CN109657449B - Method and equipment for realizing password resource intercommunication based on password card - Google Patents

Method and equipment for realizing password resource intercommunication based on password card Download PDF

Info

Publication number
CN109657449B
CN109657449B CN201811535811.6A CN201811535811A CN109657449B CN 109657449 B CN109657449 B CN 109657449B CN 201811535811 A CN201811535811 A CN 201811535811A CN 109657449 B CN109657449 B CN 109657449B
Authority
CN
China
Prior art keywords
cipher
pkcs
interface
skf
csp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811535811.6A
Other languages
Chinese (zh)
Other versions
CN109657449A (en
Inventor
魏贵鹏
谢演
陈仕昌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu 30javee Microelectronics Co ltd
Original Assignee
Chengdu 30javee Microelectronics Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu 30javee Microelectronics Co ltd filed Critical Chengdu 30javee Microelectronics Co ltd
Priority to CN201811535811.6A priority Critical patent/CN109657449B/en
Publication of CN109657449A publication Critical patent/CN109657449A/en
Application granted granted Critical
Publication of CN109657449B publication Critical patent/CN109657449B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication

Abstract

The invention discloses a method and equipment for realizing intercommunication of cipher resources based on a cipher card, wherein the method takes the realization of a PKCS #11 cipher interface as a basis, and transfers the cipher interfaces of CSP and SKF and the management mode of the cipher resources to PKCS #11, and comprises the steps of cipher interface transfer, cipher resource management mode transfer and cipher card firmware adaptation, wherein the cipher interface transfer takes a PKCS #11 system interface as a basis to transfer CSP and SKF; the password resource management mode conversion converts the applications and the container concepts of the CSP and the SKF into the objects of the PKCS #11 for management. The invention can effectively solve the problem that the password resources are not intercommunicated across the password interface system, and the method does not need the password card to realize three password interfaces and management, can greatly reduce the workload of cross adaptation of the three, has low requirement on the password card resources, reduces the code amount of the password card and improves the execution efficiency.

Description

Method and equipment for realizing password resource intercommunication based on password card
Technical Field
The invention relates to the technical field of password application and password interfaces, in particular to a method and equipment for realizing password resource intercommunication based on a password card.
Background
The current network information technology is developed at a high speed, a large amount of information data such as social contact, identity, finance and the like are transmitted and interacted on a network at all times, the information security problem occurs at all times, the information security is increasingly highlighted, and the indispensable and important properties of the password security service capable of providing security guarantee for application programs are highlighted. Several international and domestic cipher application interface specifications are formed at present, and representative and widely applied are PKCS #11, CSP and SKF.
PKCS #11, published by RSA laboratories, is a platform-independent API, and has cross-platform properties, developed as an abstraction layer for generic cryptographic tokens, mainly relating to the management and functionality of tokens, sessions, slots, and objects. CSP is a Microsoft encryption application interface, is specially designed for WIN32 application programs, and mainly relates to container management and functions. The SKF is a code application interface standard established by the China national code administration, and mainly relates to container and multi-application management and functions. The three password interface specifications have consistency and difference, all the specifications can provide uniform password function service, the password function use processes are similar and all relate to the authority management of PIN code users and the like, but the password interfaces of the three specifications are different in definition, the management modes of password resources such as keys, certificates and the like are different, the password resource management modes of SKF and CSP are containers, and the password resource management mode of PKCS #11 is an object.
In a password system and an application scenario, a special password TF card, i.e., a password card, carrying password resources and functions is used as a specific password device, and a secure and trusted system terminal, called a crypto-tube or a certificate authority (ca) system, is defined in addition to inject other password resources such as a certificate and a secret key into the password card, so that the password card passes authentication and has a legal and secure identity. The authenticated password card is applied to portable handheld android system terminals such as mobile phones and PADs to provide specific password services.
However, when the cryptographic card is injected with cryptographic resources by a crypto-pipe or CA system (generally, Windows system) using a CSP cryptographic interface or an SKF cryptographic interface, the cryptographic card cannot be directly applied to an android security application APP based on a PKCS #11 cryptographic interface, because the PKCS #11 cryptographic interface cannot find the required cryptographic resources in an object management manner.
Disclosure of Invention
The invention provides a switching method of a password resource management mode aiming at the problem that password resources managed by CSP and SKF password interfaces can not be used in PKCS #11 password interfaces, which is suitable for the three password interfaces, realizes the intercommunication and the use of the password resources and has simple and efficient whole realization mechanism.
The invention provides a method for realizing intercommunication of cipher resources based on a cipher card, which is characterized in that based on the realization of a PKCS #11 cipher interface, the cipher interfaces of CSP and SKF and a cipher resource management mode are switched to the PKCS #11, the method comprises the steps of cipher interface switching, cipher resource management mode switching and cipher card firmware adaptation, wherein the cipher interface switching takes a PKCS #11 system interface as a basic switching CSP and SKF; the password resource management mode conversion converts the applications and the container concepts of the CSP and the SKF into the objects of the PKCS #11 for management.
Further, the password interface switching specifically includes: the PKCS #11 can be directly used by the application as a base library and is transferred to CSP and SKF cryptographic interface supply application calls through upper layer definition, interface and function migration, and the three cryptographic interfaces are converted into PKCS #11 cryptographic interfaces at the bottom layer for processing and management.
Further, the password interface switching specifically includes: the CSP and SKF container management interfaces are realized through the switching and calling of the PKCS #11 object management interface, the CSP and SKF password service interfaces are realized through the switching and calling of the PKCS #11 password service interface, and the CSP and SKF authority management interfaces are realized through the switching and calling of the PKCS #11 PIN and login management.
Further, the password resource management mode conversion specifically includes: the method comprises the steps of defining a new attribute CKA _ CONTAINER _ ATTRIBUTES to convert CSP and SKF CONTAINER names by relying on an extension definition CKA _ VENTOR _ DEFINED of a PKCS #11 system, defining a multi-APPLICATION concept of CKA _ APPLICATION _ ATTRIBUTES to convert SKF, using CKA _ TOKEN ATTRIBUTES of PKCS #11 to distinguish a permanent or temporary existing life cycle of a KEY or a CERTIFICATE in a CONTAINER for conversion, directly using CKO _ PUBLIC _ KEY, CKO _ PRIVATE _ KEY and CKO _ SECRET _ KEY ATTRIBUTES to describe KEY types, directly using CKO _ CERTIFICATE ATTRIBUTES to describe CERTIFICATEs, and directly using CKA _ VALUE ATTRIBUTES to describe entity data of the KEY and the CERTIFICATEs.
Further, the adaptation of the password card firmware specifically includes: realizing the service functions of PKCS #11 main body PIN management, authority management, algorithm function and object management based on the SDK; the cipher card firmware and the upper layer cipher application interface library carry out data interaction and service function definition through service frames, each PKCS #11 interface function is a service function command code, the service function definition and the service data are sent to the cipher card through the service frames, and the cipher card firmware receives the service frames, analyzes according to the definition and completes the designated service functions.
The equipment provided by the invention realizes the intercommunication of the cipher resources based on the cipher card, transfers the cipher interfaces of the CSP and the SKF and the management mode of the cipher resources to the PKCS #11 based on the realization of the cipher interface of the PKCS #11, and comprises a cipher interface transfer device, a cipher resource management mode transfer device and a cipher card firmware adapter device, wherein the cipher interface transfer device is used for transferring the CSP and the SKF by taking the interface of the PKCS #11 system as the basis; the cipher resource management mode conversion device is used for converting all the applications and container concepts of CSP and SKF into objects of PKCS #11 for management.
Further, the method for the password interface switching device to switch the password interface comprises the following steps: the CSP and SKF container management interfaces are realized through the switching and calling of the PKCS #11 object management interface, the CSP and SKF password service interfaces are realized through the switching and calling of the PKCS #11 password service interface, and the CSP and SKF authority management interfaces are realized through the switching and calling of the PKCS #11 PIN and login management.
Further, the method for performing the password resource management mode conversion by the password resource management mode conversion device includes: the method comprises the steps of defining a new attribute CKA _ CONTAINER _ ATTRIBUTES to convert CSP and SKF CONTAINER names by relying on an extension definition CKA _ VENTOR _ DEFINED of a PKCS #11 system, defining a multi-APPLICATION concept of CKA _ APPLICATION _ ATTRIBUTES to convert SKF, using CKA _ TOKEN ATTRIBUTES of PKCS #11 to distinguish a permanent or temporary existing life cycle of a KEY or a CERTIFICATE in a CONTAINER for conversion, directly using CKO _ PUBLIC _ KEY, CKO _ PRIVATE _ KEY and CKO _ SECRET _ KEY ATTRIBUTES to describe KEY types, directly using CKO _ CERTIFICATE ATTRIBUTES to describe CERTIFICATEs, and directly using CKA _ VALUE ATTRIBUTES to describe entity data of the KEY and the CERTIFICATEs.
Further, the method for the adapter device of the firmware of the password card to adapt the firmware of the password card comprises the following steps: realizing the service functions of PKCS #11 main body PIN management, authority management, algorithm function and object management based on the SDK; the cipher card firmware and the upper layer cipher application interface library carry out data interaction and service function definition through service frames, each PKCS #11 interface function is a service function command code, the service function definition and the service data are sent to the cipher card through the service frames, and the cipher card firmware receives the service frames, analyzes according to the definition and completes the designated service functions.
Another aspect of the present invention provides a computer-readable storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the steps of the method as described above.
The invention provides a method for intercommunication of password resources by taking a password interface as a basis to transfer other password interfaces as an idea, which is particularly suitable for a CA (certification service provider) or crypto management system of Windows to inject the password resources by using a CSP (chip scale package) or SKF (secret scale format) password interface, and then a PKCS #11 of an Android system uses an application scene of the password resources, so that the problem that the password resources are not intercommunicated across the password interface system can be effectively solved, and the method does not need the password card to realize three password interfaces and management, can greatly reduce the workload of cross adaptation of the three, has low requirements on the password card resources, reduces the code quantity of the password card and improves the execution efficiency.
Drawings
The invention will now be described, by way of example, with reference to the accompanying drawings, in which:
FIG. 1 is a diagram illustrating a cryptographic interface switch implementation according to an embodiment of the present invention;
FIG. 2 is a container and object translation diagram according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a password card according to an embodiment of the invention.
Detailed Description
All of the features disclosed in this specification, or all of the steps in any method or process so disclosed, may be combined in any combination, except combinations of features and/or steps that are mutually exclusive.
Any feature disclosed in this specification may be replaced by alternative features serving equivalent or similar purposes, unless expressly stated otherwise. That is, unless expressly stated otherwise, each feature is only an example of a generic series of equivalent or similar features.
The invention takes the realization of PKCS #11 password interface (comprising PKCS #11 library and password card firmware) as the basis, switches the password interface and the password resource management mode of CSP and SKF to PKCS #11, unifies the password interface and the password resource management mode of three sets of password interface specifications, and switches two main aspects from the password interface switching and the password resource management mode to realize intercommunication.
1) Password interface switching
The CSP, SKF and PKCS #11 specifications each define an API interface, mainly a cryptographic service class interface, a cryptographic resource management class interface (container management and object management) and a rights management interface.
Based on a simple and convenient implementation mode, the interfaces of the PKCS #11 system are used as the basic transfer CSP and SKF, as shown in FIG. 1, the PKCS #11 as the basic library can be directly used by applications, and transferred to be used for the cryptographic interfaces supply of the CSP and the SKF through upper layer definition, interface and function transplantation, and the three cryptographic interfaces are converted into the cryptographic interfaces of the PKCS #11 at the bottom layer for processing and management. The CSP and SKF container management interfaces are realized through the switching and calling of the PKCS #11 object management interface, the CSP and SKF password service interfaces are realized through the switching and calling of the PKCS #11 password service interface, and the CSP and SKF authority management interfaces are realized through the switching and calling of the PKCS #11 PIN and login management.
2) Cryptographic resource management mode conversion
The management mode of CSP and SKF password resources is a container, the container can be regarded as a password resource aggregate, and password resources such as a secret key (pair), a certificate and the like can be stored in the container according to the CSP and SKF specification requirements. The management mode of the PKCS #11 password resource is an object, the object is a multi-attribute aggregate and can be divided into three types of objects of data, certificate and key. The method comprises the steps of converting all CONTAINERs of CSP and SKF into objects of PKCS #11 for management, defining a new attribute CKA _ CONTAINER _ ATTRIBUTES to convert CSP and SKF CONTAINER names by means of the expanded definition CKA _ VENTOR _ DEFINED of a PKCS #11 system, defining CKA _ APPLICATION _ ATTRIBUTES to convert a multi-APPLICATION concept of SKF, distinguishing CKA _ TOKEN ATTRIBUTES of PKCS #11 for the permanent or temporary existing life cycle of KEYs or CERTIFICATEs in the CONTAINERs, directly describing CKO _ PUBLIC _ KEY, CKO _ PRIVATE _ KEY and CKO _ SECRET _ KEY ATTRIBUTES, directly describing the CKO _ CERTIFICATE ATTRIBUTES of the KEYs or CERTIFICATEs, directly describing entity data of the KEYs and the CERTIFICATEs by using the LUA _ VAE ATTRIBUTES, and thus converting all the APPLICATIONs of CSP and SKF and the CONTAINER concepts into objects of PKCS #11 for management, as shown in a drawing 2. The PKCS #11 can find out all the KEYs and certificate cryptographic resources issued by the CSP or SKF by using the CKA _ content _ ATTRIBUTES and the CKA _ APPLICATION _ ATTRIBUTES when using cryptographic resources, and can know whether a specific object is a public KEY or a private KEY or a certificate by obtaining the CKA _ KEY _ TYPE ATTRIBUTES, so that the PKCS #11 can be used for specific cryptographic services.
3) Cipher card fastener adaptation
As shown in fig. 3, the cryptocard body firmware implements service functions such as PKCS #11 body PIN management, rights management, algorithm function, and object management based on the SDK. The cipher card firmware and the upper layer cipher application interface library carry out data interaction and service function definition through service frames, each PKCS #11 interface function is a service function command code, the service function definition and the service data are sent to the cipher card through the service frames, and the cipher card firmware receives the service frames, analyzes according to the definition and completes the designated service functions.
The invention also provides a device corresponding to the method, which takes the realization of the PKCS #11 password interface as a basis, and transfers the password interfaces of the CSP and the SKF and the password resource management mode to the PKCS #11, and comprises a password interface transfer device, a password resource management mode conversion device and a password card firmware adapter device, wherein the password interface transfer device is used for transferring the CSP and the SKF by taking the PKCS #11 system interface as the basis; the cipher resource management mode conversion device is used for converting all the applications and container concepts of CSP and SKF into objects of PKCS #11 for management.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by hardware associated with program instructions, and the program may be stored in a computer readable storage medium, which may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.
The invention is not limited to the foregoing embodiments. The invention extends to any novel feature or any novel combination of features disclosed in this specification and any novel method or process steps or any novel combination of features disclosed.

Claims (9)

1. A method for realizing intercommunication of cipher resources based on cipher card is characterized in that a CA or crypto-control system for Windows uses a CSP or SKF cipher interface to inject the cipher resources, then a PKCS #11 of an Android system uses an application scene of the cipher resources, and based on the realization of the PKCS #11 cipher interface, the cipher interfaces and the cipher resource management modes of the CSP and the SKF are switched to the PKCS #11, including cipher interface switching, cipher resource management mode switching and cipher card firmware adaptation, wherein the cipher interface switching takes a PKCS #11 system interface as a basis to switch the CSP and the SKF; the password resource management mode conversion converts the CSP and SKF application and container concepts into PKCS #11 objects for management;
the password interface switching specifically comprises: the PKCS #11 can be directly used by the application as a base library and is transferred to CSP and SKF cryptographic interface supply application calls through upper layer definition, interface and function migration, and the three cryptographic interfaces are converted into PKCS #11 cryptographic interfaces at the bottom layer for processing and management.
2. The method for implementing intercommunication of cipher resources based on cipher card according to claim 1, wherein said cipher interface switching specifically includes: the CSP and SKF container management interfaces are realized through the switching and calling of the PKCS #11 object management interface, the CSP and SKF password service interfaces are realized through the switching and calling of the PKCS #11 password service interface, and the CSP and SKF authority management interfaces are realized through the switching and calling of the PKCS #11 PIN and login management.
3. The method for implementing intercommunication of cipher resources based on cipher card according to claim 1, wherein said cipher resource management mode conversion specifically includes: the method comprises the steps of defining a new attribute CKA _ CONTAINER _ ATTRIBUTES to convert CSP and SKF CONTAINER names by relying on an extension definition CKA _ VENTOR _ DEFINED of a PKCS #11 system, defining a multi-APPLICATION concept of CKA _ APPLICATION _ ATTRIBUTES to convert SKF, using CKA _ TOKEN ATTRIBUTES of PKCS #11 to distinguish a permanent or temporary existing life cycle of a KEY or a CERTIFICATE in a CONTAINER for conversion, directly using CKO _ PUBLIC _ KEY, CKO _ PRIVATE _ KEY and CKO _ SECRET _ KEY ATTRIBUTES to describe KEY types, directly using CKO _ CERTIFICATE ATTRIBUTES to describe CERTIFICATEs, and directly using CKA _ VALUE ATTRIBUTES to describe entity data of the KEY and the CERTIFICATEs.
4. The method according to claim 1, wherein the adapting of the firmware of the cryptographic card specifically comprises: realizing the service functions of PKCS #11 main body PIN management, authority management, algorithm function and object management based on the SDK; the cipher card firmware and the upper layer cipher application interface library carry out data interaction and service function definition through service frames, each PKCS #11 interface function is a service function command code, the service function definition and the service data are sent to the cipher card through the service frames, and the cipher card firmware receives the service frames, analyzes according to the definition and completes the designated service functions.
5. A device for realizing intercommunication of cipher resources based on cipher cards is characterized in that the device is used for a Windows CA or crypto-system to inject the cipher resources by using a CSP or SKF cipher interface, then a PKCS #11 of an Android system uses an application scene of the cipher resources, and the cipher interfaces and the cipher resource management modes of the CSP and the SKF are switched to the PKCS #11 based on the realization of the PKCS #11 cipher interface, and the device comprises a cipher interface switching device, a cipher resource management mode switching device and a cipher card firmware adapting device, wherein the cipher interface switching device is used for switching the CSP and the SKF by using the PKCS #11 system interface as a basis; the cipher resource management mode conversion device is used for converting all CSP and SKF applications and container concepts into PKCS #11 objects for management;
the password interface switching specifically comprises: the PKCS #11 can be directly used by the application as a base library and is transferred to CSP and SKF cryptographic interface supply application calls through upper layer definition, interface and function migration, and the three cryptographic interfaces are converted into PKCS #11 cryptographic interfaces at the bottom layer for processing and management.
6. The apparatus according to claim 5, wherein the method for performing cryptographic interface switching by the cryptographic interface switching apparatus comprises: the CSP and SKF container management interfaces are realized through the switching and calling of the PKCS #11 object management interface, the CSP and SKF password service interfaces are realized through the switching and calling of the PKCS #11 password service interface, and the CSP and SKF authority management interfaces are realized through the switching and calling of the PKCS #11 PIN and login management.
7. The apparatus according to claim 5, wherein the method for performing the switching of the cryptographic resource management mode by the cryptographic resource management mode switching device comprises: the method comprises the steps of defining a new attribute CKA _ CONTAINER _ ATTRIBUTES to convert CSP and SKF CONTAINER names by relying on an extension definition CKA _ VENTOR _ DEFINED of a PKCS #11 system, defining a multi-APPLICATION concept of CKA _ APPLICATION _ ATTRIBUTES to convert SKF, using CKA _ TOKEN ATTRIBUTES of PKCS #11 to distinguish a permanent or temporary existing life cycle of a KEY or a CERTIFICATE in a CONTAINER for conversion, directly using CKO _ PUBLIC _ KEY, CKO _ PRIVATE _ KEY and CKO _ SECRET _ KEY ATTRIBUTES to describe KEY types, directly using CKO _ CERTIFICATE ATTRIBUTES to describe CERTIFICATEs, and directly using CKA _ VALUE ATTRIBUTES to describe entity data of the KEY and the CERTIFICATEs.
8. The apparatus according to claim 5, wherein the method for adapting the firmware of the cryptocard by the firmware adapting device of the cryptocard comprises: realizing the service functions of PKCS #11 main body PIN management, authority management, algorithm function and object management based on the SDK; the cipher card firmware and the upper layer cipher application interface library carry out data interaction and service function definition through service frames, each PKCS #11 interface function is a service function command code, the service function definition and the service data are sent to the cipher card through the service frames, and the cipher card firmware receives the service frames, analyzes according to the definition and completes the designated service functions.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 4.
CN201811535811.6A 2018-12-14 2018-12-14 Method and equipment for realizing password resource intercommunication based on password card Active CN109657449B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811535811.6A CN109657449B (en) 2018-12-14 2018-12-14 Method and equipment for realizing password resource intercommunication based on password card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811535811.6A CN109657449B (en) 2018-12-14 2018-12-14 Method and equipment for realizing password resource intercommunication based on password card

Publications (2)

Publication Number Publication Date
CN109657449A CN109657449A (en) 2019-04-19
CN109657449B true CN109657449B (en) 2020-11-03

Family

ID=66113502

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811535811.6A Active CN109657449B (en) 2018-12-14 2018-12-14 Method and equipment for realizing password resource intercommunication based on password card

Country Status (1)

Country Link
CN (1) CN109657449B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110851328B (en) * 2019-11-12 2023-03-21 成都三零嘉微电子有限公司 Method for detecting abnormal power failure of password card in PKCS #11 application

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107977565A (en) * 2016-10-25 2018-05-01 航天信息股份有限公司 USBKEY interface systems and the method being connected with USBKEY
CN108234477A (en) * 2017-12-29 2018-06-29 成都三零嘉微电子有限公司 A kind of cipher object management method of PKCS#11 agreements in the application of commercial cipher algorithm

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
NZ533945A (en) * 2001-12-07 2006-09-29 Ecebs Ltd Smartcard system
US9589144B2 (en) * 2014-07-28 2017-03-07 Infosec Global Inc. System and method for cryptographic suite management

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107977565A (en) * 2016-10-25 2018-05-01 航天信息股份有限公司 USBKEY interface systems and the method being connected with USBKEY
CN108234477A (en) * 2017-12-29 2018-06-29 成都三零嘉微电子有限公司 A kind of cipher object management method of PKCS#11 agreements in the application of commercial cipher algorithm

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
基于 OpenCryptoki 实现国密算法功能的研究;谢演 等;《通信技术》;20181210;第51卷(第12期);第2975页第1栏第1段-第2976页第1栏第1段,第2976页第2栏第2段-2979页第2栏第1段 *
基于USBKEY的CSP与PKCS#11互通的实现方法;张栋 等;《计算机工程与设计》;20070831;第28卷(第16卷期);第3830第2栏第4段-第3831页第2栏第9段 *

Also Published As

Publication number Publication date
CN109657449A (en) 2019-04-19

Similar Documents

Publication Publication Date Title
US9807066B2 (en) Secure data transmission and verification with untrusted computing devices
CA2965445C (en) Transaction messaging
EP3921991A1 (en) System and method for hardening security between web services using protected forwarded access tokens
EP3627794A1 (en) Discovery method and apparatus based on service-oriented architecture
CN111431719A (en) Mobile terminal password protection module, mobile terminal and password protection method
CN101720071A (en) Short message two-stage encryption transmission and secure storage method based on safety SIM card
CN103458400A (en) Key management method for voice encryption communication system
Urien Cloud of secure elements: An infrastructure for the trust of mobile NFC services
CN110278084B (en) eID establishing method, related device and system
CN112866981B (en) Method and device for managing subscription data
CN110401531B (en) Cooperative signature and decryption system based on SM9 algorithm
Urien RACS: Remote APDU call secure creating trust for the internet
CN109657449B (en) Method and equipment for realizing password resource intercommunication based on password card
CN112039857B (en) Calling method and device of public basic module
CN111654861A (en) Authentication method, device, equipment and computer readable storage medium
CN108711055B (en) Security authentication method, security authentication equipment and system
CN102970134A (en) Method and system for encapsulating PKCS#7 (public-key cryptography standard #7) data by algorithm of hardware password equipment
EP4336393A1 (en) Security authentication method, readable medium, and electronic device
CN2914498Y (en) Information security device based on universal serial bus human-computer interaction type device
CN203387524U (en) Multi-interface and multifunctional intelligent cipher key apparatus
CN109981260A (en) A kind of credential key management system and method based on unified interface
CN102547661B (en) Method and device for establishing communication between Android system and telecommunications smart card
CN102413462B (en) Method and system for improving safety of voice communication of mobile terminal system based on safety micro secure digital (TF) card
CN106156571B (en) Encrypting fingerprint tool, encrypting fingerprint tool encrypting and deciphering system and encipher-decipher method
CN108304716A (en) Multi-application smart card and its application management method, communication system and communication means

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant