CN103745155A - Credible Key and safe operation method thereof - Google Patents
Credible Key and safe operation method thereof Download PDFInfo
- Publication number
- CN103745155A CN103745155A CN201410004113.9A CN201410004113A CN103745155A CN 103745155 A CN103745155 A CN 103745155A CN 201410004113 A CN201410004113 A CN 201410004113A CN 103745155 A CN103745155 A CN 103745155A
- Authority
- CN
- China
- Prior art keywords
- credible
- key
- terminal device
- trusted
- trusted application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/42—User authentication using separate channels for security data
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
- G06Q20/3415—Cards acting autonomously as pay-media
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Computer Networks & Wireless Communication (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a credible key and a safe operation method thereof. The credible Key comprises a communication agent module, a safe storage module, a credible computation module and a credible interaction module, wherein the communication agent module is used for establishing a safe channel between the credible Key and a credible operating system of terminal equipment; the safe storage module is used for providing a safe storage API (Application Program Interface) for developing a credible application, and providing a safe storage function for the credible Key; the credible computation module is used for providing a credible computation API for the credible application, and providing a credible computation function for the terminal equipment; the credible interaction module is used for transmitting an interaction command to the credible operating system of the terminal equipment through the communication agent module on the basis of user operation. The credible KEY can be used together with a credible running environment on the terminal equipment, thereby realizing credible services such as remote payment, online transfer, safe storage and credible computation.
Description
Technical field
The present invention relates to mobile payment technical field, relate in particular to a kind of credible Key and method for safely carrying out thereof.
Background technology
At present, Mobile payment terminal equipment can be smart mobile phone, PAD or Portable POS unit, the client application software of mobile payment product is generally positioned at affluent resources operating system (the Rich Operating System of terminal device, Rich OS) on, and the residing running environment of client application software is commonly called affluent resources running environment (Rich Execution Environment, REE).But, Rich OS operation on Mobile payment terminal equipment exists very large safety problem, therefore, these client application software be all subject to security threat, particularly user accounts information, account password, produce the private informations such as accounts information and be easy to illegally be stolen and distort.
For example, in order to prevent that user's private information is stolen and distorts, and has occurred the product for the protection of user's private information, USB-Key on market.These KEY products are gone through repeatedly upgrading, have developed into the safest three generations KEY product at present.For security consideration, three generations Key product design complexity, be conventionally provided with the parts such as input key, display screen, power module, but these parts must cause not Portable belt and inconvenient operation of KEY product.
Along with credible running environment (Trusted Execution Environment, TEE) is in the popularization of payment technical field, on the master cpu of the terminal devices such as mobile phone, PAD or POS machine, can move two running environment, i.e. REE and TEE.If some application that pay class operate on Rich OS, just exist very large potential safety hazard, so the relatively high application of level of security generally can be placed under TEE environment and move.But, lack in the market the credible Key product based on credible running environment.
Summary of the invention
In view of this, the invention provides a kind of credible Key and method for safely carrying out thereof, in order to solve the problem that lacks the credible Key product based on credible running environment in prior art, its technical scheme is as follows:
A kind of credible Key, described credible Key at least comprises:
Communication agent module, for set up escape way between described credible Key and the trusted operating system of terminal device, described escape way is mutual for realizing secure data between described credible Key and the trusted operating system of terminal device;
Secure storage module, is used to exploitation trusted application that safe storage API is provided, and, for described credible Key provides safe storage function;
Creditable calculation modules, is used to trusted application that credible calculating API is provided, and, for described terminal device provides credible computing function;
Credible interactive module, sends interactive command by described communication agent module to the trusted operating system of described terminal device for the operation based on user.
Optionally, described credible Key is the contactless smart card based on 13.56MHz wireless communication technology.
Optionally, described credible Key is the contact smart card based on wired connection.
A method for safely carrying out of credible Key, comprising:
When the first trusted application on terminal device receives triggering command, set up the escape way between described credible Key, to realize and the data interaction of described credible Key;
After the escape way of setting up between described credible Key, the first trusted application on described terminal device is utilized safe storage function and the credible computing function of described credible Key, realizes the operation flow operation of the first trusted application on described terminal device.
Wherein, after the escape way of setting up between described credible Key, the first trusted application on described terminal device is utilized safe storage function and the credible computing function of described credible Key, realizes the operation flow operation of the first trusted application on described terminal device, is specially:
After the escape way of setting up between described credible Key, the first trusted application on described terminal device sends the services request of safe storage or credible calculating to described credible Key;
The request that described credible Key sends according to the first trusted application on described terminal device, carries out credible calculating or the safe storage function corresponding with described request, and execution result is returned to the first trusted application on described terminal device.
Said method also comprises:
After the operation flow EO of the first trusted application on described terminal device, close the escape way between described credible Key.
A method for safely carrying out of credible Key, comprising:
When the first trusted application on terminal device receives triggering command, trigger the second trusted application on described credible key;
Escape way between the trusted users interactive interface TUI of the trusted operating system on the second trusted application foundation and described terminal device on described credible Key;
After escape way between the TUI of the trusted operating system on foundation and described terminal device, the second trusted application on described credible Key utilizes the service of TUI of the trusted operating system on described terminal device and other can telecommunications services, realizes the operation flow operation of the second trusted application on described credible Key.
Wherein, after escape way between the TUI of the trusted operating system on foundation and described terminal device, the second trusted application on described credible Key utilizes the service of TUI of the trusted operating system on described terminal device and other can telecommunications services, realize the operation flow operation of the second trusted application on described credible Key, be specially:
Set up with described terminal device on the TUI of trusted operating system between escape way after, the second trusted application on described credible Key sends and the request of user interactions to the TUI of the trusted operating system on described terminal device;
The TUI of the trusted operating system on described terminal device utilizes the service of described TUI can telecommunications services determine the user interactive data corresponding with described request with other;
The user interactive data corresponding with described request of determining returned to the second trusted application on described credible Key.
Said method also comprises: after the operation flow EO of the second trusted application on described credible Key, the second trusted application on described credible Key close and described terminal device on escape way between the TUI of trusted operating system.
Technique scheme has following beneficial effect:
Credible Key provided by the invention and method for safely carrying out thereof, make under credible running environment, credible Key and Trusted OS can set up escape way, based on this escape way, credible Key and Trusted OS can carry out safe data interaction, the private information that therefore, can effectively guarantee user is not illegally accessed and monitors.In addition, due to the existence of credible running environment, make credible Key than traditional Key equipment simplicity of design, portable, easy to operate; Credible Key can be used the TUI service of credible running environment, and user has better experience in operating process.The credible KEY that the embodiment of the present invention provides can be used with together with credible running environment TEE on terminal device, can realize remote payment, transfers accounts on the net, safe storage, credible calculating etc. can telecommunications services.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is only embodiments of the invention, for those of ordinary skills, do not paying under the prerequisite of creative work, other accompanying drawing can also be provided according to the accompanying drawing providing.
The structural representation of a kind of credible Key that Fig. 1 provides for the embodiment of the present invention;
The schematic flow sheet of the method for safely carrying out of credible Key under the passive service pattern that Fig. 2 provides for the embodiment of the present invention;
The applied environment Organization Chart of the credible Key that Fig. 3 provides for the embodiment of the present invention;
Under the passive service pattern that Fig. 4 provides for the embodiment of the present invention, in the method for safely carrying out of credible Key, realize the schematic flow sheet of the specific implementation of the operation flow operation of the first trusted application on terminal device;
The schematic flow sheet of the method for safely carrying out of credible Key under the master mode that Fig. 5 provides for the embodiment of the present invention;
Under the master mode that Fig. 6 provides for the embodiment of the present invention, in the method for safely carrying out of credible Key, realize the schematic flow sheet of the specific implementation of the operation flow operation of the second trusted application on credible Key.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on the embodiment in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
Refer to Fig. 1, the structural representation of a kind of credible Key providing for the embodiment of the present invention, this is credible, and Key at least can comprise: communication agent module 101, secure storage module 102, creditable calculation modules 103 and credible interactive module 104.Communication agent module 101, secure storage module 102, creditable calculation modules 103 and credible interactive module 104 can realize trusted operating system (the Reduced Trusted OS of cutting, R-TOS), based on R-TOS, in the credible Key that the embodiment of the present invention provides, multiple trusted application can be installed.
The function of the modules to credible Key is elaborated below:
Wherein, escape way is mutual for realizing secure data between the trusted operating system Trusted OS of the credible running environment TEE on credible Key and terminal device.
Wherein, for providing safe storage function, credible Key is specially: the business datum of related secret in storage service flow operations.
Wherein, for providing credible computing function, terminal device is specially: the operations such as the business datum related to operation flow operating process is encrypted, deciphering.
Credible interactive module 104, sends interactive command by communication agent module to the trusted operating system Trusted OS of the credible running environment TEE on terminal device for the operation based on user.
The credible Key that the embodiment of the present invention provides can be for example, contact type intelligent card based on wireless communication technology (, bluetooth, infrared).Exemplary, credible Key can be the contactless smart card based on 13.56MHz wireless communication technology.
The credible Key that the embodiment of the present invention provides can also be the contact smart card based on wired connection.Exemplary, credible Key can be the contact intelligent card of the wired connections such as USB, SDIO, SPI, I2C, ISO7816.These smart cards may be ESE, SSD, SIM, SWP-SD, the product form such as SWP-SIM, and only different product form is used different physical interfaces, and the mode of setting up escape way with Trusted OS may be different.
Between trusted operating system Trusted OS on the credible Key that the embodiment of the present invention provides and terminal device in credible running environment TEE, can set up escape way, based on this escape way, realize on credible Key and terminal device the secure data between the trusted operating system Trusted OS in credible running environment TEE mutual.That is, the credible KEY that the embodiment of the present invention provides can be used with together with credible running environment TEE on terminal device, can realize remote payment, transfers accounts on the net, safe storage, credible calculating etc. can telecommunications services.
The credible Key that above-described embodiment provides at least comprises two kinds of secure mode of operation: passive service pattern and master mode.Provide respectively under passive service pattern and master mode the method for safely carrying out of credible Key below.
Refer to Fig. 2, the schematic flow sheet of the method for safely carrying out of credible Key under the passive service pattern providing for the embodiment of the present invention, the method can comprise:
Step S201: when the first trusted application on terminal device receives triggering command, set up the escape way between credible Key, to realize and the data interaction of credible Key.
Provide the implementation that the first trusted application on terminal device is triggered below, take credible Key as based on wireless communication technology contact type intelligent card (being called for short contactless credible Key) as example:
Refer to Fig. 3, for the applied environment Organization Chart of credible Key, based on this Organization Chart, in a kind of possible implementation, by user, operate client application (the Client Application in affluent resources operating system Rich OS, CA), initiatively trigger safe operation flow process, this triggering mode is filed an application to the modular converter of hardware bottom layer by the communication agent module in Rich OS, from affluent resources running environment, REE is switched to credible running environment TEE, Trusted OS under operation TEE, Trusted OS carries out first trusted application (the Trusted Application corresponding with CA, TA), TA controls safe operation flow process.In the possible implementation of another kind, by user, brushing the credible KEY of noncontact triggers, when NFC controller detects the credible KEY admission of noncontact, the modular converter control of hardware bottom layer is switched to credible running environment TEE from affluent resources running environment REE, and the TA in credible running environment TEE controls safe operation flow process.
Step S202: after the escape way of setting up between credible Key, the first trusted application on terminal device is utilized safe storage function and the credible computing function of credible Key, realizes the operation flow operation of the first trusted application on terminal device.
Fig. 4 shows after the escape way of setting up between credible Key, the first trusted application on terminal device is utilized safe storage function and the credible computing function of credible Key, the schematic flow sheet of realizing the specific implementation of the operation flow operation of the first trusted application on terminal device, can comprise:
Step S401: after the escape way of setting up between credible Key, the first trusted application on terminal device is to the upper services request that sends safe storage or credible calculating of credible Key.
Step S402: credible Key, according to the request of the first trusted application on terminal device, carries out credible calculating or the safe storage function corresponding with request, and execution result is returned to the first trusted application on terminal device.
After operation flow EO, return to the flow process of method for safely carrying out:
Step S203: after the operation flow EO of the first trusted application on terminal device, close the escape way between credible Key.
After the first trusted application end of run on terminal device, by operation power, give trusted operating system Trusted OS.
Flow process via aforesaid operations method is known, under the passive service pattern of credible Key, after the first trusted application in credible running environment on terminal device is triggered, this first trusted application, as host applications, is used the safe storage function of credible KEY or credible computing function to realize operation flow operation.
Refer to Fig. 5, the schematic flow sheet of the method for safely carrying out of credible Key under the master mode providing for the embodiment of the present invention, can comprise:
Step S501: when the first trusted application on terminal device receives triggering command, trigger the second trusted application on credible key.
Step S502: the escape way between the trusted users interactive interface TUI of the trusted operating system on the second trusted application foundation and terminal device on credible Key.
Step S503: after the escape way between the TUI of the trusted operating system on foundation and terminal device, the second trusted application on credible Key utilizes the service of TUI of the trusted operating system on terminal device and other can telecommunications services, realizes the operation flow operation of the second trusted application on credible Key.
Fig. 5 show set up and terminal device on the TUI of trusted operating system between escape way after, the second trusted application on credible Key utilizes the service of TUI of the trusted operating system on terminal device and other can telecommunications services, the schematic flow sheet of realizing the specific implementation of the operation flow operation of the second trusted application on credible Key, can comprise:
Step S601: set up with terminal device on the TUI of trusted operating system between escape way after, the second trusted application on credible Key sends and the request of user interactions to the TUI of the trusted operating system on terminal device.
Step S602: the TUI of the trusted operating system on terminal device utilizes the service of TUI and other telecommunications services to determine and to ask corresponding user interactive data.
Step S603: the user interactive data corresponding with request of determining returned to the second trusted application on credible Key.
After operation flow EO, return to the flow process of method for safely carrying out:
Step S504: after the operation flow EO of the second trusted application on credible Key, the second trusted application on credible Key close and terminal device on escape way between the TUI of trusted operating system.
After the second trusted application end of run on credible Key, by operation power, give trusted operating system Trusted OS.
Flow process via aforesaid operations method is known, under the master mode of credible Key, after the first trusted application in credible running environment on terminal device is triggered, the first trusted application triggers the second trusted application on credible Key, the second trusted application on credible Key, as host applications, is used the TUI service of the trusted operating system Trusted OS in credible running environment TEE on terminal device can telecommunications services realize operation flow operation with other.
It should be noted that, in above-described embodiment, mentioned credible running environment may be the TEE of GP tissue definition, may be also the credible running environment of TEEI of China Unionpay's definition.
Credible Key and method for safely carrying out thereof that the embodiment of the present invention provides, make under credible running environment, credible Key and Trusted OS can set up escape way, based on this escape way, credible Key and Trusted OS carry out safe data interaction, the private information that therefore, can effectively guarantee user is not illegally accessed and monitors.In addition, due to the existence of credible running environment, make credible Key than traditional Key equipment simplicity of design, portable, easy to operate; Credible Key can be used the TUI service of credible running environment, and user has better experience in operating process.
It should be noted that, term in the embodiment of the present invention " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thereby the process, method, article or the equipment that make to comprise a series of key elements not only comprise those key elements, but also comprise other key elements of clearly not listing, or be also included as the intrinsic key element of this process, method, article or equipment.The in the situation that of more restrictions not, the key element being limited by statement " comprising ... ", and be not precluded within process, method, article or the equipment that comprises described key element and also have other identical element.
While for convenience of description, describing above device, with function, being divided into various unit describes respectively.Certainly, when implementing the application, the function of each unit can be realized in same or multiple software and/or hardware.As seen through the above description of the embodiments, those skilled in the art can be well understood to the mode that the application can add essential general hardware platform by software and realizes.Based on such understanding, the part that the application's technical scheme contributes to prior art in essence in other words can embody with the form of software product, this computer software product can be stored in storage medium, as ROM/RAM, magnetic disc, CD etc., comprise that some instructions (can be personal computers in order to make a computer equipment, server, or the network equipment etc.) carry out the method described in some part of each embodiment of the application or embodiment.
To the above-mentioned explanation of the disclosed embodiments, make professional and technical personnel in the field can realize or use the present invention.To the multiple modification of these embodiment, will be apparent for those skilled in the art, General Principle as defined herein can, in the situation that not departing from the spirit or scope of the present invention, realize in other embodiments.Therefore, the present invention will can not be restricted to these embodiment shown in this article, but will meet the widest scope consistent with principle disclosed herein and features of novelty.
Claims (9)
1. a credible Key, is characterized in that, described credible Key at least comprises:
Communication agent module, for set up escape way between described credible Key and the trusted operating system of terminal device, described escape way is mutual for realizing secure data between described credible Key and the trusted operating system of terminal device;
Secure storage module, is used to exploitation trusted application that safe storage API is provided, and, for described credible Key provides safe storage function;
Creditable calculation modules, is used to trusted application that credible calculating API is provided, and, for described terminal device provides credible computing function;
Credible interactive module, sends interactive command by described communication agent module to the trusted operating system of described terminal device for the operation based on user.
2. credible Key according to claim 1, is characterized in that, described credible Key is the contactless smart card based on 13.56MHz wireless communication technology.
3. credible Key according to claim 1, is characterized in that, described credible Key is the contact smart card based on wired connection.
4. a method for safely carrying out of credible Key, is characterized in that, comprising:
When the first trusted application on terminal device receives triggering command, set up the escape way between described credible Key, to realize and the data interaction of described credible Key;
After the escape way of setting up between described credible Key, the first trusted application on described terminal device is utilized safe storage function and the credible computing function of described credible Key, realizes the operation flow operation of the first trusted application on described terminal device.
5. method according to claim 4, it is characterized in that, after the escape way of setting up between described credible Key, the first trusted application on described terminal device is utilized safe storage function and the credible computing function of described credible Key, realize the operation flow operation of the first trusted application on described terminal device, be specially:
After the escape way of setting up between described credible Key, the first trusted application on described terminal device sends the services request of safe storage or credible calculating to described credible Key;
The request that described credible Key sends according to the first trusted application on described terminal device, carries out credible calculating or the safe storage function corresponding with described request, and execution result is returned to the first trusted application on described terminal device.
6. according to the method described in claim 4 or 5, it is characterized in that, also comprise:
After the operation flow EO of the first trusted application on described terminal device, close the escape way between described credible Key.
7. a method for safely carrying out of credible Key, is characterized in that, comprising:
When the first trusted application on terminal device receives triggering command, trigger the second trusted application on described credible key;
Escape way between the trusted users interactive interface TUI of the trusted operating system on the second trusted application foundation and described terminal device on described credible Key;
After escape way between the TUI of the trusted operating system on foundation and described terminal device, the second trusted application on described credible Key utilizes the service of TUI of the trusted operating system on described terminal device and other can telecommunications services, realizes the operation flow operation of the second trusted application on described credible Key.
8. method according to claim 7, it is characterized in that, after escape way between the TUI of the trusted operating system on foundation and described terminal device, the second trusted application on described credible Key utilizes the service of TUI of the trusted operating system on described terminal device and other can telecommunications services, realize the operation flow operation of the second trusted application on described credible Key, be specially:
Set up with described terminal device on the TUI of trusted operating system between escape way after, the second trusted application on described credible Key sends and the request of user interactions to the TUI of the trusted operating system on described terminal device;
The TUI of the trusted operating system on described terminal device utilizes the service of described TUI can telecommunications services determine the user interactive data corresponding with described request with other;
The user interactive data corresponding with described request of determining returned to the second trusted application on described credible Key.
9. method according to claim 6, is characterized in that, also comprises:
After the operation flow EO of the second trusted application on described credible Key, the second trusted application on described credible Key close and described terminal device on escape way between the TUI of trusted operating system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410004113.9A CN103745155A (en) | 2014-01-03 | 2014-01-03 | Credible Key and safe operation method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410004113.9A CN103745155A (en) | 2014-01-03 | 2014-01-03 | Credible Key and safe operation method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103745155A true CN103745155A (en) | 2014-04-23 |
Family
ID=50502172
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410004113.9A Pending CN103745155A (en) | 2014-01-03 | 2014-01-03 | Credible Key and safe operation method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103745155A (en) |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104021470A (en) * | 2014-05-28 | 2014-09-03 | 恒宝股份有限公司 | Wireless communication-based mobile payment system and mobile payment method |
| CN104077533A (en) * | 2014-07-17 | 2014-10-01 | 北京握奇智能科技有限公司 | Sensitive data operating method and device |
| CN104125216A (en) * | 2014-06-30 | 2014-10-29 | 华为技术有限公司 | Method, system and terminal capable of improving safety of trusted execution environment |
| CN105307163A (en) * | 2015-12-01 | 2016-02-03 | 恒宝股份有限公司 | Safe communication method and device |
| CN105446713A (en) * | 2014-08-13 | 2016-03-30 | 阿里巴巴集团控股有限公司 | Safe storage method and equipment |
| CN105468659A (en) * | 2014-09-28 | 2016-04-06 | 阿里巴巴集团控股有限公司 | Data synchronizing method and apparatus |
| CN105574720A (en) * | 2015-12-14 | 2016-05-11 | 联想(北京)有限公司 | Secure information processing method and secure information processing apparatus |
| WO2016070810A1 (en) * | 2014-11-05 | 2016-05-12 | 中国银联股份有限公司 | Method for a dual access application between two execution environments |
| CN105592403A (en) * | 2014-12-29 | 2016-05-18 | 中国银联股份有限公司 | Communication device and communication method based on NFC |
| CN105931042A (en) * | 2015-09-22 | 2016-09-07 | 中国银联股份有限公司 | Application authority management method and intelligent POS terminal |
| CN105978920A (en) * | 2016-07-28 | 2016-09-28 | 恒宝股份有限公司 | Method for having access to credible application, CA and TA |
| CN106228072A (en) * | 2016-07-21 | 2016-12-14 | 恒宝股份有限公司 | A kind of general TA payment platform and method of payment |
| WO2017088261A1 (en) * | 2015-11-23 | 2017-06-01 | 小米科技有限责任公司 | Biometric technology-based mobile payment method, device and apparatus |
| CN107430729A (en) * | 2014-12-30 | 2017-12-01 | 万事达卡国际股份有限公司 | Security for mobile payment application |
| CN107924449A (en) * | 2016-03-18 | 2018-04-17 | 华为技术有限公司 | A kind of notification message processing method, device and terminal |
| CN108737402A (en) * | 2018-05-10 | 2018-11-02 | 北京握奇智能科技有限公司 | Mobile terminal safety means of defence and device |
| CN110059500A (en) * | 2015-11-30 | 2019-07-26 | 华为技术有限公司 | User interface switching method and terminal |
| US10432611B2 (en) | 2015-08-07 | 2019-10-01 | Alibaba Group Holding Limited | Transaction processing method and client based on trusted execution environment |
| WO2019192344A1 (en) * | 2018-04-02 | 2019-10-10 | 华为技术有限公司 | Trust zone-based operating system and method |
| WO2019237814A1 (en) * | 2018-06-11 | 2019-12-19 | 中国银联股份有限公司 | Non-contact communication method and communication device |
| CN116094767A (en) * | 2022-12-21 | 2023-05-09 | 国网思极网安科技(北京)有限公司 | Terminal data security model based on trusted execution environment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2004029860A1 (en) * | 2002-09-27 | 2004-04-08 | Nokia Corporation | Wireless communication device providing a contactless interface for a smart card reader |
| CN101031939A (en) * | 2004-10-19 | 2007-09-05 | 英特尔公司 | Method and apparatus for securing communications between a smartcard and a terminal |
| CN101996332A (en) * | 2009-08-26 | 2011-03-30 | 深圳市文鼎创数据科技有限公司 | Intelligent security device |
| CN102402820A (en) * | 2010-09-13 | 2012-04-04 | 中国移动通信有限公司 | Electronic transaction method and terminal equipment |
-
2014
- 2014-01-03 CN CN201410004113.9A patent/CN103745155A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2004029860A1 (en) * | 2002-09-27 | 2004-04-08 | Nokia Corporation | Wireless communication device providing a contactless interface for a smart card reader |
| CN101031939A (en) * | 2004-10-19 | 2007-09-05 | 英特尔公司 | Method and apparatus for securing communications between a smartcard and a terminal |
| CN101996332A (en) * | 2009-08-26 | 2011-03-30 | 深圳市文鼎创数据科技有限公司 | Intelligent security device |
| CN102402820A (en) * | 2010-09-13 | 2012-04-04 | 中国移动通信有限公司 | Electronic transaction method and terminal equipment |
Non-Patent Citations (1)
| Title |
|---|
| 国炜等: "移动智能终端可信环境分析", 《现代电信科技》 * |
Cited By (39)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104021470B (en) * | 2014-05-28 | 2017-05-10 | 恒宝股份有限公司 | Wireless communication-based mobile payment system and mobile payment method |
| CN104021470A (en) * | 2014-05-28 | 2014-09-03 | 恒宝股份有限公司 | Wireless communication-based mobile payment system and mobile payment method |
| CN104125216A (en) * | 2014-06-30 | 2014-10-29 | 华为技术有限公司 | Method, system and terminal capable of improving safety of trusted execution environment |
| CN104125216B (en) * | 2014-06-30 | 2017-12-15 | 华为技术有限公司 | A kind of method, system and terminal for lifting credible performing environment security |
| CN104077533A (en) * | 2014-07-17 | 2014-10-01 | 北京握奇智能科技有限公司 | Sensitive data operating method and device |
| CN105446713B (en) * | 2014-08-13 | 2019-04-26 | 阿里巴巴集团控股有限公司 | Method for secure storing and equipment |
| CN105446713A (en) * | 2014-08-13 | 2016-03-30 | 阿里巴巴集团控股有限公司 | Safe storage method and equipment |
| CN105468659A (en) * | 2014-09-28 | 2016-04-06 | 阿里巴巴集团控股有限公司 | Data synchronizing method and apparatus |
| CN105468659B (en) * | 2014-09-28 | 2019-01-04 | 阿里巴巴集团控股有限公司 | A kind of method of data synchronization and device |
| US10367789B2 (en) | 2014-09-28 | 2019-07-30 | Alibaba Group Holding Limited | Data synchronization method and apparatus |
| WO2016070810A1 (en) * | 2014-11-05 | 2016-05-12 | 中国银联股份有限公司 | Method for a dual access application between two execution environments |
| CN105592019A (en) * | 2014-11-05 | 2016-05-18 | 中国银联股份有限公司 | Method for bidirectional access to application between dual execution environments |
| CN105592019B (en) * | 2014-11-05 | 2018-12-25 | 中国银联股份有限公司 | The method that two-way access is applied between dual execution environment |
| CN105592403A (en) * | 2014-12-29 | 2016-05-18 | 中国银联股份有限公司 | Communication device and communication method based on NFC |
| WO2016107381A1 (en) * | 2014-12-29 | 2016-07-07 | 中国银联股份有限公司 | Nfc-based communication device and method |
| CN105592403B (en) * | 2014-12-29 | 2020-03-31 | 中国银联股份有限公司 | NFC-based communication device and method |
| CN107430729A (en) * | 2014-12-30 | 2017-12-01 | 万事达卡国际股份有限公司 | Security for mobile payment application |
| US10432611B2 (en) | 2015-08-07 | 2019-10-01 | Alibaba Group Holding Limited | Transaction processing method and client based on trusted execution environment |
| CN105931042A (en) * | 2015-09-22 | 2016-09-07 | 中国银联股份有限公司 | Application authority management method and intelligent POS terminal |
| WO2017088261A1 (en) * | 2015-11-23 | 2017-06-01 | 小米科技有限责任公司 | Biometric technology-based mobile payment method, device and apparatus |
| US11367054B2 (en) | 2015-11-23 | 2022-06-21 | Xiaomi Inc. | Biological recognition technology-based mobile payment device, method and apparatus, and storage medium |
| RU2649786C2 (en) * | 2015-11-23 | 2018-04-04 | Сяоми Инк. | Mobile payment device based on biological technology, method and device |
| CN110059500A (en) * | 2015-11-30 | 2019-07-26 | 华为技术有限公司 | User interface switching method and terminal |
| US11874903B2 (en) | 2015-11-30 | 2024-01-16 | Huawei Technologies Co., Ltd. | User interface switching method and terminal |
| CN105307163A (en) * | 2015-12-01 | 2016-02-03 | 恒宝股份有限公司 | Safe communication method and device |
| CN105307163B (en) * | 2015-12-01 | 2019-03-19 | 恒宝股份有限公司 | A kind of safety communicating method and device |
| CN105574720A (en) * | 2015-12-14 | 2016-05-11 | 联想(北京)有限公司 | Secure information processing method and secure information processing apparatus |
| CN107924449B (en) * | 2016-03-18 | 2020-03-10 | 华为技术有限公司 | Notification message processing method and device and terminal |
| CN107924449A (en) * | 2016-03-18 | 2018-04-17 | 华为技术有限公司 | A kind of notification message processing method, device and terminal |
| CN106228072A (en) * | 2016-07-21 | 2016-12-14 | 恒宝股份有限公司 | A kind of general TA payment platform and method of payment |
| CN105978920A (en) * | 2016-07-28 | 2016-09-28 | 恒宝股份有限公司 | Method for having access to credible application, CA and TA |
| CN105978920B (en) * | 2016-07-28 | 2019-05-24 | 恒宝股份有限公司 | A kind of method and TA accessing trusted application |
| WO2019192344A1 (en) * | 2018-04-02 | 2019-10-10 | 华为技术有限公司 | Trust zone-based operating system and method |
| US11443034B2 (en) | 2018-04-02 | 2022-09-13 | Huawei Technologies Co., Ltd. | Trust zone-based operating system and method |
| CN108737402A (en) * | 2018-05-10 | 2018-11-02 | 北京握奇智能科技有限公司 | Mobile terminal safety means of defence and device |
| CN108737402B (en) * | 2018-05-10 | 2021-04-27 | 北京握奇智能科技有限公司 | Mobile terminal safety protection method and device |
| WO2019237814A1 (en) * | 2018-06-11 | 2019-12-19 | 中国银联股份有限公司 | Non-contact communication method and communication device |
| US11775956B2 (en) | 2018-06-11 | 2023-10-03 | China Unionpay Co., Ltd. | Non-contact communication method and communication device |
| CN116094767A (en) * | 2022-12-21 | 2023-05-09 | 国网思极网安科技(北京)有限公司 | Terminal data security model based on trusted execution environment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103745155A (en) | Credible Key and safe operation method thereof | |
| KR20160047535A (en) | Secure provisioning of credentials on an electronic device | |
| CN104504563B (en) | A kind of mobile message safety means and its method of work | |
| CN103793815A (en) | Mobile intelligent terminal acquirer system and method suitable for bank cards and business cards | |
| CN105637546A (en) | Divided payment method, and device and system for same | |
| CN105261130A (en) | Intelligent POS terminal | |
| CN106464502A (en) | Methods and systems for authentication of a communication device | |
| JP6553810B2 (en) | Payment authentication method and apparatus for mobile terminal and mobile terminal | |
| CN103268436A (en) | Method and system for touch-screen based graphical password authentication in mobile payment | |
| CN104732387A (en) | Mobile device and related electronic transaction method | |
| CN103793818A (en) | Multi-intelligent-card paying system, method, mobile paying terminal and credible platform | |
| CN104636916A (en) | Mobile payment method and system and related equipment | |
| US20210266312A1 (en) | System and method for mobile cross-authentication | |
| CN104636917A (en) | Mobile payment system and method with secure payment function | |
| CN102880305A (en) | Keyboard input encryption method and mobile terminal thereof | |
| CN104112199A (en) | Multi-communication-port IC card safety terminal, access system and financial transaction payment method | |
| CN107005575A (en) | A kind of smart card and its method of work with dynamic token OTP functions | |
| CN105224071B (en) | A kind of method of data interaction, equipment and system | |
| CN115004207B (en) | Multi-purpose payment device | |
| CN109151151A (en) | Realize the method and device of the user mode switching of terminal | |
| CN109324843B (en) | Fingerprint processing system and method and fingerprint equipment | |
| CN104751326A (en) | Data processing method and related equipment and system | |
| CN104144256B (en) | A kind of portable cryptographic device based on mobile terminal | |
| CN106651366A (en) | Mobile terminal and transaction confirmation method and device thereof, and smart card | |
| US8430308B2 (en) | Authorizing financial transactions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140423 |