CN116366347A - Secure transmission method and device for signaling and SE chip - Google Patents

Secure transmission method and device for signaling and SE chip Download PDF

Info

Publication number
CN116366347A
CN116366347A CN202310365729.8A CN202310365729A CN116366347A CN 116366347 A CN116366347 A CN 116366347A CN 202310365729 A CN202310365729 A CN 202310365729A CN 116366347 A CN116366347 A CN 116366347A
Authority
CN
China
Prior art keywords
instruction
chip
server
data
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310365729.8A
Other languages
Chinese (zh)
Inventor
王雪平
杨世昭
崔竞松
涂航
李莉
余纯武
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Goodix Technology Co Ltd
Original Assignee
Shenzhen Goodix Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Goodix Technology Co Ltd filed Critical Shenzhen Goodix Technology Co Ltd
Priority to CN202310365729.8A priority Critical patent/CN116366347A/en
Publication of CN116366347A publication Critical patent/CN116366347A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

In the secure transmission method of signaling, after receiving an instruction provided by a server and sent by a terminal device, the SE chip performs identity verification on the initialization instruction according to an authentication level supported by the SE chip, decrypts the initialization instruction after the initialization instruction passes the identity verification to obtain a related decryption parameter for decrypting first encrypted data included in a secure channel instruction, and decrypts the first encrypted data by using the decryption parameter to obtain plaintext data. In the method, after the server generates the instruction, the server does not need to interact with the SE chip, directly packages the instruction and sends the instruction to the SE chip, and the SE chip performs identity verification and decryption on the received instruction, so that the authenticity and confidentiality of the instruction can be ensured, and the computing resource of the server is saved.

Description

Secure transmission method and device for signaling and SE chip
Technical Field
The embodiment of the application relates to the technical field of intelligent terminals, in particular to a signaling safety transmission method, a signaling safety transmission device and an SE chip.
Background
At present, intelligent terminal devices such as a smart phone and a tablet personal computer become an indispensable tool in life of people, and information security of the smart phone is also a focus of attention. The currently accepted highest security available solution is to embed a Security Element (SE) chip in the smart phone. However, in the related art, after the SE chip is embedded in the smart phone, there is a problem that the remote management system cannot directly communicate with the SE in the smart phone, and the smart phone must be used for message transfer, but because the application environment of the smart phone is very variable, the smart phone is an unreliable execution environment, so that the existing secure channel protocol cannot be applied to the smart phone more safely.
Currently, in the specifications proposed by the global platform organization (global platform), a security channel protocol (security channel protocol, SCP) 02, SCP03, or SCP11 may implement the establishment of a security channel, where the establishment of the security channel refers to secret negotiation between two parties of communication to obtain a key for protecting communication data, and all data encrypted using the key is considered to be communicated in the security channel.
In the existing application scenario, the smart phone is used as a message transfer station between a trusted service end and a trusted SE, and does not have a trusted execution environment, so that in the traditional secure channel protocol, all communication parties are required to interact for a plurality of times, and only a point-to-point communication mode can bring about some problems, and the smart phone is not suitable for being used in the smart phone. On one hand, if multiple interactions are needed, the server needs to be online in real time and ensure that network lines are smooth each time when the server wants to establish connection with the SE, so that the requirements on the network communication module of the intelligent mobile phone are higher, and more network resources are occupied; on the other hand, because the number of mobile phone users is very large, if the participation of the server is required for each interaction, very great pressure is caused on the server, and communication failure or untimely response under certain conditions can be caused, so that the use experience of the smart phone users adopting the mode is poor.
In the existing security channel protocol, the SCP02 and SCP03 do not support an asymmetric algorithm, so that the flexibility of use is poor, authentication can be realized only after a server side interacts with SE for many times, and a security channel is established. This problem is also present in the SCP11 protocol, variant a and variant b, and variant c, although capable of supporting one-way authentication and not requiring interaction of data between the two parties, consumes a relatively high bandwidth during transmission due to the adoption of elliptic curve encryption (elliptic curve cryptography, ECC) algorithm based on a certificate system.
Disclosure of Invention
The embodiment of the application provides a safe transmission method, a device and an SE (secure element) chip of signaling, and also provides a computer readable storage medium so as to realize that after a server generates an instruction, the server does not need to interact with the SE chip, directly packages the instruction and sends the instruction to the SE chip, and the SE chip performs identity verification and decryption on the received instruction, so that the authenticity and confidentiality of the instruction can be ensured, and the computing resource of the server side is saved.
In a first aspect, an embodiment of the present application provides a secure transmission method of signaling, for a secure element SE chip, including: receiving an instruction provided by a server and sent by a terminal device, wherein the instruction comprises an initialization instruction and a secure channel instruction; according to the authentication level supported by the SE chip, carrying out identity verification on the initialization instruction; after the initialization instruction passes the identity verification, decrypting the initialization instruction to obtain relevant decryption parameters for decrypting the first encrypted data included in the secure channel instruction; and decrypting the first encrypted data by using the decryption parameters to obtain the plaintext data.
In the above-mentioned signaling secure transmission method, after receiving an instruction provided by the server 200 and sent by the terminal device 100, the SE chip 111 performs identity verification on the above-mentioned initialization instruction according to the authentication level supported by the SE chip 111, after the above-mentioned initialization instruction passes the identity verification, decrypts the above-mentioned initialization instruction to obtain the relevant decryption parameter for decrypting the first encrypted data included in the secure channel instruction, and then decrypts the above-mentioned first encrypted data by using the above-mentioned decryption parameter to obtain plaintext data. In this embodiment, after generating the instruction, the server 200 does not need to interact with the SE chip 111, directly packages the instruction and sends the instruction to the SE chip 111, and the SE chip 111 performs authentication and decryption on the received instruction, so that the authenticity and confidentiality of the instruction can be ensured, and the computing resources of the server 200 are saved.
In one possible implementation manner, the authenticating the initialization command according to the authentication level supported by the SE chip includes: and verifying the signature value included in the data field of the initialization instruction by using the key specified in the initialization instruction.
In one possible implementation manner, the decrypting the initialization instruction to obtain the relevant decryption parameter for decrypting the first encrypted data included in the secure channel instruction includes: decrypting the initialization instruction to obtain a secret key of a secure channel established in the current session between the SE chip and the server, an initial vector and an integrity check value obtained after the server encrypts plaintext data.
In one possible implementation manner, the decrypting the first encrypted data using the decryption parameter includes: decrypting first encrypted data included in the secure channel instruction by using the key, the initial vector and the integrity check value to obtain the plaintext data; the first encrypted data is obtained after the server encrypts plaintext data, and the first encrypted data is carried in the secure channel instruction.
In one possible implementation manner, the decrypting the first encrypted data included in the secure channel instruction by using the key, the initial vector and the integrity check value, to obtain the plaintext data includes: when the security level selected by the user is confidentiality and integrity protection, decrypting the first encrypted data included in the security channel instruction by using a decryption function by using the secret key, the initial vector and the integrity check value to obtain the plaintext data; and when the security level selected by the user is integrity protection, decrypting the first encrypted data included in the security channel instruction by using the key, the initial vector and the integrity check value by using an integrity protection function to obtain the plaintext data.
In one possible implementation manner, the decrypting the initialization instruction to obtain the key, the initial vector, and the integrity check value of the secure channel established by the SE chip and the server in the current session after encrypting the plaintext data by the server includes: decrypting second encrypted data carried in a data field of the initialization instruction by using a key specified in the initialization instruction to obtain a value of a counter stored by the server, a key and an initial vector used in the process of encrypting the plaintext data by the server, and an integrity check value obtained after encrypting the plaintext data by the server; comparing the value of the counter stored by the server with the value of the counter stored in the SE chip; and if the value of the counter stored by the server is greater than or equal to the value of the counter stored in the SE chip, storing the key and the initial vector obtained by decryption and the integrity check value.
In one possible implementation manner, before the receiving the instruction provided by the server and sent by the terminal device, the method further includes: receiving an information acquisition instruction sent by terminal equipment; transmitting the version of the secure channel protocol currently supported by the SE chip and the version of the secret key in the SE chip to the terminal equipment; the instruction sent by the terminal equipment comprises the following steps: instructions that match the version of the secure channel protocol currently supported by the SE chip and the version of the key in the SE chip.
In a second aspect, an embodiment of the present application provides a secure transmission device for signaling, provided in a secure element SE chip, the device including: the receiving module is used for receiving an instruction provided by the server and sent by the terminal equipment, wherein the instruction comprises an initialization instruction and a security channel instruction; the verification module is used for carrying out identity verification on the initialization instruction according to the authentication level supported by the SE chip; the decryption module is used for decrypting the initialization instruction after the initialization instruction passes the identity verification, and obtaining relevant decryption parameters for decrypting the first encrypted data included in the security channel instruction; and decrypting the first encrypted data by using the decryption parameters to obtain the plaintext data.
In one possible implementation manner, the verification module is specifically configured to verify a signature value included in a data field of the initialization instruction by using a key specified in the initialization instruction.
In one possible implementation manner, the decryption module is specifically configured to decrypt the initialization instruction to obtain a key of a secure channel established in a current session between the SE chip and the server, an initial vector, and an integrity check value obtained after the server encrypts plaintext data; decrypting first encrypted data included in the secure channel instruction by using the key, the initial vector and the integrity check value to obtain the plaintext data; the first encrypted data is obtained after the server encrypts plaintext data, and the first encrypted data is carried in the secure channel instruction.
In one possible implementation manner, the decryption module includes: the data decryption sub-module is used for decrypting the second encrypted data carried in the data field of the initialization instruction by using the key appointed in the initialization instruction, so as to obtain the value of the counter stored by the server, the key and the initial vector used in the process of encrypting the plaintext data by the server, and the integrity check value obtained after the plaintext data is encrypted by the server; a comparison sub-module, configured to compare a value of the counter stored in the server with a value of the counter stored in the SE chip; and the storage sub-module is used for storing the key and the initial vector obtained by decryption of the data decryption sub-module and the integrity check value when the value of the counter stored by the server is larger than or equal to the value of the counter stored in the SE chip.
In one implementation, the apparatus further includes: a transmitting module; the receiving module is further used for receiving an information acquisition instruction sent by the terminal equipment before receiving the instruction sent by the terminal equipment; the sending module is used for sending the version of the secure channel protocol currently supported by the SE chip and the version of the secret key in the SE chip to the terminal equipment; the instruction sent by the terminal equipment comprises the following steps: instructions that match the version of the secure channel protocol currently supported by the SE chip and the version of the key in the SE chip.
In a third aspect, embodiments of the present application provide a secure element SE chip comprising: a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method provided in the first aspect when executing the computer program.
In a fourth aspect, embodiments of the present application provide a non-transitory computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method provided by the first aspect.
It should be understood that, the second to fourth aspects of the embodiments of the present application are consistent with the technical solutions of the first aspect of the embodiments of the present application, and the beneficial effects obtained by each aspect and the corresponding possible implementation manner are similar, and are not repeated.
In a fifth aspect, embodiments of the present application provide a computer program for performing the method provided in the first aspect, when the computer program is executed by a computer.
In one possible design, the program in the fifth aspect may be stored in whole or in part on a storage medium packaged with the processor, or in part or in whole on a memory not packaged with the processor.
Drawings
Fig. 1 is a schematic structural diagram of a terminal device according to an embodiment of the present application;
FIG. 2 is a schematic structural diagram of a server according to an embodiment of the present disclosure;
FIG. 3 is a schematic diagram illustrating an initialization command according to one embodiment of the present application;
FIG. 4 is a schematic diagram of an initialization command according to another embodiment of the present application;
FIG. 5 is a schematic diagram of the relationship between keys provided by one embodiment of the present application;
fig. 6 is a flowchart of a method for secure transmission of signaling according to an embodiment of the present application;
fig. 7 is a schematic diagram of an encryption flow of the server 200 according to an embodiment of the present application;
fig. 8 is a schematic diagram of an authentication procedure of the server 200 according to an embodiment of the present application;
fig. 9 is a flowchart of a method for secure transmission of signaling according to another embodiment of the present disclosure;
FIG. 10 is a schematic diagram of a verification process of SE chip 111 according to one embodiment of the present application;
fig. 11 is a schematic diagram illustrating a verification process of SE chip 111 according to another embodiment of the present application;
fig. 12 is a schematic diagram of a verification process of SE chip 111 according to still another embodiment of the present application;
fig. 13 is a schematic diagram of a decryption flow of SE chip 111 according to an embodiment of the present application;
Fig. 14 is a schematic structural diagram of a secure transmission device for signaling according to an embodiment of the present application;
fig. 15 is a schematic structural diagram of a secure transmission device for signaling according to another embodiment of the present application;
fig. 16 is a schematic structural diagram of a secure transmission device for signaling according to still another embodiment of the present application;
fig. 17 is a schematic structural diagram of a signaling security transmission device according to still another embodiment of the present application.
Detailed Description
The terminology used in the description section of the present application is for the purpose of describing particular embodiments of the present application only and is not intended to be limiting of the present application.
In the existing secure channel protocol, authentication can be realized only after a server and an SE chip interact for a plurality of times, and a secure channel is established. In addition, the existing secure channel protocols all adopt international algorithms, and in the prior art, the secure channel protocols of the national encryption algorithm are not used.
In order to solve the problem that the conventional secure channel protocol needs to interact with both communication parties for establishing a secure channel for multiple times, and also apply the cryptographic algorithm to the secure channel protocol, the embodiment of the application provides a secure transmission method of signaling, and the secure transmission method of signaling adopts the SCP90 secure channel protocol for secure transmission of signaling.
The method for securely transmitting signaling provided in the embodiment of the present application may be applied to a terminal device, where the terminal device may be a smart phone, a tablet computer, a wearable device, a vehicle-mounted device, an augmented reality (augmented reality, AR)/Virtual Reality (VR) device, a notebook computer, an ultra-mobile personal computer (UMPC), a netbook, a personal digital assistant (personal digital assistant, PDA) or the like; the embodiment of the application does not limit the specific type of the terminal equipment.
For example, fig. 1 is a schematic structural diagram of a terminal device according to an embodiment of the present application, fig. 1 illustrates a structure of the terminal device by taking the terminal device as a smart phone as an example, and as shown in fig. 1, the terminal device 100 may include a processor 110, a se chip 111, an external memory interface 120, an internal memory 121, a universal serial bus (universal serial bus, USB) interface 130, a charge management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2, a mobile communication module 150, a wireless communication module 160, an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, a sensor module 180, a key 190, a motor 191, an indicator 192, a camera 193, a display 194, and a subscriber identity module (subscriber identification module, SIM) card interface 195.
It is to be understood that the structure illustrated in the embodiment of the present application does not constitute a specific limitation on the terminal device 100. In other embodiments of the present application, terminal device 100 may include more or less components than illustrated, or certain components may be combined, or certain components may be split, or different arrangements of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
The processor 110 may include one or more processing units, such as: the processor 110 may include an application processor (application processor, AP), a modem processor, a graphics processor (graphics processing unit, GPU), an image signal processor (image signal processor, ISP), a controller, a video codec, a digital signal processor (digital signal processor, DSP), a baseband processor, and/or a neural network processor (neural-network processing unit, NPU), etc. Wherein the different processing units may be separate devices or may be integrated in one or more processors.
The controller can generate operation control signals according to the instruction operation codes and the time sequence signals to finish the control of instruction fetching and instruction execution.
A memory may also be provided in the processor 110 for storing instructions and data. In some embodiments, the memory in the processor 110 is a cache memory. The memory may hold instructions or data that the processor 110 has just used or recycled. If the processor 110 needs to reuse the instruction or data, it can be called directly from the memory. Repeated accesses are avoided and the latency of the processor 110 is reduced, thereby improving the efficiency of the system.
The SE chip 111 may include a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor may implement the method for secure transmission of signaling provided in the embodiments of the present application when executing the computer program.
The charge management module 140 is configured to receive a charge input from a charger. The charger can be a wireless charger or a wired charger. In some wired charging embodiments, the charge management module 140 may receive a charging input of a wired charger through the USB interface 130. In some wireless charging embodiments, the charge management module 140 may receive wireless charging input through a wireless charging coil of the terminal device 100. The charging management module 140 may also supply power to the terminal device 100 through the power management module 141 while charging the battery 142.
The power management module 141 is used for connecting the battery 142, and the charge management module 140 and the processor 110. The power management module 141 receives input from the battery 142 and/or the charge management module 140 to power the processor 110, the internal memory 121, the display 194, the camera 193, the wireless communication module 160, and the like. The power management module 141 may also be configured to monitor battery capacity, battery cycle number, battery health (leakage, impedance) and other parameters. In other embodiments, the power management module 141 may also be provided in the processor 110. In other embodiments, the power management module 141 and the charge management module 140 may be disposed in the same device.
The wireless communication function of the terminal device 100 can be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, a modem processor, a baseband processor, and the like.
The antennas 1 and 2 are used for transmitting and receiving electromagnetic wave signals. Each antenna in the terminal device 100 may be used to cover a single or multiple communication bands. Different antennas may also be multiplexed to improve the utilization of the antennas. For example: the antenna 1 may be multiplexed into a diversity antenna of a wireless local area network. In other embodiments, the antenna may be used in conjunction with a tuning switch.
The mobile communication module 150 may provide a solution including 2G/3G/4G/5G wireless communication applied to the terminal device 100. The mobile communication module 150 may include at least one filter, switch, power amplifier, low noise amplifier (low noise amplifier, LNA), etc. The mobile communication module 150 may receive electromagnetic waves from the antenna 1, perform processes such as filtering, amplifying, and the like on the received electromagnetic waves, and transmit the processed electromagnetic waves to the modem processor for demodulation. The mobile communication module 150 can amplify the signal modulated by the modem processor, and convert the signal into electromagnetic waves through the antenna 1 to radiate. In some embodiments, at least some of the functional modules of the mobile communication module 150 may be disposed in the processor 110. In some embodiments, at least some of the functional modules of the mobile communication module 150 may be provided in the same device as at least some of the modules of the processor 110.
The modem processor may include a modulator and a demodulator. The modulator is used for modulating the low-frequency baseband signal to be transmitted into a medium-high frequency signal. The demodulator is used for demodulating the received electromagnetic wave signal into a low-frequency baseband signal. The demodulator then transmits the demodulated low frequency baseband signal to the baseband processor for processing. The low frequency baseband signal is processed by the baseband processor and then transferred to the application processor. The application processor outputs sound signals through an audio device (not limited to the speaker 170A, the receiver 170B, etc.), or displays images or video through the display screen 194. In some embodiments, the modem processor may be a stand-alone device. In other embodiments, the modem processor may be provided in the same device as the mobile communication module 150 or other functional module, independent of the processor 110.
The wireless communication module 160 may provide solutions for wireless communication including wireless local area network (wireless local area networks, WLAN) (e.g., wireless fidelity (wireless fidelity, wi-Fi) network), bluetooth (BT), global navigation satellite system (global navigation satellite system, GNSS), frequency modulation (frequency modulation, FM), near field wireless communication technology (near field communication, NFC), infrared technology (IR), etc., applied to the terminal device 100. The wireless communication module 160 may be one or more devices that integrate at least one communication processing module. The wireless communication module 160 receives electromagnetic waves via the antenna 2, modulates the electromagnetic wave signals, filters the electromagnetic wave signals, and transmits the processed signals to the processor 110. The wireless communication module 160 may also receive a signal to be transmitted from the processor 110, frequency modulate it, amplify it, and convert it to electromagnetic waves for radiation via the antenna 2.
In some embodiments, antenna 1 and mobile communication module 150 of terminal device 100 are coupled, and antenna 2 and wireless communication module 160 are coupled, such that terminal device 100 may communicate with a network and other devices via wireless communication techniques. The wireless communication techniques may include the Global System for Mobile communications (global system for mobile communications, GSM), general packet radio service (general packet radio service, GPRS), code division multiple access (code division multiple access, CDMA), wideband code division multiple access (wideband code division multiple access, WCDMA), time division code division multiple access (time-division code division multiple access, TD-SCDMA), long term evolution (long term evolution, LTE), BT, GNSS, WLAN, NFC, FM, and/or IR techniques, among others. The GNSS may include a global satellite positioning system (global positioning system, GPS), a global navigation satellite system (global navigation satellite system, GLONASS), a beidou satellite navigation system (beidou navigation satellite system, BDS), a quasi zenith satellite system (quasi-zenith satellite system, QZSS) and/or a satellite based augmentation system (satellite based augmentation systems, SBAS).
The terminal device 100 implements display functions through a GPU, a display screen 194, an application processor, and the like. The GPU is a microprocessor for image processing, and is connected to the display 194 and the application processor. The GPU is used to perform mathematical and geometric calculations for graphics rendering. Processor 110 may include one or more GPUs that execute program instructions to generate or change display information.
The display screen 194 is used to display images, videos, and the like. The display 194 includes a display panel. The display panel may employ a liquid crystal display (liquid crystal display, LCD), an organic light-emitting diode (OLED), an active-matrix organic light-emitting diode (AMOLED) or an active-matrix organic light-emitting diode (matrix organic light emitting diode), a flexible light-emitting diode (flex), a mini, a Micro led, a Micro-OLED, a quantum dot light-emitting diode (quantum dot light emitting diodes, QLED), or the like. In some embodiments, the terminal device 100 may include 1 or N display screens 194, N being a positive integer greater than 1.
The terminal device 100 may implement a photographing function through an ISP, a camera 193, a video codec, a GPU, a display screen 194, an application processor, and the like.
The ISP is used to process data fed back by the camera 193. For example, when photographing, the shutter is opened, light is transmitted to the camera photosensitive element through the lens, the optical signal is converted into an electric signal, and the camera photosensitive element transmits the electric signal to the ISP for processing and is converted into an image visible to naked eyes. ISP can also optimize the noise, brightness and skin color of the image. The ISP can also optimize parameters such as exposure, color temperature and the like of a shooting scene. In some embodiments, the ISP may be provided in the camera 193.
The camera 193 is used to capture still images or video. The object generates an optical image through the lens and projects the optical image onto the photosensitive element. The photosensitive element may be a charge coupled device (charge coupled device, CCD) or a Complementary Metal Oxide Semiconductor (CMOS) phototransistor. The photosensitive element converts the optical signal into an electrical signal, which is then transferred to the ISP to be converted into a digital image signal. The ISP outputs the digital image signal to the DSP for processing. The DSP converts the digital image signal into an image signal in a standard RGB, YUV, or the like format. In some embodiments, the terminal device 100 may include 1 or N cameras 193, N being a positive integer greater than 1.
The digital signal processor is used for processing digital signals, and can process other digital signals besides digital image signals. For example, when the terminal device 100 selects a frequency bin, the digital signal processor is used to fourier transform the frequency bin energy, or the like.
Video codecs are used to compress or decompress digital video. The terminal device 100 may support one or more video codecs. In this way, the terminal device 100 can play or record video in various encoding formats, for example: dynamic picture experts group (moving picture experts group, MPEG) 1, MPEG2, MPEG3, MPEG4, etc.
The NPU is a neural-network (NN) computing processor, and can rapidly process input information by referencing a biological neural network structure, for example, referencing a transmission mode between human brain neurons, and can also continuously perform self-learning. Applications such as intelligent awareness of the terminal device 100 may be implemented by the NPU, for example: image recognition, face recognition, speech recognition, text understanding, etc.
The external memory interface 120 may be used to connect an external memory card, such as a Micro SD card, to realize expansion of the memory capability of the terminal device 100. The external memory card communicates with the processor 110 through an external memory interface 120 to implement data storage functions. For example, files such as music, video, etc. are stored in an external memory card.
The internal memory 121 may be used to store computer executable program code including instructions. The internal memory 121 may include a storage program area and a storage data area. The storage program area may store an application program (such as a sound playing function, an image playing function, etc.) required for at least one function of the operating system, etc. The storage data area may store data (such as audio data, phonebook, etc.) created during use of the terminal device 100, and the like. In addition, the internal memory 121 may include a high-speed random access memory, and may further include a nonvolatile memory such as at least one magnetic disk storage device, a flash memory device, a universal flash memory (universal flash storage, UFS), and the like. The processor 110 performs various functional applications of the terminal device 100 and data processing by executing instructions stored in the internal memory 121 and/or instructions stored in a memory provided in the processor.
The terminal device 100 may implement audio functions through an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, an application processor, and the like. Such as music playing, recording, etc.
The audio module 170 is used to convert digital audio information into an analog audio signal output and also to convert an analog audio input into a digital audio signal. The audio module 170 may also be used to encode and decode audio signals. In some embodiments, the audio module 170 may be disposed in the processor 110, or a portion of the functional modules of the audio module 170 may be disposed in the processor 110.
The speaker 170A, also referred to as a "horn," is used to convert audio electrical signals into sound signals. The terminal device 100 can listen to music or to handsfree talk through the speaker 170A.
A receiver 170B, also referred to as a "earpiece", is used to convert the audio electrical signal into a sound signal. When the terminal device 100 receives a call or voice message, it is possible to receive voice by approaching the receiver 170B to the human ear.
Microphone 170C, also referred to as a "microphone" or "microphone", is used to convert sound signals into electrical signals. When making a call or transmitting voice information, the user can sound near the microphone 170C through the mouth, inputting a sound signal to the microphone 170C. The terminal device 100 may be provided with at least one microphone 170C. In other embodiments, the terminal device 100 may be provided with two microphones 170C, and may implement a noise reduction function in addition to collecting sound signals. In other embodiments, the terminal device 100 may be further provided with three, four or more microphones 170C to collect sound signals, reduce noise, identify the source of sound, implement directional recording functions, etc.
The earphone interface 170D is used to connect a wired earphone. The headset interface 170D may be a USB interface 130 or a 3.5mm open mobile electronic device platform (open mobile terminal platform, OMTP) standard interface, a american cellular telecommunications industry association (cellular telecommunications industry association of the USA, CTIA) standard interface.
The keys 190 include a power-on key, a volume key, etc. The keys 190 may be mechanical keys. Or may be a touch key. The terminal device 100 may receive key inputs, generating key signal inputs related to user settings and function controls of the terminal device 100.
The motor 191 may generate a vibration cue. The motor 191 may be used for incoming call vibration alerting as well as for touch vibration feedback. For example, touch operations acting on different applications (e.g., photographing, audio playing, etc.) may correspond to different vibration feedback effects. The motor 191 may also correspond to different vibration feedback effects by touching different areas of the display screen 194. Different application scenarios (such as time reminding, receiving information, alarm clock, game, etc.) can also correspond to different vibration feedback effects. The touch vibration feedback effect may also support customization.
The indicator 192 may be an indicator light, may be used to indicate a state of charge, a change in charge, a message indicating a missed call, a notification, etc.
The SIM card interface 195 is used to connect a SIM card. The SIM card may be contacted and separated from the terminal apparatus 100 by being inserted into the SIM card interface 195 or by being withdrawn from the SIM card interface 195. The terminal device 100 may support 1 or N SIM card interfaces, N being a positive integer greater than 1. The SIM card interface 195 may support Nano SIM cards, micro SIM cards, and the like. The same SIM card interface 195 may be used to insert multiple cards simultaneously. The types of the plurality of cards may be the same or different. The SIM card interface 195 may also be compatible with different types of SIM cards. The SIM card interface 195 may also be compatible with external memory cards. The terminal device 100 interacts with the network through the SIM card to realize functions such as call and data communication. In some embodiments, the terminal device 100 employs esims, namely: an embedded SIM card. The eSIM card can be embedded in the terminal device 100 and cannot be separated from the terminal device 100. In one example, SE chip 111 may also be integrated with a SIM card.
In addition, the implementation of the signaling security transmission method provided by the embodiment of the application not only relates to the terminal equipment side but also relates to the server side.
Illustratively, fig. 2 is a schematic structural diagram of a server according to an embodiment of the present application, and as shown in fig. 2, the server 200 may include at least one processor 210; and at least one memory 230 communicatively coupled to the processor, wherein: the memory 230 stores program instructions executable by the processor, and the processor 210 can execute the secure transmission method of the signaling provided in the embodiment of the present application when the processor invokes the program instructions.
In fig. 2, server 200 is in the form of a general purpose computing device. The components of server 200 may include, but are not limited to: one or more processors 210, a communication interface 220, a memory 230, and a communication bus 240 that connects the different components (including the memory 230, the communication interface 220, and the processing unit 210).
Communication bus 240 represents one or more of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, or a local bus using any of a variety of bus architectures. By way of example, communication buses 240 may include, but are not limited to, industry standard architecture (industry standard architecture, ISA) bus, micro channel architecture (micro channel architecture, MAC) bus, enhanced ISA bus, video electronics standards association (video electronics standards association, VESA) local bus, and peripheral component interconnect (peripheral component interconnection, PCI) bus.
Server 200 typically includes a variety of computer system readable media. Such media can be any available media that can be accessed by the electronic device and includes both volatile and nonvolatile media, removable and non-removable media.
Memory 230 may include computer system readable media in the form of volatile memory such as random access memory (random access memory, RAM) and/or cache memory. Memory 230 may include at least one program product having a set (e.g., at least one) of program modules configured to carry out the functions of embodiments of the methods of the present application.
A program/utility having a set (at least one) of program modules may be stored in the memory 230, such program modules include, but are not limited to, an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment. Program modules typically carry out the functions and/or methods of the embodiments of the present application.
The processor 210 executes various functional applications and data processing by running programs stored in the memory 230, for example, implementing the secure transmission method of signaling provided in the embodiments of the present application.
It should be appreciated that the processor 210 in the server 200 shown in fig. 2 may be a system on a chip SOC, and the processor 210 may include a central processing unit (central processing unit, CPU) and may further include other types of processors, such as: an image processor (graphics processing unit, GPU), etc.
For easy understanding, the following embodiments of the present application will take the terminal device 100 having the structure shown in fig. 1 as an example, and the server 200 having the structure shown in fig. 2 as an example, and the secure transmission method of signaling provided in the embodiments of the present application will be specifically described with reference to the accompanying drawings.
The present embodiment defines 3 instructions: the initialization instruction, the secure channel instruction and the information acquisition instruction provide confidentiality protection, integrity protection and identity authentication functions for remotely sending the instruction to the SE chip by using a mode of combining various keys and algorithms.
The instructions mentioned in the embodiments of the present application are expressed using an instruction format based on the smart card ISO7816 specification, but the embodiments of the present application are not limited thereto, and other specification instruction formats may be used to express the instructions, as long as they can correctly carry the required parameter information.
The initialization instruction, the secure channel instruction, and the information acquisition instruction are described in detail below.
1. The initialization instruction is used to initialize the secure channel while authenticating the server 200 issuing the instruction. The format of the initialization instructions may be as shown in table 1.
TABLE 1
Code (Code) Value (Value) Description (Description)
Code 1 (CLA) xx
Code 2 (INS) xx Authentication instructions
P1 xx Protocol version
P2 xx Secure channel configuration
Code 3 (LC) Variable (Variable) Data length
Code 4 (DATA) Xxxx Data
Code 5 (LE) - Without any means for
In table 1, different codes represent different meanings, and the value "xx" represents a specific meaning when the corresponding code assigns xx, for example, the code P1 represents a currently used security channel version number, if the currently used version is 1, the value of P1 is 0x10, where the high 4bit represents a major version number and the low 4bit represents a minor version number; the primary version number affects the processing flow and logic of the secure channel protocol, and the secondary version number affects the transmission channel used by the secure channel protocol.
Table 2 shows the values of P1 and the corresponding descriptions.
TABLE 2
b7 b6 b5 b4 b3 b2 b1 b0 Description (description)
0 0 0 1 0 0 0 1 Version 1 protocol using 7816T0 channel
0 0 0 1 0 0 1 0 Version 1 protocol using 7816T1 channel
0 0 0 1 0 0 1 1 Version 1 protocol using SPI channels
0 0 0 1 0 1 0 0 Version 1 protocol using NCI channels
P2 is also referred to as a security parameter, and is used to represent some configuration items of the security channel. Wherein the high 4 bits represent an authentication configuration and the low 4 bits represent an encryption configuration, such as: different security parameters can be set by assigning values to the 8 bits b7-b 0, respectively, wherein assigning different values to b 3-b 0 can represent "not encrypt", "calculate integrity using AES", "encrypt using SM 4", "calculate integrity using SM 4", respectively; assigning different values to b7-b4 may represent "not authenticate", "authenticate with AES", "authenticate with SM 2", "authenticate with SM 4", "authenticate with SM 9", respectively. In addition, some reserved assignments may be included.
Table 3 is the distribution of authentication configuration bits and encryption configuration bits for P2.
TABLE 3 Table 3
Figure BDA0004170585670000171
The data carried in the data field is the data transmitted for identity authentication and contains several pieces of information, such as IV R (16 bytes), CT 0 (64 bytes), pk.server.aut.sm2 (64 bytes), sign.pk.server (64 bytes), S (variable bytes, abbreviation for signature), etc.
If the authentication configuration is set to use an elliptic curve-based asymmetric cryptography (Public Key Cryptographic Algorithm SM2 Based on Elliptic Curves, SM 2) algorithm, i.e. the high 4bit of P2 is set to "0010", the structure of the initialization instruction is shown in fig. 3, and fig. 3 is a schematic structural diagram of the initialization instruction in an embodiment of the present application.
If the authentication configuration is set to use advanced encryption standard (Advanced Encryption Standard, AES) algorithm/symmetric cryptographic algorithm (SM 4 Block Cipher Algorithm, SM 4) or identification-based asymmetric cryptographic algorithm (Identity-based cryptographic algorithms SM, SM 9), then neither pk.server.aut.sm2 nor sign.pk.server exists, the structure of the initialization instruction is shown in fig. 4, and fig. 4 is a schematic diagram of the structure of the initialization instruction provided in another embodiment of the present application.
As described above, the value of P2 is different, and the data carried in the data field of the initialization command format will also change accordingly. For example, when the value of P2 indicates no authentication, there is no data labeled as authentication option in the data field of the initialization instruction format; when the value of P2 indicates no encryption, there is no data marked as an encryption option in the data field of the initialization instruction format.
At different values of P2, please refer to table 4 for initializing the data carried in the data field of the instruction format.
TABLE 4 Table 4
Figure BDA0004170585670000181
After the SE chip 111 processes the initialization command, a corresponding response code is generated, and the response code of the initialization command may be as shown in table 5.
TABLE 5
Figure BDA0004170585670000191
In this embodiment of the present application, after the SE chip 111 generates the response code of the initialization instruction, the SE chip 111 may send the response code of the initialization instruction to the terminal device 100. Then, the terminal device 100 may determine whether to process the response code by itself or transmit the response code to the server 200 according to the response code of the initialization command, and the server 200 may process the response code.
2. The secure channel instruction is used to issue a protected instruction to SE chip 111. The secure channel instruction can only be executed strictly after the initialization instruction, and if the previous instruction of the first secure channel instruction is not the initialization instruction, the SE chip 111 returns an error code of 6a 81.
The secure channel instructions may be executed multiple times in a session until all remote instructions have been processed. Specifically, the format of the secure channel instruction is shown in table 6.
TABLE 6
Code (Code) Value (Value) Description (Description)
Code 1 (CLA) xx
Code 2 (INS) xx Secure channel instruction
Code 3 (P3) xx Parameter 1
Code 4 (P4) xx Parameter 2, indicating whether it is the last secure channel instruction
Code 5 (LC) Variable Data length
Code 6 (DATA) xxxx Data
Code 7 (LE) - Without any means for
In table 6, different codes represent different meanings, and the value "xx" represents a specific meaning when the corresponding code assigns xx, for example, the code P4 is used to indicate whether the current secure channel instruction is the last secure channel instruction, if P4 is "00", it indicates that the current instruction is further transmitted by the secure channel instruction, and if P4 is "01", it indicates that the current instruction is the last secure channel instruction.
The data carried in the data field of the secure channel instruction format is only ciphertext data, which can be used only after being decrypted completely.
Similarly, after SE chip 111 processes the secure channel instruction, a corresponding response code is generated, and the response code of the secure channel instruction may be as shown in table 7.
TABLE 7
Figure BDA0004170585670000201
In this embodiment of the present application, after the SE chip 111 generates the response code of the secure channel instruction, the SE chip 111 may send the response code of the secure channel instruction to the terminal device 100. Then, the terminal device 100 may determine whether to process the response code by itself or transmit the response code to the server 200 according to the response code of the secure channel instruction, and the server 200 processes the response code.
3. The acquire information instruction is used for the terminal device 100 to acquire information related to the current secure channel protocol from the SE chip 111, including the secure channel protocol version currently supported by the SE chip 111 and/or the version number of the key in the SE chip, etc. Specifically, the format of the information acquisition instruction is shown in table 8.
TABLE 8
Figure BDA0004170585670000202
Figure BDA0004170585670000211
Codes P5 and P6 work together to specify a certain key in SE chip 111.
The value of code 7 (LE) in the get information instruction format is divided into two parts, the version of the secure channel protocol currently supported by SE chip 111 and the version of the key in SE chip 111.
After the SE chip 111 processes the get information instruction, a corresponding response code is generated, and the response code of the get information instruction may be as shown in table 9.
TABLE 9
SW1 SW2 Description of Description
90 00 Success (Success)
6A 90 Process failure (processed failed)
In this embodiment, after the SE chip 111 generates the response code for acquiring the information instruction, the SE chip 111 transmits the response code for acquiring the information instruction to the terminal device 100. After receiving the response code of the information acquisition instruction, the terminal device 100 may determine the execution condition of the information acquisition instruction according to the response code of the information acquisition instruction.
The keys used in the embodiments of the present application are described below.
The key used in the embodiment of the present application only specifies the type of the key, and does not specify the generation mode and the distribution mode of the key, provided that the server 200 and the SE chip 111 both have the required key. The keys that each entity involved in the embodiments of the present application needs to possess can be shown in table 10.
Table 10
Figure BDA0004170585670000212
/>
Figure BDA0004170585670000221
/>
Figure BDA0004170585670000231
The relationships between the keys in table 10 may be as shown in fig. 5, and fig. 5 is a schematic diagram of the relationships between the keys provided in one embodiment of the present application.
Fig. 6 is a flowchart of a method for secure transmission of signaling according to an embodiment of the present application, where, as shown in fig. 6, the method for secure transmission of signaling may include:
in step 601, the server 200 acquires plaintext data to be transmitted.
Specifically, when the server 200 decides to transmit data to the SE chip 111, plaintext data to be transmitted is first prepared.
In step 602, the server 200 encrypts the plaintext data according to the security level supported by the SE chip 111, to obtain first encrypted data.
In step 603, the server 200 obtains the version number of the secure channel established by the server 200 and the SE chip 111 in the current session.
In step 604, the server 200 generates a secure channel instruction according to the first encrypted data, and generates an initialization instruction according to the security level and the version number.
Specifically, the server 200 may generate the secure channel instruction according to the first encrypted data as follows: the server 200 carries the first encrypted data in a data field of a secure channel instruction format to obtain a secure channel instruction.
The server 200 may generate the initialization command according to the security level and the version number as follows: setting a value of a security parameter domain in an initialization instruction format according to the security level, and setting a value of a protocol version domain in the initialization instruction format according to the version number to obtain an initialization instruction; the value of the security parameter field is used to indicate the encryption mode used to convert the plaintext data into the first encrypted data.
In step 605, the server 200 packages the initialization command and the secure channel command to obtain a data packet.
In a specific implementation, the server 200 may package the initialization command and the secure channel command into one data packet, so that the initialization command and the secure channel command may be sent to the terminal device 100 at one time, thereby reducing interaction between the server 200 and the terminal device 100.
In step 606, the server 200 sends the data packet to the terminal device 100, so that the terminal device 100 sends the initialization command and the secure channel command in the data packet to the SE chip 111, and the SE chip 111 analyzes the secure channel command according to the initialization command to obtain the plaintext data.
Further, if the user has also selected to authenticate the first encrypted data, after obtaining the first encrypted data in step 602, the server 200 may further perform authentication processing on the first encrypted data according to the authentication level supported by the SE chip 111 to obtain the second encrypted data.
Specifically, the authentication processing is performed on the first encrypted data according to the authentication level supported by the SE chip 111, and the obtaining of the second encrypted data may be: the server 200 encrypts the value of the counter stored in the server 200, the key and the initial vector used when encrypting the plaintext data, and the integrity check value in the first encrypted data to obtain second encrypted data; the server 200 signs the second encrypted data using a signature function corresponding to the authentication level supported by the SE chip 111, and obtains a signature value corresponding to the second encrypted data.
Thus, according to the security level and the version number, the generation of the initialization instruction may be: the server 200 sets the value of the security parameter domain in the initialization instruction format according to the security level and the authentication level, and sets the value of the protocol version domain in the initialization instruction format according to the version number; and carrying the second encrypted data and the signature value corresponding to the second encrypted data in the data field of the initializing instruction format according to the value of the security parameter field so as to obtain the initializing instruction; the value of the security parameter field is used to indicate an encryption mode used to convert the plaintext data into the first encrypted data and an authentication mode used to authenticate the first encrypted data.
In the method for secure transmission of signaling, after the server 200 obtains plaintext data to be transmitted, the plaintext data is encrypted according to a security level supported by the SE chip 111 to obtain first encrypted data, and then a version number of a secure channel established in a current session between the server 200 and the SE chip 111 is obtained, a secure channel instruction is generated according to the first encrypted data, and an initialization instruction is generated according to the security level and the version number, the initialization instruction and the secure channel instruction are packaged to obtain a data packet, and finally the data packet obtained by packaging is transmitted to the terminal device 100, so that the terminal device 100 transmits the initialization instruction and the secure channel instruction in the data packet to the SE chip 111, and the SE chip 111 analyzes the secure channel instruction according to the initialization instruction to obtain plaintext data. That is, after generating the instruction, the server 200 does not need to interact with the SE chip 111, and can directly package and send the initialization instruction and the secure channel signaling to the SE chip 111, and the SE chip 111 performs identity verification and decryption on the received initialization instruction and secure channel signaling, so that the authenticity and confidentiality of the instruction can be ensured, and the computing resources of the server 200 are saved.
In step 602 of the embodiment shown in fig. 6 of the present application, the server 200 encrypts the plaintext data according to the security level supported by the SE chip 111, and the obtaining the first encrypted data may be: acquiring the ith plaintext data to be processed in the plaintext data, and splicing a predetermined data segment with the ith plaintext data; the spliced data is encrypted using a function corresponding to the security level supported by SE chip 111. The encryption of the spliced data using a function corresponding to the security level supported by the SE chip 111 may be: when the security level supported by the SE chip 111 is confidentiality and integrity protection, encrypting the spliced data by using an encryption function; when the security level supported by the SE chip 111 is integrity protection, the spliced data is encrypted using an integrity protection function.
Specifically, the encryption process of the server 200 is changed according to different cryptographic algorithms and security levels selected by the user, and the security levels selected by the user include: confidentiality and integrity protection, integrity protection only, and no security. There are a number of algorithms available for each security level.
The input data of the encryption flow includes: PT (PT) 1 ,PT 2 ,…,PT N ,MAC N+1 ,K,IV N
Wherein PT 1 ,PT 2 ,…,PT N For plaintext data to be transmitted, MAC N+1 A predetermined data segment, which is a fixed segment of data, having a value of '0x00' of 16 bytes; k is a key used to encrypt the PT, which is randomly generated each time an encryption flow is started; IV N Is an initial vector for use in an encryption function, IV N Is a value of 12 bytes of random number plus 4 bytes of '0xFF'.
The output data of the encryption flow is: CT (computed tomography) 1 ,CT 2 ,…,CT N ,MAC 1
Wherein CT is 1 ,CT 2 ,…,CT N For plain text data PT 1 ,PT 2 ,…,PT N Encrypted corresponding ciphertext; MAC (media access control) 1 For plain text data PT 1 And outputting an integrity check value after encryption.
If the security level selected by the user is integrity-only protection, then the CT is the same as the corresponding PT. If the security level selected by the user is not secure, the output CT is the same as PT and no MAC is available 1
The encryption process of the server 200 may be as shown in fig. 7, and fig. 7 is a schematic diagram of the encryption process of the server 200 according to an embodiment of the present application.
Referring to fig. 7, the encryption flow of the server 200 may include:
step 1, if the security level selected by the user is no security, making CT i =PT i Jump to step 5.
Step 2, when processing the ith plaintext data (i is more than or equal to 1 and less than or equal to N), firstly MAC is carried out i+1 And plain text PT i Spliced together and then calculated using a Galois Count Mode (GCM) encryption function or a cbc_mac function, which is a message authentication code (message authentication code) calculated in cipher block chaining (cipher block chaining) Mode, according to the security level selected by the user. If the user selects confidentiality and integrity protection, the GCM encryption function is used, and if the user selects integrity protection only, the cbc_mac function is used. The input parameters used for both functions are three, respectively: PT (PT) i ||MAC i+1 As data to be processed, K is used as a key, IV i As an initial vector, after being processed by a cryptographic function, CT is output i And MAC i If CBC_MAC function is used, CT i =PT i
Step 3, calculating IV by using the counter i-1 i-1
Step 4, returning to the execution of step 2 until the data of i=1 is executed.
Step 5, PT 1 ,PT 2 ,…,PT N And MAC 1 As an output, the encryption flow ends.
At the server 200, the IV used in processing each PTi is different, where IV i The calculation mode of (a) can be as follows: IV i =IV i+1 –256。
The cryptographic functions GCM and cbc_mac used in the above encryption process are described below, and reference is made to the corresponding symmetric cryptographic specifications for their definition.
The GCM encryption function is expressed as follows:
{CT i ,MAC i }=Symmetric_GCM_Enc({PT i ||MAC i+1 },IV i ,K)
the cbc_mac function is expressed as follows:
{MAC i }=Symmetric_CBC_MAC({PT i ||MAC i+1 },IV i ,K)
the authentication flow of server 200 is varied according to different cryptographic algorithms and authentication levels selected by the user, including: symmetric algorithm message authentication code (message authentication code, MAC) check, SM2 signature, SM9 signature and no security. Each security level corresponds to an algorithm.
The processing procedure in the authentication flow is divided into two parts, namely, the output data of the encryption flow is encrypted and the session is authenticated.
The input data of the authentication procedure may include: key_aut, key_enc, MAC 1 ,K,IV 1 ,IV R ,Ver,KEY.SE.ENC.AES/SM4,SK.SERVER.AUT
Key_aut and key_enc are used to specify which specific KEY is used by the SE chip 111 of the receiver to calculate; MAC (media access control) 1 Is the output obtained by the encryption flow; k, IV 1 All are data used in the encryption flow; IV R Is a 16-byte random number temporarily generated by the server 200, ver is a 4-byte counter stored by the server 200, and is always self-increased; key.se.enc.aes/SM4 and sk.server.aut are the chip lot symmetric key held by server 200 and the server 200's own authentication private key. The SK.SERVER.AUT is different according to the selected algorithm, and if the symmetrical algorithm MAC verification is selected, the SK.SERVER.AUT uses KEY.SE.AUT.AES/SM4; if it selects SM2 signature, the SK.SERVER.AUT is a private key of an SM2 algorithm; if the SM9 signature is selected, SK.SERVER.AUT is the private key of the SM9 algorithm; if no security is selected, SK.SERVER.AUT is not used.
The output of the authentication flow includes: CT (computed tomography) R S, S; wherein CT R For ciphertext obtained by encrypting input data, S is ciphertext CT R And signing all other data to obtain a signature value.
The authentication process of the server 200 may be as shown in fig. 8, and fig. 8 is a schematic diagram of the authentication process of the server 200 according to an embodiment of the present application.
Referring to fig. 8, the authentication procedure of the server 200 may include:
in the view of figure 8 of the drawings, { K | Ver IV 1 ||MAC 1 Encryption is carried out by using a Cipher Block Chaining (CBC) mode, a key used in encryption is KEY.SE.ENC.AES/SM4 preset in SE chip 111, and ciphertext CT is obtained after encryption 0 。IV R Is a random number temporarily generated by the server 200, and is only used in the authentication procedure, and is destroyed after use. Calculating to obtain ciphertext CT 0 After that, the processing unit is configured to, for { KEYID_AUT|| keyid_enc IV R ||CT 0 A signature value S is calculated, where keyaut and keyenc are two IDs, keyaut being used to indicate the key used when authentication is performed, keyenc being used to indicate the key used when encryption is performed. The manner in which S is calculated is different depending on the level of authentication selected. If SM2 or SM9 is selected, S is calculated here using the signature function of the asymmetric algorithm; if the MAC check of the symmetric algorithm is selected, calculating the MAC as S using the CBC_MAC function of the symmetric algorithm; if no authentication is selected, only encryption processing is performed here, and S does not need to be calculated.
The description of the respective algorithm functions to be used below is as follows:
CT 0 =Symmetric_CBC_Enc({K||Ver||IV 1 ||MAC 1 },IV R ,
KEY.SE.ENC/SM4)
S=Signature({IV R ||CT 0 },SK.SERVER.AUT)
S=Symmetric_CBC_MAC({IV R ||CT 0 },KEY.SE.AUT.AES/SM4)
fig. 9 is a flowchart of a method for secure transmission of signaling according to another embodiment of the present application, where, as shown in fig. 9, the method for secure transmission of signaling may include:
in step 901, se chip 111 receives an instruction provided by server 200 transmitted by terminal device 100, the instruction including an initialization instruction and a secure channel instruction.
Specifically, assume that SE chip 111 receives a total of n+1 instructions, labeled 0 through N, respectively. The 0 th instruction is an initialization instruction, and the 1 st to nth instructions are secure channel instructions.
Further, before SE chip 111 receives the instruction provided by server 200 transmitted by terminal device 100, SE chip 111 may also receive the instruction of acquiring information transmitted by terminal device 100; transmitting the version of the secure channel protocol currently supported by the SE chip 111 and the version of the key in the SE chip 111 to the terminal device 100; then, the instruction sent by the terminal device 100 may be: instructions that match the version of the secure channel protocol currently supported by SE chip 111 and the version of the key in SE chip 111.
In particular implementation, after the terminal device 100 obtains the version of the secure channel protocol currently supported by the SE chip 111 and the version of the key in the SE chip 111, the version of the secure channel protocol currently supported by the SE chip 111 and the version of the key in the SE chip 111 may be sent to the server 200, so that the server 200 may send an instruction to the terminal device 100 that matches the version of the secure channel protocol currently supported by the SE chip 111 and the version of the key in the SE chip 111.
In another implementation, server 200 may send a plurality of versions of instructions to terminal device 100, and after terminal device 100 obtains the version of the secure channel protocol currently supported by SE chip 111 and the version of the key in SE chip 111, an instruction matching the version of the secure channel protocol currently supported by SE chip 111 and the version of the key in SE chip 111 may be obtained from the plurality of versions of instructions.
In step 902, the SE chip 111 performs authentication on the initialization command according to the authentication level supported by the SE chip 111.
Specifically, according to the authentication level supported by SE chip 111, the authentication of the initialization command may be: and verifying the signature value included in the data field of the initialization instruction by using the key specified in the initialization instruction.
In step 903, after the initialization command passes the authentication, the SE chip 111 decrypts the initialization command to obtain the key and the initial vector of the secure channel established by the SE chip 111 and the server 200 in the current session, and the integrity check value obtained after the server 200 encrypts the plaintext data.
Specifically, after the initialization command passes the authentication, the SE chip 111 may decrypt the second encrypted data carried in the data field of the initialization command using the key specified in the initialization command, to obtain the value of the counter stored in the server 200, the key and the initial vector used in the process of encrypting the plaintext data by the server 200, and the integrity check value obtained after the server 200 encrypts the plaintext data. Then, the value of the counter held by the server 200 is compared with the value of the counter held in the SE chip 111; if the value of the counter held by the server 200 is greater than or equal to the value of the counter held in the SE chip 111, the key and the initial vector used in the process of encrypting the above plain text data by the server 200 obtained by decryption, and the integrity check value obtained after the encryption of the above plain text data by the server 200 are held.
In step 904, the se chip 111 decrypts the first encrypted data included in the secure channel instruction by using the key, the initial vector and the integrity check value, to obtain plaintext data.
The first encrypted data is obtained after the server encrypts the plaintext data, and the first encrypted data is carried in the secure channel instruction.
It should be noted that, in this embodiment, the secure channel instruction must be executed strictly following the initialization instruction, and if the previous instruction executed by the secure channel instruction is not the secure channel instruction or the initialization instruction, an error code needs to be returned.
In the above-mentioned signaling secure transmission method, after receiving an instruction provided by the server 200 and sent by the terminal device 100, the SE chip 111 performs identity verification on the above-mentioned initialization instruction according to the authentication level supported by the SE chip 111, after the above-mentioned initialization instruction passes the identity verification, decrypts the above-mentioned initialization instruction, obtains a key and an initial vector of a secure channel established in the current session between the SE chip 111 and the server 200, and an integrity check value obtained after the server 200 encrypts plaintext data, and decrypts the first encrypted data included in the above-mentioned secure channel instruction by using the above-mentioned key, the above-mentioned initial vector and the above-mentioned integrity check value, so as to obtain plaintext data. In this embodiment, after generating the instruction, the server 200 does not need to interact with the SE chip 111, directly packages the instruction and sends the instruction to the SE chip 111, and the SE chip 111 performs authentication and decryption on the received instruction, so that the authenticity and confidentiality of the instruction can be ensured, and the computing resources of the server 200 are saved.
In the embodiment shown in fig. 9 of the present application, in the verification process shown in step 902 and step 903, the SE chip 111 needs to verify the signature value carried in the data field of the initialization command according to the security level supported by the SE chip 111, and after the verification is passed, the second encrypted data carried in the data field of the initialization command is decrypted. If the authentication level supported by the SE chip 111 is no authentication, the authentication operation of the initialization instruction is not required; if the security level supported by the SE chip 111 is not secure, the decryption operation of the initialization instruction is not required.
The input data of the verification process of SE chip 111 may include:
Package_0,KEY.SE.ENC,PK.SERVER.AUT/KEY.SE.AUT
the output data of the verification process may include:
K,IV 1 ,MAC 1 ,Ver
in summary, the verification procedure of the SE chip 111 may be:
first, the signature value S carried in the data field of the initialization command is verified using the key specified in the initialization command, where different keys and algorithms are used according to different authentication levels.
If the verification fails, returning the response error code, otherwise, continuing the next step.
And decrypting the ciphertext in the initialization instruction by using the key specified in the initialization instruction. Here, different keys and algorithms will be used depending on the different authentication levels, and decryption is not required if the security level selected by the user is not secure.
Finally, if the decryption is successful, the Ver obtained by comparing the decryption is smaller than the Ver stored in SE chip 111, the initialization command is refused, and the corresponding error code is returned. Otherwise, the obtained K, IV is decrypted 1 And MAC 1 And saving for decryption of subsequent secure channel instructions.
Specifically, the verification process of SE chip 111 executes different processes according to the authentication level supported by SE chip 111, and the verification process of SE chip 111 is described below for different authentication levels.
Fig. 10 is a schematic diagram of a verification process of a SE chip 111 according to an embodiment of the present application, as shown in fig. 10, if a user selects to use an SM9 algorithm for signing and uses a symmetric algorithm for encryption protection, the verification process of the SE chip 111 may include:
firstly, using an ID.SERVER to verify a signature value S carried in a data field of an initialization instruction, using an SM9 algorithm, taking { KEYID_AUT|KEYID_ENC|IVR|CT 0} as data to be verified, taking S as the signature value, and taking the ID.SERVER as a public key.
If the verification fails, returning the response error code, otherwise, continuing the next step.
The second encrypted data carried in the data field of the initialization instruction is decrypted using a key (key.se.enc.aes or key.se.enc.sm4) specified in the initialization instruction. If the user selects a security level that is not secure, then no decryption of the second encrypted data is required.
If the decryption is successful, comparing the decrypted Ver with the Ver stored in SE chip 111, and if the decrypted Ver is smaller than the Ver stored in SE chip 111, rejecting the initialization command and returning the corresponding error code. Otherwise, the obtained K, IV is decrypted 1 And MAC 1 And saving for decryption of subsequent secure channel instructions.
Fig. 11 is a schematic diagram of a verification process of a SE chip 111 according to another embodiment of the present application, as shown in fig. 11, if a user selects to use an SM2 algorithm for signing and uses a symmetric algorithm for encryption process protection, the verification process of the SE chip 111 may include:
first, pk.kgc.root.sm2 is used to verify { pk.server.aut.sm2||sign.pk.server } in the initialization instruction, and if verification is passed, pk.server.aut.sm2 is used to verify the signature value S in the initialization instruction. Here, using SM2 algorithm, { keyaut|keyid_enc|ivr|ct 0} is used as the data to be verified, S is used as the signature value, and pk.
If the verification fails, returning the response error code, otherwise, continuing the next step.
The second encrypted data carried in the data field of the initialization instruction is decrypted using a key (key.se.enc.aes or key.se.enc.sm4) specified in the initialization instruction. If the user selects a security level that is not secure, then no decryption of the second encrypted data is required.
If the decryption is successful, comparing the decrypted Ver with the Ver stored in SE chip 111, and if the decrypted Ver is smaller than the Ver stored in SE chip 111, rejecting the initialization command and returning the corresponding error code. Otherwise, the obtained K, IV is decrypted 1 And MAC 1 And saving for decryption of subsequent secure channel instructions.
Fig. 12 is a schematic diagram of a verification process of the SE chip 111 according to still another embodiment of the present application, as shown in fig. 12, if a user selects to use a symmetric algorithm for signing and uses the symmetric algorithm for encryption process protection, the verification process of the SE chip 111 may include:
first, a KEY (key.se.aut.aes or KEY) specified in an initialization instruction is usedSe.aut.sm4) signature value MAC carried in the data field of the above-mentioned initialization instruction R And (5) performing verification. Here, using the function of SM4MAC, { keyid_aut|keyid_enc|iv R ||CT 0 Used as data to be verified, KEY.SE.AUT.AES or KEY.SE.AUT.SM4 is used as key, and MAC is obtained by calculation R ' if calculated MAC R MAC in' and initialization instruction R The same, the verification passes.
If the verification fails, returning the response error code, otherwise, continuing the next step.
The second encrypted data carried in the data field of the above-mentioned initialization instruction is decrypted using a key (key.se.enc.aes or key.se.enc.sm4) specified in the initialization instruction. If the user selects a security level that is not secure, then no decryption of the second encrypted data is required.
If the decryption is successful, comparing the decrypted Ver with the Ver stored in SE chip 111, and if the decrypted Ver is smaller than the Ver stored in SE chip 111, rejecting the initialization command and returning the corresponding error code. Otherwise, the obtained K, IV is decrypted 1 And MAC 1 And saving for decryption of subsequent secure channel instructions.
In the embodiment shown in fig. 9 of the present application, the decryption process described in step 904 is used to decrypt and obtain the plaintext data transmitted by the server 200, i.e. ciphertext CT i Conversion to plaintext PT i
The input data of the decryption process may include: k, IV 1 ,MAC 1 ,CT 1 ,CT 2 ,…,CT N The method comprises the steps of carrying out a first treatment on the surface of the Wherein, K, IV 1 ,MAC 1 Are all data obtained from the verification process, CT 1 To CT N Each being the first encrypted data carried in the data field of the subsequent secure channel instruction.
The output data of the decryption process may include: PT (PT) 1 ,PT 2 ,…,PT N
There are different processing flows according to the security level selected by the user, and the processing flows are mainly divided into two types, namely confidentiality and integrity protection, and only integrity protection. If the security level selected by the user is confidentiality and integrity protection, performing decryption and integrity verification by using a GCM decryption function; if the security level selected by the user is integrity-only protection, the CBC_MAC function of the symmetric algorithm is used to verify the integrity.
Fig. 13 is a schematic diagram of a decryption flow of the SE chip 111 according to an embodiment of the present application, where, as shown in fig. 13, the decryption flow of the SE chip 111 may include:
step 1, for ciphertext CT i When decryption is performed, the key used is a session key K, and the initial vector used is IV i The input integrity check data is MAC i . Output as plain text PT i ||MAC i+1
Step 2, extracting the MAC from the data obtained in the step 1 i+1 According to IV in step 1 i Calculating to obtain IV i+1
And 3, adding 1 to the counter i, returning to the step 1, and circularly executing until i > N.
The GCM decryption function used in the above procedure may be expressed as follows:
{PT i }=Symmetric_GCM_Dec(CT i ,K,IV i ,AAD,MAC i );
if the security level selected by the user is integrity protection only, the cbc_mac function used may be as follows: MAC (media access control) i =Symmetric_CBC_MAC(CT i ,K,IV i );
Calculation of IV i The function of (2) may be as follows: IV i =IV i-1 +256。
MAC obtained by processing last packet of data N+1 Is a fixed 16 byte '0x00'.
The signaling security transmission method provided by the embodiment of the application supports the SM9 identification password algorithm, can realize certification without certificates, and is compatible with various password algorithms and certification modes. The signaling security transmission method provided by the embodiment of the application simultaneously supports the SM2 algorithm based on the ECC cipher and the SM4/AES symmetric cipher algorithm, reserves the possibility of adding new algorithm support at the framework level, and can be very convenient to be compatible with most of the existing cipher algorithms.
After the secure channel protocol proposed in the embodiments of the present application is used, if a user wishes to issue some instructions from the server 200 to the SE chip 111, the SCP90 protocol proposed in the embodiments of the present application may be used to encrypt and authenticate data, the ciphertext instruction processed and generated by the server 200 may be sent to different SE chips 111 in the plurality of terminal devices 100 at a time, so that the server 200 may generate corresponding processing instructions for a batch of SE chips 111 at a time, and after the generation, the data may be directly sent to the SE chip 111 without interaction with the SE chip 111, and the SE chip 111 may perform identity verification and decryption on the received data. This scheme can protect the authenticity and confidentiality of the transmitted data, save the computing resources of the server 200, and take effect for a plurality of SE chips 111 by computing only once.
In the traditional application scenario using SCP03 protocol, a traffic card application is installed in a mobile phone to require time in minutes, and after the safety channel protocol provided in the embodiment of the application is used, the time can be compressed to the second level, so that the use experience of a user can be greatly improved, and the consumed bandwidth and interaction times in the application process are reduced.
The formats of the initialization signaling, the secure channel signaling, and the information acquisition signaling provided in the embodiments of the present application are an encapsulation format indicating the protocol version used and the algorithm selected, and of course, embodiments of the present application are not limited thereto, and other formats may be used to encapsulate the information, so long as the information may be transmitted.
In addition, in addition to the method for encrypting plaintext and generating integrity verification data using GCM mode provided in the embodiments of the present application, other symmetric algorithm operation modes may be used to complete calculation of ciphertext and calculation of integrity data, for example: ciphertext is calculated using codebook (electronic codebook, ECB) mode or CBC mode, and MAC value is calculated using cbc_mac.
The embodiment of the application combines the national encryption algorithm to realize the one-way authentication and interaction of the entity outside the card and the SE chip, wherein the algorithm for realizing confidentiality protection and identity authentication can have various choices, and is not limited to a plurality of specific combinations mentioned in the embodiment of the application. Therefore, the algorithm mentioned in the embodiment of the application is changed to other algorithms, and functions similar to those of the embodiment of the application can be realized.
It is to be understood that some or all of the steps or operations in the above embodiments are merely examples, and embodiments of the present application may also perform other operations or variations of various operations. Furthermore, the various steps may be performed in a different order presented in the above embodiments, and it is possible that not all of the operations in the above embodiments are performed.
It will be appreciated that server 200, in order to implement the above-described functionality, includes corresponding hardware and/or software modules that perform the respective functions. The steps of an algorithm for each example described in connection with the embodiments disclosed herein may be embodied in hardware or a combination of hardware and computer software. Whether a function is implemented as hardware or computer software driven hardware depends upon the particular application and design constraints imposed on the solution. Those skilled in the art may implement the described functionality using different approaches for each particular application in conjunction with the embodiments, but such implementation is not to be considered as outside the scope of this application.
The present embodiment may divide the functional modules of the server 200 according to the above-described method embodiment, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one module. The integrated modules described above may be implemented in hardware. It should be noted that, in this embodiment, the division of the modules is schematic, only one logic function is divided, and another division manner may be implemented in actual implementation.
Fig. 14 is a schematic structural diagram of a signaling security transmission device according to an embodiment of the present application, and as shown in fig. 14, the signaling security transmission device may include: an acquisition module 1401, an encryption module 1402, a generation module 1403, a packaging module 1404, and a transmission module 1405;
wherein, the acquiring module 1401 is configured to acquire plaintext data to be transmitted;
an encryption module 1402, configured to encrypt the plaintext data according to a security level supported by the SE chip 111, to obtain first encrypted data; wherein SE chip 111 is installed in terminal device 100;
the acquisition module 1401 is further configured to acquire a version number of a secure channel established by the server 200 and the SE chip 111 in a current session;
a generating module 1403, configured to generate a secure channel instruction according to the first encrypted data, and generate an initialization instruction according to the security level and the version number;
a packaging module 1404, configured to package the initialization instruction and the secure channel instruction to obtain a data packet;
a sending module 1405, configured to send the data packet obtained by the packaging module 1404 to the terminal device 100, so that the terminal device 100 sends an initialization instruction and a secure channel instruction in the data packet to the SE chip 111, so that the SE chip 111 analyzes the secure channel instruction according to the initialization instruction, and obtains plaintext data.
The secure transmission device of signaling provided by the embodiment shown in fig. 14 may be used as the server 200, or a part of the server 200 to implement the technical solution of the method embodiment shown in fig. 6 of the present application, and the principle and technical effects of the implementation may be further described with reference to the related descriptions in the method embodiment.
Fig. 15 is a schematic structural diagram of a secure transmission device for signaling according to another embodiment of the present application, which is different from the secure transmission device for signaling shown in fig. 14 in that, in the secure transmission device for signaling shown in fig. 15, a generating module 1403 is specifically configured to carry first encrypted data in a data field of a secure channel command format to obtain a secure channel command;
a generating module 1403, specifically configured to set a value of a security parameter domain in an initialization instruction format according to the security level, and set a value of a protocol version domain in the initialization instruction format according to the version number, so as to obtain an initialization instruction; the value of the security parameter field is used to indicate an encryption mode used to convert the plaintext data into first encrypted data.
Further, the secure transmission device of the signaling may further include: an authentication module 1406;
The authentication module 1406 is configured to perform authentication processing on the first encrypted data according to an authentication level supported by the SE chip 111 after the encryption module 1402 obtains the first encrypted data, to obtain second encrypted data.
In this embodiment, the authentication module 1406 may include: a data encryption submodule 14061 and a signature submodule 14062;
a data encryption submodule 14061, configured to encrypt a value of a counter stored in the server 200, a key and an initial vector used when encrypting the plaintext data, and an integrity check value in the first encrypted data, to obtain second encrypted data;
the signature submodule 14062 is configured to sign the second encrypted data using a signature function corresponding to the authentication level supported by the SE chip 111, and obtain a signature value corresponding to the second encrypted data.
In this embodiment, the generating module 1403 is specifically configured to set a value of a security parameter domain in an initialization instruction format according to the security level and the authentication level, and set a value of a protocol version domain in the initialization instruction format according to the version number; and carrying the second encrypted data and the signature value corresponding to the second encrypted data in the data field of the initializing instruction format according to the value of the security parameter field so as to obtain an initializing instruction; the value of the security parameter field is used to indicate an encryption mode used to convert the plaintext data into the first encrypted data and an authentication mode used to authenticate the first encrypted data.
In this embodiment, the encryption module 1402 is specifically configured to obtain the ith plaintext data to be processed in the plaintext data, and splice a predetermined data segment with the ith plaintext data; the spliced data is encrypted using a function corresponding to the security level supported by SE chip 111.
In particular, when the security level supported by the SE chip 111 is confidentiality and integrity protection, the encryption module 1402 is specifically configured to encrypt the spliced data by using an encryption function; when the security level supported by the SE chip 111 is integrity protection, the spliced data is encrypted using an integrity protection function.
The secure transmission device of signaling provided by the embodiment shown in fig. 15 may be used as the server 200, or a part of the server 200 to implement the technical solution of the method embodiment shown in fig. 6 of the present application, and the principle and technical effects of the implementation may be further described with reference to the related descriptions in the method embodiment.
Also, it is understood that SE chip 111, in order to implement the above-described functions, includes corresponding hardware and/or software modules that perform the respective functions. The steps of an algorithm for each example described in connection with the embodiments disclosed herein may be embodied in hardware or a combination of hardware and computer software. Whether a function is implemented as hardware or computer software driven hardware depends upon the particular application and design constraints imposed on the solution. Those skilled in the art may implement the described functionality using different approaches for each particular application in conjunction with the embodiments, but such implementation is not to be considered as outside the scope of this application.
In this embodiment, the function modules may be divided into SE chips 111 according to the above-described method embodiment, for example, each function module may be divided corresponding to each function, or two or more functions may be integrated into one module. The integrated modules described above may be implemented in hardware. It should be noted that, in this embodiment, the division of the modules is schematic, only one logic function is divided, and another division manner may be implemented in actual implementation.
Fig. 16 is a schematic structural diagram of a signaling security transmission device according to still another embodiment of the present application, and as shown in fig. 16, the signaling security transmission device may include: a receiving module 1601, a verifying module 1602, and a decrypting module 1603;
a receiving module 1601, configured to receive an instruction provided by the server 200 and sent by the terminal device 100, where the instruction includes an initialization instruction and a secure channel instruction;
a verification module 1602, configured to perform identity verification on the initialization instruction according to an authentication level supported by the SE chip 111;
a decryption module 1603, configured to decrypt the initialization instruction after the initialization instruction passes the authentication, and obtain a key of a secure channel established in a current session between the SE chip 111 and the server 200, an initial vector, and an integrity check value obtained after the server 200 encrypts plaintext data; decrypting the first encrypted data included in the secure channel instruction by using the key, the initial vector and the integrity check value to obtain plaintext data; wherein the first encrypted data is obtained after the server 200 encrypts the plaintext data, and the first encrypted data is carried in the secure channel instruction.
The secure transmission device of signaling provided by the embodiment shown in fig. 16 may be used as the SE chip 111, or a part of the SE chip 111 to implement the technical solution of the method embodiment shown in fig. 9 of the present application, and the implementation principle and technical effect may be further described with reference to the related description in the method embodiment.
Fig. 17 is a schematic structural diagram of a signaling security transmission device according to still another embodiment of the present application, and is different from the signaling security transmission device shown in fig. 16 in that, in the signaling security transmission device shown in fig. 17, a verification module 1602 is specifically configured to verify a signature value included in a data field of the initialization instruction by using a key specified in the initialization instruction.
In this embodiment, the decryption module 1603 may include: a data decryption sub-module 16031, a contrast sub-module 16032, and a save sub-module 16033;
a data decryption submodule 16031, configured to decrypt the second encrypted data carried in the data field of the initialization instruction by using the key specified in the initialization instruction, to obtain a value of a counter stored by the server 200, a key and an initial vector used in the process of encrypting the plaintext data by the server 200, and an integrity check value obtained after encrypting the plaintext data by the server 200;
A comparison submodule 16032 for comparing the value of the counter held by the server 200 with the value of the counter held in the SE chip 111;
a preserving sub-module 16033, configured to, when the value of the counter preserved by the server 200 is greater than or equal to the value of the counter preserved in the SE chip, preserve the key and the initial vector used in the process of encrypting the plaintext data by the server 200 obtained by decrypting by the data decrypting sub-module 16031, and the integrity check value.
Further, the secure transmission device of the signaling may further include: a transmit module 1604;
a receiving module 1601, configured to receive an information acquisition instruction sent by the terminal device 100 before receiving the instruction sent by the terminal device 100;
a sending module 1604, configured to send, to the terminal device 100, a version of a secure channel protocol currently supported by the SE chip and a version of a key in the SE chip;
then, the instruction sent by the terminal device 100 may include: instructions that match the version of the secure channel protocol currently supported by SE chip 111 and the version of the key in SE chip 111.
The secure transmission device of signaling provided by the embodiment shown in fig. 17 may be used as the SE chip 111, or a part of the SE chip 111 to implement the technical solution of the method embodiment shown in fig. 9 of the present application, and the implementation principle and technical effect may be further described with reference to the related description in the method embodiment.
The embodiment of the present application further provides a computer readable storage medium, where a computer program is stored, which when executed on a computer, causes the computer to perform the method for secure transmission of signaling provided by the embodiment shown in fig. 6 of the present application.
The embodiment of the present application further provides a computer readable storage medium, where a computer program is stored, which when executed on a computer, causes the computer to perform the method for secure transmission of signaling provided by the embodiment shown in fig. 9 of the present application.
The present embodiment also provides a computer program product comprising a computer program which, when run on a computer, causes the computer to perform the method for secure transmission of signalling provided by the embodiment shown in fig. 6 of the present application.
The present application also provides a computer program product comprising a computer program which, when run on a computer, causes the computer to perform the method for secure transmission of signalling provided by the embodiment shown in fig. 9 of the present application.
In the embodiments of the present application, "at least one" means one or more, and "a plurality" means two or more. "and/or", describes an association relation of association objects, and indicates that there may be three kinds of relations, for example, a and/or B, and may indicate that a alone exists, a and B together, and B alone exists. Wherein A, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of the following" and the like means any combination of these items, including any combination of single or plural items. For example, at least one of a, b and c may represent: a, b, c, a and b, a and c, b and c or a and b and c, wherein a, b and c can be single or multiple.
Those of ordinary skill in the art will appreciate that the various elements and algorithm steps described in the embodiments disclosed herein can be implemented as a combination of electronic hardware, computer software, and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In several embodiments provided herein, any of the functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely specific embodiments of the present application, and any person skilled in the art may easily conceive of changes or substitutions within the technical scope of the present application, which should be covered by the protection scope of the present application. The protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. A method for secure transmission of signaling for a secure element SE chip, comprising:
receiving an instruction provided by a server and sent by a terminal device, wherein the instruction comprises an initialization instruction and a secure channel instruction;
according to the authentication level supported by the SE chip, carrying out identity verification on the initialization instruction;
after the initialization instruction passes the identity verification, decrypting the initialization instruction to obtain relevant decryption parameters for decrypting the first encrypted data included in the secure channel instruction;
and decrypting the first encrypted data by using the decryption parameters to obtain the plaintext data.
2. The method of claim 1, wherein the authenticating the initialization instruction according to the authentication level supported by the SE chip comprises:
And verifying the signature value included in the data field of the initialization instruction by using the key specified in the initialization instruction.
3. The method of claim 1, wherein decrypting the initialization instruction to obtain the associated decryption parameters for decrypting the first encrypted data included in the secure channel instruction comprises:
decrypting the initialization instruction to obtain a secret key of a secure channel established in the current session between the SE chip and the server, an initial vector and an integrity check value obtained after the server encrypts plaintext data.
4. The method of claim 3, wherein decrypting the first encrypted data using the decryption parameters comprises:
decrypting first encrypted data included in the secure channel instruction by using the key, the initial vector and the integrity check value to obtain the plaintext data; the first encrypted data is obtained after the server encrypts plaintext data, and the first encrypted data is carried in the secure channel instruction.
5. The method of claim 4, wherein decrypting the first encrypted data included in the secure channel instruction using the key, the initial vector, and the integrity check value, obtaining the plaintext data comprises:
when the security level selected by the user is confidentiality and integrity protection, decrypting the first encrypted data included in the security channel instruction by using a decryption function by using the secret key, the initial vector and the integrity check value to obtain the plaintext data;
and when the security level selected by the user is integrity protection, decrypting the first encrypted data included in the security channel instruction by using the key, the initial vector and the integrity check value by using an integrity protection function to obtain the plaintext data.
6. The method of claim 3, wherein decrypting the initialization instruction to obtain a key for a secure channel established by the SE chip and the server in a current session, an initial vector, and an integrity check value obtained after encrypting plaintext data by the server comprises:
Decrypting second encrypted data carried in a data field of the initialization instruction by using a key specified in the initialization instruction to obtain a value of a counter stored by the server, a key and an initial vector used in the process of encrypting the plaintext data by the server, and an integrity check value obtained after encrypting the plaintext data by the server;
comparing the value of the counter stored by the server with the value of the counter stored in the SE chip;
and if the value of the counter stored by the server is greater than or equal to the value of the counter stored in the SE chip, storing the key and the initial vector obtained by decryption and the integrity check value.
7. The method of claim 1, further comprising, prior to the receiving the instruction provided by the server sent by the terminal device:
receiving an information acquisition instruction sent by terminal equipment;
transmitting the version of the secure channel protocol currently supported by the SE chip and the version of the secret key in the SE chip to the terminal equipment;
the instruction sent by the terminal equipment comprises the following steps: instructions matching the version of the secure channel protocol DD204204I currently supported by the SE chip and the version of the key in the SE chip.
8. A secure transmission device for signaling, disposed in a secure element SE chip, the device comprising:
the receiving module is used for receiving an instruction provided by the server and sent by the terminal equipment, wherein the instruction comprises an initialization instruction and a security channel instruction;
the verification module is used for carrying out identity verification on the initialization instruction according to the authentication level supported by the SE chip;
the decryption module is used for decrypting the initialization instruction after the initialization instruction passes the identity verification, and obtaining relevant decryption parameters for decrypting the first encrypted data included in the security channel instruction; and decrypting the first encrypted data by using the decryption parameters to obtain the plaintext data.
9. The apparatus of claim 8, wherein the device comprises a plurality of sensors,
the decryption module is specifically configured to decrypt the initialization instruction to obtain a secret key of a secure channel established in a current session between the SE chip and the server, an initial vector, and an integrity check value obtained after the server encrypts plaintext data; decrypting first encrypted data included in the secure channel instruction by using the key, the initial vector and the integrity check value to obtain the plaintext data; the first encrypted data is obtained after the server encrypts plaintext data, and the first encrypted data is carried in the secure channel instruction.
10. A secure element SE chip, comprising: memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method according to any of claims 1-7 when the computer program is executed.
CN202310365729.8A 2021-02-09 2021-02-09 Secure transmission method and device for signaling and SE chip Pending CN116366347A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310365729.8A CN116366347A (en) 2021-02-09 2021-02-09 Secure transmission method and device for signaling and SE chip

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110179112.8A CN114944925B (en) 2021-02-09 2021-02-09 Signaling secure transmission method and device, server and SE chip
CN202310365729.8A CN116366347A (en) 2021-02-09 2021-02-09 Secure transmission method and device for signaling and SE chip

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN202110179112.8A Division CN114944925B (en) 2021-02-09 2021-02-09 Signaling secure transmission method and device, server and SE chip

Publications (1)

Publication Number Publication Date
CN116366347A true CN116366347A (en) 2023-06-30

Family

ID=82837489

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202110179112.8A Active CN114944925B (en) 2021-02-09 2021-02-09 Signaling secure transmission method and device, server and SE chip
CN202310365729.8A Pending CN116366347A (en) 2021-02-09 2021-02-09 Secure transmission method and device for signaling and SE chip

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN202110179112.8A Active CN114944925B (en) 2021-02-09 2021-02-09 Signaling secure transmission method and device, server and SE chip

Country Status (2)

Country Link
CN (2) CN114944925B (en)
WO (1) WO2022170857A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115208554B (en) * 2022-09-13 2022-12-13 三未信安科技股份有限公司 Management method and system for key self-checking, self-correcting and self-recovering
CN115604715B (en) * 2022-12-01 2023-04-18 北京紫光青藤微系统有限公司 NFC function control method based on security channel and mobile terminal device
CN116455572B (en) * 2023-06-16 2023-08-29 北京华安天成智能技术有限公司 Data encryption method, device and equipment
CN117118636B (en) * 2023-10-23 2023-12-29 湖南密码工程研究中心有限公司 IPv6 national security network card
CN117579679B (en) * 2024-01-15 2024-04-19 海马云(天津)信息技术有限公司 Signaling interaction method and device, electronic equipment and storage medium

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090129594A1 (en) * 2007-11-21 2009-05-21 Clark Weissman System and method for providing a trusted network facilitating inter-process communications via an e-box
EP2584755A1 (en) * 2011-10-19 2013-04-24 Gemalto SA Method of sending a command to a secure element
KR102453705B1 (en) * 2015-09-25 2022-10-11 삼성전자주식회사 Operation Method of Payment Device for Selectively Enabling Payment Function According to Validity of Host
CN105790938B (en) * 2016-05-23 2019-02-19 中国银联股份有限公司 Safe unit key generation system and method based on credible performing environment
CN106102054A (en) * 2016-05-27 2016-11-09 深圳市雪球科技有限公司 A kind of method and communication system that safe unit is carried out safety management
CN111556029A (en) * 2017-08-31 2020-08-18 阿里巴巴集团控股有限公司 Identity authentication method and device based on Secure Element (SE)
CN107995608B (en) * 2017-12-05 2021-01-15 飞天诚信科技股份有限公司 Method and device for authentication through Bluetooth vehicle-mounted unit
CN108109242B (en) * 2017-12-21 2020-08-14 广东汇泰龙科技股份有限公司 Hardware encryption method and system based on fingerprint unlocking and intelligent cloud lock
CN108200078B (en) * 2018-01-18 2021-01-05 中国建设银行股份有限公司 Downloading and installing method of signature authentication tool and terminal equipment
CN110166453A (en) * 2019-05-21 2019-08-23 广东联合电子服务股份有限公司 A kind of interface authentication method, system and storage medium based on SE chip
CN111600854B (en) * 2020-04-29 2022-03-08 北京智芯微电子科技有限公司 Method for establishing security channel between intelligent terminal and server

Also Published As

Publication number Publication date
CN114944925B (en) 2023-04-07
WO2022170857A1 (en) 2022-08-18
CN114944925A (en) 2022-08-26

Similar Documents

Publication Publication Date Title
CN114944925B (en) Signaling secure transmission method and device, server and SE chip
CN109547471B (en) Network communication method and device
WO2021051986A1 (en) Method for establishing connection between apparatuses, and electronic device
CN113207122B (en) Message transmission method and device
CN106788977A (en) Low-power consumption bluetooth device talk encryption method and system
WO2023011376A1 (en) Key updating method in beidou communication system, and system and related apparatus
CN115696237A (en) Encryption method, system and related device in Beidou communication system
CN114697058B (en) Identity authentication method, electronic equipment and computer readable storage medium
EP4044643A1 (en) Method for synchronizing key information, system and device
CN114026820A (en) Data uploading method, data downloading method and related equipment
CN106888310A (en) Ciphering and deciphering device and method and communication terminal device
CN114698149A (en) Data transmission method and equipment
CN112182624A (en) Encryption method, encryption device, storage medium and electronic equipment
CN111935166A (en) Communication authentication method, system, electronic device, server, and storage medium
CN114245375A (en) Cross-device key distribution method and electronic device
CN105681256A (en) Audio communication method and audio communication application device
CN1688171A (en) Apparatus and method for implementing data safety transmission of mobile communication apparatus
CN107113701A (en) A kind of matching method, contrast means and intelligent terminal and smart card
CN113821787B (en) Security authentication method and electronic equipment
CN113950048A (en) Connection establishing method, electronic device and storage medium
CN113596811B (en) Data transmission method and terminal equipment
CN106487761A (en) A kind of method for message transmission and the network equipment
US11363455B2 (en) Near field communication forum data exchange format (NDEF) messages with authenticated encryption
CN115701016B (en) Authentication verification method, system and related device in satellite communication system
CN117332398A (en) Method, device and system for issuing device certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination