HK1224879A - Nfc-based communication device and method - Google Patents
Nfc-based communication device and method Download PDFInfo
- Publication number
- HK1224879A HK1224879A HK16113076.2A HK16113076A HK1224879A HK 1224879 A HK1224879 A HK 1224879A HK 16113076 A HK16113076 A HK 16113076A HK 1224879 A HK1224879 A HK 1224879A
- Authority
- HK
- Hong Kong
- Prior art keywords
- nfc
- application
- module
- execution environment
- communication
- Prior art date
Links
Description
Technical Field
The present invention relates to NFC communications, and more particularly, to an NFC-based communication apparatus and method.
Background
The trusted execution environment TEE (trusted executive environment) technology can provide a trusted execution environment isolated by hardware protection for a communication device such as an intelligent terminal, in which security-related sensitive operations on the intelligent terminal are completed based on the TEE, thereby improving security.
Near field communication (nfc) technology is used for contactless identification, enabling near field wireless communication between mobile devices, consumer electronics, PCs and smart control tools.
In the prior art, the NFC function is implemented in a multimedia execution environment (e.g., android, IOS, etc.), which would break the secure closed loop of the trusted execution environment. For example, secure payment information such as financial transactions needs to be transferred via an unsecure multimedia execution environment to a secure trusted execution environment, during which time sensitive information may be stolen or tampered with.
Disclosure of Invention
The invention discloses a communication device based on NFC, comprising: the NFC module is arranged in a trusted execution environment of the communication device, the trusted execution environment is independent of a multimedia execution environment of the communication device, the NFC module comprises a communication module and a protocol module, the communication module is used for establishing connection with another NFC device, and the protocol module is used for analyzing communication data of the communication device and the another NFC device.
In one example, the NFC module is to execute NFC functionality of a security-related application.
In one example, the security-related application is an application installed in a trusted execution environment or an application installed in a multimedia execution environment, and when the security-related application is a first application installed in the multimedia execution environment, the NFC module implements an NFC function of the first application via another application in the trusted execution environment corresponding to the first application.
In one example, the communications apparatus further includes a virtual NFC module disposed in the multimedia execution environment to emulate NFC hardware disposed in the trusted execution environment to enable NFC functionality of an application in the multimedia execution environment to be handled by the NFC hardware.
In one example, an NFC routing table is further provided in the protocol module, and the routing table associates the application ID with the system environment and the application name.
The invention also discloses a communication method based on NFC, which comprises the following steps:
providing an NFC module in a trusted execution environment of the communication device, the trusted execution environment being independent of a multimedia execution environment of the communication device, wherein,
a communication module and a protocol module are provided in the NFC module,
establishing a connection with another NFC device using the communication module,
and analyzing the communication data of the communication device and the other NFC device by utilizing the protocol module.
In one example, NFC functionality of a security-related application is performed with the NFC module.
In one example, the security-related application is an application installed in a trusted execution environment or an application installed in a multimedia execution environment, and when the security-related application is a first application installed in the multimedia execution environment, an NFC function of the first application is implemented by the NFC module via another application in the trusted execution environment corresponding to the first application.
In one example, the method further comprises,
setting a virtual NFC module in the multimedia execution environment,
emulating, with the virtual NFC module, NFC hardware disposed in the trusted execution environment to enable NFC functionality of an application in the multimedia execution environment to be handled by the NFC hardware.
In one example, an NFC routing table is also provided in the protocol module, which associates application IDs with system environments, application names.
The invention can improve the safety of NFC communication, reduces the storage burden of the TEE environment by arranging the NFC module which only realizes part of the traditional protocol stack in the TEE, and increases the flexibility of the NFC communication.
Drawings
The present invention will become more apparent to those skilled in the art after reading the detailed description of the invention with reference to the accompanying drawings. It should be understood by those skilled in the art that the drawings are designed solely for purposes of illustrating the subject technology in connection with the detailed description thereof and are not intended as a definition of the limits of the invention.
Fig. 1 is a schematic diagram of an NFC-based communication device according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of an NFC-based communication device according to an embodiment of the invention.
Detailed Description
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings. It is to be understood that structural and functional modifications may be made to the described embodiments. In addition, one or more features of one embodiment may be combined with one or more features of another embodiment as may be desired and advantageous for any given or particular application.
Fig. 1 is a schematic diagram of an NFC-based communication device according to an embodiment of the present invention. As shown, an NFC-based communication device (e.g., a smart mobile communication terminal) includes an NFC module to implement an NFC function of the communication device. The NFC module is disposed in a trusted execution environment of the communication device. As shown, the trusted execution environment is independent of the multimedia execution environment of the communication device. A Trusted Execution Environment (TEE) may be used to execute a particular application, such as a secure application. A multimedia execution environment (REE), such as the Android operating system, may be used to execute applications other than the specific application. The NFC module comprises a communication module and a protocol module, the communication module is used for establishing connection with another NFC device, the protocol module is used for analyzing communication data between the communication device and the other NFC device, and the protocol module is used for executing an NFC protocol to realize NFC communication. It is to be understood that the other NFC device in fig. 1 may be any NFC-enabled entity, such as an NFC-enabled IC card, a bank card, a mobile communication device (e.g., a mobile phone), a smart terminal (e.g., a tablet computer), and the like.
Fig. 2 is a schematic diagram of an NFC-based communication device according to an embodiment of the invention. According to this embodiment, the second NFC module, which is arranged in the trusted execution environment of the communication device, may be used to execute the NFC functionality of the security-related application. The security-related application is an application installed in a trusted execution environment, such as the second application in fig. 2, or an application installed in a multimedia execution environment, such as the first application in fig. 2. For the second application, when the NFC function needs to be executed, the NFC application program interface may be invoked in the trusted execution environment framework to invoke the second NFC module. In this case, the second NFC module implements the NFC functionality of the second application via an NFC application program interface in the trusted execution environment framework. For a first application (e.g., a payment application), when the NFC functionality needs to be executed, another application in the trusted execution environment corresponding to the first application may be invoked in the trusted execution environment framework, and a second NFC module may be invoked by the other application via the NFC application program interface. In this case, the second NFC module implements an NFC functionality of another application via an NFC application program interface in the trusted execution environment framework. Here, an NFC Application Program Interface (API), such as an associated API of OpenNFC, NCI protocol, etc.) may be customized according to an actual use case.
With continued reference to fig. 2, in accordance with one embodiment of the present invention, a virtual NFC module may be provided in the multimedia execution environment to emulate NFC hardware provided in the trusted execution environment to enable NFC functionality of an application in the multimedia execution environment to be handled by the NFC hardware. For example, as shown in the figure, a general application (non-secure application) in a first operating system (e.g., an Android system) may call the first NFC module through an NFC application program interface of the first operating system to implement an NFC function. Here, the first NFC module may be a legacy NFC module, which implements an NFC legacy protocol stack. When the general application is to execute the NFC function, its request is sent to the NFC controller (NFCC) through the virtual NFC module, and data processing is implemented by the NFC controller in a trusted execution environment.
According to an embodiment of the present invention, an NFC routing table may be further configured in the protocol module, and the routing table associates the application ID with the system environment and the application name. Therefore, through the information transmission including the application ID of the NFC controller, the protocol module can quickly find the system environment (such as a multimedia execution environment, a trusted execution environment and a secure carrier environment) where the application is located and the application name of the system environment according to the application ID, and the NFC communication efficiency is improved. For example, after the NFC communication information arrives, the protocol module will parse the NFC communication information to obtain the application ID, and then may query the system environment and the application name of the application through the NFC routing table, so that the NFC controller can quickly establish a session with the application. In addition, the protocol module may also update the NFC routing table information when the application is updated. Further, the routing table may associate other factors related to the application with the application ID in addition to the application name and system environment.
According to one or more other embodiments of the present invention, the NFC module may further include an SE (secure element) management module, configured to implement interaction, such as data saving and key storage, between communication data and an SE (e.g., a SIM card, an SSD card, or the like). The NFC module may further include an NFC management module configured to configure and manage the NFC controller, for example, start and stop of an NFC function, reset of the NFC function, and setting of an NFC service mode.
According to one or more other embodiments of the present invention, the protocol module in the NFC module may be used to implement a reader mode and a card emulation mode. And P2P mode is implemented by a conventional NFC protocol stack in a multimedia execution environment (REE). The NFC module of the present invention may be based on a core protocol stack of a conventional NFC protocol stack architecture, and in one example, the NFC protocol stack of the NFC module may be part of the conventional NFC protocol stack architecture, taking into account security requirements of the TEE trusted execution environment and a storage situation matching the TEE trusted execution environment.
The protocol module may support both ISO7816 and ISO14443 protocols. The ISO14443 protocol is used for the indirect communication between the NFC module and an external card reader, and the ISO7816 protocol is used for the data communication between the NFC module and the terminal SE (e.g., a SIM card, an SSD card, etc.).
As described above, the NFC module includes a communication module configured to establish a connection with another NFC device and a protocol module configured to parse communication data between the communication device and the another NFC device. The communication module may also be to determine an NFC-based communication mode. Several NFC communication modes implemented by the NFC module will be exemplarily described below.
NFC card reader mode
In this mode, the protocol module receives read-write application data from the NFC trusted application on the TEE through NFCAPI, and encapsulates the read-write application data according to the card reader module data format. Then, the communication module transmits the encapsulated data to the NFCC. Finally, the NFCC sends the encapsulated data to the external contactless card through the antenna.
Card reader mode of REE terminal
In this mode, the NFCC at the TEE receives application data forwarded from the REE, and the NFCC processes the received application data and transmits the processed application data to an external non-access card through an antenna. Here, the application data forwarded from the REE may be generated by a non-secure application in the Android system, and the application data may be encapsulated by a protocol stack at the REE end and forwarded to the NFCC via the virtual NFC module for processing.
NFC card emulation mode
In this mode, the communication module receives data sent from an external card reader through the NFCC, and the protocol module may look up a corresponding application through the NFC routing table according to an application ID in the data. However, the protocol module will parse the data sent by the card reader in the card emulation data format. Optionally, when a request from a card reader needs SE participation, the request may be sent to a corresponding SE through the SE management module, and then the result is fed back to an external card reader through the SE management module.
NFCP2P mode
This mode can establish a connection between two NFC devices in the following manner. First, an NFC communication request sent by an external NFC device is received by the NFCC, and a protocol module in the NFC module parses the request. When the protocol module determines that the request belongs to P2P mode, the request is forwarded to the virtual NFC module in the REE. The virtual NFC module then forwards the request to the legacy NFC protocol stack in the REE. The legacy protocol stack processes the request to establish a connection between the two NFC devices.
In light of the above disclosure, one or more of the functions or steps described above as being performed by a module may be performed in one or more steps of a method embodiment of the present invention.
The invention also discloses a communication method based on NFC, which comprises the following steps: the method comprises the steps that an NFC module is arranged in a trusted execution environment of the communication device, the trusted execution environment is independent of a multimedia execution environment of the communication device, a communication module and a protocol module are arranged in the NFC module, connection with another NFC device is established through the communication module, and communication data of the communication device and the other NFC device are analyzed through the protocol module.
In one example, NFC functionality of a security-related application is performed with the NFC module.
In one example, the security-related application is an application installed in a trusted execution environment or an application installed in a multimedia execution environment, and when the security-related application is a first application installed in the multimedia execution environment, an NFC function of the first application is implemented by the NFC module via another application in the trusted execution environment corresponding to the first application.
In one example, the method further includes providing a virtual NFC module in the multimedia execution environment, emulating NFC hardware provided in the trusted execution environment with the virtual NFC module to enable NFC functionality of an application in the multimedia execution environment to be handled by the NFC hardware.
In one example, an NFC routing table is also provided in the protocol module, which associates application IDs with system environments, application names.
From the above description of the embodiments, those skilled in the art will appreciate that various modifications and substitutions can be made to the specific embodiments of the present invention without departing from the spirit and scope of the invention. Such modifications and substitutions are intended to be included within the scope of the present invention as defined by the appended claims.
Claims (10)
1. An NFC-based communication device, comprising:
an NFC module disposed in a trusted execution environment of the communication device, the trusted execution environment being independent of a multimedia execution environment of the communication device, wherein,
the NFC module includes a communication module and a protocol module,
the communication module is for establishing a connection with another NFC device,
the protocol module is used for analyzing communication data between the communication device and the other NFC device.
2. The communications apparatus of claim 1, wherein the NFC module is to execute an NFC function of a security-related application.
3. A communication apparatus as claimed in claim 2, wherein the security-related application is an application installed in a trusted execution environment or an application installed in a multimedia execution environment, and
when the security-related application is a first application installed in a multimedia execution environment, the NFC module implements an NFC function of the first application via another application in a trusted execution environment corresponding to the first application.
4. The communication apparatus of claim 2, further comprising,
a virtual NFC module disposed in the multimedia execution environment, the virtual NFC module to emulate NFC hardware disposed in the trusted execution environment to enable NFC functionality of an application in the multimedia execution environment to be handled by the NFC hardware.
5. The communication apparatus of claim 1,
and an NFC routing table is also arranged in the protocol module, and the routing table associates the application ID with the system environment and the application name.
6. An NFC-based communication method, comprising:
providing an NFC module in a trusted execution environment of the communication device, the trusted execution environment being independent of a multimedia execution environment of the communication device, wherein,
a communication module and a protocol module are provided in the NFC module,
establishing a connection with another NFC device using the communication module,
and analyzing the communication data of the communication device and the other NFC device by utilizing the protocol module.
7. The communication method of claim 1, wherein an NFC function of a security-related application is executed with the NFC module.
8. A communication method according to claim 2, wherein the security-related application is an application installed in a trusted execution environment or an application installed in a multimedia execution environment, and
when the security-related application is a first application installed in a multimedia execution environment, implementing, with the NFC module, an NFC function of the first application via another application in a trusted execution environment corresponding to the first application.
9. The communication method of claim 2, further comprising,
setting a virtual NFC module in the multimedia execution environment,
emulating, with the virtual NFC module, NFC hardware disposed in the trusted execution environment to enable NFC functionality of an application in the multimedia execution environment to be handled by the NFC hardware.
10. The communication method of claim 1,
and an NFC routing table is also arranged in the protocol module, and the routing table associates the application ID with the system environment and the application name.
Publications (3)
| Publication Number | Publication Date |
|---|---|
| HK1224879A true HK1224879A (en) | 2017-08-25 |
| HK1224879A1 HK1224879A1 (en) | 2017-08-25 |
| HK1224879B HK1224879B (en) | 2021-02-26 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105592403B (en) | NFC-based communication device and method | |
| CN104471600B (en) | The management method and terminal of a kind of safe unit | |
| US9351164B2 (en) | Secure NFC routing | |
| CN205407821U (en) | A near field communication device | |
| JP5349681B2 (en) | Enhanced near field communication terminal, smart card and communication method thereof | |
| US9432087B2 (en) | Communication system and method for near field communication | |
| US10708744B2 (en) | NFC-based communication method and apparatus | |
| EP2809054B1 (en) | Mobile electronic device with transceiver for wireless data exchange | |
| EP3160165A1 (en) | Nfc "split stack" architecture | |
| CN101536008A (en) | Near field connection establishment | |
| EP3007066A1 (en) | Method for using shared device in apparatus capable of operating two operating systems | |
| US20130273846A1 (en) | Communication system | |
| US20130179499A1 (en) | Method, apparatus and system for displaying radio frequency identification application information | |
| CN103544114A (en) | Multiple M1 card control system based on single CPU card and control method thereof | |
| CN102437870A (en) | IC card information sharing realization method, system and device | |
| JP2016092818A (en) | Mobile device, transaction facilitation method, computer program, and product | |
| US20210256499A1 (en) | Non-contact communication method and communication device | |
| GB2508337A (en) | Near field communications with processor for detecting changes in memory | |
| KR101952793B1 (en) | Improvements to Subscriber Identity Module (SIM) Access Profile (SAP) | |
| CN109246674B (en) | Application switching method, device and system | |
| HK1224879A (en) | Nfc-based communication device and method | |
| HK1224879A1 (en) | Nfc-based communication device and method | |
| US20210409074A1 (en) | Fast nfc processing | |
| CN205847259U (en) | A kind of bluetooth equipment and bluetooth system | |
| HK1224879B (en) | Nfc-based communication device and method |