[go: up one dir, main page]

HK1199970B - Safe mobile phone - Google Patents

Safe mobile phone Download PDF

Info

Publication number
HK1199970B
HK1199970B HK15100292.8A HK15100292A HK1199970B HK 1199970 B HK1199970 B HK 1199970B HK 15100292 A HK15100292 A HK 15100292A HK 1199970 B HK1199970 B HK 1199970B
Authority
HK
Hong Kong
Prior art keywords
information
mobile phone
module
processing module
touch screen
Prior art date
Application number
HK15100292.8A
Other languages
Chinese (zh)
Other versions
HK1199970A1 (en
Inventor
李东声
Original Assignee
天地融科技股份有限公司
Filing date
Publication date
Priority claimed from CN201410231601.3A external-priority patent/CN103996117B/en
Application filed by 天地融科技股份有限公司 filed Critical 天地融科技股份有限公司
Publication of HK1199970A1 publication Critical patent/HK1199970A1/en
Publication of HK1199970B publication Critical patent/HK1199970B/en

Links

Abstract

The present invention provides a secure mobile phone,Including: mobile phone processing moduleInformation processing moduleSecurity module and display component;The display component includes: a first display area and a second display area;The first display area and the second display area display independently;Mobile processing module,Used to send the first information to the security module,And/or receive the second information sent by the security module;Security module,Used to receive the first information sent by the mobile processing module,And/or output the second information to the mobile processing module;Security module,Also used to output third information to the information processing module;Information processing module,Used to receive the third information output by the security module,Verify the third information,After passing the verification, cache it,And convert the cached information,Obtain the fourth information,Send the fourth information to the second display area;The second display area,Used to display the fourth information.As a result, the security and convenience of mobile data storage and payment transactions have been improved.

Description

Safety mobile phone
Technical Field
The invention relates to the technical field of electronics, in particular to a safe mobile phone.
Background
Currently, mobile terminal devices (e.g., smart phones, tablet computers (PADs), smart watches, smart glasses, etc.) have been widely used in people's daily lives. The mobile terminal device may be controlled by programs such as trojan horse, which may cause problems such as leakage of user information.
How to provide a secure mobile terminal to ensure the information security in the mobile terminal device and ensure the security of information interaction between the mobile terminal device and other devices becomes an urgent problem to be solved.
Disclosure of Invention
The present invention is directed to solving one of the problems set forth above.
The invention mainly aims to provide a safe mobile phone.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
one aspect of the present invention provides a secure mobile phone, including: the mobile phone comprises a mobile phone processing module, an information processing module, a security module and a display component; the display assembly includes: a first display area and a second display area; the first display area and the second display area are independently displayed; the mobile phone processing module is connected with the first display area and the safety module; the safety module is connected with the second display area through the information processing module; the mobile phone processing module is used for sending first information to the security module and/or receiving second information sent by the security module; the security module is used for receiving the first information sent by the mobile phone processing module and/or outputting the second information to the mobile phone processing module; the safety module is also used for outputting third information to the information processing module; the information processing module is used for receiving the third information output by the safety module, verifying the third information, caching after the verification is passed, converting the cached information to obtain fourth information, and sending the fourth information to the second display area; and the second display area is used for displaying the fourth information.
In addition, the secure handset further comprises: a touch screen assembly; the touch screen assembly includes: a first touch screen area and a second touch screen area; the first touch screen area and the second touch screen area independently output information; the first touch screen area is covered on the first display area and corresponds to the first display area, and the second touch screen area is covered on the second display area and corresponds to the second display area; the mobile phone processing module is connected with the first touch screen area; the safety module is connected with the second touch screen area through the information processing module; the second touch screen area is also used for outputting fifth information to the information processing module; the information processing module is further configured to receive fifth information output by the second touch screen area, verify the fifth information, cache the fifth information after the fifth information is verified, convert the cached information to obtain sixth information, and send the sixth information to the security module; the security module is further configured to process the sixth information.
In addition, the second display area is arranged above the first display area, and the second touch screen area is arranged above the first touch screen area; or the second display area is arranged below the first display area, and the second touch screen area is arranged below the first touch screen area; or the second display area is arranged at the left of the first display area, and the second touch screen area is arranged at the left of the first touch screen area; or the second display area is arranged on the right side of the first display area, and the second touch screen area is arranged on the right side of the first touch screen area.
In addition, the secure handset further comprises: a function display area and a function touch screen area; the second display area is arranged between the first display area and the function display area, and the second touch screen area is arranged between the first touch screen area and the function touch screen area.
In addition, the secure handset further comprises: a function key display area and a function key touch screen area; the second display area is arranged around the function key display area, and the second touch screen area is arranged around the function key touch screen area.
In addition, the security module is further configured to receive information to be encrypted sent by the mobile phone processing module, encrypt the information to be encrypted, and send the encrypted information to the mobile phone processing module; and/or the safety module is also used for receiving the encrypted information sent by the mobile phone processing module, decrypting the encrypted information and sending the decrypted information to the mobile phone processing module.
In addition, the security module is further configured to receive information to be signed sent by the mobile phone processing module, receive a confirmation instruction, sign the received information to be signed, and send the signed information to the mobile phone processing module; and/or the safety module is also used for receiving the information to be checked and signed sent by the mobile phone processing module, verifying the received information to be checked and informing the mobile phone processing module after the verification is passed.
In addition, the security module is further configured to receive information to be verified sent by the mobile phone processing module, verify the information to be verified, and notify the mobile phone processing module after the verification is passed.
In addition, the safety module is further used for obtaining the recipient information, verifying the legality of the recipient information, after verifying that the recipient information is legal, if the mail needs to be sent in a confidential mode, at least carrying out encryption calculation on the mail plaintext information to obtain mail ciphertext information, and at least sending the mail ciphertext information to the mobile phone processing module for outgoing.
In addition, the security module is further configured to control the second display area to display the plaintext information of the email.
In addition, the security module is further configured to receive an email confirmation instruction before at least sending the email ciphertext information to the mobile phone processing module.
According to the technical scheme provided by the invention, the safety module is integrated on the safety mobile phone based on the embodiment of the invention, so that the function of the intelligent password device is realized, and the second display area is controlled by the safety module to independently display the information to be displayed, so that the second display area can display information such as transaction information processed by the safety module in the process of processing the transaction information by a user using the safety module, thereby realizing the safety display of the information by the safety mobile phone, realizing the safety function of the intelligent password device (KEY) on the mobile phone, and improving the safety and the use convenience of data storage and payment transaction of the mobile phone device.
In addition, the information output by the security module is processed through the information processing module, so that the second display area can be ensured to correctly display the information output by the security module.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a secure mobile phone according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a secure mobile phone according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
The invention can be practically applied to mobile terminal equipment which can be an intelligent mobile phone, in the invention, the mobile phone and intelligent password equipment (equipment with functions of electronic signature, encryption and decryption, verification and the like, such as KEY equipment and the like) are combined into a whole, a security module is integrated in the mobile phone, the security module can be a security chip (the security chip can be a processing chip with a security storage area, and data stored in the security storage area can not be copied and exported), and the security module can perform security operations such as KEY generation, data encryption and decryption, verification calculation and the like.
The invention utilizes the display component of the mobile phone to complete the display of the operation of the security module, thereby leading the mobile phone to realize the safety function of displaying the KEY, namely the what you see is what you sign.
In the invention, the mobile phone display component (namely, the mobile phone screen is shared by the mobile phone processing module and the security module, but is independently controlled by the mobile phone processing module and the security module) is used for displaying data.
The mobile phone provided by the invention is provided with only one display screen, the display screen is covered with one touch screen, the display screen can be at least divided into two display areas, and meanwhile, the touch screen is also divided into two touch screen areas corresponding to the two display areas. The two display areas are respectively: the mobile phone processing module controls the first display area to display and the safety module controls the second display area to display, and the two display areas display independently and do not interfere with each other. And under the condition that the safety module controls the second display area to display, the second display area independently displays the information required to be displayed by the safety module. The security module is used for performing operations such as information encryption, signature, verification calculation and the like, or displaying information required to be displayed by the security module in the information interaction process, or directly sending input information (plaintext) to the security module for encryption when a user needs to input important information, and the like.
In the invention, the security module and the mobile phone processing module (namely, the main chip of the mobile phone) are mutually independent, the security module can be provided with a password processing unit, sensitive data stored in the mobile phone can be encrypted by using the password processing unit, and an encryption key for data encryption is stored in a security storage area, thereby protecting the security of the internal information of the mobile phone.
The invention can also complete the safe downloading of the safe application program (APP) according to the functions of key generation, storage, calculation, verification and the like of the safe module, realize the safe updating of the running program of the safe module, the safe storage of the mobile phone data, the safe execution of mobile payment (remote payment or near-field payment), mail encryption and decryption, the safe storage of cloud data and the like.
Fig. 1 shows a schematic structural diagram of a secure mobile phone according to an embodiment of the present invention, and referring to fig. 1, the secure mobile phone of the present invention includes: the mobile phone comprises a mobile phone processing module 10, an information processing module 20, a security module 30 and a display component 40;
the display assembly 40 includes: a first display area 401 and a second display area 402; the first display area 401 and the second display area 402 are independently displayed; specifically, the display module 40 includes a display screen and a display driver, wherein the display module 40 may include a display screen, and the display screen may be divided into at least two display areas, so that one display area is used for displaying information that needs to be displayed by the mobile phone processing module 10, and the other display area is used for displaying information that needs to be displayed by the security module 30, so as to ensure that the displays of the mobile phone processing module 10 and the security module 30 are not interfered with each other and are independent of each other, thereby ensuring the display security of the security module 30; of course, the display driver corresponding to the display screen may be one driving module driving two display areas for displaying, or two driving modules driving two display areas for displaying respectively. In addition, the display module 40 may also include two display screens, one display screen serves as the first display area, the other display screen serves as the second display area, the display driver corresponding to the two display screens may drive the two display screens for one driving module to display, or the two driving modules may drive the two display screens to display, so that one display screen is used for displaying information that needs to be displayed by the mobile phone processing module 10, and the other display screen is used for displaying information that needs to be displayed by the security module 30, so as to ensure that the displays of the mobile phone processing module 10 and the security module 30 are not interfered with each other and are independent of each other, thereby ensuring the display security of the security module 30.
In addition, the display module 40 may further include a display processing unit, which may be disposed in the display driver or separately disposed as a module, and the display processing unit may be configured to receive the display information sent by the mobile phone processing module 10 through the first interface and allocate the display information to the first display area 401, receive the display information sent by the security module 30 through the second interface and allocate the display information to the second display area 402. Specifically, the display processing unit may allocate coordinate information in the display information to ensure that the displays of the mobile phone processing module 10 and the security module 30 are not interfered with each other and are independent of each other, thereby ensuring the security of the display of the security module 30.
The mobile phone processing module 10 is connected with the first display area 401 and the security module 30; specifically, the mobile phone processing module 10 executes the normal display function of the mobile phone through the first display area 401, for example: display functions such as pictures, videos, calls and the like; meanwhile, the mobile phone processing module 10 may also send information to be processed to the security module 30, and may also receive information processed by the security module 30.
The security module 30 is connected with the second display area 402 through the information processing module 20; specifically, the information output by the security module 30 may be processed by the information processing module 20 and then sent to the second display area 402 for display, so that the information format processed by the information processing module 20 matches the information format that can be displayed by the second display area 402, and the information output by the security module 30 can be normally displayed by the second display area 402.
The mobile phone processing module 10 is configured to send the first information to the security module 30, and/or receive the second information sent by the security module 30; specifically, the first information may be information that needs to be securely processed by the security module 30, for example: transaction information to be signed, files to be encrypted, and the like; the first information may also be information that requires secure display by the security module 30, such as: plaintext information for secure mail, etc.
The security module 30 is configured to receive the first information sent by the mobile phone processing module 10 and/or output the second information to the mobile phone processing module 10; specifically, the second information may be information after security processing is performed by the security module 30, for example: signature information, encryption information, etc.
The security module 30 is further configured to output third information to the information processing module 20; specifically, if the secure module 30 needs the second display area 402 to display information, the secure module 30 further sends information to be displayed to the information processing module 20, for example: clear text information of the secure mail, key information in the transaction information, and the like.
The information processing module 20 is configured to receive the third information output by the security module 30, verify the third information, cache the third information after the verification is passed, convert the cached information to obtain fourth information, and send the fourth information to the second display area 402; specifically, when the security module 30 needs to display the second display area 402, the information processing module 20 receives the information to be displayed output by the security module 30, so that the information processing module 20 processes the information to be displayed output by the security module 30, and the information format processed by the information processing module 20 is matched with the information format that can be displayed by the second display area 402, so as to ensure that the second display area 402 can normally display the information to be displayed output by the security module 30. For example: the information output by the security module 30 is serial information, and the second display area 402 can only process parallel information, so the information processing module 20 is required to process the serial information output by the security module 30 to form parallel information that can be processed by the second display area 402.
In addition, the information processing module 20 may perform information correctness verification on the information to be displayed output by the security module 30, perform cache after the verification is passed, and convert the cached information into information that can be processed by the second display area 402, so as to ensure that the second display area 402 correctly displays the information to be displayed output by the security module 30. For example: the information processing module 20 is configured to convert the serial signal output from the security module 30 into a parallel signal. In the display process, the asynchronous serial information output by the security module 30 has a low transmission speed, so that in order to ensure the correctness of information transmission, the serial information needs to be checked, and the serial information after being checked is cached and then converted into parallel information, so that the second display area 402 can display the parallel information.
In addition, the information processing module 20 may be a separate module or a chip to perform its functions, and of course, the information processing module 20 may be integrated with the security module 30 into one module, or the information processing module 20 may also be integrated with the display component 40 into one module to save costs. It is within the scope of the present invention that the information processing module 20 be integrated or be a part of the functionality of one of the modules, as long as the functionality of the module is implemented.
And a second display area 402 for displaying the fourth information. Specifically, after receiving the processed information to be displayed sent by the information processing module 20, the second display area 402 displays the information to be displayed, so as to ensure the "what you see is what you sign" function of the security module.
In addition, the display information sent by the mobile phone processing module 10 can directly enter the first display area 401 to be displayed, so that the normal use of the mobile phone is not affected.
According to the safety mobile phone provided by the embodiment of the invention, the safety module is integrated on the safety mobile phone to realize the function of the intelligent password device, and the second display area is controlled by the safety module to independently display the information to be displayed, so that the second display area can display the information such as the transaction information processed by the safety module in the process of processing the transaction information by using the safety module by a user, thereby realizing the safety display of the information by the safety mobile phone, realizing the safety function of the intelligent password device (KEY) on the mobile phone, and improving the safety and the use convenience of data storage and payment transaction of the mobile phone device.
In addition, the information output by the security module is processed through the information processing module, so that the second display area can be ensured to correctly display the information output by the security module.
Further, the secure mobile phone of the present invention further comprises: a touch screen assembly 50; therefore, the safety mobile phone can input information through the touch screen.
The touch screen assembly 50 includes: a first touch screen area 501 and a second touch screen area 502; the first touch screen area 501 and the second touch screen area 502 independently output information; the first touch screen area 501 is covered on the first display area 401 and corresponds to the first display area 401, and the second touch screen area 502 is covered on the second display area 402 and corresponds to the second display area 402; specifically, the touch screen assembly 50 includes a touch screen, a driver, and the like, where the touch screen assembly 50 may include a touch screen, and the touch screen may be divided into at least two touch screen areas, so that one of the touch screen areas is used for inputting information to the mobile phone processing module 10, and the other touch screen area is used for inputting information to the security module 30, so as to ensure that the information input to the mobile phone processing module 10 and the security module 30 is not interfered with each other and is independent of each other, thereby ensuring the security of information input by the security module 30; of course, the driving corresponding to the touch screen may be one driving module driving two touch screen areas for information input, or two driving modules respectively driving two touch screen areas for information input. Of course, in the present invention, the touch screen assembly 50 may not include the second touch screen area 502, but only include the first touch screen area 501, and only complete the normal functions of the secure mobile phone through the first touch screen area 501. In addition, the touch screen assembly 50 may also include two touch screens, one touch screen is used as the first touch screen area, the other touch screen is used as the second touch screen area, the touch screen driver corresponding to the two touch screens may drive the two touch screens for information input for one driving module, or the two driving modules may respectively drive the two touch screens for information input, so that one touch screen is used for inputting information to the mobile phone processing module 10, and the other touch screen is used for inputting information to the security module 30, so as to ensure that the inputs of the mobile phone processing module 10 and the security module 30 are not interfered with each other and are independent of each other, thereby ensuring the security of the input by the security module 30.
In addition, the touch screen assembly 50 may further include a touch screen processing unit, which may be disposed in the touch screen driver, or may be separately disposed as a module, and the touch screen processing unit may be configured to input information to the mobile phone processing module 10 through the first interface and input information to the security module 30 through the second interface. Specifically, the touch screen processing unit may send information through coordinate information in the touch screen information, so as to ensure that the inputs of the mobile phone processing module 10 and the security module 30 are not interfered with each other and are independent of each other, thereby ensuring the security of the input of the security module 30.
The mobile phone processing module 10 is connected with the first touch screen area 501; specifically, the mobile phone processing module 10 executes normal input functions of the mobile phone through the first touch screen area 501, for example: the functions of a slide switch for receiving and calling, short message input and the like.
The security module 30 is connected with the second touch screen area 502 through the information processing module 20; specifically, the information input to the security module 30 by the second touch screen area 502 may be processed by the information processing module 20 and then sent to the security module 30, so that the information format of the processed information by the information processing module 20 matches the information format that can be processed by the security module 30, and thus the security module 30 is ensured to perform normal information processing.
The second touch screen area 502 is further configured to output fifth information to the information processing module 20; specifically, the second touch screen area 502 also inputs information to be processed to the information processing module 20, so that the information processing module 20 processes the information to be processed and then sends the processed information to the security module 30, so that the security module 30 normally processes the information to be processed.
The information processing module 20 is further configured to receive fifth information output by the second touch screen area 502, verify the fifth information, cache the fifth information after the verification is passed, convert the cached information to obtain sixth information, and send the sixth information to the security module 30; specifically, when the second touch screen area 502 needs to input the information to be processed to the security module 30, the information processing module 20 receives the information to be processed output by the second touch screen area 502, so that the information processing module 20 processes the information to be processed output by the second touch screen area 502, and thus the information format processed by the information processing module 20 is matched with the information format that can be processed by the security module 30, so as to ensure that the security module 30 can normally process the information to be processed output by the second touch screen area 502. For example: the information output by the second touch screen area 502 is parallel information, and the security module 30 can process serial information, so that the information processing module 20 is required to process the parallel information output by the second touch screen area 502 to form serial information that can be processed by the security module 30.
In addition, the information processing module 20 may perform information correctness verification on the information to be processed output by the second touch screen region 502, and perform cache after the verification is passed, and convert the cached information into information that can be processed by the security module 30, so as to ensure that the security module 30 correctly processes the information to be processed output by the second touch screen region 502. For example: the information processing module 20 is configured to convert the parallel signal output by the second touch screen area 502 into a serial signal. In the process of inputting the touch screen information, the transmission speed of the parallel information output by the second touch screen area 502 is high, and in order to ensure the correctness of information transmission, the parallel information needs to be checked, and the parallel information after being checked is cached and then converted into serial information so that the security module 30 can process the parallel information.
In addition, the information processing module 20 may perform its function as a separate module or chip, and of course, the information processing module 20 may be integrated with the touch screen assembly 50 into a single module to save cost. It is within the scope of the present invention that the information processing module 20 be integrated or be a part of the functionality of one of the modules, as long as the functionality of the module is implemented.
And the safety module 30 is also used for processing sixth information. Specifically, after receiving the processed information to be processed sent by the information processing module 20, the security module 30 processes the information to be processed, so as to ensure that the security module 30 normally executes the security function of the security module 30.
In addition, the information to be processed can also be confirmation information in the transaction process, so that the information to be processed can be used as a confirmation key of a second generation key (a key with a display screen and a confirmation key), and the security of the transaction can be ensured in the transaction process by the security mobile phone disclosed by the invention. Therefore, the security function of the second-generation intelligent password equipment (second-generation KEY) can be realized on the mobile phone, and the security and the use convenience of data storage and payment transaction of the mobile phone equipment are improved.
In addition, the information output by the second touch screen area is processed through the information processing module, so that the safety module can be ensured to correctly process the information input by the second touch screen area.
The information processing module 20 may include several functional sub-units, such as checking, buffering, and converting.
The checking subunit checks the received information to ensure the correctness of the received information. The check subunit may use a signal check (e.g., detecting parity bits), an algorithm check (e.g., CRC check), or other check methods.
And the caching subunit caches the processed information. The buffer subunit can comprise a buffer circuit, a circuit shift register, a latch register and the like to realize data buffering; the buffer subunit may be present in the form of a buffer, or may be a register, etc.
And the conversion subunit can process the cached information into a matched information format.
Of course, the three sub-units may be presented as separate units, or may be implemented by using a serial-parallel conversion chip integrating the above functions or matching with other circuits.
In addition, the second display area 402 is disposed above the first display area 401, and the second touch screen area 502 is disposed above the first touch screen area 501; or the second display area 402 is arranged below the first display area 401, and the second touch screen area 502 is arranged below the first touch screen area 501; or the second display area 402 is arranged at the left of the first display area 401, and the second touch screen area 502 is arranged at the left of the first touch screen area 501; or the second display area 402 is disposed to the right of the first display area 401 and the second touch screen area 502 is disposed to the right of the first touch screen area 501. Therefore, normal display of the safety mobile phone is not affected.
In addition, the secure mobile phone of the present invention may further include: a function display area and a function touch screen area; for example: some handsets contain functional areas, namely: in the area where the function keys such as confirm, cancel, return, etc. are located, on the mobile phone, the second display area 402 of the present invention is disposed between the first display area 401 and the function display area, and the second touch screen area 502 is disposed between the first touch screen area 501 and the function touch screen area. Therefore, the attractiveness and the utilization rate of the display screen are improved on the premise that the normal functions of the function display area and the function touch screen area are not affected.
In addition, the secure mobile phone of the present invention may also include: a function key display area and a function key touch screen area; for example: some handsets contain functional areas, namely: in the mobile phone, a second display area 402 is arranged around the function key display area, and a second touch screen area 502 is arranged around the function key touch screen area. Therefore, the space of the display screen of the existing mobile phone is utilized to the maximum extent, and the utilization rate of the display screen is improved.
The following provides an application scenario of split-screen display of a secure mobile phone, but the present invention is not limited thereto:
in the invention, the display screen of the safe mobile phone is divided into at least two parts (the whole display screen range is divided into at least two parts, so that all corresponding dot matrix coordinates are also divided into two parts according to the divided areas, such as a first display area and a second display area), the I/O interface pin of the display drive of the safe mobile phone is divided into two parts which are respectively connected with the corresponding I/O interface pin of a safe chip (a safe module) and a main chip (a mobile phone processing module), the display drive module can comprise an image processing unit and a display control unit, wherein, the image processing unit analyzes the received data of the two chips and distributes the coordinate address of the dot matrix of the display screen area corresponding to the chip to the image information transmitted by the two chips, the image processing unit sends the analyzed data and the display address to the display control unit, and the display control unit drives the display screen to display according to the received display data. The image processing unit and the display control unit can be two separated components, or the two units can be combined into a whole.
Optionally, the touch screen of the secure mobile phone may be partitioned as the same as the display screen (the whole touch screen range is at least divided into two parts, so that all corresponding dot matrix coordinates are also divided into two parts according to the partitioned areas, for example, the first touch screen area and the second touch screen area), the I/O interface pin of the touch screen driver of the secure mobile phone is divided into two parts, which are respectively connected to the corresponding I/O interface pin of the secure chip (the secure module) and the main chip (the mobile phone processing module), the touch screen driver may include a processing unit and a driving unit, wherein the driving unit receives information output by the touch screen and sends the output information to the processing unit, the processing unit analyzes the received information and transmits information from the touch screen (which may include coordinate addresses of dot matrices of the touch screen area) to the two chips, after the chips receive the information from the touch screen, and processing the received information.
Of course, the present invention is not limited to the same partitioning of the touch screen as the display screen, and it is within the scope of the present invention to not partition the touch screen.
Specifically, the following provides an application scenario for implementing split screen display of a display screen of a secure mobile phone, but the present invention is not limited thereto:
referring to fig. 2, the secure mobile phone of the present invention may include a main chip, a secure chip, a display screen, a display driving module, and the like. The main chip and the safety chip of the mobile phone are respectively connected with different I/O pins of the display driving module, so that the physical connection separation is formed. The display driving module is connected with the display screen. The display driving module may include an image processing unit and a display control unit, and the display driving module sends display data received from the I/O module and sent from the two chips to the image processing unit, for example: I/O1 is connected to the main chip, and I/O2 is connected to the security chip. The image processing unit analyzes the received data respectively, and allocates the display address of the data received by the I/O1 pin to the area 1 (first display area); and the display address of the data received by the I/O2 pin is distributed to the area 2 (second display area), the display data packet comprising the image data and the corresponding display address coordinate is sent to the display control unit, and the display control unit drives the display screen of the corresponding area to display according to the display address coordinate and the corresponding image data.
The I/O interfaces of the display driving module are divided into two types in physical form, wherein one type of corresponding pins are connected with the I/O pins corresponding to the display control function of the main chip, and the other type of corresponding pins are connected with the I/O pins corresponding to the display control function of the safety chip.
And the image processing unit receives the data transmitted by the I/O and analyzes the received data information, the two types of data input by different I/O interfaces are allocated with different display address coordinates, and the display coordinates are divided into two display areas. The image processing unit allocates display coordinates corresponding to the two display areas to the two types of input data, processes the received image data, forms a display data packet by matching with the allocated display address coordinates, and sends the display data packet to the display control unit.
The image processing unit can perform different processing according to the data of different pin interfaces, and can be functionally divided into three subunits: the first sub-unit and the second sub-unit are general processing units responsible for processing main chip data, and may include: the first subunit controls the first display area, the second subunit controls the function display area, and the third subunit is a safety processing unit responsible for processing the data processing of the safety chip; wherein:
a first subunit: the display data sent by the main chip can be displayed in the first display area according to the above principle.
A second subunit: the data (indicator light, etc.) of the functional area sent from the main chip can be displayed in the functional display area. In order to improve the safety of the display data, the second subunit enables the main chip to only control the display of the functional display area, and cannot display data such as characters and the like in the functional display area.
A third subunit: the display data sent by the security chip can be displayed in the display area in the second display area according to the principle.
And the display control unit controls the display screen to display according to the information for controlling the display screen dot matrix in the received display data packet.
The safe mobile phone can simultaneously display the content of the main chip of the mobile phone and the content of the safe chip on one display screen, and separates the two types of display data on the physical connection of hardware, thereby improving the safety.
In addition, in order to ensure the security of the secure mobile phone information, the invention can encrypt the important information through the security module 30, and meanwhile, in order to obtain the plaintext of the confidential information, the confidential information can be decrypted through the security module 30.
Specifically, the security module 30 is further configured to receive information to be encrypted sent by the mobile phone processing module 10, encrypt the information to be encrypted, and send the encrypted information to the mobile phone processing module 10; and/or the security module 30, further configured to receive the encrypted information sent by the mobile phone processing module 10, decrypt the encrypted information, and send the decrypted information to the mobile phone processing module 10.
Based on the secure mobile phone of the present invention, the secure module 30 in the secure mobile phone can be used to encrypt important information in the mobile phone, and send encrypted ciphertext information to the mobile phone processing module 10 for storage, and meanwhile, the secure module 30 also stores an encryption key in a secure storage area (information in the secure storage area cannot be copied and exported) of the secure module 30, so that the security of information inside the mobile phone can be protected.
Meanwhile, based on the safe mobile phone of the invention, the safe module 30 in the mobile phone can be used for decrypting the ciphertext information stored in the mobile phone or received from the outside, and the plaintext information is obtained and then sent to the mobile phone processing module 10, thereby ensuring the safety of the mobile phone information.
The following provides an application scenario for secure mobile phone information encryption/decryption, but the present invention is not limited thereto:
after the secure mobile phone obtains data in a certain form (wherein the data may be short messages, pictures, data, documents and the like received through a network, or pictures, videos and the like obtained by a mobile phone camera, or data manually input by a mobile phone touch screen by a user, or data obtained from the outside through a certain I/O form by the secure mobile phone, such as network remote transmission, a camera, mobile phone peripheral input and the like), if the data needs to be stored safely, the data needs to be encrypted by a secure chip (a secure module) before being stored, and then the encrypted ciphertext is sent to a storage unit in a mobile phone main chip (a mobile phone processing module) to be stored, and the encrypted ciphertext is stored in the storage unit of the secure chip to ensure the security of the encrypted secret key.
By applying the method, when the main chip of the mobile phone and the storage units in the main chip of the mobile phone are attacked by viruses and Trojan horse programs, data is stored in the main chip in a ciphertext mode, and even if the data is leaked, a data plaintext cannot be obtained because a person who illegally obtains the data does not have a decryption key; and the key for decrypting the ciphertext information is stored in the security chip, and the security performance of the security chip ensures that the decryption key cannot be read out or exported, so that the data security is protected by using the security mobile phone.
In addition, in order to ensure the safe operations such as payment of the safe mobile phone, the invention can also carry out signature on the transaction information through the safety module 30 and carry out verification operations on the signature or certificate of the external device.
Specifically, the security module 30 is further configured to receive information to be signed sent by the mobile phone processing module 10, receive a confirmation instruction, sign the received information to be signed, and send the signed information to the mobile phone processing module 10; and/or the security module 30 is further configured to receive the information to be checked and signed sent by the mobile phone processing module 10, verify the received information to be checked and notify the mobile phone processing module 10 after the verification is passed.
According to the security mobile phone of the invention, the information to be signed sent by the mobile phone processing module 10 is signed through the security module 30, and the information to be signed sent by the mobile phone processing module 10 is verified, so that the legal source and the non-repudiation of data are ensured.
The following provides an application scenario for implementing remote downloading and installation of a mobile phone application program by using a secure mobile phone, but the present invention is not limited thereto:
on the premise of being based on a safe mobile phone, all application programs in a mobile phone application store can be subjected to safety evaluation by a reliable evaluation unit, when the evaluation is passed, the evaluation unit can use a private key of the evaluation unit to sign an application data packet, and terminal equipment such as the safe mobile phone can store a root certificate of the evaluation unit so as to verify the application programs.
After the main chip (mobile phone processing module) of the secure mobile phone downloads the application program provided by the application store after security evaluation, before installation, the root certificate of the evaluation unit stored in the secure chip (secure module) is used for signature verification of the application program so as to complete the validity verification of the application program, guarantee the legal source of the application program and improve the use security of the application program. At this time:
the main chip sends an instruction for verifying the safety of the application program to the safety chip and sends a signature value of the downloaded application data packet to the safety chip;
the main processor of the security chip receives an instruction of an external device (a main chip) through an I/O interface, responds to the instruction, sends a signature value to the password processing unit, the password processing unit verifies the signature value, returns a verification result to the main chip through the I/O interface, and the main chip displays prompt information on the second display area so as to prompt a user.
In addition, in order to verify the integrity of the information, the security module can also verify the information to be verified, which is sent by the mobile phone processing module. Specifically, the security module 30 is further configured to receive information to be verified sent by the mobile phone processing module 10, verify the information to be verified, and notify the mobile phone processing module 10 after the verification is passed.
The above security mobile phone can combine any combination of encryption/decryption/signature verification/verification of information through the security module 30, so as to realize security functions of all levels by adopting different combinations according to different security requirements.
The following provides an application scenario in which a secure mobile phone updates a remote application program through a security module, but the present invention is not limited thereto:
when a user holding a secure mobile phone adds an account of a certain bank, because the application flows of transaction services of all banks are different, the user is required to download and install corresponding mobile phone bank application software and programs so as to update the application managed by the account, and the application programs are required to be installed in a secure chip (a secure module) so as to ensure the secure execution of the application programs And verifying the data format and the like to ensure that the application program is safely installed in the security chip.
The specific application scenarios are as follows:
(1) the main chip (mobile phone processing module) of the secure mobile phone sends the received bank application installation data packet to the secure chip;
(2) after the security chip receives the bank application installation data packet, a key ciphertext and an information ciphertext are obtained, the security chip decrypts the key ciphertext by using a private key to obtain a session key plaintext, the session key is used for decrypting the information ciphertext to obtain an information plaintext, the information plaintext is subjected to digest calculation, a received signature is decrypted by using a public key of a bank, a decrypted digest value is compared with a digest result obtained through calculation, if the two digest values are consistent, data integrity check is passed, and (3) is executed; otherwise, finishing the installation and returning error prompt information;
(3) the safety chip utilizes the decryption key to unlock ciphertext information, verifies the data format of the decrypted plaintext, executes (4) if the ciphertext information is correct, and otherwise finishes installation and returns error prompt information;
(4) the secure chip installs the application.
Therefore, remote downloading and updating of the security application are achieved by using the security mobile phone, remote updating of the security application program installed on the security chip is possible, and both security and convenience are guaranteed.
The following provides an application scenario in which a secure mobile phone uploads/downloads data to a cloud terminal through a security module, but the present invention is not limited thereto:
based on the safe mobile phone, a user can realize the function of a cloud terminal, complete data encryption, transmit data to the cloud end through a network for safe storage, download the data to the safe mobile phone from the cloud end when the safe mobile phone is required to be used, and decrypt the data to obtain information plaintext.
Specifically, the following steps can be referred to realize the data uploading/downloading function of the cloud terminal:
first, data can be ranked according to its security level: grading the data uploaded to the cloud according to the importance of the data so as to store the data in different forms according to different security levels of the data:
□ general: plaintext
□ important: plaintext + MAC
□ secret: cipher text
Secondly, different data operation authorities can be opened according to the access authority of the user. For example: other devices (without security chips) with access passwords can operate on common messages, can read important information, cannot change the important information, and cannot read or download confidential information; and the security mobile phone equipment with the access password can open all operation permissions.
The following schematically illustrates the flow of the authority authentication:
(1) the safety mobile phone is connected to the cloud server through a network;
(2) the cloud server verifies the authority of the secure mobile phone, returns a response value (random number) to the secure mobile phone, and sends an authority authentication request to the secure mobile phone, wherein the authority authentication request comprises a login password, a signature value of the response value and the like;
(3) after a main chip (a mobile phone processing module) of the security mobile phone receives the authority authentication request, the main chip sends a signature calculation instruction to the security chip (a security module) and sends a random number to the security chip;
(4) the password processing unit of the security chip performs signature calculation on the random number and returns a calculation result to the main chip;
(5) the security mobile phone sends the authority authentication request response information (such as a login password, a signature and the like) to the cloud server;
(6) the cloud server verifies the received permission authentication request response information, opens the corresponding permission of the security mobile phone after the verification is passed, and responds to the operations of uploading, downloading and the like of the security mobile phone under the corresponding permission.
The following is a schematic description of the data uploading process:
the secure mobile phone may perform different processing according to the degree of importance of the data to be uploaded, for example, the data may be uploaded in the form of plaintext, plaintext + MAC, or ciphertext. The calculation of the MAC value and the data encryption operation need to be processed by a security chip of the security mobile phone. The specific processing mode can be that a password processing unit of the security chip generates an MAC key and an encryption key, the key is stored in a storage unit of the security chip, plaintext data is operated, the processed MAC value and ciphertext information are sent to a main chip, the main chip forms a corresponding format (in the forms of plaintext, plaintext + MAC, or ciphertext and the like), and the data are sent to the cloud end through a network.
The following schematically illustrates the flow of data download:
the security mobile phone sends a data downloading request to a cloud server, the cloud server judges the authority of the security mobile phone, judges whether the security mobile phone has the downloading authority of the level data, if so, the security mobile phone sends the data to the security mobile phone, and the security mobile phone processes the received data (such as MAC verification, data decryption, signature verification and the like) by using a password processing unit of the security chip and then sends plaintext information to the main chip.
The safety mobile phone based on the invention can complete specific data processing operations such as data encryption, verification, signature and the like by utilizing the related functions of the safety mobile phone in combination with methods such as data classification, authority classification and the like.
In addition, in order to ensure the safety of mail processing on the safe mobile phone, in the safe mobile phone of the present invention, the safe module 30 is further configured to obtain recipient information, check the validity of the recipient information, after checking that the recipient information is valid, if the mail needs to be sent in a confidential manner, at least perform encryption calculation on the mail plaintext information to obtain mail ciphertext information, and at least send the mail ciphertext information to the mobile phone processing module 10 for outgoing. In addition, the security module 30 is further configured to control the second display area 402 to display the plaintext information of the mail. In addition, the security module 30 is further configured to receive a mail confirmation instruction before at least sending the mail ciphertext message to the mobile phone processing module 10.
Specifically, the safety module can acquire the information of the receiver through the mobile phone processing module, and can also directly acquire the information of the receiver from the mail server; the safety module verifies whether the acquired recipient information has a certificate or not so as to verify the legality of the recipient information; if the certificate is contained in the receiver information, the safety module verifies the certificate in the receiver information, if the verification is passed, the receiver information is legal, the safety module also displays the result of verifying the receiver information on a display component (which can be sent to the mobile phone processing module to be displayed in the first display area or directly controls the second display area to be displayed), and inquires whether the user sends the mail by using the ciphertext or not, if the user confirms to send the mail using the ciphertext, the security module signs the mail using a private key of the security module, performs encryption calculation and/or verification calculation on the mail using a randomly generated session key, encrypting the session key by using the public key acquired from the recipient information to acquire the mail ciphertext information so as to ensure the safety, integrity and non-repudiation of mail sending; certainly, the security module can also sign the mail ciphertext information to improve the mail transmission security; only the mail is encrypted, only the mail is signed, only the mail is verified, only the mail is encrypted and signed, or the mail is encrypted and verified, or the mail is signed and verified; the mail can be sent to the security module for the mobile phone security module, or can be acquired by the security module from a touch screen.
Therefore, when the secure mobile phone needs to use the ciphertext to send the mail, the secure module can encrypt, check, sign and the like the mail so as to ensure the security, integrity and non-repudiation of the mail sending.
In addition, before sending the ciphertext information of the mail, the user is required to confirm the plaintext information of the mail, and at the moment, the security module controls the second display area to display the plaintext information of the mail so that the user can confirm the plaintext information conveniently. Or, the mobile phone processing module directly displays the plaintext information of the mail in the first display area so as to facilitate the user to confirm.
Before the safety module sends the mail ciphertext information to the mobile phone processing module, the safety module also receives a mail confirmation instruction; specifically, after the plaintext information of the mail is displayed in the second display area or the plaintext information of the mail is displayed in the first display area, if the user confirms that the plaintext information of the mail is correct, and the user presses a confirmation key in the second touch screen area, the security module receives the mail confirmation instruction and then sends the mail ciphertext information to the mobile phone processing module.
Certainly, if the recipient information does not contain the certificate, the security module can also display the recipient information on the display component, inquire whether the user sends the mail by using the plaintext, and display the plaintext on the display component, if the user confirms that the mail is sent by using the plaintext, the security module does not encrypt the plaintext, and only informs the mobile phone processing module to send the mail by using the plaintext; certainly, under the condition that the recipient information does not include the certificate, the security module can also perform signature and/or integrity check calculation on the plaintext and then send the plaintext to the mobile phone processing module, and the mobile phone processing module sends the information subjected to signature and/or integrity check calculation and the plaintext out.
In addition, after the secure mobile phone receives the ciphertext mail, the secure module decrypts the ciphertext mail to obtain a mail plaintext, so that the secure display of the second display area is controlled; or the security module decrypts the ciphertext mail and sends the ciphertext mail to the mobile phone processing module so that the mobile phone processing module controls the first display area to display the plaintext of the mail.
The safety mobile phone based on the invention can realize the receiving and sending functions of the safety mails by utilizing the safety module in the mobile phone, thereby improving the safety of the mail receiving and sending.
The following provides an application scenario for implementing secure mail receiving and sending by a secure mobile phone, but the present invention is not limited thereto:
(1) the safety chip controls the display screen, and a user selects a receiver through a touch screen or the mobile phone processing module selects the receiver and then sends the receiver information to the safety chip;
(2) the safety chip acquires the information of the receiver, verifies whether the certificate is provided or not, if the certificate is not provided, the safety chip displays the authentication condition of the receiver on a display screen and inquires whether a user continues to send the mail in the clear text or not; if the certificate is available, a public key in the certificate is obtained;
(3) a password processing unit of the security chip performs summary calculation on the plaintext of the mail information;
(4) the security chip signs the abstract by using a private key to generate a signature value;
(5) the security chip connects the mail information plaintext with the signature value to generate a data packet, and optionally performs ZIP compression operation;
(6) the security chip randomly generates a session key, and encrypts a data packet by using the session key to form a data packet ciphertext;
(7) the security chip encrypts the session key by using a public key in the certificate of the recipient information to generate a key ciphertext;
(8) the security chip packs the data packet ciphertext and the key ciphertext;
(9) the method comprises the following optional steps: the safety chip displays the recipient information and the mail information plaintext on the second display area, confirms the recipient information and the mail information to the user, and waits for the user to press a confirmation key arranged on the second touch screen area. If the user presses the confirmation key, executing (10), otherwise, if the user presses the cancel key, finishing the sending;
(10) the security chip sends the packed data packet to the main chip, and the main chip completes the sending of the mail.
Receiving a secure mail:
(1) after the safe mobile phone of the receiver receives the ciphertext mail, the main chip sends a mail decryption instruction to the safe chip;
(2) the security chip decrypts the key ciphertext by using the private key to obtain a session key plaintext;
(3) the security chip decrypts the data packet ciphertext by using the session key;
(4) the security chip performs summary calculation on the decrypted mail information plaintext;
(5) the security chip decrypts the signature value by using the public key of the sender;
(6) the security chip compares the result of the decrypted signature value with the result obtained by calculating the abstract, if the result is consistent with the result, the mail is proved to be from a sender, and the security chip sends a verification passing prompt and a mail information plaintext to the main chip; if not, the mail is proved to be tampered, and error prompt information is sent to the main chip.
Therefore, the safety mobile phone of the invention is used for sending and receiving the mails, thereby improving the safety of the transmission of the mails in the network.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (19)

1. A secure handset, comprising: the mobile phone comprises a mobile phone processing module, an information processing module, a security module and a display component, wherein the security module is a security chip;
the display assembly includes: a first display area and a second display area; the first display area and the second display area are independently displayed;
the mobile phone processing module is connected with the first display area and the safety module;
the safety module is connected with the second display area through the information processing module;
the mobile phone processing module is used for sending first information to the security module and/or receiving second information sent by the security module;
the security module is used for receiving the first information sent by the mobile phone processing module and/or outputting the second information to the mobile phone processing module;
the safety module is also used for outputting third information to the information processing module;
the information processing module is used for receiving the third information output by the safety module, verifying the third information, caching after the verification is passed, converting the cached information to obtain fourth information, and sending the fourth information to the second display area;
and the second display area is used for displaying the fourth information.
2. The secure handset of claim 1, further comprising: a touch screen assembly;
the touch screen assembly includes: a first touch screen area and a second touch screen area; the first touch screen area and the second touch screen area independently output information; the first touch screen area is covered on the first display area and corresponds to the first display area, and the second touch screen area is covered on the second display area and corresponds to the second display area;
the mobile phone processing module is connected with the first touch screen area;
the safety module is connected with the second touch screen area through the information processing module;
the second touch screen area is also used for outputting fifth information to the information processing module;
the information processing module is further configured to receive fifth information output by the second touch screen area, verify the fifth information, cache the fifth information after the fifth information is verified, convert the cached information to obtain sixth information, and send the sixth information to the security module;
the security module is further configured to process the sixth information.
3. The secure handset of claim 2,
the second display area is arranged above the first display area, and the second touch screen area is arranged above the first touch screen area; or
The second display area is arranged below the first display area, and the second touch screen area is arranged below the first touch screen area; or
The second display area is arranged at the left of the first display area, and the second touch screen area is arranged at the left of the first touch screen area; or
The second display area is arranged on the right side of the first display area, and the second touch screen area is arranged on the right side of the first touch screen area.
4. The secure handset of claim 2, further comprising: a function display area and a function touch screen area;
the second display area is arranged between the first display area and the function display area, and the second touch screen area is arranged between the first touch screen area and the function touch screen area.
5. The secure handset of claim 2, further comprising: a function key display area and a function key touch screen area;
the second display area is arranged around the function key display area, and the second touch screen area is arranged around the function key touch screen area.
6. A secure handset according to any one of claims 1 to 5,
the security module is also used for receiving information to be encrypted sent by the mobile phone processing module, encrypting the information to be encrypted and sending the encrypted information to the mobile phone processing module; and/or
The security module is also used for receiving the encrypted information sent by the mobile phone processing module, decrypting the encrypted information and sending the decrypted information to the mobile phone processing module.
7. A secure handset according to any one of claims 1 to 5,
the security module is further used for receiving the information to be signed sent by the mobile phone processing module, receiving a confirmation instruction, signing the received information to be signed and sending the signed information to the mobile phone processing module; and/or
The security module is further configured to receive the information to be checked and signed sent by the mobile phone processing module, verify the received information to be checked and notify the mobile phone processing module after the verification is passed.
8. The secure handset of claim 6,
the security module is further used for receiving the information to be signed sent by the mobile phone processing module, receiving a confirmation instruction, signing the received information to be signed and sending the signed information to the mobile phone processing module; and/or
The security module is further configured to receive the information to be checked and signed sent by the mobile phone processing module, verify the received information to be checked and notify the mobile phone processing module after the verification is passed.
9. A secure handset according to any one of claims 1 to 5, 8,
the safety module is also used for receiving the information to be verified sent by the mobile phone processing module, verifying the information to be verified and informing the mobile phone processing module after the verification is passed.
10. The secure handset of claim 6,
the safety module is also used for receiving the information to be verified sent by the mobile phone processing module, verifying the information to be verified and informing the mobile phone processing module after the verification is passed.
11. The secure handset of claim 7,
the safety module is also used for receiving the information to be verified sent by the mobile phone processing module, verifying the information to be verified and informing the mobile phone processing module after the verification is passed.
12. A secure handset according to any one of claims 1 to 5, 8, 10, 11,
the safety module is also used for obtaining the recipient information, verifying the legality of the recipient information, after verifying that the recipient information is legal, if the mail needs to be sent in a confidential mode, at least carrying out encryption calculation on the mail plaintext information to obtain mail ciphertext information, and at least sending the mail ciphertext information to the mobile phone processing module for outgoing.
13. The secure handset of claim 6,
the safety module is also used for obtaining the recipient information, verifying the legality of the recipient information, after verifying that the recipient information is legal, if the mail needs to be sent in a confidential mode, at least carrying out encryption calculation on the mail plaintext information to obtain mail ciphertext information, and at least sending the mail ciphertext information to the mobile phone processing module for outgoing.
14. The secure handset of claim 7,
the safety module is also used for obtaining the recipient information, verifying the legality of the recipient information, after verifying that the recipient information is legal, if the mail needs to be sent in a confidential mode, at least carrying out encryption calculation on the mail plaintext information to obtain mail ciphertext information, and at least sending the mail ciphertext information to the mobile phone processing module for outgoing.
15. The secure handset of claim 9,
the safety module is also used for obtaining the recipient information, verifying the legality of the recipient information, after verifying that the recipient information is legal, if the mail needs to be sent in a confidential mode, at least carrying out encryption calculation on the mail plaintext information to obtain mail ciphertext information, and at least sending the mail ciphertext information to the mobile phone processing module for outgoing.
16. The secure handset of claim 12,
and the safety module is also used for controlling the second display area to display the mail plaintext information.
17. A secure handset according to any one of claims 13 to 15,
and the safety module is also used for controlling the second display area to display the mail plaintext information.
18. The secure handset of claim 16,
the safety module is also used for receiving an email confirmation instruction before at least sending the email ciphertext information to the mobile phone processing module.
19. The secure handset of claim 17,
the safety module is also used for receiving an email confirmation instruction before at least sending the email ciphertext information to the mobile phone processing module.
HK15100292.8A 2015-01-12 Safe mobile phone HK1199970B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410231601.3A CN103996117B (en) 2014-05-28 2014-05-28 Safe mobile phone

Publications (2)

Publication Number Publication Date
HK1199970A1 HK1199970A1 (en) 2015-07-24
HK1199970B true HK1199970B (en) 2018-05-11

Family

ID=

Similar Documents

Publication Publication Date Title
US12051064B2 (en) Transaction messaging
US10601795B2 (en) Service processing method and electronic device
CN109472166B (en) Electronic signature method, device, equipment and medium
ES2836114T3 (en) Information sending method, information reception method, device and system
CN109600223B (en) Verification method, activation method, device, equipment and storage medium
CN109074449B (en) Flexible provisioning of attestation keys in secure enclaves
CN109150548B (en) Digital certificate signing and signature checking method and system and digital certificate system
CN103996117B (en) Safe mobile phone
US20100180120A1 (en) Information protection device
CN108566381A (en) A kind of security upgrading method, device, server, equipment and medium
WO2015180581A1 (en) Information processing method and device
CN107566413B (en) Smart card security authentication method and system based on data short message technology
US20110202772A1 (en) Networked computer identity encryption and verification
CN117240475B (en) Communication method, system, equipment and medium of intelligent door lock
Cooijmans et al. Secure key storage and secure computation in Android
US20140337629A1 (en) Methods and systems for increasing the security of private keys
JP2023500980A (en) Device and method for secure communication
CN115801281A (en) Authorization method, electronic device, and computer-readable storage medium
US11550894B2 (en) Confirmation system and confirmation method
HK1199970B (en) Safe mobile phone
HK1199992B (en) Information processing method and device
KR20190020542A (en) Generating digital signature messages using a script engine in a device and an external mobile terminal
IL185795A (en) Authentication method and device with encryption capability against malicious access to local computer