / SC interface of HID / SCSI apparatus
CN104750630A (en) * 2015-04-14 2015-07-01 飞天诚信科技股份有限公司 Working method of PC/SC driving base in IOS device

Similar Documents

Publication Publication Date Title
US8214890B2 (en) Login authentication using a trusted device
KR100586654B1 (en) Wireless banking system and wireless banking method using mobile phone
KR101878149B1 (en) Device, system, and method of secure entry and handling of passwords
EP2482221B1 (en) Secure software updates
CN104094270B (en) For computing devices to protect user credentials
EP2355443A2 (en) Network authentication method and device for implementing the same
US20080072060A1 (en) Memory device for cryptographic operations
US8990565B2 (en) Method and system for automatically logging in a client
CN102314576A (en) Method of executing a secure application in an NFC device
US8386795B2 (en) Information security device of Universal Serial Bus Human Interface Device class and data transmission method for same
US20090158033A1 (en) Method and apparatus for performing secure communication using one time password
WO2008151209A1 (en) Methods and systems for the authentication of a user
CN101656955B (en) Information processing apparatus, information processing method and information processing system
CN102804200B (en) Two-factor user authentication system, and method therefor
KR101641809B1 (en) Method and system for distributed off-line logon using one-time passwords
US9172687B2 (en) Query system and method to determine authentication capabilities
CN103295046B (en) Method and apparatus for generating and using a secure two-dimensional code
CN102737311B (en) Internet banking security authentication method and system
CN102402820B (en) Electronic transaction method and terminal equipment
JP2015505105A (en) Secure user authentication for Bluetooth-enabled computer storage device
CN102804201B (en) Line two-factor user authentication system, method and program which
JP6293886B2 (en) The use of biometrics for payment based on the Nfc
CN103793815A (en) Mobile intelligent terminal acquirer system and method suitable for bank cards and business cards
JP6239788B2 (en) Fingerprint authentication method, apparatus, an intelligent terminal and computer storage media
JP5570610B2 (en) Single sign-on for remote user session

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination