CN107368746A - Cryptographic algorithm call method and device based on encrypted card - Google Patents

Cryptographic algorithm call method and device based on encrypted card Download PDF

Info

Publication number
CN107368746A
CN107368746A CN201710620839.9A CN201710620839A CN107368746A CN 107368746 A CN107368746 A CN 107368746A CN 201710620839 A CN201710620839 A CN 201710620839A CN 107368746 A CN107368746 A CN 107368746A
Authority
CN
China
Prior art keywords
cryptographic algorithm
jce
encrypted card
interfaces
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710620839.9A
Other languages
Chinese (zh)
Inventor
李龙
孙弘洋
何兆娟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SANLINGSHENG-AN INFORMATION SYSTEM Co Ltd CHENGDU CITY
Original Assignee
SANLINGSHENG-AN INFORMATION SYSTEM Co Ltd CHENGDU CITY
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SANLINGSHENG-AN INFORMATION SYSTEM Co Ltd CHENGDU CITY filed Critical SANLINGSHENG-AN INFORMATION SYSTEM Co Ltd CHENGDU CITY
Priority to CN201710620839.9A priority Critical patent/CN107368746A/en
Publication of CN107368746A publication Critical patent/CN107368746A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Automation & Control Theory (AREA)
  • Telephone Function (AREA)

Abstract

The embodiments of the invention provide a kind of cryptographic algorithm call method and device based on encrypted card, belong to data processing field.This method includes:Obtain and instruct in response to cryptographic algorithm, call JCE interfaces;The cryptographic algorithm that the JCE interfaces obtain from the cryptographic algorithm calling interface of its encrypted card encapsulated is received, wherein, the cryptographic algorithm includes asymmetric cryptographic algorithm and symmetric cryptographic algorithm.This method causes terminal device application only to call the JCE interfaces of encapsulation to call the cryptographic algorithm in bottom encrypted card, reduces the workload that terminal device calls cryptographic algorithm in encrypted card.

Description

Cryptographic algorithm call method and device based on encrypted card
Technical field
The present invention relates to data processing field, in particular to a kind of cryptographic algorithm call method based on encrypted card And device.
Background technology
Java is a kind of object oriented program language that can write cross-platform software, be by The java applet design language and the assembly of Java platform that SunMicrosystems companies release May nineteen ninety-five.Java technology Versatility, high efficiency, platform transplantation and security with brilliance, it is widely used in personal PC, data center, game control Platform, science supercomputer, mobile phone and internet.Under the industrial environment of global cloud computing and mobile Internet, Java More for significant advantage and bright prospects.
Java platform defines one group of API, across main security field, including password, PKIX, certification, peace Full communication and access control.These API enable developer to be easily integrated into the security of their application code, Independence mainly around implementation, the scalability expansion for realizing interoperability and algorithm.
With flourishing for mobile Internet, the application on various mobile phones emerges in an endless stream, the requirement to mobile security More and more higher, safety storage are mainly protected to the data in mobile terminal, are the key components of mobile security.
And as safety encrypts the security deficiency of soft algorithm, hard algorithm for encryption is progressively presented, in some of encrypted cards The application of cryptographic algorithm obtained extensive research.The solution of cryptographic algorithm in existing encrypted card is to pass through upper strata The cryptographic algorithm in the encrypted card of bottom is called using JNI technologies using (java codes), it is meant that the interface in encrypted card is all Will be directly called in upper layer application;But when algorithm or excessive interface, due to lacking unified interface specification, it will increase The workload that upper strata is called, and interface is excessively not easy to manage.
The content of the invention
In view of this, the purpose of the embodiment of the present invention be to provide a kind of cryptographic algorithm call method based on encrypted card and Device, to improve above mentioned problem.
In a first aspect, the embodiments of the invention provide a kind of cryptographic algorithm call method based on encrypted card, methods described Including:Obtain and instruct in response to cryptographic algorithm, call JCE interfaces;Receive password of the JCE interfaces from its encrypted card encapsulated The cryptographic algorithm that algorithm calling interface obtains, wherein, the cryptographic algorithm includes asymmetric cryptographic algorithm and symmetric cryptography Algorithm.
Further, it is described in response to cryptographic algorithm obtain instruct, call JCE interfaces the step of before, in addition to:It will add The cryptographic algorithm calling interface stored in close card is packaged into JCE interfaces.
Further, the cryptographic algorithm calling interface stored in encrypted card is packaged into JCE interfaces, including:By encrypted card The cryptographic algorithm calling interface encapsulation of middle storage is packaged into supplier, to realize JCE interface encapsulations.
Further, receive described in cryptographic algorithm calling interface acquisition of the JCE interfaces from its encrypted card encapsulated Cryptographic algorithm, including:The JCE interfaces are received using JNI technologies to obtain from the cryptographic algorithm calling interface of its encrypted card encapsulated The cryptographic algorithm taken.
Further, the encrypted card is TF card.
Second aspect, the embodiments of the invention provide a kind of cryptographic algorithm calling device based on encrypted card, described device Including:Respond module, instructed for being obtained in response to cryptographic algorithm, call JCE interfaces;Algorithm acquisition module, for receiving The cryptographic algorithm that JCE interfaces obtain from the cryptographic algorithm calling interface of its encrypted card encapsulated is stated, wherein, the password is calculated Method includes asymmetric cryptographic algorithm and symmetric cryptographic algorithm.
Further, described device also includes:Package module, for the cryptographic algorithm calling interface that will be stored in encrypted card It is packaged into JCE interfaces.
Further, the package module includes:Packing submodule, for the cryptographic algorithm stored in encrypted card to be called Interface encapsulation is packaged into supplier, to realize JCE interface encapsulations.
Further, the algorithm acquisition module, encapsulated specifically for receiving the JCE interfaces using JNI technologies from it Encrypted card cryptographic algorithm calling interface obtain the cryptographic algorithm.
Further, the encrypted card is TF card.
The beneficial effect of the embodiment of the present invention is:
The embodiment of the present invention provides a kind of cryptographic algorithm call method and device based on encrypted card, by response to password Algorithm obtains instruction, to call JCE interfaces, then receives cryptographic algorithm calling interface of the JCE interfaces from its encrypted card encapsulated The cryptographic algorithm obtained, the cryptographic algorithm includes asymmetric cryptographic algorithm and symmetric cryptographic algorithm, so that terminal is set Standby application need to only call the JCE interfaces of encapsulation to call the cryptographic algorithm in bottom encrypted card, reduce terminal device tune With the workload of cryptographic algorithm in encrypted card.
Other features and advantages of the present invention will illustrate in subsequent specification, also, partly become from specification It is clear that or by implementing understanding of the embodiment of the present invention.The purpose of the present invention and other advantages can be by saying what is write Specifically noted structure is realized and obtained in bright book, claims and accompanying drawing.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below by embodiment it is required use it is attached Figure is briefly described, it will be appreciated that the following drawings illustrate only certain embodiments of the present invention, therefore be not construed as pair The restriction of scope, for those of ordinary skill in the art, on the premise of not paying creative work, can also be according to this A little accompanying drawings obtain other related accompanying drawings.
Fig. 1 shows a kind of structured flowchart for the electronic equipment that can be applied in the embodiment of the present application;
Fig. 2 is a kind of flow chart of the cryptographic algorithm call method based on encrypted card provided in an embodiment of the present invention;
Fig. 3 is a kind of flow chart of the cryptographic algorithm call method based on encrypted card provided in an embodiment of the present invention;
Fig. 4 is a kind of structured flowchart of the cryptographic algorithm calling device based on encrypted card provided in an embodiment of the present invention;
Fig. 5 is a kind of structured flowchart of the cryptographic algorithm calling device based on encrypted card provided in an embodiment of the present invention.
Embodiment
Below in conjunction with accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Ground describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.Generally exist The component of the embodiment of the present invention described and illustrated in accompanying drawing can be configured to arrange and design with a variety of herein.Cause This, the detailed description of the embodiments of the invention to providing in the accompanying drawings is not intended to limit claimed invention below Scope, but it is merely representative of the selected embodiment of the present invention.Based on embodiments of the invention, those skilled in the art are not doing The every other embodiment obtained on the premise of going out creative work, belongs to the scope of protection of the invention.
It should be noted that:Similar label and letter represents similar terms in following accompanying drawing, therefore, once a certain Xiang Yi It is defined, then it further need not be defined and explained in subsequent accompanying drawing in individual accompanying drawing.Meanwhile the present invention's In description, term " first ", " second " etc. are only used for distinguishing description, and it is not intended that instruction or hint relative importance.
Fig. 1 is refer to, Fig. 1 shows a kind of structured flowchart for the electronic equipment 100 that can be applied in the embodiment of the present application. Electronic equipment 100 can be the terminal device described in the embodiment of the present invention, including cryptographic algorithm based on encrypted card calls dress Put, memory 101, storage control 102, processor 103, Peripheral Interface 104, input-output unit 105, audio unit 106, Display unit 107.
The memory 101, storage control 102, processor 103, Peripheral Interface 104, input-output unit 105, sound Frequency unit 106,107 each element of display unit are directly or indirectly electrically connected between each other, to realize the transmission of data or friendship Mutually.It is electrically connected with for example, these elements can be realized by one or more communication bus or signal wire between each other.It is described to be based on The cryptographic algorithm calling device of encrypted card include it is at least one can be stored in the form of software or firmware (firmware) it is described In memory 101 or it is solidificated in the operating system (operating of the cryptographic algorithm calling device based on encrypted card System, OS) in software function module.The processor 103 is used to perform the executable module stored in memory 101, Such as the software function module or computer program that the cryptographic algorithm calling device based on encrypted card includes.
Wherein, memory 101 may be, but not limited to, random access memory (Random Access Memory, RAM), read-only storage (Read Only Memory, ROM), programmable read only memory (Programmable Read-Only Memory, PROM), erasable read-only memory (Erasable Programmable Read-Only Memory, EPROM), Electricallyerasable ROM (EEROM) (Electric Erasable Programmable Read-Only Memory, EEPROM) etc.. Wherein, memory 101 is used for storage program, and the processor 103 performs described program after execute instruction is received, foregoing The method performed by server that the stream process that any embodiment of the embodiment of the present invention discloses defines can apply to processor 103 In, or realized by processor 103.
Processor 103 can be a kind of IC chip, have the disposal ability of signal.Above-mentioned processor 103 can To be general processor, including central processing unit (Central Processing Unit, abbreviation CPU), network processing unit (Network Processor, abbreviation NP) etc.;Can also be digital signal processor (DSP), application specific integrated circuit (ASIC), Ready-made programmable gate array (FPGA) either other PLDs, discrete gate or transistor logic, discrete hard Part component.It can realize or perform disclosed each method, step and the logic diagram in the embodiment of the present invention.General processor Can be microprocessor or the processor 103 can also be any conventional processor etc..
Various input/output devices are coupled to processor 103 and memory 101 by the Peripheral Interface 104.At some In embodiment, Peripheral Interface 104, processor 103 and storage control 102 can be realized in one single chip.Other one In a little examples, they can be realized by independent chip respectively.
Input-output unit 105 is used to be supplied to user input data to realize user and the server (or local terminal) Interaction.The input-output unit 105 may be, but not limited to, mouse and keyboard etc..
Audio unit 106 provides a user COBBAIF, and it may include one or more microphones, one or more raises Sound device and voicefrequency circuit.
Display unit 107 provided between the electronic equipment 100 and user an interactive interface (such as user operate boundary Face) or for display image data give user reference.In the present embodiment, the display unit 107 can be liquid crystal display Or touch control display.If touch control display, it can be the capacitance type touch control screen or resistance for supporting single-point and multi-point touch operation Formula touch screen etc..Single-point and multi-point touch operation is supported to refer to that touch control display can sense on the touch control display one Or multiple opening positions are with caused touch control operation, and the touch control operation that this is sensed transfer to processor 103 calculate and Processing.
Various input/output devices are coupled to processor 103 and memory 101 by the Peripheral Interface 104.At some In embodiment, Peripheral Interface 104, processor 103 and storage control 102 can be realized in one single chip.Other one In a little examples, they can be realized by independent chip respectively.
Input-output unit 105 is used to be supplied to user input data to realize interacting for user and processing terminal.It is described defeated Enter output unit 105 may be, but not limited to, mouse and keyboard etc..
It is appreciated that the structure shown in Fig. 1 is only to illustrate, the electronic equipment 100 may also include more more than shown in Fig. 1 Either less component or there is the configuration different from shown in Fig. 1.Each component shown in Fig. 1 can use hardware, software Or its combination is realized.
The noun mentioned in the embodiment of the present invention is introduced below.
1.JCE:Java Cryptography Extension (JCE) are one group of bags, and they are provided for encrypting, key Generation and negotiation and the framework and realization of Message Authentication Code (MAC) algorithm.It provide to it is symmetrical, The encryption of asymmetric, block and stream cipher supports that it also supports the object of secure flows and sealing.
JCE is a kind of extension of JCA (Java Cryptography architecture) framework in fact, and it is simply connected Using the group interface that program is realized with actual algorithm, various algorithms are not performed.Its design principle and JCA is to come down in a continuous line , it is in particular in following two aspects:
(1) independence realized:Refer to application program to ask to pacify from Java platform by JCE application programming interfaces API Full service, but oneself is without realizing any security service algorithm, and by the Cryptographic Service Provider of bottom (cryptographic service provider, CSP) is provided.CSP refers to being used to realize one or more password clothes One bag of business or one group of bag, such as encryption and decryption service.JCE frameworks allow simultaneously multiple CSP be present, no matter and they provide Security service it is whether identical, they can accomplish independently of each other.The independence of this realization not only ensure that application program As long as the JCE application programming interfaces API for passing through standard, so that it may access the different CSP of bottom, and be also convenient for the pipe to CSP Reason, having faster or very easily CSP can be updated or upgraded during safer version.
(2) independence and scalability of algorithm:This is come by defining safety " engine " (engine, also referred to as service) class Realize, an engine class is the abstract of a kind of security service in fact, if cipher classes are exactly that encryption and decryption service is abstracted.Often Individual engine class has a corresponding Service Provider Interface (service provier interface, SPI), and they are all Abstract class, illustrate CSP and the method realized needed for certain class security service is provided.Therefore, if wishing, CSP provides certain class safety clothes It is engaged in (such as encryption and decryption service), only needs the corresponding SPI classes (such as CipherSpi) of SubClassing, and according to certain cryptographic algorithm (such as AES the correlation technique of the subclass) is realized.And certain class security service is accessed in java applet, then it must call first The factory method of corresponding engine class realizes example to obtain the one of such security service.
2.JNI technologies:JNI is Java Native Interface abbreviation, and Chinese locally calls for JAVA.From Java1.1 starts, and Java Native Interface (JNI) standard turns into a part for java platforms, and it allows Java code The code write with other language interacts.JNI is designed for local compiled language, especially C and C++ at the beginning , but it and use other language without prejudice to you, as long as the supported can of calling convention.It is substantially one group of offer Encrypt framework and realization, the key generation and Java bags of negotiation and message authentication code (MAC) algorithm.
3. encrypted card:Be some softwares for the increased hardware device that prevents from being cracked, include the number needed for running software According to.Conventional encrypted card has TF card, SD card, logic encryption card, embedded encrypted card or interior card for having encryption chip etc., For carrying out encryption and decryption to data.Its storage inside has a variety of cryptographic algorithms, for example, symmetric cryptographic algorithm, asymmetric cryptography are calculated Method, hash algorithm etc..
Wherein, symmetric cryptographic algorithm typically has DES (Data Encryption Standard), 3DES (Triple DES), AES (Advanced Encryption Standard), national secret algorithm SM4 etc..
Asymmetric cryptographic algorithm typically has RSA, DSA (Digital Signature Algorithm), ESS (Elliptic Curves Cryptography), national secret algorithm SM2 etc..
Hash algorithm typically has MD5 (Message Digest Algorithm 5), SHA (Secure Hash Algorithm), national secret algorithm SM3 etc..
4.TF cards:Micro SD Card, original name Trans-flash Card (TF card), it is a kind of superfine small flash memory Reservoir card, this card mainly uses in mobile phone, but because it possesses the advantages of volume is minimum, with the capacity constantly lifted, it is slow Slowly start from using in GPS device, portable music player and some flash memory disks.It can plug into from adapter Used in SD card slot.
5.PKCS#11:PKCS#11 is referred to as Cryptoki, defines a set of programmatic interface independently of technology, encryption Card safety applications need the interface realized.
First embodiment
Fig. 2 is refer to, Fig. 2 is a kind of stream of the cryptographic algorithm call method based on encrypted card provided in an embodiment of the present invention Cheng Tu, methods described specifically comprise the following steps:
Step S110:Obtain and instruct in response to cryptographic algorithm, call JCE interfaces.
Terminal device is when the cryptographic algorithm in needing acquisition encrypted card to carry out encryption and decryption to data, due in encrypted card Cryptographic algorithm calling interface be packaged into JCE interfaces in advance, so, if desired call encrypted card in cryptographic algorithm, Then need to call JCE interfaces, so as to obtain cryptographic algorithm.
Step S120:Receive described in cryptographic algorithm calling interface acquisition of the JCE interfaces from its encrypted card encapsulated Cryptographic algorithm.
JCE interfaces get terminal device will from this calling cryptographic algorithm when, then the JCE interfaces then from its encapsulation plus The cryptographic algorithm calling interface of close card obtains the cryptographic algorithm.
The cryptographic algorithm calling interface in encrypted card is packaged into JCE interfaces in advance first, the design according to above-mentioned JCE Principle, it is exactly that the standard that is provided in accordance with JCE connects that the security service of encrypted card is supplied into the best way of java application The existing new CSP of cause for gossip, and the security service that the CSP is provided all is completed by encrypted card, and so, java applet is not only The security service provided by encrypted card can be easily provided, and because these security service interfaces are all in JCE frameworks Standard interface, it is ensured that the reusability and portability of program.
So calling the cryptographic algorithm in encrypted card for convenience, the cryptographic algorithm calling interface in encrypted card can be entered Row is packaged into JCE interfaces, and the cryptographic algorithm in encrypted card then can be directly directly invoked by JCE interfaces.It will add first The cryptographic algorithm calling interface encapsulation stored in close card is packaged into supplier, i.e., above-mentioned CSP, then with C language or C Plus Plus A completely CSP based on encrypted card is realized, then the CSP is packaged with Java language by JNI technologies again, so as to A CSP for observing JCE standard interfaces completely is obtained, then JNI technologies can be utilized to receive the JCE interfaces and added from what it was encapsulated The cryptographic algorithm that the cryptographic algorithm calling interface of close card obtains.
In addition, when needing to increase new algorithm into encrypted card, it is only necessary to new algorithm is added in supplier, from And improve the autgmentability of cryptographic algorithm calling interface.
Carried wherein it is possible to be packaged into the cryptographic algorithm calling interface stored in encrypted card encapsulation using default mapping mode Donor, it is possible to understand that, each interface defined in JCE interface specifications is distinguished into correspondence mappings to bottom cryptographic algorithms' implementation Application programming interface API in encrypted card, so as to work as application program, i.e., terminal device is by encrypting frame J CE standards Program interface call encrypted card in cryptographic algorithm when, can directly invoke on the corresponding encrypted card realized of cryptographic algorithm should With Program Interfaces API, the data for needing encryption and decryption are subjected to encryption and decryption computing and processing by cryptographic algorithm in lower floor.
Wherein, in order to realize the convenience of data encrypting and deciphering, the cryptographic algorithm is including asymmetric cryptographic algorithm and symmetrically Cryptographic algorithm.
In the present embodiment, to realize for convenience and encryption and decryption is carried out to the data in terminal device, the encrypted card is TF card, The TF card is mountable on mobile terminal, and asymmetric cryptographic algorithm and symmetric cryptographic algorithm are stored with the TF card, can be by upper State method and the asymmetric cryptographic algorithm in the TF card and the calling interface of symmetric cryptographic algorithm are packaged into JCE interfaces, from And cause terminal device application only to call the JCE interfaces of encapsulation to call the cryptographic algorithm in bottom encrypted card, reduce Terminal device calls the workload of cryptographic algorithm in encrypted card.
It should be noted that the above-mentioned cryptographic algorithm calling interface by encrypted card is packaged into the process of JCE interfaces, also may be used To be not understood as cryptographic algorithm calling interface being packaged into PKCS#11 interfaces, so as to complete PKCS#11 dynamic call databases Encapsulation, can obtain cryptographic algorithm from the dynamic call storehouse.
First embodiment of the invention provides a kind of cryptographic algorithm call method based on encrypted card, by being calculated in response to password Method obtains instruction, to call JCE interfaces, then receives the JCE interfaces and is obtained from the cryptographic algorithm calling interface of its encrypted card encapsulated The cryptographic algorithm taken, the cryptographic algorithm includes asymmetric cryptographic algorithm and symmetric cryptographic algorithm, so that terminal device The cryptographic algorithm in bottom encrypted card can be called using the JCE interfaces that need to only call encapsulation, reduces terminal device calling The workload of cryptographic algorithm in encrypted card.
Second embodiment
Fig. 3 is refer to, Fig. 3 is a kind of stream of the cryptographic algorithm call method based on encrypted card provided in an embodiment of the present invention Cheng Tu, methods described specifically comprise the following steps:
Step S210:The cryptographic algorithm calling interface stored in encrypted card is packaged into JCE interfaces.
The specific implementation of the step can refer to being specifically described for step S120 in first embodiment, for the letter of description It is clean, no longer excessively repeat herein.
Step S220:Obtain and instruct in response to cryptographic algorithm, call JCE interfaces.
Step S230:Receive described in cryptographic algorithm calling interface acquisition of the JCE interfaces from its encrypted card encapsulated Cryptographic algorithm.
Second embodiment of the invention provides a kind of cryptographic algorithm call method based on encrypted card, will be deposited first in encrypted card The cryptographic algorithm calling interface of storage is packaged into JCE interfaces, obtains and instructs then in response to cryptographic algorithm, to call JCE interfaces, then Receive the JCE interfaces and obtain the cryptographic algorithm, the cryptographic algorithm bag from the cryptographic algorithm calling interface of its encrypted card encapsulated Asymmetric cryptographic algorithm and symmetric cryptographic algorithm are included, so that terminal device application need to only call the JCE interfaces of encapsulation The asymmetric cryptographic algorithm and symmetric cryptographic algorithm in bottom encrypted card are called, is reduced non-in terminal device calling encrypted card The workload of symmetric cryptographic algorithm and symmetric cryptographic algorithm.
3rd embodiment
Fig. 4 is refer to, Fig. 4 is a kind of cryptographic algorithm calling device 200 based on encrypted card provided in an embodiment of the present invention Structured flowchart, described device includes:Respond module 210 and algorithm acquisition module 220.
Respond module 210, instructed for being obtained in response to cryptographic algorithm, call JCE interfaces.
Algorithm acquisition module 220, for receiving cryptographic algorithm calling interface of the JCE interfaces from its encrypted card encapsulated The cryptographic algorithm obtained, wherein, the cryptographic algorithm includes asymmetric cryptographic algorithm and symmetric cryptographic algorithm.
Fourth embodiment
Fig. 5 is refer to, Fig. 5 is a kind of cryptographic algorithm calling device 300 based on encrypted card provided in an embodiment of the present invention Structured flowchart, described device includes:Package module 310, respond module 320 and algorithm acquisition module 330.
Package module 310, for the cryptographic algorithm stored in encrypted card calling interface to be packaged into JCE interfaces.
Respond module 320, instructed for being obtained in response to cryptographic algorithm, call JCE interfaces.
Algorithm acquisition module 330, for receiving cryptographic algorithm calling interface of the JCE interfaces from its encrypted card encapsulated The cryptographic algorithm obtained, wherein, the cryptographic algorithm includes asymmetric cryptographic algorithm and symmetric cryptographic algorithm.
Wherein, the package module 310 includes:Packing submodule, for the cryptographic algorithm stored in encrypted card to be called Interface encapsulation is packaged into supplier, to realize JCE interface encapsulations.
The algorithm acquisition module 330, specifically for the encryption encapsulated using the JNI technologies reception JCE interfaces from it The cryptographic algorithm that the cryptographic algorithm calling interface of card obtains.
As a kind of mode, the encrypted card is TF card.
It is apparent to those skilled in the art that for convenience and simplicity of description, the device of foregoing description Specific work process, may be referred to the corresponding process in preceding method, no longer excessively repeat herein.
In summary, the embodiment of the present invention provides a kind of cryptographic algorithm call method and device based on encrypted card, passes through Obtain and instruct in response to cryptographic algorithm, to call JCE interfaces, then receive the JCE interfaces and calculated from the password of its encrypted card encapsulated The cryptographic algorithm that method calling interface obtains, the cryptographic algorithm include asymmetric cryptographic algorithm and symmetric cryptographic algorithm, so as to So that terminal device application need to only call the JCE interfaces of encapsulation to call the cryptographic algorithm in bottom encrypted card, reduce Terminal device calls the workload of cryptographic algorithm in encrypted card.
In several embodiments provided herein, it should be understood that disclosed apparatus and method, can also pass through Other modes are realized.Device embodiment described above is only schematical, for example, flow chart and block diagram in accompanying drawing Show the device of multiple embodiments according to the present invention, method and computer program product architectural framework in the cards, Function and operation.At this point, each square frame in flow chart or block diagram can represent the one of a module, program segment or code Part, a part for the module, program segment or code include one or more and are used to realize holding for defined logic function Row instruction.It should also be noted that at some as in the implementation replaced, the function that is marked in square frame can also with different from The order marked in accompanying drawing occurs.For example, two continuous square frames can essentially perform substantially in parallel, they are sometimes It can perform in the opposite order, this is depending on involved function.It is it is also noted that every in block diagram and/or flow chart The combination of individual square frame and block diagram and/or the square frame in flow chart, function or the special base of action as defined in performing can be used Realize, or can be realized with the combination of specialized hardware and computer instruction in the system of hardware.
In addition, each functional module in each embodiment of the present invention can integrate to form an independent portion Point or modules individualism, can also two or more modules be integrated to form an independent part.
If the function is realized in the form of software function module and is used as independent production marketing or in use, can be with It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words The part to be contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter Calculation machine software product is stored in a storage medium, including some instructions are causing a computer equipment (can be People's computer, server, or network equipment etc.) perform all or part of step of each embodiment methods described of the present invention. And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies Change, equivalent substitution, improvement etc., should be included in the scope of the protection.It should be noted that:Similar label and letter exists Similar terms is represented in following accompanying drawing, therefore, once being defined in a certain Xiang Yi accompanying drawing, is then not required in subsequent accompanying drawing It is further defined and explained.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained Cover within protection scope of the present invention.Therefore, protection scope of the present invention described should be defined by scope of the claims.
It should be noted that herein, such as first and second or the like relational terms are used merely to a reality Body or operation make a distinction with another entity or operation, and not necessarily require or imply and deposited between these entities or operation In any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant are intended to Nonexcludability includes, so that process, method, article or equipment including a series of elements not only will including those Element, but also the other element including being not expressly set out, or it is this process, method, article or equipment also to include Intrinsic key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that Other identical element also be present in process, method, article or equipment including the key element.

Claims (10)

1. a kind of cryptographic algorithm call method based on encrypted card, it is characterised in that methods described includes:
Obtain and instruct in response to cryptographic algorithm, call JCE interfaces;
The cryptographic algorithm that the JCE interfaces obtain from the cryptographic algorithm calling interface of its encrypted card encapsulated is received, wherein, The cryptographic algorithm includes asymmetric cryptographic algorithm and symmetric cryptographic algorithm.
2. according to the method for claim 1, it is characterised in that described obtained in response to cryptographic algorithm instructs, and calls JCE to connect Before the step of mouth, in addition to:
The cryptographic algorithm calling interface stored in encrypted card is packaged into JCE interfaces.
3. according to the method for claim 2, it is characterised in that encapsulate the cryptographic algorithm calling interface stored in encrypted card Into JCE interfaces, including:
The cryptographic algorithm calling interface stored in encrypted card encapsulation is packaged into supplier, to realize JCE interface encapsulations.
4. according to the method for claim 1, it is characterised in that receive the JCE interfaces from the close of its encrypted card encapsulated The cryptographic algorithm that code algorithm calling interface obtains, including:
The JCE interfaces are received from the described close of the cryptographic algorithm calling interface acquisition of its encrypted card encapsulated using JNI technologies Code algorithm.
5. according to any described methods of claim 1-4, it is characterised in that the encrypted card is TF card.
6. a kind of cryptographic algorithm calling device based on encrypted card, it is characterised in that described device includes:
Respond module, instructed for being obtained in response to cryptographic algorithm, call JCE interfaces;
Algorithm acquisition module, for receiving the JCE interfaces from the cryptographic algorithm calling interface acquisition of its encrypted card encapsulated The cryptographic algorithm, wherein, the cryptographic algorithm includes asymmetric cryptographic algorithm and symmetric cryptographic algorithm.
7. device according to claim 6, it is characterised in that described device also includes:
Package module, for the cryptographic algorithm stored in encrypted card calling interface to be packaged into JCE interfaces.
8. device according to claim 7, it is characterised in that the package module includes:
Packing submodule, for the encapsulation of the cryptographic algorithm stored in encrypted card calling interface to be packaged into supplier, to realize JCE Interface encapsulation.
9. device according to claim 6, it is characterised in that the algorithm acquisition module, specifically for utilizing JNI technologies Receive the cryptographic algorithm that the JCE interfaces obtain from the cryptographic algorithm calling interface of its encrypted card encapsulated.
10. according to any described devices of claim 6-9, it is characterised in that the encrypted card is TF card.
CN201710620839.9A 2017-07-26 2017-07-26 Cryptographic algorithm call method and device based on encrypted card Pending CN107368746A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710620839.9A CN107368746A (en) 2017-07-26 2017-07-26 Cryptographic algorithm call method and device based on encrypted card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710620839.9A CN107368746A (en) 2017-07-26 2017-07-26 Cryptographic algorithm call method and device based on encrypted card

Publications (1)

Publication Number Publication Date
CN107368746A true CN107368746A (en) 2017-11-21

Family

ID=60308535

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710620839.9A Pending CN107368746A (en) 2017-07-26 2017-07-26 Cryptographic algorithm call method and device based on encrypted card

Country Status (1)

Country Link
CN (1) CN107368746A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011015003A (en) * 2009-06-30 2011-01-20 Dainippon Printing Co Ltd Password card
CN103914642A (en) * 2014-04-15 2014-07-09 浪潮电子信息产业股份有限公司 USB (universal serial bus) KEY-based security suite structure system
CN104601820A (en) * 2015-01-29 2015-05-06 成都三零瑞通移动通信有限公司 Mobile terminal information protection method based on TF password card
CN106452771A (en) * 2016-10-10 2017-02-22 山东渔翁信息技术股份有限公司 Method and device for calling cipher card by JCE (Java Cryptography Extension) to implement internal RSA secret key operation

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011015003A (en) * 2009-06-30 2011-01-20 Dainippon Printing Co Ltd Password card
CN103914642A (en) * 2014-04-15 2014-07-09 浪潮电子信息产业股份有限公司 USB (universal serial bus) KEY-based security suite structure system
CN104601820A (en) * 2015-01-29 2015-05-06 成都三零瑞通移动通信有限公司 Mobile terminal information protection method based on TF password card
CN106452771A (en) * 2016-10-10 2017-02-22 山东渔翁信息技术股份有限公司 Method and device for calling cipher card by JCE (Java Cryptography Extension) to implement internal RSA secret key operation

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
汪永好: "基于加密卡的JCE的研究与实现", 《计算机工程与设计》 *

Similar Documents

Publication Publication Date Title
US10880097B2 (en) Flexible provisioning of attestation keys in secure enclaves
US20220021540A1 (en) Key protection for computing platform
US20190172047A1 (en) System on chip and processing device
CN105391840B (en) Automatically create destination application
TWI537765B (en) On-board applet migration
TWI793215B (en) Data encryption and decryption method and device
CN108429719B (en) Key protection method and device
CN111683103B (en) Information interaction method and device
CN108282467B (en) Application method and system of digital certificate
RU2740298C2 (en) Protection of usage of key store content
CN103902915B (en) Trustable industrial control terminal and establishing method thereof
CN106452771B (en) JCE calls the method and device of the built-in RSA key operation of cipher card realization
CN109862560A (en) A kind of bluetooth authentication method, apparatus, equipment and medium
CN111274611A (en) Data desensitization method, device and computer readable storage medium
CN109347629A (en) Key transmission method and system based on shared security application, storage medium, equipment
CN107196907A (en) A kind of guard method of Android SO files and device
CN105324779B (en) The host of storage device safe to use restores
CN110366183A (en) Short message safety protecting method and device
CN109460639A (en) A kind of license authentication control method, device, terminal and storage medium
CN109560933B (en) Authentication method and system based on digital certificate, storage medium and electronic equipment
CN104394179A (en) Secure socket layer protocol extension method supporting domestic cipher algorithm
JP2016519544A (en) Self-authentication device and self-authentication method
CN110069241A (en) Acquisition methods, device, client device and the server of pseudo random number
WO2023133862A1 (en) Data processing method and system
Zhang et al. Trusttokenf: A generic security framework for mobile two-factor authentication using trustzone

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20171121

RJ01 Rejection of invention patent application after publication