US Pat. No. 9,176,753

METHOD FOR SEARCHING FOR CLASS AND FUNCTION BASED ON .NET CARD AND .NET CARD THEREOF

Feitian Technologies Co.,...

1. A method for searching for a class and a function based on a microprocessor smart card based on .net technology, which
is applied during execution of an assembly in the microprocessor smart card based on .net technology, wherein the assembly
comprises groups of classes and functions, the method comprises:
building a first character string according to information of a class currently executed by the microprocessor smart card
based on .net technology, or information of a function currently executed by the microprocessor smart card based on .net technology
and a class that the function belongs to;

computing a first index value from the first character string, wherein the first character string is hashed to obtain a hash
value of the class currently executed or the function currently executed, and the first index value is obtained with the hash
value modulo operation being performed on the total number of classes and functions corresponding to the index values in the
index table;

searching for a first locator value corresponding to the first index value in an index table pre-stored in the microprocessor
smart card based on .net technology, wherein index values in the index table are generated in the same way as the first index
value is generated, wherein, the index table includes index values and corresponding locator values, a locator value corresponds
to entity content of a class or a function in the class library of the microprocessor smart card based on .net technology;

finding the class or the function in a runtime library of the microprocessor smart card based on .net technology according
to the first locator value and invoking the entity of the class or the function;

the method further comprising:
if the first index value is not included in the index table, building a second character string according to information of
a superclass of a current class and the information of the function, with the class that the function currently executed by
the microprocessor smart card based on .net technology belongs to as the current class, and computing a second index value
from the second character string;

determining whether the second index value is included in the index table;
if the second index value is included in the index table, searching for a second locator value corresponding to the second
index value in the index table, and finding the class currently executed by the microprocessor smart card based on .net technology
in the runtime library of the microprocessor smart card based on .net technology according to the second locator;

if the second index value is not included in the index table, performing a process which is the same as the process of obtaining
the second index value with the superclass as a current class until a third index value which is included in the index table
is found, searching for a third locator value corresponding to the third index value in the index table, and finding the class
currently executed by the microprocessor smart card based on .net technology in the runtime library of the microprocessor
smart card based on .net technology according to the third locator value;

wherein the step of building the first character string according to the information of the class currently executed by the
microprocessor smart card based on .net technology comprises:

forming the first character string by a class name and a namespace of the class currently executed by the microprocessor smart
card based on .net technology; or

forming the first character string by a class name and a namespace of the class that the function currently executed by the
microprocessor smart card based on .net technology belongs to, a function name of the function, and a class name and a namespace
of each parameter of the function;

wherein the index table is stored in the assembly in the microprocessor smart card based on .net technology.

US Pat. No. 9,288,061

SAFE COMMUNICATION METHOD WITH CARD

Feitian Technologies Co.,...

1. A safe communication method of a card, characterized in that, said method comprises:
Step S1, generating a first data block, signing the first data block to obtain a first signature result, and sending an authentication
command to an outside-card entity by the card;

Step S2, receiving the authentication command and obtaining the first signature result from the authentication command by the outside-card
entity, generating a second data block and signing the second data block to obtain a second signature result by the outside-card
entity, and comparing the first signature result with the second signature result, if they are identical, going to Step S3; and if they are not identical, returning to Step S1;

Step S3, generating a third data block and signing the third data block to obtain a third signature result by the outside-card entity,
taking the obtained third signature result as a part of the authentication data, storing a current safety level, signing the
authentication data to obtain an outside-card entity signature and sending an external authentication command to the card;

Step S4, receiving the external authentication command, obtaining the authentication data and the outside-card entity signature from
the external authentication command, and obtaining the third signature result from the authentication data by the card; generating
a fourth data block and signing the fourth data block to obtain a fourth signature result by the card, and comparing the third
signature result with the fourth signature result, if they are not identical, returning to Step S1; and if they are identical, going to Step S5;

Step S5, signing the obtained authentication data to obtain a card signature by the card, comparing the outside-card entity signature
with the card signature, if they are not identical, returning to Step S1; and if they are identical, going to Step S6;

Step S6, storing the current safety level and sending an authentication success response to the outside-card entity by the card;

Step S7, reading the current safety level and performing operation according to the safety level, and sending a communication command
according to the safety level to the card by the outside-card entity;

Step S8, performing operation according to the received communication command and sending a communication success response to the
outside-card entity by the card; and

Step S9, receiving the communication success response and determining whether the communication is continued by the outside-card
entity, if yes, going to Step S7; otherwise, ending.

US Pat. No. 9,515,744

OPTICAL SIGNAL PROCESSING METHOD AND DEVICE

FEITIAN TECHNOLOGIES CO.,...

1. A method for processing an optical signal, comprising a sampling process and a converting process, wherein the sampling
process comprises steps from S1 to S5, and the converting process comprise steps from S6 to S8, and steps S1 to S8 comprising:
S1: sampling, by a sampling module, an electric signal to obtain a sampling result and store the sampling result to a cache;

S2: judging, by the sampling module, whether the number of sampling results in the cache is greater than a preset value, performing
S3 in a case that the number of sampling results in the cache is greater than the preset value; or ending a flow and returning
to S1 in a case that the number of sampling results in the cache is not greater than the preset value;

S3: determining, by the sampling module, a current optical signal status of an output apparatus according to a current sampling
result;

S4: determining, by the sampling module, received data according to the current optical signal status and a stored optical signal
status and updating the stored optical signal status with the current optical signal status;

S5: sending, by the sampling module, the received data to a converting module;

S6: storing, by the converting module, the received data into a data storage space and judging whether there exists a qualified
data head in the data storage space, performing S7 in a case that there exists the qualified data head in the data storage space; or ending the flow and returning to S1 in a case that there does not exist the qualified data head in the data storage space;

S7: recording, by the converting module, a position of the qualified data head; and

S8: verifying, by the converting module, whether data following the qualified data head in the data storage space is legitimate,
determining that the received data is correct and ending the flow in a case that the data following the qualified data head
is legitimate; or determining that the received data is incorrect and returning to S1 in a case that the data following the data head in the data storage space is not legitimate.

US Pat. No. 9,465,934

CONTROL METHOD FOR ACCESSING JAVA CARD OBJECT

FEITIAN TECHNOLOGIES CO.,...

1. A control method for accessing a Java card object comprising:
step S1, interpreting and executing, by a Java card virtual machine, an applet of a current application;

step S2 that includes sub-steps obtaining, by the Java card virtual machine, an object reference provided by a current execution
instruction in the applet, obtaining a current accessing object from a preset storage area according to the object reference,
and reading a current context value of the current accessing object;

step S3, obtaining, by the Java card virtual machine, a type of the current accessing object according to the current execution instruction,
wherein, if the type of the current accessing object is method invoking, going to step A1, wherein, if the type of the current accessing object is a READ/WRITE object, going to step B1, and wherein if the type of the current accessing object is neither the method invoking nor the READ/WRITE object, going
to step C1;

step A1, determining whether the current accessing object is a shared interface method invoking object, wherein, if the current accessing
object is a shared interface method invoking object, going to step A2, and wherein, if the current accessing object is not a shared interface method invoking object, going to step B1;

step A2, determining whether a packet to which the current accessing object belongs is an active packet based on the current context
value of the current accessing object, wherein, if the packet to which the current accessing object belongs is an active packet,
going to step S4, and wherein, if the packet to which the current accessing object belongs is not an active packet, prompting an exception;

step B1, determining whether the current accessing object is prevented by a firewall or satisfied a basic detecting condition, wherein,
if the current accessing object is not prevented by the firewall or satisfies the basic detecting condition, going to step
54, and wherein, if the current accessing object is prevented by the firewall or does not satisfy the basic detecting condition,
prompting an exception;

step C1, determining whether the current accessing object satisfies the basic detecting condition, wherein, if the current accessing
object satisfies the basic detecting condition, going to step S4, and wherein, if the current accessing object does not satisfy the basic detecting condition, prompting an exception; and

step S4, executing, by the Java card virtual machine the current executing instruction,

wherein the determining whether the packet to which the current accessing object belongs is an active packet based on the
current context value of the current accessing object comprises:

traversing, by the Java card virtual machine, all channels;
comparing a packet index in the current context value of the current accessing object with values respectively stored in the
channels, wherein the packet index indicates a storage address of the packet to which the current accessing object belongs;
and

determining whether there exists a channel storing the value which equals to the packet index,
wherein the packet to which the current accessing object belongs is an active packet if there exists a channel storing the
value which equals to the packet index, and

wherein the packet to which the current accessing object belongs is not an active packet if there does not exist a channel
storing the value which equals to the packet index.

US Pat. No. 9,343,070

SOUND TRANSMISSION-BASED VERIFICATION METHOD

Feitian Technologies Co.,...

1. A method of user authentication by an application on a OTP device, comprising:
Step A, a client side sending a request information message to a server upon receiving request information;
Step B, the server extracting and storing the request information in the request information message, generating a data packet
group according to the request information, and returning the data packet group to the client side;

Step C, the client side converting the data packet into audio data, repeatedly broadcasting the audio data, and waiting for
receiving a OTP (one time password);

Step D, the OTP device collecting the audio data broadcasted by the client side, encoding the audio data, so as to obtain
data information, determining whether the data information is complete, if yes, generating displaying information and outputting
the displaying information, if confirmation information is received within a preset time, generating a OTP according to the
data information and outputting the OTP; otherwise, outputting information of prompting incomplete data information;

Step E, the client side sending the OTP to the server upon receiving the OTP;
Step F, the server generating an authentication OTP according to the request information upon receiving the OTP, and authenticating
whether the OTP is valid according to the authentication OTP, if yes, the server executing an operation according to the request
information; otherwise, the server sending information of prompting invalid OTP to the client side; and

Step G, the client side outputting corresponding prompting information upon receiving the information of prompting invalid
OTP.

US Pat. No. 9,208,297

ONE TIME PASSWORD INQUIRY METHOD AND TOKEN

FEITIAN TECHNOLOGIES CO.,...

1. A one time password inquiry method, comprising steps of:
triggering a one time password token device with a trigger;
determining whether the trigger is an inquiry operation or a generation operation,
wherein the inquiry operation retrieves a one time password stored in a storage on the one time password token device and
displaying on the one time password token device the retrieved one time password from the storage and

wherein the generation operation generates a one time password on the one time password token device and storing the generated
one time password in the storage on the one time password token device and displaying the generated one time password on the
one time password token device; and

wherein the step of triggering the one time password token device is executed by a trigger means on the one time password
token device, and the trigger means comprises two separate trigger means based on either a duration or a frequency of the
trigger, one for generating the one time password and one for inquiring the one time password stored in the one time password
token device;

wherein the inquiry operation includes inquiring if the one time password token is stored in the storage on the one time password
token device and if the one time password is not in the storage on the one time password token device, the one time token
password token device displays error information; otherwise, displaying the stored one time password on the one time token
password token device.

US Pat. No. 9,112,855

METHOD FOR IDENTIFYING PULSE OPTICAL SIGNAL AND DEVICE THEREOF

Feitian Technologies Co.,...

1. A method for identifying pulse optical signal, comprising performing the following steps by a hardware processor:
A. receiving first trigger information and deleting data in a storage area;
B. in response to the first trigger information, collecting and identifying a pulse optical signal with a predetermined method
to obtain a unit of data;

C. parsing the unit of data and determining type of the unit of data;
if the unit of data is unit of data representing header information, performing D;
if the unit of data is other type of unit of data, performing E;
D. setting a corresponding packet header id for the unit of data and going back to B;
E. determining whether the unit of data matches the currently-set packet header id; if yes, performing F; if no, discarding
the unit of data and going back to B;

F. determining whether there is unreceived unit of data corresponding to the currently set packet header id; if yes, going
back to B, if no, performing G;

G. packeting the unit of data represented by the currently-set packet header id and all units of data corresponding to the
currently-set packet header id to obtain a group of data packets;

wherein the predetermined method comprises:
B1. identifying the pulse optical signal collected at the same time with a predetermined receiving method to obtain at least
one bit of information and taking the at least one bit of information as one bit of information group;

B2. determining whether the obtained at least one bit of information group constitutes one unit of data, if yes, combining
the obtained at least one bit of information group to obtain a unit of data; if no, going back to B1.

US Pat. No. 9,253,162

INTELLIGENT CARD SECURE COMMUNICATION METHOD

Feitian Technologies Co.,...

1. A method for safe communication of a smart card comprising:
S1 comprising powering up the smart card;
S2 comprising setting a security identifier and a security variate;
S3 comprising waiting for receiving a command and determining a type of a received command;
setting an authentication method identifier as an external authentication identifier or a mutual authentication identifier,
setting an authentication identifier of a certificate, obtaining an RSA public key reference and an RSA private key reference,
setting a security environment management identifier, going back to step S3 if the received command is a first command;

determining whether both the security environment management identifier and the authentication identifier of the certificate
are set if the received command is a second command, authenticating the certificate, setting the authentication identifier
and going back to S3 if both the security environment management identifier and the authentication identifier of the certificate
are set; reporting an error and going back to S2 if the security environment management identifier and the authentication
identifier of the certificate are not both set;

determining whether the authentication identifier of the certificate is set if the received command is a third command, sending
the certificate to an external device of the smart card and going back to S3 if the authentication identifier of the certificate
is set; reporting an error and returning to S2 if the authentication identifier of the certificate is not set;

if the received command is a fourth command, going to S4; if the received command is a fifth command, going to S5; if the
received command is a sixth command, going to S6; if the received command is a seventh command, going to S7;

determining whether the command meets a preset condition if the command is one of other commands, authenticating the command
according to a safe level and a session key if the command meets the preset condition; performing corresponding operation
after a successful authentication, going back to S3; otherwise, reporting an error if the command does not meet the preset
condition;

S4 comprising determining whether a condition that the security environment management identifier is not set and the authentication
identifier of the certificate is set is met; reporting an error and going back to S2 if the condition is met; decrypting the
fourth command via a public key referenced by the RSA public key reference to obtain a decryption result; obtaining a TLV
structure with a safe level from the decryption result, storing the safe level, establishing a session key, storing the session
key, setting signature information and setting a session key establishing identifier, going back to S3;

S5 comprising determining whether the session key establishment identifier is set, generating a first random number, storing
the first random number and sending the first random number to the external device of the smart card and setting an obtaining
random number identifier if the session key establishment identifier is set; going back to S3; reporting an error and going
back to S2 if the session key establishment identifier is not set;

S6 comprising determining whether the obtaining random number identifier is set, reporting an error and going back to step
S2 if the obtaining random number identifier is not set; constructing a first data block containing the TLV structure with
safe level, the session key, the first random number, performing an operation on the first data block with a first algorithm
to obtain a first calculation result, constructing a second block data containing the first calculation result and the first
algorithm, reading a signature result of the external device of the smart card in the sixth command, authenticating the signature
result via a public key referenced by the RSA public key reference and the second data block; setting an external authentication
identifier if the authentication is successful, determining whether an authentication method identifier is the external authentication
identifier, setting the mutual authentication identifier if the authentication method identifier is the external authentication
identifier, going back to S3; going back to S3 if the authentication method identifier is not the external authentication
identifier; reporting error and going back to S2 if the authentication is not successful;

S7 comprising obtaining a second random number from the seventh command, storing the second random number, determining whether
a condition that the authentication method identifier is the external authentication identifier and the external authentication
identifier is set is met, constructing a third data block containing the session key and the second random number if the condition
that the authentication method identifier is the external authentication identifier and the external authentication identifier
is set is met, performing an operation on the third data block via the first algorithm to obtain a second calculation result;
constructing a fourth data block containing the second calculation result and the first algorithm; encrypting the fourth data
block via a private key referenced by the RSA private key reference to obtain an encryption result, wherein the obtained encryption
result is a first signature result, sending the first signature result to the external device of the smart card, setting the
mutual authentication identifier, clearing the first random number and the second random number, going back to S3; going back
to S2 if the condition that the authentication method identifier is the external authentication identifier and the external
authentication identifier is set is not met.

US Pat. No. 9,785,585

METHOD FOR CARD READER TO COMMUNICATE WITH UPPER COMPUTER VIA USB CHANNEL COMMUNICATION AND BLUETOOTH CHANNEL CONNECTION

Feitian Technologies Co.,...

1. A method for a card reader to communicate with an upper computer, comprises:
Step A, initializing a card reader system, enabling card insert interrupt, card pull-out interrupt, USB insert interrupt,
USB pull-out interrupt, Bluetooth connection interrupt, Bluetooth disconnection interrupt, USB communication interrupt, and/or
Bluetooth communication interrupt;

Step B, determining whether work voltage is lower than a preset value, if yes, prompting a low work voltage state, if the
low work voltage state overpasses a first preset time, closing the card reader; otherwise, going back to Step B;

in which the above procedure further comprises:
when receiving a USB communication interrupt signal, the card reader entering the USB communication interrupt, receiving an
instruction through USB channel, performing corresponding operation upon the received instruction, and returning operation
result to the upper computer through the USB channel;

when receiving a Bluetooth communication interrupt signal, the card reader entering the Bluetooth communication interrupt,
receiving an instruction through Bluetooth channel, performing corresponding operation upon the received instruction, and
returning operation result to the upper computer through the Bluetooth channel;

when receiving a USB insert interrupt signal, the card reader entering the USB insert interrupt, and setting a USB channel
connection identification;

when receiving a USB pull-out interrupt signal, the card reader entering the USB pull-out interrupt, and resetting the USB
channel connection identification;

when receiving a Bluetooth connection interrupt signal, the card reader entering the Bluetooth connection interrupt, and setting
a Bluetooth channel connection interrupt identification;

when receiving a Bluetooth disconnection interrupt signal, the card reader entering the Bluetooth disconnection interrupt,
and resetting the Bluetooth channel connection identification;

when receiving a card insert interrupt signal, the card reader entering the card insert interrupt, and setting a card slot
state identification as with-card identification; and/or

when receiving a card pull-out interrupt signal, the card reader entering card pull-out interrupt, and setting the card slot
state identification as without-card identification.

US Pat. No. 9,413,752

ONE-TIME PASSWORD OPERATING METHOD

FEITIAN TECHNOLOGIES CO.,...

1. A method of a dynamic token, the method being performed by a processor, a storage medium and a keyboard; the storage medium
comprising a data cache for storing data and a storage region for storing a key flag, a power flag, a lock flag, a state identification
and a logon password; the keyboard comprising a power key, a delete key, a first numeric key group, a second numeric key group
and an OK key, the method comprising:
after the dynamic token detects that the key flag is set,
(Step A) clearing the key flag, scanning the keys and determining type of the key pressed down; performing Step B in a case
that the key pressed down is the power key; performing Step D in a case that the key pressed down is the delete key; performing
Step E in a case that the key pressed down is a key in the first numeric key group; performing Step F in a case that the key
pressed down is a key in the second numeric key group; and performing Step G in a case that the key pressed down is the OK
key;

(Step B) checking the power flag; in a case that the power flag is set, resetting the power flag and entering a dormant state;
and in a case that the power flag is not set, setting the power flag and performing Step C;

(Step C) checking the lock flag; in a case that the lock flag is set, setting the state identification to be a first predetermined
value and performing Step L; and in a case that the lock flag is not set, setting the state identification to be a second
predetermined value and performing Step L;

(Step D) checking the power flag; in a case that the power flag is set, deleting one unit data at the end of the data cache,
displaying numbers corresponding to all unit data in the data cache, and performing Step L; and in a case that the power flag
is not set, entering the dormant state;

(Step E) checking the power flag; in a case that the power flag is set, storing data corresponding to the key pressed down
into the data cache, displaying numbers corresponding to all unit data in the data cache, and performing Step L; and in a
case that the power flag is not set, entering the dormant state;

(Step F) checking the power flag;
in a case that the power flag is set and the state identification is a third predetermined value, determining whether time
period for holding the key pressed down exceeds a predetermined time period; setting the state identification to be a fifth
predetermined value and performing Step L in a case that the time period for holding the key pressed down exceeds the predetermined
time period; and performing Step L directly in a case that the time period for holding the key pressed down does not exceed
the predetermined time period;

in a case that the power flag is set and the state identification is not the third predetermined value, storing data corresponding
to the key pressed down into the data cache, displaying numbers corresponding to all unit data in the data cache, and performing
Step L;

in a case that the power flag is not set, entering the dormant state;
(Step G) checking the power flag;
in a case that the power flag is set, checking the state identification; performing Step H in a case that the state identification
is the first predetermined value; performing Step I in a case that the state identification is the second predetermined value;
performing Step J in a case that the state identification is the third predetermined value; and performing Step K in a case
that the state identification is the fifth predetermined value; and

in a case that the power flag is not set, entering the dormant state;
(Step H) generating an unlock verification code by performing computing on a dynamic factor and a static factor inside the
dynamic token or on data in the data cache, a dynamic factor and a static factor inside in the dynamic token; determining
whether the data in the data cache is identical to the generated unlock verification code; in a case that the data in the
data cache is identical to the generated unlock verification code, resetting the lock flag, setting the state identification
to be the fifth predetermined value, clearing the data in the data cache, and performing Step L; and in a case that the data
in the data cache is not identical to the generated unlock verification code, clearing the data in the data cache and performing
Step C;

(Step I) determining whether data in the data cache is identical to the logon password currently stored in the dynamic token;
in a case that the data in the data cache is identical to the logon password currently stored in the dynamic token, setting
the state identification to be the third predetermined value, clearing the data in the data cache, and performing Step L;
and in a case that the data in the data cache is not identical to the logon password currently stored in the dynamic token,
clearing the data in the data cache, setting the lock flag, and performing Step C;

(Step J) generating a dynamic password by performing computing on a dynamic factor and the static factor pre-stored in the
dynamic token or on a dynamic factor, data in the data cache and a static factor pre-stored in the dynamic token, displaying
content corresponding to the dynamic password and performing Step L;

(Step K) determining whether data in the data cache meets a predetermined condition; in a case that the data in the data cache
meets the predetermined condition, replacing the logon password currently stored in the dynamic token with the data in the
data cache, clearing the data in the data cache, setting the state identification to be the third predetermined value, and
performing Step L; and in a case that the data in the data cache does not meet the predetermined condition, clearing the data
in the data cache and performing Step L;

(Step L) determining whether the key flag is detected to be set in a predetermined time period; in a case that the key flag
is detected to be set in the predetermined time period, performing Step A; and in a case that the key flag is not detected
to be set in the predetermined time period, resetting the power flag and entering the dormant state, wherein the method further
comprises:

after the key flag is detected to be set, determing whether time period for holding the key pressed down exceeds a predetermined
time period; in a case that the time period for holding the key pressed down exceeds the predetermined time period, performing
Step A; and in a case that the time period for holding the key pressed down does not exceed the predetermined time period,
clearing the key flag, entering the dormant state and waiting for next setting of the key flag.

US Pat. No. 9,256,210

SAFE METHOD FOR CARD ISSUING, CARD ISSUING DEVICE AND SYSTEM

Feitian Technologies Co.,...

1. A secure card issuing method, characterized in that said method comprises following steps:
(1) a card issuing device receiving identity information input by a user, and verifying the identity information by a managing
card;

(2) after the managing card verifying the identity information successfully, the card issuing device performing interactive
verification with the managing card;

(3) after the card issuing device performing interactive verification with the managing card successfully, the card issuing
device obtaining a session key from the managing card;

(4) the card issuing device processing chip operating system downloaded command file data of the managing card with the session
key;

(5) the card issuing device parsing the chip operating system downloaded command file data, to obtain a chip operating system
downloaded command sequence;

(6) the card issuing device sending the chip operating system downloaded command sequence to at least one user card, and instructing
the at least one user card to download the chip operating system according to the chip operating system downloaded command
sequence; and

(7) the card issuing device activating the chip operating system downloaded to the at least one user card,
in which Step (7) comprises following steps:
(7.1) the card issuing device sending the random number generated by the user card to the managing card;
(7.2) when available times of an internal activating verification key of the user card is larger than 0, the managing card
using the internal activating verification key to encrypt the random number and sending the encrypted random number to the
user card by the card issuing device; and the available times of the internal activating verification key minus 1 simultaneously;

(7.3) when available times of an external activating verification key of the user card is larger than 0, the user card performing
decryption with the external activating verification key to obtain the random number; and the available times of the external
activating verification key minus 1 simultaneously; and

(7.4) when the random number obtained by decryption performed by the user card is identical to the generated random number,
the user card controlling the chip operating system to be in activating status.

US Pat. No. 9,158,905

METHOD FOR COMPUTER STARTUP PROTECTION AND SYSTEM THEREOF

Feitian Technologies Co.,...

1. A method for computer startup protection, wherein the method includes:
writing a dynamic password computer startup protection program into master boot record of hard disk and reserving the information
of division table;

powering up a computer;
loading and executing, by the computer, the dynamic password computer startup protection program;
receiving, by the dynamic password computer startup protection program, a password entered by a user; in which the password
is obtained by the user via sending a dynamic password generating command to a dynamic password generating device; when the
dynamic password generating device receives the dynamic password generating command from the user, the dynamic password generating
device generates the password according to a password generating factor and a password generating algorithm, the password
generating factor is current time or current authenticating count of the dynamic password generating device;

generating, by the dynamic password computer startup protection program, a series of authentication passwords using current
time or current authenticating count of the system as a factor; and

determining, by the dynamic password computer startup protection program, whether the password is valid through comparing
the password entered by the user with the authentication passwords, if the password entered by the user is equal to one of
the authentication passwords, the dynamic password computer startup protection program loads a computer startup program of
the computer; otherwise the dynamic password computer startup protection program does not load the computer startup program
of the computer in which the dynamic password generating device is not connected with the computer and information of the
dynamic password generating device is stored in the computer;

wherein determining, by the dynamic password computer startup protection program, whether the password is valid further includes
receiving, by the dynamic password computer startup protection program, the user information which includes account information
and PIN code of the user; and

the step of determining, by the dynamic password computer startup protection program, whether the password is valid specifically
includes

after receiving the user information, obtaining, by the dynamic password computer startup protection program, a dynamic password
generating algorithm corresponding to the user information according to the corresponding relationship between the user information
prestored in the preset location of the hard disk and the identifier of the dynamic password generating device; and

generating a verification window according to the obtained dynamic password generating algorithm, and determining whether
the password is in the category of the verification window, if so, the password is valid, otherwise the password is not valid.

US Pat. No. 9,047,486

METHOD FOR VIRTUALIZING A PERSONAL WORKING ENVIRONMENT AND DEVICE FOR THE SAME

Feitian Technologies Co.,...

1. A method for virtualizing a personal working environment, wherein the method comprises the steps of:
storing, by a processor, a virtual machine (VM) program on an information security device containing a storage unit;
storing, by the processor, virtual operating system parameters within a VM data file;
storing, by the processor, the VM data file on the information security device containing the storage unit;
connecting, by the processor, the information security device to a host via a data communication interface of the host;
parsing, by the processor, the stored VM program and the stored VM data file stored in the information security device;
loading, by the processor, a VM environment into the host in accordance with stored virtual operating system parameters contained
in the parsed VM data file and the parsed VM program;

starting, by the processor, a monitor program in the host;
determining, by the processor, removal of the information security device from the host, by the monitor program;
determining, by the processor, that the loaded VM environment has not been closed;
based on a determination that the information security device has been removed from the host and that the VM environment has
not been closed, automatically unloading the VM environment by the monitor program;

performing, by the processor, information security operations in the information security device by the loaded VM environment;
wherein the information security operations comprising encryption/decryption of data from an user, authentication information
processing operation, or a code transfer operation;

collecting, by the loaded VM environment, data from the information security operations to the information security device;
saving, by the processor, the collected data from the information security operations to the information security device,
by the VM environment;

leaving, by the processor, no trial from of the performed information security operations on the host;
closing, by the processor, the loaded VM environment in the host; and
disconnecting, by the processor, the information security device from the host.

US Pat. No. 9,665,730

METHOD FOR PROTECTING JAVA PROGRAM

FEITIAN TECHNOLOGIES CO.,...

1. A method for protecting a JAVA program, comprising:
step A, comprising: loading, by a JAVA virtual machine, a class file, and determining whether the class file is a legal file,
executing step B if the class file is the legal file; replying error information and ending the method if the class file is
not the legal file;

step B, comprising: obtaining, by the JAVA virtual machine, a total number of JAVA class methods and an initial position of
the JAVA class methods in the class file, and finding a current JAVA class method in accordance with the initial position;

step C, comprising: parsing, by the JAVA virtual machine, a JAVA instruction corresponding to the current JAVA class method,
and determining whether the JAVA instruction is successfully parsed; executing step D if the JAVA instruction is successfully
parsed; replying error information and ending the method if the JAVA instruction is not successfully parsed;

step D, comprising: determining, by the JAVA virtual machine, whether the JAVA instruction corresponding to the current JAVA
class method qualifies as a portable instruction, transplanting and storing the JAVA instruction corresponding to the current
JAVA class method into a preset buffer and executing step E if the JAVA instruction qualifies as a portable instruction; executing
step G if the JAVA instruction does not qualify as a portable instruction;

step E, comprising: obtaining, by the JAVA virtual machine, the deepest stack level of the JAVA virtual machine and the maximum
number of local variables of the current JAVA class method;

step F, comprising: in accordance with the deepest stack level of the JAVA virtual machine and the maximum number of the local
variables, filling, by the JAVA virtual machine, a position of the transplanted JAVA instruction in the class file with a
JAVA class method for obtaining a stack and a local variable, a JAVA class method for executing a virtual machine in an encryption
lock and a JAVA class method for modifying a stack and a local variable, and executing step G; and

step G, comprising: determining, by the JAVA virtual machine, whether the number of JAVA class methods which have been parsed
reaches a total number of the JAVA class methods in the class file, transplanting a JAVA instruction corresponding to a current
JAVA class method in the preset buffer into an encryption lock and ending the method if the number of the JAVA class methods
which have been parsed reaches the total number of the JAVA class methods in the class file; continuing to obtain a next JAVA
class method and making the next JAVA class method as the current JAVA class method, and returning to execute step C if the
number of the JAVA class methods which have been parsed does not reach the total number of the JAVA class methods in the class
file.

US Pat. No. 9,386,013

DYNAMIC PASSWORD AUTHENTICATION METHOD AND SYSTEM THEREOF

FEITIAN TECHNOLOGIES CO.,...

1. A dynamic password authentication method, comprising
a server receiving first information sent by a client, and generating second information according to the first information;
the server setting every transmission bit in the second information to be in corresponding brightness status or color status
to obtain third information, and sending the third information to the client, wherein the third information comprises blinking
information of impulse optical signal or image information of dynamic impulse optical signal;

the client transforming the third information into an impulse optical signal and outputting the impulse optical signal;
a dynamic password device receiving and identifying the impulse optical signal, transforming the impulse optical signal into
intermediate information, extracting part or all of the intermediate information, transforming the part or all of the intermediate
information into display information for a user to view, and outputting the display information;

the dynamic password device receiving trigger information, and generating a first dynamic password according to the intermediate
information;

the client receiving the first dynamic password input by the user, and sending the first dynamic password to the server; and
the server generating a second dynamic password or a set of second dynamic passwords, and verifying whether the first dynamic
password is legitimate by the second dynamic password or the set of second dynamic passwords;

if the first dynamic password is identical to the second dynamic password or any second dynamic password in the set of second
dynamic passwords, verifying the first dynamic password to be legitimate; and

if the first dynamic password is not identical to the second dynamic password or any second dynamic password in the set of
second dynamic passwords, verifying the first dynamic password to be illegitimate;

the server performing a user operation if the first dynamic password is correct.

US Pat. No. 9,350,456

METHOD FOR IMPROVING LUMINOUS INTENSITY ADAPTABILITY AND DEVICE THEREOF

Feitian Technologies Co.,...

1. A method for improving luminous intensity adaptability of an optical signal collecting device, wherein the device controls
a predetermined load resistor to conduct upon receiving a self-adaptability request, the device collects and sets a voltage
upon being satisfied with a predetermined condition, and the load resistor has an influence on collecting of the voltage,
the method comprising:
Step a, determining whether a self-adaptability is failed, if yes, restoring modifications on flags, variables and load resistors,
prompting error and quitting; otherwise, collecting a voltage value and if the device stores a last collected voltage value,
going to Step b; otherwise going to Step c;

Step b, comparing currently collected voltage value with the last collected voltage value, if difference between the currently
collected voltage value and the last collected voltage value is smaller than a predetermined voltage value, going to Step
c; otherwise replacing the last collected voltage value with the currently collected voltage value, clearing a voltage value
buffer and going to Step c;

Step c, adding the currently collected voltage value to the voltage value buffer and determining whether number of voltage
values stored in the voltage value buffer reaches a first predetermined voltage value, if yes, going to Step d; otherwise,
quitting and waiting for next entering;

Step d, computing an average value of all voltage values stored in the voltage value buffer and determining whether a first
voltage is reached, if yes, going to Step e; otherwise storing the computed average value as the first voltage and going to
Step f;

Step e, comparing the computed average value with the first voltage stored in the device, if difference between the computed
average value and the first voltage is smaller than a second predetermined voltage value, replacing the first voltage stored
in the device with the computed average value and going to Step f; if difference between the computed average value and the
first voltage is not smaller than the second predetermined voltage value and the first voltage is greater than the computed
average value, setting the voltage according to a first predetermined rule and going to Step f; if difference between the
computed average value and the first voltage is not smaller than the second predetermined voltage value and the computed average
value is greater than the first voltage, setting the voltage according to a second predetermined rule and going to Step f;

Step f, determining whether the first voltage, a second voltage and a third voltage are all collected, if yes, going to Step
g; otherwise, quitting and waiting for next entering;

Step g, determining whether the first voltage, the second voltage and the third voltage stored in the device are all satisfied
with a predetermined requirement, if yes, quitting and the device waiting for receiving data; otherwise going to Step h; and

Step h, determining whether a predetermined condition of switching resistor is satisfied, if yes, checking for status of a
current load resistor, switching into a next load resistor according to a third predetermined rule, quitting and waiting for
next entering and collecting voltage according to the next load resistor; otherwise, the self-adaptability being failed, clearing
the first voltage, the second voltage and the third voltage stored in the device and quitting; wherein the predetermined condition
of switching resistor is that times of switching resistor does not reach the second predetermined voltage value.

US Pat. No. 9,294,954

METHOD AND SYSTEM FOR ONLINE COMMUNICATION

Feitian Technologies Co.,...

1. An online communication method wherein the method is used in a system comprising a mobile device, a host and a peripheral,
and the method comprises the following steps:
Step A1, obtaining user data by the host;
Step A2, generating a networking data packet according to user data, a host port number, a mobile device port number, a host
IP address and a mobile phone IP address by the host;

Step A3, sending the networking data packet to the mobile device by the host;
Step A4, parsing the received networking data packet by the mobile device;
Step A5, converting the parsed valid data into a corresponding instruction by the mobile device;
Step A6, encoding the instruction by the mobile device;
Step A7, sending the first encoded data obtained by encoding to the peripheral by the mobile device;
Step A8, decoding the received first encoded data by the peripheral, and performing a corresponding process according to the
instruction obtained by decoding;

Step A9, encoding the obtained processed result by the peripheral;
Step A10, sending the second encoded data to the mobile device by the peripheral;
Step A11, decoding the received second encoded data by the mobile device so as to obtain a processed result;
Step A12, determining whether the processed result is correct by the mobile device, if yes, going to Step A13; otherwise,
going to Step A15;

Step A13, converting the valid data in the processed result into data in the same form of the user data by the mobile device;
Step A14, generating a networking data packet according to the converted data, the host port number, the mobile phone port
number, the host IP address and the mobile phone IP address, and sending the generated networking data packet to the host,
and going to Step A16 by the mobile device;

Step A15, generating the networking data packet according to the processed result, the host port number, the mobile phone
port number, the host IP address and the mobile device IP address, and sending the generated networking data packet to the
host by the mobile device;

Step A16, parsing the received networking data packet by the host; and
Step A17, displaying the parsed result by the host.

US Pat. No. 9,182,967

METHOD FOR SAFELY DOWNLOADING APPLICATION

Feitian Technologies Co.,...

1. A method for safely downloading an application, characterized in that said method comprises:
Step A1, generating a host inquiring code and storing the host inquiring code by a card connector, sending an internally initializing
instruction including the host inquiring code to a card by the card connector;

Step A2, receiving the internally initializing instruction and reading the host inquiring code from the internally initializing instruction
by the card, generating and storing a card inquiring code, a first session key and a second session key by the card, generating
a first data block with the host inquiring code, a serial counting value and the card inquiring code, and encrypting the first
data block with the first session key, so as to obtain a first encryption result by the card; sending an internal initialization
response including the first encryption result, the card inquiring code and the serial counting value to the card connector
by the card;

Step A3, receiving the internal initialization response and reading the first encryption result, the card inquiring code, and the
serial counting value from the internally initializing instruction by the card connector, executing an authenticating instruction
including the internal initialization response by the card connector, generating a third session key and a fourth session
key and storing the third session key and the fourth session key by the card connector, generating a second data block with
the host inquiring code, the serial counting value and the card inquiring code by the card connector; encrypting the second
data block with the third session key so as to obtain a second encryption result, and comparing the second encryption result
with the first encryption result by the card connector, if they are identical, going to Step A4; while if they are not identical, outputting error information, and quitting the installation;

Step A4, generating a third data block with the host inquiring code, the serial counting value and the card inquiring code by the
card connector; encrypting the third data block with the third session key so as to obtain a third encryption result by the
card connector; taking the third encryption result as a part of the authentication data, and computing the authentication
data with the fourth session key and a card connector information value so as to obtain a card connector computing result
by the card connector; sending an external authenticating instruction including the authentication data and the card connector
computing result to the card by the card connector;

Step A5, receiving the external authenticating instruction and reading the authentication data and the card connector computing result
from the external authenticating instruction by the card; reading a third encryption result from the authentication data,
generating a fourth data block with the host inquiring code, the serial counting value and the card inquiring code by the
card connector, encrypting the fourth data block with the first session key so as to obtain a fourth encryption result, and
comparing the fourth encryption result with the third encryption result by the card; if they are identical, going to Step
A6; while if they are not identical, sending error information and quitting the installation;

Step A6, computing the authentication data with the second session key and a card information value and comparing the obtained card
computing result with the card connector computing result by the card, if they are identical, sending an external authentication
success response to the card connector by the card and going to Step A7; while if they are not identical, sending error information and quitting the installation; and

Step A7, determining whether the application requested for installation is available, if yes, going to Step S1; otherwise, quitting the installation; and

Step S1, executing an instruction of request for installing an application, and determining whether a first instruction is received
successfully by a card connector, if yes, going to Step S2; otherwise, outputting error information and quitting the installation;

Step S2, sending the first instruction to a card by the card connector;

Step S3, receiving the first instruction and reading a first computing result of the first instruction from the first instruction
by the card, comparing the first computing result of the first instruction with a second computing result of the first instruction
computed by the first instruction, if they are identical, sending a first success response status code to the card connector
and going to Step S4 by the card; if they are not identical, sending a first failure response status code to the card connector, and then quitting
the installation by the card;

Step S4, determining whether a next first instruction is read successfully by the card connector, if yes, going back to Step S2; otherwise, going to Step S5;

Step S5, determining whether a second instruction is read successfully by the card connector, if yes, going to Step S6; otherwise, outputting error information and quitting the installation;

Step S6, sending the second instruction to the card by the card connector;

Step S7, receiving the second instruction and reading a first computing result of the second instruction from the second instruction,
and comparing the first computing result of the second instruction with a second computing result of the second instruction
computed by the second instruction, by the card, if they are identical, sending a second success response status code to the
card connector, and going to Step S8; while if they are not identical, sending a second failure response status code to the card connector and quitting the installation;

Step S8, determining whether a next second instruction is read successfully by the card connector, if yes, returning to Step S6; otherwise, going to Step S9;

Step S9, determining whether a third instruction is read successfully by the card connector, if yes, going to Step S10; otherwise, outputting error information and quitting the installation;

Step S10, sending a third instruction to the card by the card connector;

Step S11, receiving the third instruction, reading a first computing result of the third instruction, and comparing the first computing
result of the third instruction with a second computing result of the third instruction computed by the third instruction,
by the card; if they are identical, sending a third success response status code to the card connector and going to Step S12; while if they are not identical, sending a third failure response status code to the card connector and quitting the installation;

Step S12, determining whether a next third instruction is read successfully by the card connector, if yes, returning to Step S10; otherwise, going to Step S13;

Step S13, determining whether an activating instruction is executed successfully by the card connector, if yes, going to Step S14; otherwise, quitting the installation;

Step S14, determining whether a fourth instruction is read successfully by the card connector, if yes, going to Step S15; otherwise, quitting the installation;

Step S15, sending the fourth instruction to the card by the card connector;

Step S16, receiving the fourth instruction, executing a corresponding operation, and sending a fourth response status code to the
card connector by the card; and

Step S17, determining whether the fourth response status code is identical to a preset value by the card connector, if yes, sending
an application to the card; while if no, quitting the installation.

US Pat. No. 9,148,415

METHOD AND SYSTEM FOR ACCESSING E-BOOK DATA

Feitian Technologies Co.,...

1. A method for accessing to e-book data, wherein said method comprises that
Step A. an e-book hardware establishes a connection with an electronic device, and consults with the electronic device for
a reading key, in which the electronic device is a device with an interface compatible with a SD card, functions of encryption
and decryption, and function of storage in which that the electronic hardware consults with the electronic device for a reading
key comprises that the e-book hardware generates the reading key and sends the reading key to the electronic device, or the
electronic device generates the reading key and sends the reading key and/or a hardware serial number of the electronic device
to the e-book hardware, in which the reading key is a symmetrical key or an unsymmetrical key, and the key being sent is a
public part of the unsymmetrical key in case that the reading key is an unsymmetrical key;

Step B. the electronic device downloads the e-book data through a client side, which specifically comprises that
firstly, the electronic device establishes a connection with the client side;
the client side sends a request for establishing a connection to the server; and
the server authenticates identity of the electronic device through the client side, and refuses the access in case of failed
authentication, otherwise encrypts the e-book data with a downloading key and sends the encrypted e-book data to the electronic
device through the client side;

in which the method further including: consulting for the downloading key comprises that the electronic device presets an
unsymmetrical downloading key and personally stores the private part of the downloading key, and the server pre-stores a public
part copy of the downloading key which matches with the private part of the downloading key, or the electronic device sends
the public part of the downloading key to the server for storing when downloading the e-book through the client side for the
first time; and

Step C. the e-book hardware establishes the connection with the electronic device, processes the encrypted e-book data with
the downloading key and/or with the reading key, and the e-book hardware displays the e-book data;

in which Step A can be executed after Step B.

US Pat. No. 10,013,824

AUDIO DATA PARSING METHOD

Feitian Technologies Co.,...

1. A method for parsing audio data, comprising:Step A, receiving, by a parsing device, audio data, determining whether data exist in a first data buffer, if yes, combining the audio data received this time and the data in the first data buffer into data to be parsed; otherwise, taking the audio data received this time as data to be parsed;
Step B, shaping the data to be parsed to obtain the shaped data to be parsed;
Step C, decoding the shaped data to be parsed to obtain a first time decoded data;
Step D, determining whether head data is contained in the data to be parsed according to the first time decoded data, if yes, executing Step E; otherwise, clearing the data in the first data buffer and going back to execute Step A if data exist in the first data buffer, or going back to execute Step A directly if no data exist in the first data buffer;
Step E, obtaining data length, and obtaining a corresponding data unit in the first data according to the obtained data length;
Step F, determining whether all of the corresponding data units are obtained successfully, if yes, executing Step G; otherwise, storing the audio data received this time in the first data buffer; and going back to execute Step A;
Step G, performing a second time decoding on the obtained data units, obtaining corresponding byte data according to decoding result; check whether the rest of the bytes are correct according to the last byte; if yes, outputting the rest of the bytes; otherwise, clearing the data in the first data buffer and going back to execute Step A if data exist in the first data buffer or going to execute Step A directly if no data exist in the first data buffer.

US Pat. No. 9,449,020

METHOD FOR SMART CARD TO PROCESS CAP FILE

FEITIAN TECHNOLOGIES CO.,...

1. A method for processing a CAP document by a smart card, comprising:
A. establishing a connection between the smart card and an external terminal and initializing;
B. receiving, by the smart card, an Application Protocol Data Unit, APDU, command corresponding to the CAP document, and storing
the data comprised in the APDU command into a communication buffer;

C. determining, by the smart card, a value of a first status flag in the smart card, executing step D in a case that the value
is a first preset value; executing step E in a case that the value is a second preset value; executing step F in a case that
the value is a third preset value; executing step G in a case that the value is a fourth preset value; executing step H in
a case that the value is a fifth preset value; executing step I in a case that the value is a sixth preset value; executing
step J in a case that the value is a seventh preset value; executing step K in a case that the value is an eighth preset value;
executing step L in a case that the value is a ninth preset value; and executing step M in a case that the value is a tenth
preset value;

D. reading, by the smart card, a header component data of the APDU command from the communication buffer; processing, by the
smart card, unprocessed header component data when a size of the header component data read but unprocessed by the smart card
matches size information comprised in the header component data read by the smart card; when the smart card does not read
all data in the header component, and there is no unread data in the communication buffer, returning to step B; amending,
by the smart card, the first status flag to the second preset value when all the header component data are processed by the
smart card, and determining whether there is unread data in the communication buffer, if yes, returning to step C; if no,
returning to step B;

E. reading, by the smart card, a directory component data of the APDU command from the communication buffer; when the size
of the directory component data read but unprocessed by the smart card matches size information comprised in the directory
component data read by the smart card, processing, by the smart card, the unprocessed data; when the smart card does not read
all data included in the directory component and there is no unread data in the communication buffer, returning to step B;
amending, by the smart card, the first status flag to the third preset value when all the directory component data are processed
by the smart card, and determining whether there is unread data in the communication buffer, if yes, returning to step C;
if no, returning to step B;

F. reading, by the smart card, an applet component data of the APDU command from the communication buffer; processing, by
the smart card, unprocessed data when the size of the applet component data read but unprocessed by the smart card matches
size information comprised in the applet component data read by the smart card; when the smart card does not read all applet
component data included in the applet component, returning to step B; when the smart card has processed all applet component
data included in the applet component, amending, by the smart card, value of the first status flag to the fourth preset value,
and determining whether there is unread data in the communication buffer, if yes, returning to step C; if no, returning to
step B;

G. reading, by the smart card, an importing component data of the APDU command from the communication buffer; processing,
by the smart card, unprocessed data when the size of the importing component data read but unprocessed by the smart card matches
size information comprised in the importing component data read by the smart card; when the smart card does not read all importing
component data included in the importing component and there is no unread data in the communication buffer, returning to step
B; when the smart card has processed all importing component data included in the importing component, amending, by the smart
card, the value of the first status flag to the fifth preset value, and determining whether there is unread data in the communication
buffer, if yes, returning to step C, if no, returning to step B;

H. reading, by the smart card, a class component data of the APDU command from the communication buffer; when the smart card
has read all class component data, and there is no unread data in the communication buffer, returning to step B; processing,
by the smart card, the class component when all class component data included in the class component are read by the smart
card, and amending the value of the first status flag to the sixth preset value, and determining whether there is unread data
in the communication buffer, if yes, returning to step C; if no, returning to step B;

I. reading, by the smart card, a method component data of the APDU command from the communication buffer; when the smart card
does not read all method component data included in the method component, and there is no unread data in the communication
buffer, returning to step B; amending, by the smart card, the value of the first status flag to the seventh preset value when
the smart card has read all method component data included in the method component, and determining whether there is unread
data in the communication buffer, if yes, returning to step C, if no, returning to step B;

J. reading, by the smart card, a static field component data of the APDU command from the communication buffer; processing,
by the smart card, the unprocessed static field component data when the size of the static field data read but unprocessed
by the smart card matches size information comprised in the static field component data read by the smart card; when the smart
card does not read all static field component data included in the static field component, and there is no unread data in
the communication buffer, returning to step B; when the smart card has processed all static field component data included
in the static field component, amending, by the smart card, the value of the first status flag to the eighth preset value,
and determining whether there is unread data in the communication buffer, if yes, returning to step C, if no, returning to
step B;

K. reading, by the smart card, an export component data of the APDU command from the communication buffer; when the smart
card does not read all export component data included in the export component, and there is no unread data in the communication
buffer, returning to step B; when the smart card has read all export component data included in the export component, processing,
by the smart card, the export component, and amending the value of the first status flag to the ninth preset value, and determining
whether there is unread data in the communication buffer, if yes, returning to step C, if no, returning to step B;

L. reading, by the smart card, a constant pool component data of the APDU command from the communication buffer; when the
smart card does not read all constant pool component data included in the constant pool component, and there is no unread
data in the communication buffer, returning to step B; when the smart card has read all constant pool component data included
in the constant pool component, processing, by the smart card, the constant pool component, and amending value of the first
status flag to the tenth preset value, and determining whether there is unread data in the communication buffer, if yes, returning
to step C, if no, returning to step B;

M. reading, by the smart card, a reference location component data of the APDU command from the communication buffer; processing,
by the smart card, the unprocessed reference location component data when the size of the reference location component data
read but unprocessed by the smart card matches size information comprised in the reference location component data read by
the smart card; when the smart card does not read all reference location component data included in the reference location
component, and there is no unread data in the communication buffer, returning to step B; when the smart card has processed
all reference location component data included in the reference location component, ending the method.

US Pat. No. 9,411,990

WORKING METHOD OF A MULTI-SLOT CARD READER BASED ON THE STANDARD CCID PROTOCOL

Feitian Technologies Co.,...

1. A working method for a card reader with multiple card slots based on standard CCID protocol, wherein said method comprises:
Step S1, powering on the card reader and initializing the card reader, and connecting, by the card reader, to a host via an USB interface;

Step S2, waiting for receiving an instruction sent by the host, and detecting an USB flag bit, determining whether the USB flag bit
is set, if yes, executing Step S3; if no, returning to Step S2;

Step S3, returning an configuration information of the USB interface to the host according to a received USB configuration instruction,
in which the configuration information of the USB interface includes the amount of card slots and an end-point configuration
of each card slot, and in which the end-point configuration of every slot includes an output end-point and an input end-point;

Step S4, determining whether the configuration information of the USB interface is returned to the host completely, if yes, executing
Step S5; if no, returning to Step S2;

Step S5, waiting for receiving an instruction sent by the host, and when a set flag bit is detected, determining type of the set
flag bit, executing Step S6 in the case that the flag bit is a contact card flag bit; executing Step S7 in the case that the flag bit is a timing flag bit; and executing Step S10 in the case that the flag bit is an USB flag bit;

Step S6, determining change type of a “card-is-in-the-slot” pin electronic level of a corresponding current contact card slot in
accordance with the contact card flag bit, if the electronic level changes from low level to high level, the contact card
flag bit is reset, and the status of the current contact card slot is recorded as with-a-card but not powered on, returning
to Step S5; if the electronic level changes from high level to low level, the contact card flag bit is reset, and the status of the
current contact slot is recorded as without-a-card, returning to Step S5;

Step S7, sending a call-for-a-card instruction to a corresponding current non-contact card slot regularly in accordance with the
timing flag bit, and determining whether a response is received in a preset time, if yes, executing Step S8; if no, executing Step S9;

Step S8, determining whether the recorded status of the current non-contact card slot is with-a-card, if yes, resetting the timing
flag bit and returning to Step S5; if no, resetting the timing flag bit and recording the status of the current non-contact card as with-a-card, and returning
to Step S5;

Step S9, determining whether the recorded status of the current non-contact card slot is without-a-card, if yes, resetting the timing
flag bit and returning to Step S5; if no, resetting the timing flag bit and recording the status of the current non-contact card slot as without-a-card, and
returning to Step S5;

Step S10, detecting a corresponding current card slot according to an output end-point of a received instruction;

Step S11, storing an instruction in a USB memory into a first buffer of the current card slot; parsing the instruction in the first
buffer, performing a corresponding operation according to the parsed result to get a result, and storing the result into a
second buffer of the current card slot; and

Step S12, sending data in the second buffer to the host via an input end-point of the current card slot, returning to Step S5.

US Pat. No. 9,178,875

METHOD FOR AUTHENTICATING AN OTP AND AN INSTRUMENT THEREFOR

Feitian Technologies Co.,...

1. A method for authenticating an OTP, comprising:
Step 1, obtaining the OTP generated by an OTP token and ID of the OTP token;
Step 2, determining whether the OTP token is authenticated successfully, if no, going to Step 3; if yes, going to Step 4;
Step 3, setting size of an authentication window to be a first predetermined time length, computing an OTP by a time value
selected from the authentication window and comparing the OTP computed with the OTP obtained to authenticate the obtained
OTP;

Step 4, obtaining authentication success time corresponding to the token ID in a database, and determining whether a time
interval between the authentication success time and the current system time is longer than a second predetermined time length,
if yes, going to Step 5, otherwise, going to Step 6;

Step 5, setting size of the authentication window to be a third predetermined time length and authenticating the obtained
OTP according to the authentication window and the authentication success time, in which an OTP is computed by a time value
selected from the authentication window and compared with the OTP obtained, and the third predetermined time length is shorter
than the first predetermined time length; and

Step 6, setting size of the authentication window to be a fourth predetermined time length and authenticating the obtained
OTP according to the authentication window and the authentication success time, in which an OTP is computed by a time value
selected from the authentication window and compared with the OTP obtained, and the fourth predetermined time length is shorter
than the third predetermined time length.

US Pat. No. 9,055,058

METHOD AND APPARATUS FOR SERIAL DEVICE REGISTRATION

Feitian Technologies Co.,...

1. A method for registering a serial device, comprising steps of
a first serial device establishing connection to a second serial device;
the first serial device reporting device attribute information of the first serial device to the second serial device, and
thus initiating a process of registering the first serial device in the second serial device;

in the process of registering, the first serial device sending a first signature certificate after the first serial device
receives a request of asking for signature certificate from the second serial device;

the first serial device receiving a first challenge code returned from the second serial device and computing the first challenge
code to obtain a first signature value;

the first serial device sending the first signature value to the second serial device, and thus the second serial device authenticating
the first signature value according to the first signature certificate and returning an authentication result to the first
serial device; and

the first serial device accomplishing registering in the second serial device after the first serial device passing authentication
successfully; the said method further comprises the first serial device authenticating the second serial device, wherein

the first serial device obtaining a second signature certificate from the second serial device;
the first serial device sending a second challenge code to the second serial device, and thus the second serial device generating
a second signature value according to the second challenge code and returning the second signature value to the first serial
device; and

the first serial device using the second signature certificate to authenticate the second signature value; and after passing
authentication successfully, the first serial device sending information of successful authentication to the second serial
device.

US Pat. No. 9,967,314

IOS DEVICE BASED WEBPAGE BLOCKING METHOD AND DEVICE

Feitian Technologies Co.,...

1. A method for blocking a webpage based on an iOS device, which is applied in an iOS device comprising an application program and a system component, wherein, the method comprises following steps:S1) starting the application program, creating a subclass object of URL (Uniform Resource Locator) cache class, and pointing the subclass object as a cache object of uniform resource locator, in which the cache object of uniform resource locator is a visited object when a web request is send by the system component;
S2) obtaining, by the application program, HTTP (Hypertext transfer protocol) address entered by a user, generating a first request information according to the HTTP address, and sending the first request information to the system component;
S3) monitoring, by the application program, a web request sent by the system component via the subclass object;
S4) obtaining, by the application program, a second request information from the system component, and parsing the second request information so as to obtain a uniform resource locator character string included in the second request information, when the web request is successfully monitored by the application program;
S5) matching, by the application program, a link character string with the parsed uniform resource locator character string, if the match is success, executing Step S6; while if the match fails, executing Step S7;
S6) generating, by the application program, a fake-response data, returning the fake-response data to the system component, displaying the fake-response data via the system component, and returning to Step S3; and
S7) sending, by the application program, the second request information to a web server, receiving response information returned from the web server, sending the response information to the system component, and returning to Step S3,
wherein Step S5 specifically comprises:
A1) reading, by the application program, a line of link character string from the very beginning of an initial position of a preset link match file, and setting a current position as a final position of the read link character string;
A2) matching, by the application program, the read link character string with the parsed URL character string, if matching successfully, executing Step S6; while if matching unsuccessfully, executing Step A3;
A3) determining, by the application program, whether the current position is an ending position of the link match file, if yes, executing Step S7; otherwise, executing Step A4; and
A4) reading, by the application program, a line of link character string from the link match file starting from the current position, updating the current position with a final position of the read link character string, and returning to Step A2.

US Pat. No. 9,948,469

METHOD FOR IDENTIFYING AUDIO DEVICE

Feitian Technologies Co.,...

1. A method for identifying an audio device, which is applied for a system including a mobile device and an audio device, wherein the method comprises:starting, by the mobile device, a thread of monitoring any pulling out or inserting of an audio device so as to monitor pulling out or inserting of the audio device;
when the mobile device connects the audio device, the mobile device operates the following steps:
Step S1, starting, by the mobile device, to record when the mobile device monitors that the audio device is inserted into the mobile device;
Step S2, determining, by the mobile device, whether audio data received in a first preset time is characteristic data, if yes, executing Step S4; if no, executing Step S3;
Step S3, turning off, by the mobile device, recording, ending;
Step S4, identifying, by the mobile device, the inserted audio device as an audio smart key device; and
Step S5, sending, by the mobile device, data to the audio smart key device;
when the audio smart key device connects the mobile device, the audio smart key device executes the following steps:
Step T1, powering on and initializing by the audio smart key device;
Step T2, sending, by the audio smart key device, audio data to the mobile device;
Step T3, determining, by the audio smart key device, whether data sent by the mobile device is received in a second preset time, if yes, executing Step T4; if no, turning off the audio smart key device; and
Step T4, processing, by the audio smart key device, the data sent by the mobile device;
when the mobile device monitors that the audio device is pulled out, turning off the recording, ending the mobile device; then turning off the audio device.

US Pat. No. 9,601,120

WORKING METHOD OF SOUND TRANSMISSION-BASED DYNAMIC TOKEN

Feitian Technologies Co.,...

1. A working method of a voice transfer based dynamic token, comprising:
Step A), waiting for receiving a button interruption and determining whether the button interruption is received, if yes,
determining type of the pressed button, if the pressed button is the first physical button, going to Step B); if the pressed
button is the second physical button, going to Step E); otherwise, continuously executing the Step A);

Step B), determining whether any button has been pressed over a preset time, if yes, going to execute Step C), otherwise,
going to execute Step D);

Step C), checking for current status of the dynamic token, if the current status is Sleep status, setting the current status
into Standby status, displaying a Standby interface and going to Step F); if the current status is Standby status or status
of collecting data or status of waiting for confirmation or status of displaying an one-time password (OTP), setting the current
status into Sleep status and going to Step A);

Step D), checking for current status of the dynamic token, if the current status is Standby status, setting the current status
into status of collecting data, collecting and decoding voice data, and after the decoding is completed, setting the current
status into status of waiting for confirmation, displaying received data and going to Step F);

Step E), checking for current status of the dynamic token, if the current status is Sleep status, going to Step A); if the
current status is status of collecting data, returning to Step A); if the current status is status of waiting for confirmation,
setting the current status into status of displaying the OTP, generating and displaying the OTP according to the received
data; if the current status is status of displaying the OTP, returning to Step A);

Step F), waiting for a button interruption and determining whether the button interruption is detected, if the button interruption
is detected, determining type of the pressed button, if the pressed button is the first physical button, returning to Step
B); if the pressed button is the second physical button, returning to Step E); otherwise going to execute Step G); and

Step G), determining whether timeout happens, if yes, setting the current status into Sleep status and returning to Step A);
if no, returning to Step F).

US Pat. No. 9,588,696

MONTGOMERY MODULAR MULTIPLICATION-BASED DATA PROCESSING METHOD

FEITIAN TECHNOLOGIES CO.,...

1. A data processing method based on Montgomery modular multiplication, wherein a first random memory is configured to store
a multiplier, a second random memory is configured to store a multiplicand and a third random memory is configured to store
a modulus, the method comprises:
step 1, comprising: initializing, by a CPU, a fifth random memory and initializing a first offset and a second offset;
step 2, comprising: reading, by the CPU, one word from the second random memory according to the first offset and writing
the word into a first arithmetic register;

step 3, comprising: invoking, by the CPU, a multiply-add module to perform an operation of multiplying content of the first
arithmetic register and content of the first random memory and adding a multiplying result to content of the fifth random
memory, writing a computing result obtained into the fifth random memory ordered from a low bit to a high bit according to
the second offset;

step 4, comprising: reading, by the CPU, one word from the fifth random memory and writing the word into a second arithmetic
register according to the second offset, multiplying content of the second arithmetic register with content of a constant
register and writing a low bit of a multiplying result into a fourth register;

step 5, comprising: reading, by the CPU, content of the fourth register, content of the third random memory and the content
of the fifth random memory; invoking the multiply-add module to multiply the content of the fourth register and the content
of the third random memory and to add a multiplication result to the content of the fifth random memory; adding 1 to the second
offset and writing a computing result obtained from the multiply-add module according to the second offset ordered from a
low bit to a high bit into the fifth random memory;

step 6, comprising: determining, by the CPU, whether the first offset is equal to a preset step, executing step 8 if the first
offset is equal to the preset step; executing step 7 if the first offset is not equal to the preset step;

step 7, comprising: adding 1 to the first offset and going back to step 2;
step 8, comprising: reading, by the CPU, the content of the fifth random memory and the content of the third random memory,
determining whether a value of the content of the fifth random memory is more than or equal to a value of the content of the
third random memory, execute step 9 if the value of the content of the fifth random memory is more than or equal to the value
of the content of the third random memory, executing step 0 if the value of the content of the fifth random memory is not
more than or equal to the value of the content of the third random memory;

step 9, comprising: subtracting, by the CPU, the content of the third random memory from the content of the fifth random memory,
and writing a subtraction result into the fifth random memory ordered from a low bit to a high bit according to the second
offset; executing step 10; and

step 10, comprising: outputting, by the CPU, the content of the fifth random memory.

US Pat. No. 9,437,196

WORKING METHOD OF SOUND TRANSMISSION-BASED DYNAMIC TOKEN

Feitian Technologies Co.,...

1. A working method of a voice transfer based dynamic token, comprising:
Step a), waiting for receiving a button interruption and determining whether the button interruption is received, if yes,
determining type of the pressed button, if the pressed button is a Power button, going to Step b); if the pressed button is
a Collect button, going to Step c); if the pressed button is a Confirm button, going to Step d);

Step b), checking for current status of the dynamic token, if the current status is Sleep status, setting the current status
into Standby status, displaying a Standby interface and going to Step f); if the current status is Standby status or status
of collecting data or status of waiting for confirmation, setting the current status into Sleep status and going to Step a);

Step c), checking for current status of the dynamic token, if the current status is Standby status, setting the current status
into status of collecting data, collecting and decoding voice data, and after the decoding is completed, setting the current
status into status of waiting for confirmation, displaying the received data and going to Step f);

Step d), checking for current status of the dynamic token, if the current status is Sleep status, going to Step a); if the
current status is status of collecting data, returning to Step a); if the current status is status of waiting for confirmation,
setting the current status into status of displaying an one-time password (OTP), generating and displaying a OTP according
to the received data; if the current status is status of displaying the OTP, returning to Step a);

Step f), waiting for a button interruption and determining whether the button interruption is detected, if the button interruption
is detected, determining type of the pressed button, if the pressed button is a Power button, returning to Step b); if the
pressed button is Collect button, returning to Step c); if the pressed button is Confirm button, returning to Step d); if
the button interruption is not detected, going to Step g); and

Step g), determining whether timeout happens, if yes, setting the current status into Sleep status and returning to Step a);
if no, returning to Step f).

US Pat. No. 9,419,793

METHOD FOR GENERATING LARGE PRIME NUMBER IN EMBEDDED SYSTEM

Feitian Technologies Co.,...

1. An encryption process, the encryption process uses a large prime number as a key parameter, the large prime number is generated
in an embedded system, the embedded system comprising a first storage area and a second storage area, wherein the first storage
area stores an identifier group with a predetermined size, sequence numbers of the identifiers in the identifier group are
consecutive integers including 0, and different identifiers have different sequence numbers, and the second storage area comprises
a plurality of storage units, and the different storage units store different prime numbers,
the method of generating the large prime number in the embedded system comprising steps of:
1) resetting all identifiers in the identifier group stored in the first storage area;
using a random number generator to generate a random number with a predetermined bit length, and storing the random number
in a third storage area, taking the data of the storage unit in the second storage area as modulus to perform modulus operation
on the data stored in the third storage area to obtain a modulus value; according to the modulus value and the data stored
in the storage unit corresponding to the modulus value, determining a sequence number of the identifier which requires to
be reset in the identifier group, and resetting the identifier corresponding to the sequence number;

2) determining whether a reset identifier exists in the identifier group, if yes, go to Step 3); if no, go back to Step 1);
3) determining a number to be tested according to the random number and the sequence number of the reset identifier in the
identifier group, and performing a primality test on the number to be tested; if the number to be tested passes the primality
test, outputting the number to be tested as a large prime number; while if numbers to be tested corresponding to all the reset
identifiers in the identifier group do not pass the primality test, go back to Step 1); and

using the large prime number in the encryption process.

US Pat. No. 9,172,536

AUDIO COMMUNICATION BASED ELECTRONIC SIGNATURE SYSTEM AND METHOD THEREOF

Feitian Technologies Co.,...

1. An audio communication based electronic signature system, comprising an audio smart key device and a terminal, the audio
smart key device comprising an interface module, a data processing module, a smart key module, a key pair generating unit,
and a power module, wherein:
the interface module is configured to establish a connection with an audio input interface and an audio output interface of
the terminal, to receive an audio signal sent by the terminal, to convert the audio signal into a digital signal and send
the digital signal to the data processing module, to convert the digital signal into an audio signal and send the audio signal
to the terminal, and the interface module is further configured to modulate and demodulate the digital signal;

the data processing module is configured to parse the digital signal from the interface module and send the parsed data to
the smart key module, and the data processing module is further configured to package the data from the smart key module to
obtain a digital signal and send the digital signal to the interface module;

the smart key module is configured to perform an operation on the data received by the data processing module and send an
operation result to the data processing module;

the power module is configured to supply power for the audio smart key device;
the terminal comprises the audio output interface, the audio input interface and an application unit,
the audio output interface is configured to output the audio signal generated by the terminal to the audio smart key device;
the audio input interface is configured to receive the audio signal sent to the terminal from the audio smart key device;
the application unit is configured to revoke a multi-media application interface to enable the terminal to access the audio
interfaces, and to convert a digital signal to be sent into the audio signal or convert the received audio signal into a digital
signal,

the smart key module includes: a decryption unit, a signing unit, and an encryption unit
the decryption unit is configured to decrypt a message, the message being included in the parsed data received from the data
processing module;

the signing unit is configured to sign the decrypted message to obtain a signature value and to send the signature value to
the encryption unit;

the encryption unit is configured to encrypt the signature value and to send the encrypted signature value to the data processing
module;

the key pair generating unit is configured to generate a public key and a private key, to send the private key to the encryption
unit, and to send the public key to a server;

the decryption unit is further configured to receive the public key sent by the server to the audio smart key device and to
decrypt a message with the received public key; and

the encryption unit is further configured to encrypt the signature value with the private key generated by the key pair generating
unit and to send the encrypted signature value to the data processing module.

US Pat. No. 10,042,803

OPERATING METHOD FOR CARD READER

Feitian Technologies Co.,...

1. A card reader, said card reader works with a computer to perform a working method comprising the steps of:Step S1, powering on, by a card reader, initializing, and setting a work mode according to a type of a device which connects to the card reader;
Step S2, determining the work mode, waiting for receiving audio data in the case that the work mode is an audio mode, and executing Step S3 when the audio data is received; waiting for receiving USB data in the case that the work mode is a USB mode, and executing Step S5 when the USB data is received;
Step S3, transferring the audio data into digital signals, composing the digital signals to obtain a data package, parsing the data package to obtain a parsing result, determining a type of an instruction according to the parsing result; sending an operating-card instruction to a card, waiting for receiving an operation result returned by the card, and executing Step S4 if the instruction is the operating-card instruction; otherwise, executing a corresponding operation to obtain an operation result, and executing Step S4;
Step S4, transferring the operation result to an audio data package, sending the audio data package to a connected device, and returning to Step S2; and
Step S5, determining a type of the received USB data; sending the operating-card instruction to the card, waiting for receiving an operation result returned by the card, sending the operation result to a device which connects to the card reader, and returning to Step S2 if the received USB data is an operating-card instruction; executing corresponding operation, and returning an operation result to the device which connects to the card reader, and returning to Step S2 if the received USB data is the other instruction.

US Pat. No. 9,589,160

WORKING METHOD FOR SMART CARD READER

Feitian Technologies Co.,...

1. A working method for a smart card reader, wherein said method comprises:
Step S0, powering on the card reader and beginning initialization; in which the initialization comprises resetting a USB transmission
flag;

Step S1, setting a system mode according to a type of a device which connects to the card reader;

Step S2, determining the system mode, executing Step S3 in a case that the system mode is an IOS mode; executing Step S6 in a case that the system mode is a USB mode;

Step S3, determining whether an authenticating operation is required to be re-performed, if yes, executing Step S4, otherwise executing Step S5;

Step S4, performing the authenticating operation, and determining whether the certificating operation is successfully performed,
if yes, setting ‘the authenticating operation is not required to be re-performed’, otherwise, executing Step S5;

Step S5, waiting for receiving data sent by an IOS platform compatible device, when the data is received, determining a type of an
instruction, performing a power-on operation on the card and returning a power-on processing response to the IOS platform
compatible device, and returning to Step S2 in a case that the instruction is a power-on instruction; performing a power-off operation on the card and returning a power-off
successful response to the IOS platform compatible device, and returning to Step S2 in a case that the instruction is a power-off instruction; sending APDU data in the data exchange APDU instruction to the
card to be processed in a case that the instruction is a data exchange APDU instruction, when a processed result returned
by the card is received, the processed result is returned to the IOS platform compatible device, and returning to Step S2;

Step S6, determining whether the USB data transmission flag is set, if yes, executing Step S9, otherwise, executing Step S7;

Step S7, enabling USB connection;

Step S8, performing a USB enumerating operation, and determining whether the enumerating operation is finished, if yes, setting the
USB data transmission flag and executing Step S9, otherwise, returning to Step S2; and

Step S9, waiting for receiving USB data sent by an upper computer, determining a type of an instruction when the USB data is received,
performing a power-on operation on the card and returning an power-on processing response to the upper computer, and returning
to Step S2 in a case that the instruction is a power-on instruction; performing a power-off operation on the card and returning a power-on
successful response to the upper computer, and returning to Step S2 in a case that the instruction is a power-off instruction; sending APDU data in the data exchange APDU instruction to the
card to be processed in a case that the instruction is a data exchange APDU instruction, when a processed result returned
by the card is received, the processed result is returned to the upper computer, and returning to Step S2.

US Pat. No. 9,536,120

METHOD FOR ENHANCING STABILITY OF COMMUNICATION BETWEEN A CONTACTLESS CARD AND A CARD READER

Feitian Technologies Co.,...

1. A method for enhancing stability of communication between a contactless card and a card reader, comprising
Step a, initiating, by the card reader having a receiver, time-out timing and a receiver, and waiting for receiving data returned
by the card;

Step b, determining, by the card reader, whether time-out happens, if yes, shutting down the receiver and sending a time-out
error prompt to a host; otherwise, going to Step c;

Step c, determining, by the card reader, whether a sub-carrier wave is detected, if yes, stopping time-out timing, receiving
a data frame and going to Step d; otherwise, returning to Step b; the sub-carrier wave being outside carrier wave signal detected
by the card reader;

Step d, determining, by the card reader, whether there is a frame error in the received data frame, wherein the frame error
comprises that the data frame is not received or there is frame header error or frame footer error in the received data frame
or the received data frame is a vacant frame; if yes, discarding the received data frame, going on time-out timing and returning
to Step b; otherwise, going to Step e;

Step e, determining, by the card reader, whether CRC check and/or parity check of the received data frame are correct, if
yes, going to Step h; otherwise, going to Step f;

Step f, determining, by the card reader, whether length of the received data frame is smaller than preset byte, if yes, discarding
the received data frame, going on time-out timing and returning to Step b; otherwise, going to Step g;

Step g, determining, by the card reader, whether the received data frame is integrate, if yes, shutting down the receiver
and sending a transfer error prompt to the host; otherwise, discarding the received data frame, going on time-out timing and
returning to Step b; wherein the determining whether the received data frame is integrate comprises determining, by the card
reader, whether bit number of the received data frame is integer times of 8, if yes, the received data frame is integrate;
if no, the received data frame is not integrate; and

Step h, determining, by the card reader, whether there is other error in the received data frame, wherein other error comprises
that length of the data frame is larger than length regulated by a protocol or smaller than minimum length regulated by the
protocol; if yes, discarding the received data frame, going on time-out timing and returning to Step b; otherwise, shutting
down the receiver and sending the received data returned by the card to the host.

US Pat. No. 9,143,505

IMAGE COLLECTION BASED INFORMATION SECURITY METHOD AND SYSTEM

Feitian Technologies Co.,...

1. An image collection based information security method, comprising:
Step 1, a server side receiving a first transaction data sent from a client side, and generating a second transaction data
with the first transaction data;

Step 2, the server side converting the second transaction data into a transaction image, and sending the transaction image
to the client side;

Step 3, a dynamic token collecting the transaction image, pre-processing the transaction image and converting the transaction
image into a third transaction data, and displaying the third transaction data for a user's confirmation;

Step 4, combining a built-in seed key with the third transaction data which comprises a transaction amount according to a
predetermined rule by the dynamic token;

performing operation on the combined data to generate a fix-sized message value by the dynamic token;
subtracting data from the message value with a predetermined rule, and taking a decimal number of the subtracted data as a
second dynamic password;

displaying the second dynamic password by the dynamic token;
Step 5, the client side receiving the second dynamic password input by the user, and sending the second dynamic password to
the server side; and

Step 6, the server side receiving the second dynamic password, generating a first dynamic password with the second transaction
data, and determining whether the first dynamic password is identical to the second dynamic password, if yes, the authentication
being successful and transaction being executed; if no, operation being cancelled.

US Pat. No. 10,013,175

METHOD AND DEVICE FOR INDEXING EXTERNAL SD CARD

Feitian Technologies Co.,...

1. A method for retrieving an external SD card, wherein the method comprises: Step S1, obtaining a loading paths list; Step S2, making a first loading path in the loading paths list as a current information record; Step S3, determining whether the current information record meets a filter criterion, if yes, executing Step S4; otherwise, executing Step S9; Step S4, detaching/splitting the current information record into a plurality of paths with a space, and making a first path as a current path of the current information record; Step S5, determining whether any preset character string is included in the current path, if yes, executing Step S6; otherwise, executing Step S7; Step S6, recording the current path and making it as a suspected external SD card path, then executing Step S7; Step S7, determining whether any unprocessed path exists in the current information record, if yes, executing Step S8; otherwise, executing Step S9; Step S8, making the next path as the current path of the current information record, then returning to Step S5; Step S9, determining whether any unprocessed loading path exists in the loading paths list, if yes, executing Step S10; otherwise, executing Step S11; Step S10, making the next loading path in the loading paths list as a current information record, then returning to Step S3; Step S11, determining whether any suspected external SD card is recorded, if yes, executing Step S12; otherwise, a final external SD card is not found; and Step S12, determining whether the final external SD card path exists in the recorded suspected external SD card paths, if yes, the final external SD card is found; otherwise, the final external SD card is not found.

US Pat. No. 9,864,599

FIRMWARE UPDATE METHOD IN TWO-CHIP SOLUTION FOR SECURE TERMINAL

Feitian Technologies Co.,...

1. A method for updating a firmware in a double-chip-schemed security terminal, wherein said method comprises:
checking, by a security terminal, firmware information which is cached in a firmware buffer, and determining a type of the
firmware to be updated according to the firmware information, updating a security firmware in the case that the firmware is
the security firmware, while updating an application firmware in the case that the firmware is the application firmware;

in which the security terminal comprises a security processor and an application processor,
updating a security firmware comprises:
Step A1, erasing, by the security processor, a security firmware storage area, decrypting a first cipher in firmware data
cached in the firmware buffer so as to obtain a symmetric key, and initializing a firmware-read address and a firmware-updated
destination address;

Step A2, reading, by the security processor, a preset length of data from the firmware-read address, decrypting the read data
according to the symmetric key so as to obtain decrypted data, writing the decrypted data in the firmware-updated destination
address, and updating the firmware-read address and the firmware-updated destination address; and

Step A3, determining, by the security processor, whether there exists any unread data, if yes, returning to Step A2; otherwise,
ending the updating security firmware; and

updating an application firmware comprises:
Step B1, erasing, by the application processor, an application firmware storage area, sending a reading-firmware-information
instruction to the security processor, and waiting for firmware information returned from the security processor;

Step B2, decrypting, by the security processor, the first cipher in the firmware data cached in the firmware buffer so as
to obtain a symmetric key after the reading-firmware-information instruction is received by the security processor, initializing
the firmware-read address, and returning the firmware information cached in the firmware buffer to the application processor;

Step B3, initializing, by the application processor, the firmware-updated destination address after the firmware information
is received by the application process, and executing Step B4;

Step B4, sending, by the application processor, a reading-firmware-data instruction to the security processor, and waiting
for firmware data returned from the security processor;

Step B5, reading, by the security processor, a preset length of data from the firmware-read address after the reading-firmware-data
instruction is received by the security processor, updating the firmware-read address, decrypting the read data according
to the symmetric key, and returning data obtained by decrypting, which is decrypted data, to the application processor; and

Step B6, writing, by the application processor, the decrypted data into the firmware-updated destination address after the
decrypted data is received by the application processor, updating the firmware-updated destination address; and determining
whether there exists any unread data, if yes, returning to Step B4; otherwise, ending the updating application firmware.

US Pat. No. 9,755,762

OPTICAL SIGNAL RECOGNITION METHOD AND APPARATUS

Feitian Technologies Co.,...

1. A method for recognizing optical signal comprising the steps of:
Step S0, initializing a device of recognizing optical signal;

Step S1, collecting an optical source voltage value in a collecting channel, obtaining a set of optical source voltage values, and
storing the collected set of optical source voltage values into a voltage value array;

Step S2, comparing the set of optical source voltage values with a comparison threshold, and generating optical data according to
comparing result;

Step S3, determining whether the optical data is identical to the optical data obtained by last time of converting, if yes, going
back to Step S1; otherwise, going to Step S4;

Step S4, collecting optical source voltage values in the collecting channel, obtaining a set of optical source values, comparing
the set of optical source values with the comparison threshold, generating optical data according to comparison result, and
storing the optical data into a converting array;

Step S5, determining whether the number of the optical data in the converting array reaches a preset number, if yes, executing Step
S6; otherwise, executing Step S4;

Step S6, determining whether respective optical data in the converting array are identical, if yes, executing Step S8; otherwise, executing Step S7;

Step S7, deleting the optical data which is the earliest stored in the converting array, and going back to Step S4; and

Step S8, setting frame data as the optical data in the converting array, and returning the frame data.

US Pat. No. 9,367,675

METHOD FOR VERIFYING AND CALIBRATING TIME

Feitian Technologies Co.,...

1. A method for verifying and calibrating time, comprising the steps of:
a.) receiving, by a calibrating device, a first dynamic password and a user identifier sent from a client, computing a current
time factor according to current time of a server and determining a first time factor;

b.) obtaining, by the calibrating device, a seed according to the user identifier, generating a second dynamic password group
and comparing a second dynamic password in the second dynamic password group with the first dynamic password, performing step
d.) if the second dynamic password matches with the first dynamic password, performing step c.) if the second dynamic password
does not match with the first dynamic password;

c.) determining, by the calibrating device, a second time factor according to the current time factor and a first preset value,
generating a third dynamic password group and comparing a third dynamic password in the third dynamic password group with
the first dynamic password, performing step d.) if the third dynamic password matches with the first dynamic password; returning
error information and performing step a.) if the third dynamic password does not match with the first dynamic password;

d.) recording, by the calibrating device, time of current successful verification and a current time offset value, obtaining
last calibrating time, obtaining a first time difference according to time of current successful verification and the last
calibrating time and determining whether the first time difference is no less than a second preset value, performing step
e.) if the first time difference is no less than a second preset value; returning successful verification information if the
first time difference is less than a second preset value;

e.) obtaining, by the calibrating device, a benchmark offset value and corresponding time of the benchmark offset value from
a second storing place, determining whether the current time offset value belongs to an offset interval determined by the
benchmark time offset value, performing step f.) if the current time offset value belongs to the offset interval determined
by the benchmark time offset value; updating, by the calibrating device, the benchmark time offset value and returning successful
verification information if the current time offset value does not belong to the offset interval determined by the benchmark
time offset value;

f.) computing, by the calibrating device, a benchmark offset according to the benchmark time offset value and corresponding
time of the same, obtaining a time offset value of last successful verification and corresponding time of the last successful
verification, computing a unit offset according to the time offset of last successful verification and corresponding time
of the same and a current time offset and corresponding time of the same, determining whether the unit offset belongs to the
interval determined by the benchmark offset, performing step g.) if the unit offset belongs to the interval determined by
the benchmark offset; returning successful verification information if the unit offset does not belong to the interval determined
by the benchmark offset; and

g.) updating, by the calibrating device, a clock offset according to the current time offset value, storing calibrating time
of this time to a first storing place, storing current time offset value and the current successful verification time to a
third storing place to replace an original content and returning successful verification information;

wherein the second preset value is a preset calibrating period, which represents a minimum time value required by calibrating
time once.

US Pat. No. 9,350,728

METHOD AND SYSTEM FOR GENERATING AND AUTHORIZING DYNAMIC PASSWORD

Feitian Technologies Co.,...

1. A method for generating and verifying a dynamic password, said method comprises the steps of:
receiving, by a token, a command for generating dynamic password and generating a first dynamic factor by dividing the number
of seconds counted by the first timer by a first preset time length and performing a rounding operation on an obtained quotient
so as to obtain the first dynamic factor according to time counted by a first timer inside the token; in which when the token
detects a preset condition, it initializes a first offset pointer;

determining, by the token, whether the first offset pointer is in an invalid state, if yes, reporting an error; otherwise,
keeping on operating;

obtaining, by the token, a current data from a first data group according to the first offset pointer, invoking preset algorithm,
and obtaining a first dynamic password by computing according to the first dynamic factor and the current data; determining
whether the current data is the last data in the first data group, if yes, setting the first offset pointer as the invalid
state; otherwise, pointing the first offset pointer to the next data of the current data;

receiving, by a server, a second dynamic password input by a user, and obtaining a second dynamic factor by dividing the number
of seconds counted by the second timer by the first preset time length and performing a rounding operation on an obtained
quotient so as to obtain the second dynamic factor according to time counted by a second timer inside the server;

generating a group of dynamic factors according to the second dynamic factor and a verification window value so as to obtain
a verification window; and

invoking the preset algorithm, and generating a group of dynamic passwords by computing according to the dynamic factors in
the verification window and respective data in a second data group stored inside the server, verifying whether a dynamic password,
which is identical to the second dynamic password, exists in the group of dynamic passwords, if yes, the verification is successful;
otherwise, the verification is failed wherein the first data group, which is identical to the second data group, comprises:
a preset number of data which are in order and are different from each other; the current data is the data which is pointed
by the first offset pointer.

US Pat. No. 10,069,821

OPERATING METHOD FOR ONE-TIME PASSWORD WITH UPDATABLE SEED

Feitian Technologies Co.,...

1. A working method of a dynamic token in which a seed can be updated, wherein the working method comprises:Step S1), powering on and initializing of the dynamic token, turning on a general interrupt, resetting a long-time pressing key flag, setting a system state as a third preset state, entering a suspend mode, and waiting for being waken;
Step S2), waking up the dynamic token when an interrupt is detected, entering an interrupt handling process, executing Step S3 after the interrupt handling process is finished;
in which the interrupt handling process comprises: determining whether a key-interrupt flag is set; if yes, setting a key-waken flag, resetting the key-interrupt flag, and ending the interrupt handling process; otherwise, ending a key for triggering when a key of the dynamic token is pressed, and setting the key-interrupt flag;
Step S3), checking, by the dynamic token, the key-waken flag, entering a key handling process in the case that the key-waken flag is set, re-entering the suspend mode when the key handling process is ended, waiting for being waken up, and returning to Step S2; re-entering the suspend mode in the case that the key-waken flag is not set, waiting for being waken up, and returning to Step S2;
in which the key handing process comprises:
Step A0), timing, by the dynamic token, a duration at which the key is pressed, determining whether the duration is longer than a preset duration; if yes, setting the long-time pressing key flag, and executing Step A1; otherwise, executing Step A1 directly;
Step A1), checking, by the dynamic token, the system state, executing Step A2 in the case that the system state is in a third preset state; executing Step A3 in the case that the system state is in a fourth preset state; executing Step A4 in the case that the system state is in a fifth preset state; executing Step A5 in the case that the system state is in a sixth preset state; otherwise, executing Step A6;
Step A2), determining, by the dynamic token, whether the long-time pressing key flag is set, if yes, powering on the display screen, writing a serial number pre-stored in the dynamic token into a display buffer, setting the system state as the fourth preset state, executing Step A6;
otherwise, calculating to generate an OTP according to seed data stored in the dynamic token and a dynamic factor, powering on the display screen, writing the generated OTP into the display buffer, setting the system state as the sixth preset state, and executing Step A6;
Step A3), determining, by the dynamic token, whether the long-time pressing key flag is set; if yes, setting the system state as the third preset state, powering down the display screen, and executing Step A6; otherwise, collecting light sensation data, promoting that the light sensation data is being collected; determining whether a serial number in a collected light sensation data matches with the serial number pre-stored in the dynamic token, if yes, storing the seed data in the collected light sensation data, prompting that the seed data is programmed successfully, setting the system state as the fifth preset state, and executing Step A6; if no, clearing the collected light sensation data, prompting that the seed data is programmed unsuccessfully, writing the serial number pre-stored in the dynamic token into the display buffer, setting the system state as the fourth preset state, and executing Step A6;
Step A4), calculating, by the dynamic token, to generate an OTP according to the seed data stored in the dynamic token and the dynamic factor, writing the generated OTP into the display buffer, setting the system state as the sixth preset state, and executing Step A6;
Step A5), determining, by the dynamic token, whether the long-time pressing key flag is set; if yes, writing the serial number pre-stored in the dynamic token into the display buffer, setting the system state as the fourth preset state, and executing Step A6; otherwise, setting the system state as the third preset state, and executing Step A6; and
Step A6), resetting the key-waken flag, and ending the key handling process.

US Pat. No. 9,754,142

METHOD FOR DETECTING THAT CONTACTLESS CPU CARD LEAVES RADIO-FREQUENCY FIELD

Feitian Technologies Co.,...

1. A method for detecting whether a contactless CPU card has left a radio frequency field comprising the steps of:
Step a, a card reader is switched to an interruption enabling condition;
Step b, the card reader receives an instruction sent by a master computer and determines whether the card reader received
a valid instruction, if yes, determining a type of the valid instruction, if the type is an instruction on informing to seek
a card, go to Step c; if the type is an APDU instruction, go to Step d; if the type is an extension instruction, go to Step
e; otherwise, go to Step f;

Step c, the card reader switches off the interruption enabling condition, sends a card seeking instruction to the card and
determines whether the card reader received a card seeking response returned by the card, if yes, setting a flag in the card
to a radio frequency field and switching on the interruption enabling condition, go to Step f; otherwise, resetting the flag
in the card to the radio frequency field and switching on the interruption enabling condition, go to Step f;

Step d, the card reader switches off the interruption enabling condition, sends the APDU instruction to the card and determines
whether the card reader received a response returned by the card, if yes, setting the flag in the card to the radio frequency
field, sending the received response to the master computer via a USB interrupting channel and switching on the interruption
enabling condition, then go to Step f; otherwise, resetting the flag of the card in the radio frequency field and switching
on the interruption enabling condition, go to Step f;

Step e, the card reader switches off the interruption enabling condition, performs an operation according to the extension
instruction, sends an operation result to the master computer via the USB interrupting channel and switches on the interruption
enabling condition, go to Step f;

Step f, the card reader determines whether the flag of the card in the radio frequency field is set, if yes, sending a response
that the card is in the radio frequency field to the master computer via the USB interrupting channel, then go back to Step
a; otherwise, sending the response that the card has left the radio frequency field to the master computer via the USB interrupting
channel, then go back to Step a;

when the card reader receives a triggering of the interrupting, entering a regular interrupting process, comprising
Step g, the card reader switching off the interruption enabling condition and clearing any interrupting flag;
Step h, the card reader determines whether the flag of the card in the radio frequency field is set, if yes, go to Step i;
otherwise, sending the card seeking instruction to the card and determining whether a card seeking response is returned by
the card, if yes, go to Step I; otherwise, go to Step m;

Step i, the card reader sends a detecting instruction to the card and determines whether the card reader received a detecting
response returned by the card, if yes, storing the detecting response and go to Step I; otherwise, go to Step m;

Step l, the card reader switching on the interruption enabling condition, exiting the interrupting process; and
Step m, the card reader resetting the flag of the card in the radio frequency field, switching on the interruption enabling
condition, and exiting the regular interrupting process.

US Pat. No. 9,443,064

PROTECTING METHOD AND SYSTEM OF JAVA SOURCE CODE

Feitian Technologies Co.,...

1. A protecting method of Java source code, wherein when a first initiating class is invoked, the method comprises:
S1, the first initiating class reading first cipher data to a memory, decrypting the first cipher data to obtain first plain
data, and defining the first plain data as a class loader, wherein the first initiating class is an initiating class of Java
program and the first cipher data is data obtained by encrypting the bytecode file of the class loader;

S2, the class loader reading second cipher data to the memory, decrypting the second cipher data to obtain second plain data,
and defining the second plain data as a first class, wherein the first class is a class which is run by a Java virtual machine,
and the suffix of the first class is .class, and the second cipher data is obtained by encrypting the bytecode file of the
first class;

S3, the class loader loading a second initiating class to the memory, wherein the second initiating class is an original class
in jar packet of Java program; and

S4, the class loader loading the first class to the Java virtual machine so that the Java virtual machine can invoke a main
interface in the second initiating class and run the Java program,

wherein the step S1 comprises:

S11, the first initiating class reading the first cipher data to the memory;

S12, the first initiating class loading a local first dynamic library to the memory;

S13, the first initiating class invoking a third interface in the first dynamic library;

S14, the first initiating class transferring an address of the first cipher data in the memory into the third interface in the
first dynamic library;

S15, the third interface in the first dynamic library decrypting the first cipher data to obtain the first plain data; and

S16, the third interface in the first dynamic library invoking a define class interface of the Java virtual machine to define
the first plain data as the class loader.

US Pat. No. 10,084,602

DYNAMIC TOKEN AND A WORKING METHOD THEREOF

Feitian Technologies Co.,...

1. A working method of a dynamic token, said method comprises the steps of:A1) waiting, by the dynamic token, for a user to trigger a press key;
A2) determining, by the dynamic token, the press key triggered when the press key of the dynamic token is triggered; while executing Step A3 if the press key triggered is a first press key; executing Step A5 if the press key triggered is a second press key;
A3) obtaining, by the dynamic token, a logon challenge code input by the user, performing hash operation on a working key and a first usage code, which themselves are stored in the dynamic token; taking a first hash data obtained as a first computing key, performing hash operation on the first computing key, a first time information and said logon challenge code to obtain a second hash data;
A4) performing, by the dynamic token, bit interception on the second hash data, displaying a first bit interception result obtained as a logon password, going back to Step A1;
A5) obtaining, by the dynamic token, a signature challenge code input by the user, performing hash operation on the working key and a second usage code, which themselves are stored in the dynamic token, taking a third hash data obtained as a second computing key, performing hash operation on the second computing key, a second time information and the signature challenge code to obtain a fourth hash data; and
A6) performing, by the dynamic token, bit interception on the fourth hash data, displaying a second bit interception result obtained as signature password, going back to Step A1,
wherein
performing, by the dynamic token, bit interception on the second hash data specifically comprises:
grouping, by the dynamic token, the second hash data to obtain a plurality of byte groups, transforming respective byte groups into corresponding binary data by shifting and combining the bytes contained in respective byte groups; performing modulo operation on a first preset value by using sum of all the binary data obtained by transforming to a modulo result, performing modulo operation on a second preset value by using the obtained modulo result so as to obtain the first bit interception result; and
performing, by the dynamic token, bit interception on the fourth hash data specifically comprises:
grouping, by the dynamic token, the fourth hash data to obtain a plurality of byte groups, transforming respective byte groups into corresponding binary data by shifting and combining the bytes contained in respective byte groups; performing modulo operation on a first preset value by using sum of all the binary data obtained by transforming to a modulo result, performing modulo operation on a second preset value by using the obtained modulo result so as to obtain the second bit interception result.

US Pat. No. 9,378,498

METHOD FOR LOADING DOUBLE E-WALLETS

FEITIAN TECHNOLOGIES CO.,...

1. A computer-implemented method for loading double e-wallets at a CPU terminal, the method comprising:
in response to entering a contactless inductive area of the CPU terminal, a CPU card establishing a connection with the CPU
terminal, wherein the CPU card has memory and one or more processors and comprises a first e-wallet and a second e-wallet,
wherein the first e-wallet is a banking application and the second e-wallet is a CPU e-wallet, wherein a section number and
a block number of a storage area in the logical cipher card part of the CPU card are predetermined, wherein the storage area
is used to store a balance of the first e-wallet wherein the first e-wallet is a M1™ e-wallet and the second e-wallet is a
CPU e-wallet, the M1™ e-wallet and the second e-wallet are in the CPU card;

in response to power-on and initialization, the CPU card synchronizing the first e-wallet and the second e-wallet, and waiting
to receive an instruction from the terminal, wherein synchronizing the first e-wallet and the second e-wallet by the CPU card
comprises:

obtaining a balance of the first e-wallet by the CPU card;
obtaining a balance of the second e-wallet by the CPU card;
comparing the balance of the first e-wallet with the balance of the second e-wallet by the CPU card;
if the balance of the first e-wallet is smaller than the balance of the second e-wallet, setting the balance of the second
e-wallet to be the balance of the first e-wallet, and then-continuing to seek a card by the CPU card;

if the balance of the second e-wallet is smaller than the balance of the first e-wallet, setting the balance of the first
e-wallet to be the balance of the second e-wallet, and then continuing to seek a card by the CPU card; and

if the balance of the second e-wallet equals to the balance of the first e-wallet, continuing to seek a card by the CPU card;
the terminal sending an INITIALIZE FOR LOAD instruction to the CPU card;
in response to receiving the INITIALIZE FOR LOAD instruction, the CPU card executing a load initialization operation and returning
a response message to the terminal;

in response to receiving the response message of the INITIALIZE FOR LOAD instruction from the CPU card, the terminal sending
data in the response message of the INITIALIZE FOR LOAD instruction to a host;

in response to receiving and storing the data, the host sending a LOAD purchase allowing message to the terminal;
in response to receiving the LOAD purchase allowing message, the terminal sending a LOAD instruction to the CPU card;
in response to receiving the LOAD instruction, the CPU card performing a loading operation on the first e-wallet and the second
e-wallet at the terminal, refreshing the balance of the first e-wallet stored in the storage area, and returning a response
message for the LOAD instruction to the terminal; and

in response to receiving the response message for the LOAD instruction, the terminal ending loading double e-wallets.

US Pat. No. 9,824,201

METHOD FOR JAVA APPLICATION TO ACCESS INTELLIGENT KEY APPARATUS

Feitian Technologies Co.,...

1. A method for accessing a smart key device storing a digital certificate or a user key, the digital certificate or user
key is accessed by a java application on a computing device, the smart key device has lower layer interface with target parameters
that is invoked by a JNI (Java Native Interface) interface from the computing device, the computing device comprising a table
that includes a source parameter list and has one preset JNI interface function corresponding to one lower layer interface
function, the method for accessing the digital certificate or user key on the smart key device by the java application on
the computing device includes the steps of:
Step 101, obtaining the source parameter list by the JNI interface;

Step 102, determining the lower layer interface function corresponding to the JNI interface function according to the table;

Step 103, determining a target parameter list according to the lower layer interface function;

Step 104, sending a value of the source parameter list to the corresponding lower layer interface parameter according to the target
parameter list of the lower layer interface;

Step 105, invoking the lower layer interface and accessing the smart key device so as to obtain a returned result; and

Step 106, sending the returned result obtained as above to the invoking part;

discarding an exception and then ending if the returned result is not correct; and
thereafter accessing the digital certificate or user key on the smart key device.

US Pat. No. 9,781,104

WORKING METHOD OF DYNAMIC TOKEN

Feitian Technologies Co.,...

1. A method comprising:
determining, by a dynamic token that is implemented by a microprogrammed control unit configured to execute instructions stored
in a memory, a type of set wake identification, wherein the type of set wake identification is one of a key wake identification,
a Bluetooth connection wake identification, a Bluetooth data wake identification, and a Bluetooth disconnection wake identification;

in response to the dynamic token determining that the set wake identification is the key wake identification:
obtaining, by the dynamic token, a key value of a triggered key, wherein the key value of the triggered key is one of a power
key, a number key, an OK key, and a Delete key;

determining, by the dynamic token and in response to the key value of the triggered key being the power key, a system state
identification, wherein the system state identification is one of a power-off identification, a challenge code input identification,
a Bluetooth OTP identification, and an else condition;

determining, in response to the system state identification being a power-off identification, whether a work voltage of a
Bluetooth module is lower than a preset voltage;

providing, in response to the work voltage of the Bluetooth module being lower than the preset voltage, a prompt that the
work voltage of the Bluetooth module is low and setting the system state identification as the challenge code input identification;

setting, in response to the work voltage of the Bluetooth module not being lower than the preset voltage, the system state
identification to the Bluetooth OTP identification and powering up the Bluetooth module;

setting, in response to the system state identification not being a power-off identification, the system state identification
as a power off identification, clearing data in a key data buffer and powering off the Bluetooth module;

storing, in response to the triggered key being a number key, the number corresponding to the key value in a key data buffer;
determining, in response to the triggered key being the OK key, whether the Bluetooth data receiving completion identification
is set;

in response to the Bluetooth data receiving the completion identification being set:
generating a dynamic factor based on at least one of the data in the data receiving buffer and a basic factor of the dynamic
token;

computing a dynamic password based on the dynamic factor; and
returning the dynamic password to an upper computer;
in response to the Bluetooth data receiving the completion identification not being set and data existing in the key data
buffer:

generating the dynamic factor based on the basic factor;
computing the dynamic password based on the dynamic factor; and
returning the computed dynamic password to an upper computer;
storing, in response to the triggered key being the Delete key, the system state identification as the challenge code input
identification; and

resetting, by the dynamic token, the key wake identification.

US Pat. No. 9,667,420

METHOD FOR RAPIDLY GENERATING COORDINATE POINT IN EMBEDDED SYSTEM

Feitian Technologies Co.,...

1. A method for securing data stored on a computer system with encryption or signature using a key pair by the steps comprising:
storing encrypted data on the computer system, the encrypted data is accessible using the key pair, the key pair is based
on coordinate points of an elliptical curve predefined by an embedded system of the computer system, the coordinate points
are generated by the embedded system by the steps of

Step S1, segmenting a numerical value to be calculated according to a preset segment splitting number/number of split segments and
calculating data bit length of each data segment by the embedded system;

Step S2, dividing each data segment into sets (or groups) according to a preset step length; calculating an original point value
corresponding to each bit in a set of data of each data segment according to a base point, data bit length of each data segment
and the preset step length; and taking the first set of data of each data segment as a current data set by the embedded system;

Step S3, checking whether the data in the current data set of each data segment are all 0 by the embedded system, if yes, going to
Step S4; otherwise, going to Step S5;

Step S4, taking a next data set of each data segment as the current data set and going back to Step S3 by the embedded system;

Step S5, checking value of each bit in the current data set of a current data segment, performing point add operation on an original
point value corresponding to a bit of which the value is 1 and a mid-point value, and updating the mid-point value with the
result of the point add operation by the embedded system;

Step S6, determining whether the current data sets of all data segments are processed completely by the embedded system, if yes,
going to Step S8; otherwise, going to Step S7;

Step S7, taking other unprocessed data segment as new current data segment, and going back to Step S5 by the embedded system;

Step S8, determining whether a next data set of each data segment exists by the embedded system, if yes, going to Step S9; otherwise, taking the mid-point value as a result coordinate point for storage and ending the operation by the embedded
system;

Step S9, performing a point double operation on the mid-point value for a number of times of the preset step length, updating the
mid-point value with a result of the point double operation, and taking a next data set of each data segment as a new current
data set by the embedded system; and

Step S10, checking whether data in the current data set of each data segment are all 0 by the embedded system; if yes, going to Step
S8; otherwise, going back to Step S5;

applying the result coordinate point to generate the key pairs or signature; and
using the key pairs or signature to access the encrypted data on the computer system.

US Pat. No. 10,114,953

METHOD AND SYSTEM FOR UPGRADING FIRMWARE OF A CARD READER

FEITIAN TECHNOLOGIES CO. ...

1. A method of upgrading firmware of a card reader, comprising steps of:establishing a contact connection between the card reader and Integrated Circuit (IC) card;
determining, by a processor in the card reader, whether the IC card is one IC card for upgrading in which encrypted files for upgrading are stored on the IC card, by determining whether specific information on the IC card obtained through the contact connection to the IC card by the card reader matches information preconfigured in the card reader;
if the IC card is one IC card for upgrading, making, by the processor in the card reader and a processor in the IC card, mutual authentication between the card reader and the IC card;
acquiring, by the card reader, the encrypted files for upgrading and decrypting the encrypted files for upgrading after a successful mutual authentication between the card reader and the IC card, and
upgrading firmware of the card reader by using the decrypted files for upgrading; and wherein
the IC card is one contacting IC card and the card reader is a contacting card reader, and the step of determining by the processor in the card reader whether the IC card is the one IC card for upgrading comprises:
reading, by the card reader, feature information which is the specific information of the IC card sent by the IC card, and determining whether the feature information matches preset feature information which is the information preconfigured in the card reader, determining that the IC card is the one IC card for upgrading if the feature information matches the preset feature information, and determining that the IC card is not the one IC card for upgrading if the feature information does not match the preset feature information;
wherein the step of making by the processor in the card reader and the processor in the IC card mutual authentication with the IC card comprises steps of:
authenticating the IC card by the card reader;
authenticating the card reader by the IC card;
the step of acquiring by the card reader the encrypted files for upgrading from the IC card after a successful authentication between the card reader and the IC card comprises: acquiring, by the card reader, the encrypted files for upgrading from the IC card after the authenticating the IC card by the card reader succeeds and the authenticating the card reader by the IC card succeeds:
and the step of authenticating the IC card by the card reader comprises:
generating, by the card reader, a first valid code and sending the first validation code to the IC card;
generating, by the card reader, a first verification code according to the first validation code by using, by the card reader, the first validation code as the first verification code directly; or converting, by the card reader, the first validation code into the first verification code; or encrypting, by the card reader, the first validation code with a preset symmetrical key to obtain the first verification code: or encrypting, by the card reader, the first validation code with a preset asymmetrical key to obtain the first verification code;
reading, by the card reader, a first authorization code generated according to the first validation code by the IC card; and
determining, by the card reader, whether the first authorization code matches the first verification code, and determining that the card reader succeeds in authenticating the IC card if the first authorization code matches the first verification code, determining that the authenticating the IC card by the card reader fails if the first authorization code does not match the first verification code
reading, by the card reader, a second validation code generated by the IC card, and generating a second authorization code according to the second validation code and sending the second authorization code to the IC card; and
reading, by the card reader, status information returned by the IC card after receiving the second authorization code, and determining whether the status information is the same as preset information which is the information preconfigured in the card reader, determining, by the card reader, that the IC card succeeds in authenticating the card reader if the status information is the same as the preset information, deyermining that the authenticating the card reader by the IC card fails if the status information is not the same as the preset information.

US Pat. No. 9,972,006

METHOD FOR SECURE EXECUTION OF ENTRUSTED MANAGEMENT COMMAND

Feitian Technologies Co.,...

1. A method for safely executing an entrusted management command, wherein, the method comprises the steps of:Step A, receiving, by a security domain, application protocol data unit (APDU) data sent from a runtime environment; and in the case that the APDU data is the entrusted management command, parsing the APDU data, locating a byte for indicating a token length in the APDU data, and obtaining the token length and the token in the APDU data;
Step B, sending, from the security domain, a preset byte, the token length and the token in the APDU data to a card issuer's security domain;
Step C, checking, by the card issuer's security domain, whether a lifecycle status of itself is a card_locked after the card issuer's security domain receiving data sent from the security domain, if yes, executing restore operation, and returning an exception code to the security domain, and executing Step F; otherwise, executing Step D;
Step D, checking, by the card issuer's security domain, whether the security domain meets a condition of executing the entrusted management operation, if yes, executing Step E; otherwise, returning an exception code to the security domain, and executing Step F; in which, when a lifecycle status of the security domain is SELECTABLE or PERSONALIZED, and the security domain has entrusted management access, the security domain meets the condition of executing the entrusted management operation;
Step E, invoking, by the card issuer's security domain, an attest function, introducing the preset byte and the token in the APDU data, and an attest key into the attest function, and then determining whether the token is verified successfully according to a returned value of the attest function, if yes, returning a preset status code to the security domain, and executing Step F; otherwise, returning an exception code to the security domain, and executing Step F; and
Step F, receiving, by the security domain, data returned from the card issuer's security domain, executing the entrusted management operation according to the APDU data in the case that the data returned from the card issuer's security domain is the preset status code, then being end, and wherein the executing entrusted management operation comprises indexing the application according to the application identifier in the APDU data, and adding access to being selected to the indexed application; otherwise, stopping operation, and returning an error code to the runtime environment, then being end.

US Pat. No. 9,906,509

METHOD FOR OFFLINE DRM AUTHENTICATION AND A SYSTEM THEREOF

FEITIAN TECHNOLOGIES CO.,...

1. A method for offline DRM authentication, wherein the method comprises:
encrypting, by a content provider, a data file with a DRM encryption standard, wherein the data file is delivered to a local
computer;

storing, by the content provider, internal information into a third party authentication device in the form of hardware before
distributing the third party authentication device to a user, wherein the internal information includes a seed ID, a key,
a public key, a key ID, a public key ID, developer information and/or a certificate name;

distributing the third party authentication device to the user;
connecting the third party authentication device to the local computer;
performing offline DRM authentication between the local computer and the third party authentication device after the third
party authentication device is delivered to the user, wherein the third party authentication device enables the user to use
the data file encrypted with the DRM encryption standard and stored on the local computer without a network connection, wherein
performing offline DRM authentication includes:

1) determining, by the local computer connected with the third party authentication device, whether a copyright license for
reading the data file is requested by a software program operating on the local computer and includes a seed ID, a public
key ID, a contents ID, a properties and/or address, and if so, sending a license request to the third party authentication
device, wherein the license request is generated from the data file, and the license request comprises the seed ID, the public
key ID, the contents ID, the properties and/or the address;

2) offline verifying, by the third party authentication device, a legitimacy of the license request by decrypting the license
request using a pre-stored decryption algorithm inside the third party authentication device, and by comparing information
from the decrypted license request with the internal information stored in the third party authentication device after the
third party authentication device receives the license request sent from the software program; and returning a license information
to the local computer by the third party authentication device; and

3) analyzing the license information received from the third party authentication device by the local computer and generating
a corresponding copyright license based on the license information by the local computer, decrypting the data file which is
encrypted with the DRM encryption standard by using a key of the copyright license, opening the data file and responding to
an operation of a user by the software program;

wherein the third party authentication device is external to the local computer and the content provider.

US Pat. No. 9,613,229

METHOD FOR GENERATING COORDINATE POINT IN EMBEDDED SYSTEM

Feitian Technologies Co.,...

1. A method of encrypting or signing in an embedded system using coordinate points as a basis for a key generated from a computer
aided process, the embedded system having a computer readable medium, wherein the steps are executed in the computer readable
medium, comprising the steps of:
S1, obtaining a random number and a first fixed value, taking the first fixed value as modulus, and performing modular operation
on the random number by the embedded system, so as to obtain a first data;

S2, selecting an unprocessed data bit from the first data by the embedded system;

S3, obtaining an initial point value corresponding to the selected data bit from a pre-stored initial point value table according
to the position of the selected data bit in the first data by the embedded system; respective initial point values in the
initial point value table are operation results of performing point multiplication operation respectively on different power
values with a preset first point value;

S4, performing point multiplication on the obtained initial point value with the data in the selected data bit by the embedded
system; performing point add operation on the obtained point multiplication result with a mid-point value by the embedded
system, so as to obtain a point add operation result by the embedded system; and updating the mid-point value with the point
add operation result; the initial point value of the mid-point value is (0, 0);

S5, determining whether any unprocessed data bit exists in the first data by the embedded system, if yes, going back to Step
S2; otherwise, going to Step S6; and

S6, outputting the mid-point value as result data by the embedded system;

using the result data to generate the key by the embedded system;
using the key to complete encrypting or signing into the embedded system,
said method uses the computer generated coordinate points to generate a key, and the key in turn controls access to a computer.

US Pat. No. 10,070,293

METHOD FOR IMPLEMENTING BLUETOOTH AUTOMATIC RETURN LINK IN ANDROID SYSTEM

Feitian Technologies Co.,...

1. A method for implementing Bluetooth automatic return link in an Android system, comprises:initializing, by a mobile terminal, a Bluetooth connection state as an unconnected state, registering Bluetooth monitoring broadcast, setting monitoring a button event, in a case that a Bluetooth module is activated, when the button event detected by the mobile terminal is a connecting Bluetooth event, executing Step A1 to Step A3 orderly or executing Step A2, Step A1 and Step A3 orderly; when a Bluetooth broadcast detected by the mobile terminal is a Bluetooth connecting request, executing Step B1 to Step B3 orderly or executing Step B2, Step B1 and Step B3 orderly;
Step A1, searching, by the mobile terminal, a Bluetooth device list, obtaining a Bluetooth device address of a current Bluetooth device selected by a user, and completing pairing with the current Bluetooth device according to the Bluetooth device address;
Step A2, determining, by the mobile terminal, whether the Bluetooth connection state is a connected state, if yes, disconnecting a Bluetooth device corresponding to a Bluetooth device address in a buffer and updating the Bluetooth connection state to the unconnected state, then executing a next step; otherwise, executing the next step directly;
Step A3, building, by the mobile terminal, connection with the current Bluetooth device, updating the Bluetooth connection state to the connected state, storing the Bluetooth device address of the current Bluetooth device in the buffer, sending terminal information to the current Bluetooth device;
Step B1, determining, by the mobile terminal, whether a Bluetooth device address contained in the Bluetooth connecting request matches a Bluetooth device address in the buffer, if yes, executing a next step; otherwise, not responding to the Bluetooth connecting request;
Step B2, determining, by the mobile terminal, whether the Bluetooth connection state is the unconnected state, if yes, executing a next Step; otherwise, not responding to the Bluetooth connecting request;
Step B3, building, by the mobile terminal, connection with a Bluetooth device corresponding to the Bluetooth device address contained in the Bluetooth connecting request and updating the Bluetooth connection state to the connected state.

US Pat. No. 9,928,197

USB DEVICE AND METHOD THEREOF FOR RECOGNIZING HOST OPERATING SYSTEM

FEITIAN TECHNOLOGIES CO.,...

1. A method for a Universal Serial Bus (USB) device recognizing host operating system, comprising:step S1 comprising powering up the USB device;
step S2 comprising initializing, by the USB device, a first identification flag and a second identification flag of the USB device to a first preset value and a second preset value respectively;
step S3 comprising waiting, by the USB device, for a USB command from a host;
step S4 comprising determining, by the USB device, whether a received USB command is a command of obtaining a configuration descriptor, going to step S6 in the case of a positive determination; otherwise, going to step S5;
step S5 comprising performing, by the USB device, a corresponding operation according to the received USB command; going back to step S3;
step S6 comprising determining, by the USB device, whether a value of the first identification flag is the first preset value, going to step S8 in the case of a positive determination; otherwise, going to step S7;
step S7 comprising performing, by the USB device, a corresponding operating according to the received command of obtaining a configuration descriptor; going back to step S3;
step S8 comprising determining, by the USB device, a value of a length byte in the received command of obtaining a configuration descriptor and a value of the second identification flag;
when the value of the second identification flag is the second preset value and the value of the length byte is a third preset value, going to step S9;
when the value of the second identification flag is the second preset value and the value of the length byte is a fourth preset value, going to step S10;
when the value of the second identification flag is an eighth preset value and the value of the byte length is a fifth preset value, going to step S11;
when the value of the second identification flag is a ninth preset value and the value of the byte length is a sixth preset value, going to step S12;
when the value of the second identification flag is the ninth preset value and the value of the length byte is a seventh preset value, going to step S13;
otherwise, sending, by the USB device, preset descriptor information to the host; going back to step S3;
step S9 comprising setting, by the USB device, the value of the second identification flag as the eighth preset value and sending the length information of the configuration descriptor to the host; going back to step S3;
step S10 comprising setting, by the USB device, the value of the second identification flag as the ninth preset value and sending the length information of the configuration descriptor to the host; going back to step S3;
step S11 comprising determining, by the USB device, that an operating system of the host is a first operating system, setting the value of the first identification flag as an eleventh preset value, sending a configuration descriptor to the host; going back to step S3;
step S12 comprising determining, by the USB device, that the operating system of the host is a second operating system, setting the value of the first identification flag as the eleventh preset value, sending a configuration descriptor to the host; going back to step S3; and
step S13 comprising determining, by the USB device, that the operating system of the host is a third operating system, setting the value of the first identification flag as the eleventh preset value, sending a configuration descriptor to the host; going back to step S3, wherein the first operating system, the second operating system and the third operating system are different operating systems.

US Pat. No. 9,699,186

SCHEDULE RECORDING METHOD

Feitian Technologies Co.,...

1. A method for recording a traveling data of a staff member, wherein the traveling data is the summation of: a staff member
identification, a location, and a time of the staff member arriving at the location, the method comprising the steps of:
generating an authentication code by an authentication code generating device which is at the location;
entering the authentication code displayed on the authentication code generating device into a portable device by the staff
member at the location;

reporting to an authentication server from the portable device;
receiving trigger information comprising the authentication code by the authentication server;
obtaining all authentication windows corresponding to a device identification code and the staff member identification by
the authentication server;

determining whether the staff member identification is legitimate,
if yes, obtaining all authentication windows corresponding to the device identification code and the staff member identification,
wherein:

obtaining all authentication windows corresponding to the device identification code and the staff member identification stored
in the authentication server; or

obtaining all authentication windows corresponding to the device identification code and the staff member identification stored
in the authentication server, and generating additional authentication windows necessary according to the obtained authentication
windows; and

if no, not obtaining any authentication windows, and prompting that the staff member identification is not legitimate, the
device identifying code is not legitimate, and the staff member identification does not match the device identifying code;

checking whether the authentication code is in the authentication windows;
executing a handling exception if the authentication code is not found in the authentication windows;
extracting a time factor corresponding to the authentication code if the authentication code is found;
recording the device identifying code corresponding to the authentication code;
checking for the location corresponding to the device identifying code;
recording the traveling data of the staff member by generating and storing an authentication code list and/or a staff member
log;

wherein
the authentication code list includes the authentication code and a corresponding authentication code generating time;
the staff member log includes the staff member identification, the location, and the time of the staff member arriving at
the location;

the authentication code generating time and the time of the staff member arriving at the location are computed by the authentication
server according to the time factor corresponding to the authentication code.

US Pat. No. 9,633,211

METHOD FOR REALIZING SECURE COMMUNICATION

Feitian Technologies Co.,...

1. A method for realizing secure communication, said method comprises the steps of:
Step S1, powering on a card reader and initializing, the initializing includes setting a decryption flag, initializing an algorithm
flag and setting a decryption way as a uni-directional decryption or a bi-directional decryption;

Step S2, determining a system working mode, executing Step S3 where the system working mode is apple mode; while executing Step S4 where the system working mode is a USB mode;

Step S3, performing an apple device certification, determining whether the apple device certification is successfully performed,
if yes, executing Step S4, otherwise, returning to Step S2;

Step S4, waiting, by the card reader, for receiving an instruction, when the instruction is received, determining a first preset
byte of the instruction, executing Step S5 if the instruction is a first preset value; executing Step S6 if the instruction is a second preset value; executing corresponding operation and returning to Step S4 if the instruction is another value;

Step S5, determining a type of the instruction according to a second preset byte of the instruction, if the instruction is a first
instruction, setting the decryption flag, the algorithm flag and the decryption way according to the first instruction, and
sending a first response to an upper computer via a corresponding interface according to the system working mode, and returning
to Step S4; if the instruction is a second instruction, updating an initialized encryption key and a key serial number in the card reader
according to the second instruction, and sending a second response to the upper computer via a corresponding interface according
to the system working mode, and returning to Step S4; if the instruction is a third instruction, obtaining the key serial number from the card reader, and sending a third response
to the upper computer via a corresponding interface according to the system working mode, and returning to Step S4;

Step S6, determining whether the decryption flag is set, if yes, executing Step S7, otherwise, sending the instruction received to a card, and waiting for receiving data returned by the card, when the data
is received by the card reader, sending the data to the upper computer via a corresponding interface according to the system
working mode, and returning to Step S4;

Step S7, determining the decryption way, where the decryption way is the bi-directional decryption, obtaining an initial encryption
key and the key serial number from the card reader, calculating to obtain a decryption key according to the initial encryption
key and the key serial number, decrypting a cyptertext in the received instruction in accordance with an algorithm corresponding
to the algorithm flag and the decryption key to obtain a decrypted instruction, sending the instruction decrypted to the card,
and waiting for receiving data returned by the card, executing Step S8; where the decryption way is the unidirectional decryption, sending the instruction received to the card, waiting for receiving
the data returned by the card, and executing Step S8; and

Step S8, when the data returned by the card is received by the card reader, updating the key serial number according to a preset
way, in which the algorithm corresponding to the algorithm flag, the initial encryption key and the key serial number are
configured to encrypt the data returned by the card to obtain a ciphertext of the data returned; sending the ciphertext to
the upper computer according to the system working mode via a corresponding interface, and returning to Step S4.

US Pat. No. 10,089,963

SCREEN ADAPTATION METHOD AND APPARATUS

Feitian Technologies Co.,...

1. A method for screen adoption comprising following steps:A1) obtaining, by a client, UI (user interface) data packet or package from a server, parsing the UI data packet, obtaining drawing information of respective modules and drawing information of respective components, in which the modules of the UI are arranged in vertical direction, and each module contains one or a plurality of components;
A2) determining, by the client, screen orientation of a device on which the client itself is, in the case of the screen orientation is portrait screen, executing step A3; in the case of the screen orientation is landscape screen, executing step A4;
A3) setting, by the client, display width of respective modules to be screen width of the device, obtaining display width, display height and display coordinates of the respective components according to display width of the respective modules, the drawing information of the respective modules and the drawing information of the respective components; and drawing the respective components according to the display width, display height and display coordinates of the respective components and resource files required to be filled in the respective components and executing step A5;
A4) setting, by the client, the display width of the respective module to be screen height of the device, obtaining display width, display height and display coordinates of the respective components according to display width of the respective modules, the drawing information of the respective modules and the drawing information of the respective components; and drawing the respective components according to the display width, display height and display coordinates of the respective components and resource files required to be filled in the respective components and executing step A5; and
A5) monitoring, by the client, screen orientation of the device, going back to step A2 when detecting that screen orientation of the device changes
wherein step A3 specifically comprises:
B1) selecting, by the client, a module on the top of the UI as current module, setting display coordinates of the current module to be left top corner of screen of the device, setting the display width of the current module as the screen width of the device, and obtaining display height of the current module according to drawing information and display width of the current module;
B2) selecting, by the client, one component, which has not yet been drawn, from the current module to be a current component, and obtaining display width, display height and display coordinates of the current component according to the display width and display height of the current module and the drawing information of the current component;
B3) drawing, by the client, the current component according to the display width, display height and display coordinates of the current component and a resource file required to be filled in the current component;
B4) determining, by the client, whether the current module contains any component which has not yet been drawn, if yes, going back to step B2; otherwise, executing step B5;
B5) determining, by the client, whether the UI contains any module which has not yet been processed, if yes, executing step B6; otherwise, executing step A5;
B6) obtaining, by the client, a computing result by means of adding display ordinate of the current module to display height of the current module, and selecting a module in the UI, which is adjacent to the current module and located below the current module, as updated current module; and
B7) setting, by the client, the display ordinate of the current module to be the computing result, setting the display abscissa of the current module to be 0, setting the display width of the current module as screen width of the device, and obtaining the display height of the current module according to the drawing information and display width of the current module, and going back to step B2.

US Pat. No. 9,851,948

METHOD FOR IMPLEMENTING PRECOMPUTATION OF LARGE NUMBER IN EMBEDDED SYSTEM

FEITIAN TECHNOLOGIES CO.,...

1. A method for realizing pre-computation for a large number in an embedded system, comprising:
SA1 comprising: reading data in a first register, and writing the data which is read into a first random access memory; reading
data in a second register, and writing the data which is read into a second random access memory; wherein the first register
is configured to store a first data, the second register is configured to store a second data, a sixth register is configured
to store a third data, a relationship of the second data to the third data is defined as R=2n, R represents the second data, n represents the third data, and the third data is an integer;

SA2 comprising: invoking a module for modulo to perform an operation on the data in the first random access memory and the
data in the second random access memory, and writing a result which is obtained from the operation into a third register and
a fourth register respectively; wherein the module for modulo is configured to perform modulo operation with the data in the
second random access memory mod the data in the first random access memory;

SA3 comprising: reading data in the third register, and writing the data which is read into a third random access memory and
a fourth random access memory respectively; reading data in the first register, and writing the data which is read into a
fifth random access memory;

SA4 comprising: invoking a modulo addition module to perform an operation on the data in the third random access memory, the
data in the fourth random access memory and the data in the fifth random access memory, and updating the data in the third
register with a result which is obtained from the operation; wherein the modulo addition module is configured to perform modulo
addition operation with the data in the third random access memory plus the data in the fourth random access memory to obtain
a sum, and the sum mod the data in the fifth random access memory;

SA5 comprising: reading data at the least significant bit in the sixth register according to data in a fifth register, and
making the data which is read as data at current bit, wherein an initial value of the data in the fifth register is a preset
value;

SA6 comprising: determining a value of the data at the current bit, executing step SA7 if the value of the data at the current
bit is 0; executing step SA10 if the value of the data at the current bit is 1;

SA7 comprising: reading data in the third register, and writing the data which is read into a sixth random access memory and
a seventh random access memory respectively; reading data in the first register, and writing the data which is read into an
eighth random access memory;

SA8 comprising: invoking a Montgomery modulo multiplier to perform modulo multiplication on the data in the sixth random access
memory, the data in the seventh random access memory and the data in the eighth random access memory, and updating the data
in the third register with a result which is obtained from the modulo multiplication; wherein the Montgomery modulo multiplier
is configured to perform modulo multiplication on the data in the sixth random access memory, the data in the seventh random
access memory and the data in the eighth random access memory as a first input parameter, a second input parameter and a third
input parameter respectively;

SA9 comprising: updating data in the fifth register, and according to the updated data in the fifth register, reading data
which is one-bit higher than the data at the current bit from the sixth register, and making the data which is read as updated
data at the current bit, and returning to step SA6;

SA10 comprising: reading data in the fourth register, and updating the data in the sixth random access memory with the read
data; reading data in the third register, and updating the data in the seventh random access memory with the read data; reading
data in the first register, and updating the data in the eighth random access memory with the read data;

SA11 comprising: invoking a Montgomery modulo multiplier to perform modulo multiplication on the data in the sixth random
access memory, the data in the seventh random access memory and the data in the eighth random access memory, and updating
the data in the fourth register with a result which is obtained from the modulo multiplication;

SA12 comprising: determining whether data at the current bit is data at the most significant bit in the sixth register, executing
step SA13 if the data at the current bit is the data at the most significant bit in the sixth register; returning to step
SA7 if the data at the current bit is not the data at the most significant bit in the sixth register; and

SA13 comprising: outputting the data in the fourth register.

US Pat. No. 9,787,393

METHOD FOR REALIZING BLUETOOTH-BINDING BETWEEN SMART KEY DEVICE AND MOBILE DEVICE

FEITIAN TECHNOLOGIES CO.,...

1. A method for realizing bluetooth-binding between a smart key device and a mobile device, comprising:
Step S1, powering on the smart key device and initializing the smart key device;

Step S2, performing, by the smart key device, bluetooth pairing with a current paired mobile device, and determining whether the
pairing is finished in a preset duration, if yes, executing Step S3, otherwise, starting a power-saving mode;

Step S3, obtaining and determining, by the smart key device, a binding state of the smart key device; executing Step S4 in case that the binding state is bind; executing Step S6 in case that the binding state is unbind;

Step S4, obtaining, by the smart key device, a mac address of the current paired mobile device from a bluetooth module storage area
of the smart key device, and obtaining a mac address of a bound mobile device from a device storage area of the smart key
device;

Step S5, determining, by the smart key device, whether the mac address of the bound mobile device is the same as the mac address
of the current paired mobile device, if yes, executing Step S7, otherwise, reporting an error and starting the power-saving mode;

Step S6, taking, by the smart key device, the mac address of the current paired mobile device in the bluetooth module storage area
as the mac address of the bound mobile device, and storing the mac address into the device storage area, and setting the binding
state as bind, and executing Step S7;

Step S7, performing, by the smart key device, a data interactive operation between the smart key device and the current paired mobile
device.

US Pat. No. 10,248,795

IMPLEMENTING METHOD FOR JAVACARD APPLICATION FUNCTION EXPANSION

Feitian Technologies Co.,...

1. An implementing method for JavaCard application function expansion, comprising a registering process and an invoking process on a JavaCard, an expansion application and a master application on the JavaCard starting working after being activated, wherein the registering process comprises:Step S1, obtaining, by the expansion application, a random number generated by the master application when the expansion application receives a registration command dispatched by runtime environment on the JavaCard;
Step S2, processing, by the expansion application, the random number and sending a processing result, and an expansion application identification and an expansion interface number in the registration command to the master application;
Step S3, verifying, by the master application, the received processing result based upon the generated random number, wherein if verification of the processing result is successful, executing Step S4, otherwise, reporting error and ending the registering process;
Step S4, determining, by the master application, whether a expansion application corresponding to expansion application identification is installed based upon the received expansion application identification, wherein if the master application determines that the expansion application corresponding to expansion application identification is installed, executing Step S5, otherwise, reporting error and ending the registering process;
Step S5, setting, by the master application, a bit of an expansion point corresponding to the expansion interface number in a buffer of the master application; obtaining and storing, by the master application, a handle of the expansion application and returning information of successful association to the expansion application;
Step S6, registering, by the expansion application, a state of its expansion interface and storing the state of the expansion interface in the buffer of the master application;
the invoking process comprises:
Step S7, starting, by the master application, running of an original program when the master application receives a function command dispatched by the runtime environment;
Step S8, determining, by the master application, whether the bit of the expansion point in the buffer is set, if yes, executing Step S9, otherwise, keeping on executing the original program, and going back to Step S8;
Step S9, determining, by the master application, whether the expansion interface corresponding to the expansion interface number is available based upon the state of the expansion interface corresponding to the expansion interface number which corresponds to the expansion point in the buffer, if yes, executing Step S10; otherwise, keeping on executing the original program, and going back to Step S8;
Step S10, invoking, by the master application, the expansion application based upon the stored handle of the expansion application; invoking, by the expansion application, the expansion interface corresponding to the expansion interface number;
Step S11, determining, by the master application, whether to keep on executing the original program, based upon a returned result obtained by invoking the expansion interface corresponding to the expansion interface number by the expansion application, if yes, keeping on executing the original program and going back to Step S8, otherwise, returning executing result and information back to the runtime environment, and ending the invoking process.

US Pat. No. 10,162,949

DYNAMIC TOKEN HAVING LOG FUNCTION AND WORKING METHOD THEREFOR

Feitian Technologies Co.,...

1. A working method for a dynamic token with log function, characterized in that said working method comprises the following steps:S1) powering up, by the dynamic token, executing initializing operation, initializing function of general interruption and key waking up function;
S2) determining, by the dynamic token, whether a set interruption flag exists, if yes, executing Step S3; otherwise, keeping on executing Step S2;
S3) determining, by the dynamic token, the set interruption flag, if the set interruption flag is timer interruption flag, executing Step S4; if the set interruption flag is key interruption flag, executing Step S5;
S4) resetting, by the dynamic token, the timer interruption flag and going back to Step S2;
S5) shutting down, by the dynamic token, the key interruption, scanning a keyboard and obtaining a first key value;
S6) determining, by the dynamic token, a press key which is currently pressed down according to the first key value, if the press key which is currently pressed down is a first press key, executing Step S7; if the press key which is currently pressed down is a second press key or combination of a third press key and a fourth press key, executing Step S8;
S7) generating, by the dynamic token, a dynamic password and a log corresponding to the dynamic password, storing the dynamic password in a display data buffer, storing the log in a log storage area, initializing the key interruption and going back to Step S2; and
S8) reading, by the dynamic token, the log from the log storage area, storing the read log into the display data buffer, activating the key interruption and going back to Step S2.

US Pat. No. 10,142,318

SELF-ADAPTIVE COMMUNICATION METHOD FOR ENCRYPTION DONGLE

Feitian Technologies Co.,...

1. A self-adaptive method for communication of a dongle, which applies for a system including a dongle and a host which has an upper software flat, whereinthe upper software flat executes the following steps:
Step s1, setting, by the upper software flat, information of a communication mode of the upper software flat according to a type of a main board of the host;
Step s2, obtaining, by the upper software flat, information of a communication mode of the dongle according to enumeration information returned from the dongle to the host when a connection between the dongle and the host is detected by the upper software flat;
Step s3, determining, by the upper software flat, whether the information of the communication mode of itself matches the information of the communication mode of the dongle, if yes, executing Step s5; otherwise, executing Step s4;
Step s4, sending, by the upper software flat, a communication instruction which includes the information of the communication mode of the upper software flat to the dongle via a control-transmission-channel, returning to Step s2; and
Step s5, communicating, by the upper software flat, with the dongle effectively via an interrupt-communication-channel according to the information of the communication mode of the upper software flat; and
the dongle executes the following steps:
Step r1, setting, by the dongle, the information of the communication mode of the dongle according to a communication mode identification of the dongle, performing an enumeration, returning enumeration information to the host after the enumeration is finished, and waiting for communicating with the upper software flat;
Step r2, communicating, by the dongle, with the upper software flat in the case that the dongle receives information sent from the upper software flat via the interrupt-transmission-channel; executing Step r3 in the case that the dongle receives a communication instruction sent from the upper software flat via the control-transmission-channel;
Step r3, setting, by the dongle, the communication mode identification of the dongle according to the information of the communication mode of the upper software flat in the communication instruction sent from the upper software flat;
Step r4, resetting the dongle; or, returning, by the dongle, set-state information to the upper software flat;
when the dongle is reset in Step r4, after the upper software flat sends the communication instruction including the information of the communication mode of the upper software flat to the dongle via the control-transmission-channel, the step further comprising:
waiting, by the upper software flat, for receiving the set-state information returned from the dongle, and outputting prompt information to pull out or insert the dongle again when the set-state information returned from the dongle is received.

US Pat. No. 10,133,882

IMPLEMENTATION METHOD FOR DRIVING OF SOFTWARE AND HARDWARE SUPPORTING OPENSC

FEITIAN TECHNOLOGIES CO.,...

1. A method for implementing software and hardware drive supporting OpenSC, which is implemented by invoking an interface function by a middleware, comprising:building a cipher data communication environment according to a communication key type of a card, setting a key digit number supported by the card and returning an initialized result in a case that an initializing interface function is invoked;
performing an operation of selecting a file according to attribution of a first structure in the selecting a file interface function, returning a result of the operation of the selecting the file; returning the result of the operation of the selecting the file in a case that a selecting a file interface function is invoked, wherein the result of the operation of the selecting the file contains file controlling information in a case that the operation of the selecting the file is successful;
obtaining key file attribution of file controlling information according to a second parameter of the setting a security environment interface function, building an Application Protocol Data Unit (APDU) for setting a security environment by using the key file attribution, setting the security environment by transmitting the APDU for setting the security environment and returning a setting result in a case that a setting a security environment interface function is invoked; and
obtaining original data to be signed and a length of the original data to be signed according to a second parameter and a third parameter of the signature interface function, using the original data to be signed and the length of the original data to be signed to build signed APDU, performing signature operation on the original data to be signed by transmitting the signed APDU and returning a result of a signature operation, wherein the result of the signature operation containing a signature value in a case that the signature operation is successful in a case that a signature interface function is invoked,
wherein the operation of performing selecting a file according to attribution of the first structure in the selecting a file interface function comprises: in a case that type attribution of the first structure is a second preset value, length attribution of the first structure is 2, and a first byte of file ID attribution of the first structure is a fourth preset value, a pseudo file controlling information is built as an operation result of the selecting a file.

US Pat. No. 9,817,961

WORKING METHOD OF SMART KEY DEVICE

Feitian Technologies Co.,...

1. A working method of a smart key device, characterized in that said method comprises the steps of:
Step S1, powering on the smart key device so as to start initialization;
Step S2, reading, by the smart key device, Bluetooth module parameters, determining whether the Bluetooth module parameters
are successfully read, if yes, switching the Bluetooth module to a connection state and executing S3, otherwise executing
step S3;

Step S3, determining, by the smart key device, whether a working voltage of the smart key device is lower than a preset value,
if yes, prompting low voltage state and turning off the smart key device after a first preset time; otherwise, continuing
to execute Step S3;

when an interrupt trigger signal which is received by the smart key device is a channel trigger signal, entering corresponding
interruption of a channel trigger, and exiting the corresponding interruption of the channel trigger after executing corresponding
setting of the channel trigger, and returning to Step S3;

when the interrupt trigger signal which is received by the smart key device is an instruction trigger signal, entering an
instruction interruption, saving a channel identification, and determining an instruction type, if the received instruction
is an instruction that needs to perform identity verification before executing an instruction operation, performing identity
verification on the instruction, if the identity is successfully verified, after executing corresponding instruction operation
according to the instruction and returning the corresponding instruction response to an upper computer, exiting instruction
interruption, and returning to Step S3; if the identity is not successfully verified, after returning an error instruction
response to the upper computer, exiting instruction interruption, and returning to Step S3; if the received instruction is
an instruction that does not need to perform identity verification before executing instructions operation, executing corresponding
instruction operation according to the instruction and returning corresponding instruction response to the upper computer,
then exiting the instruction interruption, and returning to Step S3; the process of executing corresponding instruction operation
according to the instruction comprising: parsing message data in the instruction to get key data, and performing Hash operation
on the message data in the instruction to get and save a Hash result, and then displaying the key data on a liquid crystal
display (LCD);

when the interrupt trigger signal which is received by the smart key device is a keypad trigger signal, entering keypad interruption,
and exiting keypad interruption after keypad processing, and returning to Step S3; the keypad processing comprising: determining
type of the keypad, if the keypad is an enter keypad, signing the saved Hash result to get a signature result and save the
signature result, if the keypad is a canceling keypad, then canceling the signature result.

US Pat. No. 10,187,381

DEVICE AND SYSTEM OPERATING METHOD FOR ONLINE ACTIVATION OF MOBILE TERMINAL TOKEN

Feitian Technologies Co.,...

1. A working method of a system for online activating a mobile terminal token, characterized in that said working method comprises:Step S1, receiving, by a cloud authentication server, a first activation request from a cloud authentication management platform, generating a first activation response upon the first activation request and returning the first activation response to the cloud authentication management platform;
Step S2, sending, by the cloud authentication management platform, the first activation response to a terminal;
Step S3, accessing, by the mobile terminal token, the cloud authentication server upon the first activation response, generating a second activation response request upon the first activation response, and sending the second activation response request to the cloud authentication server after receiving the first activation response from the terminal;
Step S4, generating, by the cloud authentication server, a token sequence number and a seed generating factor, generating a server seed key upon the seed generating factor, and storing the token sequence number and the server seed key after receiving a second activation request;
Step S5, generating, by the cloud authentication server, a second activation response, and sending the second activation response back to the mobile terminal token, upon the token sequence number and the seed generating factor;
Step S6, obtaining, by the mobile terminal token, the seed generating factor and the token sequence number from the second activation response, generating a token seed key upon the seed generating factor, and storing the token sequence number and the token seed key;
Step S7, computing, by the mobile terminal token, the token seed key and a built-in dynamic factor, generating a dynamic password, generating a third activation request upon the dynamic password, and sending the third activation request to the cloud authentication server;
Step S8, obtaining, by the cloud authentication server, the dynamic password from the received third activation request, obtaining and storing the server seed key, computing the server seed key and the built-in dynamic factor, generating the dynamic password, determining whether the generated dynamic password matches the obtained dynamic password, if yes, executing Step S9; otherwise, sending the third activation response of failed activation to the mobile terminal token; then ending; and
Step S9, generating, by the cloud authentication server, the third activation response of successful activation, sending the third activation response back to the terminal token, and determining the activation as being successful.

US Pat. No. 10,211,561

MINIATURE ELECTRONIC DEVICE

Feitian Technologies Co.,...

1. A micro electronic instrument, wherein said micro electronic instrument comprises a baseboard and a cover board;a first electronic circuit and a first contact electrode are arranged on the baseboard, and the first electronic circuit is provided to connect the first contact electrode electrically;
the cover board is provided to cover on the baseboard, and there is arranged a space for the first electronic circuit between the baseboard and the cover board;
the first electronic circuit and the first contact electrode are arranged on the front side and the back side of the baseboard respectively, and the cover board covers on the side of the baseboard on which the first electronic circuit is arranged;
a second contact electrode is arranged on the baseboard, and the second contact electrode connects the first electronic circuit electrically;
the baseboard includes a first region and a second region, and the first region is in a USB interface and the second contact electrode is in the second region when the electronic instrument is inserted into the USB interface; and
the baseboard has a first through hole.

US Pat. No. 10,152,593

METHOD AND DEVICE FOR IDENTIFYING PIRATED DONGLE

FEITIAN TECHNOLOGIES CO.,...

1. A method for identifying a pirated dongle, comprising:step S1, determining, by an identification device, whether there is any dongle connected to a host, proceeding to step S2 if there is a dongle connected to the host;
the step S2, obtaining, by the identification device, preset data from a detection list based on a preset rule, wherein the detection list is generated by an encryption device, the detection list is prestored in the identification device, and data volume of the detection list is larger than a storage capacity of the dongle;
step S3, obtaining, by the identification device, first input data and first output data based on the preset data, wherein, the first output data is obtained by the encryption device performing computation on the first input data based on a same algorithm as a legitimate dongle;
step S4, sending, by the identification device, the first input data to the dongle;
step S5, receiving, by the identification device, fifth output data sent by the dongle; and
step S6, determining, by the identification device, whether the fifth output data is identical to the first output data, outputting information that the dongle is legitimate if the fifth output data is identical to the first output data, or outputting information that the dongle is pirated if the fifth output data is not identical to the first output data.

US Pat. No. 10,228,875

DATA WRITING AND READING METHODS FOR FLASH

FEITIAN TECHNOLOGIES CO.,...

1. A method for writing and reading Flash data, whereinwriting the Flash data comprises:
a first step of obtaining a logical page number of data to be written and an offset-address-in-page of the data to be written according to a writing address and searching for a physical page corresponding to the logical page number of the data to be written based on a corresponding relation between a logical page number and a physical page number;
a second step of determining whether a remaining space of the physical page is sufficient and, if so, completing writing data by writing a generated log in the remaining space, and ending the writing of the Flash data;
if the remaining space of the physical page is determined not to be sufficient, the writing comprises:
a third step of searching for a free page,
executing a fourth step of organizing page information of the physical page and information of the data to be written to obtain updated information and completing writing the Flash data in the free page based on the updated information, and
executing a fifth step of updating the corresponding relation between the logical page number and the physical page number;
wherein the reading the Flash data comprises:
a step of, when data in a physical page is required to be read, computing a logical page number of data to be read and an offset-address-in-page of the data to be read based on a reading address, and searching for a physical page corresponding to the logical page number of the data to be read based on the corresponding relation between the logical page number and the physical page number;
a step of reading a log in the physical page, reading corresponding data from the physical page based on a storing address of written data and a length of the written data in the read log, and updating corresponding data with the read data based on an offset-address-in-page of the written data in the read log; and
a step of reading the data to be read from the updated data based on the offset-address-in-page of the data to be read and a length of the data to be read, and ending the reading the Flash data; and
wherein the second step of determining whether the remaining space of the physical page is sufficient, and if so, completing writing the Flash data by writing the generated log in the remaining space further comprises:
determining whether both remaining spaces of a data area and an index area are sufficient, storing the data to be written in the data area of the physical page in order if both the remaining spaces of the data area and the index area are sufficient, and generating a piece of an index log based on the offset-address-in-page of the data to be written, a length of the data to be written and a storing address of the data to be written, and writing the generated piece of the index log to the index area of the physical page in order;
wherein page information of the physical page comprises the piece of the index log in the index area of the physical page, the information of the data to be written comprises the data to be written; and
wherein organizing page information of the physical page and information of the data to be written to obtain updated information and completing the writing data in the free page based on the updated information comprises:
reading data stored in the data area of the physical page,
organizing the read data based on the piece of index log in the index area of the physical page and the data to be written to obtain valid data in the data area of the physical page, and
writing the valid data in a data area of the free page,
generating the piece of index log based on the valid data and writing the generated piece of index log in order in an index area of the free page;
wherein when the data in the physical page is required to be read, the method further comprises initializing a memory space of which a size is the same as a size of the data area of the physical page;
wherein the step of reading the log in the physical page, reading corresponding data from the physical page based on a storing address of the written data and a length of the written data in the read log, updating the corresponding data with the read data based on an offset-address-in-page of the written data in the read log comprises:
a step of reading, in order, a piece of index log in the index area of the physical page, reading the corresponding data from the data area of the physical page based on the storing address of the written data and the length of the written data in the read log, and writing the read data into a corresponding position of the memory space based on the offset-address-in-page of the written data in the read piece of index log.

US Pat. No. 10,255,421

WORKING METHOD FOR MULTI-SEED ONE-TIME PASSWORD

Feitian Technologies Co.,...

1. A working method of multi-seeded dynamic token, wherein said method comprises the steps of:Step S1, powering on and initializing a dynamic token, turning on a general interrupt, setting a system state as a first preset state, making the dynamic token enter into a sleep mode, and the dynamic token waiting for being waken;
Step S2, waking up the dynamic token when an interrupt is detected, making the dynamic token enter into an interrupt process flow, and executing Step S3 after the interrupt process flow is finished; in which the interrupt process flow includes: determining, by the dynamic token, whether a key-interrupt flag is set, if yes, setting a button-waken flag and resetting the key-interrupt flag, and ending the interrupt process flow; otherwise, ending the interrupt process flow; a key interrupt is triggered when a key on the dynamic token is pressed, and the key-interrupt flag is set;
Step S3, checking, by the dynamic token, the button-waken flag, entering into the key process flow in case that the button-waken flag is set, reentering into the sleep mode when the key process flow is finished, waiting for being waken, and returning to Step S2;
in which the key process flow comprises:
Step a, obtaining, by the dynamic token, a key value, determining the key value and the system state, executing Step b in case that the key value is a first preset key value and the system state is a first preset state; executing Step c in case that the key value is a second preset key value and the system state is a second preset state; executing Step d in case that the key value is the second preset key value and the system state is a third preset state; executing Step e in case that the key value is the second preset key value and the system state is a fifth preset state; executing Step f in case that the key value is a third preset key value and the system state is the second preset state; executing Step g in case that the key value is the third preset key value and the system state is the third preset state; otherwise, executing Step h;
Step b, displaying, by the dynamic token, a function menu, initializing a function menu index, setting the system state as the second preset state, and executing Step h;
Step c, determining, by the dynamic token, an operation chosen by a user according to the function menu index, displaying a seed data menu, initializing a seed menu index, setting the system state as the third preset state and executing Step h in case that the operation chosen by the user is generating an OTP; obtaining and displaying a pre-stored serial number of the dynamic token, setting the system state as the fifth preset state and executing Step h in case that the operation chosen by the user is programming seed data;
Step d, reading, by the dynamic token, seed data, which is stored in the dynamic token and is arranged to correspond to the seed menu index, generating and displaying an OTP according to the read seed data, setting the system state as a sixth preset state, and executing Step h;
Step e, collecting, by the dynamic token, light sensor data, determining whether a serial number in the collected light sensor data matches the pre-stored serial number of the dynamic token, if yes, storing seed data which is in the collected light sensor data, and generating and displaying an OTP according to the latest stored seed data, setting the system state as the sixth preset state, and executing Step h; otherwise, clearing the collected light sensor data, obtaining and displaying the pre-stored serial number of the dynamic token, setting the system state as the fifth preset state, and executing Step h;
Step f, updating, by the dynamic token, the function menu index, and executing Step h;
Step g, updating, by the dynamic token, the seed menu index, and executing Step h; and
Step h, resetting, by the dynamic token, the button-waken flag, and ending the key process flow.

US Pat. No. 10,241,936

METHOD FOR ACTIVELY CONNECTING TO AND COMMUNICATING WITH APPLE DEVICE AND APPLE DEVICE ATTACHMENT

Feitian Technologies Co.,...

1. A method for connecting initiatively to and communicating with an iOS device, wherein said method comprises the following steps:S1) determining, by an iOS accessory, whether a USB device which is connected to the iOS accessory is an iOS device when the iOS accessory detects that the USB device is connected to the iOS accessory, if yes, setting a device address for the iOS device, and going to Step S2; otherwise, going back to Step S1;
S2) obtaining, by the iOS accessory, a current communications protocol configuration of the iOS device, and determining whether the current communications protocol configuration of the iOS device is a preset configuration, if yes, going to Step S3; otherwise, setting the current communications protocol configuration of the iOS device as the preset configuration, and going to Step S3;
S3) notifying, by the iOS accessory, the iOS device to register the iOS accessory with the iOS device, and building a connection with the iOS device; and
S4) inquiring regularly, by the iOS accessory, whether any communication data sent from the iOS device exists, receiving the communication data sent from the iOS device in the case that the communication data sent from the iOS device is inquired, and communicating with the iOS device.

US Pat. No. 10,169,276

DETECTING A COMMUNICATION MODE VIA INTERRUPTIONS

FEITIAN TECHNOLOGIES CO.,...

1. A method for recognizing a communication mode, comprising:step S1 comprising powering on a device, initializing, turning on an interruption and a timer, and the timer starting timing;
entering a clock interruption when a preset value is reached by timing of the timer, wherein the clock interruption comprises: turning off the timer, setting a time-out flag, turning on the timer, and exiting the clock interruption;
continuing to Step B1 when other interruption signals are detected, continuing to step S2 when no other interruption signals are detected;
step B1 comprising determining a type of an interruption, continuing to step B2 in the case that the interruption is a Universal Serial Bus (USB) interruption; continuing to step B6 in the case that the interruption is a serial port interruption;
step B2 comprising turning off the USB interruption;
step B3 comprising determining whether a communication mode is set, executing step B5 in the case that the communication mode is set; executing step B4 in the case that the communication mode is not set;
step B4 comprising setting the communication mode as USB interface communication, executing step B5;
step B5 comprising turning on the USB interruption, carrying out a USB enumeration, returning a USB interface communication protocol supported by the device to a host, exiting the USB interruption and continuing to step S2 after the USB enumeration is finished;
step B6 comprising turning off the serial port interruption;
step B7 comprising determining whether the communication mode is set, turning on the serial port interruption and exiting the serial port interruption and continuing to step S2 in the case that the communication mode is set; executing step B8 in the case that the communication mode is not set;
step B8 comprising setting the communication mode as serial communication according to a first data package which is received, turning on the serial port interruption, exiting the serial port interruption and continuing to step S2;
step S2 comprising detecting a type of the communication mode, turning off the timer and executing step S3 in the case that the communication mode is the USB interface communication;
turning off the timer and executing step S6 in the case that the communication mode is the serial communication; executing step S4 in the case that the communication mode is not set;
step S3 comprising waiting for an instruction sent by the host, when the instruction is received, processing an operation correspondingly according to the USB interface communication protocol supported by the device, and returning to step S3 after the operation is finished;
step S4 comprising determining whether the time-out flag is set, executing step S5 in the case that the time-out flag is set; returning to step S2 in the case that the time-out flag is not set;
step S5 comprising setting the communication mode as the serial communication, turning off the timer, resetting the time-out flag, executing step S6;
step S6 comprising waiting for an instruction sent by the host, when the instruction is received, processing an operation corresponding to the instruction according to a serial port protocol, and returning to step S6 after the operation is finished.