CN111913819A - RPC-based USBKEY access method - Google Patents
RPC-based USBKEY access method Download PDFInfo
- Publication number
- CN111913819A CN111913819A CN202010790272.1A CN202010790272A CN111913819A CN 111913819 A CN111913819 A CN 111913819A CN 202010790272 A CN202010790272 A CN 202010790272A CN 111913819 A CN111913819 A CN 111913819A
- Authority
- CN
- China
- Prior art keywords
- usbkey
- rpc
- access
- interfaces
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/40—Bus structure
- G06F13/4063—Device-to-bus coupling
- G06F13/4068—Electrical coupling
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/42—Bus transfer protocol, e.g. handshake; Synchronisation
- G06F13/4282—Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses an RPC-based USBKEY access method which is characterized in that a group of USBKEY access interfaces are abstracted, then cross-platform programming language is used as an interface to realize according to the group of USBKEY access interfaces, JS-language RPC client interfaces are provided for webpage application, and C-language RPC client interfaces are provided for local application programs; if the application program needs RPC client interfaces of other languages, a layer of translation interfaces of each language can be added on the C language interface. The invention provides an abstracted group of interfaces for the application layer, supports multi-platform and webpage type applications and local program type applications, effectively reduces the difficulty of using USBKEY by the applications, and improves the development efficiency of the applications. And access control is performed on a plurality of applications on the same terminal to access the USBKEY, so that access conflict of the USBKEY is avoided, and the running stability of the applications is improved. The USBKEY plug-pull event notification is provided for the application, and the development efficiency of the linkage function of the application and the USBKEY is improved.
Description
Technical Field
The invention relates to an access method of USBKEY, in particular to an RPC-based USBKEY access method for simultaneously accessing USBKEY by various types (web pages and application programs) of applications on a terminal.
Background
The USBKEY is a hardware device of a USB interface. A single chip microcomputer or an intelligent card chip is arranged in the authentication system, a certain storage space is provided, a private key and a digital certificate of a user can be stored, and the authentication of the user identity is realized by utilizing a public key algorithm arranged in the USBKEY. As the user private key is stored in the USBKEY and can not be read in any mode theoretically, the security of the user private key and the authentication is ensured.
There are three types of application programming interfaces currently available for USBKEY:
(1) the CSP interface (Cryptographic Service Provider) is a bottom encryption interface which is made for Windows series operating systems and realizes the Cryptographic operations of data encryption, decryption, digital signature, verification, data summarization and the like. The application is called by a CryptoAPI series function, the operation object is a container, and an encryption public and private key pair, an encryption certificate, a signature public and private key pair and a signature certificate are arranged in one container. The operations of encryption and decryption, signature and signature verification and the like can be completed through the container.
The advantages are that: the windows operating system is built in and supports access of web pages and local application programs.
The disadvantage is that the non-windows system cannot be used
(2) The SKF interface is a C language API interface which is published in the standard of the intelligent IC card and the code application interface specification of the intelligent code key and used for accessing the national code hardware.
The advantages are that: both windows operating systems and linux systems have vendor-supplied libraries of binary interfaces.
The method comprises the following steps: interfaces that do not provide access to web applications
(3) The P11 interface is a series of industry standards issued by RSA laboratories and is called PKCS standard, where PKCS #11 (abbreviated as P11) is an interface instruction standard for cryptographic devices. The API defines the most commonly used encryption object types (RSA keys, x.509 certificates, DES/3DES keys, etc.) and all the functions required to use, create/generate, modify and delete these objects.
The advantages are that: international standards, most commercial certificate authority software uses PKCS #11 to access the CA's signing key or registered user certificate.
The method comprises the following steps: domestic USBKEY manufacturers have insufficient support and are lack of ecology.
Under the condition that the types of the current terminal operating systems are more and more, software with the types of local application programs and an information system with the form of a webpage are applied. Some applications even need to acquire the plug-in and pull-out event of the USBKEY to perform service linkage, and the current USBKEY interface standard cannot completely meet the requirements.
Disclosure of Invention
The invention provides a USBKEY access method based on RPC, aiming at solving the technical problem that the existing USBKEY interface standard can not completely meet the requirement, so as to solve the following problems:
(1) the problem that the webpage application and the local program application on different operating systems cannot access the USBKEY through the same group of interfaces is solved.
(2) The problem of access conflict of a plurality of applications on a terminal to UBSKEY is solved.
(3) The method solves the problem that the webpage application and the local program application on different operating systems cannot acquire the plug-in event of the USBKEY through an interface.
The problem to be solved by the invention can be realized by the following technical scheme:
a USBKEY access method based on RPC, firstly abstracting a group of USBKEY access interfaces, then according to the group of access interfaces, using a cross-platform programming language as an interface to realize, providing an RPC client interface of JS language for webpage application, and providing an RPC client interface of C language for local application programs; if the application program needs RPC client interfaces of other languages, a layer of translation interfaces of each language can be added on the C language interface.
In a preferred embodiment of the invention, a single instance of a USB access service is run on the terminal, which provides the following functions:
RPC Server provides the interactive function with RPC Client;
and (3) session control: the access of a plurality of applications can be simultaneously supported, and the access conflict of USBKEY equipment can be avoided;
equipment management: the USBKEY equipment can be monitored for plugging and unplugging events and can be notified to an application.
And (3) drive management, namely managing USBKEY equipment drives of CSP, PKCS #11 and SKF types, and converting the RPC request into a real equipment access interface call.
And (3) service processing: one USBKEY equipment driving interface called by one RPC request and the USBKEY equipment driving interface called by multiple times in one RPC request are supported.
The invention provides a USBKEY access method based on RPC, which has the following 3 beneficial effects:
(1) the method and the device provide an abstracted group of interfaces for the application layer, support the application of multiple platforms and webpage types and the application of local program types, effectively reduce the difficulty of using the USBKEY by the application, and improve the development efficiency of the application.
(2) And access control is carried out on a plurality of applications on the same terminal to access the USBKEY, so that access conflict of the USBKEY is avoided, and the stability of application operation is improved.
(3) And the plug-in event notification of the USBKEY is provided for the application, and the development efficiency of the linkage function of the application and the USBKEY is improved.
Drawings
The invention is further described below in conjunction with the appended drawings and the detailed description.
FIG. 1 is a system configuration diagram of the present invention
FIG. 2 is a flow chart of the access of the application of the invention to the USBKEY
FIG. 3 is a flow chart of the USBKEY plugging and unplugging event of the present invention
Detailed Description
The invention relates to an RPC-based USBKEY access method, which firstly abstracts a group of RPC access interfaces of USBKEY, and concretely comprises the following steps:
(1) selecting an RPC frame for which applicant chooses to use threft within this embodiment;
(2) creating a usbKey.thrift file;
(3) abstracting a set of access interfaces (pseudo code) of USBKEY;
logging in an RPC service interface:
BOOLEAN loginUSBService(STRING appID,STRINGappName,STRING appToken);
obtaining a USBKEY equipment name list interface:
LIST<STRING>getUSBKeyList();
opening a USBKEY interface:
USBKEY openUSBKey(STRING USBKeyName);
operating the USBKEY interface:
BOOLEAN operatorUSBKey(USBKEY key,STRING command);
acquiring a USBKEY event interface:
STRING getUSBKeyNotify(USBKEY key);
closing the USBKEY interface:
VOID closeUSBKey(USBKEY);
logging out an RPC service interface:
VOID logOutUSBService();
(4) and (3) generating JS and C language RPC interface implementation by using thrift.
As shown in fig. 1, the technical solution of the present invention is composed of the following modules:
the RPC Client module 200 is embedded into an application, interacts with the USB Service through an RPC interface and provides the access capability of the USBKEY for the application.
The RPC Server module 101 is an interactive module with the RPC Client and transmits the received RPC request to the session control module.
The session control module 103: and for the access requests sent by the application, putting the access requests into different request processing queues according to different USBKEY equipment to prevent access conflicts to the USBKEY equipment.
The device management module 104: and monitoring the plugging and unplugging event of the USBKEY equipment. And after receiving the monitoring event of the system, transmitting the monitoring event to a driving management module, and then driving the management module to a session control module, an RPC Server module and an application end.
The drive management module 106: and managing CSP, PKCS #11 and SKF type device drivers, and converting the RPC request into a real device access interface call.
The service processing module 105: one USBKEY equipment driving interface called by one RPC request is supported, and the USBKEY equipment driving interface called by multiple times in one RPC request is also supported.
The RPC Client module 200 is embedded in the application, and the rest modules belong to the USB Service 100 Service process in the form structure. The process runs as a singleton process at the terminal.
As shown in FIG. 2, the flow of the application accessing the USBKEY is as follows:
step 1: first, the RPC Client module 200 calls loginubservice for authentication.
Step 2: further, the RPC Server module 101 performs authentication and then returns an authentication result to the RPC Client module 200.
And step 3: further, if the returned authentication fails, the RPC Client module 200 exits.
And 4, step 4: further, if the authentication is successfully returned, the RPC Client module 200 calls the getUSBKeyList interface to obtain the device name list.
And 5: further, one USBKEY device is selected, and the RPC Client module 200 calls an openUSBKey interface to open the USBKEY device.
Step 6: further, the RPC Client module 200 calls an operatorUSBKey interface to perform access operation on the USBKEY device.
And 7: further, after the access is completed, the RPC Client module 200 calls a closed USBKEY interface to close the currently operated USBKEY device.
And 8: further, if other USBKEY devices are to continue to operate, new operations may be started from step 5.
And step 9: further, if all operations are completed, the RPC Client module 200 calls a logOutUSBService interface to exit.
As shown in FIG. 3, the flow of the application accessing the USBKEY is as follows:
step 1: first, the RPC Client module 200 calls loginubservice for authentication.
Step 2: further, the RPC Server module 101 performs authentication and then returns an authentication result to the RPC Client module 200.
And step 3: further, if the returned authentication fails, the RPC Client module 200 exits.
And 4, step 4: further, if the authentication is successfully returned, the RPC Client module 200 calls the getUSBKeyNotify interface to acquire the USBKEY device plug-pull event. The RPC request is set to be long connection, the overtime time can be adjusted according to the actual scene, and the default of the scheme is set to be 30 seconds.
The RPC request then blocks waiting for the USBKEY device unplug event when it passes to the drive management module 106.
If the timeout time is used up and no USBKEY equipment plug-pull event occurs, the getUSBKEyNotify interface returns a timeout error.
And when the getUSBKEyNotify interface returns a timeout error, processing according to a normal condition, and repeatedly executing the operation of the step 4.
When the session control module 103 monitors the plug-in event, it will call the driver management module 106 to update the device list, and then continue to monitor the next event in a loop.
When the drive management module 106 updates the device list, and finds that the getUSBKeyNotify request is in the blocking state, the blocking state of getUSBKeyNotify is cancelled. And returns the device information of the occurred plugging event through the interface.
And 5: further, if all operations are completed, the RPC Client module 200 calls a logOutUSBService interface to exit.
The foregoing shows and describes the general principles, essential features, and advantages of the invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (2)
1. A USBKEY access method based on RPC is characterized in that a group of USBKEY access interfaces are abstracted, then cross-platform programming language is used as an interface to realize according to the group of USBKEY access interfaces, JS-language RPC client interfaces are provided for webpage application, and C-language RPC client interfaces are provided for local application programs; if the application program needs RPC client interfaces of other languages, a layer of translation interfaces of each language can be added on the C language interface.
2. The RPC-based USBKEY access method of claim 1, wherein a single instance of a USB access service is running on the terminal, the USB access service providing the following functions:
RPC Server provides the interactive function with RPC Client;
and (3) session control: the access of a plurality of applications can be simultaneously supported, and the access conflict of USBKEY equipment can be avoided;
equipment management: the plug-in and plug-out event of the USBKEY equipment can be monitored, and the USBKEY equipment can be informed to the application;
drive management, namely managing USBKEY equipment drives of CSP, PKCS #11 and SKF types, and converting RPC requests into real equipment access interface calls;
and (3) service processing: one USBKEY equipment driving interface called by one RPC request and the USBKEY equipment driving interface called by multiple times in one RPC request are supported.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010790272.1A CN111913819A (en) | 2020-08-07 | 2020-08-07 | RPC-based USBKEY access method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010790272.1A CN111913819A (en) | 2020-08-07 | 2020-08-07 | RPC-based USBKEY access method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111913819A true CN111913819A (en) | 2020-11-10 |
Family
ID=73283235
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010790272.1A Pending CN111913819A (en) | 2020-08-07 | 2020-08-07 | RPC-based USBKEY access method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111913819A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103116520A (en) * | 2012-11-02 | 2013-05-22 | 深圳键桥通讯技术股份有限公司 | Remote procedure call remote position control (RPC) method based on transmission control protocol (TCP)/user datagram protocol (UDP) |
| CN106648940A (en) * | 2017-03-13 | 2017-05-10 | 北京百悟科技有限公司 | Remote procedure call method and device |
| CN109101281A (en) * | 2018-07-10 | 2018-12-28 | 厦门亿联网络技术股份有限公司 | A kind of general hot plug detection method |
-
2020
- 2020-08-07 CN CN202010790272.1A patent/CN111913819A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103116520A (en) * | 2012-11-02 | 2013-05-22 | 深圳键桥通讯技术股份有限公司 | Remote procedure call remote position control (RPC) method based on transmission control protocol (TCP)/user datagram protocol (UDP) |
| CN106648940A (en) * | 2017-03-13 | 2017-05-10 | 北京百悟科技有限公司 | Remote procedure call method and device |
| CN109101281A (en) * | 2018-07-10 | 2018-12-28 | 厦门亿联网络技术股份有限公司 | A kind of general hot plug detection method |
Non-Patent Citations (1)
| Title |
|---|
| 孟君: "一步步完成thrift rpc示例", Retrieved from the Internet <URL:https://cloud.tencent.com/developer/article/1506626> * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101821715B (en) | System and method for browser-based access to smart cards | |
| EP1473618B1 (en) | Uniform modular framework for a host computer system | |
| EP2477165B1 (en) | Multi-application smart card, and system and method for multi-application management of smart card | |
| US9038154B2 (en) | Token Registration | |
| CN112612629B (en) | Method and system for realizing component type data interface | |
| CN100583114C (en) | System and method for remote security enablement | |
| US9413746B2 (en) | Extension point application and configuration of a login module | |
| US20080059790A1 (en) | Methods, apparatus and systems for smartcard factory | |
| EP1645987A2 (en) | Information processing apparatus, information processing method, and program | |
| CN105391840A (en) | automatic purposed-application creation | |
| CN113079164B (en) | Remote control method and device for bastion machine resources, storage medium and terminal equipment | |
| CN111526111A (en) | Control method, device and equipment for logging in light application and computer storage medium | |
| CN109150956A (en) | A kind of implementation method, device, equipment and computer storage medium pushing SDK | |
| CN110932860A (en) | Channel switching method, device, equipment and storage medium based on multiple CA | |
| CN109343970A (en) | Operating method, device, electronic equipment and computer media based on application program | |
| CN113037736A (en) | Authentication method, device, system and computer storage medium | |
| CN111913819A (en) | RPC-based USBKEY access method | |
| CN106778193B (en) | Client and UI interaction method | |
| CN110874455A (en) | Authorization management method and system | |
| CN112513905B (en) | Method and system for implementing virtual smart card services | |
| CN110932861A (en) | Digital certificate management method, device, equipment and storage medium based on multiple CA | |
| CN113032039B (en) | Plug-in transformation method and device for application, electronic equipment and storage medium | |
| CN114679278B (en) | Production maintenance method based on financial equipment and financial equipment | |
| CN115002218B (en) | Traffic distribution method, traffic distribution device, computer equipment and storage medium | |
| US7702900B1 (en) | Web services security test framework and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |