CN109792436B - Verification code processing method and mobile terminal - Google Patents
Verification code processing method and mobile terminal Download PDFInfo
- Publication number
- CN109792436B CN109792436B CN201680089629.5A CN201680089629A CN109792436B CN 109792436 B CN109792436 B CN 109792436B CN 201680089629 A CN201680089629 A CN 201680089629A CN 109792436 B CN109792436 B CN 109792436B
- Authority
- CN
- China
- Prior art keywords
- verification code
- short message
- legal
- information
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephone Function (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
A verification code processing method and a mobile terminal receive a verification code acquisition request sent by a Rich Execution Environment (REE) through a Trusted Execution Environment (TEE), wherein the verification code acquisition request at least carries information of an application which is to acquire a verification code; the TEE judges whether the information of the application which is carried in the verification code acquisition request and is to acquire the verification code is consistent with the information of the legal application which uses the verification code and is stored by the TEE; if so, the passcode is sent to the REE. Therefore, compared with the prior art, the terminal does not directly send the verification code out after receiving the verification code acquisition request, but sends the verification code to the REE under the condition that the TEE judges that the information of the application to be obtained of the verification code carried in the verification code acquisition request sent by the REE is consistent with the information of the legal application using the verification code stored by the TEE, and the security is higher.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a verification code processing method and a mobile terminal.
Background
Along with the popularization and the enrichment of functions of the mobile terminal, the openness of the mobile terminal is higher and higher, and relatively speaking, the security problem of information in the mobile terminal is also more and more emphasized, for example, a mode of sending an authentication code to the mobile terminal to authenticate the user right is widely used in many mobile payment and login scenes.
However, in the process of using the verification code in the prior art, after the system copies the verification code, the system sends the verification code without any judgment regardless of receiving any type of verification code obtaining request (such as a verification code pasting request, etc.), so that the verification code which is supposed to be sensitive information can be sent out at will, which results in insecurity of the verification code, and therefore, the security of the mode of sending the verification code out at will in the prior art is not high.
Disclosure of Invention
In view of this, the present invention provides a verification code processing method and a mobile terminal, and aims to solve the problem of low security of a manner of randomly sending out a verification code in the prior art.
In order to achieve the above object, the present application provides the following technical solutions:
a first aspect of the present application provides a verification code processing method, including the following steps:
a Trusted Execution Environment (TEE) receives a verification code acquisition request sent by a Rich Execution Environment (REE), wherein the verification code acquisition request at least carries information of an application which is to acquire a verification code; the TEE judges whether the information of the application which is carried in the verification code acquisition request and is to acquire the verification code is consistent with the information of the legal application which uses the verification code and is stored by the TEE; if so, the passcode is sent to the REE. Therefore, compared with the prior art, the terminal does not directly send the verification code out after receiving the verification code acquisition request, but sends the verification code to the REE under the condition that the TEE judges that the information of the application to be obtained of the verification code carried in the verification code acquisition request sent by the REE is consistent with the information of the legal application using the verification code stored by the TEE, and the security is higher.
In one implementation, after the TEE receives the request for obtaining the verification code sent by the rich execution environment REE, the method further includes: the TEE receives a legal verification code short message sent by the Modem Modem; and the TEE extracts the verification code from the legal verification code short message. The Modem is a bottom system for the communication between the terminal and other equipment, and the bottom system in the terminal firstly determines the legal short message of the verification code and then sends the legal short message of the verification code to the TEE for processing, so that the short message of the verification code can be identified at the first time, and the verification code processing flow can be rapidly entered.
In one implementation, the obtaining of the verification code includes: the TEE receives a legal verification code short message sent by the Modem Modem; the TEE encrypts and stores the legal verification code short message to obtain an encrypted verification code short message, wherein the encrypted verification code short message comprises a verification code displayed in a ciphertext mode; the TEE acquires a storage index of the encrypted verification code short message, and the storage index records the storage position of the encrypted verification code short message in a storage space; the TEE sends the storage index to the REE; the REE acquires an encrypted verification code short message according to the storage index and adds the encrypted verification code short message to a verification code acquisition request; the TEE extracts an encrypted verification code short message from a verification code acquisition request sent by the REE; and the TEE decrypts the encrypted verification code short message and extracts the verification code from the decrypted verification code short message. The TEE can quit the operation after storing the encrypted verification code short message and sending the storage index to the REE, and the operation is restarted until receiving the verification code acquisition request sent by the REE, so that the operation time of the TEE is saved, and the resource consumption in the operation is reduced. Moreover, the TEE is a safe operation environment running in the main processor compared with the REE, the legal verification code short message is encrypted in the TEE and then decrypted in the TEE, and the security is higher.
In one implementation manner, before the TEE receives the short message of the valid verification code sent by the Modem, the method further includes: the Modem receives a verification code short message; the Modem extracts the sender information in the verification code short message; the Modem judges whether the sender information is legal sender information; if so, the Modem determines that the verification code short message is the legal verification code short message. Before sending the verification code short message to the TEE, the Modem firstly verifies the validity of the sender of the verification code short message so as to further improve the security.
In one implementation, the determining, by the Modem, whether the sender information is a legitimate sender information includes: the Modem judges whether the sender information is stored in a white list, if so, the Modem judges that the sender information is legal sender information, and the white list at least comprises the following information: and verifying the legal sender information of the code short message. Thereby ensuring the security of the verification code short message sent to the TEE.
In one implementation, the determining, by the Modem, whether the sender information is a legitimate sender information includes: the Modem judges whether the sender information is not stored in a blacklist list, if so, the Modem judges that the sender information is legal sender information, and the blacklist list at least comprises the following information: and verifying the illegal sender information of the code short message. Thereby ensuring the security of the verification code short message sent to the TEE.
In one implementation manner, before the TEE extracts the verification code from the valid verification code short message, the method further includes: the TEE encrypts the legal verification code short message to obtain an encrypted legal verification code short message, wherein the encrypted legal verification code short message comprises a ciphertext of the verification code; the TEE stores the encrypted legal verification code short message in a storage space of the REE; after the REE receives a verification code checking request, the REE sends an encrypted legal verification code short message stored in a storage space of the REE to the TEE; and the TEE decrypts the encrypted legal verification code short message to obtain a decrypted legal verification code short message. The TEE can quit the operation after storing the encrypted verification code short message in the storage space of the REE, and the operation is restarted until the encrypted legal verification code short message sent by the REE is received, so that the operation time of the TEE is saved, and the resource consumption in the operation is reduced. Moreover, the TEE is a safe operation environment running in the main processor compared with the REE, the legal verification code short message is encrypted in the TEE and then decrypted in the TEE, and the security is higher. In addition, the TEE stores the encrypted legal verification code short message in the storage space of the REE, so that the storage space of the REE is saved conveniently.
In one implementation manner, before the TEE extracts the verification code from the valid verification code short message, the method further includes: and the TEE stores the legal verification code short message in a storage space of the TEE. The TEE is a safe operation environment operating in the main processor, and the legal verification code short message is stored in the storage space of the TEE, so that the security is higher.
In one implementation, the white list further includes: using the information of the legal application of the verification code in the short message of the legal verification code; before the TEE determines whether the information of the application to acquire the verification code carried in the verification code acquisition request is consistent with the information of the legal application using the verification code stored in the TEE, the method further includes: the Modem determines the information of legal application using the verification code in the legal verification code short message from the white list according to the information of a legal sender of the legal verification code short message; and sending the information of the legal application to the TEE. The TEE verifies the validity of the application sending the verification code acquisition request according to the information of the valid application, and has higher safety.
In one implementation manner, before the TEE determines whether information of an application that is to acquire a verification code and carried in the verification code acquisition request is consistent with information of a legal application that uses the verification code and is stored by the TEE, the method further includes: the TEE extracts PDU fields in the legal verification code short messages; the TEE determines information of a legitimate application using the authentication code from the PDU field. Therefore, the validity of the application sending the verification code acquisition request is verified according to the information of the legal application, and the method has higher safety.
In one implementation manner, before the TEE determines whether information of an application that is to acquire a verification code and carried in the verification code acquisition request is consistent with information of a legal application that uses the verification code and is stored by the TEE, the method further includes: the TEE extracts the legal sender information in the legal verification code short message; the TEE determines the information of the legal application using the verification code from an information list of the legal application preset in the TEE according to the information of the legal sender, wherein the information list of the legal application preset in the TEE at least comprises: the information of the legal sender of the verification code short message and the information of the legal application using the verification code in the legal verification code short message. Therefore, the validity of the application sending the verification code acquisition request is verified according to the information of the legal application, and the method has higher safety.
A second aspect of the present application provides a mobile terminal, comprising:
the system comprises a verification code acquisition request receiving module, a verification code acquisition request receiving module and a verification code acquisition module, wherein the verification code acquisition request receiving module is used for receiving a verification code acquisition request sent by a rich execution environment REE, and the verification code acquisition request at least carries information of an application which is to acquire a verification code; the information judgment module is used for judging whether the information of the application which is carried in the verification code acquisition request and is to acquire the verification code is consistent with the information of the legal application which uses the verification code and is stored by the information judgment module; and the verification code sending module is used for sending the verification code to the REE under the condition that the information of the application to be verified carried in the verification code obtaining request is judged to be consistent with the information of the legal application using the verification code stored in the information judging module. Therefore, compared with the prior art, the terminal does not directly send the verification code out after receiving the verification code acquisition request, but sends the verification code to the REE under the condition that the TEE judges that the information of the application to be obtained of the verification code carried in the verification code acquisition request sent by the REE is consistent with the information of the legal application using the verification code stored by the TEE, and the security is higher.
In one implementation, the method further comprises: the first verification code acquisition module is used for acquiring a verification code; the first verification code obtaining module comprises: the first legal verification code short message receiving module is used for receiving a legal verification code short message sent by the Modem; and the verification code extracting module is used for extracting the verification code from the legal verification code short message. The Modem is a bottom system for the communication between the terminal and other equipment, and the bottom system in the terminal firstly determines the legal short message of the verification code and then sends the legal short message of the verification code to the TEE for processing, so that the short message of the verification code can be identified at the first time, and the verification code processing flow can be rapidly entered.
In one implementation, the method further comprises: the second verification code acquisition module is used for acquiring the verification code; the second verification code obtaining module includes: the second legal verification code short message receiving module is used for receiving a legal verification code short message sent by the Modem; the encrypted storage module is used for encrypting and storing the legal verification code short message to obtain an encrypted verification code short message, wherein the encrypted verification code short message comprises a verification code displayed in a ciphertext form; the storage index acquisition module is used for acquiring a storage index of the encrypted verification code short message, and the storage index records the storage position of the encrypted verification code short message in a storage space; the storage index sending module is used for sending the storage index to the REE; the encrypted verification code short message acquisition module is used for acquiring an encrypted verification code short message according to the storage index; the encrypted verification code short message adding module is used for adding the encrypted verification code short message into a verification code acquisition request; the encrypted verification code short message extraction module is used for extracting an encrypted verification code short message from the verification code acquisition request sent by the REE; and the encrypted verification code short message decryption module is used for decrypting the encrypted verification code short message and extracting the verification code from the decrypted verification code short message. The TEE can quit the operation after storing the encrypted verification code short message and sending the storage index to the REE, and the operation is restarted until receiving the verification code acquisition request sent by the REE, so that the operation time of the TEE is saved, and the resource consumption in the operation is reduced. Moreover, the TEE is a safe operation environment running in the main processor compared with the REE, the legal verification code short message is encrypted in the TEE and then decrypted in the TEE, and the security is higher.
In one implementation, the method further comprises: the verification code short message receiving module is used for receiving the verification code short message; the sender information extraction module is used for extracting the sender information in the verification code short message; the sender information judging module is used for judging whether the sender information is legal sender information or not; and the legal verification code short message determining module is used for determining the verification code short message as the legal verification code short message under the condition that the sender information judging module judges that the sender information is the legal sender information. Before sending the verification code short message to the TEE, the validity of a sender of the verification code short message is verified firstly, so that the safety is further improved.
In one implementation, the sender information determining module includes: the first sender information judgment submodule is used for judging whether the sender information is stored in a white list or not; a first legal sender information determining module, configured to determine that the sender information is legal sender information when the first sender information determining submodule determines that the sender information is stored in a white list, where the white list at least includes: and verifying the legal sender information of the code short message. Thereby ensuring the security of the verification code short message sent to the TEE.
In one implementation, the sender information determining module includes: the second sender information judgment submodule is used for judging whether the sender information is not stored in a blacklist list; a second legal sender information determining module, configured to determine that the sender information is legal sender information when the second sender information determining submodule determines that the sender information is not stored in a blacklist, where the blacklist at least includes: and verifying the illegal sender information of the code short message. Thereby ensuring the security of the verification code short message sent to the TEE.
In one implementation, the method further comprises: the first encryption module is used for encrypting the legal verification code short message to obtain an encrypted legal verification code short message, wherein the encrypted legal verification code short message comprises a ciphertext of the verification code; the first storage module is used for storing the encrypted legal verification code short message in the storage space of the REE; the first sending module is used for sending the encrypted legal verification code short message stored in the storage space of the REE to the TEE after receiving a verification code checking request; and the first decryption module is used for decrypting the encrypted legal verification code short message to obtain a decrypted legal verification code short message. The TEE can quit the operation after storing the encrypted verification code short message in the storage space of the REE, and the operation is restarted until the encrypted legal verification code short message sent by the REE is received, so that the operation time of the TEE is saved, and the resource consumption in the operation is reduced. Moreover, the TEE is a safe operation environment running in the main processor compared with the REE, the legal verification code short message is encrypted in the TEE and then decrypted in the TEE, and the security is higher. In addition, the TEE stores the encrypted legal verification code short message in the storage space of the REE, so that the storage space of the REE is saved conveniently.
In one implementation, the method further comprises: and the second storage module is used for storing the legal verification code short message in the storage space of the TEE. The TEE is a safe operation environment operating in the main processor, and the legal verification code short message is stored in the storage space of the TEE, so that the security is higher.
In one implementation, the method further comprises: the first information determining module is used for determining the information of legal application using the verification code in the legal verification code short message from the white list according to the information of the legal sender of the legal verification code short message; the white list also comprises: using the information of the legal application of the verification code in the short message of the legal verification code; and the first information sending module is used for sending the information of the legal application to the TEE. The TEE verifies the validity of the application sending the verification code acquisition request according to the information of the valid application, and has higher safety.
In one implementation, the method further comprises: the PDU field extraction module is used for extracting the PDU field in the legal verification code short message; and the second information determining module is used for determining the information of the legal application using the verification code from the PDU field. Therefore, the validity of the application sending the verification code acquisition request is verified according to the information of the legal application, and the method has higher safety.
In one implementation, the method further comprises:
the legal sender information extraction module is used for extracting the legal sender information in the legal verification code short message; a third information determining module, configured to determine, according to the information of the legitimate sender, information of a legitimate application using the verification code from an information list of a legitimate application preset in the TEE, where the information list of the legitimate application preset in the TEE at least includes: the information of the legal sender of the verification code short message and the information of the legal application using the verification code in the legal verification code short message. Therefore, the validity of the application sending the verification code acquisition request is verified according to the information of the legal application, and the method has higher safety.
A third aspect of the present application provides a mobile terminal comprising: a communication component, a memory, and a processor; the memory is used for storing information of legal application using the verification code, a storage application program and data generated in the running process of the application program; the communication component is used for receiving a verification code acquisition request at least carrying information of an application which is to acquire a verification code; and under the condition that the processor judges that the information of the application to acquire the verification code, which is carried in the verification code acquisition request, is consistent with the information of the legal application using the verification code, which is stored by the processor, the verification code is sent; the processor is used for judging whether the information of the application which is carried in the verification code obtaining request and is to obtain the verification code is consistent with the information of the legal application which uses the verification code and is stored by the processor. Therefore, compared with the prior art, after receiving the verification code acquisition request, the communication component in the mobile terminal does not directly send out the verification code, but judges the information of the application to be obtained, carried in the verification code acquisition request sent by the REE, through the processor, and sends the verification code to the REE through the communication component under the condition that the information is consistent with the information of the legal application using the verification code, stored in the memory of the communication component, so that the safety is higher.
In one implementation, the communications component is specifically configured to: receiving a legal verification code short message sent by a Modem; and extracting the verification code from the legal verification code short message. The Modem is a bottom system for the communication between the terminal and other equipment, and the bottom system in the terminal firstly determines the legal short message of the verification code and then sends the legal short message of the verification code to the TEE for processing, so that the short message of the verification code can be identified at the first time, and the verification code processing flow can be rapidly entered.
In one implementation manner, the communication component is specifically configured to receive a valid verification code short message sent by a Modem; the processor is also used for encrypting and storing the legal verification code short message to obtain an encrypted verification code short message, wherein the encrypted verification code short message comprises a verification code displayed in a ciphertext mode; acquiring a storage index of the encrypted verification code short message, wherein the storage index records the storage position of the encrypted verification code short message in a storage space; sending the storage index to the REE; acquiring an encrypted verification code short message according to the storage index, and adding the encrypted verification code short message into a verification code acquisition request; extracting an encrypted verification code short message from a verification code acquisition request sent by the REE; and decrypting the encrypted verification code short message and extracting the verification code from the decrypted verification code short message. The TEE can quit the operation after storing the encrypted verification code short message and sending the storage index to the REE, and the operation is restarted until receiving the verification code acquisition request sent by the REE, so that the operation time of the TEE is saved, and the resource consumption in the operation is reduced. Moreover, the TEE is a safe operation environment running in the main processor compared with the REE, the legal verification code short message is encrypted in the TEE and then decrypted in the TEE, and the security is higher.
In one implementation, the communication component is further configured to receive a verification code short message; the processor is also used for extracting the sender information in the verification code short message; judging whether the sender information is legal sender information; if so, determining the verification code short message as the legal verification code short message. Before sending the verification code short message to the TEE, the Modem firstly verifies the validity of the sender of the verification code short message so as to further improve the security.
In one implementation, the processor is specifically configured to:
judging whether the sender information is stored in a white list, if so, judging that the sender information is legal sender information, wherein the white list at least comprises the following steps: and verifying the legal sender information of the code short message. Thereby ensuring the security of the verification code short message sent to the TEE.
In one implementation, the processor is specifically configured to:
judging whether the sender information is not stored in a blacklist, if so, judging that the sender information is legal sender information, wherein the blacklist at least comprises the following steps: and verifying the illegal sender information of the code short message. Thereby ensuring the security of the verification code short message sent to the TEE.
In one implementation, the processor is further configured to encrypt the valid verification code short message to obtain an encrypted valid verification code short message, where the encrypted valid verification code short message includes a ciphertext of the verification code; storing the encrypted legal verification code short message in a storage space of the REE; the communication component is also used for sending the encrypted legal verification code short message stored in the storage space of the REE to the TEE after receiving a verification code checking request; the processor is also used for decrypting the encrypted legal verification code short message to obtain a decrypted legal verification code short message. The TEE can quit the operation after storing the encrypted verification code short message in the storage space of the REE, and the operation is restarted until the encrypted legal verification code short message sent by the REE is received, so that the operation time of the TEE is saved, and the resource consumption in the operation is reduced. Moreover, the TEE is a safe operation environment running in the main processor compared with the REE, the legal verification code short message is encrypted in the TEE and then decrypted in the TEE, and the security is higher. In addition, the TEE stores the encrypted legal verification code short message in the storage space of the REE, so that the storage space of the REE is saved conveniently.
In one implementation, the processor is further configured to store the valid verification code short message in a storage space of the TEE. The TEE is a safe operation environment operating in the main processor, and the legal verification code short message is stored in the storage space of the TEE, so that the security is higher.
In one implementation, the processor is further configured to determine, from the white list, information of a legitimate application that uses a verification code in a legitimate verification code short message according to information of a legitimate sender of the legitimate verification code short message; the white list also comprises: using the information of the legal application of the verification code in the short message of the legal verification code; the communication component is further configured to send information of the legitimate application to a TEE. The TEE verifies the validity of the application sending the verification code acquisition request according to the information of the valid application, and has higher safety.
In one implementation, the processor is further configured to extract a PDU field in the valid verification code short message; and determining information of legal application using the verification code from the PDU field. Therefore, the validity of the application sending the verification code acquisition request is verified according to the information of the legal application, and the method has higher safety.
In one implementation, the processor is further configured to extract information of a legitimate sender in the legitimate identifying code short message; according to the information of the legal sender, determining the information of the legal application using the verification code from an information list of the legal application preset in the TEE, wherein the information list of the legal application preset in the TEE at least comprises: the information of the legal sender of the verification code short message and the information of the legal application using the verification code in the legal verification code short message. Therefore, the validity of the application sending the verification code acquisition request is verified according to the information of the legal application, and the method has higher safety.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic structural view of a terminal disclosed in the prior art;
fig. 2 is a schematic structural diagram of a terminal disclosed in the embodiment of the present invention;
fig. 3 is a signaling flowchart of an authentication code processing method disclosed in the embodiment of the present invention;
fig. 4 is a signaling flow diagram illustrating another verification code processing method disclosed in the embodiment of the present invention;
fig. 5 is a schematic structural diagram of a terminal disclosed in the embodiment of the present invention;
fig. 6 is a schematic diagram of a hardware structure of the terminal disclosed in the embodiment of the present invention.
Detailed Description
Along with the popularization and the enrichment of functions of the mobile terminal, the openness of the mobile terminal is higher and higher, and relatively speaking, the security problem of information in the mobile terminal is also more and more emphasized, for example, a mode of sending an authentication code to the mobile terminal to authenticate the user right is widely used in many mobile payment and login scenes. Since mobile payment and login scenarios involve personal property and private data of many users, protecting the passcode is a very important issue.
Fig. 1 is a schematic structural diagram of a terminal disclosed in the prior art, which includes: modem (Modem and Demodulator) and Rich Execution Environment (REE), in the prior art, when the mobile terminal receives the verification code short message, the mobile terminal transmits the verification code short message to the Modem for signal conversion, the verification code after signal conversion is then transferred to the REE for processing, since the REE itself has strong data processing capability, but its security is not high, after receiving the copy validation code request in the REE, all copied contents are saved in the cache of the clipboard, the REE, upon receiving any type of paste request, will present the authentication code without any judgment, thus, the verification code which is supposed to be sensitive information can be pasted at will, which results in insecurity of the verification code, therefore, how to improve the security of the process of copying and pasting the verification code is a problem to be solved urgently at present.
In order to solve the problems in the prior art, the embodiment of the present invention adopts the schematic structural diagram of the terminal disclosed in the embodiment of the present invention shown in fig. 2 to execute the process of copying and pasting the verification code. The operating system shown in the terminal of fig. 2 includes: a modem, a Trusted Execution Environment (TEE), and a REE, wherein the TEE is an operating Environment coexisting with the REE on the mobile terminal, and the TEE is a secure operating Environment operating in a main processor, a secure boot process of the TEE needs to be authenticated, and a secure boot process of the TEE is separated from the REE. The application programs stored under the TEE are independent from each other, and the application programs cannot access each other under the condition of unauthorized, so that the processing process of the resources and data of the application programs under the TEE is executed under a trusted environment, and the safe service is provided for the REE operating system. The TEE has its own execution space, a higher level of security than the REE operating system. The TEE is not a separate physical security chip, but a security architecture that overlaps with the hardware architecture of currently used application processors. The hardware and software resources that the TEE can access are separate from the REE operating system, providing isolation of hardware support. Thus, TEE is a more secure execution environment than REE.
The technical solution of the verification code copy and paste executed under the TEE in the embodiment of the present invention will be clearly and completely described below with reference to the drawings in the embodiment of the present invention.
As shown in fig. 3, a specific process of a verification code processing method provided in an embodiment of the present invention includes the following steps:
s101: the Modem receives the short message;
s102: the Modem judges whether the short message is a verification code short message or not; if yes, executing S103, otherwise, sending the short message to the REE, and processing the short message by the REE according to the traditional short message processing flow.
It should be noted that, because the short message received by the mobile terminal is processed by the Modem first, the Modem is used to determine whether the short message is the verification code short message, so as to ensure that the verification code short message is identified at the first time, thereby entering the verification code processing flow quickly. It should be noted that, in the embodiment of the present invention, the step of determining whether the short message is a verification code short message may also be performed in any module before the short message is sent to the REE for processing, so as to prevent the verification code short message from being sent to the REE for processing according to a conventional short message processing flow, without being identified in time.
The Modem judges whether the short message content contains verification code information by extracting the short message content, if so, the short message is determined to be the verification code short message, and the mode of judging whether the short message content contains the verification code information can be realized by judging whether the short message content contains a characteristic keyword for identifying the short message as the verification code short message, for example: "the verification code is: "," dynamic password is: and the like, in the embodiment of the present invention, whether the number in the short message content has the verification code characteristic, for example, whether the number of the numbers and the combination characteristic of the numbers meet the preset verification code characteristic, and the like, may also be determined, and the embodiment of the present invention is not particularly limited.
The Modem also judges whether the number of the sender of the short message is the number of the sender corresponding to the verification code short message or not by extracting the number of the sender of the short message, and if so, the short message is determined to be the verification code short message.
S103: the Modem extracts the sender information in the verification code short message;
s104: the Modem judges whether the sender information is legal sender information, if so, S105 is executed, if not, the verification code short message is intercepted, or the verification code short message is sent to the REE and processed according to the traditional short message processing flow in the REE, and meanwhile, the user is prompted that the verification code short message is an illegal verification code short message.
Optionally, a white list may be preset in the Modem, and the white list at least records information of a legal short message sender. The information of the legal short message sender may be a phone number corresponding to the legal short message sender (for example, if the legal short message sender is china unicom, the phone number corresponding to the legal short message sender is 10010, 10010022, etc.), or a sending address corresponding to the legal short message sender, etc., which is not limited herein. That is, the Modem determines whether the sender information is stored in a white list, and if so, determines that the sender information is legal sender information, and the white list at least includes: verifying the legal sender information of the code short message;
optionally, a blacklist may be preset in the Modem, and the blacklist at least records information of an illegal short message sender. The illegal short message sender information may be a phone number corresponding to the illegal short message sender, or a sending address corresponding to the illegal short message sender, and the like, which is not limited herein. That is, the Modem determines whether the sender information is not stored in a blacklist, if so, the sender information is determined to be legal sender information, and the blacklist at least includes: and verifying the illegal sender information of the code short message.
S105: the Modem determines that the verification code short message is a legal verification code short message and sends the legal verification code short message to the TEE;
s106: the TEE encrypts the legal verification code short message to obtain an encrypted legal verification code short message; the encrypted legal verification code short message comprises a ciphertext of the verification code.
S107: sending the encrypted legal verification code short message to the REE, and storing the encrypted legal verification code short message in a storage space under the REE;
s108: the REE receives a request for checking the verification code;
s109: the REE sends the encrypted legal verification code short message stored in the storage space of the REE to the TEE;
s110: the TEE decrypts the encrypted legal verification code short message to obtain a decrypted legal verification code short message;
it should be noted that, after obtaining the decrypted short message of the valid verification code, the method further includes: the decrypted legal verification code short message is displayed, and the display mode of the decrypted verification code short message can be plaintext display or ciphertext display.
Optionally, the TEE stores the encrypted verification code short message in a storage space of the TEE, so that the security of the verification code short message is improved.
S111: the TEE extracts the verification code from the decrypted legal verification code short message, determines the information of legal application using the verification code and stores the information;
wherein the information of the legitimate application refers to application information of an application that is not malicious and is to use the captcha, and the application information refers to information that can uniquely identify the application that is not malicious and is to use the captcha. The application information may be: the domain name information of the legal application, the installation package name of the legal application, the signature information of the installation package of the legal application, the installation certificate of the legal application, the hash value of the legal application and the like, and the invention is not limited.
Optionally, the TEE stores the verification code and the information of the legal application using the verification code in a storage space under the TEE, so as to ensure the security of the verification code and the information of the legal application using the verification code.
Optionally, the mode for the TEE to determine the information of the legal application using the verification code is as follows:
the Modem determines the information of legal application using the verification code in the legal verification code short message from the white list according to the information of a legal sender of the legal verification code short message; sending the information of the legal application to a TEE; the white list also comprises: using the information of the legal application of the verification code in the short message of the legal verification code;
or; the TEE extracts a Protocol Data Unit (PDU) field in the legal verification code short message; the TEE determines information of legal application using the verification code from the PDU field;
or, the TEE extracts the legal sender information in the legal verification code short message; the TEE determines the information of the legal application using the verification code from an information list of the legal application preset in the TEE according to the information of the legal sender, wherein the information list of the legal application preset in the TEE at least comprises: the information of the legal sender of the verification code short message and the information of the legal application using the verification code in the legal verification code short message.
S112: the TEE receives a verification code acquisition request sent by the REE, wherein the verification code acquisition request carries information of an application which is to acquire the verification code;
s113: the TEE judges whether the information of the application which is carried in the verification code acquisition request and is to acquire the verification code is consistent with the information of the legal application which uses the verification code and is stored by the TEE; if so, executing S114; and if not, rejecting the verification code acquisition request sent under the REE.
S114: the TEE sends the passcode to the REE.
Optionally, in the embodiment of the present invention, the TEE sends the verification code to the REE in a plaintext manner or a ciphertext manner.
As shown in fig. 4, a specific process of another verification code processing method provided in the embodiment of the present invention includes the following steps:
s201: the Modem receives the short message;
s202: the Modem judges whether the short message is a verification code short message or not; if yes, executing S203, otherwise, sending the short message to the REE, and processing the short message by the REE according to the traditional short message processing flow.
S203: the Modem extracts the sender information in the verification code short message;
s204: the Modem judges whether the sender information is legal sender information, if so, S205 is executed, if not, the verification code short message is intercepted, or the verification code short message is sent to the REE and processed according to the traditional short message processing flow in the REE, and meanwhile, the user is prompted that the verification code short message is an illegal verification code short message.
It should be noted that the determining, by the Modem, whether the sender information is legal sender information includes:
the Modem judges whether the sender information is stored in a white list, if so, the Modem judges that the sender information is legal sender information, and the white list at least comprises the following information: verifying the legal sender information of the code short message;
or, the Modem determines whether the sender information is not stored in a blacklist, if so, the sender information is determined to be legal sender information, and the blacklist at least includes: and verifying the illegal sender information of the code short message.
S205: the Modem determines that the verification code short message is a legal verification code short message and sends the legal verification code short message to the TEE;
s206: the TEE encrypts and stores the legal verification code short message to obtain an encrypted verification code short message, wherein the encrypted verification code short message comprises a verification code displayed in a ciphertext mode;
in the embodiment of the present invention, the TEE stores the verification code short message in the storage space under the REE or the storage space under the TEE, which is not specifically limited in the embodiment of the present invention.
S207: the TEE acquires a storage index of the encrypted verification code short message, and the storage index records the storage position of the encrypted verification code short message in a storage space;
s208: the TEE sends the storage index to the REE;
it should be noted that after the TEE sends the storage index to the REE, the TEE may exit from operation until receiving an authentication code acquisition request sent by the REE, and restart operation, and determine information of a legitimate application using the authentication code according to an encrypted authentication code short message in the authentication code acquisition request, so that the running time of the TEE can be saved.
S209: the REE receives a request for checking the verification code;
s210: the REE acquires the encrypted verification code short message from the storage space according to the storage index acquired from the TEE, and generates a verification code acquisition request according to the encrypted verification code short message and the information of the application needing to acquire the verification code;
s211: the REE sends a verification code acquisition request to the TEE;
the verification code acquisition request at least carries information of an application for acquiring the verification code and an encrypted verification code short message.
S212: the TEE extracts the encrypted verification code short message from the verification code acquisition request, decrypts the encrypted verification code short message, and extracts the verification code from the decrypted verification code short message;
s213: the TEE determines and stores the information of the legal application using the verification code;
the method for determining the information of the legal application using the verification code by the TEE is as follows:
the Modem determines the information of legal application using the verification code in the legal verification code short message from the white list according to the information of a legal sender of the legal verification code short message; sending the information of the legal application to a TEE; the white list also comprises: using the information of the legal application of the verification code in the short message of the legal verification code;
or; the TEE extracts the PDU field in the legal verification code short message; the TEE determines information of legal application using the verification code from the PDU field;
or, the TEE extracts the legal sender information in the legal verification code short message; the TEE determines the information of the legal application using the verification code from an information list of the legal application preset in the TEE according to the information of the legal sender, wherein the information list of the legal application preset in the TEE at least comprises: the information of the legal sender of the verification code short message and the information of the legal application using the verification code in the legal verification code short message.
S214: the TEE judges whether the information of the application which is carried in the verification code acquisition request and is to acquire the verification code is consistent with the information of the legal application which uses the verification code and is stored by the TEE; if so, S215 is performed; if not, the TEE rejects the verification code acquisition request sent under the REE.
S215: sending the verification code to the REE;
optionally, in the embodiment of the present invention, the TEE sends the verification code to the REE in a plaintext manner or a ciphertext manner.
Optionally, the verification code processing apparatus stores the verification code and the information of the legitimate application using the verification code in a storage space under the TEE, so as to ensure the security of the verification code and the information of the legitimate application using the verification code.
Optionally, the information of the valid application of the verification code includes: the domain name information of the legal application, the installation package name of the legal application, the signature information of the installation package of the legal application, the installation certificate of the legal application, the hash value and the like, and the invention is not limited.
Fig. 5 is a diagram of a mobile terminal disclosed in an embodiment of the present application, which includes a verification code obtaining request receiving module, an information determining module, and a verification code sending module; specifically, the information determining module may be disposed in the TEE, and the identifying code obtaining request receiving module and the identifying code sending module may be disposed in a baseband communication system of the terminal.
The system comprises a verification code acquisition request receiving module, a verification code acquisition request receiving module and a verification code acquisition module, wherein the verification code acquisition request receiving module is used for receiving a verification code acquisition request sent by a rich execution environment REE, and the verification code acquisition request at least carries information of an application which is to acquire a verification code;
the information judgment module is used for judging whether the information of the application which is carried in the verification code acquisition request and is to acquire the verification code is consistent with the information of the legal application which uses the verification code and is stored by the information judgment module;
and the verification code sending module is used for sending the verification code to the REE under the condition that the information of the application to be verified carried in the verification code obtaining request is judged to be consistent with the information of the legal application using the verification code stored in the information judging module.
Further comprising: the first verification code acquisition module is used for acquiring a verification code;
the first verification code obtaining module comprises:
the first legal verification code short message receiving module is used for receiving a legal verification code short message sent by the Modem;
and the verification code extracting module is used for extracting the verification code from the legal verification code short message.
Further comprising: the second verification code acquisition module is used for acquiring the verification code;
the second verification code obtaining module includes:
the second legal verification code short message receiving module is used for receiving a legal verification code short message sent by the Modem;
the encrypted storage module is used for encrypting and storing the legal verification code short message to obtain an encrypted verification code short message, wherein the encrypted verification code short message comprises a verification code displayed in a ciphertext form;
the storage index acquisition module is used for acquiring a storage index of the encrypted verification code short message, and the storage index records the storage position of the encrypted verification code short message in a storage space;
the storage index sending module is used for sending the storage index to the REE;
the encrypted verification code short message acquisition module is used for acquiring an encrypted verification code short message according to the storage index;
the encrypted verification code short message adding module is used for adding the encrypted verification code short message into a verification code acquisition request;
the encrypted verification code short message extraction module is used for extracting an encrypted verification code short message from the verification code acquisition request sent by the REE;
and the encrypted verification code short message decryption module is used for decrypting the encrypted verification code short message and extracting the verification code from the decrypted verification code short message.
Further comprising:
the verification code short message receiving module is used for receiving the verification code short message;
the sender information extraction module is used for extracting the sender information in the verification code short message;
the sender information judging module is used for judging whether the sender information is legal sender information or not;
and the legal verification code short message determining module is used for determining the verification code short message as the legal verification code short message under the condition that the sender information judging module judges that the sender information is the legal sender information.
The sender information judgment module comprises:
the first sender information judgment submodule is used for judging whether the sender information is stored in a white list or not;
a first legal sender information determining module, configured to determine that the sender information is legal sender information when the first sender information determining submodule determines that the sender information is stored in a white list, where the white list at least includes: and verifying the legal sender information of the code short message.
The sender information judgment module comprises:
the second sender information judgment submodule is used for judging whether the sender information is not stored in a blacklist list;
a second legal sender information determining module, configured to determine that the sender information is legal sender information when the second sender information determining submodule determines that the sender information is not stored in a blacklist, where the blacklist at least includes: and verifying the illegal sender information of the code short message.
Further comprising:
the first encryption module is used for encrypting the legal verification code short message to obtain an encrypted legal verification code short message, wherein the encrypted legal verification code short message comprises a ciphertext of the verification code;
the first storage module is used for storing the encrypted legal verification code short message in the storage space of the REE;
the first sending module is used for sending the encrypted legal verification code short message stored in the storage space of the REE to the TEE after receiving a verification code checking request;
and the first decryption module is used for decrypting the encrypted legal verification code short message to obtain a decrypted legal verification code short message.
Further comprising:
and the second storage module is used for storing the legal verification code short message in the storage space of the TEE.
Further comprising:
the first information determining module is used for determining the information of legal application using the verification code in the legal verification code short message from the white list according to the information of the legal sender of the legal verification code short message; the white list also comprises: using the information of the legal application of the verification code in the short message of the legal verification code;
and the first information sending module is used for sending the information of the legal application to the TEE.
Further comprising:
the PDU field extraction module is used for extracting the PDU field in the legal verification code short message;
and the second information determining module is used for determining the information of the legal application using the verification code from the PDU field.
Further comprising:
the legal sender information extraction module is used for extracting the legal sender information in the legal verification code short message;
a third information determining module, configured to determine, according to the information of the legitimate sender, information of a legitimate application using the verification code from an information list of a legitimate application preset in the TEE, where the information list of the legitimate application preset in the TEE at least includes: the information of the legal sender of the verification code short message and the information of the legal application using the verification code in the legal verification code short message.
Fig. 6 is a mobile terminal including a communication component, a memory, and a processor, disclosed in an embodiment of the present application.
The memory is used for storing information of legal application using the verification code, a storage application program and data generated in the running process of the application program;
the communication component is used for receiving a verification code acquisition request at least carrying information of an application which is to acquire a verification code; and under the condition that the processor judges that the information of the application to acquire the verification code, which is carried in the verification code acquisition request, is consistent with the information of the legal application using the verification code, which is stored by the processor, the verification code is sent;
the processor is used for judging whether the information of the application which is carried in the verification code obtaining request and is to obtain the verification code is consistent with the information of the legal application which uses the verification code and is stored by the processor.
Specifically, the communication component is configured to: receiving a legal verification code short message sent by a Modem; and extracting the verification code from the legal verification code short message.
Specifically, the communication component is used for receiving a legal verification code short message sent by the Modem; the processor is also used for encrypting and storing the legal verification code short message to obtain an encrypted verification code short message, wherein the encrypted verification code short message comprises a verification code displayed in a ciphertext mode; acquiring a storage index of the encrypted verification code short message, wherein the storage index records the storage position of the encrypted verification code short message in a storage space; sending the storage index to the REE; acquiring an encrypted verification code short message according to the storage index, and adding the encrypted verification code short message into a verification code acquisition request; extracting an encrypted verification code short message from a verification code acquisition request sent by the REE; and decrypting the encrypted verification code short message and extracting the verification code from the decrypted verification code short message.
Further, the communication component is also used for receiving a short message of the verification code; the processor is also used for extracting the sender information in the verification code short message; judging whether the sender information is legal sender information; if so, determining the verification code short message as the legal verification code short message.
Specifically, the processor is configured to:
judging whether the sender information is stored in a white list, if so, judging that the sender information is legal sender information, wherein the white list at least comprises the following steps: and verifying the legal sender information of the code short message.
Specifically, the processor is configured to:
judging whether the sender information is not stored in a blacklist, if so, judging that the sender information is legal sender information, wherein the blacklist at least comprises the following steps: and verifying the illegal sender information of the code short message.
Further, the processor is further configured to encrypt the valid verification code short message to obtain an encrypted valid verification code short message, where the encrypted valid verification code short message includes a ciphertext of the verification code; storing the encrypted legal verification code short message in a storage space of the REE; the communication component is also used for sending the encrypted legal verification code short message stored in the storage space of the REE to the TEE after receiving a verification code checking request; the processor is also used for decrypting the encrypted legal verification code short message to obtain a decrypted legal verification code short message.
Further, the processor is further configured to store the valid verification code short message in a storage space of the TEE.
Further, the processor is further configured to determine, from the white list, information of a legitimate application that uses a verification code in a legitimate verification code short message according to information of a legitimate sender of the legitimate verification code short message; the white list also comprises: using the information of the legal application of the verification code in the short message of the legal verification code; the communication component is further configured to send information of the legitimate application to a TEE.
Further, the processor is further configured to extract a PDU field in the valid verification code short message; and determining information of legal application using the verification code from the PDU field.
Further, the processor is also used for extracting the information of a legal sender in the short message of the legal verification code; according to the information of the legal sender, determining the information of the legal application using the verification code from an information list of the legal application preset in the TEE, wherein the information list of the legal application preset in the TEE at least comprises: the information of the legal sender of the verification code short message and the information of the legal application using the verification code in the legal verification code short message.
The specific implementation process of the above functions can be seen in fig. 3 and 4.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (33)
1. A verification code processing method is characterized by comprising the following steps:
a Trusted Execution Environment (TEE) receives a verification code acquisition request sent by a Rich Execution Environment (REE), wherein the verification code acquisition request at least carries information of an application which is to acquire a verification code; the TEE includes the verification code;
the TEE receives a legal verification code short message sent by the Modem Modem;
the TEE encrypts the legal verification code short message to obtain an encrypted legal verification code short message; the encrypted legal verification code short message comprises a ciphertext of the verification code; sending the encrypted legal verification code short message to the REE, and storing the encrypted legal verification code short message in a storage space under the REE;
the TEE receives an encrypted legal verification code short message which is sent by the REE and stored in a storage space of the REE;
the TEE decrypts the encrypted legal verification code short message to obtain a decrypted legal verification code short message;
the TEE extracts the verification code from the decrypted legal verification code short message, determines the information of legal application using the verification code and stores the information;
the TEE judges whether the information of the application which is carried in the verification code acquisition request and is to acquire the verification code is consistent with the information of the legal application which uses the verification code and is stored by the TEE;
if so, the passcode is sent to the REE.
2. The method of claim 1, after the TEE receives an authentication code acquisition request sent by a rich execution environment, REE, further comprising:
the TEE receives a legal verification code short message sent by the Modem Modem;
and the TEE extracts the verification code from the legal verification code short message.
3. The method of claim 1, wherein the obtaining of the verification code comprises:
the TEE receives a legal verification code short message sent by the Modem Modem;
the TEE encrypts and stores the legal verification code short message to obtain an encrypted verification code short message, wherein the encrypted verification code short message comprises a verification code displayed in a ciphertext mode;
the TEE acquires a storage index of the encrypted verification code short message, and the storage index records the storage position of the encrypted verification code short message in a storage space;
the TEE sends the storage index to the REE;
the REE acquires an encrypted verification code short message according to the storage index and adds the encrypted verification code short message to a verification code acquisition request;
the TEE extracts an encrypted verification code short message from a verification code acquisition request sent by the REE;
and the TEE decrypts the encrypted verification code short message and extracts the verification code from the decrypted verification code short message.
4. The method as claimed in claim 2 or 3, wherein before the TEE receives the short message of the legal verification code sent by the Modem, the method further comprises:
the Modem receives a verification code short message;
the Modem extracts the sender information in the verification code short message;
the Modem judges whether the sender information is legal sender information;
if so, the Modem determines that the verification code short message is the legal verification code short message.
5. The method of claim 4, wherein the Modem determining whether the sender information is a legitimate sender information comprises:
the Modem judges whether the sender information is stored in a white list, if so, the Modem judges that the sender information is legal sender information, and the white list at least comprises the following information: and verifying the legal sender information of the code short message.
6. The method of claim 4, wherein the Modem determining whether the sender information is a legitimate sender information comprises:
the Modem judges whether the sender information is not stored in a blacklist list, if so, the Modem judges that the sender information is legal sender information, and the blacklist list at least comprises the following information: and verifying the illegal sender information of the code short message.
7. The method of claim 2, before the TEE extracting the authentication code from the legitimate authentication code sms, further comprising:
the TEE encrypts the legal verification code short message to obtain an encrypted legal verification code short message, wherein the encrypted legal verification code short message comprises a ciphertext of the verification code;
the TEE stores the encrypted legal verification code short message in a storage space of the REE;
after the REE receives a verification code checking request, the REE sends an encrypted legal verification code short message stored in a storage space of the REE to the TEE;
and the TEE decrypts the encrypted legal verification code short message to obtain a decrypted legal verification code short message.
8. The method of claim 2, before the TEE extracting the authentication code from the legitimate authentication code sms, further comprising:
and the TEE stores the legal verification code short message in a storage space of the TEE.
9. The method of claim 5, wherein the white list further comprises: using the information of the legal application of the verification code in the short message of the legal verification code;
before the TEE determines whether the information of the application to acquire the verification code carried in the verification code acquisition request is consistent with the information of the legal application using the verification code stored in the TEE, the method further includes:
the Modem determines the information of legal application using the verification code in the legal verification code short message from the white list according to the information of a legal sender of the legal verification code short message;
and sending the information of the legal application to the TEE.
10. The method according to any one of claims 1 to 3, wherein before the TEE determines whether the information of the application to acquire the verification code carried in the verification code acquisition request is consistent with the information of the legitimate application using the verification code stored in the TEE, the method further comprises:
the TEE extracts a Protocol Data Unit (PDU) field in the legal verification code short message;
the TEE determines information of a legitimate application using the authentication code from the PDU field.
11. The method according to any one of claims 1 to 3, wherein before the TEE determines whether the information of the application to acquire the verification code carried in the verification code acquisition request is consistent with the information of the legitimate application using the verification code stored in the TEE, the method further comprises:
the TEE extracts the legal sender information in the legal verification code short message;
the TEE determines the information of the legal application using the verification code from an information list of the legal application preset in the TEE according to the information of the legal sender, wherein the information list of the legal application preset in the TEE at least comprises: the information of the legal sender of the verification code short message and the information of the legal application using the verification code in the legal verification code short message.
12. A mobile terminal, comprising:
the system comprises a verification code acquisition request receiving module, a verification code acquisition request receiving module and a verification code acquisition module, wherein the verification code acquisition request receiving module is used for receiving a verification code acquisition request sent by a rich execution environment REE, and the verification code acquisition request at least carries information of an application which is to acquire a verification code;
the third identifying code obtaining module is used for obtaining the identifying code;
the third identifying code obtaining module comprises:
the legal verification code short message receiving submodule is used for receiving the legal verification code short message sent by the Modem;
the encryption storage submodule is used for encrypting the legal verification code short message to obtain an encrypted legal verification code short message; the encrypted legal verification code short message comprises a ciphertext of the verification code; sending the encrypted legal verification code short message to the REE, and storing the encrypted legal verification code short message in a storage space under the REE;
the encrypted verification code short message acquisition sub-module is used for receiving an encrypted legal verification code short message which is sent by the REE and stored in the storage space of the REE;
the encrypted verification code short message decryption submodule is used for decrypting the encrypted legal verification code short message to obtain a decrypted legal verification code short message;
the verification code short message extraction submodule is used for extracting a verification code from the decrypted legal verification code short message, determining the information of legal application using the verification code and storing the information;
the information judgment module is used for judging whether the information of the application which is carried in the verification code acquisition request and is to acquire the verification code is consistent with the information of the legal application which uses the verification code and is stored by the information judgment module;
and the verification code sending module is used for sending the verification code to the REE under the condition that the information of the application to be verified carried in the verification code obtaining request is judged to be consistent with the information of the legal application using the verification code stored in the information judging module.
13. The mobile terminal of claim 12, further comprising: the first verification code acquisition module is used for acquiring a verification code;
the first verification code obtaining module comprises:
the first legal verification code short message receiving module is used for receiving a legal verification code short message sent by the Modem;
and the verification code extracting module is used for extracting the verification code from the legal verification code short message.
14. The mobile terminal of claim 12, further comprising: the second verification code acquisition module is used for acquiring the verification code;
the second verification code obtaining module includes:
the second legal verification code short message receiving module is used for receiving a legal verification code short message sent by the Modem;
the encrypted storage module is used for encrypting and storing the legal verification code short message to obtain an encrypted verification code short message, wherein the encrypted verification code short message comprises a verification code displayed in a ciphertext form;
the storage index acquisition module is used for acquiring a storage index of the encrypted verification code short message, and the storage index records the storage position of the encrypted verification code short message in a storage space;
the storage index sending module is used for sending the storage index to the REE;
the encrypted verification code short message acquisition module is used for acquiring an encrypted verification code short message according to the storage index;
the encrypted verification code short message adding module is used for adding the encrypted verification code short message into a verification code acquisition request;
the encrypted verification code short message extraction module is used for extracting an encrypted verification code short message from the verification code acquisition request sent by the REE;
and the encrypted verification code short message decryption module is used for decrypting the encrypted verification code short message and extracting the verification code from the decrypted verification code short message.
15. The mobile terminal according to claim 13 or 14, further comprising:
the verification code short message receiving module is used for receiving the verification code short message;
the sender information extraction module is used for extracting the sender information in the verification code short message;
the sender information judging module is used for judging whether the sender information is legal sender information or not;
and the legal verification code short message determining module is used for determining the verification code short message as the legal verification code short message under the condition that the sender information judging module judges that the sender information is the legal sender information.
16. The mobile terminal of claim 15, wherein the sender information determining module comprises:
the first sender information judgment submodule is used for judging whether the sender information is stored in a white list or not;
a first legal sender information determining module, configured to determine that the sender information is legal sender information when the first sender information determining submodule determines that the sender information is stored in a white list, where the white list at least includes: and verifying the legal sender information of the code short message.
17. The mobile terminal of claim 15, wherein the sender information determining module comprises:
the second sender information judgment submodule is used for judging whether the sender information is not stored in a blacklist list;
a second legal sender information determining module, configured to determine that the sender information is legal sender information when the second sender information determining submodule determines that the sender information is not stored in a blacklist, where the blacklist at least includes: and verifying the illegal sender information of the code short message.
18. The mobile terminal of claim 13, further comprising:
the first encryption module is used for encrypting the legal verification code short message to obtain an encrypted legal verification code short message, wherein the encrypted legal verification code short message comprises a ciphertext of the verification code;
the first storage module is used for storing the encrypted legal verification code short message in the storage space of the REE;
the first sending module is used for sending the encrypted legal verification code short message stored in the storage space of the REE to the TEE after receiving the verification code checking request;
and the first decryption module is used for decrypting the encrypted legal verification code short message to obtain a decrypted legal verification code short message.
19. The mobile terminal of claim 13, further comprising:
and the second storage module is used for storing the legal verification code short message in a storage space of the TEE.
20. The mobile terminal of claim 16, further comprising:
the first information determining module is used for determining the information of legal application using the verification code in the legal verification code short message from the white list according to the information of the legal sender of the legal verification code short message; the white list also comprises: using the information of the legal application of the verification code in the short message of the legal verification code;
and the first information sending module is used for sending the information of the legal application to the TEE.
21. The mobile terminal according to any of claims 12-14, further comprising:
the PDU field extraction module is used for extracting the PDU field in the legal verification code short message;
and the second information determining module is used for determining the information of the legal application using the verification code from the PDU field.
22. The mobile terminal according to any of claims 12-14, further comprising:
the legal sender information extraction module is used for extracting the legal sender information in the legal verification code short message;
a third information determining module, configured to determine, according to the information of the legitimate sender, information of a legitimate application using the verification code from an information list of a legitimate application preset in the TEE, where the information list of the legitimate application preset in the TEE at least includes: the information of the legal sender of the verification code short message and the information of the legal application using the verification code in the legal verification code short message.
23. A mobile terminal, comprising: a communication component, a memory, and a processor;
the memory is used for storing information of legal application using the verification code, the stored application program and data generated in the running process of the application program;
the communication component is used for receiving a verification code acquisition request at least carrying information of an application which is to acquire a verification code; and under the condition that the processor judges that the information of the application to acquire the verification code, which is carried in the verification code acquisition request, is consistent with the information of the legal application using the verification code, which is stored by the processor, the verification code is sent;
the processor is used for judging whether the information of the application which is carried in the verification code acquisition request and is to acquire the verification code is consistent with the information of the legal application which uses the verification code and is stored by the processor;
the communication component is specifically used for receiving a legal verification code short message sent by the Modem; the processor is also used for encrypting the legal verification code short message to obtain an encrypted legal verification code short message; the encrypted legal verification code short message comprises a ciphertext of the verification code; sending the encrypted legal verification code short message to the REE, and storing the encrypted legal verification code short message in a storage space under the REE; receiving an encrypted legal verification code short message which is sent by an REE and stored in a storage space of the REE; and decrypting the encrypted legal verification code short message to obtain a decrypted legal verification code short message, extracting a verification code from the decrypted legal verification code short message, determining information of legal application using the verification code, and storing the information.
24. The mobile terminal of claim 23, wherein the communication component is specifically configured to: receiving a legal verification code short message sent by a Modem; and extracting the verification code from the legal verification code short message.
25. The mobile terminal of claim 23, wherein the communication module is specifically configured to receive a short message of a valid verification code sent by a Modem; the processor is also used for encrypting and storing the legal verification code short message to obtain an encrypted verification code short message, wherein the encrypted verification code short message comprises a verification code displayed in a ciphertext mode; acquiring a storage index of the encrypted verification code short message, wherein the storage index records the storage position of the encrypted verification code short message in a storage space; sending the storage index to the REE; acquiring an encrypted verification code short message according to the storage index, and adding the encrypted verification code short message into a verification code acquisition request; extracting an encrypted verification code short message from a verification code acquisition request sent by the REE; and decrypting the encrypted verification code short message and extracting the verification code from the decrypted verification code short message.
26. The mobile terminal of claim 24 or 25, wherein the communication component is further configured to receive a short message of a verification code; the processor is also used for extracting the sender information in the verification code short message; judging whether the sender information is legal sender information; if so, determining the verification code short message as the legal verification code short message.
27. The mobile terminal of claim 26, wherein the processor is specifically configured to:
judging whether the sender information is stored in a white list, if so, judging that the sender information is legal sender information, wherein the white list at least comprises the following steps: and verifying the legal sender information of the code short message.
28. The mobile terminal of claim 26, wherein the processor is specifically configured to:
judging whether the sender information is not stored in a blacklist, if so, judging that the sender information is legal sender information, wherein the blacklist at least comprises the following steps: and verifying the illegal sender information of the code short message.
29. The mobile terminal of claim 24,
the processor is further configured to encrypt the valid verification code short message to obtain an encrypted valid verification code short message, where the encrypted valid verification code short message includes a ciphertext of the verification code; storing the encrypted legal verification code short message in a storage space of the REE; the communication component is also used for sending the encrypted legal verification code short message stored in the storage space of the REE to the TEE after receiving a verification code checking request; the processor is also used for decrypting the encrypted legal verification code short message to obtain a decrypted legal verification code short message.
30. The mobile terminal of claim 24, wherein the processor is further configured to store the valid authentication code short message in a memory space of the TEE.
31. The mobile terminal of claim 27,
the processor is also used for determining the information of legal application using the verification code in the legal verification code short message from the white list according to the information of the legal sender of the legal verification code short message; the white list also comprises: using the information of the legal application of the verification code in the short message of the legal verification code; the communication component is further configured to send information of the legitimate application to a TEE.
32. The mobile terminal of any of claims 23-25,
the processor is also used for extracting the PDU field in the legal verification code short message; and determining information of legal application using the verification code from the PDU field.
33. The mobile terminal of any of claims 23-25,
the processor is also used for extracting the information of a legal sender in the short message of the legal verification code; according to the information of the legal sender, determining the information of the legal application using the verification code from an information list of the legal application preset in the TEE, wherein the information list of the legal application preset in the TEE at least comprises: the information of the legal sender of the verification code short message and the information of the legal application using the verification code in the legal verification code short message.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2016/101899 WO2018068228A1 (en) | 2016-10-12 | 2016-10-12 | Verification code processing method and mobile terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109792436A CN109792436A (en) | 2019-05-21 |
| CN109792436B true CN109792436B (en) | 2021-08-03 |
Family
ID=61905080
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201680089629.5A Active CN109792436B (en) | 2016-10-12 | 2016-10-12 | Verification code processing method and mobile terminal |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN109792436B (en) |
| WO (1) | WO2018068228A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113407959B (en) * | 2021-06-11 | 2023-04-14 | 维沃移动通信(杭州)有限公司 | Operation execution method and device and electronic equipment |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104700268A (en) * | 2015-03-30 | 2015-06-10 | 中科创达软件股份有限公司 | Mobile payment method and mobile device |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100995904B1 (en) * | 2007-12-18 | 2010-11-23 | 한국전자통신연구원 | Method of Web service and its apparatus |
| US20140075502A1 (en) * | 2012-09-11 | 2014-03-13 | Selim Aissi | Resource management of execution environments |
| CN103856485B (en) * | 2014-02-14 | 2017-05-10 | 武汉天喻信息产业股份有限公司 | System and method for initializing safety indicator of credible user interface |
| CN105376204B (en) * | 2014-08-28 | 2019-02-01 | 宇龙计算机通信科技(深圳)有限公司 | User terminal and permission giving method and its system |
| CN105307137B (en) * | 2015-09-18 | 2019-05-07 | 小米科技有限责任公司 | Short message read method and device |
| CN109150548B (en) * | 2015-12-01 | 2021-10-08 | 神州融安科技(北京)有限公司 | Digital certificate signing and signature checking method and system and digital certificate system |
| CN105512576A (en) * | 2015-12-14 | 2016-04-20 | 联想(北京)有限公司 | Method for secure storage of data and electronic equipment |
| CN105975867B (en) * | 2016-04-28 | 2018-06-12 | 东莞市华睿电子科技有限公司 | A kind of data processing method |
-
2016
- 2016-10-12 WO PCT/CN2016/101899 patent/WO2018068228A1/en active Application Filing
- 2016-10-12 CN CN201680089629.5A patent/CN109792436B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104700268A (en) * | 2015-03-30 | 2015-06-10 | 中科创达软件股份有限公司 | Mobile payment method and mobile device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109792436A (en) | 2019-05-21 |
| WO2018068228A1 (en) | 2018-04-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102307665B1 (en) | identity authentication | |
| US10666642B2 (en) | System and method for service assisted mobile pairing of password-less computer login | |
| US11477036B2 (en) | Devices and methods for application attestation | |
| CN106936774B (en) | Authentication method and system in trusted execution environment | |
| WO2016011778A1 (en) | Data processing method and apparatus | |
| US9053318B2 (en) | Anti-cloning system and method | |
| JP5844471B2 (en) | How to control access to Internet-based applications | |
| KR101754308B1 (en) | Method for management sensitive data of mobile and escrow server for performing the method | |
| US20130174239A1 (en) | Reinforced authentication system and method using context information at the time of access to mobile cloud service | |
| CN110719173B (en) | Information processing method and device | |
| WO2017147890A1 (en) | Verification code short message display method and mobile terminal | |
| CN111246474B (en) | Base station authentication method and device | |
| CN105577619B (en) | Client login method, client and system | |
| WO2017084569A1 (en) | Method for acquiring login credential in smart terminal, smart terminal, and operating systems | |
| CN112199644A (en) | Mobile terminal application program safety detection method, system, terminal and storage medium | |
| US20170201528A1 (en) | Method for providing trusted service based on secure area and apparatus using the same | |
| CN109451504B (en) | Internet of things module authentication method and system | |
| CN112448930A (en) | Account registration method, device, server and computer readable storage medium | |
| EP2985712B1 (en) | Application encryption processing method, apparatus, and terminal | |
| CN112328415A (en) | Interface calling method and device, computer equipment and readable storage medium | |
| CN109792436B (en) | Verification code processing method and mobile terminal | |
| CN113282951A (en) | Security verification method, device and equipment for application program | |
| CN111935122B (en) | Data security processing method and device | |
| Igor et al. | Security Software Green Head for Mobile Devices Providing Comprehensive Protection from Malware and Illegal Activities of Cyber Criminals. | |
| CN105323287B (en) | Third-party application program login method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |