CN107368746A - Cryptographic algorithm call method and device based on encrypted card - Google Patents
Cryptographic algorithm call method and device based on encrypted card Download PDFInfo
- Publication number
- CN107368746A CN107368746A CN201710620839.9A CN201710620839A CN107368746A CN 107368746 A CN107368746 A CN 107368746A CN 201710620839 A CN201710620839 A CN 201710620839A CN 107368746 A CN107368746 A CN 107368746A
- Authority
- CN
- China
- Prior art keywords
- cryptographic algorithm
- jce
- encrypted card
- interfaces
- algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Telephone Function (AREA)
Abstract
The embodiments of the invention provide a kind of cryptographic algorithm call method and device based on encrypted card, belong to data processing field.This method includes:Obtain and instruct in response to cryptographic algorithm, call JCE interfaces;The cryptographic algorithm that the JCE interfaces obtain from the cryptographic algorithm calling interface of its encrypted card encapsulated is received, wherein, the cryptographic algorithm includes asymmetric cryptographic algorithm and symmetric cryptographic algorithm.This method causes terminal device application only to call the JCE interfaces of encapsulation to call the cryptographic algorithm in bottom encrypted card, reduces the workload that terminal device calls cryptographic algorithm in encrypted card.
Description
Technical field
The present invention relates to data processing field, in particular to a kind of cryptographic algorithm call method based on encrypted card
And device.
Background technology
Java is a kind of object oriented program language that can write cross-platform software, be by
The java applet design language and the assembly of Java platform that SunMicrosystems companies release May nineteen ninety-five.Java technology
Versatility, high efficiency, platform transplantation and security with brilliance, it is widely used in personal PC, data center, game control
Platform, science supercomputer, mobile phone and internet.Under the industrial environment of global cloud computing and mobile Internet, Java
More for significant advantage and bright prospects.
Java platform defines one group of API, across main security field, including password, PKIX, certification, peace
Full communication and access control.These API enable developer to be easily integrated into the security of their application code,
Independence mainly around implementation, the scalability expansion for realizing interoperability and algorithm.
With flourishing for mobile Internet, the application on various mobile phones emerges in an endless stream, the requirement to mobile security
More and more higher, safety storage are mainly protected to the data in mobile terminal, are the key components of mobile security.
And as safety encrypts the security deficiency of soft algorithm, hard algorithm for encryption is progressively presented, in some of encrypted cards
The application of cryptographic algorithm obtained extensive research.The solution of cryptographic algorithm in existing encrypted card is to pass through upper strata
The cryptographic algorithm in the encrypted card of bottom is called using JNI technologies using (java codes), it is meant that the interface in encrypted card is all
Will be directly called in upper layer application;But when algorithm or excessive interface, due to lacking unified interface specification, it will increase
The workload that upper strata is called, and interface is excessively not easy to manage.
The content of the invention
In view of this, the purpose of the embodiment of the present invention be to provide a kind of cryptographic algorithm call method based on encrypted card and
Device, to improve above mentioned problem.
In a first aspect, the embodiments of the invention provide a kind of cryptographic algorithm call method based on encrypted card, methods described
Including:Obtain and instruct in response to cryptographic algorithm, call JCE interfaces;Receive password of the JCE interfaces from its encrypted card encapsulated
The cryptographic algorithm that algorithm calling interface obtains, wherein, the cryptographic algorithm includes asymmetric cryptographic algorithm and symmetric cryptography
Algorithm.
Further, it is described in response to cryptographic algorithm obtain instruct, call JCE interfaces the step of before, in addition to:It will add
The cryptographic algorithm calling interface stored in close card is packaged into JCE interfaces.
Further, the cryptographic algorithm calling interface stored in encrypted card is packaged into JCE interfaces, including:By encrypted card
The cryptographic algorithm calling interface encapsulation of middle storage is packaged into supplier, to realize JCE interface encapsulations.
Further, receive described in cryptographic algorithm calling interface acquisition of the JCE interfaces from its encrypted card encapsulated
Cryptographic algorithm, including:The JCE interfaces are received using JNI technologies to obtain from the cryptographic algorithm calling interface of its encrypted card encapsulated
The cryptographic algorithm taken.
Further, the encrypted card is TF card.
Second aspect, the embodiments of the invention provide a kind of cryptographic algorithm calling device based on encrypted card, described device
Including:Respond module, instructed for being obtained in response to cryptographic algorithm, call JCE interfaces;Algorithm acquisition module, for receiving
The cryptographic algorithm that JCE interfaces obtain from the cryptographic algorithm calling interface of its encrypted card encapsulated is stated, wherein, the password is calculated
Method includes asymmetric cryptographic algorithm and symmetric cryptographic algorithm.
Further, described device also includes:Package module, for the cryptographic algorithm calling interface that will be stored in encrypted card
It is packaged into JCE interfaces.
Further, the package module includes:Packing submodule, for the cryptographic algorithm stored in encrypted card to be called
Interface encapsulation is packaged into supplier, to realize JCE interface encapsulations.
Further, the algorithm acquisition module, encapsulated specifically for receiving the JCE interfaces using JNI technologies from it
Encrypted card cryptographic algorithm calling interface obtain the cryptographic algorithm.
Further, the encrypted card is TF card.
The beneficial effect of the embodiment of the present invention is:
The embodiment of the present invention provides a kind of cryptographic algorithm call method and device based on encrypted card, by response to password
Algorithm obtains instruction, to call JCE interfaces, then receives cryptographic algorithm calling interface of the JCE interfaces from its encrypted card encapsulated
The cryptographic algorithm obtained, the cryptographic algorithm includes asymmetric cryptographic algorithm and symmetric cryptographic algorithm, so that terminal is set
Standby application need to only call the JCE interfaces of encapsulation to call the cryptographic algorithm in bottom encrypted card, reduce terminal device tune
With the workload of cryptographic algorithm in encrypted card.
Other features and advantages of the present invention will illustrate in subsequent specification, also, partly become from specification
It is clear that or by implementing understanding of the embodiment of the present invention.The purpose of the present invention and other advantages can be by saying what is write
Specifically noted structure is realized and obtained in bright book, claims and accompanying drawing.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below by embodiment it is required use it is attached
Figure is briefly described, it will be appreciated that the following drawings illustrate only certain embodiments of the present invention, therefore be not construed as pair
The restriction of scope, for those of ordinary skill in the art, on the premise of not paying creative work, can also be according to this
A little accompanying drawings obtain other related accompanying drawings.
Fig. 1 shows a kind of structured flowchart for the electronic equipment that can be applied in the embodiment of the present application;
Fig. 2 is a kind of flow chart of the cryptographic algorithm call method based on encrypted card provided in an embodiment of the present invention;
Fig. 3 is a kind of flow chart of the cryptographic algorithm call method based on encrypted card provided in an embodiment of the present invention;
Fig. 4 is a kind of structured flowchart of the cryptographic algorithm calling device based on encrypted card provided in an embodiment of the present invention;
Fig. 5 is a kind of structured flowchart of the cryptographic algorithm calling device based on encrypted card provided in an embodiment of the present invention.
Embodiment
Below in conjunction with accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Ground describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.Generally exist
The component of the embodiment of the present invention described and illustrated in accompanying drawing can be configured to arrange and design with a variety of herein.Cause
This, the detailed description of the embodiments of the invention to providing in the accompanying drawings is not intended to limit claimed invention below
Scope, but it is merely representative of the selected embodiment of the present invention.Based on embodiments of the invention, those skilled in the art are not doing
The every other embodiment obtained on the premise of going out creative work, belongs to the scope of protection of the invention.
It should be noted that:Similar label and letter represents similar terms in following accompanying drawing, therefore, once a certain Xiang Yi
It is defined, then it further need not be defined and explained in subsequent accompanying drawing in individual accompanying drawing.Meanwhile the present invention's
In description, term " first ", " second " etc. are only used for distinguishing description, and it is not intended that instruction or hint relative importance.
Fig. 1 is refer to, Fig. 1 shows a kind of structured flowchart for the electronic equipment 100 that can be applied in the embodiment of the present application.
Electronic equipment 100 can be the terminal device described in the embodiment of the present invention, including cryptographic algorithm based on encrypted card calls dress
Put, memory 101, storage control 102, processor 103, Peripheral Interface 104, input-output unit 105, audio unit 106,
Display unit 107.
The memory 101, storage control 102, processor 103, Peripheral Interface 104, input-output unit 105, sound
Frequency unit 106,107 each element of display unit are directly or indirectly electrically connected between each other, to realize the transmission of data or friendship
Mutually.It is electrically connected with for example, these elements can be realized by one or more communication bus or signal wire between each other.It is described to be based on
The cryptographic algorithm calling device of encrypted card include it is at least one can be stored in the form of software or firmware (firmware) it is described
In memory 101 or it is solidificated in the operating system (operating of the cryptographic algorithm calling device based on encrypted card
System, OS) in software function module.The processor 103 is used to perform the executable module stored in memory 101,
Such as the software function module or computer program that the cryptographic algorithm calling device based on encrypted card includes.
Wherein, memory 101 may be, but not limited to, random access memory (Random Access Memory,
RAM), read-only storage (Read Only Memory, ROM), programmable read only memory (Programmable Read-Only
Memory, PROM), erasable read-only memory (Erasable Programmable Read-Only Memory, EPROM),
Electricallyerasable ROM (EEROM) (Electric Erasable Programmable Read-Only Memory, EEPROM) etc..
Wherein, memory 101 is used for storage program, and the processor 103 performs described program after execute instruction is received, foregoing
The method performed by server that the stream process that any embodiment of the embodiment of the present invention discloses defines can apply to processor 103
In, or realized by processor 103.
Processor 103 can be a kind of IC chip, have the disposal ability of signal.Above-mentioned processor 103 can
To be general processor, including central processing unit (Central Processing Unit, abbreviation CPU), network processing unit
(Network Processor, abbreviation NP) etc.;Can also be digital signal processor (DSP), application specific integrated circuit (ASIC),
Ready-made programmable gate array (FPGA) either other PLDs, discrete gate or transistor logic, discrete hard
Part component.It can realize or perform disclosed each method, step and the logic diagram in the embodiment of the present invention.General processor
Can be microprocessor or the processor 103 can also be any conventional processor etc..
Various input/output devices are coupled to processor 103 and memory 101 by the Peripheral Interface 104.At some
In embodiment, Peripheral Interface 104, processor 103 and storage control 102 can be realized in one single chip.Other one
In a little examples, they can be realized by independent chip respectively.
Input-output unit 105 is used to be supplied to user input data to realize user and the server (or local terminal)
Interaction.The input-output unit 105 may be, but not limited to, mouse and keyboard etc..
Audio unit 106 provides a user COBBAIF, and it may include one or more microphones, one or more raises
Sound device and voicefrequency circuit.
Display unit 107 provided between the electronic equipment 100 and user an interactive interface (such as user operate boundary
Face) or for display image data give user reference.In the present embodiment, the display unit 107 can be liquid crystal display
Or touch control display.If touch control display, it can be the capacitance type touch control screen or resistance for supporting single-point and multi-point touch operation
Formula touch screen etc..Single-point and multi-point touch operation is supported to refer to that touch control display can sense on the touch control display one
Or multiple opening positions are with caused touch control operation, and the touch control operation that this is sensed transfer to processor 103 calculate and
Processing.
Various input/output devices are coupled to processor 103 and memory 101 by the Peripheral Interface 104.At some
In embodiment, Peripheral Interface 104, processor 103 and storage control 102 can be realized in one single chip.Other one
In a little examples, they can be realized by independent chip respectively.
Input-output unit 105 is used to be supplied to user input data to realize interacting for user and processing terminal.It is described defeated
Enter output unit 105 may be, but not limited to, mouse and keyboard etc..
It is appreciated that the structure shown in Fig. 1 is only to illustrate, the electronic equipment 100 may also include more more than shown in Fig. 1
Either less component or there is the configuration different from shown in Fig. 1.Each component shown in Fig. 1 can use hardware, software
Or its combination is realized.
The noun mentioned in the embodiment of the present invention is introduced below.
1.JCE:Java Cryptography Extension (JCE) are one group of bags, and they are provided for encrypting, key
Generation and negotiation and the framework and realization of Message Authentication Code (MAC) algorithm.It provide to it is symmetrical,
The encryption of asymmetric, block and stream cipher supports that it also supports the object of secure flows and sealing.
JCE is a kind of extension of JCA (Java Cryptography architecture) framework in fact, and it is simply connected
Using the group interface that program is realized with actual algorithm, various algorithms are not performed.Its design principle and JCA is to come down in a continuous line
, it is in particular in following two aspects:
(1) independence realized:Refer to application program to ask to pacify from Java platform by JCE application programming interfaces API
Full service, but oneself is without realizing any security service algorithm, and by the Cryptographic Service Provider of bottom
(cryptographic service provider, CSP) is provided.CSP refers to being used to realize one or more password clothes
One bag of business or one group of bag, such as encryption and decryption service.JCE frameworks allow simultaneously multiple CSP be present, no matter and they provide
Security service it is whether identical, they can accomplish independently of each other.The independence of this realization not only ensure that application program
As long as the JCE application programming interfaces API for passing through standard, so that it may access the different CSP of bottom, and be also convenient for the pipe to CSP
Reason, having faster or very easily CSP can be updated or upgraded during safer version.
(2) independence and scalability of algorithm:This is come by defining safety " engine " (engine, also referred to as service) class
Realize, an engine class is the abstract of a kind of security service in fact, if cipher classes are exactly that encryption and decryption service is abstracted.Often
Individual engine class has a corresponding Service Provider Interface (service provier interface, SPI), and they are all
Abstract class, illustrate CSP and the method realized needed for certain class security service is provided.Therefore, if wishing, CSP provides certain class safety clothes
It is engaged in (such as encryption and decryption service), only needs the corresponding SPI classes (such as CipherSpi) of SubClassing, and according to certain cryptographic algorithm (such as
AES the correlation technique of the subclass) is realized.And certain class security service is accessed in java applet, then it must call first
The factory method of corresponding engine class realizes example to obtain the one of such security service.
2.JNI technologies:JNI is Java Native Interface abbreviation, and Chinese locally calls for JAVA.From
Java1.1 starts, and Java Native Interface (JNI) standard turns into a part for java platforms, and it allows Java code
The code write with other language interacts.JNI is designed for local compiled language, especially C and C++ at the beginning
, but it and use other language without prejudice to you, as long as the supported can of calling convention.It is substantially one group of offer
Encrypt framework and realization, the key generation and Java bags of negotiation and message authentication code (MAC) algorithm.
3. encrypted card:Be some softwares for the increased hardware device that prevents from being cracked, include the number needed for running software
According to.Conventional encrypted card has TF card, SD card, logic encryption card, embedded encrypted card or interior card for having encryption chip etc.,
For carrying out encryption and decryption to data.Its storage inside has a variety of cryptographic algorithms, for example, symmetric cryptographic algorithm, asymmetric cryptography are calculated
Method, hash algorithm etc..
Wherein, symmetric cryptographic algorithm typically has DES (Data Encryption Standard), 3DES (Triple
DES), AES (Advanced Encryption Standard), national secret algorithm SM4 etc..
Asymmetric cryptographic algorithm typically has RSA, DSA (Digital Signature Algorithm), ESS (Elliptic
Curves Cryptography), national secret algorithm SM2 etc..
Hash algorithm typically has MD5 (Message Digest Algorithm 5), SHA (Secure Hash
Algorithm), national secret algorithm SM3 etc..
4.TF cards:Micro SD Card, original name Trans-flash Card (TF card), it is a kind of superfine small flash memory
Reservoir card, this card mainly uses in mobile phone, but because it possesses the advantages of volume is minimum, with the capacity constantly lifted, it is slow
Slowly start from using in GPS device, portable music player and some flash memory disks.It can plug into from adapter
Used in SD card slot.
5.PKCS#11:PKCS#11 is referred to as Cryptoki, defines a set of programmatic interface independently of technology, encryption
Card safety applications need the interface realized.
First embodiment
Fig. 2 is refer to, Fig. 2 is a kind of stream of the cryptographic algorithm call method based on encrypted card provided in an embodiment of the present invention
Cheng Tu, methods described specifically comprise the following steps:
Step S110:Obtain and instruct in response to cryptographic algorithm, call JCE interfaces.
Terminal device is when the cryptographic algorithm in needing acquisition encrypted card to carry out encryption and decryption to data, due in encrypted card
Cryptographic algorithm calling interface be packaged into JCE interfaces in advance, so, if desired call encrypted card in cryptographic algorithm,
Then need to call JCE interfaces, so as to obtain cryptographic algorithm.
Step S120:Receive described in cryptographic algorithm calling interface acquisition of the JCE interfaces from its encrypted card encapsulated
Cryptographic algorithm.
JCE interfaces get terminal device will from this calling cryptographic algorithm when, then the JCE interfaces then from its encapsulation plus
The cryptographic algorithm calling interface of close card obtains the cryptographic algorithm.
The cryptographic algorithm calling interface in encrypted card is packaged into JCE interfaces in advance first, the design according to above-mentioned JCE
Principle, it is exactly that the standard that is provided in accordance with JCE connects that the security service of encrypted card is supplied into the best way of java application
The existing new CSP of cause for gossip, and the security service that the CSP is provided all is completed by encrypted card, and so, java applet is not only
The security service provided by encrypted card can be easily provided, and because these security service interfaces are all in JCE frameworks
Standard interface, it is ensured that the reusability and portability of program.
So calling the cryptographic algorithm in encrypted card for convenience, the cryptographic algorithm calling interface in encrypted card can be entered
Row is packaged into JCE interfaces, and the cryptographic algorithm in encrypted card then can be directly directly invoked by JCE interfaces.It will add first
The cryptographic algorithm calling interface encapsulation stored in close card is packaged into supplier, i.e., above-mentioned CSP, then with C language or C Plus Plus
A completely CSP based on encrypted card is realized, then the CSP is packaged with Java language by JNI technologies again, so as to
A CSP for observing JCE standard interfaces completely is obtained, then JNI technologies can be utilized to receive the JCE interfaces and added from what it was encapsulated
The cryptographic algorithm that the cryptographic algorithm calling interface of close card obtains.
In addition, when needing to increase new algorithm into encrypted card, it is only necessary to new algorithm is added in supplier, from
And improve the autgmentability of cryptographic algorithm calling interface.
Carried wherein it is possible to be packaged into the cryptographic algorithm calling interface stored in encrypted card encapsulation using default mapping mode
Donor, it is possible to understand that, each interface defined in JCE interface specifications is distinguished into correspondence mappings to bottom cryptographic algorithms' implementation
Application programming interface API in encrypted card, so as to work as application program, i.e., terminal device is by encrypting frame J CE standards
Program interface call encrypted card in cryptographic algorithm when, can directly invoke on the corresponding encrypted card realized of cryptographic algorithm should
With Program Interfaces API, the data for needing encryption and decryption are subjected to encryption and decryption computing and processing by cryptographic algorithm in lower floor.
Wherein, in order to realize the convenience of data encrypting and deciphering, the cryptographic algorithm is including asymmetric cryptographic algorithm and symmetrically
Cryptographic algorithm.
In the present embodiment, to realize for convenience and encryption and decryption is carried out to the data in terminal device, the encrypted card is TF card,
The TF card is mountable on mobile terminal, and asymmetric cryptographic algorithm and symmetric cryptographic algorithm are stored with the TF card, can be by upper
State method and the asymmetric cryptographic algorithm in the TF card and the calling interface of symmetric cryptographic algorithm are packaged into JCE interfaces, from
And cause terminal device application only to call the JCE interfaces of encapsulation to call the cryptographic algorithm in bottom encrypted card, reduce
Terminal device calls the workload of cryptographic algorithm in encrypted card.
It should be noted that the above-mentioned cryptographic algorithm calling interface by encrypted card is packaged into the process of JCE interfaces, also may be used
To be not understood as cryptographic algorithm calling interface being packaged into PKCS#11 interfaces, so as to complete PKCS#11 dynamic call databases
Encapsulation, can obtain cryptographic algorithm from the dynamic call storehouse.
First embodiment of the invention provides a kind of cryptographic algorithm call method based on encrypted card, by being calculated in response to password
Method obtains instruction, to call JCE interfaces, then receives the JCE interfaces and is obtained from the cryptographic algorithm calling interface of its encrypted card encapsulated
The cryptographic algorithm taken, the cryptographic algorithm includes asymmetric cryptographic algorithm and symmetric cryptographic algorithm, so that terminal device
The cryptographic algorithm in bottom encrypted card can be called using the JCE interfaces that need to only call encapsulation, reduces terminal device calling
The workload of cryptographic algorithm in encrypted card.
Second embodiment
Fig. 3 is refer to, Fig. 3 is a kind of stream of the cryptographic algorithm call method based on encrypted card provided in an embodiment of the present invention
Cheng Tu, methods described specifically comprise the following steps:
Step S210:The cryptographic algorithm calling interface stored in encrypted card is packaged into JCE interfaces.
The specific implementation of the step can refer to being specifically described for step S120 in first embodiment, for the letter of description
It is clean, no longer excessively repeat herein.
Step S220:Obtain and instruct in response to cryptographic algorithm, call JCE interfaces.
Step S230:Receive described in cryptographic algorithm calling interface acquisition of the JCE interfaces from its encrypted card encapsulated
Cryptographic algorithm.
Second embodiment of the invention provides a kind of cryptographic algorithm call method based on encrypted card, will be deposited first in encrypted card
The cryptographic algorithm calling interface of storage is packaged into JCE interfaces, obtains and instructs then in response to cryptographic algorithm, to call JCE interfaces, then
Receive the JCE interfaces and obtain the cryptographic algorithm, the cryptographic algorithm bag from the cryptographic algorithm calling interface of its encrypted card encapsulated
Asymmetric cryptographic algorithm and symmetric cryptographic algorithm are included, so that terminal device application need to only call the JCE interfaces of encapsulation
The asymmetric cryptographic algorithm and symmetric cryptographic algorithm in bottom encrypted card are called, is reduced non-in terminal device calling encrypted card
The workload of symmetric cryptographic algorithm and symmetric cryptographic algorithm.
3rd embodiment
Fig. 4 is refer to, Fig. 4 is a kind of cryptographic algorithm calling device 200 based on encrypted card provided in an embodiment of the present invention
Structured flowchart, described device includes:Respond module 210 and algorithm acquisition module 220.
Respond module 210, instructed for being obtained in response to cryptographic algorithm, call JCE interfaces.
Algorithm acquisition module 220, for receiving cryptographic algorithm calling interface of the JCE interfaces from its encrypted card encapsulated
The cryptographic algorithm obtained, wherein, the cryptographic algorithm includes asymmetric cryptographic algorithm and symmetric cryptographic algorithm.
Fourth embodiment
Fig. 5 is refer to, Fig. 5 is a kind of cryptographic algorithm calling device 300 based on encrypted card provided in an embodiment of the present invention
Structured flowchart, described device includes:Package module 310, respond module 320 and algorithm acquisition module 330.
Package module 310, for the cryptographic algorithm stored in encrypted card calling interface to be packaged into JCE interfaces.
Respond module 320, instructed for being obtained in response to cryptographic algorithm, call JCE interfaces.
Algorithm acquisition module 330, for receiving cryptographic algorithm calling interface of the JCE interfaces from its encrypted card encapsulated
The cryptographic algorithm obtained, wherein, the cryptographic algorithm includes asymmetric cryptographic algorithm and symmetric cryptographic algorithm.
Wherein, the package module 310 includes:Packing submodule, for the cryptographic algorithm stored in encrypted card to be called
Interface encapsulation is packaged into supplier, to realize JCE interface encapsulations.
The algorithm acquisition module 330, specifically for the encryption encapsulated using the JNI technologies reception JCE interfaces from it
The cryptographic algorithm that the cryptographic algorithm calling interface of card obtains.
As a kind of mode, the encrypted card is TF card.
It is apparent to those skilled in the art that for convenience and simplicity of description, the device of foregoing description
Specific work process, may be referred to the corresponding process in preceding method, no longer excessively repeat herein.
In summary, the embodiment of the present invention provides a kind of cryptographic algorithm call method and device based on encrypted card, passes through
Obtain and instruct in response to cryptographic algorithm, to call JCE interfaces, then receive the JCE interfaces and calculated from the password of its encrypted card encapsulated
The cryptographic algorithm that method calling interface obtains, the cryptographic algorithm include asymmetric cryptographic algorithm and symmetric cryptographic algorithm, so as to
So that terminal device application need to only call the JCE interfaces of encapsulation to call the cryptographic algorithm in bottom encrypted card, reduce
Terminal device calls the workload of cryptographic algorithm in encrypted card.
In several embodiments provided herein, it should be understood that disclosed apparatus and method, can also pass through
Other modes are realized.Device embodiment described above is only schematical, for example, flow chart and block diagram in accompanying drawing
Show the device of multiple embodiments according to the present invention, method and computer program product architectural framework in the cards,
Function and operation.At this point, each square frame in flow chart or block diagram can represent the one of a module, program segment or code
Part, a part for the module, program segment or code include one or more and are used to realize holding for defined logic function
Row instruction.It should also be noted that at some as in the implementation replaced, the function that is marked in square frame can also with different from
The order marked in accompanying drawing occurs.For example, two continuous square frames can essentially perform substantially in parallel, they are sometimes
It can perform in the opposite order, this is depending on involved function.It is it is also noted that every in block diagram and/or flow chart
The combination of individual square frame and block diagram and/or the square frame in flow chart, function or the special base of action as defined in performing can be used
Realize, or can be realized with the combination of specialized hardware and computer instruction in the system of hardware.
In addition, each functional module in each embodiment of the present invention can integrate to form an independent portion
Point or modules individualism, can also two or more modules be integrated to form an independent part.
If the function is realized in the form of software function module and is used as independent production marketing or in use, can be with
It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words
The part to be contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter
Calculation machine software product is stored in a storage medium, including some instructions are causing a computer equipment (can be
People's computer, server, or network equipment etc.) perform all or part of step of each embodiment methods described of the present invention.
And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area
For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies
Change, equivalent substitution, improvement etc., should be included in the scope of the protection.It should be noted that:Similar label and letter exists
Similar terms is represented in following accompanying drawing, therefore, once being defined in a certain Xiang Yi accompanying drawing, is then not required in subsequent accompanying drawing
It is further defined and explained.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any
Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained
Cover within protection scope of the present invention.Therefore, protection scope of the present invention described should be defined by scope of the claims.
It should be noted that herein, such as first and second or the like relational terms are used merely to a reality
Body or operation make a distinction with another entity or operation, and not necessarily require or imply and deposited between these entities or operation
In any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant are intended to
Nonexcludability includes, so that process, method, article or equipment including a series of elements not only will including those
Element, but also the other element including being not expressly set out, or it is this process, method, article or equipment also to include
Intrinsic key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that
Other identical element also be present in process, method, article or equipment including the key element.
Claims (10)
1. a kind of cryptographic algorithm call method based on encrypted card, it is characterised in that methods described includes:
Obtain and instruct in response to cryptographic algorithm, call JCE interfaces;
The cryptographic algorithm that the JCE interfaces obtain from the cryptographic algorithm calling interface of its encrypted card encapsulated is received, wherein,
The cryptographic algorithm includes asymmetric cryptographic algorithm and symmetric cryptographic algorithm.
2. according to the method for claim 1, it is characterised in that described obtained in response to cryptographic algorithm instructs, and calls JCE to connect
Before the step of mouth, in addition to:
The cryptographic algorithm calling interface stored in encrypted card is packaged into JCE interfaces.
3. according to the method for claim 2, it is characterised in that encapsulate the cryptographic algorithm calling interface stored in encrypted card
Into JCE interfaces, including:
The cryptographic algorithm calling interface stored in encrypted card encapsulation is packaged into supplier, to realize JCE interface encapsulations.
4. according to the method for claim 1, it is characterised in that receive the JCE interfaces from the close of its encrypted card encapsulated
The cryptographic algorithm that code algorithm calling interface obtains, including:
The JCE interfaces are received from the described close of the cryptographic algorithm calling interface acquisition of its encrypted card encapsulated using JNI technologies
Code algorithm.
5. according to any described methods of claim 1-4, it is characterised in that the encrypted card is TF card.
6. a kind of cryptographic algorithm calling device based on encrypted card, it is characterised in that described device includes:
Respond module, instructed for being obtained in response to cryptographic algorithm, call JCE interfaces;
Algorithm acquisition module, for receiving the JCE interfaces from the cryptographic algorithm calling interface acquisition of its encrypted card encapsulated
The cryptographic algorithm, wherein, the cryptographic algorithm includes asymmetric cryptographic algorithm and symmetric cryptographic algorithm.
7. device according to claim 6, it is characterised in that described device also includes:
Package module, for the cryptographic algorithm stored in encrypted card calling interface to be packaged into JCE interfaces.
8. device according to claim 7, it is characterised in that the package module includes:
Packing submodule, for the encapsulation of the cryptographic algorithm stored in encrypted card calling interface to be packaged into supplier, to realize JCE
Interface encapsulation.
9. device according to claim 6, it is characterised in that the algorithm acquisition module, specifically for utilizing JNI technologies
Receive the cryptographic algorithm that the JCE interfaces obtain from the cryptographic algorithm calling interface of its encrypted card encapsulated.
10. according to any described devices of claim 6-9, it is characterised in that the encrypted card is TF card.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710620839.9A CN107368746A (en) | 2017-07-26 | 2017-07-26 | Cryptographic algorithm call method and device based on encrypted card |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710620839.9A CN107368746A (en) | 2017-07-26 | 2017-07-26 | Cryptographic algorithm call method and device based on encrypted card |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107368746A true CN107368746A (en) | 2017-11-21 |
Family
ID=60308535
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710620839.9A Pending CN107368746A (en) | 2017-07-26 | 2017-07-26 | Cryptographic algorithm call method and device based on encrypted card |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107368746A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2011015003A (en) * | 2009-06-30 | 2011-01-20 | Dainippon Printing Co Ltd | Password card |
CN103914642A (en) * | 2014-04-15 | 2014-07-09 | 浪潮电子信息产业股份有限公司 | USB (universal serial bus) KEY-based security suite structure system |
CN104601820A (en) * | 2015-01-29 | 2015-05-06 | 成都三零瑞通移动通信有限公司 | Mobile terminal information protection method based on TF password card |
CN106452771A (en) * | 2016-10-10 | 2017-02-22 | 山东渔翁信息技术股份有限公司 | Method and device for calling cipher card by JCE (Java Cryptography Extension) to implement internal RSA secret key operation |
-
2017
- 2017-07-26 CN CN201710620839.9A patent/CN107368746A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2011015003A (en) * | 2009-06-30 | 2011-01-20 | Dainippon Printing Co Ltd | Password card |
CN103914642A (en) * | 2014-04-15 | 2014-07-09 | 浪潮电子信息产业股份有限公司 | USB (universal serial bus) KEY-based security suite structure system |
CN104601820A (en) * | 2015-01-29 | 2015-05-06 | 成都三零瑞通移动通信有限公司 | Mobile terminal information protection method based on TF password card |
CN106452771A (en) * | 2016-10-10 | 2017-02-22 | 山东渔翁信息技术股份有限公司 | Method and device for calling cipher card by JCE (Java Cryptography Extension) to implement internal RSA secret key operation |
Non-Patent Citations (1)
Title |
---|
汪永好: "基于加密卡的JCE的研究与实现", 《计算机工程与设计》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10880097B2 (en) | Flexible provisioning of attestation keys in secure enclaves | |
US20220021540A1 (en) | Key protection for computing platform | |
US20190172047A1 (en) | System on chip and processing device | |
CN105391840B (en) | Automatically create destination application | |
TWI537765B (en) | On-board applet migration | |
TWI793215B (en) | Data encryption and decryption method and device | |
CN108429719B (en) | Key protection method and device | |
CN111683103B (en) | Information interaction method and device | |
CN108282467B (en) | Application method and system of digital certificate | |
RU2740298C2 (en) | Protection of usage of key store content | |
CN103902915B (en) | Trustable industrial control terminal and establishing method thereof | |
CN106452771B (en) | JCE calls the method and device of the built-in RSA key operation of cipher card realization | |
CN109862560A (en) | A kind of bluetooth authentication method, apparatus, equipment and medium | |
CN111274611A (en) | Data desensitization method, device and computer readable storage medium | |
CN109347629A (en) | Key transmission method and system based on shared security application, storage medium, equipment | |
CN107196907A (en) | A kind of guard method of Android SO files and device | |
CN105324779B (en) | The host of storage device safe to use restores | |
CN110366183A (en) | Short message safety protecting method and device | |
CN109460639A (en) | A kind of license authentication control method, device, terminal and storage medium | |
CN109560933B (en) | Authentication method and system based on digital certificate, storage medium and electronic equipment | |
CN104394179A (en) | Secure socket layer protocol extension method supporting domestic cipher algorithm | |
JP2016519544A (en) | Self-authentication device and self-authentication method | |
CN110069241A (en) | Acquisition methods, device, client device and the server of pseudo random number | |
WO2023133862A1 (en) | Data processing method and system | |
Zhang et al. | Trusttokenf: A generic security framework for mobile two-factor authentication using trustzone |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171121 |
|
RJ01 | Rejection of invention patent application after publication |