The utility model content
The utility model solves the problems of the technologies described above, provide a kind of simple in structure, and can reduce the development time and reduce the intelligent card emulation system of development difficulty.
The technical scheme in the invention for solving the technical problem is: a kind of intelligent card emulation system comprises:
Be used to move the microprocessing unit of firmware program and user program;
Be used to realize the interface unit of communication protocol parsing;
The secure storage unit that is used for storage device firmware program and data, status information;
Described microprocessing unit links to each other with secure storage unit with described interface unit respectively, constitutes intelligent card artificial equipment;
Also comprise be used to realize intelligent card artificial and with the data communication of main frame and the smart card module of data-switching; Described microprocessing unit links to each other with described smart card module by described interface unit.
Described microprocessing unit can be the microprocessor that comprises CPU, MCU or single-chip microcomputer.
Described microprocessing unit can be integrated in the high-performance microprocessor with described secure storage unit, and described high-performance microprocessor comprises MCU or single-chip microcomputer.
Described microprocessing unit can be integrated in the high-performance microprocessor with described secure storage unit, described interface unit, and described high-performance microprocessor comprises MCU or single-chip microcomputer.
Described secure storage unit can be the storer that comprises RAM, ROM, EPROM, EEPROM or FLASH.
Described smart card module is arranged in the main frame that links to each other with described intelligent card artificial equipment.
The utility model is linked to each other with secure storage unit with interface unit respectively by microprocessing unit, constitute intelligent card artificial equipment, and link to each other with smart card module by interface unit, described smart card module is used to realize the data communication and the data-switching of intelligent card artificial equipment and main frame, thereby existence by a smart card device of described smart card module simulation, and finish functions such as resolution data package organization data bag by smart card module, the command forms that can discern according to equipment transmits order to described intelligent card artificial equipment, described intelligent card artificial equipment receiving data, carry out data processing, thereby the professional technique that makes the developer not need to be grasped the software and hardware of smart card exploitation just can be developed relevant application of IC cards, and can save cost, shorten the construction cycle.
Embodiment
Embodiment 1 as shown in Figure 2 in the utility model, embedded controller MCU chip 203 by integrated interface unit, extension storage unit and a microprocessing unit constitutes intelligent card artificial equipment 202, described MCU chip 203 is set up by USB interface and main frame 201 and communicate by letter, is provided with smart card module 204 in the described main frame 201 and communicates by letter with described MCU chip 203 foundation.
Embodiment 2 as shown in Figure 3, embedded controller MCU chip 304 and USB interface chip 303 by integrated storage unit connect and compose intelligent card artificial equipment 302, and realize communicating by letter with described main frame 301 by described USB interface chip 303, be provided with smart card module 305 in the described main frame 301, and communicate by letter with described MCU chip 304 foundation through described USB interface chip 303.
Embodiment 3 as shown in Figure 4, connect and compose intelligent card artificial equipment 402 in turn by USB interface chip 403, central microprocessor CPU404 and extended memory 405, and link to each other with main frame 401 by described USB interface chip 403 and to realize communication, be provided with smart card module 406 in the described main frame 401, and communicate by letter with described CPU404 foundation through described USB interface chip 403.
Described intelligent card artificial equipment the has been emulation information safety devices of smart card device, wherein said extended memory also can be selected RAM, ROM, EPROM, EEPROM, FLASH etc. arbitrarily for use, is used to store corresponding cryptographic algorithm.Described storer should have enough storage spaces, is used to store the cryptographic algorithm that presets, and perhaps can be selected or download algorithm by the user, and the words of storage area personal code work need enough big storage space if desired.
Based on said structure, assist above-mentioned intelligent card artificial equipment to realize the emulation of smart card jointly by a smart card module that is positioned at host side.Described smart card module is the device drives part of developing in the PC/SC system, realizes other parts of physical equipment and PC/SC are connected, and handles all situations in the smart card communications process.The existence of a smart card device of this smart card module simulation sends connection request to physical equipment (being described intelligent card artificial equipment) when equipment connects, foundation and physical equipment is connected in IO communication.Described intelligent card artificial equipment is responsible for giving described smart card module with the plug status report of equipment, and smart card module has the smart card device plug by the request of response host application program to the main frame statement.When the smart card services request connects intelligent card artificial equipment, will be returned from " ATR " character string of physical hardware devices by smart card module, and simulate the information of common smart card by this character string, replacement should be the ATR that smart card returns.Order by smart card special purpose interface function transmission APDU between the application of host side and the intelligent card artificial equipment.Hardware device inside provides cryptographic services with the format management of file and catalogue, and different security access levels.
Firmware program traffic carried process comprises, request from host application sends to equipment end by the smart card module that is positioned at host side, smart card module is finished the resolution data bag, organize functions such as packet, the command forms that can discern according to equipment transmits order to described intelligent card artificial equipment, described intelligent card artificial equipment receiving data, carry out data processing, such as storage, encryption and decryption, it may be file management, perhaps data read-write operation after disposing, sends the data to smart card module, smart card module is handled data, and the result is returned to host side.When the user used a certain service that needs authentication, smart card module connected virtual unit and real physical equipment, " ATR " information in the readout equipment, and equipment waits for the request of self-application.The authentication process of entire equipment end such as the description of bottom.In the process of authentication, the request that smart card module transmission is used is to equipment, and the reply data of Returning equipment gives the PC/SC system, makes response to using by the PC/SC system.Because PC/SC and smart card module part cooperate closely, make and it seems that from application the physical equipment end is exactly a smart card device.In fact, equipment end is a non intelligent card apparatus that can respond the various requests of smart card module part.When equipment was finished communication and need be removed, smart card module fed back to application with the plug report that equipment sends, and finishes the status report that smart card removes.
Communicating by letter specifically as shown in fig. 1 of described intelligent card artificial equipment and main frame.Intelligence simulation equipment is realized the function of authentication.
Step 101 has been finished initialization for main frame to identification apparatus among Fig. 1, obtain the password A of user's input in the step 102 by identification apparatus, identification apparatus is read password and is obtained B through specific processing in the step 103 from the memory block, in the step 104 A and B are compared, then authentication failure of difference, forward step 111 to, identification apparatus returns the indication of current state and wait smart card module to host side, identically then distribute certain authority to give the user by identification apparatus, described this authority is associated with user's cryptographic levels, the user can authorize the application end operation in the identity allowed band, be order such as the step 105 that identification apparatus receives self-application, order is carried out dissection process such as step 106 data encryption processing and step 107 with presetting the code operational data, return to application then, execution in step 108 continues to wait for the order of self-application then.Do not have in application to forward step 111 under the situation of legal response, otherwise receive the order of application layer,, then arrive step 110 and disconnect and connect this communication process of normal termination, continue execution otherwise forward step 105 to if judge the indication sign off by step 109.Step 102, step 103, three steps of step 104 also can change into and directly read password from identification apparatus, judge by host side whether password is correct.Said process can be achieved as follows function:
1. control accesses network: id information and user authentication information by containing in the identification apparatus are used for logging in network.
2. be used to verify digital signature or proof with the identity of the sender of document of identify, and prevent that it from being distorted midway.
3. storage encrypted message, the stored user encrypted message sends to main frame by the encrypted message that will comprise in the described intelligent card artificial equipment and is used for identification equipment possessor identity, prevents the risk that the user brings when manually inputing password.
4. Telnet, the website of bank can utilize signing messages to discern user's legitimacy.
5. the visit of control documents can add access control information in some files, can prevent unauthorized access or operation under the situation that identification apparatus is lost.
6. control signs in to specific application system, and the developer can be used for this function the product of oneself, and this product can utilize the utility model device to login.
Presetting of described step 107 also comprises identification apparatus application interface function in the code, identification apparatus application interface function is the interface level between identification apparatus and the 3rd side use, this application interface function is mainly used by the developer, and described application interface function mainly provides following function:
1. open equipment: open the handle of this equipment, set up communication channel with this equipment.
2. closing device: when equipment is prepared not re-use, the handle and the status information of equipment of this equipment are removed.
3. send order: this is the core of identification apparatus, and realization is provided with work, i.e. the realization of the intelligent card function of all this identity identification equipments to all of this device.
The main effect that is used as the described intelligent card artificial equipment of digital identity identification is that the important sensitive data of protection can be read out outside the identification apparatus never, as reads in the internal memory of main frame, and such benefit of bringing is:
1. the user can remember redundant cipher, and the password of safety is necessarily formed enough complicated character string by letter and number, and upgrades often, stores the trouble that encrypted message can be removed the user from identification apparatus.
2. the measures of double factor authentication is provided,, can bring risk to the user even a side of user's password or digital identity identification equipment loses.
3. key can not be derived, and has guaranteed the safety of user key.
4. cryptographic algorithm is built-in.
Described intelligent card artificial equipment in the utility model can be supported three grades of file managements and be respectively equipped with different administration authorities, comprise the two-stage bibliographic structure.Hardware components realizes that HMAC-MD5 algorithm and random number generate, and is used for doing the scrambling of authentication and data etc.Specifically, described microprocessing unit has a built-in file system, can carry out complete control by the API storehouse.The size of file can be set when creating, and file can be deleted, and also can pass through the size of the mode revised file of establishment file of the same name.Can visit file system by catalogue ID and file ID, these characteristics are consistent with real smart card system.
Storage has different safe classes with each file in operating in the utility model, can control visit to them by attribute.Safe condition comprises power user, domestic consumer and anonymous.The file authorizing of each different attribute uses for the user of different safe classes, and user mode is subjected to property control.Hardware device provides cryptographic services, comprises tandom number generator, MD5 algorithm, HMAC-MD5 etc.
The utility model comes the artificial intelligence card by adopting non intelligent card apparatus, the benefit of bringing is, the developer does not need to be grasped the professional technique of the software and hardware of smart card exploitation just can develop relevant application of IC cards, and can save cost, shortens the construction cycle.
More than intelligent card emulation system provided by the utility model is described in detail, used specific case herein principle of the present utility model and embodiment are set forth, the explanation of above embodiment just is used for helping to understand method of the present utility model and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present utility model, the part that all can change in specific embodiments and applications, in sum, this description should not be construed as restriction of the present utility model.