CN107066894A - A kind of multifunction intelligent key equipment and its method for executing operating instructions and device - Google Patents

A kind of multifunction intelligent key equipment and its method for executing operating instructions and device Download PDF

Info

Publication number
CN107066894A
CN107066894A CN201710138730.1A CN201710138730A CN107066894A CN 107066894 A CN107066894 A CN 107066894A CN 201710138730 A CN201710138730 A CN 201710138730A CN 107066894 A CN107066894 A CN 107066894A
Authority
CN
China
Prior art keywords
application
selection
application data
control module
operational control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710138730.1A
Other languages
Chinese (zh)
Other versions
CN107066894B (en
Inventor
李东声
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tendyron Corp
Tendyron Technology Co Ltd
Original Assignee
Tendyron Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tendyron Technology Co Ltd filed Critical Tendyron Technology Co Ltd
Priority to CN201710138730.1A priority Critical patent/CN107066894B/en
Publication of CN107066894A publication Critical patent/CN107066894A/en
Application granted granted Critical
Publication of CN107066894B publication Critical patent/CN107066894B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Facsimiles In General (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of multifunction intelligent key equipment and its method for executing operating instructions and device, this method includes:The application identities of the application of input instruction selection are obtained, whether the application for judging selection is mounted application, if so, then obtaining the environmental information of the application of selection by Hardware drive module;When Hardware drive module receives the operational order of outside input every time, perform:Step 1, whether in instruction list, be, perform step 2 if judging operational order, no, performs step 5;Step 2, judge to perform whether operational order needs to be authorized, be, then perform step 3, it is no, perform step 4;Step 3, user's input authentication information is pointed out, and the authentication information inputted to user is authenticated, and in certification in the case of, performs step 4, it is no, perform step 5;Step 4, the application for operational order being sent into selection is performed;Step 5, operational control module returns to the configured information of application operation failure.

Description

A kind of multifunction intelligent key equipment and its method for executing operating instructions and device
Technical field
The present invention relates to a kind of electronic technology field, more particularly to a kind of multifunction intelligent key equipment and its operational order Perform method and apparatus.
Background technology
Intelligent card read/write device is the intermediate equipment for connecting smart card and main frame, and its core technology is that complexity is realized in MCU Intelligent card interface agreement and USB interface agreement, exchanged with the transparent data completed between smart card and main frame.
Intelligent code key is a kind of hardware device of USB interface (commonly referred to as USB Key), its built-in intelligence the core of the card Piece, can store the key and digital certificate of user, the certification using built-in cryptographic algorithms' implementation to user identity.Again simultaneously Encryption and decryption processing, digital signature and checking can be achieved to sign, and storage important safety information.
Intellective IC card is safety product of the CPU package that will be designed by special safety in standard size card.In card Portion's data and key are protected by built-in smart card operating system, and outside can not possibly cross COS control directly in card Data or key operated.
Dynamic token (OTP Token) is the electronic product that a kind of portable hand-held dynamic password is calculated and produced.It is de- Machine is used, or is connected with computer.Exempt the hidden danger that static password is intercepted, guesses, attacks and cracked.Can be according to the time (Time), event (Event), the factor such as challenge/response (Challenge/Response) produces dynamic password.
At present, OTP, intellective IC card and intelligent code key etc., have been used successfully each row in commercial cipher Industry application field, they respectively have merits and demerits, and by these functions, integrated on one device (equipment is properly termed as multi-functional Intelligent cipher key equipment), by more hardware cost under saving, while carrying and using more to facilitate.In a particular application, Because the integrated function of multifunction intelligent key equipment is higher to security requirement, how to ensure multifunction intelligent key equipment Each upper application and the safety of application data, are the problem of multifunction intelligent key equipment need most solution.
The content of the invention
Present invention seek to address that above-mentioned technical problem.
It is a primary object of the present invention to provide a kind of method for executing operating instructions of multifunction intelligent key equipment.
Another object of the present invention is to provide a kind of operational order performs device of multifunction intelligent key equipment.
A further object of the present invention is to provide a kind of multifunction intelligent key equipment.
To reach above-mentioned purpose, what technical scheme was specifically realized in:
One aspect of the present invention provides a kind of method for executing operating instructions of multifunction intelligent key equipment, including:Hardware Drive module receives the input instruction for selecting application, and the input instruction is sent into operational control module;The behaviour Make the application identities that control module obtains the application of the input instruction selection;The operational control module is according to the application mark Know and judge whether the application of the selection is one in the mounted multiple applications of the multifunction intelligent key equipment;True It is described in the case that the application of the fixed selection is one in the mounted multiple applications of the multifunction intelligent key equipment Operational control module is according to the application identities, and the environment that the application of the selection is obtained by the Hardware drive module is believed Breath, wherein, the environmental information includes:The application allows the instruction list and authority information performed;Obtaining the choosing After the environmental information for the application selected, when the Hardware drive module receives the operational order of outside input every time, perform Following steps:Step 1, the operational control module gets the operational order of the outside input, judges the operational order Whether in the instruction list, if it is, performing step 2, otherwise, step 5 is performed;Step 2, according in the environmental information The authority information, judge to perform whether the operational order needs to be authorized, if it is, execution step 3, otherwise, Perform step 4;Step 3, user's input authentication information is pointed out, and the authentication information inputted to user is authenticated, it is logical in certification In the case of crossing, step 4 is performed, in certification in the case of, step 5 is performed;Step 4, the operational order is sent out The application for giving the selection is performed;Step 5, the operational control module returns to the configured information of application operation failure.
Alternatively, the environmental information also includes:Physical store for recording the application for being pre-assigned to the selection The spatial information in space;After step 4, methods described also includes:The operational control module receives answering for the selection Application data request is transferred used in what is sent when performing the operational order, wherein, described transfer carries in application data request The identification information of the application data of request call;The operational control module judges described adjust according to the identification information The application data whether application data belongs under the file system of the application of the selection;The operational control module according to Whether the physical storage address for the application data called described in the spatial information judgement, which belongs to, is pre-assigned to the selection The amount of physical memory of application;It is determined that answering under the file system for the application that the application data called belongs to the selection The physics for belonging to the application for being pre-assigned to the selection with the physical storage address of data, and the application data called is deposited In the case of storing up space, the application data called described in the operational control module calls, and by the application data called Return to the application of the selection.
Alternatively, before the application data called described in the operational control module calls, methods described also includes:It is described Authority information described in operational control module polls, judges whether the application of the selection has and transfers the application data called Authority, in the case of it is determined that the application of the selection has the authority for transferring the application data called, execution is transferred The operation of the application data called.
Alternatively, the operational control module is according to the identification information, judge described in the application data called whether belong to Application data under the file system of the application of the selection, including:The operational control module by the application identities and The identification information is sent to the Hardware drive module;The Hardware drive module is judged corresponding with the application identities The application data corresponding with the identification information whether is found under file system, and lookup result is notified into the operational control Module;Whether the application data that the operational control module is called according to judging the lookup result belongs to the choosing Application data under the file system for the application selected.
Alternatively, after the application identities for the application that the operational control module obtains selection, methods described also includes:Institute Operational control module is stated by the Hardware drive module, obtain under file system corresponding with the application identities all answers With data, and all application datas are loaded into internal memory;The operational control module judges according to the identification information Application data under the file system for the application whether application data called belongs to the selection, including:The operation Control module judge in the internal memory whether there is the application data corresponding with the identification information, if, it is determined that it is described The application data that the application data called belongs under the file system of the application of the selection, otherwise, it determines it is described call should Application data under the file system for the application that the selection is not belonging to data.
Alternatively, before the application for the operational order being sent into the selection is performed, methods described also includes:It is described Operational control module judge the application identities that are carried in the operational order whether the application identities one with the application of the selection Cause, in the case of consistent, perform the step of application that the operational order is sent into the selection is performed.
Another aspect of the present invention provides a kind of operational order performs device of multifunction intelligent key equipment, including:Firmly Part drive module, for receiving the input instruction for selecting application, operational control module is sent to by the input instruction; The operational control module, the application identities of the application for obtaining the input instruction selection, sentences according to the application identities Whether the application of the selection of breaking is one in the mounted multiple applications of the multifunction intelligent key equipment, and it is determined that In the case that the application of the selection is one in the mounted multiple applications of the multifunction intelligent key equipment, according to institute Application identities are stated, the environmental information of the application of the selection is obtained by the Hardware drive module, wherein, the environmental information Including:The application allows the instruction list and authority information performed;The Hardware drive module, is additionally operable to receive outside defeated The operational order entered, the operational control module is sent to by the operational order;The operational control module, is additionally operable to:Obtain The operational order of the outside input is got, the operational order is judged whether in the instruction list, referred in the operation Order is in the case of the instruction list, the authority information in the environmental information, judges that performing the operation refers to Whether order needs to be authorized, it is determined that performing in the case that the operational order needs to be authorized, prompting user, which inputs, to be recognized Information is demonstrate,proved, and the authentication information inputted to user is authenticated, and in certification in the case of, the operational order is sent to The application of the selection is performed, and it is determined that perform in the case that the operational order need not obtain mandate, the operation is referred to The application that order is sent to the selection is performed;And in operational order not in the case of the instruction list, or, to The authentication information of family input is authenticated in the case of, returns to the configured information of application operation failure.
Alternatively, the environmental information also includes:Physical store for recording the application for being pre-assigned to the selection The spatial information in space;The operational control module is additionally operable to:Receive applying for the selection and perform the operational order When send transfer application data request, wherein, described transfer in application data request carries the application number of request call According to identification information;According to the identification information, whether the application data called described in judgement belongs to the application of the selection Application data under file system;Whether the physical storage address for the application data called according to judging the spatial information Belong to the amount of physical memory for the application for being pre-assigned to the selection;It is determined that the application data called belongs to the choosing Application data under the file system for the application selected, and the physical storage address of the application data called belongs to and allocates in advance In the case of amount of physical memory to the application of the selection, transfer the application data called, and called described Application data returns to the application of the selection.
Alternatively, the operational control module is additionally operable to:Before the application data called is transferred, the power is inquired about Limit information, whether have the authority of transferring the application data called, it is determined that the selection if judging the application of the selection Application there is the authority for transferring the application data called in the case of, perform the behaviour for transferring the application data called Make.
Alternatively, whether the operational control module specifically for judging the application data called in the following manner Application data under the file system for the application for belonging to the selection:The application identities and the identification information are sent to institute State Hardware drive module;The application data called according to judging the lookup result that the Hardware drive module is returned is Application data under the file system of the no application for belonging to the selection;The Hardware drive module is additionally operable to:Judge with institute State and the application data corresponding with the identification information whether is found under the corresponding file system of application identities, and by lookup result Notify the operational control module.
Alternatively, the operational control module is additionally operable to:After the application identities for the application for obtaining selection, by described hard Part drive module, obtains all application datas under corresponding with application identities file system, and by all applications Data are loaded into internal memory;The operational control module is specifically for judging the application data called in the following manner Application data under the file system of the no application for belonging to the selection:Judge to whether there is in the internal memory and believe with the mark Corresponding application data is ceased, if, it is determined that the application data called belongs to the file system of the application of the selection Under application data, otherwise, it determines under the file system for the application that the application data called is not belonging to the selection should Use data
Alternatively, the operational control module is additionally operable to:Held in the application that the operational order is sent to the selection Before row, judge whether the application identities carried in the operational order are consistent with the application identities of the application of the selection, In the case of consistent, the operation that the application that the operational order is sent into the selection is performed is performed.
Another aspect of the invention provides a kind of multifunction intelligent key equipment, it is characterised in that including above-mentioned many work( The operational order performs device of energy intelligent cipher key equipment.
As seen from the above technical solution provided by the invention, in the technical scheme that the present invention is provided, intelligent key Equipment, which is provided, applies selection function, and user input instruction selection can be currently needed for the application used, intelligence according to actual needs Key devices obtain the environmental information of the application of selection, subsequently received in the case of it is determined that having installed the application of selection After operational order, safety certification is carried out according to the information recorded in environmental information, just will operation in safety certification after Instruction is sent to corresponding application and performed, so as to ensure that the safety of application program, it is to avoid due to multifunction intelligent key equipment On the application program safety problem illegally being called and caused.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, being used required in being described below to embodiment Accompanying drawing be briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this For the those of ordinary skill in field, on the premise of not paying creative work, other can also be obtained according to these accompanying drawings Accompanying drawing.
Fig. 1 is a kind of knot of the operational order performs device for multifunction intelligent key equipment that the embodiment of the present invention 1 is provided Structure schematic diagram;
Fig. 2 is the operational order performs device for another multifunction intelligent key equipment that the embodiment of the present invention 1 is provided Structural representation;
Fig. 3 is a kind of structural representation for multifunction intelligent key equipment that the embodiment of the present invention 2 is provided;
Fig. 4 is a kind of stream of the method for executing operating instructions for multifunction intelligent key equipment that the embodiment of the present invention 3 is provided Cheng Tu.
Embodiment
With reference to the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Ground is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.Based on this The embodiment of invention, the every other implementation that those of ordinary skill in the art are obtained under the premise of creative work is not made Example, belongs to protection scope of the present invention.
In the description of the invention, it is to be understood that term " " center ", " longitudinal direction ", " transverse direction ", " on ", " under ", The orientation or position relationship of the instruction such as "front", "rear", "left", "right", " vertical ", " level ", " top ", " bottom ", " interior ", " outer " are Based on orientation shown in the drawings or position relationship, it is for only for ease of the description present invention and simplifies description, rather than indicate or dark Specific orientation must be had, with specific azimuth configuration and operation by showing the device or element of meaning, therefore it is not intended that right The limitation of the present invention.In addition, term " first ", " second " are only used for describing purpose, and it is not intended that indicating or implying and be relative Importance or quantity or position.
In the description of the invention, it is necessary to illustrate, unless otherwise clearly defined and limited, term " installation ", " phase Even ", " connection " should be interpreted broadly, for example, it may be being fixedly connected or being detachably connected, or be integrally connected;Can To be mechanical connection or electrical connection;Can be joined directly together, can also be indirectly connected to by intermediary, Ke Yishi The connection of two element internals.For the ordinary skill in the art, with concrete condition above-mentioned term can be understood at this Concrete meaning in invention.
The embodiment of the present invention is described in further detail below in conjunction with accompanying drawing.
Embodiment 1
Present embodiments provide a kind of operational order performs device of multifunction intelligent key equipment.The device can be located at In multifunction intelligent key equipment, the operational order that multifunction intelligent key equipment is received is performed.
A kind of structural representation of the operational order performs device for multifunction intelligent key equipment that Fig. 1 provides for the present embodiment Figure, as shown in figure 1, the operational order performs device for the multifunction intelligent key equipment that the present embodiment is provided mainly includes:Hardware Drive module 10 and operational control module 20.
Each function mould of the operational order performs device of the multifunction intelligent key equipment provided below the present embodiment The function of block and interacting is illustrated.
In the present embodiment, Hardware drive module 10, will be described defeated for receiving the input instruction for selecting application Enter instruction and be sent to operational control module 20;Operational control module 20, for obtaining answering for the application that the input instruction is selected With mark, whether the application that the selection is judged according to the application identities is that the multifunction intelligent key equipment is mounted One in multiple applications, and it is determined that the selection application for the multifunction intelligent key equipment it is mounted it is multiple should In the case of one in, according to the application identities, the application of the selection is obtained by the Hardware drive module 10 Environmental information, wherein, the environmental information includes:The application allows the instruction list and authority information performed;It is described Hardware drive module 10, is additionally operable to receive the operational order of outside input, the operational order is sent into the operational control Module 20;The operational control module 20, is additionally operable to:The operational order of the outside input is got, judges that the operation refers to Whether order is in the instruction list, in the operational order in the case of the instruction list, according to the environmental information In the authority information, judge to perform whether the operational order needs to be authorized, it is determined that performing the operational order Need in the case of being authorized, point out user's input authentication information, and the authentication information inputted to user is authenticated, and is being recognized In the case that card passes through, the application that the operational order is sent into the selection is performed, it is determined that performing the operational order In the case of mandate need not being obtained, the application that the operational order is sent into the selection is performed;And in operational order Not in the case of the instruction list, or, it is authenticated to the authentication information that user inputs in the case of, Return to the configured information of application operation failure.
In the said equipment that the present embodiment is provided, multiple applications can be installed, for example, realizing the OTP of OTP functions in advance Using, realize that the intelligent code key application of intelligent code key function is applied and realized to the IC-card of intellective IC card function, use Family input instruction selection can be currently needed for the application that uses according to actual needs, and Hardware drive module 10 refers to receiving input After order, input instruction is distributed into operational control module 20, operational control module 20 is it is determined that local installed answering for the selection In the case of, the environmental information of the application of the selection is obtained by Hardware drive module 10, in subsequently received operational order Afterwards, safety certification is carried out according to the information recorded in environmental information, in safety certification after, just sent operational order Performed to corresponding application, so as to ensure that the safety that application program is performed, it is to avoid due on multifunction intelligent key equipment The safety problem that application program is illegally called and caused.
In the present embodiment, the environmental information of the application of selection can be loaded into internal memory by operational control module 20, When receiving the input instruction for exiting the application currently selected or selection new opplication, internal memory is emptied, to improve the processing speed of program Degree.
In specific implementation process, external interface can be set in Hardware drive module 10, including but not limited to hardware is defeated Entrance (for example, keyboard), wired external communication interface (for example, USB interface etc.) or wireless external communication interface are (for example, blue Tooth etc.), user or external equipment can input the input instruction or operational order for selecting application by external interface.
In the present embodiment, in hardware layer, for each local mounted application, the ring of the application can be stored respectively Environment information, operational control module 20, can by Hardware drive module 10 in the case of it is determined that locally having installed the application of selection The corresponding environmental information of application to read selection.
In an optional embodiment of the present embodiment, the authority information in environmental information can record corresponding application The authority obtained is needed when performing some operational orders, for example, it is necessary to obtain before the operational order for reading key is performed PIN code certification;In addition, authority information can also record whether corresponding application has permission some operational orders of execution, for example, intelligence Energy IC-card is applied without authority for reading signature key etc..
In an optional embodiment of the present embodiment, the environmental information can also include:Divide in advance for recording The spatial information of the amount of physical memory of the application selected described in dispensing;The operational control module 20 can be also used for:Receive Apply what is sent when performing the operational order to transfer application data request to the selection, wherein, it is described to transfer application The identification information of the application data of request call is carried in request of data;According to the identification information, called described in judgement The application data application that whether belongs to the selection file system under application data;Institute is judged according to the spatial information Whether the physical storage address for stating the application data called belongs to the amount of physical memory for the application for being pre-assigned to the selection; It is determined that application data under the file system for the application that the application data called belongs to the selection, and described call In the case that the physical storage address of application data belongs to the amount of physical memory for the application for being pre-assigned to the selection, transfer The application data called, and the application data called is returned to the application of the selection.
I.e. in above-mentioned optional embodiment, selection apply perform operational order when, it is necessary to call bottom store Application data, then operational control module 20 receiving selection application send transfer application data request when, in order to ensure The safety of application data, operational control module 20 performs two judgements and operated, and one judges that operation is to judge to ask that transfers to answer With data whether be selection application file system under application data, another judge operation be judge request transfer should With the physical storage addresses of data whether be the application for being pre-assigned to selection amount of physical memory, only judge behaviour at two The judgement of work is that the application data that the application of selection is asked just is transferred in the case of being, and the application data is sent to The application of selection, so as to ensure the safety of application data, it is to avoid transfer application data across application, for example, performing IC-card application When, call signature private key of intelligent code key etc..
In above-mentioned optional embodiment, alternatively, the operational control module 20 specifically can be used for by with lower section Application data under the file system for the application whether application data called described in formula judgement belongs to the selection:Described it will answer The Hardware drive module 10 is sent to the identification information of mark and the application data of request call;According to the hardware driving Whether the application data called described in the lookup result judgement that module 10 is returned belongs to the file system of the application of the selection Application data under system;The Hardware drive module 10 can be also used for:Judge in file system corresponding with the application identities The application data corresponding with the identification information whether is found under system, and lookup result is notified into the operational control module 20.I.e. in the optional embodiment, operational control module 20 is by the identification information of application identities and the application data of request call Hardware drive module 10 is sent to, Hardware drive module 10 in application identities respective file system with searching the application data Identification information, if found, illustrates that the application data of request call belongs to the file system of the application, otherwise, then illustrates The application data of request call is not belonging to the file system of the application.In this way, hardware driving mould can directly be passed through Block 10 is judged, without all application datas under the file system of the application currently selected are loaded into internal memory in advance, is subtracted Few other additional processing.
In an optional embodiment of the embodiment of the present invention, the operational control module 20 can be also used for:Obtain After the application identities of the application of selection, by the Hardware drive module 10, file corresponding with the application identities is obtained All application datas under system, and all application datas are loaded into internal memory;It is described in the optional embodiment Operational control module 20 specifically for judging whether the application data called belongs to answering for the selection in the following manner Application data under file system:Judge to whether there is the application data corresponding with the identification information in the internal memory, If, it is determined that the application data under the file system for the application that the application data called belongs to the selection, otherwise, It is determined that the application data under the file system for the application that the application data called is not belonging to the selection.I.e. in the optional reality Apply in mode, operational control module 20 is after the application identities of application of selection are got, by Hardware drive module 10, will All application datas under the corresponding file system of application identities are loaded into internal memory, before some application data is transferred, root According to the identification information for the application data for asking to transfer, all applications under the file system of the application loaded in internal memory are searched With the presence or absence of the application data for asking to transfer in data, if it is present explanation asks the application data transferred to belong to choosing Application data under the corresponding file system of application selected, otherwise, illustrates to ask the application data transferred to be not belonging to selection Using the application data under corresponding file system.By the optional embodiment, operational control module 20 can be in advance by choosing All application datas under the corresponding file system of application selected are loaded into internal memory, so as to receive every time to that should select All without calling application data by Hardware drive module after the operational order of application, it can improve and judge to ask that transfers to answer Judgement speed under the corresponding file system of application for whether belonging to selection with data, improves the execution efficiency of operational order.
In above-mentioned optional embodiment, operational control module 20 after the application identities of application of selection are got, By Hardware drive module 10, all application datas under the corresponding file system of application identities are loaded into the situation in internal memory Under, operational control module 20 transfer it is described call application data when, can be obtained directly from internal memory described in call answer With data, so as to improve the speed for calling application data.
In above-mentioned optional embodiment, alternatively, the spatial information in environmental information is in record in advance to be corresponding Application distribution amount of physical memory when, a range of physical addresses can be recorded, can also a record start physical address with And be the size using the amount of physical memory of distribution, specific the present embodiment is not construed as limiting.
In above-mentioned optional embodiment, the tune of each application data can also be recorded in the authority information in environmental information Weighting is limited, therefore, alternatively, and the operational control module 20 can be also used for before the application data called is transferred, The authority information of the application of the selection is inquired about, judges whether the application of the selection has and transfers the application data called Authority, in the case of it is determined that the application of the selection has the authority for transferring the application data called, execution is transferred The operation of the application data called.By the optional embodiment, application data can be avoided illegally to be called, it is ensured that should With the safety of data.
In an optional embodiment of the embodiment of the present invention, in order to avoid during the application of selection is performed, The operational order of other application is performed by mistake, for example, after user selects the OTP applications of multifunction intelligent key equipment, it is outside Card reader sends Card Reader request to multifunction intelligent key equipment, and in the present embodiment, the operational control module 20 can be with For:Before the application that the operational order is sent to the selection is performed, judge that what is carried in the operational order answers It is consistent with the application identities of the application (for example, the application OTP currently selected) of the selection with identifying whether, in consistent situation Under, perform the operation that the application that the operational order is sent into the selection is performed.Pass through the optional embodiment, Ke Yibao Multifunction intelligent key equipment is demonstrate,proved after user selectes an application, the behaviour of the other application outside the application will not be performed again Instruct, it is to avoid multifunction intelligent key equipment is redirected between multiple application programs and caused dangerous using what is performed.
In a particular application, operational control module 20 can be real by the operational control layer in multifunction intelligent key equipment It is existing, and Hardware drive module 10 can be realized by the layer of the hardware driving in multi-functional key devices, hardware driving layer is by right External tapping is communicated with outside, also, hardware driving layer can directly access the storage of multifunction intelligent key equipment bottom Equipment.
In an optional embodiment of the embodiment of the present invention, hardware driving layer in can with integrated scheduling layer function, By multiple association coordinated managements in multifunction intelligent key equipment and call, so that specification flow.Or, in this implementation In another optional embodiment of example, as shown in Fig. 2 dispatch layer can also be provided separately with hardware driving layer.Shown in Fig. 2 Structure in, external interface receives the application selection instruction (step 1) of outside input, and hardware driving layer refers to this using selection Order is sent to dispatch layer (step 2), and this is dispatched to operational control layer (step 3), operational control by dispatch layer using selection instruction Layer is it is determined that this is applied (present embodiment assumes that having installed three in multifunction intelligent key equipment using selection instruction is selected Individual application, i.e., using 1, using 2 and apply 3, selected application for apply 2) for local mounted application in the case of, lead to The environmental information (step 4) of the selected application of hardware driving layer reading bottom storage is crossed, after this, is connect in external interface When receiving operational order (step 5), the operational order is sent to dispatch layer (step 6) by hardware driving layer, and dispatch layer grasps this Operational control layer (step 7) is sent to as instruction, operational control layer judges the behaviour according to the environmental information of the current application of reading Instruct whether in the instruction list of environmental information, if it is, determining whether to perform whether the operational order needs to obtain Authorize, if not in instruction list, returning to the configured information with operation failure.If it is determined that performing the operation needs acquisition Authorize, then point out user's input authentication information, and the authentication information inputted to user is authenticated, situation about passing through in certification Under, operational order is sent to the application (step 8) of selection, if certification does not pass through, the instruction of application operation failure is returned to Information;If it is determined that performing the operation need not be authorized, then the operational order is directly sent to the application (step of selection 8).The application of selection is received after the operational order, performs corresponding operation, during corresponding operation is performed, such as Fruit needs to call application data, then application sends the call request (step 9) of application data, operational control layer to operational control layer After the call request for receiving application data, judge whether the physical storage address for the application data that application request is called is dividing Whether the amount of physical memory of the dispensing application and the application data of institute's request call are being sentenced under the file system of the application Disconnected result is that in the case of being, operational control layer sends application data call request (step 10), hardware to hardware driving layer Driving layer reads the application data of request call from the file system of the application, and the application data is returned into operational control The application data is returned to application (step 12) by layer (step 11), operational control layer.
The operational order performs device of the multifunction intelligent key equipment provided by the present embodiment, can be in same intelligence Multiple applications are realized on key devices, and each application can be isolated so that the proprietary instruction in each application can only be in the application In effectively, and the application data respectively applied can only be by the application call, it is to avoid the security breaches between many applications, improves multi-functional The security of intelligent cipher key equipment.
Embodiment 2
Present embodiments provide a kind of multifunction intelligent key equipment.
The structural representation for a kind of multifunction intelligent key equipment that Fig. 3 provides for the present embodiment, as shown in figure 3, this reality Applying the multi-functional key devices of example offer mainly includes the operational order execution of the multifunction intelligent key equipment described in embodiment 1 Device, the function of the device specifically may refer to the description of embodiment 1, will not be repeated here.
As shown in figure 3, in an optional embodiment of the present embodiment, the multifunction intelligent key equipment can also be wrapped Include:The parts such as memory 30, display unit 40, power supply 50 and input block 60.It will be understood by those skilled in the art that Fig. 3 In the multifunction intelligent key equipment structure that shows do not constitute restriction to multifunction intelligent key equipment, can include than figure Show more or less parts, either combine some parts or different parts arrangement.
Each component parts of multifunction intelligent key equipment is simply introduced with reference to Fig. 3:
Memory 30 can be used for storage software program and data, can mainly include storing program area and storage data field, Wherein, the application program that storing program area can be needed for storage program area, each function of multifunction intelligent key equipment is (such as OTP, intellective IC card, card reader etc.) etc.;Storage data field can store in multifunction intelligent key equipment each apply journey Application data (such as voice data, phone directory etc.) that sequence is created etc..
Input block 60 can be used for the numeral or character information for receiving input, and produce and multifunction intelligent key equipment User set and function control it is relevant key signals input.Specifically, input block 60 may include contact panel 61 and Other input equipments 62.Contact panel 61, also referred to as touch-screen, collect touch operation of the user on or near it (such as User uses the behaviour of any suitable object or annex on contact panel 61 or near contact panel 61 such as finger, stylus Make), and corresponding attachment means are driven according to formula set in advance.Except contact panel 61, input block 60 can also be wrapped Include other input equipments 62.Specifically, other input equipments 62 can include but is not limited to physical keyboard, function key (such as sound Measure control button, switch key etc.), trace ball, mouse, the one or more in action bars etc..
Display unit 40 can be used for the information and multifunctional intellectual for showing the information inputted by user or being supplied to user The various menus of key devices.Display unit 40 may include display panel 41, optionally, can use liquid crystal display (Liquid Crystal Display, LCD), Organic Light Emitting Diode (Organic Light-Emitting Diode, ) etc. OLED form configures display panel 41.Further, contact panel 61 can cover display panel 41 as multifunctional intellectual The external interface of key devices.Although in figure 3, contact panel 61 is to come real as two independent parts with display panel 41 The input of existing multifunction intelligent key equipment and output function, but in some embodiments it is possible to by contact panel 61 with showing Show the input that is integrated and realizing multifunction intelligent key equipment of panel 41 and output function.
Multifunction intelligent key equipment can also include the power supply 50 (such as battery) powered to all parts.
Although not shown, multifunction intelligent key equipment can also include camera, bluetooth module etc., no longer go to live in the household of one's in-laws on getting married herein State.
Embodiment 3
A kind of method for executing operating instructions of multifunction intelligent key equipment is present embodiments provided, this method can pass through Multi-functional intelligence described in the operational order performs device or embodiment 2 of multifunction intelligent key equipment described in above-described embodiment 1 Can key devices realize.Mainly provide the method for executing operating instructions of multifunction intelligent key equipment to the present embodiment below Flow is illustrated, and other related contents may refer to the description of embodiment 1 or 2.
A kind of flow chart of the method for executing operating instructions for multifunction intelligent key equipment that Fig. 4 provides for the present embodiment, As shown in figure 4, this method mainly may comprise steps of:
Step S401, Hardware drive module receives the input instruction for selecting application, and the input instruction is sent Give operational control module;
Step S402, the operational control module obtains the application identities of the application of the input instruction selection;
Step S403, the operational control module according to the application identities judge the selection application whether be described in One in the mounted multiple applications of multifunction intelligent key equipment;
Step S404, it is determined that the application of the selection is the mounted multiple applications of the multifunction intelligent key equipment In one in the case of, the operational control module passes through the Hardware drive module and obtains institute according to the application identities The environmental information of the application of selection is stated, wherein, the environmental information includes:The application allows instruction list and the power performed Limit information;
After the environmental information of application of the selection is obtained, received every time in the Hardware drive module outside defeated During the operational order entered, subsequent step S405 to step S409 is performed, i.e., receives outside every time in the Hardware drive module During the operational order of input, circulation performs step S405 to step S409.
Step S405, the operational control module gets the operational order of the outside input, judges that the operation refers to Whether order is in the instruction list, if it is, performing step S406, otherwise, performs step S409;
Step S406, the authority information in the environmental information judges to perform whether the operational order needs Authorized, if it is, performing step S407, otherwise, perform step S408;
Step 407, user's input authentication information is pointed out, and the authentication information inputted to user is authenticated, it is logical in certification In the case of crossing, step S408 is performed, in certification in the case of, step S409 is performed;
Step S408, the application that the operational order is sent into the selection is performed;
Step S409, the operational control module returns to the configured information of application operation failure.
In the above method that the present embodiment is provided, user input instruction selection can be currently needed for making according to actual needs Input instruction is distributed to operational control module, operational control by application, Hardware drive module after input instruction is received Module obtains the environment letter of the application of selection by Hardware drive module in the case of it is determined that locally having installed the application of selection Breath, after subsequently received operational order, safety certification is carried out according to the information recorded in environmental information, logical in safety certification After crossing, operational order is just sent to corresponding application and performed, so as to ensure that the safety of application program, it is to avoid due to many work( The safety problem that application program on energy intelligent cipher key equipment is illegally called and caused.
In the present embodiment, the environmental information of the application of selection can be loaded into internal memory by operational control module, connect When receiving the input instruction for exiting the application currently selected or selection new opplication, internal memory is emptied, to improve the processing speed of program.
In specific implementation process, external interface can be set in Hardware drive module, including but not limited to hardware is inputted Mouth (for example, keyboard), wired external communication interface (for example, USB interface etc.) or wireless external communication interface are (for example, bluetooth Deng), user or external equipment can input the input instruction or operational order for selecting application by external interface.
In the present embodiment, in hardware layer, for each local mounted application, the application can be stored respectively in advance Environmental information, operational control module it is determined that it is local the application of selection has been installed in the case of, can by Hardware drive module The corresponding environmental information of application to read selection.
In an optional embodiment of the embodiment of the present invention, the environmental information also includes:Divide in advance for recording The spatial information of the amount of physical memory of the application selected described in dispensing;After step S408, methods described also includes:It is described Operational control module receive the selection apply perform the operational order when send transfer application data request, its In, it is described to transfer the identification information that the application data of request call is carried in application data request;The operational control mould Root tuber according to the identification information, judge described in the application that whether belongs to the selection of the application data called file system under Application data;The physical storage address for the application data that the operational control module is called according to judging the spatial information Whether the amount of physical memory of the application that is pre-assigned to the selection is belonged to;It is determined that the application data called belongs to institute Application data under the file system for the application for stating selection, and the physical storage address of the application data called belongs to advance In the case of the amount of physical memory for the application for distributing to the selection, the application called described in the operational control module calls Data, and the application data called is returned to the application of the selection.
I.e. in above-mentioned optional embodiment, selection apply perform operational order when, it is necessary to call bottom store Application data, then operational control module receiving selection application send transfer application data request when, in order to ensure should With the safety of data, operational control module performs two and judges operation, and one judges that operation is the application for judging to ask to transfer Data whether be selection application file system under application data, another judges that operation is to judge that asks to transfer answers With the physical storage addresses of data whether be the application for being pre-assigned to selection amount of physical memory, only judge behaviour at two The judgement of work is that the application data that the application of selection is asked just is transferred in the case of being, and the application data is sent to The application of selection, so as to ensure the safety of application data, it is to avoid transfer application data across application.
In above-mentioned optional embodiment, alternatively, the operational control module judges described according to the identification information The application data whether application data called belongs under the file system of the application of the selection, can include:The operation The application identities and the identification information are sent to the Hardware drive module by control module;The Hardware drive module is sentenced Break and the application data corresponding with the identification information whether is found under file system corresponding with the application identities, and will Lookup result notifies the operational control module;The institute that the operational control module is called according to judging the lookup result State the application data under the file system for the application whether application data belongs to the selection.I.e. in the optional embodiment, behaviour Make control module and the identification information of application identities and application data is sent to Hardware drive module, Hardware drive module is with answering The identification information of the application data is searched with mark respective file system, if found, illustrates answering for institute's request call Belong to the file system of the application with data, otherwise, then illustrate that the application data of institute's request call is not belonging to the file of the application System.In this way, directly it can be judged by Hardware drive module, without in advance by the application currently selected All application datas under file system are loaded into internal memory, reduce other additional processing.
In an optional embodiment of the embodiment of the present invention, the operational control module obtains answering for the application of selection After mark, methods described also includes:The operational control module is obtained and the application by the Hardware drive module All application datas under corresponding file system are identified, and all application datas are loaded into internal memory;The operation Control module according to the identification information, judge described in the application data called whether belong to the selection application file system Application data under system, including:The operational control module is judged in the internal memory with the presence or absence of corresponding with the identification information Application data, if, it is determined that under the file system for the application that the application data called belongs to the selection should With data, otherwise, it determines the application data under the file system for the application that the application data called is not belonging to the selection. I.e. in the optional embodiment, operational control module is driven after the application identities of application of selection are got by hardware Dynamic model block, all application datas under the corresponding file system of application identities are loaded into internal memory, number is applied transferring some According to before, according to the identification information for the application data for asking to transfer, under the file system for searching the application loaded in internal memory All application datas in the presence or absence of the application data transferred is asked, if it is present illustrating the application for asking to transfer The application data that data belong under the corresponding file system of application of selection, otherwise, illustrates to ask the application data transferred not The application data belonged under the corresponding file system of application of selection.By the optional embodiment, operational control module can be with All application datas under the corresponding file system of the application of selection are loaded into internal memory in advance, so as to receive correspondence every time All it can improve judgement without calling application data by Hardware drive module after the operational order of the application of the selection and be asked The judgement the speed whether application data transferred belongs under the corresponding file system of application of selection, improves the execution of operational order Efficiency.
In above-mentioned optional embodiment, operational control module is led to after the application identities of application of selection are got Hardware drive module is crossed, in the case that all application datas under the corresponding file system of application identities are loaded into internal memory, Operational control module transfer it is described call application data when, can be obtained directly from internal memory described in the application number that calls According to so as to improve the speed for calling application data.
In above-mentioned optional embodiment, alternatively, the spatial information in environmental information is in record in advance to be corresponding Application distribution amount of physical memory when, a range of physical addresses can be recorded, can also a record start physical address with And be the size using the amount of physical memory of distribution, specific the present embodiment is not construed as limiting.
In above-mentioned optional embodiment, the tune of each application data can also be recorded in the authority information in environmental information Weighting is limited, and therefore, alternatively, before the application data called described in the operational control module calls, methods described may be used also With including:Authority information described in the operational control module polls, judges whether the application of the selection has and transfers the tune The authority of application data, it is determined that the application of the selection has a case that the authority for transferring the application data called Under, perform the operation for transferring the application data called.By the optional embodiment, application data can be avoided illegal Call, it is ensured that the safety of application data.
In an optional embodiment of the embodiment of the present invention, in order to avoid during the application of selection is performed, The operational order of other application is performed by mistake, for example, after user selects the OTP applications of multifunction intelligent key equipment, it is outside Card reader sends Card Reader request to multifunction intelligent key equipment, in the present embodiment, the operational order is sent to described Before the application of selection is performed, methods described can also include:The operational control module judges to carry in the operational order Application identities it is whether consistent with the application identities of the application of the selection, in the case of consistent, perform and refer to the operation The step of application that order is sent to the selection is performed.Pass through the optional embodiment, it is ensured that multifunction intelligent key is set After an application is selected in user, the operational order of the other application outside the application will not be performed again, it is to avoid multi-functional Intelligent cipher key equipment is redirected between multiple application programs and caused dangerous using what is performed.
The method for executing operating instructions of the multifunction intelligent key equipment provided by the present embodiment, can be in same intelligence Multiple applications are realized on key devices, and each application can be isolated so that the proprietary instruction in each application can only be in the application In effectively, and the application data respectively applied can only be by the application call, it is to avoid the security breaches between many applications, improves multi-functional The security of intelligent cipher key equipment.
Any process described otherwise above or method description are construed as in flow chart or herein, represent to include Module, fragment or the portion of the code of one or more executable instructions for the step of realizing specific logical function or process Point, and the scope of the preferred embodiment of the present invention includes other realization, wherein can not be by shown or discussion suitable Sequence, including according to involved function by it is basic simultaneously in the way of or in the opposite order, carry out perform function, this should be of the invention Embodiment person of ordinary skill in the field understood.
It should be appreciated that each several part of the present invention can be realized with hardware, software, firmware or combinations thereof.Above-mentioned In embodiment, the software that multiple steps or method can in memory and by suitable instruction execution system be performed with storage Or firmware is realized.If, and in another embodiment, can be with well known in the art for example, realized with hardware Any one of row technology or their combination are realized:With the logic gates for realizing logic function to data-signal Discrete logic, the application specific integrated circuit with suitable combinational logic gate circuit, programmable gate array (PGA), scene Programmable gate array (FPGA) etc..
Those skilled in the art are appreciated that to realize all or part of step that above-described embodiment method is carried Rapid to can be by program to instruct the hardware of correlation to complete, described program can be stored in a kind of computer-readable storage medium In matter, the program upon execution, including one or a combination set of the step of embodiment of the method.
In addition, each functional unit in each embodiment of the invention can be integrated in a processing module, can also That unit is individually physically present, can also two or more units be integrated in a module.Above-mentioned integrated mould Block can both be realized in the form of hardware, it would however also be possible to employ the form of software function module is realized.The integrated module is such as Fruit is realized using in the form of software function module and as independent production marketing or in use, can also be stored in a computer In read/write memory medium.
Storage medium mentioned above can be read-only storage, disk or CD etc..
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show The description of example " or " some examples " etc. means to combine specific features, structure, material or the spy that the embodiment or example are described Point is contained at least one embodiment of the present invention or example.In this manual, to the schematic representation of above-mentioned term not Necessarily refer to identical embodiment or example.Moreover, specific features, structure, material or the feature of description can be any One or more embodiments or example in combine in an appropriate manner.
Although embodiments of the invention have been shown and described above, it is to be understood that above-described embodiment is example Property, it is impossible to limitation of the present invention is interpreted as, one of ordinary skill in the art is not departing from the principle and objective of the present invention In the case of above-described embodiment can be changed within the scope of the invention, change, replace and modification.The scope of the present invention By appended claims and its equivalent limit.

Claims (13)

1. a kind of method for executing operating instructions of multifunction intelligent key equipment, it is characterised in that including:
Hardware drive module receives the input instruction for selecting application, and the input instruction is sent into operational control mould Block;
The operational control module obtains the application identities of the application of the input instruction selection;
The operational control module judges whether the application of the selection is that the multifunctional intellectual is close according to the application identities One in the mounted multiple applications of key equipment;
It is determined that the selection application be the mounted multiple applications of the multifunction intelligent key equipment in the feelings of one Under condition, the operational control module obtains the application of the selection by the Hardware drive module according to the application identities Environmental information, wherein, the environmental information includes:The application allows the instruction list and authority information performed;
After the environmental information of application of the selection is obtained, outside input is received every time in the Hardware drive module During operational order, following steps are performed:
Step 1, the operational control module gets the operational order of the outside input, judge the operational order whether In the instruction list, if it is, performing step 2, otherwise, step 5 is performed;
Step 2, the authority information in the environmental information, judges to perform whether the operational order needs to be awarded Power, if it is, performing step 3, otherwise, performs step 4;
Step 3, user's input authentication information is pointed out, and the authentication information inputted to user is authenticated, the feelings passed through in certification Under condition, step 4 is performed, in certification in the case of, step 5 is performed;
Step 4, the application for the operational order being sent into the selection is performed;
Step 5, the operational control module returns to the configured information of application operation failure.
2. according to the method described in claim 1, it is characterised in that
The environmental information also includes:For the space letter for the amount of physical memory for recording the application for being pre-assigned to the selection Breath;
After step 4, methods described also includes:
What the operational control module received the selection applies what is sent when performing the operational order to transfer and apply number According to request, wherein, it is described to transfer the identification information that the application data of request call is carried in application data request;
The operational control module according to the identification information, judge described in the application data called whether belong to the selection Application data under the file system of application;
Whether the physical storage address for the application data that the operational control module is called according to judging the spatial information Belong to the amount of physical memory for the application for being pre-assigned to the selection;
It is determined that application data under the file system for the application that the application data called belongs to the selection, and described adjust In the case that the physical storage address of application data belongs to the amount of physical memory for the application for being pre-assigned to the selection, The application data called described in the operational control module calls, and the application data called is returned into the selection Using.
3. method according to claim 2, it is characterised in that the application number called described in the operational control module calls According to before, methods described also includes:
Authority information described in the operational control module polls, judges whether the application of the selection has and transfers described call The authority of application data, in the case of it is determined that the application of the selection has the authority for transferring the application data called, Perform the operation for transferring the application data called.
4. method according to claim 2, it is characterised in that the operational control module is sentenced according to the identification information Application data under the file system for the application whether disconnected application data called belongs to the selection, including:
The application identities and the identification information are sent to the Hardware drive module by the operational control module;
The Hardware drive module judges whether found under file system corresponding with the application identities and the mark The corresponding application data of information, and lookup result is notified into the operational control module;
Whether the application data that the operational control module is called according to judging the lookup result belongs to the choosing Application data under the file system for the application selected.
5. method according to claim 2, it is characterised in that
After the application identities for the application that the operational control module obtains selection, methods described also includes:The operational control Module obtains all application datas under file system corresponding with the application identities by the Hardware drive module, and All application datas are loaded into internal memory;
The operational control module according to the identification information, judge described in the application data called whether belong to the selection Application data under the file system of application, including:The operational control module judge in the internal memory whether there is with it is described Application data corresponding to identification information, if, it is determined that the application data called belongs to the text of the application of the selection Application data under part system, otherwise, it determines the application data called is not belonging to the file system of the application of the selection Under application data.
6. the method according to any one of claim 1 to 5, it is characterised in that the operational order is sent to the choosing Before the application selected is performed, methods described also includes:The operational control module judges the application carried in the operational order Identify whether consistent with the application identities of the application of the selection, in the case of consistent, execution sends the operational order The step of application to the selection is performed.
7. a kind of operational order performs device of multifunction intelligent key equipment, it is characterised in that including:
Hardware drive module, for receiving the input instruction for selecting application, operation control is sent to by the input instruction Molding block;
The operational control module, the application identities of the application for obtaining the input instruction selection, according to the application mark Know and judge whether the application of the selection is one in the mounted multiple applications of the multifunction intelligent key equipment, and In the case of determining that the application of the selection is one in the mounted multiple applications of the multifunction intelligent key equipment, root According to the application identities, the environmental information of the application of the selection is obtained by the Hardware drive module, wherein, the environment Information includes:The application allows the instruction list and authority information performed;
The Hardware drive module, is additionally operable to receive the operational order of outside input, the operational order is sent into the behaviour Make control module;
The operational control module, is additionally operable to:The operational order of the outside input is got, whether the operational order is judged In the instruction list, in the operational order in the case of the instruction list, the institute in the environmental information Authority information is stated, judges to perform whether the operational order needs to be authorized, it is determined that performing the operational order needs to obtain In the case of must authorizing, user's input authentication information is pointed out, and the authentication information inputted to user is authenticated, and is passed through in certification In the case of, the application that the operational order is sent into the selection is performed, and is not needed it is determined that performing the operational order In the case of being authorized, the application that the operational order is sent into the selection is performed;And in operational order not in institute In the case of stating instruction list, or, it is authenticated to the authentication information that user inputs in the case of, returning should With the configured information of operation failure.
8. device according to claim 7, it is characterised in that
The environmental information also includes:For the space letter for the amount of physical memory for recording the application for being pre-assigned to the selection Breath;
The operational control module is additionally operable to:Receive the selection applies what is sent when performing the operational order to transfer Application data is asked, wherein, it is described to transfer the identification information that the application data of request call is carried in application data request; According to the identification information, answering under the file system for the application whether application data called described in judgement belongs to the selection Use data;Whether the physical storage address for the application data called according to judging the spatial information, which belongs to, is pre-assigned to The amount of physical memory of the application of the selection;It is determined that the application data called belongs to the file of the application of the selection Application data under system, and the application data called physical storage address belong to be pre-assigned to the selection should In the case of amount of physical memory, the application data called is transferred, and the application data called is returned to The application of the selection.
9. device according to claim 8, it is characterised in that
The operational control module is additionally operable to:Before the application data called is transferred, the authority information is inquired about, is judged Whether the application of the selection has the authority for transferring the application data called, it is determined that the application of the selection has tune In the case of the authority for taking the application data called, the operation for transferring the application data called is performed.
10. device according to claim 8, it is characterised in that
The operational control module specifically for judging whether the application data called belongs to the choosing in the following manner Application data under the file system for the application selected:The application identities and the identification information are sent to the hardware driving Module;Described in whether the application data called according to judging the lookup result that the Hardware drive module is returned belongs to Application data under the file system of the application of selection;
The Hardware drive module is additionally operable to:Judge whether found under file system corresponding with the application identities and institute Application data corresponding to identification information is stated, and lookup result is notified into the operational control module.
11. device according to claim 8, it is characterised in that
The operational control module is additionally operable to:After the application identities for the application for obtaining selection, by the Hardware drive module, All application datas under corresponding with application identities file system are obtained, and all application datas are loaded into interior In depositing;
The operational control module specifically for judging whether the application data called belongs to the choosing in the following manner Application data under the file system for the application selected:Judge to whether there is the application corresponding with the identification information in the internal memory Data, if, it is determined that the application data under the file system for the application that the application data called belongs to the selection, Otherwise, it determines the application data under the file system for the application that the application data called is not belonging to the selection.
12. the device according to any one of claim 7 to 11, it is characterised in that
The operational control module is additionally operable to:Before the application that the operational order is sent to the selection is performed, judge Whether the application identities carried in the operational order are consistent with the application identities of the application of the selection, in consistent situation Under, perform the operation that the application that the operational order is sent into the selection is performed.
13. a kind of multifunction intelligent key equipment, it is characterised in that including any one of claim 7 to 12 described device.
CN201710138730.1A 2017-03-09 2017-03-09 Multifunctional intelligent secret key equipment and operation instruction execution method and device thereof Active CN107066894B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710138730.1A CN107066894B (en) 2017-03-09 2017-03-09 Multifunctional intelligent secret key equipment and operation instruction execution method and device thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710138730.1A CN107066894B (en) 2017-03-09 2017-03-09 Multifunctional intelligent secret key equipment and operation instruction execution method and device thereof

Publications (2)

Publication Number Publication Date
CN107066894A true CN107066894A (en) 2017-08-18
CN107066894B CN107066894B (en) 2019-12-10

Family

ID=59622528

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710138730.1A Active CN107066894B (en) 2017-03-09 2017-03-09 Multifunctional intelligent secret key equipment and operation instruction execution method and device thereof

Country Status (1)

Country Link
CN (1) CN107066894B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109586902A (en) * 2018-12-10 2019-04-05 飞天诚信科技股份有限公司 A kind of intelligent cipher key equipment and its working method
CN109800561A (en) * 2018-12-29 2019-05-24 360企业安全技术(珠海)有限公司 Drive authority control method, client, system and storage medium
CN109831304A (en) * 2018-12-26 2019-05-31 北京握奇智能科技有限公司 A kind of more application methods and system of ID authentication device
CN111124522A (en) * 2020-04-01 2020-05-08 广东戴维利科技有限公司 Method and system for mixing microkernel and macrokernel
CN112543454A (en) * 2020-11-30 2021-03-23 亚信科技(成都)有限公司 Authentication method and equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102222390A (en) * 2011-06-30 2011-10-19 飞天诚信科技股份有限公司 Multifunctional intelligent key device and working method thereof
CN102542323A (en) * 2010-11-16 2012-07-04 北京中电华大电子设计有限责任公司 Multifunctional visual intelligent card
CN103297243A (en) * 2013-06-14 2013-09-11 飞天诚信科技股份有限公司 Working method of multi-functional intelligent secret key device
CN105376059A (en) * 2014-08-15 2016-03-02 中国电信股份有限公司 Method and system for performing application signature based on electronic key
CN106022095A (en) * 2016-01-21 2016-10-12 李明 Safety device, safety control method and identity card card-reading terminal

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102542323A (en) * 2010-11-16 2012-07-04 北京中电华大电子设计有限责任公司 Multifunctional visual intelligent card
CN102222390A (en) * 2011-06-30 2011-10-19 飞天诚信科技股份有限公司 Multifunctional intelligent key device and working method thereof
CN103297243A (en) * 2013-06-14 2013-09-11 飞天诚信科技股份有限公司 Working method of multi-functional intelligent secret key device
CN105376059A (en) * 2014-08-15 2016-03-02 中国电信股份有限公司 Method and system for performing application signature based on electronic key
CN106022095A (en) * 2016-01-21 2016-10-12 李明 Safety device, safety control method and identity card card-reading terminal

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109586902A (en) * 2018-12-10 2019-04-05 飞天诚信科技股份有限公司 A kind of intelligent cipher key equipment and its working method
CN109586902B (en) * 2018-12-10 2021-07-20 飞天诚信科技股份有限公司 Intelligent key equipment and working method thereof
CN109831304A (en) * 2018-12-26 2019-05-31 北京握奇智能科技有限公司 A kind of more application methods and system of ID authentication device
CN109831304B (en) * 2018-12-26 2024-04-02 北京握奇智能科技有限公司 Multi-application method and system of identity authentication equipment
CN109800561A (en) * 2018-12-29 2019-05-24 360企业安全技术(珠海)有限公司 Drive authority control method, client, system and storage medium
CN111124522A (en) * 2020-04-01 2020-05-08 广东戴维利科技有限公司 Method and system for mixing microkernel and macrokernel
CN112543454A (en) * 2020-11-30 2021-03-23 亚信科技(成都)有限公司 Authentication method and equipment
CN112543454B (en) * 2020-11-30 2022-11-15 亚信科技(成都)有限公司 Authentication method and equipment

Also Published As

Publication number Publication date
CN107066894B (en) 2019-12-10

Similar Documents

Publication Publication Date Title
CN107066894A (en) A kind of multifunction intelligent key equipment and its method for executing operating instructions and device
CN107818258A (en) Indirect certification
CN101447010B (en) Login system and method for logging in
CN106487747B (en) User identification method, system, device and processing method, device
CN104798078B (en) Calculate the transformation between the access state of device
AU2014327030B2 (en) Scrambling passcode entry interface
CN107526953A (en) Support the electronic installation and its operating method of finger print identifying function
CN107852599A (en) Use the selective matching of the wireless device of shared key
US8601552B1 (en) Personal identification pairs
CN107944332A (en) Fingerprint recognition card and the method for operating fingerprint recognition card
CN106537403A (en) System for accessing data from multiple devices
CN106104563A (en) The technology of network security is provided by the account just opened on time
CN106797383A (en) Security context management in multi-tenant environment
CN108563942A (en) Utilize the certification of two level ratifier
CN106652109A (en) Intelligent lock control method, device and lock management server
CN105956431B (en) A kind of application protection processing method and mobile terminal
CN103310169A (en) SD (Secure Digital) card data protection method and protection system thereof
CN105701420B (en) A kind of management method and terminal of user data
CN106354399A (en) Method, device, and electronic device for assignment of application permission
CN105337974A (en) Account authorization method, account login method, account authorization device and client end
CN109643473A (en) A kind of method, apparatus and system of identity legitimacy verifying
CN106327206A (en) Genuine product certification means and system
CN103793644B (en) Information safety devices realize method, information safety devices and the system of many applications
CN105956436A (en) Permission control method of application program, and terminal
CN105791139A (en) Routing device, network access method and device of communication terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant