阅读说明：本技术 跟踪卡端与终端指令交互的方法、装置及可读介质 (Method, device and readable medium for tracking card end and terminal instruction interaction ) 是由 李庆福 于 2021-07-13 设计创作，主要内容包括：本发明涉及一种跟踪卡端与终端指令交互的方法、装置及可读介质的技术方案,包括：控卡端与终端的APDU指令交互信息,获取交互信息并存储；基于访问控制规则实现终端的APP访问APDU指令交互信息；APP将APDU指令交互信息根据设置进行自动或主动发送至服务器。本发明的有益效果为：降低了不必要的设备支出；不需要技术人员现场调试,降低了费用成本；可以迅速方便地抓取日志,定位问题,极大地提高了工作效率。(The invention relates to a method and a device for tracking the instruction interaction between a card end and a terminal and a technical scheme of a readable medium, wherein the method comprises the following steps: the method comprises the steps that APDU commands of a card control end and a terminal exchange information, and the exchange information is obtained and stored; realizing APP access APDU instruction interaction information of the terminal based on the access control rule; and the APP automatically or actively sends the APDU instruction interaction information to the server according to the setting. The invention has the beneficial effects that: unnecessary equipment expenditure is reduced; the technical personnel are not needed to debug on site, so that the cost is reduced; can conveniently snatch the log fast, the location problem has greatly improved work efficiency.)

1. A method for tracking instruction interaction between a card end and a terminal is characterized by comprising the following steps:

monitoring APDU instruction interaction information of a card end and a terminal, acquiring and storing the interaction information;

based on an access control rule, the APP of the terminal accesses the APDU instruction interaction information;

and the APP automatically or actively sends the APDU instruction interaction information to a server according to the setting.

2. The method for tracking the command interaction between the card terminal and the terminal as claimed in claim 1, wherein the monitoring the APDU command interaction information between the card terminal and the terminal, and the obtaining and storing the interaction information comprises:

and arranging a monitor at the card end, monitoring the APDU instruction interaction information through the monitor, and storing the APDU instruction interaction information in a private file.

3. The method of claim 2, wherein the enabling the APP of the terminal to access the APDU instruction interaction information based on the access control rule includes:

setting an application program for controlling access authority in the APP, wherein the application program comprises a certificate corresponding to the signature of the APP and abstract configuration;

and the APP accesses the private file through an MOA rule, and before access, the access control rule on the card terminal is read through an Android Framework layer.

4. The method for tracking the instruction interaction between the card terminal and the terminal according to claim 2, wherein the size of the private file is set by self according to a storage space of the card terminal.

5. The method for tracking the command interaction between the card terminal and the terminal as claimed in claim 1, further comprising:

and the APP stores the APDU instruction and the state word into a log file through a data structure to the APDU instruction interaction information, wherein the data structure at least comprises byte length, the APDU instruction and the state word.

6. The method for tracking card end and terminal instruction interaction according to claim 5, wherein the APP automatically or actively sending the APDU instruction interaction information to a server according to a setting comprises:

the APP receives a user instruction and executes to actively send the log file; or

And the APP checks the received state word of the log file at set time intervals, and if the state word is abnormal, the state word is reported to a server.

7. The method for tracking the command interaction between the card terminal and the terminal as claimed in claim 1, further comprising:

the APP is also provided with a screening condition for acquiring the APDU instruction interaction information, and the screening condition can be set in a user-defined mode.

8. The method for tracking card-end and terminal instruction interaction according to claim 1, wherein the APP communicates with the server in HTTPS.

9. An apparatus for tracking card-side instruction interaction with a terminal, the apparatus comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the method steps of any of claims 1-8 when executing the computer program.

10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method steps of any one of claims 1 to 8.

Technical Field

The invention relates to the field of computer mobile communication, in particular to a method, a device and a readable medium for tracking instruction interaction between a card end and a terminal.

Background

With the rapid development of the internet of things, service scenes are popularized to various fields in succession, and corresponding terminals are various. However, whatever type of terminal, it is necessary to ensure its stable network communication function, specifically, it refers to normal interaction between the terminal and the card terminal, and when a problem occurs, it can quickly capture the log and locate the problem.

In the aspect of capturing logs, it is currently common practice in the industry to intercept and store data at an IO layer through a specific tracker device, and although this method is effective, there are several problems:

1. the equipment needs to be purchased, which increases the extra cost of manufacturers;

2. the types of the terminals are more, so that the problem of equipment compatibility easily exists;

3. certain professional knowledge is needed during operation, and the requirement on users is high;

4. problem equipment is often spread all over the world and needs to be sent back or even on business to be solved on site, resulting in high cost and low efficiency.

The smart card alliance proposed an Open Mobile API standard in 2011, and each terminal manufacturer implements an interactive interface between an Android application program and a smart card on part of models according to the standard definition, as shown in fig. 1:

the upper layer is an Android application layer, namely a common Android APK program.

The middle layer is an Android framework layer, provides a standard SDK API for an upper Android application developer, and interacts with system bottom layer services or related hardware drivers. Before the Android application program accesses the smart card, the Access control program needs to acquire a digital certificate abstract used by a signature when the application program is issued through an Android standard API, and meanwhile, whether the application program has the authority of accessing the smart card or not is judged through comparison according to Access control rules (generally, the Access control rules are certificate abstracts used by application program signature) in a lower-layer smart card Access control File and a program (Access Rule File/Access Rule Applet, which is abbreviated as ARF/ARA).

The lower layer is bottom layer intelligent card hardware, wherein ARF/ARA of all application programs of the upper layer and various Java Applet programs such as specific responsible operation, storage, authentication and the like are arranged in the bottom layer intelligent card hardware. Applet A and Applet1 are the relation between a caller and a callee, and since auditing control of an access control program in an Android system is required in the calling process, an 'ARF/ARA of Application 1' needs to be provided in a smart card in a matching way so that the Applet1 can be accessed smoothly by the A.

Disclosure of Invention

The invention aims to solve at least one technical problem in the prior art, provides a method, a device and a readable medium for tracking the instruction interaction between a card end and a terminal, and solves the defects in the prior art.

The technical scheme of the invention comprises a method for tracking the instruction interaction between a card end and a terminal, which is characterized by comprising the following steps: monitoring APDU instruction interaction information of a card end and a terminal, acquiring and storing the interaction information; based on an access control rule, the APP of the terminal accesses the APDU instruction interaction information; and the APP automatically or actively sends the APDU instruction interaction information to a server according to the setting.

According to the method for tracking the instruction interaction between the card end and the terminal, the monitoring of the APDU instruction interaction information between the card end and the terminal, the obtaining and storing of the interaction information comprises the following steps: and arranging a monitor at the card end, monitoring the APDU instruction interaction information through the monitor, and storing the APDU instruction interaction information in a private file.

According to the method for interacting the tracking card terminal and the terminal instruction, the method for realizing that the APP of the terminal accesses the APDU instruction interaction information based on the access control rule comprises the following steps: setting an application program for controlling access authority in the APP, wherein the application program comprises a certificate corresponding to the signature of the APP and abstract configuration; and the APP accesses the private file through an MOA rule, and before access, the access control rule on the card terminal is read through an Android Framework layer.

According to the method for tracking the instruction interaction between the card end and the terminal, the size of the private file is set by self according to the storage space of the card end.

The method for interacting the tracking card end and the terminal instruction comprises the following steps: and the APP stores the APDU instruction and the state word into a log file through a data structure to the APDU instruction interaction information, wherein the data structure at least comprises byte length, the APDU instruction and the state word.

According to the method for interacting the tracking card end and the terminal instruction, the APP automatically or actively sends the APDU instruction interaction information to the server according to the setting comprises the following steps: the APP receives a user instruction and executes to actively send the log file; or the APP checks the received state word of the log file at set time intervals, and if the state word is abnormal, the state word is reported to a server.

The method for interacting the tracking card end and the terminal instruction comprises the following steps: the APP is also provided with a screening condition for acquiring the APDU instruction interaction information, and the screening condition can be set in a user-defined mode.

According to the method for interacting the tracking card end and the terminal instruction, the APP and the server communicate in an HTTPS mode.

The technical scheme of the invention also comprises a device for tracking the instruction interaction between the card end and the terminal, which comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, and is characterized in that any one of the method steps is realized when the processor executes the computer program.

The present invention also includes a computer-readable storage medium, in which a computer program is stored, wherein the computer program, when executed by a processor, implements any of the method steps.

The invention has the beneficial effects that: unnecessary equipment expenditure is reduced; the technical personnel are not needed to debug on site, so that the cost is reduced; can conveniently snatch the log fast, the location problem has greatly improved work efficiency.

Drawings

The invention is further described below with reference to the accompanying drawings and examples;

fig. 1 shows a schematic diagram of the interaction interface (OMA) between an application and a smart card.

FIG. 2 illustrates an overall flow diagram according to an embodiment of the invention;

FIG. 3 is a schematic diagram illustrating interaction between a card end and a terminal according to an embodiment of the present invention;

FIG. 4 is a diagram illustrating a log file data structure according to an embodiment of the invention;

FIG. 5 is a flow diagram illustrating three-terminal interaction according to an embodiment of the present invention;

fig. 6 shows a diagram of an apparatus according to an embodiment of the invention.

Detailed Description

Reference will now be made in detail to the present preferred embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to like elements throughout.

In the description of the present invention, the meaning of a plurality of means is one or more, the meaning of a plurality of means is two or more, and larger, smaller, larger, etc. are understood as excluding the number, and larger, smaller, inner, etc. are understood as including the number.

In the description of the present invention, the consecutive reference numbers of the method steps are for convenience of examination and understanding, and the implementation order between the steps is adjusted without affecting the technical effect achieved by the technical solution of the present invention by combining the whole technical solution of the present invention and the logical relationship between the steps.

In the description of the present invention, unless otherwise explicitly defined, terms such as set, etc. should be broadly construed, and those skilled in the art can reasonably determine the specific meanings of the above terms in the present invention in combination with the detailed contents of the technical solutions.

Fig. 2 shows a general flow chart according to an embodiment of the invention, the flow chart comprising: the method comprises the steps that APDU commands of a card control end and a terminal exchange information, and the exchange information is obtained and stored; realizing APP access APDU instruction interaction information of the terminal based on the access control rule; and the APP automatically or actively sends the APDU instruction interaction information to the server according to the setting. The terminal is an internet of things device, and the card end is an intelligent card.

Fig. 3 is a schematic diagram illustrating interaction between a card end and a terminal according to an embodiment of the present invention, and the flow is as follows:

1. the card end and the terminal carry out APDU interaction, a monitor is added at the card end, when APDU is transmitted, the instruction content is stored in a private file, and the size of the file is determined according to the storage capacity of the card;

2, the APP accesses the private file through an Open Mobile API, before formal access, an Android Framework layer reads an access control rule (ARF/ARA, reference standard) on the card, and the APP can be continuously executed only if the access condition is met;

3, the APP obtains the content of the log file by sending a file reading instruction;

and 4, when the APP meets a certain condition (see the 3 rd point in the specific embodiment), sending the log content to the background server.

Fig. 5 is a flow chart of three-terminal interaction according to an embodiment of the present invention, the flow chart is as follows:

1. the card end adds processing at the specific code for receiving and sending the APDU, and stores the related APDU command and status word in the log file, and the specific structure can refer to fig. 4, which includes byte length description, ADPU command information and status word

2. The card end needs to be provided with an Application (ARA) for controlling access authority, and in the Application, the abstract of a certificate used when the terminal APP signs needs to be configured in order to ensure that the APP can normally access the card end;

the APP can be set to send the log in two ways:

active transmission (1 (a) in the figure): a user can actively select to send the log by operating an APP interface;

automatic transmission (1 (b) in the figure): the APP checks the status words of APDUs of the received log at intervals, and if the APDUs are found to be abnormal, the APP automatically sends the log to a server;

and 4, the APP and the server transmit data in an https mode.

Fig. 6 shows a diagram of an apparatus according to an embodiment of the invention. The apparatus comprises a memory 100 and a processor 200, wherein the processor 200 stores a computer program for performing: the method comprises the steps that APDU commands of a card control end and a terminal exchange information, and the exchange information is obtained and stored; realizing APP access APDU instruction interaction information of the terminal based on the access control rule; and the APP automatically or actively sends the APDU instruction interaction information to the server according to the setting.

It should be recognized that the method steps in embodiments of the present invention may be embodied or carried out by computer hardware, a combination of hardware and software, or by computer instructions stored in a non-transitory computer readable memory. The method may use standard programming techniques. Each program may be implemented in a high level procedural or object oriented programming language to communicate with a computer system. However, the program(s) can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language. Furthermore, the program can be run on a programmed application specific integrated circuit for this purpose.

Further, the operations of processes described herein can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The processes described herein (or variations and/or combinations thereof) may be performed under the control of one or more computer systems configured with executable instructions, and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications) collectively executed on one or more processors, by hardware, or combinations thereof. The computer program includes a plurality of instructions executable by one or more processors.

Further, the method may be implemented in any type of computing platform operatively connected to a suitable interface, including but not limited to a personal computer, mini computer, mainframe, workstation, networked or distributed computing environment, separate or integrated computer platform, or in communication with a charged particle tool or other imaging device, and the like. Aspects of the invention may be embodied in machine-readable code stored on a non-transitory storage medium or device, whether removable or integrated into a computing platform, such as a hard disk, optically read and/or write storage medium, RAM, ROM, or the like, such that it may be read by a programmable computer, which when read by the storage medium or device, is operative to configure and operate the computer to perform the procedures described herein. Further, the machine-readable code, or portions thereof, may be transmitted over a wired or wireless network. The invention described herein includes these and other different types of non-transitory computer-readable storage media when such media include instructions or programs that implement the steps described above in conjunction with a microprocessor or other data processor. The invention also includes the computer itself when programmed according to the methods and techniques described herein.

A computer program can be applied to input data to perform the functions described herein to transform the input data to generate output data that is stored to non-volatile memory. The output information may also be applied to one or more output devices, such as consumers. In a preferred embodiment of the present invention, the transformed data represents physical and tangible objects, including particular visual depictions of physical and tangible objects produced on the consumer.

The embodiments of the present invention have been described in detail with reference to the accompanying drawings, but the present invention is not limited to the above embodiments, and various changes can be made within the knowledge of those skilled in the art without departing from the gist of the present invention.