CN115913579B - Registration application method and device for smart card certificate - Google Patents
Registration application method and device for smart card certificate Download PDFInfo
- Publication number
- CN115913579B CN115913579B CN202310138962.2A CN202310138962A CN115913579B CN 115913579 B CN115913579 B CN 115913579B CN 202310138962 A CN202310138962 A CN 202310138962A CN 115913579 B CN115913579 B CN 115913579B
- Authority
- CN
- China
- Prior art keywords
- certificate
- service
- smart card
- xpc
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The application relates to a registration application method and device of a smart card certificate, which comprises the steps that a smart card expansion service sends a certificate reading instruction to an XPC service, the XPC service reads certificate information in smart card equipment through a driving library, the smart card expansion service sends an operation request to the XPC service, the XPC service acquires a key certificate index in the operation request, the driving library interacts with smart card equipment corresponding to the key certificate index, data to be processed acquired from the smart card equipment are processed, and a processing result is sent to the smart card expansion service.
Description
Technical Field
The present invention relates to the field of smart card applications, and in particular, to a method and apparatus for registering and applying a smart card certificate.
Background
In the prior art, token technology is generally used for realizing authorized access, and signing, signature verification and other operations are performed through token equipment. The Mac system starts to default after version 10.15 and no longer supports the token technology, and how to realize authorized access without the token technology is a technical problem to be solved in the present day.
Disclosure of Invention
The embodiment of the application provides a registration application method and device of a smart card certificate. The technical scheme is as follows:
in a first aspect, the present application provides a method for registering and applying a smart card certificate, where the method includes a certificate reading process and a signature verification process;
the certificate reading flow comprises the following steps:
the method comprises the steps that intelligent card equipment is accessed to a terminal, a system of the terminal starts intelligent card expansion service, and after the intelligent card expansion service starts XPC service, a certificate reading instruction is sent to the XPC service;
the XPC service traverses the intelligent card equipment inserted in the USB slot of the terminal to obtain the intelligent card equipment meeting the preset condition;
the XPC service reads the certificate information in the intelligent card equipment meeting the preset conditions through a driving library and sends the certificate information to the intelligent card expansion service;
The smart card expansion service obtains a certificate object, a key pair object and a key certificate index according to the certificate information, and stores the instance data of the certificate object and the instance data of the key pair object to a position corresponding to the key certificate index in a key chain unit;
the signature verification process comprises the following steps:
the intelligent card expansion service receives an operation request and sends the operation request to the XPC service;
the XPC service acquires a key certificate index in the operation request and interacts with smart card equipment corresponding to the key certificate index through the drive library;
the XPC service obtains the instance data of the certificate object and the instance data of the key pair object from the position corresponding to the key certificate index in the key chain unit;
and the XPC service performs verification signature processing on the smart card device by using the instance data of the certificate object and the instance data of the key pair object, and sends a processing result to the smart card expansion service.
In a second aspect, the present application provides a device for registering and applying a smart card certificate, wherein the device includes a certificate reading unit and a verification signature unit:
The certificate reading unit comprises a first processing module, a second processing module, a third processing module and a fourth processing module;
the first processing module is used for accessing the intelligent card equipment into the terminal, a system of the terminal starts intelligent card expansion service, and after the intelligent card expansion service starts XPC service, a certificate reading instruction is sent to the XPC service;
the second processing module is configured to traverse the smart card device inserted in the USB slot of the terminal by using the XPC service, to obtain a smart card device that meets a preset condition;
the third processing module is configured to read, by using the driver library, certificate information in the smart card device that meets a preset condition, and send the certificate information to the smart card extension service;
the fourth processing module is configured to obtain a certificate object, a key pair object and a key certificate index according to the certificate information by using the smart card extension service, and store the instance data of the certificate object and the instance data of the key pair object to a location corresponding to the key certificate index in a key chain unit;
the signature verification unit comprises a fifth processing module, a sixth processing module, a seventh processing module and an eighth processing module;
The fifth processing module is configured to receive an operation request by the smart card extension service, and send the operation request to the XPC service;
the sixth processing module is configured to obtain a key certificate index in the operation request by using the XPC service, and interact with a smart card device corresponding to the key certificate index through the driver library;
the seventh processing module is configured to obtain, by the XPC service, instance data of the certificate object and instance data of the key pair object from a location corresponding to the key certificate index in a key chain unit;
the eighth processing module is configured to perform verification signature processing on the smart card device by using the instance data of the certificate object and the instance data of the key pair object by using the XPC service, and send a processing result to the smart card extension service.
In a third aspect, the present application provides a computer readable storage medium comprising a computer program which, when run on an apple apparatus, causes the apple apparatus to perform the method as described in the first aspect above.
In a fourth aspect, the present application provides a chip system comprising a chip coupled to a memory for executing a computer program stored in the memory for performing the method of the first aspect.
The beneficial effects that this application provided technical scheme brought include at least: the method solves the problem that the Mac system can not support the token technology after version 10.15 and cannot carry out authentication and authorization of the smart card any more by default, realizes that the Mac system can realize the authorized access of the smart card without using the token technology after version 10.15, supports a plurality of smart card devices, and can carry out identity authentication and signature verification on one certificate in one smart card device when each smart card device has a plurality of certificates.
Drawings
Fig. 1 is a flowchart of a method for registering and applying a smart card certificate according to a first embodiment of the present invention;
fig. 2 is a flowchart of a method for registering and applying a smart card certificate according to a first embodiment of the present invention;
fig. 3 is a flowchart of a method for registering and applying a smart card certificate according to a second embodiment of the present invention;
fig. 4 is a flowchart of a method for registering and applying a smart card certificate according to a second embodiment of the present invention;
fig. 5 is a flowchart of a method for registering and applying a smart card certificate according to a second embodiment of the present invention;
fig. 6 is a flowchart of a method for registering and applying a smart card certificate according to a third embodiment of the present invention;
Fig. 7 is a flowchart of a method for registering and applying a smart card certificate according to a third embodiment of the present invention;
fig. 8 is a flowchart of a method for registering and applying a smart card certificate according to a third embodiment of the present invention;
fig. 9 is a block diagram of a device for registering and applying a smart card certificate according to a fourth embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
The first embodiment of the invention provides a method for registering and applying a smart card certificate, as shown in fig. 1-2, the method of the embodiment comprises a certificate reading flow S1 and a signature verification flow S2;
the certificate reading flow S1 includes:
s11, when the intelligent card equipment is accessed to the terminal, a system of the terminal starts intelligent card expansion service, and after the intelligent card expansion service starts XPC service, a certificate reading instruction is sent to the XPC service;
It should be appreciated that XPC service is an interprocess communication service in the MAC OS, a bundle under the Contents/XPCServices directory of the host application bundle.
S12, traversing the inserted intelligent card equipment in the USB slot of the terminal by the XPC service to obtain the intelligent card equipment meeting the preset condition;
s13, the XPC service reads certificate information in the intelligent card equipment meeting preset conditions through a driving library and sends the certificate information to the intelligent card expansion service;
s14, the smart card expansion service obtains a certificate object, a key pair object and a key certificate index according to the certificate information, and stores the instance data of the certificate object and the instance data of the key pair object to the corresponding position of the key certificate index in the key chain unit.
The verification signature process S2 includes:
s21, the intelligent card expansion service receives the operation request and sends the operation request to the XPC service.
S22, the XPC service acquires the key certificate index in the operation request and interacts with the intelligent card equipment corresponding to the key certificate index through the driving library.
S23, the XPC service acquires the instance data of the certificate object and the instance data of the key pair object from the position corresponding to the key certificate index in the key chain unit.
S24, the XPC service performs verification signature processing on the smart card device by using the instance data of the certificate object and the instance data of the key pair object, and sends the processing result to the smart card expansion service.
Based on the above embodiment, further, the certificate reading flow S1 further includes:
the system runs a preset script to install a smart card driver installation package so that the smart card extension application is installed in an application program catalog of the system, and issues permission to the smart card extension application;
the intelligent card expansion application comprises intelligent card expansion service, wherein the intelligent card expansion service comprises XPC service and a driving library for realizing interaction between the XPC service and intelligent card equipment.
Based on the above embodiment, further, step S12 specifically includes:
the XPC service traverses the USB slot of the terminal to obtain the number of the accessed intelligent card devices;
the XPC service judges whether the number of the intelligent card devices which are accessed is zero;
if not, the XPC service reads the VID and PID of the accessed intelligent card equipment;
VID refers to Vendor ID, PID refers to Product ID.
Judging whether the VID of the accessed intelligent card device accords with a preset VID and/or whether the PID of the accessed intelligent card device accords with a preset PID;
If yes, the intelligent card equipment is intelligent card equipment meeting preset conditions;
if not, ending the certificate reading flow;
if the number of the accessed smart card devices is zero, ending the certificate reading flow.
Based on the above embodiment, further, step S13 specifically includes:
the XPC service reads a first preset storage area of the intelligent card equipment meeting preset conditions through a drive library to obtain a start bit and offset of certificate data storage;
and reading a second preset storage area of the intelligent card equipment according to the start bit and the offset of the certificate data storage to obtain the certificate information of the intelligent card equipment.
Based on the above embodiment, further, step S14 specifically includes:
the smart card expansion service converts the certificate data in the certificate information into instance data of a certificate object, and sets the attribute of the key pair object after creating the instance data of the key pair object according to the certificate object;
after obtaining the certificate index and the key index from the certificate information, the smart card expansion service obtains the key certificate index according to the certificate index and the key index;
the smart card expansion service stores the instance data of the certificate object and the instance data of the key pair object into a key chain instance;
The smart card extension service encapsulates the keychain instance into a keychain element corresponding to the key certificate index.
Based on the above embodiment, further, when the smart card extension service receives that the operation request is an authentication request, the authentication signature process S2 includes:
s21, the intelligent card expansion service receives the identity verification request and sends the identity verification request to the XPC service;
s22, the XPC service acquires a key certificate index in the identity verification request and a PIN code input by a user, and interacts with intelligent card equipment corresponding to the key certificate index through a driving library;
s23, XPC service obtains the example data of the certificate object and the example data of the key pair object from the position corresponding to the key certificate index in the key chain unit;
s24, the XPC service uses the secret key to carry out identity verification on the smart card device corresponding to the secret key certificate index by utilizing the instance data and the PIN code of the secret key pair object, and sends the verification result to the smart card expansion service.
Based on the above embodiment, further, S24 specifically includes:
the XPC service sends a random number acquisition instruction to the intelligent card equipment corresponding to the key certificate index;
the XPC service receives the random number returned by the intelligent card equipment corresponding to the key certificate index, and carries out exclusive-OR operation on the PIN code and the random number to obtain an exclusive-OR result;
The XPC service encrypts the exclusive-or result by using a public key in the instance data of the object to obtain a first encryption result;
the XPC service generates a verification instruction according to the first encryption result and sends the verification instruction to the intelligent card equipment corresponding to the key certificate index;
the XPC service receives the identity verification result of the intelligent card equipment corresponding to the key certificate index and sends the identity verification result to the intelligent card expansion service;
if the verification information received by the smart card expansion service is verification success information, the smart card equipment corresponding to the key certificate index is set to pass identity authentication;
otherwise, the verification fails and login is not allowed.
Based on the above embodiment, further, when the smart card extension service receives that the operation request is a signature request, the verification signature process S2 includes:
s25, the smart card expansion service receives the signature request and sends the signature request to the XPC service;
s26, the XPC service acquires a key certificate index in the signature request, and acquires data to be signed in the intelligent card equipment corresponding to the key certificate index through a driving library;
s27, the XPC service acquires instance data of a certificate object of the intelligent card device corresponding to the key certificate index from a position corresponding to the key certificate index in the key chain unit;
S28, the XPC service calls a driving library, performs signature operation on the data to be signed by using the instance data of the certificate object, and sends the signature data to the smart card extension service.
Based on the above embodiment, further, S28 includes:
the XPC service obtains a certificate index from the key certificate index, generates a first signature request through secure environment management by using the certificate index and a signature algorithm index in a drive library, and sends the first signature request to smart card equipment corresponding to the key certificate index through the drive library;
the XPC service receives a first status code sent by the smart card device corresponding to the key certificate index, and judges whether to continue the signature operation according to the first status code;
if yes, the XPC service generates a second signature request according to the data to be signed and sends the second signature request to the intelligent card equipment corresponding to the key certificate index, otherwise, the signature process is ended;
the XPC service receives a second status code sent by the smart card device corresponding to the key certificate index and judges whether to continue the signature operation according to the second status code;
if yes, the XPC service generates a third signature request and sends the third signature request to the intelligent card equipment corresponding to the key certificate index, otherwise, the signature process is ended;
the XPC service receives a third status code sent by the smart card device corresponding to the key certificate index and judges whether signature operation is successful or not according to the third status code;
If successful, the XPC service sends the signature value in the signature operation result to the smart card extension service;
otherwise, the XPC service sends signature failure information to the smart card extension service.
The registration application method of the smart card certificate solves the problem that the Mac system can not support the token technology after the version 10.15 and cannot carry out authentication and authorization of the smart card, realizes that the Mac system can realize the authorized access of the smart card without the token technology after the version 10.15, supports a plurality of smart card devices, and carries out identity authentication and signature verification on one certificate in one smart card device when a plurality of certificates exist in each smart card device.
Example two
The second embodiment of the present invention provides a method for registering and applying a smart card certificate, as shown in fig. 3-5, the method of the present embodiment includes a certificate reading process S100, an identity verification process S200, and a signature process S300;
the certificate reading process S100 specifically includes:
s110, when the system runs the smart card extension application for the first time, loading the smart card extension service in the smart card extension application, and loading the XPC server by the smart card extension service.
In the present application, XPC Sever is XPC service and XPC Client is XPC Client. The intelligent card extension application is installed into an application program catalog of the system through a system running intelligent card drive installation package, and the intelligent card extension service comprises XPC service and a drive library for realizing interaction between the XPC service and intelligent card equipment.
S120, when the system detects that the intelligent card device is inserted, starting intelligent card expansion service, and starting XPC server by the intelligent card expansion service, and judging whether XPC Client is created.
If so, executing step S130;
otherwise, creating XPC Client, binding XPC Client and XPC Server, loading the driving library, executing step S130.
Specifically, the XPC Client is connected through an XPC Server name and an XPC Server, and specifies specific interfaces and protocols.
S130, the intelligent card expansion service sends a certificate reading command to the XPC Server through the XPC Client.
S140, the XPC Server receives a certificate reading command and traverses the USB slot to obtain the number of the inserted intelligent card devices;
for example, the smart card device described in the present application is not limited to a smart card terminal including a built-in smart card chip, but may be a smart card or the like.
S150, reading the VID and PID of all the inserted intelligent card devices when the XPC Server reads that the number of the inserted intelligent card devices is not zero, judging whether the VID of the inserted intelligent card devices accords with a preset VID, and/or judging whether the PID of the inserted intelligent card devices accords with the preset PID;
if yes, go to step S160; otherwise, ending the certificate reading flow.
S160, the XPC Server reads the certificate information in each intelligent card device through the drive library and sends all the read certificate information to the XPC Client.
S170, the smart card expansion service receives all the certificate information through the XPC Client, converts each certificate information into a corresponding certificate object, creates a corresponding key pair object according to the certificate object, and packages the instance data of the certificate object and the instance data of the key pair object corresponding to the certificate object into a position corresponding to the key certificate index in the key chain unit.
S170, specifically comprising the following steps:
s171, the intelligent card expansion service receives all certificate information through XPC Client;
s172, the smart card expansion service converts the certificate data in each certificate information into instance data of a corresponding certificate object;
s173, after the smart card expansion service creates the corresponding instance data of the key pair object according to each certificate object, the attribute of the key pair object is set;
specifically, the smart card extension service may set the signature attribute of the key to the instance data of the object to true, and require identity authentication every time a signing operation is performed.
S174, the smart card expansion service obtains a certificate index and a key index of the certificate information from each piece of certificate information, and then obtains the key certificate index corresponding to the certificate information according to the certificate index and the key index;
Specifically, the certificate index field and the key index field may be written into the key certificate index field according to a preset rule.
S175, the smart card expansion service stores the instance data of each certificate object and the instance data of the key pair object into the corresponding key chain instance.
S176, the smart card extension service encapsulates each keychain instance into a location in the keychain unit corresponding to the key certificate index.
The authentication flow S200 includes:
s210, the system receives an SSL request sent by a client, prompts a user to select a certificate for identity verification, receives the certificate to be subjected to identity verification selected by the user, and informs the smart card expansion service user of a key certificate index of the certificate to be subjected to identity verification;
wherein the SSL request is a Secure Sockets Layer request.
S220, the system prompts the user to input the PIN code, waits for receiving the PIN code input by the user and the input completion confirmation information, and notifies the intelligent card expansion service user of the input PIN code after receiving the input completion confirmation information.
S230, the smart card extension service sends a verification command to the XPC Server through the XPC Client, and sends the PIN code and the key certificate index input by the user to the XPCServer.
S240, the XPC Server acquires the instance data of the certificate object and the instance data of the key pair object from the position corresponding to the key certificate index in the key chain unit;
s250, the XPC Server uses the secret key to carry out identity verification on the smart card equipment corresponding to the secret key certificate index by utilizing the instance data and the PIN code of the secret key pair object, and sends the verification result to the smart card expansion service.
The step S250 specifically includes:
s251, the XPC Server sends a random number acquisition instruction to the intelligent card equipment corresponding to the key certificate index;
s252, the XPC Server receives the random number returned by the smart card device, and performs exclusive OR operation on the received PIN code and the random number to obtain an exclusive OR result;
s253, the XPC Server acquires a key index in the key certificate index, encrypts an exclusive-or result by using a key to obtain a first encryption result;
s244, the XPC Server generates a verification instruction according to the first encryption result and sends the verification instruction to the intelligent card equipment corresponding to the key certificate index;
s245, after the smart card device receives the verification instruction, decrypting a first encryption result in the verification instruction by using a token private key in the instance data of the object by using the secret key;
S246, the smart card device generates a verification password according to the decryption result and the stored random number, and judges whether the verification password is the same as the stored PIN code;
if the PIN code verification success information is the same, the intelligent card equipment returns the PIN code verification success information to the XPC Server;
otherwise, the intelligent card equipment returns PIN code verification failure information to the XPC Server;
the XPC Server returns a verification result to the XPC Client;
s250, the smart card expansion service receives a verification result through the XPC Client;
if the received verification success information is received, setting that the intelligent card equipment passes the identity authentication;
if the verification failure information is received, sending verification failure prompt information, and ending the verification flow.
The signature process S300 includes:
s310, the smart card expansion service receives the signature request and sends the signature request to an XPC Server through an XPC Client;
s320, the XPC Server acquires a key certificate index in the signature request, and acquires data to be signed in the intelligent card equipment corresponding to the key certificate index through a drive library;
s330, the XPC Server acquires the instance data of the certificate object of the intelligent card device corresponding to the key certificate index from the position corresponding to the key certificate index in the key chain unit;
s340, the XPC Server calls a driving library, performs signature operation on the data to be signed by using the instance data of the certificate object, and sends the signature data to the smart card extension service.
Specifically, step S340 includes:
s341, the XPC Server obtains a certificate index from the key certificate index, generates a first signature request through secure environment management by using the certificate index and a signature algorithm index in a driving library, and sends the first signature request to smart card equipment corresponding to the key certificate index through the driving library;
s342, the smart card device receives and analyzes the first signature request, and sets a signature algorithm and a signature key according to the signature algorithm identifier and the certificate data identifier;
if the setting is successful, returning a successful first state code to the XPC Server, and if the setting is failed, returning an error first state code to the XPC Server;
s343, the XPC Server judges whether to continue the signature operation according to the first status code returned by the intelligent card;
if so, the XPC Server generates a second signature request according to the data to be signed and sends the second signature request to the intelligent card equipment, and the step S334 is executed;
otherwise, ending the signature flow.
For example, XPC services interact with smart card devices through a driver library.
S344, the smart card device receives the second signature request, analyzes the second signature request to obtain data to be signed, and performs hash calculation on the data to be signed;
if the calculation is successful, the hash result obtained by calculation is stored, and a successful second state code is returned to the XPC Server;
If the calculation fails, returning an error second state code to the XPC Server;
s345, the XPC Server judges whether to continue the signature operation according to the second status code returned by the intelligent card equipment;
if yes, the XPC Server generates a third signature request and sends the third signature request to the XPC Client, and the XPC Client sends the third signature request to the intelligent card equipment through the drive library;
otherwise, ending the signature flow.
S345, when the smart card device receives the third signature request, the stored hash result is signed by using a signature key in the instance data of the certificate object according to the set signature algorithm to obtain a signature value;
if the signature is successful, returning a successful third status code and signature value to the XPC Server;
if the signature fails, returning an error third status code to the XPC Server.
S346, the XPC Server judges whether the signature operation is successful or not according to the signature operation result;
if successful, the XPC Server sends the signature value in the received signature operation result to the XPC Client;
otherwise, the XPC Server sends signature failure to the XPC Client.
S347, the smart card extension service receives the signature result through the XPC Client.
The registration application method of the smart card certificate solves the problem that the Mac system can not support the token technology after the version 10.15 and cannot carry out authentication and authorization of the smart card, realizes that the Mac system can realize the authorized access of the smart card without the token technology after the version 10.15, supports a plurality of smart card devices, and carries out identity authentication and signature verification on one certificate in one smart card device when a plurality of certificates exist in each smart card device.
Example III
The third embodiment of the invention provides a method for registering and applying a smart card certificate, as shown in fig. 6-8, the method of the embodiment comprises a certificate reading flow, an identity verification flow and a signature flow;
the credential reading process 100 includes:
110. when the smart card driver installation package is installed in the system, the system runs a preset script to enable the smart card extension application to be installed in an application program catalog of the system, and issues rights to the smart card extension application.
The intelligent card expansion application comprises intelligent card expansion service, wherein the intelligent card expansion service comprises XPC service and a driving library for realizing interaction between the XPC service and intelligent card equipment.
The preset script is as follows:
cp -rf /tmp/FTSmartToken.app /Applications/
sudo chown -R root:wheel /Applications/FTSmartToken.app
sudo open /Applications/FTSmartToken.app
rm -rf /tmp/FTSmartToken.app
wherein ftsmarttoken.app is a smart card extension application name.
120. When the system runs the intelligent card expansion application for the first time, the system loads intelligent card expansion service, and the intelligent card expansion service loads XPC server;
130. when the system detects that the intelligent card device is inserted, starting an intelligent card expansion service, and starting an XPC (XPC Sever) by the intelligent card expansion service;
140. the intelligent card expansion service judges whether XPC Client is created;
if so, execute step 150;
otherwise, creating XPC Client, binding XPC Client and XPC Server, loading drive library, executing step 150.
Specifically, the XPC Client and the XPC Server are connected, and specific interfaces and protocols are specified, and the XPC Client and the XPC Server can be connected through functions.
For example:
xpcConnect=[[NSXPCConnectionalloc]initWithServiceName:@"com.ftsafe.FTSmartTokenXPC"];
NSXPCInterface*remoteInterface=[NSXPCInterfaceinterfaceWithProtocol:@protocol(FTSmartTokenXPCProtocol)];
the XPC Server name is connected with the XPC Server through the function initWithServiceName, and the specific interface and protocol of the interface are set through the function NSXPCIterface surface ACEWithProtocol.
150. The smart card extension service sends a certificate reading command to the XPC Server through the XPC Client.
The read certificate command sent is as follows:
[[xpcConnect remoteObjectProxy] SendCmd:@"ReadCert"WithObject:@{} WithReply:relpy];
160. the XPC Server receives the certificate reading command and traverses the USB slot to obtain the number of inserted intelligent cards;
170. when the number of the inserted intelligent card devices is not zero, the XPC Server reads the VIDs and the PIDs of all the inserted intelligent cards, judges whether the VIDs of the inserted intelligent cards accord with the preset VIDs or not, and/or judges whether the PIDs of the inserted intelligent card devices accord with the preset PIDs or not;
if yes, go to step 180.
Otherwise, the reading process is ended.
180. And the XPC Server reads certificate information in all intelligent card devices conforming to the preset information through the drive library.
The preset information refers to a preset VID and/or a preset PID.
190. And the XPC Server sends the read certificate information of all the intelligent card devices to the XPC Client.
200. The smart card extension service receives all certificate information through the XPC Client.
For example, one of the certificate information is as follows:
-----BEGIN CERTIFICATE-----
MIIDBDCCAeygAwIBAgIQd2UlWuJrlY1EpHI+eykhjzANBgkqhkiG9w0BAQUFADAS
MRAwDgYDVQQDEwdoZXlhbGVpMCAXDTE0MDMyMzA2MTgyNFoYDzIxMTQwMjI3MDYx
ODI0WjASMRAwDgYDVQQDEwdoZXlhbGVpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAqiQYFJAGUqYLNdzFONS46Vmzc1VWvaaQEsUrII+51hxlGQDXLmhz
/R9jITCDiRj9vxj+j4pVDoU+sQxgq6LuYySB37IJy4qDH4YV+H2yEiOh0e6howso
vwC1ERjji8zAa7H/t1eVVcSqL2DwY+gFD7+YqkK0z49pYTX2ZPmvPT2K6EfzUBwP
uCIRawKLBtfJw5eOKSOw68T/N54GBQZKPMErzwaa1WyP/GyHvmkkAfo5/OJcCGKg
9IiQw0wZLShrAzgyGdUJG5mIF8iPBq2CHPW+esyODUZ14mZDc6CFZS6nIfsFUp7/
9p/a7ysdTtX64QA84Vbe0II5xgMOYe6tQQIDAQABo1QwUjAVBgNVHSUEDjAMBgor
BgEEAYI3CgMEMC4GA1UdEQQnMCWgIwYKKwYBBAGCNxQCA6AVDBNoZXlhbGVpQGhl
eWFsZWktUEMAMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAAMdszXXXaqH
ZA6XhxayomUTNHgDw4WxQDqCKQAXGIcvRw+8YE7SJShaSFhlT6FB6tdulreN+D21
ExltCuStwYYPUf3b1EvbeS2vNMxHy1nPjhBGU5cZhH9eG+0P0APOnktN+V0ayYo3
6ksRNE6+EPII1mzMERm5hwmXh0TEEe5S6U3AiSAvPSxecfRIGIt6gn0RQ1hUrV0C
HkbWP0pgBJ2hQkjTbc/UvqG+Uoheb9CYSWxL81uANDwiod5JvmVev9CcDxnIsTRr
FB0hk4Nf3Vr0quFOEKHysTZ+qmQ+DLmQ7BGZ7P8s1bgd1ki3W7Cvo0Ww43kO/RJt
DWT2Xl8V4n8=
-----END CERTIFICATE-----
220. the smart card extension service converts each piece of certificate information into a corresponding certificate object, creates a corresponding key pair object according to the certificate object, and encapsulates instance data of the certificate object and instance data of the key pair object corresponding to the certificate object into a position corresponding to a key certificate index in a key chain unit TKTokenKeyKeyChainItem.
Step 220 specifically includes the following steps:
221. the smart card expansion service converts the certificate data in the certificate information into instance data of a certificate object;
222. the smart card expansion service creates an instance data keyItem of a key pair object TKTokenKeyKeyChainKey corresponding to the instance data certItem of the certificate object according to the certificate object, the certificate index certification ID and the key index keyItemID;
223. the smart card expansion service sets the signature attribute of the key pair object instance data keyItem to be true, and identity authentication is required for each signing operation;
specifically, the signature attribute of the instance data keyItem of the key pair object is set to true by the attribute canSign of the key pair object tktokinkeychainkey.
224. After obtaining the certificate index and the key index from the certificate information, the smart card expansion service obtains the key certificate index according to the certificate index and the key index;
specifically, the key certificate index may be a character string, and the certificate index and the key index are respectively placed at preset positions in the character string.
225. The smart card extension service creates an instance array keyhain item of the key pair object tktokenkeychain item, and adds instance data keyItem of the key pair object and instance data cert item of the certificate object to instance data keyhain item of the keychain instance.
Specifically, keychain instances are created by NSMutableArray < TKTokenKeychainItem x >. Keychainitem= [ NSMutableArray array ].
For example, the currently supported encryption algorithm is a rsa encryption algorithm, which stores the rsa type key pair object instance data keyItem and the certificate object instance data certeitem into the keychain instance TKTokenKeychainItem instance data keyhainitem.
226. The smart card extension service encapsulates the keychain object tktokinkeychainitem into a location corresponding to the key certificate index in the keychain unit tktokinkeychaincontents.
Specifically, the fillwith items of the keychain unit tktokinkeychaincontents are called: TKTokenKeychainItem is packaged into a system keychain unit TKTokenKeychainContents.
The authentication flow 300 includes:
310. the system receives SSL request sent by the client, prompts the user to select the certificate for identity verification, receives the certificate for identity verification selected by the user, and informs the smart card expansion service user of the number of the certificate for identity verification;
the system prompts the user to input the PIN code, waits for receiving the PIN code input by the user and the input completion confirmation information, and notifies the intelligent card expansion service user of the PIN code input after receiving the input completion confirmation information;
320. the intelligent card expansion service obtains the corresponding key certificate index according to the number of the certificate selected by the user, sends the verification command to the XPC Server through the XPC Client, and sends the PIN code and the key certificate index input by the user to the XPC Server.
For example, the transmitted authentication command is as follows:
[[xpcConnect remoteObjectProxy] SendCmd:@"LOGIN"
WithObject:@{@"PASSWD":cipherData}WithReply:relpy];
330. and the XPC Server performs identity verification on the intelligent card equipment corresponding to the key certificate index through the driving library, and returns a verification result to the XPC Client.
Step 330 specifically includes:
331. the XPC Server sends a random number acquisition instruction to the corresponding intelligent card equipment;
332. the XPC Server receives the random number returned by the intelligent card device, and carries out exclusive-OR operation on the received PIN code and the random number to obtain an exclusive-OR result;
333. The XPC Server service encrypts the exclusive-or result by using the public key in the key chain unit corresponding to the key certificate index to obtain a first encryption result;
334. the XPC Server generates a verification instruction according to the first encryption result and sends the verification instruction to the corresponding intelligent card equipment;
335. after the smart card device receives the verification instruction, decrypting the first encryption result in the verification instruction by using the stored token private key;
336. the smart card device generates a verification password according to the decryption result and the stored random number, and judges whether the verification password is identical to the stored PIN code;
if the PIN code verification success information is the same, the intelligent card equipment returns the PIN code verification success information to the XPC Server;
otherwise, the intelligent card equipment returns PIN code verification failure information to the XPC Server;
the XPC Server returns a verification result to the XPC Client;
360. after the intelligent card expansion service receives the verification result through the XPC Client, corresponding operation is carried out;
if the verification information received by the smart card expansion service is verification success information, setting that the smart card equipment passes identity authentication;
otherwise, the verification fails and login is not allowed.
The signature process 400 includes:
410. the intelligent card expansion service sends a signature request to an XPC Server through an XPC Client;
For example, a transmitted signature request command:
[[xpcConnect remoteObjectProxy] SendCmd:@"SIGN"
WithObject:@{@"KID":[NSNumber numberWithInt:itemID], @"SIGNDATA":pData}WithReply:relpy];
420. the XPC Server obtains the data to be signed of the intelligent card equipment corresponding to the key certificate index in the signing request through the driving library, and obtains the instance data of the certificate object of the intelligent card equipment from the key chain unit;
specifically, a key chain object tktokenischainitem stored in a key chain unit tktokenischainsi is obtained according to the read key certificate index keyObjectID, then a certificate index certification id is obtained through the key certificate index keyObjectID, and example data certItem of a certificate object corresponding to the certificate index certification id is found from the key chain object tktokenischainsi.
430. The XPC Server calls a driving library, performs signature operation on the data to be signed by using the instance data of the certificate object, and sends the signature data to the XPC Client after the signature operation is completed, and the intelligent card expansion service acquires the signature data through the XPC Client.
Specifically, step 430 includes:
431. the XPC Server obtains a certificate index from the key certificate index, generates a first signature request through secure environment management by using the certificate index and a signature algorithm index in the drive library, and sends the first signature request to intelligent card equipment corresponding to the key certificate index through the drive library;
432. The smart card device receives and analyzes the first signature request, and sets a signature algorithm and a signature key according to the certificate index and the signature algorithm index;
if the setting is successful, returning a successful first state code to the XPC Server, and if the setting is failed, returning an error first state code to the XPC Server;
433. the XPC Server judges whether to continue the signature operation according to the first status code returned by the intelligent card device;
if so, the XPC Server generates a second signature request according to the data to be signed and sends the second signature request to the smart card device, and then step 434 is executed;
otherwise, ending the signature flow.
434. The intelligent card equipment receives and analyzes the second signature request to obtain data to be signed, and performs hash calculation on the data to be signed;
if the calculation is successful, the hash result obtained by calculation is stored, and a successful second state code is returned to the XPC Server;
if the calculation fails, returning an error second state code to the XPC Server;
435. the XPC Server judges whether to continue the signature operation according to the second status code returned by the intelligent card device;
if yes, the XPC Server generates a third signature request and sends the third signature request to the XPC Server, and the XPC Server sends the third signature request to the intelligent card equipment through the driving library;
Otherwise, ending the signature flow.
436. When the smart card device receives the third signature request, the stored hash result is signed by using a signature key in the certificate data according to a set signature algorithm to obtain a signature value;
if the signature is successful, returning a successful third status code and signature value to the XPC Server;
if the signature fails, returning an error third status code to the XPC Server.
437. The XPC Server judges whether the signature operation is successful or not according to the signature operation result;
if successful, the XPC Server sends the signature value in the received signature operation result to the XPC Client;
otherwise, the XPC Server sends signature failure to the XPC Client.
438. The smart card extension service obtains signature data through XPC Client.
The registration application method of the smart card certificate solves the problem that the Mac system starts default after version 10.15 and does not support the token technology, and authentication and authorization of the smart card cannot be carried out, and realizes that the Mac system can realize authorized access of the smart card without the token technology after version 10.15.
Embodiment four:
the following describes this embodiment with reference to fig. 9, which is a device for registering a smart card certificate, the device including a certificate reading unit and a verification signature unit:
The certificate reading unit comprises a first processing module, a second processing module, a third processing module and a fourth processing module;
the first processing module is used for accessing the intelligent card equipment into the terminal, enabling a system of the terminal to start intelligent card expansion service, and sending a certificate reading instruction to the XPC service after the intelligent card expansion service starts the XPC service;
the second processing module is used for traversing the intelligent card equipment inserted in the USB slot of the terminal by the XPC service to obtain the intelligent card equipment meeting the preset condition;
the third processing module is used for reading the certificate information in the intelligent card equipment meeting the preset conditions through the drive library by the XPC service and sending the certificate information to the intelligent card expansion service;
the fourth processing module is used for obtaining a certificate object, a key pair object and a key certificate index according to the certificate information by the smart card expansion service, and storing the instance data of the certificate object and the instance data of the key pair object to a position corresponding to the key certificate index in the key chain unit;
the verification signature unit comprises a fifth processing module, a sixth processing module, a seventh processing module and an eighth processing module;
the fifth processing module is used for receiving the operation request by the smart card expansion service and sending the operation request to the XPC service;
The sixth processing module is used for acquiring the key certificate index in the operation request by the XPC service and interacting with the intelligent card equipment corresponding to the key certificate index through the driving library;
the seventh processing module is used for acquiring the instance data of the certificate object and the instance data of the key pair object from the position corresponding to the key certificate index in the key chain unit by the XPC service;
and the eighth processing module is used for performing verification signature processing on the smart card device by the XPC service by using the instance data of the certificate object and the instance data of the key pair object, and sending the processing result to the smart card expansion service.
Based on the above embodiment, further, the certificate reading unit includes a ninth processing module;
a ninth processing module, configured to run a preset script for the system to install a smart card driver installation package, so that a smart card extension application is installed in an application program directory of the system, and issue a permission to the smart card extension application;
the intelligent card expansion application comprises intelligent card expansion service, wherein the intelligent card expansion service comprises XPC service and a driving library for realizing interaction between the XPC service and the intelligent card equipment.
Based on the above embodiment, further, the second processing module is specifically configured to traverse the USB slot of the terminal by using the XPC service to obtain the number of accessed smart card devices;
The XPC service judges whether the number of the intelligent card devices which are accessed is zero;
if not, the XPC service reads the VID and PID of the accessed intelligent card equipment;
judging whether the VID of the accessed intelligent card device accords with a preset VID and/or whether the PID of the accessed intelligent card device accords with a preset PID;
if yes, the intelligent card equipment is intelligent card equipment meeting preset conditions;
if not, ending the reading flow;
and if the number of the accessed smart card devices is zero, ending the processing.
Based on the above embodiment, further, a third processing module is specifically configured to read, by the XPC service through the driver library, a first preset storage area of the smart card device that meets a preset condition, to obtain a start bit and an offset of the certificate data storage;
and reading a second preset storage area of the intelligent card equipment according to the start bit and the offset of the certificate data storage to obtain the certificate information of the intelligent card equipment.
Based on the above embodiment, further, a fourth processing module is specifically configured to convert the certificate data in the certificate information into the instance data of the certificate object by using the smart card extension service, and set the attribute of the key pair object after creating the instance data of the key pair object according to the certificate object;
After obtaining the certificate index and the key index from the certificate information, the smart card expansion service obtains the key certificate index according to the certificate index and the key index;
the smart card expansion service stores the instance data of the certificate object and the instance data of the key pair object into a key chain instance;
the smart card extension service encapsulates the keychain instance into a keychain element corresponding to the key certificate index.
Based on the above embodiment, further, when performing identity verification, the fifth processing module is specifically configured to receive the identity verification request by the smart card extension service, and send the identity verification request to the XPC service;
the sixth processing module is specifically configured to obtain, by using the XPC service, a key certificate index in the authentication request and a PIN code input by a user, and interact with a smart card device corresponding to the key certificate index through the driving library;
the seventh processing module is specifically configured to obtain, by using the XPC service, instance data of a certificate object and instance data of a key pair object from a location corresponding to a key certificate index in the key chain unit;
and the eighth processing module is specifically used for carrying out identity verification on the smart card equipment corresponding to the key certificate index by using the instance data and the PIN code of the object by the XPC service, and sending the verification result to the smart card expansion service.
Based on the above embodiment, the eighth processing module is specifically configured to send, by the XPC service, an instruction for obtaining a random number to the smart card device corresponding to the key certificate index;
the XPC service receives the random number returned by the intelligent card equipment corresponding to the key certificate index, and carries out exclusive-OR operation on the PIN code and the random number to obtain an exclusive-OR result;
the XPC service encrypts the exclusive-or result by using a public key in the instance data of the object to obtain a first encryption result;
the XPC service generates a verification instruction according to the first encryption result and sends the verification instruction to the intelligent card equipment corresponding to the key certificate index;
the XPC service receives the identity verification result of the intelligent card equipment corresponding to the key certificate index and sends the identity verification result to the intelligent card expansion service;
if the verification information received by the smart card expansion service is verification success information, the smart card equipment corresponding to the key certificate index is set to pass identity authentication, and a signature request is sent;
otherwise, the verification fails and login is not allowed.
Based on the above embodiment, further, when the operation request received by the smart card extension service is a signature request, the fifth processing module is specifically configured to send the signature request to the XPC service when the smart card extension service receives the signature request;
The sixth processing module is specifically configured to obtain a key certificate index in the signature request through the XPC service, and obtain data to be signed in the smart card device corresponding to the key certificate index through the driving library;
the seventh processing module is specifically configured to obtain, by using the XPC service, instance data of a certificate object of the smart card device corresponding to the key certificate index from a location corresponding to the key certificate index in the key chain unit;
and the eighth processing module is specifically used for calling the driving library by the XPC service, executing signature operation on the data to be signed by using the instance data of the certificate object, and sending the signature data to the intelligent card extension service.
Based on the above embodiment, further, an eighth processing module is specifically configured to obtain a certificate index from the key certificate index by using the XPC service, generate a first signature request by using the certificate index and a signature algorithm index in a driver library through secure environment management, and send the first signature request to a smart card device corresponding to the key certificate index through the driver library;
the XPC service receives a first status code sent by the smart card device corresponding to the key certificate index, and judges whether to continue the signature operation according to the first status code;
if yes, the XPC service generates a second signature request according to the data to be signed and sends the second signature request to the intelligent card equipment corresponding to the key certificate index, otherwise, the signature process is ended;
The XPC service receives a second status code sent by the smart card device corresponding to the key certificate index and judges whether to continue the signature operation according to the second status code;
if yes, the XPC service generates a third signature request and sends the third signature request to the intelligent card equipment corresponding to the key certificate index, otherwise, the signature process is ended;
the XPC service receives a third status code sent by the smart card device corresponding to the key certificate index and judges whether signature operation is successful or not according to the third status code;
if successful, the XPC service sends the signature value in the signature operation result to the smart card extension service;
otherwise, the XPC service sends signature failure information to the smart card extension service.
The registration application device of the smart card certificate solves the problem that the Mac system starts default after version 10.15 and does not support the token technology, and authentication and authorization of the smart card can not be carried out, and realizes that the Mac system can realize authorized access of the smart card without the token technology after version 10.15.
Furthermore, the present application provides a computer readable storage medium comprising a computer program which, when run on an apple device, causes the apple device to perform the method of the embodiments described above.
The present application also provides a chip system, including a chip, coupled to a memory, for executing a computer program stored in the memory, to perform the method described in the above embodiments.
The foregoing is merely a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions easily contemplated by those skilled in the art within the scope of the present invention should be included in the scope of the present invention. Therefore, the protection scope of the present invention should be subject to the protection scope of the claims.
Claims (12)
1. The registration application method of the smart card certificate is characterized by comprising a certificate reading flow and a signature verification flow;
the certificate reading flow comprises the following steps:
the method comprises the steps that intelligent card equipment is accessed to a terminal, a system of the terminal starts intelligent card expansion service, and after the intelligent card expansion service starts XPC service, a certificate reading instruction is sent to the XPC service;
the XPC service traverses the intelligent card equipment inserted in the USB slot of the terminal to obtain the intelligent card equipment meeting the preset condition;
the XPC service reads the certificate information in the intelligent card equipment meeting the preset conditions through a driving library and sends the certificate information to the intelligent card expansion service;
The smart card expansion service obtains a certificate object, a key pair object and a key certificate index according to the certificate information, and stores the instance data of the certificate object and the instance data of the key pair object to a position corresponding to the key certificate index in a key chain unit;
the signature verification process comprises the following steps:
the intelligent card expansion service receives an operation request and sends the operation request to the XPC service;
the XPC service acquires a key certificate index in the operation request and interacts with smart card equipment corresponding to the key certificate index through the drive library;
the XPC service obtains the instance data of the certificate object and the instance data of the key pair object from the position corresponding to the key certificate index in the key chain unit;
and the XPC service performs verification signature processing on the smart card device by using the instance data of the certificate object and the instance data of the key pair object, and sends a processing result to the smart card expansion service.
2. The method according to claim 1, wherein the certificate reading procedure further comprises:
the system runs a preset script to install a smart card driver installation package so that a smart card extension application is installed in an application program catalog of the system, and issues permission to the smart card extension application;
The intelligent card expansion application comprises intelligent card expansion service, wherein the intelligent card expansion service comprises XPC service and a driving library for realizing interaction between the XPC service and the intelligent card equipment.
3. The method according to claim 1, wherein the XPC service traverses the smart card device inserted in the USB slot of the terminal to obtain a smart card device that meets a preset condition, and specifically includes:
the XPC service traverses the USB slot of the terminal to obtain the number of the accessed intelligent card devices;
the XPC service judges whether the number of the accessed intelligent card devices is zero;
if not, the XPC service reads the VID and PID of the accessed intelligent card equipment;
judging whether the VID of the accessed intelligent card equipment accords with a preset VID and/or judging whether the PID of the accessed intelligent card equipment accords with a preset PID;
the conforming smart card device is a smart card device that satisfies a preset condition;
if the smart card equipment is not met, ending the certificate reading flow;
and if the number of the accessed intelligent card devices is zero, ending.
4. The method according to claim 1, wherein the XPC service reads the certificate information in the smart card device satisfying the preset condition through a driver library, and sends the certificate information to the smart card extension service, specifically including:
The XPC service reads a first preset storage area of the intelligent card device meeting preset conditions through a drive library to obtain a start bit and an offset of certificate data storage;
and reading the second preset storage area of the smart card device according to the start bit and the offset of the certificate data storage to obtain the certificate information of the smart card device.
5. The method according to claim 1, wherein the smart card extension service obtains a certificate object, a key pair object and a key certificate index according to the certificate information, and stores the instance data of the certificate object and the instance data of the key pair object to a location corresponding to the key certificate index in a key chain unit, specifically including:
the smart card expansion service converts the certificate data in the certificate information into instance data of the certificate object, and sets the attribute of the key pair object after creating the instance data of the key pair object according to the certificate object;
the smart card expansion service obtains a certificate index and a key index from the certificate information, and then obtains the key certificate index according to the certificate index and the key index;
The smart card expansion service stores the instance data of the certificate object and the instance data of the key pair object into a key chain instance;
the smart card extension service encapsulates the keychain instance into a keychain unit at a location corresponding to the key certificate index.
6. The method of claim 1, wherein when the smart card extension service receives the operation request as an authentication request, the authentication signature process comprises:
the intelligent card expansion service receives the identity verification request and sends the identity verification request to the XPC service;
the XPC service acquires a key certificate index in the identity verification request and a PIN code input by a user, and interacts with smart card equipment corresponding to the key certificate index through the driving library;
the XPC service obtains the instance data of the certificate object and the instance data of the key pair object from the position corresponding to the key certificate index in the key chain unit;
and the XPC service performs identity verification on the intelligent card equipment corresponding to the key certificate index by utilizing the instance data of the key pair object and the PIN code input by the user, and sends a verification result to the intelligent card expansion service.
7. The method according to claim 6, wherein the XPC service uses the key to authenticate the smart card device corresponding to the key certificate index by using the instance data of the object and the PIN code input by the user, and sends the authentication result to the smart card extension service, specifically including:
the XPC service sends a random number acquisition instruction to the intelligent card equipment corresponding to the key certificate index;
the XPC service receives a random number returned by the intelligent card device corresponding to the key certificate index, and performs exclusive-OR operation on the PIN code and the random number to obtain an exclusive-OR result;
the XPC service encrypts the exclusive-or result by using the public key in the instance data of the object by using the secret key to obtain a first encryption result;
the XPC service generates a verification instruction according to the first encryption result and sends the verification instruction to smart card equipment corresponding to the key certificate index;
the XPC service receives an identity verification result of the intelligent card device corresponding to the key certificate index and sends the identity verification result to the intelligent card expansion service;
if the identity verification result received by the smart card expansion service is verification success information, the smart card equipment corresponding to the key certificate index is set to pass identity authentication;
Otherwise, the verification fails and login is not allowed.
8. The method of claim 1, wherein when the smart card extension service receives the operation request as a signature request, the verifying signature flow comprises:
the smart card expansion service receives the signature request and sends the signature request to the XPC service;
the XPC service acquires a key certificate index in the signature request, and acquires data to be signed in the smart card device corresponding to the key certificate index through the drive library;
the XPC service obtains instance data of a certificate object of the smart card device corresponding to the key certificate index from a position corresponding to the key certificate index in the key chain unit;
and the XPC service calls a driving library, performs signature operation on the data to be signed by using the instance data of the certificate object, and sends the signature data to the intelligent card expansion service.
9. The method according to claim 8, wherein the XPC service invokes a driver library to perform a signing operation on the data to be signed using instance data of the certificate object, and sends the signed data to the smart card extension service, and specifically comprising:
The XPC service obtains a certificate index from the key certificate index, generates a first signature request through secure environment management by utilizing the certificate index and a signature algorithm index in the drive library, and sends the first signature request to smart card equipment corresponding to the key certificate index through the drive library;
the XPC service receives a first status code sent by the smart card device corresponding to the key certificate index, and judges whether to continue signing operation according to the first status code;
if yes, the XPC service generates a second signature request according to the data to be signed and sends the second signature request to the intelligent card equipment corresponding to the key certificate index, otherwise, the signature verification process is ended;
the XPC service receives a second status code sent by the smart card device corresponding to the key certificate index and judges whether to continue the signature operation according to the second status code;
if yes, the XPC service generates a third signature request and sends the third signature request to the intelligent card equipment corresponding to the key certificate index, otherwise, the signature verification process is ended;
the XPC service receives a third status code sent by the smart card device corresponding to the key certificate index and judges whether signature operation is successful or not according to the third status code;
If successful, the XPC service sends a signature value in a signature operation result to the intelligent card expansion service;
otherwise, the XPC service sends signature failure information to the smart card extension service.
10. A smart card certificate registration application apparatus, characterized in that the apparatus comprises a certificate reading unit and a verification signature unit:
the certificate reading unit comprises a first processing module, a second processing module, a third processing module and a fourth processing module;
the first processing module is used for starting XPC service after a system of the terminal starts intelligent card expansion service when intelligent card equipment is accessed to the terminal, and sending a certificate reading instruction to the XPC service;
the second processing module is configured to traverse the smart card device inserted in the USB slot of the terminal by using the XPC service, to obtain a smart card device that meets a preset condition;
the third processing module is configured to read, by using the driver library, certificate information in the smart card device that meets a preset condition, and send the certificate information to the smart card extension service;
the fourth processing module is configured to obtain a certificate object, a key pair object and a key certificate index according to the certificate information by using the smart card extension service, and store the instance data of the certificate object and the instance data of the key pair object to a location corresponding to the key certificate index in a key chain unit;
The signature verification unit comprises a fifth processing module, a sixth processing module, a seventh processing module and an eighth processing module;
the fifth processing module is configured to receive an operation request by the smart card extension service, and send the operation request to the XPC service;
the sixth processing module is configured to obtain a key certificate index in the operation request by using the XPC service, and interact with a smart card device corresponding to the key certificate index through the driver library;
the seventh processing module is configured to obtain, by the XPC service, instance data of the certificate object and instance data of the key pair object from a location corresponding to the key certificate index in a key chain unit;
the eighth processing module is configured to perform verification signature processing on the smart card device by using the instance data of the certificate object and the instance data of the key pair object by using the XPC service, and send a processing result to the smart card extension service.
11. A computer readable storage medium, characterized in that the computer readable storage medium comprises a computer program which, when run on a device, performs the method according to any one of claims 1 to 9.
12. A chip system comprising a chip coupled to a memory for executing a computer program stored in the memory for performing the method of any of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310138962.2A CN115913579B (en) | 2023-02-21 | 2023-02-21 | Registration application method and device for smart card certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310138962.2A CN115913579B (en) | 2023-02-21 | 2023-02-21 | Registration application method and device for smart card certificate |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115913579A CN115913579A (en) | 2023-04-04 |
| CN115913579B true CN115913579B (en) | 2023-06-13 |
Family
ID=86483539
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310138962.2A Active CN115913579B (en) | 2023-02-21 | 2023-02-21 | Registration application method and device for smart card certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115913579B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117528519B (en) * | 2024-01-04 | 2024-03-08 | 飞天诚信科技股份有限公司 | Method and device for realizing expansion of smart card |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101938520A (en) * | 2010-09-07 | 2011-01-05 | 中兴通讯股份有限公司 | Mobile terminal signature-based remote payment system and method |
| CN104102507A (en) * | 2014-06-24 | 2014-10-15 | 飞天诚信科技股份有限公司 | Method for extending JavaCard application functions |
| CN105827655A (en) * | 2016-05-27 | 2016-08-03 | 飞天诚信科技股份有限公司 | Intelligent key equipment and work method thereof |
| WO2016177052A1 (en) * | 2015-08-21 | 2016-11-10 | 中兴通讯股份有限公司 | User authentication method and apparatus |
| CN106464729A (en) * | 2014-05-30 | 2017-02-22 | 苹果公司 | Proxied push |
| US10248797B1 (en) * | 2016-06-30 | 2019-04-02 | Symantec Corporation | Systems and methods for zero-day DLP protection having enhanced file upload processing |
| US10824536B1 (en) * | 2019-05-31 | 2020-11-03 | Apple Inc. | Clustering techniques for third party application data |
| CN112035272A (en) * | 2019-06-03 | 2020-12-04 | 华为技术有限公司 | Method and device for interprocess communication and computer equipment |
-
2023
- 2023-02-21 CN CN202310138962.2A patent/CN115913579B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101938520A (en) * | 2010-09-07 | 2011-01-05 | 中兴通讯股份有限公司 | Mobile terminal signature-based remote payment system and method |
| CN106464729A (en) * | 2014-05-30 | 2017-02-22 | 苹果公司 | Proxied push |
| CN104102507A (en) * | 2014-06-24 | 2014-10-15 | 飞天诚信科技股份有限公司 | Method for extending JavaCard application functions |
| WO2016177052A1 (en) * | 2015-08-21 | 2016-11-10 | 中兴通讯股份有限公司 | User authentication method and apparatus |
| CN105827655A (en) * | 2016-05-27 | 2016-08-03 | 飞天诚信科技股份有限公司 | Intelligent key equipment and work method thereof |
| US10248797B1 (en) * | 2016-06-30 | 2019-04-02 | Symantec Corporation | Systems and methods for zero-day DLP protection having enhanced file upload processing |
| US10824536B1 (en) * | 2019-05-31 | 2020-11-03 | Apple Inc. | Clustering techniques for third party application data |
| CN112035272A (en) * | 2019-06-03 | 2020-12-04 | 华为技术有限公司 | Method and device for interprocess communication and computer equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115913579A (en) | 2023-04-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10027489B2 (en) | Digital rights management system and method | |
| CN103279411B (en) | Enter the method and system of application program based on fingerprint recognition | |
| EP3648396B1 (en) | Maintenance system and maintenance method | |
| JP4638912B2 (en) | Method for transmitting a direct proof private key in a signed group to a device using a distribution CD | |
| US10650168B2 (en) | Data processing device | |
| US20020080974A1 (en) | Platform and method for securely transmitting an authorization secret. | |
| CN103546289A (en) | USB (universal serial bus) Key based secure data transmission method and system | |
| CN109690543B (en) | Security authentication method, integrated circuit and system | |
| CN115913579B (en) | Registration application method and device for smart card certificate | |
| US8812857B1 (en) | Smart card renewal | |
| CN111191252A (en) | Encryption and decryption method and device for smart card operating system and storage medium | |
| KR20070059891A (en) | Application authentication security system and method thereof | |
| CN109474431B (en) | Client authentication method and computer readable storage medium | |
| CN112235263B (en) | Diagnostic device security authentication method, server, vehicle, and storage medium | |
| CN114692120B (en) | National password authentication method, virtual machine, terminal equipment, system and storage medium | |
| US8447984B1 (en) | Authentication system and method for operating the same | |
| CN111246480A (en) | Application communication method, system, equipment and storage medium based on SIM card | |
| CN111079109A (en) | Local security authorization login method and system compatible with multiple browsers | |
| CN109474624B (en) | Application program authentication system and method | |
| CN115174577B (en) | Resource access method, device, equipment and storage medium | |
| CN114301601B (en) | Interface management method and terminal based on Android platform | |
| CN117910057A (en) | Operation method of trusted execution environment, computer architecture system and encrypted hard disk | |
| CN116886432A (en) | Intranet access method and terminal equipment | |
| CN117251876A (en) | Component authorization verification method and system of embedded controller | |
| CN115484593A (en) | Key retrieving method, server and user identity identification card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |