CN115913579A - Registration application method and device of smart card certificate - Google Patents
Registration application method and device of smart card certificate Download PDFInfo
- Publication number
- CN115913579A CN115913579A CN202310138962.2A CN202310138962A CN115913579A CN 115913579 A CN115913579 A CN 115913579A CN 202310138962 A CN202310138962 A CN 202310138962A CN 115913579 A CN115913579 A CN 115913579A
- Authority
- CN
- China
- Prior art keywords
- certificate
- service
- smart card
- xpc
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application relates to a registration application method and a device of a smart card certificate, which comprises the steps that a smart card expansion service sends a certificate reading instruction to an XPC service, the XPC service reads certificate information in smart card equipment through a drive library, the smart card expansion service sends an operation request to the XPC service, the XPC service obtains a key certificate index in the operation request, the smart card equipment corresponding to the key certificate index is interacted through the drive library, data to be processed obtained from the smart card equipment is processed, and a processing result is sent to the smart card expansion service.
Description
Technical Field
The invention relates to the field of smart card application, in particular to a method and a device for registering and applying a smart card certificate.
Background
In the prior art, token technology is generally used to realize authorized access, and operations such as signature and signature verification are performed through a token device. The Mac system starts to default after version 10.15 and no longer supports the use of the token technology, and how to realize authorized access without the token technology is a technical problem to be solved urgently at present.
Disclosure of Invention
The embodiment of the application provides a registration application method and device of a smart card certificate. The technical scheme is as follows:
in a first aspect, the present application provides a method for registering and applying a smart card certificate, where the method includes a certificate reading process and a signature verification process;
the certificate reading process comprises the following steps:
the method comprises the steps that the intelligent card equipment is accessed into a terminal, a system of the terminal starts intelligent card extended services, and after the intelligent card extended services start XPC services, certificate reading instructions are sent to the XPC services;
the XPC service traverses the smart card equipment inserted into the USB slot of the terminal to obtain the smart card equipment meeting the preset condition;
the XPC service reads the certificate information in the intelligent card equipment meeting the preset conditions through a driving library and sends the certificate information to the intelligent card expansion service;
the smart card expansion service obtains a certificate object, a key pair object and a key certificate index according to the certificate information, and stores the instance data of the certificate object and the instance data of the key pair object to the position corresponding to the key certificate index in a key chain unit;
the signature verification process comprises the following steps:
the intelligent card extension service receives an operation request and sends the operation request to the XPC service;
the XPC service acquires a key certificate index in the operation request, and interacts with the intelligent card equipment corresponding to the key certificate index through the drive library;
the XPC service acquires the example data of the certificate object and the example data of the key pair object from the position corresponding to the key certificate index in the key chain unit;
and the XPC service carries out verification signature processing on the intelligent card equipment by utilizing the example data of the certificate object and the example data of the key pair object, and sends a processing result to the intelligent card extended service.
In a second aspect, the present application provides a device for registering an application of a smart card certificate, where the device includes a certificate reading unit and a signature verification unit:
the certificate reading unit comprises a first processing module, a second processing module, a third processing module and a fourth processing module;
the first processing module is used for accessing the smart card equipment into the terminal, a system of the terminal starts smart card extended services, and after the smart card extended services start XPC services, the smart card extended services send a certificate reading instruction to the XPC services;
the second processing module is used for traversing the smart card equipment inserted into the USB slot of the terminal by the XPC service to obtain the smart card equipment meeting the preset condition;
the third processing module is used for reading the certificate information in the smart card equipment meeting the preset conditions through a drive library by the XPC service and sending the certificate information to the smart card extended service;
the fourth processing module is configured to obtain, by the smart card extension service, a certificate object, a key pair object, and a key certificate index according to the certificate information, and store instance data of the certificate object and instance data of the key pair object to a position in a key chain unit corresponding to the key certificate index;
the verification signature unit comprises a fifth processing module, a sixth processing module, a seventh processing module and an eighth processing module;
the fifth processing module is configured to receive the operation request by the smart card extension service, and send the operation request to the XPC service;
the sixth processing module is configured to obtain, by the XPC service, a key certificate index in the operation request, and interact with the smart card device corresponding to the key certificate index through the driver library;
the seventh processing module is configured to obtain, by the XPC service, instance data of the certificate object and instance data of the key pair object from a location corresponding to the key certificate index in a key chain unit;
and the eighth processing module is configured to perform verification signature processing on the smart card device by using the instance data of the certificate object and the instance data of the key pair object by the XPC service, and send a processing result to the smart card extension service.
In a third aspect, the present application provides a computer readable storage medium comprising a computer program which, when run on an apple device, causes the apple device to perform the method as described in the first aspect above.
In a fourth aspect, the present application provides a chip system, which includes a chip coupled to a memory, and configured to execute a computer program stored in the memory to perform the method of the first aspect.
The beneficial effect that technical scheme that this application provided brought includes at least: the problem that the Mac system starts to default after the version 10.15 and does not support the token technology any more and cannot authenticate and authorize the smart card is solved, the purpose that the Mac system can realize authorized access of the smart card without the token technology after the version 10.15 is achieved, a plurality of smart card devices are supported, and when a plurality of certificates exist in each smart card device, identity authentication and signature verification can be carried out on one certificate in one smart card device.
Drawings
Fig. 1 is a flowchart of a method for registering an application of a smart card certificate according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for registering an application of a smart card certificate according to an embodiment of the present invention;
fig. 3 is a flowchart of a method for registering an application of a smart card certificate according to a second embodiment of the present invention;
fig. 4 is a flowchart of a method for registering an application of a smart card certificate according to a second embodiment of the present invention;
fig. 5 is a flowchart of a method for registering an application of a smart card certificate according to a second embodiment of the present invention;
fig. 6 is a flowchart of an application registration method for a smart card certificate according to a third embodiment of the present invention;
fig. 7 is a flowchart of an application registration method for a smart card certificate according to a third embodiment of the present invention;
fig. 8 is a flowchart of an application registration method for a smart card certificate according to a third embodiment of the present invention;
fig. 9 is a block diagram of an apparatus for registering an application for a smart card certificate according to a fourth embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
Example one
An embodiment of the present invention provides a method for registering and applying a smart card certificate, as shown in fig. 1-2, the method of this embodiment includes a certificate reading process S1 and a signature verification process S2;
the certificate reading flow S1 includes:
s11, when the intelligent card equipment is connected to the terminal, a system of the terminal starts intelligent card extended service, and after the intelligent card extended service starts XPC service, a certificate reading instruction is sent to the XPC service;
it should be understood that the XPC service is an interprocess communication service in the MAC OS, and is a bundle under the Contents/XPCServices directory of the host application bundle.
S12, the XPC service traverses the smart card equipment inserted into the USB slot of the terminal to obtain the smart card equipment meeting the preset condition;
s13, the XPC service reads the certificate information in the intelligent card equipment meeting the preset conditions through the drive library and sends the certificate information to the intelligent card expansion service;
s14, the smart card expansion service obtains the certificate object, the key pair object and the key certificate index according to the certificate information, and stores the instance data of the certificate object and the instance data of the key pair object to the position corresponding to the key certificate index in the key chain unit.
The signature verification process S2 includes:
s21, the smart card extension service receives the operation request and sends the operation request to the XPC service.
S22, the XPC service obtains the key certificate index in the operation request, and interacts with the intelligent card equipment corresponding to the key certificate index through the driving library.
S23, the XPC service obtains the example data of the certificate object and the example data of the key pair object from the position corresponding to the key certificate index in the key chain unit.
S24, the XPC service carries out verification signature processing on the intelligent card equipment by utilizing the example data of the certificate object and the example data of the key pair object, and sends a processing result to the intelligent card extended service.
Based on the above embodiment, further, the certificate reading process S1 further includes:
the system runs a preset script to install the smart card drive installation package, so that the smart card extension application is installed in an application program catalog of the system, and the authority is issued to the smart card extension application;
the smart card extension application comprises a smart card extension service, and the smart card extension service comprises an XPC service and a driver library for realizing the interaction of the XPC service and the smart card equipment.
Based on the above embodiment, further, step S12 specifically includes:
the XPC service traverses the USB slot of the terminal to obtain the number of the accessed intelligent card equipment;
the XPC service judges whether the number of the accessed intelligent card equipment is zero or not;
if not, the XPC service reads VID and PID of the accessed intelligent card equipment;
VID means Vendor ID, and PID means Product ID.
Judging whether the VID of the accessed intelligent card equipment conforms to a preset VID and/or whether the PID of the accessed intelligent card equipment conforms to a preset PID;
if yes, the intelligent card equipment meets the preset conditions;
if not, ending the certificate reading process;
and if the number of the accessed intelligent card devices is zero, ending the certificate reading process.
Based on the foregoing embodiment, further, step S13 specifically includes:
the XPC service reads a first preset storage area of the smart card equipment meeting preset conditions through a drive library to obtain a start bit and an offset of certificate data storage;
and reading the second preset storage area of the intelligent card device according to the start bit and the offset of the certificate data storage to obtain the certificate information of the intelligent card device.
Based on the above embodiment, further, step S14 specifically includes:
the smart card expansion service converts the certificate data in the certificate information into example data of a certificate object, and sets the attribute of the key pair object after creating the example data of the key pair object according to the certificate object;
after the smart card expansion service obtains the certificate index and the key index from the certificate information, the smart card expansion service obtains the key certificate index according to the certificate index and the key index;
the smart card expansion service stores the instance data of the certificate object and the instance data of the key pair object into the key chain instance;
the smart card extension service encapsulates the keychain instance into the keychain unit corresponding to the key certificate index.
Based on the foregoing embodiment, further, when the smart card extension service receives that the operation request is an authentication request, the signature verification process S2 includes:
s21, the smart card expansion service receives the identity authentication request and sends the identity authentication request to an XPC service;
s22, the XPC service acquires a key certificate index in the identity verification request and a PIN code input by a user, and interacts with the intelligent card equipment corresponding to the key certificate index through a drive library;
s23, XPC service obtains example data of the certificate object and example data of the key pair object from the position corresponding to the key certificate index in the key chain unit;
and S24, the XPC service carries out identity verification on the intelligent card equipment corresponding to the key certificate index by utilizing the example data and the PIN code of the key pair object, and sends a verification result to the intelligent card expansion service.
Based on the above embodiment, further, S24 specifically includes:
the XPC service sends a command for obtaining the random number to the intelligent card equipment corresponding to the key certificate index;
the XPC service receives a random number returned by the intelligent card equipment corresponding to the key certificate index, and performs XOR operation on the PIN code and the random number to obtain an XOR result;
the XPC service uses a key to encrypt the exclusive or result of the public key in the instance data of the object to obtain a first encryption result;
the XPC service generates a verification instruction according to the first encryption result and sends the verification instruction to the smart card equipment corresponding to the key certificate index;
the XPC service receives the identity verification result of the intelligent card equipment corresponding to the key certificate index and sends the identity verification result to the intelligent card expansion service;
if the verification information received by the intelligent card expansion service is verification success information, the intelligent card equipment corresponding to the key certificate index is set to pass identity authentication;
otherwise, the authentication fails and login is not allowed.
Based on the foregoing embodiment, further, when the smart card extension service receives that the operation request is a signature request, the signature verification process S2 includes:
s25, the smart card expansion service receives the signature request and sends the signature request to an XPC service;
s26, the XPC service acquires a key certificate index in the signature request, and acquires data to be signed in the intelligent card equipment corresponding to the key certificate index through a drive library;
s27, the XPC service acquires example data of a certificate object of the intelligent card equipment corresponding to the key certificate index from the position corresponding to the key certificate index in the key chain unit;
and S28, the XPC service calls a driver library, executes signature operation on data to be signed by using the example data of the certificate object, and sends the signature data to the smart card expansion service.
Based on the above embodiment, further, S28 includes:
the XPC service obtains a certificate index from the key certificate index, generates a first signature request through the security environment management by utilizing the certificate index and a signature algorithm index in a drive library, and sends the first signature request to the intelligent card equipment corresponding to the key certificate index through the drive library;
the XPC service receives a first state code sent by the intelligent card equipment corresponding to the key certificate index, and judges whether to continue signing operation according to the first state code;
if so, the XPC service generates a second signature request according to the data to be signed and sends the second signature request to the intelligent card equipment corresponding to the key certificate index, otherwise, the current signature process is ended;
the XPC service receives a second state code sent by the intelligent card equipment corresponding to the key certificate index, and judges whether to continue the signature operation according to the second state code;
if so, the XPC service generates a third signature request and sends the third signature request to the intelligent card equipment corresponding to the key certificate index, otherwise, the current signature process is ended;
the XPC service receives a third status code sent by the intelligent card equipment corresponding to the key certificate index, and judges whether the signature operation is successful according to the third status code;
if the signature operation is successful, the XPC service sends a signature value in a signature operation result to the smart card extended service;
otherwise, the XPC service sends the signature failure information to the smart card extended service.
The method for registering and applying the smart card certificate solves the problems that a Mac system starts to default after the version 10.15 and does not support the use of the token technology any more, and the smart card cannot be authenticated and authorized, realizes the purpose that the Mac system can realize the authorized access of the smart card without the use of the token technology after the version 10.15, supports a plurality of smart card devices, and performs identity authentication and signature verification on one certificate in one smart card device when a plurality of certificates exist in each smart card device.
Example two
A second embodiment of the present invention provides a method for registering and applying a smart card certificate, as shown in fig. 3-5, the method of this embodiment includes a certificate reading process S100, an identity verification process S200, and a signature process S300;
the certificate reading process S100 specifically includes:
s110, when the system runs the smart card extension application for the first time, the smart card extension service in the smart card extension application is loaded, and the smart card extension service loads the XPC Sever.
In the application, the XPC server is an XPC service, and the XPC Client is an XPC Client. The smart card extended application is installed in an application program catalog of the system by the system running a smart card drive installation package, and the smart card extended service comprises XPC service and a drive library for realizing the interaction of the XPC service and the smart card equipment.
S120, when the system detects that the intelligent card device is inserted, the intelligent card extension service is started, the intelligent card extension service starts the XPC server, and whether the XPC Client is established or not is judged.
If yes, go to step S130;
otherwise, creating an XPC Client, binding the XPC Client and the XPC Server, loading a driver library, and executing the step S130.
Specifically, the XPC Client is connected to the XPC Server by an XPC Server name and specifies a specific interface and protocol.
S130, the smart card extension service sends a certificate reading command to the XPC Server through the XPC Client.
S140, the XPC Server receives the command of reading the certificate and traverses the USB slot to obtain the number of the devices which are inserted into the intelligent card;
for example, the smart card device described herein is not limited to a smart card terminal including a built-in smart card chip, but may be a smart card or the like.
S150, when the XPC Server reads that the number of the inserted intelligent card equipment is not zero, reading VIDs and PIDs of all the inserted intelligent card equipment, judging whether the VIDs of the inserted intelligent card equipment accord with a preset VID and/or judging whether the PIDs of the inserted intelligent card equipment accord with a preset PID;
if yes, go to step S160; otherwise, ending the certificate reading process.
S160, the XPC Server reads the certificate information in each smart card device through the driving library and sends all the read certificate information to the XPC Client.
S170, the smart card extension service receives all the certificate information through the XPC Client, converts each certificate information into a corresponding certificate object, creates a corresponding key pair object according to the certificate object, and encapsulates the instance data of the certificate object and the instance data of the key pair object corresponding to the certificate object into a position corresponding to the key certificate index in the key chain unit.
The step S170 specifically includes the following steps:
s171, the smart card extension service receives all certificate information through an XPC Client;
s172, the smart card expansion service converts the certificate data in each certificate information into the example data of the corresponding certificate object;
s173, after the smart card expansion service creates instance data of a corresponding key pair object according to each certificate object, setting the attribute of the key pair object;
specifically, the smart card extension service may set a signature attribute of the instance data of the key pair object to true, and identity authentication is required each time a signature operation is performed.
S174, after obtaining the certificate index and the key index of the certificate information from each certificate information, the smart card expansion service obtains the key certificate index corresponding to the certificate information according to the certificate index and the key index;
specifically, the certificate index field and the key index field may be written in the key certificate index field according to a preset rule.
And S175, the smart card expansion service stores the instance data of each certificate object and the instance data of the key pair object into the corresponding key chain instance.
And S176, the smart card expansion service packages each key chain instance into a position corresponding to the key certificate index in the key chain unit.
The authentication process S200 includes:
s210, the system receives an SSL request sent by a client, prompts a user to select a certificate for identity authentication, receives the certificate for identity authentication selected by the user, and informs the smart card expansion service user of selecting a key certificate index of the certificate for identity authentication;
wherein the SSL request is a Secure Sockets Layer request.
S220, the system prompts the user to input the PIN code, waits for receiving the PIN code input by the user and input completion confirmation information, and informs the smart card expansion service user of the input PIN code after receiving the input completion confirmation information.
S230, the smart card extension service sends a verification command to an XPC Server through an XPC Client, and sends a PIN code and a key certificate index input by a user to an XPCServer.
S240, the XPC Server obtains the example data of the certificate object and the example data of the key pair object from the position corresponding to the key certificate index in the key chain unit;
and S250, the XPC Server performs identity verification on the intelligent card equipment corresponding to the key certificate index by using the instance data and the PIN code of the key pair object, and sends a verification result to the intelligent card extended service.
Step S250 specifically includes:
s251, the XPC Server sends a command for acquiring the random number to the intelligent card equipment corresponding to the key certificate index;
s252, the XPC Server receives the random number returned by the intelligent card equipment, and performs XOR operation on the received PIN code and the random number to obtain an XOR result;
s253, the XPC Server acquires a key index in the key certificate index, and encrypts an exclusive or result by using a key to a token public key in example data of an object to obtain a first encryption result;
s244, the XPC Server generates a verification instruction according to the first encryption result and sends the verification instruction to the smart card equipment corresponding to the key certificate index;
s245, after the smart card device receives the verification instruction, the first encryption result in the verification instruction is decrypted by using a token private key in the example data of the object through the secret key;
s246, the smart card equipment generates a verification password according to the decryption result and the stored random number, and judges whether the verification password is the same as the stored PIN;
if the verification result is the same, the intelligent card equipment returns PIN code verification success information to the XPC Server;
otherwise, the intelligent card equipment returns PIN code verification failure information to the XPC Server;
the XPC Server returns a verification result to the XPC Client;
s250, the smart card extension service receives a verification result through an XPC Client;
if the received verification success information is received, the intelligent card equipment is set to pass identity authentication;
if the received verification failure information is received, sending verification failure prompt information, and ending the verification process.
The signature flow S300 includes:
s310, the smart card extension service receives the signature request and sends the signature request to an XPC Server through an XPC Client;
s320, the XPC Server acquires a key certificate index in the signature request, and acquires data to be signed in the smart card equipment corresponding to the key certificate index through a drive library;
s330, the XPC Server acquires the example data of the certificate object of the intelligent card equipment corresponding to the key certificate index from the position corresponding to the key certificate index in the key chain unit;
and S340, the XPC Server calls a driver library, executes signature operation on the data to be signed by using the example data of the certificate object, and sends the signature data to the smart card extended service.
Specifically, step S340 includes:
s341, the XPC Server obtains the certificate index from the key certificate index, generates a first signature request through the security environment management by using the certificate index and the signature algorithm index in the drive library, and sends the first signature request to the smart card device corresponding to the key certificate index through the drive library;
s342, the smart card device receives and analyzes the first signature request, and sets a signature algorithm and a signature key according to the signature algorithm identifier and the certificate data identifier;
if the setting is successful, returning a successful first state code to the XPC Server, and if the setting is failed, returning an erroneous first state code to the XPC Server;
s343, the XPC Server judges whether to continue the signature operation according to the first status code returned by the smart card;
if so, the XPC Server generates a second signature request according to the data to be signed and sends the second signature request to the smart card equipment, and step S334 is executed;
otherwise, ending the signature process.
For example, the XPC service interacts with the smartcard device via a driver library.
S344, the smart card device receives the second signature request, analyzes the second signature request to obtain data to be signed, and performs hash calculation on the data to be signed;
if the calculation is successful, the hash result obtained by the calculation is saved, and a successful second state code is returned to the XPC Server;
if the calculation is failed, returning an error second state code to the XPC Server;
s345, the XPC Server judges whether to continue the signature operation according to the second state code returned by the intelligent card equipment;
if so, the XPC Server generates a third signature request and sends the third signature request to an XPC Client, and the XPC Client sends the third signature request to the smart card equipment through the drive library;
otherwise, ending the signature process.
S345, when the smart card device receives the third signature request, the smart card device signs the stored hash result by using the signature key in the example data of the certificate object according to the set signature algorithm to obtain a signature value;
if the signature is successful, returning a successful third state code and a successful signature value to the XPC Server;
and if the signature fails, returning an error third state code to the XPC Server.
S346, the XPC Server judges whether the signature operation is successful according to the signature operation result;
if the result is successful, the XPC Server sends the signature value in the received signature operation result to the XPC Client;
otherwise, the XPC Server fails to send the signature to the XPC Client.
And S347, the smart card extension service receives the signature result through the XPC Client.
The method for registering and applying the smart card certificate solves the problems that a Mac system starts to default after the version 10.15 and does not support the token technology any more, and the smart card cannot be authenticated and authorized, realizes that the Mac system can realize authorized access of the smart card without the token technology after the version 10.15, supports a plurality of smart card devices, and performs identity authentication and signature verification on one certificate in one smart card device when the plurality of certificates exist in each smart card device.
EXAMPLE III
The third embodiment of the present invention provides a method for registering and applying a smart card certificate, as shown in fig. 6 to 8, the method of the present embodiment includes a certificate reading process, an identity verification process, and a signature process;
the certificate reading process 100 includes:
110. when the smart card driver installation package is installed in the system, the system runs a preset script so that the smart card extension application is installed in an application program directory of the system and gives authority to the smart card extension application.
The smart card extended application comprises a smart card extended service, and the smart card extended service comprises an XPC service and a driver library for realizing the interaction of the XPC service and the smart card equipment.
The preset scripts are as follows:
cp -rf /tmp/FTSmartToken.app /Applications/
sudo chown -R root:wheel /Applications/FTSmartToken.app
sudo open /Applications/FTSmartToken.app
rm -rf /tmp/FTSmartToken.app
app is the smart card extended application name.
120. When the system runs the smart card extension application for the first time, the system loads the smart card extension service, and the smart card extension service loads the XPC Server;
130. when the system detects that the intelligent card equipment is inserted, the intelligent card extended service is started, and the intelligent card extended service starts XPC (extensible peripheral component interconnect) server;
140. the smart card extension service judges whether an XPC Client is created or not;
if so, go to step 150;
otherwise, creating an XPC Client, binding the XPC Client and the XPC Server, loading the driver library, and executing the step 150.
Specifically, the XPC Client is connected with the XPC Server, and a specific interface and a specific protocol are specified, and the XPC Client can be connected with the XPC Server through a function.
For example:
xpcConnect=[[NSXPCConnectionalloc]initWithServiceName:@"com.ftsafe.FTSmartTokenXPC"];
NSXPCInterface*remoteInterface=[NSXPCInterfaceinterfaceWithProtocol:@protocol(FTSmartTokenXPCProtocol)];
the XPC Server name and the XPC Server are connected through the function initWithServiceName, and the specific interface and protocol of the interface are set through the function NSXPCInterfaceInterfaceWithprotocol.
150. The smart card extension service sends a read certificate command to the XPC Server through the XPC Client.
The read credential command sent is as follows:
[[xpcConnect remoteObjectProxy] SendCmd:@"ReadCert"WithObject:@{} WithReply:relpy];
160. the XPC Server receives the command of reading the certificate and traverses the USB slot to obtain the number of the inserted intelligent cards;
170. when the number of the inserted intelligent card devices is not zero, the XPC Server reads the VIDs and PIDs of all the inserted intelligent cards, judges whether the VIDs of the inserted intelligent cards accord with a preset VID and/or judges whether the PIDs of the inserted intelligent card devices accord with a preset PID;
if yes, go to step 180.
Otherwise, ending the reading process.
180. And the XPC Server reads the certificate information in all the intelligent card equipment which accords with the preset information through the driving library.
The preset information refers to preset VID and/or preset PID.
190. And the XPC Server sends the read certificate information of all the smart card devices to the XPC Client.
200. And the smart card extension service receives all certificate information through the XPC Client.
For example, one of the certificate information is as follows:
-----BEGIN CERTIFICATE-----
MIIDBDCCAeygAwIBAgIQd2UlWuJrlY1EpHI+eykhjzANBgkqhkiG9w0BAQUFADAS
MRAwDgYDVQQDEwdoZXlhbGVpMCAXDTE0MDMyMzA2MTgyNFoYDzIxMTQwMjI3MDYx
ODI0WjASMRAwDgYDVQQDEwdoZXlhbGVpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAqiQYFJAGUqYLNdzFONS46Vmzc1VWvaaQEsUrII+51hxlGQDXLmhz
/R9jITCDiRj9vxj+j4pVDoU+sQxgq6LuYySB37IJy4qDH4YV+H2yEiOh0e6howso
vwC1ERjji8zAa7H/t1eVVcSqL2DwY+gFD7+YqkK0z49pYTX2ZPmvPT2K6EfzUBwP
uCIRawKLBtfJw5eOKSOw68T/N54GBQZKPMErzwaa1WyP/GyHvmkkAfo5/OJcCGKg
9IiQw0wZLShrAzgyGdUJG5mIF8iPBq2CHPW+esyODUZ14mZDc6CFZS6nIfsFUp7/
9p/a7ysdTtX64QA84Vbe0II5xgMOYe6tQQIDAQABo1QwUjAVBgNVHSUEDjAMBgor
BgEEAYI3CgMEMC4GA1UdEQQnMCWgIwYKKwYBBAGCNxQCA6AVDBNoZXlhbGVpQGhl
eWFsZWktUEMAMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAAMdszXXXaqH
ZA6XhxayomUTNHgDw4WxQDqCKQAXGIcvRw+8YE7SJShaSFhlT6FB6tdulreN+D21
ExltCuStwYYPUf3b1EvbeS2vNMxHy1nPjhBGU5cZhH9eG+0P0APOnktN+V0ayYo3
6ksRNE6+EPII1mzMERm5hwmXh0TEEe5S6U3AiSAvPSxecfRIGIt6gn0RQ1hUrV0C
HkbWP0pgBJ2hQkjTbc/UvqG+Uoheb9CYSWxL81uANDwiod5JvmVev9CcDxnIsTRr
FB0hk4Nf3Vr0quFOEKHysTZ+qmQ+DLmQ7BGZ7P8s1bgd1ki3W7Cvo0Ww43kO/RJt
DWT2Xl8V4n8=
-----END CERTIFICATE-----
220. the smart card expansion service converts each certificate information into a corresponding certificate object, creates a corresponding key pair object according to the certificate object, and encapsulates the instance data of the certificate object and the instance data of the key pair object corresponding to the certificate object into a position corresponding to the key certificate index in the key chain unit TKTokenKeychainitem.
Step 220 specifically comprises the following steps:
221. the smart card expansion service converts the certificate data in the certificate information into example data of a certificate object;
222. the smart card extension service creates an instance data keyItem of a key pair object TKTokenKeychainKey corresponding to the instance data certItem of the certificate object according to the certificate object, the certificate index certificateID and the key index keyItemID;
223. the smart card extension service sets the signature attribute of the key to the instance data keyItem of the object to be true, and identity authentication is required to be carried out every time signature operation is carried out;
specifically, the signature attribute of the instance data keyItem of the key pair object is set to true by the attribute canSign of the key pair object tktokenkeyhainkey.
224. After the smart card expansion service obtains the certificate index and the key index from the certificate information, the smart card expansion service obtains the key certificate index according to the certificate index and the key index;
specifically, the key certificate index may be a character string, and the certificate index and the key index are respectively placed at predetermined positions in the character string.
225. The smart card extension service creates an instance array keyhaineitem of a key pair object tktokenkeychaineitem, and adds instance data keyiinem of the key pair object and instance data certItem of a certificate object to the instance data keyhaineitem of the keychain instance.
Specifically, a keychain instance is created by nsmusaberray < tktokenkeychaininitem > -keyhaininitem = [ nsmusaberray array ].
For example, the currently supported encryption algorithm is the rsa encryption algorithm, and the instance data keyItem of the key pair object and the instance data certItem of the certificate object of the rsa type are stored in the instance data keyhaineiltem of the keychain instance tktokenkeychaineiltem.
226. The smart card extension service encapsulates the keychain object TKTokenKeychainItem into a location in the keychain unit TKTokenKeychainContents corresponding to the key certificate index.
Specifically, the filewithitems of the calling keychain unit TKTokenKeychainContents: the TKTokenKeychainItem is packaged into the system keychain unit TKTokenKeychainContents.
The authentication process 300 includes:
310. the system receives an SSL request sent by a client, prompts a user to select a certificate for identity authentication, receives the certificate for identity authentication selected by the user, and informs the smart card expansion service user of selecting the number of the certificate for identity authentication;
the system prompts a user to input a PIN code, waits for receiving the PIN code input by the user and input completion confirmation information, and informs the intelligent card expansion service user of the input PIN code after receiving the input completion confirmation information;
320. the smart card expansion service acquires a corresponding key certificate index according to the serial number of the certificate selected by the user, sends a verification command to the XPC Server through the XPC Client, and sends the PIN code and the key certificate index input by the user to the XPC Server.
For example, the authentication command sent is as follows:
[[xpcConnect remoteObjectProxy] SendCmd:@"LOGIN"
WithObject:@{@"PASSWD":cipherData}WithReply:relpy];
330. and the XPC Server performs identity verification on the smart card equipment corresponding to the key certificate index through the drive library, and returns a verification result to the XPC Client.
Step 330 specifically includes:
331. the XPC Server sends a command for obtaining the random number to the corresponding smart card equipment;
332. the XPC Server receives the random number returned by the intelligent card equipment, and carries out XOR operation on the received PIN code and the random number to obtain an XOR result;
333. the XPC Server uses a public key in a key chain unit corresponding to the key certificate index to encrypt the XOR result to obtain a first encryption result;
334. the XPC Server generates a verification instruction according to the first encryption result and sends the verification instruction to the corresponding intelligent card equipment;
335. after the smart card equipment receives the verification instruction, the first encryption result in the verification instruction is decrypted by using the stored token private key;
336. the intelligent card equipment generates a verification password according to the decryption result and the stored random number, and judges whether the verification password is the same as the stored PIN;
if the verification result is the same, the intelligent card equipment returns PIN code verification success information to the XPC Server;
otherwise, the smart card equipment returns PIN code verification failure information to the XPC Server;
the XPC Server returns a verification result to the XPC Client;
360. after receiving the verification result through the XPC Client, the smart card extension service performs corresponding operation;
if the verification information received by the intelligent card expansion service is verification success information, the intelligent card equipment is set to pass identity authentication;
otherwise, the authentication fails and login is not allowed.
The signature flow 400 includes:
410. the smart card extension service sends the signature request to an XPC Server through an XPC Client;
for example, the signature request command sent:
[[xpcConnect remoteObjectProxy] SendCmd:@"SIGN"
WithObject:@{@"KID":[NSNumber numberWithInt:itemID], @"SIGNDATA":pData}WithReply:relpy];
420. the XPC Server acquires data to be signed of the intelligent card equipment corresponding to the key certificate index in the signature request through the drive library, and acquires example data of a certificate object of the intelligent card equipment from the key chain unit;
specifically, the keychain object tktokeykhaintientem stored in the keychain unit tktokeykhaincontents is obtained according to the read key certificate index keyObjectID, the certificate index certificateID is obtained through the key certificate index keyObjectID, and the instance data certItem of the certificate object corresponding to the certificate index certificateID is found from the keychain object tktokeykeyhaineintem.
430. The XPC Server calls the driver library, executes signature operation on data to be signed by using the instance data of the certificate object, sends the signature data to the XPC Client after finishing the signature operation, and the smart card extended service acquires the signature data through the XPC Client.
Specifically, step 430 includes:
431. the XPC Server obtains a certificate index from the key certificate index, generates a first signature request through the security environment management by using the certificate index and a signature algorithm index in a drive library, and sends the first signature request to the smart card equipment corresponding to the key certificate index through the drive library;
432. the smart card equipment receives and analyzes the first signature request, and sets a signature algorithm and a signature key according to the certificate index and the signature algorithm index;
if the setting is successful, returning a successful first status code to the XPC Server, and if the setting is failed, returning an erroneous first status code to the XPC Server;
433. the XPC Server judges whether to continue the signature operation according to the first status code returned by the intelligent card equipment;
if so, the XPC Server generates a second signature request according to the data to be signed and sends the second signature request to the smart card device, and step 434 is executed;
otherwise, ending the signature process.
434. The smart card equipment receives the second signature request, analyzes the second signature request to obtain data to be signed, and performs hash calculation on the data to be signed;
if the calculation is successful, the hash result obtained by the calculation is saved, and a successful second state code is returned to the XPC Server;
if the calculation is failed, returning an error second state code to the XPC Server;
435. the XPC Server judges whether to continue the signature operation according to the second state code returned by the intelligent card equipment;
if so, the XPC Server generates a third signature request and sends the third signature request to the XPC Server, and the XPC Server sends the third signature request to the smart card equipment through the drive library;
otherwise, ending the signature process.
436. When the smart card device receives the third signature request, the stored hash result is signed by using the signature key in the certificate data according to the set signature algorithm to obtain a signature value;
if the signature is successful, returning a successful third state code and a successful signature value to the XPC Server;
and if the signature fails, returning an error third state code to the XPC Server.
437. The XPC Server judges whether the signature operation is successful according to the signature operation result;
if the result is successful, the XPC Server sends the signature value in the received signature operation result to the XPC Client;
otherwise, the XPC Server fails to send the signature to the XPC Client.
438. The smart card extension service acquires the signature data through the XPC Client.
The method for registering and applying the smart card certificate solves the problems that a Mac system starts to default after the version 10.15 and does not support the token technology any more, and the smart card cannot be authenticated and authorized, and realizes that the Mac system can realize authorized access to the smart card without the token technology after the version 10.15.
Example four:
the present embodiment will be described with reference to fig. 9, which is a device for registering a smart card certificate, where the device includes a certificate reading unit and a signature verification unit:
the certificate reading unit comprises a first processing module, a second processing module, a third processing module and a fourth processing module;
the first processing module is used for accessing the intelligent card equipment into the terminal, a system of the terminal starts intelligent card extended service, and after the intelligent card extended service starts XPC service, the intelligent card extended service sends a certificate reading instruction to the XPC service;
the second processing module is used for the XPC service to traverse the smart card equipment inserted into the USB slot of the terminal to obtain the smart card equipment meeting the preset condition;
the third processing module is used for reading the certificate information in the intelligent card equipment meeting the preset conditions through the driving library by the XPC service and sending the certificate information to the intelligent card extended service;
the fourth processing module is used for the smart card expansion service to obtain a certificate object, a key pair object and a key certificate index according to the certificate information, and store the example data of the certificate object and the example data of the key pair object to the position corresponding to the key certificate index in the key chain unit;
the verification signature unit comprises a fifth processing module, a sixth processing module, a seventh processing module and an eighth processing module;
the fifth processing module is used for receiving the operation request by the intelligent card expansion service and sending the operation request to the XPC service;
the sixth processing module is used for the XPC service to acquire the key certificate index in the operation request and interact with the intelligent card equipment corresponding to the key certificate index through the drive library;
a seventh processing module, configured to enable the XPC service to obtain instance data of the certificate object and instance data of the key pair object from a location corresponding to the key certificate index in the key chain unit;
and the eighth processing module is used for the XPC service to carry out verification signature processing on the intelligent card equipment by utilizing the example data of the certificate object and the example data of the key pair object and sending a processing result to the intelligent card extended service.
Based on the above embodiment, further, the certificate reading unit further includes a ninth processing module;
the ninth processing module is used for the system to run a preset script to install the smart card drive installation package so as to enable the smart card extended application to be installed in an application program catalog of the system and to send the authority to the smart card extended application;
the smart card extended application comprises a smart card extended service, wherein the smart card extended service comprises an XPC service and a driver library for realizing the interaction of the XPC service and the smart card device.
Based on the above embodiment, further, the second processing module is specifically configured to traverse the USB slots of the terminal through the XPC service, so as to obtain the number of the smart card devices that have been accessed;
the XPC service judges whether the number of the accessed intelligent card equipment is zero or not;
if not, the XPC service reads VID and PID of the accessed intelligent card equipment;
judging whether the VID of the accessed intelligent card equipment conforms to a preset VID and/or whether the PID of the accessed intelligent card equipment conforms to a preset PID;
if yes, the intelligent card equipment meets the preset conditions;
if not, ending the reading process;
if the number of smart card devices accessed is zero, the process ends.
Based on the foregoing embodiment, further, the third processing module is specifically configured to enable the XPC service to read the first preset storage area of the smart card device that meets the preset condition through the driver library, so as to obtain the start bit and the offset of the certificate data storage;
and reading a second preset storage area of the intelligent card device according to the start bit and the offset of the certificate data storage to obtain the certificate information of the intelligent card device.
Based on the foregoing embodiment, further, the fourth processing module is specifically configured to convert, by the smart card expansion service, the certificate data in the certificate information into instance data of a certificate object, and set an attribute of the key pair object after creating the instance data of the key pair object according to the certificate object;
after the smart card expansion service obtains the certificate index and the key index from the certificate information, the smart card expansion service obtains the key certificate index according to the certificate index and the key index;
the smart card expansion service stores the instance data of the certificate object and the instance data of the key pair object into the key chain instance;
the smart card extension service encapsulates the keychain instance into the keychain unit corresponding to the key certificate index.
Based on the foregoing embodiment, further, when performing the identity authentication, the fifth processing module is specifically configured to, when the smart card extension service receives the identity authentication request, send the identity authentication request to the XPC service;
the sixth processing module is specifically used for the XPC service to acquire the key certificate index in the identity authentication request and the PIN code input by the user, and to interact with the smart card equipment corresponding to the key certificate index through the drive library;
a seventh processing module, configured to obtain, by the XPC service, instance data of a certificate object and instance data of a key pair object from a position corresponding to a key certificate index in a key chain unit;
and the eighth processing module is specifically configured to perform identity authentication on the smart card device corresponding to the key certificate index by using the instance data and the PIN code of the key pair object by the XPC service, and send an authentication result to the smart card extension service.
Based on the foregoing embodiment, the eighth processing module is specifically configured to send, by the XPC service, a random number obtaining instruction to the smart card device corresponding to the key certificate index;
the XPC service receives a random number returned by the intelligent card equipment corresponding to the key certificate index, and performs XOR operation on the PIN code and the random number to obtain an XOR result;
the XPC service uses a key to encrypt the exclusive or result of the public key in the instance data of the object to obtain a first encryption result;
the XPC service generates a verification instruction according to the first encryption result and sends the verification instruction to the intelligent card equipment corresponding to the key certificate index;
the XPC service receives the identity verification result of the intelligent card equipment corresponding to the key certificate index and sends the identity verification result to the intelligent card expansion service;
if the verification information received by the intelligent card extended service is verification success information, the intelligent card equipment corresponding to the key certificate index is set to pass identity authentication, and a signature request is sent;
otherwise, the authentication fails and login is not allowed.
Based on the foregoing embodiment, further, when the smart card extension service receives that the operation request is a signature request, the fifth processing module is specifically configured to send the signature request to the XPC service when the smart card extension service receives the signature request;
the sixth processing module is specifically used for the XPC service to acquire the key certificate index in the signature request and acquire the data to be signed in the smart card equipment corresponding to the key certificate index through the drive library;
a seventh processing module, configured to specifically use the XPC service to obtain, from a location corresponding to a key certificate index in a keychain unit, instance data of a certificate object of the smart card device corresponding to the key certificate index;
and the eighth processing module is specifically used for the XPC service call driving library, executing signature operation on the data to be signed by using the example data of the certificate object, and sending the signature data to the smart card extended service.
Based on the foregoing embodiment, further, the eighth processing module is specifically configured to obtain, by the XPC service, a certificate index from the key certificate index, generate, through the secure environment management, a first signature request by using the certificate index and a signature algorithm index in the driver library, and send, through the driver library, the first signature request to the smart card device corresponding to the key certificate index;
the XPC service receives a first state code sent by the intelligent card equipment corresponding to the key certificate index, and judges whether to continue signing operation according to the first state code;
if so, the XPC service generates a second signature request according to the data to be signed and sends the second signature request to the intelligent card equipment corresponding to the key certificate index, otherwise, the current signature process is ended;
the XPC service receives a second state code sent by the intelligent card equipment corresponding to the key certificate index, and judges whether to continue the signature operation according to the second state code;
if so, the XPC service generates a third signature request and sends the third signature request to the intelligent card equipment corresponding to the key certificate index, otherwise, the current signature process is ended;
the XPC service receives a third status code sent by the intelligent card equipment corresponding to the key certificate index, and judges whether the signature operation is successful according to the third status code;
if the signature operation is successful, the XPC service sends a signature value in a signature operation result to the smart card expansion service;
otherwise, the XPC service sends the signature failure information to the smart card expansion service.
The registration application device of the smart card certificate solves the problem that the Mac system starts to default after the version 10.15 and does not support the token technology any more, and cannot perform authentication and authorization of the smart card, and achieves that the Mac system can realize authorized access of the smart card without the token technology after the version 10.15.
Furthermore, the present application provides a computer-readable storage medium comprising a computer program which, when run on an apple device, causes the apple device to perform the method of the embodiments as described above.
The present application further provides a chip system, including a chip, coupled to a memory, for executing a computer program stored in the memory to perform the method described in the above embodiments.
The above description is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (12)
1. A registration application method of a smart card certificate is characterized by comprising a certificate reading process and a signature verification process;
the certificate reading process comprises the following steps:
the method comprises the steps that the intelligent card equipment is accessed into a terminal, a system of the terminal starts intelligent card extended services, and after the intelligent card extended services start XPC services, certificate reading instructions are sent to the XPC services;
the XPC service traverses the smart card equipment inserted into the USB slot of the terminal to obtain the smart card equipment meeting the preset condition;
the XPC service reads the certificate information in the intelligent card equipment meeting the preset conditions through a driving library and sends the certificate information to the intelligent card expansion service;
the smart card expansion service obtains a certificate object, a key pair object and a key certificate index according to the certificate information, and stores the instance data of the certificate object and the instance data of the key pair object to the position corresponding to the key certificate index in a key chain unit;
the signature verification process comprises the following steps:
the intelligent card extension service receives an operation request and sends the operation request to the XPC service;
the XPC service acquires a key certificate index in the operation request, and interacts with the intelligent card equipment corresponding to the key certificate index through the drive library;
the XPC service acquires the example data of the certificate object and the example data of the key pair object from the position corresponding to the key certificate index in the key chain unit;
and the XPC service carries out verification signature processing on the intelligent card equipment by utilizing the example data of the certificate object and the example data of the key pair object, and sends a processing result to the intelligent card extended service.
2. The method according to claim 1, wherein the certificate reading process further comprises:
the system runs a preset script to install a smart card drive installation package, so that smart card extension application is installed in an application program catalog of the system, and rights are issued to the smart card extension application;
the smart card extended application comprises a smart card extended service, wherein the smart card extended service comprises an XPC service and a driver library for realizing the interaction of the XPC service and the smart card device.
3. The method according to claim 1, wherein the XPC service traverses the smart card device inserted into the USB slot of the terminal to obtain a smart card device that meets a preset condition, and specifically includes:
the XPC service traverses the USB slot of the terminal to obtain the number of the accessed intelligent card equipment;
the XPC service judges whether the number of the accessed intelligent card equipment is zero or not;
if not, the XPC service reads the VID and PID of the accessed intelligent card equipment;
judging whether the VID of the accessed intelligent card equipment conforms to a preset VID and/or judging whether the PID of the accessed intelligent card equipment conforms to a preset PID;
the smart card device which meets the preset condition is the smart card device which meets the preset condition;
if no intelligent card equipment is matched, ending the certificate reading process;
and if the number of the accessed intelligent card devices is zero, ending.
4. The method according to claim 1, wherein the XPC service reads the certificate information in the smart card device that meets the preset condition through a driver library, and sends the certificate information to the smart card extension service, and specifically comprises:
the XPC service reads a first preset storage area of the smart card equipment meeting the preset conditions through a driving library to obtain a start bit and an offset of the certificate data storage;
and reading a second preset storage area of the intelligent card device according to the start bit and the offset of the certificate data storage to obtain the certificate information of the intelligent card device.
5. The method according to claim 1, wherein the smart card extension service obtains a certificate object, a key pair object, and a key certificate index according to the certificate information, and stores instance data of the certificate object and instance data of the key pair object to a location in a key chain unit corresponding to the key certificate index, specifically including:
the smart card expansion service converts the certificate data in the certificate information into the instance data of the certificate object, and sets the attribute of the key pair object after creating the instance data of the key pair object according to the certificate object;
after the smart card expansion service obtains a certificate index and a key index from the certificate information, the smart card expansion service obtains the key certificate index according to the certificate index and the key index;
the smart card extension service saves the instance data of the certificate object and the instance data of the key pair object into a key chain instance;
and the smart card expansion service packages the key chain instance to the position corresponding to the key certificate index in the key chain unit.
6. The method according to claim 1, wherein when the smart card extension service receives an operation request as an authentication request, the authentication signature process comprises:
the intelligent card extended service receives the identity authentication request and sends the identity authentication request to the XPC service;
the XPC service acquires a key certificate index in the identity authentication request and a PIN code input by a user, and interacts with the intelligent card equipment corresponding to the key certificate index through the drive library;
the XPC service acquires the example data of the certificate object and the example data of the key pair object from the position corresponding to the key certificate index in the key chain unit;
and the XPC service carries out identity verification on the intelligent card equipment corresponding to the key certificate index by utilizing the instance data of the key pair object and the PIN code input by the user, and sends a verification result to the intelligent card extended service.
7. The method according to claim 6, wherein the XPC service performs authentication on the smart card device corresponding to the key certificate index by using the instance data of the key pair object and the PIN code input by the user, and sends an authentication result to the smart card extension service, specifically comprising:
the XPC service sends a command for obtaining random numbers to the smart card equipment corresponding to the key certificate index;
the XPC service receives a random number returned by the intelligent card equipment corresponding to the key certificate index, and performs XOR operation on the PIN code and the random number to obtain an XOR result;
the XPC service uses the public key in the example data of the key pair object to encrypt the XOR result to obtain a first encryption result;
the XPC service generates a verification instruction according to the first encryption result and sends the verification instruction to the smart card equipment corresponding to the key certificate index;
the XPC service receives an identity verification result of the intelligent card equipment corresponding to the key certificate index and sends the identity verification result to the intelligent card expansion service;
if the identity verification result received by the intelligent card expansion service is verification success information, setting the intelligent card equipment corresponding to the key certificate index as passing identity authentication;
otherwise, the authentication fails and login is not allowed.
8. The method of claim 1, wherein when the smart card extension service receives that the operation request is a signature request, the verifying the signature process comprises:
the smart card extension service receives the signature request and sends the signature request to the XPC service;
the XPC service acquires a key certificate index in the signature request, and acquires data to be signed in the smart card equipment corresponding to the key certificate index through the drive library;
the XPC service acquires example data of a certificate object of the intelligent card equipment corresponding to the key certificate index from a position corresponding to the key certificate index in the key chain unit;
and the XPC service calls a driver library, executes signature operation on the data to be signed by using the example data of the certificate object, and sends the signature data to the smart card extended service.
9. The method according to claim 8, wherein the XPC service invokes a driver library to perform a signature operation on the data to be signed by using the instance data of the certificate object and send the signature data to the smart card extension service, specifically comprising:
the XPC service obtains a certificate index from the key certificate index, generates a first signature request through security environment management by using the certificate index and a signature algorithm index in the drive library, and sends the first signature request to the intelligent card equipment corresponding to the key certificate index through the drive library;
the XPC service receives a first status code sent by the intelligent card equipment corresponding to the key certificate index, and judges whether to continue signing operation according to the first status code;
if so, the XPC service generates a second signature request according to the data to be signed and sends the second signature request to the smart card equipment corresponding to the key certificate index, and if not, the signature verification process is finished;
the XPC service receives a second state code sent by the intelligent card equipment corresponding to the key certificate index, and judges whether to continue signing operation according to the second state code;
if so, the XPC service generates a third signature request and sends the third signature request to the intelligent card equipment corresponding to the key certificate index, otherwise, the signature verification process is finished;
the XPC service receives a third status code sent by the intelligent card equipment corresponding to the key certificate index, and judges whether the signature operation is successful according to the third status code;
if the signature operation is successful, the XPC service sends a signature value in a signature operation result to the smart card extended service;
otherwise, the XPC service sends the signature failure information to the smart card expansion service.
10. An application registering device for a smart card certificate, the device comprising a certificate reading unit and a signature verification unit:
the certificate reading unit comprises a first processing module, a second processing module, a third processing module and a fourth processing module;
the first processing module is used for starting the XPC service by the intelligent card extended service and sending a certificate reading instruction to the XPC service after the intelligent card extended service is started by a system of the terminal when the intelligent card equipment is accessed to the terminal;
the second processing module is used for traversing the smart card equipment inserted into the USB slot of the terminal by the XPC service to obtain the smart card equipment meeting the preset condition;
the third processing module is used for reading the certificate information in the smart card equipment meeting the preset conditions through a drive library by the XPC service and sending the certificate information to the smart card extended service;
the fourth processing module is configured to obtain a certificate object, a key pair object, and a key certificate index according to the certificate information, and store instance data of the certificate object and instance data of the key pair object in a location corresponding to the key certificate index in a key chain unit by the smart card expansion service;
the verification signature unit comprises a fifth processing module, a sixth processing module, a seventh processing module and an eighth processing module;
the fifth processing module is configured to receive an operation request by the smart card extension service and send the operation request to the XPC service;
the sixth processing module is configured to obtain, by the XPC service, a key certificate index in the operation request, and interact with the smart card device corresponding to the key certificate index through the driver library;
the seventh processing module is configured to obtain, by the XPC service, the instance data of the certificate object and the instance data of the key pair object from a position corresponding to the key certificate index in a key chain unit;
and the eighth processing module is configured to perform verification signature processing on the smart card device by using the instance data of the certificate object and the instance data of the key pair object by the XPC service, and send a processing result to the smart card extension service.
11. A computer readable storage medium, comprising a computer program which, when run on an apple device, causes the apple device to perform the method of any of claims 1 to 9.
12. A chip system comprising a chip coupled to a memory for executing a computer program stored in the memory to perform the method of any of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310138962.2A CN115913579B (en) | 2023-02-21 | 2023-02-21 | Registration application method and device for smart card certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310138962.2A CN115913579B (en) | 2023-02-21 | 2023-02-21 | Registration application method and device for smart card certificate |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115913579A true CN115913579A (en) | 2023-04-04 |
| CN115913579B CN115913579B (en) | 2023-06-13 |
Family
ID=86483539
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310138962.2A Active CN115913579B (en) | 2023-02-21 | 2023-02-21 | Registration application method and device for smart card certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115913579B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117528519A (en) * | 2024-01-04 | 2024-02-06 | 飞天诚信科技股份有限公司 | Method and device for realizing expansion of smart card |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101938520A (en) * | 2010-09-07 | 2011-01-05 | 中兴通讯股份有限公司 | Mobile terminal signature-based remote payment system and method |
| CN104102507A (en) * | 2014-06-24 | 2014-10-15 | 飞天诚信科技股份有限公司 | Method for extending JavaCard application functions |
| CN105827655A (en) * | 2016-05-27 | 2016-08-03 | 飞天诚信科技股份有限公司 | Intelligent key equipment and work method thereof |
| WO2016177052A1 (en) * | 2015-08-21 | 2016-11-10 | 中兴通讯股份有限公司 | User authentication method and apparatus |
| CN106464729A (en) * | 2014-05-30 | 2017-02-22 | 苹果公司 | Proxied push |
| US10248797B1 (en) * | 2016-06-30 | 2019-04-02 | Symantec Corporation | Systems and methods for zero-day DLP protection having enhanced file upload processing |
| US10824536B1 (en) * | 2019-05-31 | 2020-11-03 | Apple Inc. | Clustering techniques for third party application data |
| CN112035272A (en) * | 2019-06-03 | 2020-12-04 | 华为技术有限公司 | Method and device for interprocess communication and computer equipment |
-
2023
- 2023-02-21 CN CN202310138962.2A patent/CN115913579B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101938520A (en) * | 2010-09-07 | 2011-01-05 | 中兴通讯股份有限公司 | Mobile terminal signature-based remote payment system and method |
| CN106464729A (en) * | 2014-05-30 | 2017-02-22 | 苹果公司 | Proxied push |
| CN104102507A (en) * | 2014-06-24 | 2014-10-15 | 飞天诚信科技股份有限公司 | Method for extending JavaCard application functions |
| WO2016177052A1 (en) * | 2015-08-21 | 2016-11-10 | 中兴通讯股份有限公司 | User authentication method and apparatus |
| CN105827655A (en) * | 2016-05-27 | 2016-08-03 | 飞天诚信科技股份有限公司 | Intelligent key equipment and work method thereof |
| US10248797B1 (en) * | 2016-06-30 | 2019-04-02 | Symantec Corporation | Systems and methods for zero-day DLP protection having enhanced file upload processing |
| US10824536B1 (en) * | 2019-05-31 | 2020-11-03 | Apple Inc. | Clustering techniques for third party application data |
| CN112035272A (en) * | 2019-06-03 | 2020-12-04 | 华为技术有限公司 | Method and device for interprocess communication and computer equipment |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117528519A (en) * | 2024-01-04 | 2024-02-06 | 飞天诚信科技股份有限公司 | Method and device for realizing expansion of smart card |
| CN117528519B (en) * | 2024-01-04 | 2024-03-08 | 飞天诚信科技股份有限公司 | Method and device for realizing expansion of smart card |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115913579B (en) | 2023-06-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3648396B1 (en) | Maintenance system and maintenance method | |
| JP7277270B2 (en) | Personalization of Integrated Circuits Generated with Embedded Root of Trust Secrets | |
| CN103546289A (en) | USB (universal serial bus) Key based secure data transmission method and system | |
| CN109690543B (en) | Security authentication method, integrated circuit and system | |
| CN111475815A (en) | Code protection method for chip | |
| EP4024311A1 (en) | Method and apparatus for authenticating biometric payment device, computer device and storage medium | |
| CN115913579B (en) | Registration application method and device for smart card certificate | |
| CN111062059B (en) | Method and device for service processing | |
| CN117081736A (en) | Key distribution method, key distribution device, communication method, and communication device | |
| CN112989316B (en) | ADB authorization authentication method and system | |
| US11750391B2 (en) | System and method for performing a secure online and offline login process | |
| CN109474431B (en) | Client authentication method and computer readable storage medium | |
| CN111970117A (en) | Certificate downloading method, device and equipment | |
| CN114692120B (en) | National password authentication method, virtual machine, terminal equipment, system and storage medium | |
| CN117063174A (en) | Security module and method for inter-app trust through app-based identity | |
| CN115242480A (en) | Device access method, system and non-volatile computer storage medium | |
| CN115883091A (en) | Client authentication method, device, equipment and storage medium | |
| US8447984B1 (en) | Authentication system and method for operating the same | |
| CN113343203A (en) | Digital car key processing method, equipment and platform system | |
| CN111246480A (en) | Application communication method, system, equipment and storage medium based on SIM card | |
| CN107862209B (en) | File encryption and decryption method, mobile terminal and device with storage function | |
| CN111079109A (en) | Local security authorization login method and system compatible with multiple browsers | |
| CN114760628B (en) | Terminal safety access method for railway broadband trunking communication system | |
| CN115174577B (en) | Resource access method, device, equipment and storage medium | |
| CN116566744B (en) | Data processing method and security verification system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |