CN105678152A - Method and device for communication with intelligent secret key device - Google Patents

Abstract

The invention discloses a method and device for communicating with an intelligent key device; the method includes: a monitoring process and a communication process; in the monitoring process, a mobile terminal monitors whether there is an intelligent key device by means of broadcasting or enumeration Insertion; when the mobile terminal monitors the insertion of the smart key device, the mobile terminal obtains the device object corresponding to the smart key device, and judges whether the device object has device authority. According to the corresponding device connection handle and device interface object, the device communication endpoint corresponding to the device object is obtained according to the device interface object; Smart key device communication.

Description

A method and device for communicating with smart key equipment

technical field

The invention relates to the technical field of communication, in particular to a method and device for communicating with an intelligent key device.

Background technique

With the rapid development of electronic information, online banking transactions are becoming more and more popular in daily life. USBKEY is a safe and convenient smart key device with USB interface proposed to ensure the security of online banking transactions. A mobile terminal refers to a computer device that can be used on the move, and is more portable than a traditional computer. And in recent years, with the rapid development of network technology and integrated circuit technology, mobile terminals have entered the stage of intelligent development. With their powerful processing capabilities, they have become a comprehensive information processing platform, which is an indispensable part of people's life and work. An important tool is missing.

OTG (On-The-Go) technology is an existing technology that can realize data transmission between slave devices without a host, and it has laid a technical foundation for the use of USBKEY on mobile terminals. However, in the prior art, how to use the OTG technology to realize the communication between the mobile terminal and the USBKEY is still a technical problem that needs to be solved urgently.

Contents of the invention

The invention provides a method and device for communicating with an intelligent key device, which solves the above-mentioned technical problems in the prior art.

The invention provides a method for communicating with an intelligent key device, including: a monitoring process and a communication process;

The monitoring process includes:

Step s1: mobile terminal initialization;

Step s2: The mobile terminal monitors whether a smart key device is inserted by broadcasting or enumerating; when the mobile terminal monitors the insertion of the smart key device, execute step s3;

Step s3: The mobile terminal obtains the device object corresponding to the smart key device, and judges whether the device object has device authority, and if so, executes step s5; otherwise, executes step s4;

Step s4: The mobile terminal applies for the device permission for the device object, and judges whether the device object has the device permission, if yes, execute step s5, otherwise, return to step s2;

Step s5: The mobile terminal obtains a device connection handle and a device interface object corresponding to the device object, and obtains a device communication endpoint corresponding to the device object according to the device interface object;

The communication process includes:

Step r1: the mobile terminal generates a first communication command, acquires a USB protocol identifier according to the device object, and encapsulates the first communication command according to the USB protocol identifier;

Step r2: the mobile terminal sends the encapsulated first communication command to the corresponding smart key device through the device connection handle and the device communication endpoint;

Step r3: the mobile terminal receives a first response corresponding to the encapsulated first communication command from the smart key device through the device connection handle and the device communication endpoint;

Step r4: The mobile terminal decapsulates the first response according to the USB protocol identifier, obtains the decapsulated first response, and communicates successfully.

The present invention also provides a device for communicating with smart key equipment, including: an initialization module, a monitoring module, a first acquisition module, a first judgment module, an application authority module, a second judgment module, a second acquisition module, a first Encapsulation module, first sending module, first receiving module and first decapsulating module;

The initialization module is used for initialization;

The monitoring module is used to monitor whether a smart key device is inserted by broadcasting or enumerating after the initialization module is initialized; For example, monitor whether there is a smart key device inserted;

The first obtaining module is configured to obtain a device object corresponding to the smart key device when the monitoring module monitors that the smart key device is inserted;

The first judging module is configured to judge whether the device object obtained by the first obtaining module has device authority;

The application permission module is used to apply for the device permission for the device object after the first judging module judges no;

The second judging module is configured to judge whether the device object has device permission after the permission application module applies for the device permission for the device object acquired by the first obtaining module;

The second obtaining module is configured to obtain the device connection handle and the device interface object corresponding to the device object when the first judging module judges yes or when the second judging module judges yes, according to The device interface object acquires a device communication endpoint corresponding to the device object;

The first encapsulation module is configured to generate a first communication instruction after the second obtaining module obtains the device communication endpoint corresponding to the device object according to the device interface object, and obtain the USB protocol identifier according to the device object , encapsulating the first communication command according to the USB protocol identifier;

The first sending module is configured to send the first communication command encapsulated by the first encapsulation module to the corresponding smart key through the device connection handle obtained by the second obtaining module and the device communication endpoint equipment;

The first receiving module is configured to use the device connection handle obtained by the second obtaining module and the device communication endpoint to receive the first communication command corresponding to the encapsulated first communication command from the smart key device. a response;

The first decapsulation module is configured to decapsulate the first response received by the first receiving module according to the USB protocol identifier, to obtain the decapsulated first response.

The beneficial effects of the present invention are: the present invention obtains the device object corresponding to the smart key device after monitoring the insertion of the smart key device, and judges whether the device object has device authority; , to obtain the device connection handle and device interface object corresponding to the device object, and obtain the device communication endpoint corresponding to the device object according to the device interface object; according to the device object corresponding to the smart key device, the device connection handle and the device communication endpoint The communication between the mobile terminal and the smart key device is realized on the basis of using OTG technology.

Description of drawings

FIG. 1 is an operation flowchart of a monitoring process provided by Embodiment 1 of the present invention;

FIG. 2 is an operation flowchart of a communication process provided by Embodiment 1 of the present invention;

FIG. 3 is a specific operation flowchart of a monitoring process provided by Embodiment 1 of the present invention;

FIG. 4 is a specific operation flowchart of another monitoring process provided by Embodiment 1 of the present invention;

FIG. 5 is a specific operation flowchart of another monitoring process provided by Embodiment 1 of the present invention;

FIG. 6 is a structural diagram of an apparatus for communicating with a smart key device provided in Embodiment 2 of the present invention.

Specific implementation method

The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

Example 1

This embodiment provides a method for communicating with a smart key device, including: a monitoring process and a communication process;

Among them, the monitoring process, as shown in Figure 1, includes:

Step A1: The mobile terminal starts the monitoring process and initializes;

In this embodiment, the mobile terminal supports OTG technology.

Step A2: The mobile terminal monitors whether a USBKEY is inserted or pulled out by means of broadcasting or enumeration; when the mobile terminal monitors that the USBKEY is inserted, perform step A3; when the mobile terminal monitors that the USBKEY is pulled out, perform step A7;

Step A3: The mobile terminal obtains the device object corresponding to the USBKEY, and judges whether the device object has device authority, and if so, executes step A4; otherwise, executes step A6;

Step A4: The mobile terminal obtains the device connection handle and the device interface object corresponding to the device object, and obtains the device communication endpoint corresponding to the device object according to the device interface object;

Step A5: The mobile terminal generates a device communication handle corresponding to the device object, establishes a corresponding relationship between the device communication handle and the device connection handle, the device communication endpoint, and the device object, and saves it. The mobile terminal and the USBKEY are successfully connected, and return to step A2;

Step A6: The mobile terminal applies for the device authority for the device object, and judges whether the device object has the device authority. If yes, return to step A4; otherwise, return to step A2.

Step A7: The mobile terminal judges whether there is a corresponding device communication handle for the device object corresponding to the USBKEY, if yes, execute step A8; otherwise, execute step A9;

Step A8: The mobile terminal destroys the device object corresponding to the USBKEY, and the corresponding device communication handle, device connection handle and device communication endpoint, and the connection between the mobile terminal and the USBKEY fails, and returns to step A2;

Step A9: The mobile terminal destroys the device object corresponding to the USBKEY, and the connection between the mobile terminal and the USBKEY fails, and returns to step A2;

The communication process, as shown in Figure 2, includes:

Step B1: The mobile terminal obtains the device communication handle corresponding to the USBKEY, and obtains the corresponding device object, device connection handle and device communication endpoint according to the device communication handle corresponding to the USBKEY;

Specifically, the mobile terminal obtains the device communication handle corresponding to the USBKEY, and if the obtained device communication handle is not empty, it determines that the connection with the USBKEY is successful, and obtains the corresponding device object, device connection handle and Device communication endpoint; otherwise, it is determined that the connection with the USBKEY has failed, continue to obtain the device communication handle corresponding to the USBKEY, or end the current operation.

Step B2: The mobile terminal judges whether the corresponding device object, device connection handle and device communication endpoint have been acquired, and if yes, execute step B3; otherwise, the communication fails and ends.

Step B3: The mobile terminal generates the first communication command, obtains the USB protocol identifier according to the device object, and encapsulates the first communication command according to the USB protocol identifier;

Wherein, encapsulating the first communication command according to the USB protocol identifier is specifically: adding a USB protocol header corresponding to the USB protocol identifier before the first communication command to obtain the encapsulated first communication command. Wherein, the encapsulated first communication command may include multiple packets of data, and each packet of data includes a USB protocol header.

In this embodiment, the first communication instruction may specifically be a random number fetch instruction, a PIN verification instruction, a key pair generation instruction, or a signature instruction, etc.; the USB protocol identifier may specifically be a CCID protocol identifier, an HID protocol identifier, or a SCSI protocol identifier. The encapsulated first communication instruction may include one packet of data or multiple packets of data.

例如，当第一通讯指令具体为签名指令，USB协议标识为HID协议标识后，第一通讯指令为：0x000x2A0x860x800x800x000x010xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0x000x550x730x620x540x6F0x6B0x650x6E0x200x520x750x6E0x520x730x610x4B0x650x790x470x650x6E0x650x720x610x740x690x6F0x6E0x540x650x730x740x2E0x2E0x2E0x550x730x620x540x6F0x6B0x650x6E0x200x520x750x6E0x520x730x610x4B0x650x790x470x650x6E0x650x720x610x740x690x6F0x6E0x540x650x730x740x2E0x2E0x2E0x550x730x620x540x6F0x6B0x650x6E0x200x520x750x6E0x520x730x610x4B0x650x790x470x650x6E0x650x720x610x740x690x6F0x6E0x540x650x730x740x2E0x2E0x2E；

根据USB协议标识对第一通讯指令进行封装，得到封装后的第一通讯指令，封装后的第一通讯指令包括三包数据，其中，第一包数据为：0x000x850x000x000x000x3A0x000x2A0x860x800x800x000x010xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0xFF0x000x550x730x620x540x6F0x6B0x650x6E0x200x520x750x6E0x520x730x610x4B0x650x790x470x650x6E0x650x720x610x740x690x6F0x6E0x540x65；

第二包数据为：0x000x850x000x3A0x000x3A0x730x740x2E0x2E0x2E0x550x730x620x540x6F0x6B0x650x6E0x200x520x750x6E0x520x730x610x4B0x650x790x470x650x6E0x650x720x610x740x690x6F0x6E0x540x650x730x740x2E0x2E0x2E0x550x730x620x540x6F0x6B0x650x6E0x200x520x750x6E0x520x730x610x4B0x650x79；

The third packet of data is: 0x000x850x000x740x000x110x000x0D0xC80x0E0x100x400xCA0x190x000xD00xCE0x190x000x000xE00xFD0x7F;

Among them, the first six bytes of each packet of data are the HID protocol header, the second byte in the HID protocol header is the data length of the first communication command, the fourth byte is the data length that has been sent, and the last byte is The length of data sent by the current packet. Taking the third packet of data as an example, the HID protocol header is specifically: "0x000x850x000x740x000x11"; the second byte of the HID protocol header is "0x85", indicating that the data length of the first communication command is 133 bytes, and the fourth byte " 0x74" indicates that the length of the data sent is 116 bytes, and the last byte "0x11" indicates that the length of the data sent by the current packet is 17 bytes.

Step B4: The mobile terminal sends the encapsulated first communication command to the corresponding USBKEY through the device connection handle and the device communication endpoint;

Specifically, the mobile terminal uses the device output endpoint and the encapsulated first communication command, calls the data transfer function of the device connection handle, and sends the encapsulated first communication command to the corresponding USBKEY.

Among them, the data transfer function can be intbulkTransfer(UsbEndpointendpoint,byte[]buffer,intlength,inttimeout);

Step B5: The mobile terminal receives the first response from the USBKEY through the device connection handle and the device communication endpoint;

Specifically, the mobile terminal uses the device input endpoint and the device connection handle to call the data transfer function of the device connection handle, and receives the first response corresponding to the encapsulated first communication command from the USBKEY. Wherein, the first response may include one packet of data or multiple packets of data.

当第一应答具体为与封装后的签名指令对应的应答后，第一应答包括三包数据，其中，第一应答包为：0x000x820x000x000x000x3A0x960x2B0x0E0x420x700x270x230x7E0x960x160xBD0x520xD90x0E0x7E0x530xB40x650xB90xF10x5B0x440xCF0x3E0x170xAE0xC50x580x830x2D0x5E0xDC0xA60xF80x4F0x880x4F0x750x760x130xDE0xCB0x580x160x7A0x5F0x050x3F0x800x430x980x3B0x850x4D0x3A0x490x5C0xC8；

第二应答包为：0x000x820x000x3A0x000x3A0x480x000xC10x990x240x760x2F0xCC0xF10x080x1A0x730x780x330xCA0x360x080x8B0x480x730x3C0xFF0x960xB30xC50x800x150xA40x5B0x7E0x7C0xE60x3E0x970x750xB60xBA0xC80x510xDC0xB20x770xDC0x240xE90x300xA90x070x040x1F0x2B0x3A0xBE0x300xA80x6A0x700xE0；

The third response packet is: 0x000x820x000x740x000x0E0xB60x860x1E0xC90x6C0x4B0x5B0xF20x030xA20x330x6B0x900x00;

Among them, the first six bytes of each response packet are the response header, the second byte in the response header is the total length of valid data to be received, the fourth byte is the length of valid data that has been received, and the last byte is The valid data length received by the current packet. Taking the third response packet as an example, the response header is specifically: "0x000x820x000x740x000x0E"; the second byte in the response header is "0x82", indicating that the total length of valid data to be received is 130 bytes, and the fourth byte is "0x74 "Indicates that the length of valid data received is 116 bytes, and the last byte "0x0E" indicates that the length of valid data received by the current packet is 14 bytes.

Step B6: The mobile terminal decapsulates the first response according to the USB protocol identifier, obtains the decapsulated first response, and communicates successfully.

Specifically, the mobile terminal processes the first response according to the USB protocol identifier, removes the response header corresponding to the USB protocol identifier in the first response, obtains the first response corresponding to the first communication command, and communicates successfully.

当第一应答为与封装后的签名指令相对应时，解封后的第一应答具体为：0x960x2B0x0E0x420x700x270x230x7E0x960x160xBD0x520xD90x0E0x7E0x530xB40x650xB90xF10x5B0x440xCF0x3E0x170xAE0xC50x580x830x2D0x5E0xDC0xA60xF80x4F0x880x4F0x750x760x130xDE0xCB0x580x160x7A0x5F0x050x3F0x800x430x980x3B0x850x4D0x3A0x490x5C0xC80x480x000xC10x990x240x760x2F0xCC0xF10x080x1A0x730x780x330xCA0x360x080x8B0x480x730x3C0xFF0x960xB30xC50x800x150xA40x5B0x7E0x7C0xE60x3E0x970x750xB60xBA0xC80x510xDC0xB20x770xDC0x240xE90x300xA90x070x040x1F0x2B0x3A0xBE0x300xA80x6A0x700xE00xB60x860x1E0xC90x6C0x4B0x5B0xF20x030xA20x330x6B0x900x00。

It should be noted that the data length of the first response after decapsulation is the total length of valid data to be received in this embodiment.

In this embodiment, the monitoring process can be as shown in Figure 3, and the mobile terminal specifically executes:

Step 101: start the monitoring process, initialize the USB management object and the permission object;

Specifically, the mobile terminal starts the monitoring process, and calls the initialization function to initialize the USB management object and the permission object. Wherein, the initialization function includes a first initialization function and a second initialization function.

Wherein, the mobile terminal calls the first initialization function to initialize the USB management object specifically: mUsbManager=(UsbManager)getSystemService(Context.USB_SERVICE); wherein, mUsbManager is the USB management object;

The mobile terminal calls the second initialization function to initialize the permission permission object specifically as follows:

mPermissionIntent=PendingIntent.getBroadcast(this, 0, newIntent(ACTION_USB_PERMISSION), 0); wherein, mPermissionIntent is the permission object, and it is further explained that the permission object is an event object to be processed;

ACTION_USB_PERMISSION is specifically the device permission message,

ACTION_USB_PERMISSION can be specified as

"com.android.example.USB_PERMISSION".

Step 102: Obtain the device object corresponding to the USBKEY within the preset time, when the device object corresponding to the USBKEY is obtained within the preset time, execute step 104; when the device object corresponding to the USBKEY is not obtained within the preset time After object, execute step 103;

Specifically, JAVA calls the acquisition device list function of the USB management object to enumerate the USBKEY within the preset time, and obtain the device object corresponding to the USBKEY. When the device object corresponding to the USBKEY is obtained within the preset time, perform the steps 104: When the device object corresponding to the USBKEY is not acquired within the preset time, execute step 103.

Preferably, the preset time is 2 seconds.

Wherein, the mobile terminal calls the function of obtaining the device list of the USB management object to enumerate the USBKEY within a preset time, and obtain the device object corresponding to the USBKEY, specifically:

HashMap<String, UsbDevice>deviceMap＝m_UsbManager.getDeviceList();

Wherein, the device object specifically includes: vendor identification information of the USBKEY. Wherein, the manufacturer identification information of the USBKEY may specifically be a PID (ProductID, product identification code) and VID (VendorID, supplier identity) of the USBKEY.

Step 103: clear the first device list, and execute step 106;

Step 104: Judging whether there is a device object corresponding to the preset manufacturer identifier, if yes, then execute step 105; otherwise, return to step 102;

Specifically, the mobile terminal acquires the vendor identification information in the device object, and judges whether the obtained vendor identification information in the device object corresponds to the preset vendor identification, and if so, executes step 105; otherwise, returns to step 102.

Step 105: Store the device object corresponding to the preset manufacturer identifier in the first device list, and execute step 106;

Step 106: Judging whether there is a newly added device object in the first device list, if yes, execute step 107; otherwise, execute step 115;

Specifically, the mobile terminal judges whether there is a device object stored in the first device list and not stored in the second device list, and if so, determines that there is a new device object in the first device list and stores it in the first device list. The device objects in the list and not stored in the second device list are regarded as newly added device objects, and step 107 is performed; otherwise, it is determined that there is no newly added device object in the first device list, and step 115 is performed.

It should be noted that, step 101 also includes initializing a second device list, wherein the initialization of the second device list specifically includes: creating an empty second device list.

Step 107: save the newly added device object;

Specifically, the mobile terminal stores the newly added device object in the second device list.

Step 108: Determine whether the newly added device object has device authority, if yes, execute step 111; otherwise, execute step 109;

Specifically, the mobile terminal uses the newly-added device object to call the device permission function of the USB management object to obtain the device permission identifier of the newly-added device object, and judges whether the device permission identifier of the newly-added device object is TRUE, and if so, executes Step 111; otherwise, go to step 109.

Wherein, the mobile terminal uses the newly-added device object to call the acquisition device permission function of the USB management object to obtain the device permission identifier of the newly-added device object, specifically:

BooleanbHasPermissionm = m_UsbManager.hasPermission(device);

Step 109: apply for device permission for the newly added device object;

Specifically, the mobile terminal uses the device object and the permission object to call the application permission function of the USB management object to apply for the device permission for the device object.

Specifically: m_UsbManager.requestPermission(device, mPermissionIntent);

In more detail, the mobile terminal uses the device object and the permission permission object to call the application permission function of the USB management object to apply for the device permission for the device object, and prompts the user on the display interface of the mobile terminal whether the user is authorized by the USBKEY. The device permission flag of the device object corresponding to the USBKEY is TRUE.

Step 110: Determine whether the newly added device object has device authority, if yes, execute step 111; otherwise, return to step 106;

Step 111: Obtain the device connection handle and device interface object corresponding to the newly added device object;

Specifically, the mobile terminal uses the newly-added device object to call the open device function of the USB management object to obtain the device connection handle corresponding to the newly-added device object; The device interface object.

Wherein, the mobile terminal uses the newly-added device object to call the open device function of the USB management object to obtain the device connection handle corresponding to the newly-added device object, specifically:

UsbDeviceConnectionhconnection=m_UsbManager.openDevice(device)

The mobile terminal calls the acquisition interface function of the newly added device object to obtain the device interface object corresponding to the newly added device object, specifically:

UsbInterface m_usbInterface = m_device.getInterface(0);

Step 112: Initialize the device interface object according to the device connection handle;

Specifically, the mobile terminal calls the declared interface function of the device connection handle to initialize the device interface object;

Specifically: m_connection.claimInterface(m_usbInterface,true);

Step 113: Obtain the device communication endpoint corresponding to the newly added device object according to the device interface object;

Specifically, the mobile terminal calls the endpoint acquisition function of the device interface object to obtain the device communication endpoint corresponding to the newly added device object. Specifically:

Wherein, the device communication endpoint specifically includes: a device input endpoint and a device output endpoint.

Step 114: Generate a device communication handle, establish a corresponding relationship with the newly added device object, device connection handle and device communication endpoint respectively and save the device communication handle, and return to step 106;

Step 115: Determine whether there are reduced device objects in the first device list, if yes, execute step 116; otherwise, execute step 119;

Specifically, the mobile terminal judges whether there are device objects stored in the second device list and not stored in the first device list, and if so, determines that there are reduced device objects in the first device list and stores them in the second device list. and not stored in the first device list as reduced device objects, execute step 116; otherwise, determine that there is no reduced device object in the first device list, execute step 119;

Step 116: Determine whether there is a device communication handle corresponding to the reduced device object, if yes, execute step 117; otherwise, execute step 118;

Step 117: Destroy the reduced device objects, and their corresponding device communication handles, device connection handles and device communication endpoints, and return to step 115;

Step 118: Destroy the reduced device objects and return to Step 115;

Step 119: Determine whether to exit the monitoring process, if yes, exit the monitoring process; otherwise, return to step 102.

Wherein, after step 105 and step 103, step 115 may also be executed; correspondingly, when step 115 is judged as no, return to step 106, and when step 106 is judged as no, step 119 is executed.

In addition, in step 102, after obtaining the device object corresponding to the USBKEY within the preset time, the obtained device object can also be directly stored in the first device list, and then step 106 is executed; correspondingly, step 112 and step Between 113 may also include: the mobile terminal obtains the device identification of the USBKEY through the control transmission endpoint according to the device connection handle, and judges whether the device identification is a preset identification, and if so, continues; otherwise, returns to step 102.

Specifically, the mobile terminal calls the control transfer function of the device connection handle to obtain the device identification of the USBKEY through the control transfer endpoint, and judges whether the device identification is a preset identification, and if so, continues; otherwise, returns to step 102.

Wherein, the preset identification mark is the preset identification mark of the USBKEY supporting the FIDO protocol, specifically comprising: a first preset identification mark and a second preset identification mark, the first preset identification mark can be specifically 0xf1d0; the second preset identification mark The identification mark can be specifically 0x01. The device identification identifier specifically includes a first identifier and a second identifier.

Correspondingly, more specifically, the mobile terminal calls the control transfer function of the device connection handle to obtain the first identification and the second identification of the USBKEY through the control transfer endpoint, and judges whether the first identification matches the first preset identification identification and whether the second identification is If yes, it matches the second preset identifier, if yes, continue; otherwise, return to step 102 .

Wherein, the control transfer function is intcontrolTransfer(intrequestType, intrequest, intvalue, intindex, byte[]buffer, intlength, inttimeout); the first identifier and the second identifier can be HID_UsagePage and HID_Usage in the report descriptor of USBKEY respectively.

In this embodiment, the monitoring process can also be shown in Figure 4, and the mobile terminal specifically executes:

Step 201: start the monitoring process, initialize the USB management object and the permission object;

Specifically, the mobile terminal starts the monitoring process, and calls the initialization function to initialize the USB management object and the permission object. Wherein, the initialization function includes a first initialization function and a second initialization function.

Wherein, the mobile terminal calls the first initialization function to initialize the USB management object specifically as follows:

mUsbManager＝(UsbManager)getSystemService(Context.USB_SERVICE); Among them, mUsbManager is the USB management object;

The mobile terminal calls the second initialization function to initialize the permission permission object specifically as follows:

mPermissionIntent＝PendingIntent.getBroadcast(this,0,newIntent(ACTION_USB_PERMISSION),0); where mPermissionIntent is the permission object;

Step 202: Obtain the device object corresponding to the USBKEY within the preset time, when the device object corresponding to the USBKEY is obtained within the preset time, perform step 204; when the device object corresponding to the USBKEY is not obtained within the preset time After object, execute step 203;

Specifically, JAVA calls the acquisition device list function of the USB management object to enumerate the USBKEY within the preset time, and obtain the device object corresponding to the USBKEY. When the device object corresponding to the USBKEY is obtained within the preset time, perform the steps 204: When the device object corresponding to the USBKEY is not acquired within the preset time, execute step 203.

Preferably, the preset time is 2 seconds.

Wherein, the mobile terminal calls the acquisition device list function of the USB management object to enumerate the USBKEY within a preset time, and obtains the device object corresponding to the USBKEY, specifically: HashMap<String, UsbDevice>deviceMap=m_UsbManager.getDeviceList();

Wherein, the device object specifically includes: vendor identification information of the USBKEY. Wherein, the manufacturer identification information of the USBKEY may specifically be a PID (ProductID, product identification code) and VID (VendorID, supplier identity) of the USBKEY.

Step 203: clear the first device list, and execute step 206;

Step 204: Judging whether there is a device object corresponding to the preset manufacturer ID, if yes, execute step 205; otherwise, return to step 202;

Specifically, the mobile terminal acquires the vendor identification information in the device object, and judges whether the obtained vendor identification information of the device object corresponds to the preset vendor ID, and if yes, executes step 205; otherwise, returns to step 202.

Step 205: Store the device object corresponding to the preset manufacturer identifier in the first device list, and execute step 206;

Step 206: Judging whether there is a newly added device object in the first device list, if yes, execute step 207; otherwise, execute step 210;

Specifically, the mobile terminal judges whether there is a device object stored in the first device list and not stored in the second device list, and if so, determines that there is a new device object in the first device list and stores it in the first device list. The device objects in the list and not stored in the second device list are regarded as newly added device objects, and step 207 is executed; otherwise, it is determined that there is no newly added device object in the first device list, and step 210 is executed.

It should be noted that, step 201 also includes initializing a second device list, wherein the initialization of the second device list specifically includes: creating an empty second device list.

Step 207: Store the newly added device object in the second device list;

Step 208: Determine whether the device object in the second device list has device authority, if yes, return to step 206; otherwise, execute step 209;

Specifically, the mobile terminal uses the device object in the second device list to call the device permission function of the USB management object to obtain the device permission identifier of the newly added device object, and judges whether the device permission identifier of the newly added device object is TRUE. , return to step 206; otherwise, execute step 209.

Wherein, the mobile terminal uses the device object in the second device list to call the device permission function of the USB management object to obtain the device permission identifier of the newly added device object, specifically:

BooleanbHasPermissionm = m_UsbManager.hasPermission(device);

Step 209: apply for device permissions for the device objects in the second device list, and return to step 206;

Specifically, the mobile terminal uses the device object and the permission permission object to call the permission application function of the USB management object to apply for the device permission for the device object in the second device list.

Specifically: m_UsbManager.requestPermission(device, mPermissionIntent);

In more detail, the mobile terminal uses the device object and the permission permission object to call the application permission function of the USB management object to apply for the device permission for the device object, and prompts the user on the display interface of the mobile terminal whether the user is authorized by the USBKEY. The device permission flag of the device object corresponding to the USBKEY is TRUE.

Step 210: Determine whether there are reduced device objects in the first device list, if yes, execute step 211; otherwise, execute step 214;

Specifically, the mobile terminal judges whether there are device objects stored in the second device list and not stored in the first device list, and if so, determines that there are reduced device objects in the first device list and stores them in the second device list. and not stored in the first device list as reduced device objects, execute step 211; otherwise, determine that there is no reduced device object in the first device list, execute step 214;

Step 211: Determine whether there is a device communication handle corresponding to the reduced device object, if yes, execute step 212; otherwise, execute step 213;

Step 212: Destroy the reduced device objects and their corresponding device communication handles, device connection handles and device communication endpoints, and return to step 210;

Step 213: Destroy the reduced device objects and return to Step 210;

Step 214: Determine whether the device object in the second device list has device authority and does not have a device communication handle, if yes, perform step 215; otherwise, perform step 219;

Step 215: Obtain the device connection handle and device interface object corresponding to the device object in the second device list;

Specifically, the mobile terminal uses the device object in the second device list to call the open device function of the USB management object to obtain the device connection handle corresponding to the device object in the second device list; call the acquisition interface of the device object in the second device list The function obtains device interface objects corresponding to the device objects in the second device list.

Wherein, the mobile terminal uses the device object in the second device list to call the open device function of the USB management object to obtain the device connection handle corresponding to the device object in the second device list, specifically:

UsbDeviceConnectionhconnection=m_UsbManager.openDevice(device)

The mobile terminal calls the acquisition interface function of the device object in the second device list to obtain the device interface object corresponding to the device object in the second device list, specifically: UsbInterfacem_usbInterface=m_device.getInterface(0);

Step 216: Initialize the device interface object according to the device connection handle;

Specifically, the mobile terminal calls the declared interface function of the device connection handle to initialize the device interface object;

The declaration interface function is specifically: m_connection.claimInterface(m_usbInterface,true);

217: Obtain the device communication endpoint corresponding to the device object in the second device list according to the device interface object;

Specifically, the mobile terminal calls the endpoint acquisition function of the device interface object to obtain the device communication endpoint corresponding to the newly added device object. Specifically:

Wherein, the device communication endpoint specifically includes: a device input endpoint and a device output endpoint.

Step 218: Generate a device communication handle, establish a corresponding relationship between the device communication handle and the device object in the second device list, the device connection handle and the device communication endpoint, and save it, and return to step 214;

Step 219: Determine whether to exit the monitoring process, if yes, exit the monitoring process; otherwise, return to step 202.

Wherein, after step 205 and step 203, step 210 may also be executed. Correspondingly, when step 210 is judged as no, step 206 is executed, and after step 206 is judged as no, step 214 is executed.

In addition, in step 202, after the device object corresponding to the USBKEY is obtained within the preset time, step 206 may be executed after the obtained device object is directly stored in the first device list; correspondingly, step 216 and step 217 may also include: the mobile terminal obtains the device identification of the USBKEY through the control transmission endpoint according to the device connection handle, and judges whether the device identification is a preset identification, if yes, continue; otherwise, return to step 202.

Specifically, the mobile terminal calls the control transfer function of the device connection handle to obtain the device identification of the USBKEY through the control transfer endpoint, and judges whether the device identification is a preset identification, and if so, continues; otherwise, returns to step 202.

Wherein, the preset identification mark is the preset identification mark of the USBKEY supporting the FIDO protocol, specifically comprising: a first preset identification mark and a second preset identification mark, the first preset identification mark can be specifically 0xf1d0; the second preset identification mark The identification mark may specifically be: 0x01. The device identification identifier specifically includes a first identifier and a second identifier.

Correspondingly, more specifically, the mobile terminal calls the control transfer function of the device connection handle to obtain the first identification and the second identification of the USBKEY through the control transfer endpoint, and judges whether the first identification matches the first preset identification identification and whether the second identification is Yes, it matches the second preset identifier, if yes, continue; otherwise, return to step 202 .

Wherein, the control transfer function is controlTransfer(); the first identifier and the second identifier may be HID_UsagePage and HID_Usage in the report descriptor of the USBKEY respectively.

In this embodiment, the monitoring process can also be specifically executed by the mobile terminal as shown in Figure 5:

Step 301: start the monitoring process, initialize the USB management object, the broadcast receiving object, the permission object and the broadcast filtering object;

Specifically, the mobile terminal calls the initialization function to initialize the USB management object, the permission permission object, the broadcast receiving object and the broadcast filtering object. Wherein, the initialization function includes a first initialization function, a second initialization function, a third initialization function and a fourth initialization function.

Wherein, the mobile terminal calls the first initialization function to initialize the USB management object specifically as follows:

mUsbManager＝(UsbManager)getSystemService(Context.USB_SERVICE); Among them, mUsbManager is the USB management object;

The mobile terminal calls the second initialization function to initialize the permission permission object specifically as follows:

mPermissionIntent=PendingIntent.getBroadcast(this,0,newIntent(ACTION_USB_PERMISSION),0); Among them, mPermissionIntent is the permission object; further description, the permission object is an event object to be processed;

ACTION_USB_PERMISSION is the device permission message, and ACTION_USB_PERMISSION can be specifically "com.android.example.USB_PERMISSION".

The mobile terminal calls the third initialization function to initialize the broadcast receiving object specifically: privatefinalBroadcastReceivermUsbReceiver=newBroadcastReceiver(); wherein, mUsbReceiver is the broadcast receiving object;

The mobile terminal calls the fourth initialization function to initialize the broadcast filter object specifically: IntentFilterfilter=newIntentFilter(); wherein, filter is the broadcast filter object.

Step 302: Add a concern message to the broadcast filter object;

Specifically, the mobile terminal calls the adding message function to add the concerned message to the filter object, wherein the concerned message includes a device insertion message, a device removal message and a device permission message.

Among them, the mobile terminal calls the add message function to add the concerned message to the filter object, specifically:

filter.addAction(ACTION_USB_PERMISSION);

filter.addAction(UsbManager.ACTION_USB_DEVICE_ATTACHED);

filter.addAction(UsbManager.ACTION_USB_DEVICE_DETACHED); among them,

ACTION_USB_PERMISSION is the device permission message;

UsbManager.ACTION_USB_DEVICE_ATTACHED inserts messages for the device;

UsbManager.ACTION_USB_DEVICE_DETACHED message for device unplugged.

Step 303: Register the broadcast receiver according to the USB management object and the broadcast filter object;

Specifically, the mobile terminal uses the USB management object and the broadcast filter object to call the register broadcast function to register the broadcast receiver;

The registered broadcast function is registerReceiver(mUsbReceiver, filter);

Step 304: Waiting to obtain the message notification object according to the broadcast receiving object, and after obtaining the message notification object, obtain the device object corresponding to the USBKEY according to the message notification object;

Specifically, the mobile terminal calls the receiving message notification function of the broadcast receiving object and waits to obtain the message communication object. After the message notification object is obtained, the first packaging function of the message notification object is called to obtain the device object corresponding to the USBKEY;

Among them, the mobile terminal calls the receiving message notification function of the broadcast receiving object and waits to obtain the message communication object, and the receiving message notification function is specifically:

publicvoidonReceive(Contextcontext,Intentintent), where intent is the message communication object;

The mobile terminal calls the first packaging function of the message notification object to obtain the device object corresponding to the USBKEY, specifically: UsbDevicedevice=(UsbDevice)intent.getParcelableExtra(UsbManager.EXTRA_DEVICE); wherein, device is the device object.

Wherein, the device object specifically includes: the vendor identification information of the USBKEY, wherein the vendor identification information of the USBKEY may specifically be a PID (Product ID, product identification code) and a VID (Vendor ID, vendor identity) of the USB KEY.

Step 305: Determine whether the device object corresponds to the preset manufacturer ID, if yes, execute step 306; otherwise, return to step 304;

Specifically, the mobile terminal obtains the vendor identification information in the device object, and judges whether the obtained vendor identification information in the device object corresponds to the preset vendor identification, and if yes, executes step 306; otherwise, returns to step 304.

Step 306: Obtain the device permission identifier of the device object according to the message notification object, obtain the message notification according to the message notification object, and judge the type of message notification according to the concerned message. When the type of message notification is a device permission message, perform step 307; when the message notification When the type of the message is a device insertion message, perform step 308; when the type of the message notification is a device pull out message, perform step 314;

Specifically, the mobile terminal calls the second packaging function of the message notification object to obtain the device authority of the USBKEY, calls the message acquisition function of the message notification object to obtain the message notification, and judges the type of the message notification according to the concerned message. When the type of the message notification is a device permission message , execute step 307; when the type of message notification is a device insertion message, execute step 308; when the type of message notification is a device pull out message, execute step 314;

Wherein, the mobile terminal calls the second packaging function of the message notification object to obtain the device authority identifier of the USBKEY, specifically:

Boolean

bHasPermission＝intent.getBooleanExtra(UsbManager.EXTRA_PERMISSION_GRANTED,false); where, bHasPermission is the device permission identifier;

The mobile terminal calls the get message function of the message notification object to get the message notification, specifically:

Stringaction=intent.getAction(); wherein, action is a message notification.

Step 307: Determine whether the device object has device permissions according to the device permission identifier, if yes, go to step 309; otherwise, go to step 317;

Specifically, the mobile terminal determines whether the device authority flag is TRUE, and if so, determines that the device object has the device authority; otherwise, determines that the device object does not have the device authority.

Step 308: Determine whether the device object has device permissions according to the device permission identifier, if yes, go to step 309; otherwise, go to step 313;

Specifically, the mobile terminal determines whether the device authority flag is TRUE, and if so, determines that the device object has the device authority; otherwise, determines that the device object does not have the device authority.

Step 309: Obtain the device connection handle and device interface object corresponding to the device object;

Specifically, the mobile terminal uses the device object to call the open device function of the USB management object to obtain the device connection handle corresponding to the device object; calls the device object's obtain interface function to obtain the device interface object corresponding to the device object.

Wherein, the mobile terminal uses the device object to call the open device function of the USB management object to obtain the device connection handle corresponding to the device object, specifically:

UsbDeviceConnectionhconnection=m_UsbManager.openDevice(device)

Call the acquisition interface function of the device object to obtain the device interface object corresponding to the device object, specifically: UsbInterfacem_usbInterface=m_device.getInterface(0);

Step 310: Initialize the device interface object according to the device connection handle;

Specifically, the mobile terminal calls the declared interface function of the device connection handle to initialize the device interface object;

Specifically: m_connection.claimInterface(m_usbInterface,true);

Step 311: Obtain the device communication endpoint corresponding to the device object according to the device interface object;

Specifically, the mobile terminal calls the endpoint acquisition function of the device interface object to obtain the device communication endpoint corresponding to the device object. Specifically:

Step 312: Generate a device communication handle, establish and save corresponding relationships between the device communication handle and the device object, the device connection handle and the device communication endpoint, and execute step 317;

Step 313: Apply for the device permission for the device object, go to step 317;

Specifically, the mobile terminal uses the device object and the permission object to call the application permission function of the USB management object to apply for the device permission for the device object.

Specifically: m_UsbManager.requestPermission(device, mPermissionIntent);

In more detail, the mobile terminal uses the device object and the permission permission object to call the application permission function of the USB management object to apply for the device permission for the device object, and prompts the user on the display interface of the mobile terminal whether the user is authorized by the USBKEY. The device permission flag of the device object corresponding to the USBKEY is TRUE.

Step 314: Determine whether there is a device communication handle corresponding to the device object, if yes, execute step 315; otherwise, execute step 316;

Step 315: Destroy the device object, and its corresponding device communication handle, device connection handle and device communication endpoint, and execute step 317;

Step 316: Destroy the device object, go to step 317;

Step 317: Determine whether to exit the monitoring process, if yes, then exit the monitoring process; otherwise, return to step 304;

In addition, after the mobile terminal executes step 304, it can also directly execute step 306; correspondingly, between step 310 and step 311 may also include: the mobile terminal obtains the device identification of the USBKEY by controlling the transmission endpoint according to the device connection handle, and determines the device identification Whether it is a preset identification mark, if yes, continue; otherwise, return to step 304 .

Specifically, the mobile terminal calls the control transfer function of the device connection handle to obtain the device identification of the USBKEY through the control transfer endpoint, and judges whether the device identification is a preset identification, and if so, continues; otherwise, returns to step 304.

Wherein, the preset identification mark is the preset identification mark of the USBKEY supporting the FIDO protocol, specifically comprising: a first preset identification mark and a second preset identification mark, the first preset identification mark can be specifically 0xf1d0; the second preset identification mark The identification mark can be specifically 0x01. The device identification identifier specifically includes a first identifier and a second identifier.

Correspondingly, more specifically, the mobile terminal calls the control transfer function of the device connection handle to obtain the first identification and the second identification of the USBKEY through the control transfer endpoint, and judges whether the first identification matches the first preset identification identification and whether the second identification is Yes, it matches the second preset identifier, if yes, continue; otherwise, return to step 304 .

Wherein, the control transfer function is controlTransfer(); the first identifier and the second identifier may be HID_UsagePage and HID_Usage in the report descriptor of the USBKEY respectively.

Example 2

This embodiment provides a device for communicating with a smart key device, as shown in FIG. Two judging module 06, the second acquiring module 07, the first packaging module 08, the first sending module 09, the first receiving module 10 and the first unpacking module 11;

Initialization module 01, used for initialization;

The monitoring module 02 is used to monitor whether a smart key device is inserted by broadcasting or enumerating after the initialization module 01 is initialized; , to monitor whether there is a smart key device inserted;

The first obtaining module 03 is used to obtain the device object corresponding to the smart key device when the monitoring module 02 monitors that the smart key device is inserted;

The first acquisition module 03 is specifically used to call the device list function to enumerate the smart key device when the monitoring module 02 adopts an enumeration method to monitor that a smart key device is inserted, and obtain the device corresponding to the smart key device object.

Or the first obtaining module 03 is specifically used to call the first packaging function to obtain the device object corresponding to the smart key device after the monitoring module 02 detects that the smart key device is inserted by means of broadcasting.

The first judging module 04 is used to judge whether the device object obtained by the first obtaining module 03 has device authority;

The first judging module 04 is specifically used for when the first obtaining module 03 calls the device list function to enumerate the smart key device, and after obtaining the device object corresponding to the smart key device, calls the device permission function to obtain the device of the device object Authorization ID, judging whether the device object has device authorization according to the device authorization ID;

Or when the first obtaining module 03 calls the first packaging function to obtain the device object corresponding to the smart key device, it calls the second packaging function to obtain the device permission identifier of the device object, and judges whether the device object has device permission according to the device permission identifier.

The application authority module 05 is used to apply for the equipment authority for the equipment object after the first judging module 04 judges as no;

The permission application module 05 is specifically used to call the permission application function to apply for the device permission for the device object after the first judging module 04 judges no.

The second judging module 06 is used for judging whether the device object has the device permission after the permission application module 05 applies for the device permission for the device object acquired by the first obtaining module 03;

The second judgment module 06 is specifically used to enumerate the smart key device by calling the device list function when the application permission module 05 is the first acquisition module 03, and obtain the device object corresponding to the smart key device, after applying for the device permission , call the obtain device permission function to obtain the device permission ID of the device object, and judge whether the device object has the device permission according to the device permission ID.

Or it is specifically used when the permission application module 05 is the device object corresponding to the smart key device obtained by the first acquisition module 03 by calling the first packaging function. After applying for the device permission, call the second packaging function to obtain the device permission of the device object ID, and judge whether the device object has the device authorization according to the device authorization ID.

The second acquisition module 07 is used to obtain the device connection handle and the device interface object corresponding to the device object when the first judgment module 04 judges to be yes or when the second judgment module 06 judges to be yes, and obtain the corresponding device interface object according to the device interface object. The device communication endpoint corresponding to the device object.

The second acquisition module 07 is specifically used to call the open device function to obtain the device connection handle corresponding to the device object when the first judgment module 04 judges to be or when the second judgment module 06 judges to be yes; call the acquisition interface function to obtain The device interface object corresponding to the device object; call the get endpoint function to get the device communication endpoint corresponding to the device object.

The first encapsulation module 08 is used to generate the first communication instruction after the second obtaining module 07 obtains the device communication endpoint corresponding to the device object according to the device interface object, obtains the USB protocol identifier according to the device object, and performs the first communication according to the USB protocol identifier. Encapsulation of communication instructions;

The first packaging module 08 includes a first acquisition unit and a first organization unit;

The first obtaining unit is used to generate the first communication instruction, and obtain the USB protocol identifier according to the device object obtained by the first obtaining module 03;

Wherein, the first communication command is specifically a PIN verification command or a random number command or a key pair production command or a signature command; the USB protocol identifier is specifically a CCID protocol identifier, an HID protocol identifier, or a SCSI protocol identifier.

The first organizing unit is specifically configured to add a USB protocol header corresponding to the USB protocol identifier before the first communication command generated by the first acquisition unit, so as to obtain the encapsulated first communication command.

The first sending module 09 is configured to send the first communication command encapsulated by the first encapsulation module 08 to the corresponding smart key device through the device connection handle and the device communication endpoint obtained by the second obtaining module 07;

The first receiving module 10 is configured to receive the first response corresponding to the encapsulated first communication command from the smart key device through the device connection handle and the device communication endpoint obtained by the second obtaining module 07;

The first decapsulation module 11 is configured to decapsulate the first response received by the first receiving module 10 according to the USB protocol identifier, and obtain the decapsulated first response.

The first decapsulation module 11 is specifically configured to remove the response header corresponding to the USB protocol identifier in the first response received by the first receiving module 10 according to the first encapsulation module 08, to obtain the decapsulated first response.

In this embodiment, the device communication endpoints include device output endpoints and device input endpoints; correspondingly:

The first sending module 09 is specifically used to call the data transfer function through the device connection handle obtained by the second obtaining module 07 to send the encapsulated first communication command through the device output endpoint obtained by the second obtaining module 07 to the corresponding smart key. key device;

The first receiving module 10 is specifically used to call the data transfer function through the device communication handle obtained by the second obtaining module 07 and receive the first response corresponding to the encapsulated first communication command from the smart key device through the device input endpoint. .

In this embodiment, the communication device may further include a third judging module; correspondingly:

The third judging module is used to judge whether the device object obtained by the first obtaining module 03 is Corresponding to the default manufacturer logo;

The first judging module 04 is specifically used to judge whether the device object obtained by the first obtaining module 03 has device authority after the third judging module judges as yes;

The monitoring module 02 is also used to monitor whether there is a smart key device inserted by broadcasting or enumerating after the third judging module judges no.

In this embodiment, the communication device may further include a fourth judging module; correspondingly:

The fourth judging module is used to use the control transmission according to the device connection handle after the second obtaining module 07 obtains the device connection handle and the device interface object corresponding to the device object, and before obtaining the device communication endpoint corresponding to the device object according to the device interface object. The endpoint obtains the device identification of the smart key device, and determines whether the device identification is a preset identification;

The second obtaining module 07 is specifically used to obtain the device connection handle and the device interface object corresponding to the device object when the first judgment module 04 judges to be yes; The device communication endpoint corresponding to the object; and when the second judging module 06 is judged to be yes, obtain the device connection handle and the device interface object corresponding to the device object; The device communication endpoint corresponding to the object;

The monitoring module 02 is also used to monitor whether there is a smart key device plugged in by broadcasting or enumerating after the fourth judging module judges no.

In this embodiment, the communication device may also include a fifth judging module and a first destroying module; correspondingly:

The monitoring module 02 is also used to monitor whether the smart key device is pulled out by broadcasting or enumerating after the initialization module 01 is initialized;

The fifth judging module is used to judge whether the device object corresponding to the smart key device has a corresponding device connection handle and device communication endpoint after the monitoring module 02 monitors that the smart key device is pulled out;

The first destruction module is used to destroy the device object corresponding to the smart key device, the device connection handle and the device communication endpoint corresponding to it when the fifth judgment module judges yes; and when the fifth judgment module judges no , to destroy the device object corresponding to the smart key device.

In this embodiment, the communication device may further include a storage module and a third acquisition module; correspondingly:

The saving module is used to generate a device communication handle, establish a corresponding relationship with the device connection handle obtained by the second obtaining module 07, the device communication endpoint and the device object obtained by the first obtaining module 03, and save the corresponding relationship;

The third obtaining module is used to obtain the USB protocol identifier according to the device object when the first encapsulation module 08 generates the first communication instruction, and obtain the corresponding device according to the device communication handle before obtaining the second communication instruction according to the USB protocol identifier and the first communication instruction Objects, device connection handles and device communication endpoints;

The first sending module 09 is specifically configured to send the second communication instruction obtained by the first encapsulation module 08 to the corresponding smart key device through the device connection handle and device communication endpoint obtained by the third obtaining module.

When the communication device initialization module 01, monitoring module 02, first acquisition module 03, first judgment module 04, application authority module 05, second judgment module 06, second acquisition module 07, first encapsulation module 08, first sending module 09. When the first receiving module 10, the first unsealing module 11, the saving module and the third acquiring module, the communication device may also include a sixth judging module and a second destroying module; correspondingly:

The monitoring module 02 is also used to monitor whether the smart key device is pulled out by broadcasting or enumerating after the initialization module 01 is initialized;

The sixth judging module is used to judge whether the device object corresponding to the smart key device has a corresponding device connection handle and device communication endpoint after the monitoring module 02 monitors that the smart key device is pulled out;

The second destruction module is used to destroy the device object corresponding to the smart key device, the device communication handle, the device connection handle and the device communication endpoint respectively corresponding to it when the sixth judging module judges yes; and when the sixth judging module After the judgment is no, destroy the device object corresponding to the smart key device.

It should also be noted that although in the prior art, smart key devices with other interfaces (such as smart key devices with Bluetooth interfaces or smart key devices with audio interfaces, etc.) can communicate with mobile terminals, the present invention The communication method and communication device between the mobile terminal and the smart key device with USB interface provided in the embodiment can achieve faster communication speed and more convenience while reducing the cost.

The above is only a preferred embodiment of the present invention, but the scope of protection of the present invention is not limited thereto, any changes or variations that can be easily conceived by those skilled in the art within the technical scope disclosed in the present invention Replacement should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be determined by the protection scope of the claims.

Claims (34)

1. A method for communicating with a smart key device, comprising: a monitoring process and a communication process; The monitoring process includes: Step s1: mobile terminal initialization; Step s2: The mobile terminal monitors whether a smart key device is inserted by broadcasting or enumerating; when the mobile terminal monitors the insertion of the smart key device, execute step s3; Step s3: The mobile terminal obtains the device object corresponding to the smart key device, and judges whether the device object has device authority, and if so, executes step s5; otherwise, executes step s4; Step s4: The mobile terminal applies for the device permission for the device object, and judges whether the device object has the device permission, if yes, execute step s5, otherwise, return to step s2; Step s5: The mobile terminal obtains a device connection handle and a device interface object corresponding to the device object, and obtains a device communication endpoint corresponding to the device object according to the device interface object; The communication process includes: Step r1: the mobile terminal generates a first communication command, acquires a USB protocol identifier according to the device object, and encapsulates the first communication command according to the USB protocol identifier; Step r2: the mobile terminal sends the encapsulated first communication command to the corresponding smart key device through the device connection handle and the device communication endpoint; Step r3: the mobile terminal receives a first response corresponding to the encapsulated first communication command from the smart key device through the device connection handle and the device communication endpoint; Step r4: The mobile terminal decapsulates the first response according to the USB protocol identifier, obtains the decapsulated first response, and communicates successfully. 2. The method according to claim 1, wherein after the mobile terminal acquires the device object corresponding to the smart key device, before the judging whether the device object has device authority, further comprising: judging Whether the device object corresponds to the preset manufacturer identifier, if so, continue; otherwise, return to step s2. 3. The method according to claim 1, characterized in that, after the mobile terminal obtains the device connection handle and the device interface object corresponding to the device object, it obtains the device corresponding to the device object according to the device interface object. Before the device communication endpoint, it also includes: the mobile terminal obtains the device identification of the smart key device through the control transmission endpoint according to the device connection handle, and judges whether the device identification is a preset identification, and if so , continue; otherwise, return to step s2. 4. The method according to claim 1, characterized in that, the step s2 further comprises: the mobile terminal monitors whether there is a smart key device pulled out by broadcasting or enumerating; when the mobile terminal After monitoring that the smart key device is pulled out, execute step m1; Step m1: The mobile terminal judges whether there is a corresponding device connection handle and device communication endpoint for the device object corresponding to the smart key device, if yes, execute step m2; otherwise, execute step m3; Step m2: the mobile terminal destroys the device object corresponding to the smart key device, and the device connection handle and device communication endpoint respectively corresponding to it; Step m3: The mobile terminal destroys the device object corresponding to the smart key device. 5. The method according to claim 1, characterized in that, after the step s5, it further comprises: the mobile terminal generates a device communication handle, connects the device communication handle to the device connection handle, and the device communication endpoint and the device object respectively establishes a corresponding relationship and saves it; Before the step r1, the method further includes: the mobile terminal acquires the corresponding device object, the device connection handle and the device communication endpoint according to the device communication handle. 6. The method according to claim 5, wherein the s2 further comprises: the mobile terminal monitors whether there is a smart key device pulled out by means of broadcast or enumeration; when the mobile terminal monitors After the smart key device is pulled out, execute step n1; Step n1: The mobile terminal judges whether there is a corresponding device communication handle for the device object corresponding to the smart key device, if yes, execute step n2; otherwise, execute step n3; Step n2: the mobile terminal destroys the device object corresponding to the smart key device, and the device communication handle, device connection handle and device communication endpoint corresponding to it respectively; Step n3: The mobile terminal destroys the device object corresponding to the smart key device. 7. The method according to claim 1, characterized in that said encapsulating said first communication command according to said USB protocol identifier: specifically: adding a link with said USB protocol before said first communication command A corresponding USB protocol header is identified to obtain the encapsulated first communication instruction. 8. The method according to claim 1, wherein the mobile terminal decapsulates the first response according to the USB protocol identifier to obtain the decapsulated first response, specifically: the mobile terminal The terminal removes the response header corresponding to the USB protocol identifier in the first response to obtain the decapsulated first response. 9. The method according to claim 1, wherein the first communication instruction is specifically a PIN verification instruction or a random number fetching instruction or a key pair generation instruction or a signature instruction. 10. The method according to claim 1, wherein the USB protocol identifier is specifically a CCID protocol identifier, an HID protocol identifier, or a SCSI protocol identifier. 11. The method according to claim 1, wherein the mobile terminal applies for the device permission for the device object as follows: The mobile terminal calls the application permission function to apply for the device permission for the device object. 12. The method according to claim 1, wherein the step s5 is specifically: the mobile terminal calls the open device function to obtain the device connection handle corresponding to the device object; calls the acquisition interface function to obtain the device connection handle corresponding to the device object The device interface object corresponding to the device object; calling the get endpoint function to obtain the device communication endpoint corresponding to the device object. 13. The method according to claim 1, wherein the device communication endpoints include device output endpoints and device input endpoints; The step r2 is specifically: the mobile terminal calls a data transfer function through the device connection handle to send the encapsulated first communication command to the corresponding smart key device through the device output endpoint; The step r3 specifically includes: the mobile terminal calls a data transfer function through the device connection handle and receives the first communication command corresponding to the encapsulated first communication command from the smart key device through the device input endpoint. answer. 14. The method according to claim 1, characterized in that, when the mobile terminal monitors the insertion of the smart key device by means of enumeration, the mobile terminal obtains the key corresponding to the smart key device Specifically, the device object is: the mobile terminal calls a device list function to enumerate the smart key device, and acquires a device object corresponding to the smart key device. 15. The method according to claim 14, wherein the judging whether the device object has the device permission is specifically: the mobile terminal calls the function of obtaining the device permission to obtain the device permission identifier of the device object, and according to the The device permission identifier determines whether the device object has device permission. 16. The method according to claim 1, wherein when the mobile terminal monitors the insertion of the smart key device by broadcasting, the mobile terminal obtains the device corresponding to the smart key device Specifically, the object is: the mobile terminal invokes the first packaging function to obtain a device object corresponding to the smart key device. 17. The method according to claim 16, wherein the judging whether the device object has a device permission is specifically: the mobile terminal calls a second packaging function to obtain the device permission identifier of the device object, and according to the The device permission identifier determines whether the device object has device permission. 18. A device for communicating with a smart key device, characterized in that it includes: an initialization module, a monitoring module, a first acquisition module, a first judgment module, an application authority module, a second judgment module, a second acquisition module, a first An encapsulation module, a first sending module, a first receiving module and a first decapsulating module; The initialization module is used for initialization; The monitoring module is used to monitor whether a smart key device is inserted by broadcasting or enumerating after the initialization module is initialized; For example, monitor whether there is a smart key device inserted; The first obtaining module is configured to obtain a device object corresponding to the smart key device when the monitoring module monitors that the smart key device is inserted; The first judging module is configured to judge whether the device object obtained by the first obtaining module has device authority; The application permission module is used to apply for the device permission for the device object after the first judging module judges no; The second judging module is configured to judge whether the device object has device permission after the permission application module applies for the device permission for the device object acquired by the first obtaining module; The second obtaining module is configured to obtain the device connection handle and the device interface object corresponding to the device object when the first judging module judges yes or when the second judging module judges yes, according to The device interface object acquires a device communication endpoint corresponding to the device object; The first encapsulation module is configured to generate a first communication instruction after the second obtaining module obtains the device communication endpoint corresponding to the device object according to the device interface object, and obtain the USB protocol identifier according to the device object , encapsulating the first communication command according to the USB protocol identifier; The first sending module is configured to send the first communication command encapsulated by the first encapsulation module to the corresponding smart key through the device connection handle obtained by the second obtaining module and the device communication endpoint equipment; The first receiving module is configured to use the device connection handle obtained by the second obtaining module and the device communication endpoint to receive the first communication command corresponding to the encapsulated first communication command from the smart key device. a response; The first decapsulation module is configured to decapsulate the first response received by the first receiving module according to the USB protocol identifier, to obtain the decapsulated first response. 19. The device according to claim 18, further comprising a third judging module; The third judging module is used to judge whether the device object has device authority after the first obtaining module obtains the device object corresponding to the smart key device Whether the device object obtained by the obtaining module corresponds to the preset manufacturer identification; The first judging module is specifically used to judge whether the device object obtained by the first obtaining module has device authority after the third judging module judges as yes; The monitoring module is further configured to monitor whether a smart key device is inserted by broadcasting or enumerating after the third judging module judges no. 20. The device according to claim 18, further comprising a fourth judging module; The fourth judging module is used to obtain the device communication endpoint corresponding to the device object according to the device interface object after the second obtaining module obtains the device connection handle and the device interface object corresponding to the device object Before, according to the device connection handle, use the control transmission endpoint to obtain the device identification of the smart key device, and determine whether the device identification is a preset identification; The second acquiring module is specifically configured to acquire a device connection handle and a device interface object corresponding to the device object when the first judging module judges yes; and when the second judging module judges yes, Obtain a device connection handle and a device interface object corresponding to the device object, and obtain a device communication endpoint corresponding to the device object according to the device interface object after the fourth judging module judges yes; The monitoring module is further configured to monitor whether a smart key device is inserted by broadcasting or enumerating after the fourth judging module judges no. 21. The device according to claim 18, further comprising a fifth judging module and a first destroying module; The monitoring module is also used to monitor whether the smart key device is pulled out by broadcasting or enumerating after the initialization module is initialized; The fifth judging module is used to judge whether the device object corresponding to the smart key device has a corresponding device connection handle and device communication endpoint after the monitoring module monitors that the smart key device is pulled out; The first destroying module is used to destroy the device object corresponding to the smart key device, and the device connection handle corresponding to it to communicate with the device after the fifth judging module judges yes. an endpoint; and when the fifth judging module judges no, destroying the device object corresponding to the smart key device. 22. The device according to claim 18, further comprising a saving module and a third acquiring module; The saving module is used to generate a device communication handle, and combine the device communication handle with the device connection handle obtained by the second obtaining module, the device communication endpoint and the device object obtained by the first obtaining module Establish corresponding relationships and save them respectively; The third obtaining module is configured to obtain the USB protocol identifier according to the device object when the first encapsulation module generates the first communication instruction, and obtain the second communication instruction according to the USB protocol identifier and the first communication instruction. Before the instruction, obtain the corresponding device object, the device connection handle and the device communication endpoint according to the device communication handle; The first sending module is specifically configured to send the second communication command obtained by the first encapsulation module to the corresponding device connection handle obtained by the third obtaining module and the device communication endpoint. Smart key device. 23. The device according to claim 22, further comprising a sixth judging module and a second destroying module; The monitoring module is also used to monitor whether the smart key device is pulled out by broadcasting or enumerating after the initialization module is initialized; The sixth judging module is used to judge whether the device object corresponding to the smart key device has a corresponding device connection handle and device communication endpoint after the monitoring module monitors that the smart key device is pulled out; The second destruction module is used to destroy the device object corresponding to the smart key device, the device communication handle and the device connection handle and the communication endpoint of the device; and when the sixth judging module determines no, destroy the device object corresponding to the smart key device. 24. The device according to claim 18, wherein the first encapsulation module comprises a first acquisition unit and a first organization unit; The first acquiring unit is configured to generate a first communication instruction, and acquire the USB protocol identifier according to the device object acquired by the first acquiring module; The first organizing unit is specifically configured to add a USB protocol header corresponding to the USB protocol identifier before the first communication command generated by the first acquiring unit, so as to obtain the encapsulated first communication command. 25. The device according to claim 18, wherein the first decapsulation module is specifically configured to remove the AND in the first response received by the first receiving module according to the first encapsulation module. The response header corresponding to the USB protocol identifier is obtained to obtain the first response after decapsulation. 26. The device according to claim 18, wherein the first communication instruction is specifically a PIN verification instruction or a random number acquisition instruction or a key pair generation instruction or a signature instruction. 27. The device according to claim 18, wherein the USB protocol identifier is specifically a CCID protocol identifier, an HID protocol identifier, or a SCSI protocol identifier. 28. The device according to claim 18, wherein the permission application module is specifically configured to call a permission application function to apply for a device permission for the device object after the first judging module determines no. 29. The device according to claim 18, wherein the second acquisition module is specifically configured to call open The device function obtains the device connection handle corresponding to the device object; calls the obtain interface function to obtain the device interface object corresponding to the device object; calls the obtain endpoint function to obtain the device communication endpoint corresponding to the device object. 30. The device according to claim 18, wherein the device communication endpoints include device output endpoints and device input endpoints; The first sending module is specifically configured to call a data transfer function through the device connection handle obtained by the second obtaining module to output the encapsulated first communication command through the device obtained by the second obtaining module The endpoint sends to the corresponding smart key device; The first receiving module is specifically configured to use the device communication handle obtained by the second obtaining module to call a data transfer function to receive the encapsulated second key from the smart key device through the device input endpoint. A first response corresponding to a communication command. 31. The device according to claim 18, wherein the first acquisition module is specifically configured to call the device list function to The smart key device performs enumeration to obtain a device object corresponding to the smart key device. 32. The device according to claim 31, wherein the first judging module is specifically configured to call a device permission acquisition function to obtain the device permission identifier of the device object, and judge the device object according to the device permission identifier Whether it has device permissions; The second judging module is specifically configured to, after the applying permission module applies for the device permission for the device object obtained by the first obtaining module, call the function of obtaining device permission to obtain the device permission identifier of the device object, according to the The device permission identifier determines whether the device object has device permission. 33. The device according to claim 18, wherein the first obtaining module is specifically configured to call the first packaging function to obtain the key device and The device object corresponding to the smart key device. 34. The device according to claim 33, wherein the first judging module is specifically configured to call the second packaging function to obtain the device permission identifier of the device object, and judge the device according to the device permission identifier Whether the object has device permissions; The second judging module is specifically configured to call the second packaging function to obtain the device permission identifier of the device object after the permission application module applies for the device permission for the device object obtained by the first obtaining module, according to the The device permission identifier determines whether the device object has device permission.