CN103745155A - Credible Key and safe operation method thereof - Google Patents

Credible Key and safe operation method thereof Download PDF

Info

Publication number
CN103745155A
CN103745155A CN201410004113.9A CN201410004113A CN103745155A CN 103745155 A CN103745155 A CN 103745155A CN 201410004113 A CN201410004113 A CN 201410004113A CN 103745155 A CN103745155 A CN 103745155A
Authority
CN
China
Prior art keywords
credible
described
key
terminal device
trusted
Prior art date
Application number
CN201410004113.9A
Other languages
Chinese (zh)
Inventor
丁占阳
周忠国
黄小鹏
蔡勃
Original Assignee
东信和平科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 东信和平科技股份有限公司 filed Critical 东信和平科技股份有限公司
Priority to CN201410004113.9A priority Critical patent/CN103745155A/en
Publication of CN103745155A publication Critical patent/CN103745155A/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • G06Q20/3415Cards acting autonomously as pay-media

Abstract

The invention provides a credible key and a safe operation method thereof. The credible Key comprises a communication agent module, a safe storage module, a credible computation module and a credible interaction module, wherein the communication agent module is used for establishing a safe channel between the credible Key and a credible operating system of terminal equipment; the safe storage module is used for providing a safe storage API (Application Program Interface) for developing a credible application, and providing a safe storage function for the credible Key; the credible computation module is used for providing a credible computation API for the credible application, and providing a credible computation function for the terminal equipment; the credible interaction module is used for transmitting an interaction command to the credible operating system of the terminal equipment through the communication agent module on the basis of user operation. The credible KEY can be used together with a credible running environment on the terminal equipment, thereby realizing credible services such as remote payment, online transfer, safe storage and credible computation.

Description

A kind of credible Key and method for safely carrying out thereof

Technical field

The present invention relates to mobile payment technical field, relate in particular to a kind of credible Key and method for safely carrying out thereof.

Background technology

At present, Mobile payment terminal equipment can be smart mobile phone, PAD or Portable POS unit, the client application software of mobile payment product is generally positioned at affluent resources operating system (the Rich Operating System of terminal device, Rich OS) on, and the residing running environment of client application software is commonly called affluent resources running environment (Rich Execution Environment, REE).But, Rich OS operation on Mobile payment terminal equipment exists very large safety problem, therefore, these client application software be all subject to security threat, particularly user accounts information, account password, produce the private informations such as accounts information and be easy to illegally be stolen and distort.

For example, in order to prevent that user's private information is stolen and distorts, and has occurred the product for the protection of user's private information, USB-Key on market.These KEY products are gone through repeatedly upgrading, have developed into the safest three generations KEY product at present.For security consideration, three generations Key product design complexity, be conventionally provided with the parts such as input key, display screen, power module, but these parts must cause not Portable belt and inconvenient operation of KEY product.

Along with credible running environment (Trusted Execution Environment, TEE) is in the popularization of payment technical field, on the master cpu of the terminal devices such as mobile phone, PAD or POS machine, can move two running environment, i.e. REE and TEE.If some application that pay class operate on Rich OS, just exist very large potential safety hazard, so the relatively high application of level of security generally can be placed under TEE environment and move.But, lack in the market the credible Key product based on credible running environment.

Summary of the invention

In view of this, the invention provides a kind of credible Key and method for safely carrying out thereof, in order to solve the problem that lacks the credible Key product based on credible running environment in prior art, its technical scheme is as follows:

A kind of credible Key, described credible Key at least comprises:

Communication agent module, for set up escape way between described credible Key and the trusted operating system of terminal device, described escape way is mutual for realizing secure data between described credible Key and the trusted operating system of terminal device;

Secure storage module, is used to exploitation trusted application that safe storage API is provided, and, for described credible Key provides safe storage function;

Creditable calculation modules, is used to trusted application that credible calculating API is provided, and, for described terminal device provides credible computing function;

Credible interactive module, sends interactive command by described communication agent module to the trusted operating system of described terminal device for the operation based on user.

Optionally, described credible Key is the contactless smart card based on 13.56MHz wireless communication technology.

Optionally, described credible Key is the contact smart card based on wired connection.

A method for safely carrying out of credible Key, comprising:

When the first trusted application on terminal device receives triggering command, set up the escape way between described credible Key, to realize and the data interaction of described credible Key;

After the escape way of setting up between described credible Key, the first trusted application on described terminal device is utilized safe storage function and the credible computing function of described credible Key, realizes the operation flow operation of the first trusted application on described terminal device.

Wherein, after the escape way of setting up between described credible Key, the first trusted application on described terminal device is utilized safe storage function and the credible computing function of described credible Key, realizes the operation flow operation of the first trusted application on described terminal device, is specially:

After the escape way of setting up between described credible Key, the first trusted application on described terminal device sends the services request of safe storage or credible calculating to described credible Key;

The request that described credible Key sends according to the first trusted application on described terminal device, carries out credible calculating or the safe storage function corresponding with described request, and execution result is returned to the first trusted application on described terminal device.

Said method also comprises:

After the operation flow EO of the first trusted application on described terminal device, close the escape way between described credible Key.

A method for safely carrying out of credible Key, comprising:

When the first trusted application on terminal device receives triggering command, trigger the second trusted application on described credible key;

Escape way between the trusted users interactive interface TUI of the trusted operating system on the second trusted application foundation and described terminal device on described credible Key;

After escape way between the TUI of the trusted operating system on foundation and described terminal device, the second trusted application on described credible Key utilizes the service of TUI of the trusted operating system on described terminal device and other can telecommunications services, realizes the operation flow operation of the second trusted application on described credible Key.

Wherein, after escape way between the TUI of the trusted operating system on foundation and described terminal device, the second trusted application on described credible Key utilizes the service of TUI of the trusted operating system on described terminal device and other can telecommunications services, realize the operation flow operation of the second trusted application on described credible Key, be specially:

Set up with described terminal device on the TUI of trusted operating system between escape way after, the second trusted application on described credible Key sends and the request of user interactions to the TUI of the trusted operating system on described terminal device;

The TUI of the trusted operating system on described terminal device utilizes the service of described TUI can telecommunications services determine the user interactive data corresponding with described request with other;

The user interactive data corresponding with described request of determining returned to the second trusted application on described credible Key.

Said method also comprises: after the operation flow EO of the second trusted application on described credible Key, the second trusted application on described credible Key close and described terminal device on escape way between the TUI of trusted operating system.

Technique scheme has following beneficial effect:

Credible Key provided by the invention and method for safely carrying out thereof, make under credible running environment, credible Key and Trusted OS can set up escape way, based on this escape way, credible Key and Trusted OS can carry out safe data interaction, the private information that therefore, can effectively guarantee user is not illegally accessed and monitors.In addition, due to the existence of credible running environment, make credible Key than traditional Key equipment simplicity of design, portable, easy to operate; Credible Key can be used the TUI service of credible running environment, and user has better experience in operating process.The credible KEY that the embodiment of the present invention provides can be used with together with credible running environment TEE on terminal device, can realize remote payment, transfers accounts on the net, safe storage, credible calculating etc. can telecommunications services.

Accompanying drawing explanation

In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is only embodiments of the invention, for those of ordinary skills, do not paying under the prerequisite of creative work, other accompanying drawing can also be provided according to the accompanying drawing providing.

The structural representation of a kind of credible Key that Fig. 1 provides for the embodiment of the present invention;

The schematic flow sheet of the method for safely carrying out of credible Key under the passive service pattern that Fig. 2 provides for the embodiment of the present invention;

The applied environment Organization Chart of the credible Key that Fig. 3 provides for the embodiment of the present invention;

Under the passive service pattern that Fig. 4 provides for the embodiment of the present invention, in the method for safely carrying out of credible Key, realize the schematic flow sheet of the specific implementation of the operation flow operation of the first trusted application on terminal device;

The schematic flow sheet of the method for safely carrying out of credible Key under the master mode that Fig. 5 provides for the embodiment of the present invention;

Under the master mode that Fig. 6 provides for the embodiment of the present invention, in the method for safely carrying out of credible Key, realize the schematic flow sheet of the specific implementation of the operation flow operation of the second trusted application on credible Key.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on the embodiment in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.

Refer to Fig. 1, the structural representation of a kind of credible Key providing for the embodiment of the present invention, this is credible, and Key at least can comprise: communication agent module 101, secure storage module 102, creditable calculation modules 103 and credible interactive module 104.Communication agent module 101, secure storage module 102, creditable calculation modules 103 and credible interactive module 104 can realize trusted operating system (the Reduced Trusted OS of cutting, R-TOS), based on R-TOS, in the credible Key that the embodiment of the present invention provides, multiple trusted application can be installed.

The function of the modules to credible Key is elaborated below:

Communication agent module 101, sets up escape way between the trusted operating system (Trusted Operating System, Trusted OS) for the credible running environment TEE on credible Key and terminal device.

Wherein, escape way is mutual for realizing secure data between the trusted operating system Trusted OS of the credible running environment TEE on credible Key and terminal device.

Secure storage module 102, is used to exploitation trusted application that the application programming interface (Application Programming Interface, API) of safe storage is provided, and provides safe storage function for credible Key.

Wherein, for providing safe storage function, credible Key is specially: the business datum of related secret in storage service flow operations.

Creditable calculation modules 103, is used to trusted application that credible calculating API is provided, and provides credible computing function for terminal device.

Wherein, for providing credible computing function, terminal device is specially: the operations such as the business datum related to operation flow operating process is encrypted, deciphering.

Credible interactive module 104, sends interactive command by communication agent module to the trusted operating system Trusted OS of the credible running environment TEE on terminal device for the operation based on user.

The credible Key that the embodiment of the present invention provides can be for example, contact type intelligent card based on wireless communication technology (, bluetooth, infrared).Exemplary, credible Key can be the contactless smart card based on 13.56MHz wireless communication technology.

The credible Key that the embodiment of the present invention provides can also be the contact smart card based on wired connection.Exemplary, credible Key can be the contact intelligent card of the wired connections such as USB, SDIO, SPI, I2C, ISO7816.These smart cards may be ESE, SSD, SIM, SWP-SD, the product form such as SWP-SIM, and only different product form is used different physical interfaces, and the mode of setting up escape way with Trusted OS may be different.

Between trusted operating system Trusted OS on the credible Key that the embodiment of the present invention provides and terminal device in credible running environment TEE, can set up escape way, based on this escape way, realize on credible Key and terminal device the secure data between the trusted operating system Trusted OS in credible running environment TEE mutual.That is, the credible KEY that the embodiment of the present invention provides can be used with together with credible running environment TEE on terminal device, can realize remote payment, transfers accounts on the net, safe storage, credible calculating etc. can telecommunications services.

The credible Key that above-described embodiment provides at least comprises two kinds of secure mode of operation: passive service pattern and master mode.Provide respectively under passive service pattern and master mode the method for safely carrying out of credible Key below.

Refer to Fig. 2, the schematic flow sheet of the method for safely carrying out of credible Key under the passive service pattern providing for the embodiment of the present invention, the method can comprise:

Step S201: when the first trusted application on terminal device receives triggering command, set up the escape way between credible Key, to realize and the data interaction of credible Key.

Provide the implementation that the first trusted application on terminal device is triggered below, take credible Key as based on wireless communication technology contact type intelligent card (being called for short contactless credible Key) as example:

Refer to Fig. 3, for the applied environment Organization Chart of credible Key, based on this Organization Chart, in a kind of possible implementation, by user, operate client application (the Client Application in affluent resources operating system Rich OS, CA), initiatively trigger safe operation flow process, this triggering mode is filed an application to the modular converter of hardware bottom layer by the communication agent module in Rich OS, from affluent resources running environment, REE is switched to credible running environment TEE, Trusted OS under operation TEE, Trusted OS carries out first trusted application (the Trusted Application corresponding with CA, TA), TA controls safe operation flow process.In the possible implementation of another kind, by user, brushing the credible KEY of noncontact triggers, when NFC controller detects the credible KEY admission of noncontact, the modular converter control of hardware bottom layer is switched to credible running environment TEE from affluent resources running environment REE, and the TA in credible running environment TEE controls safe operation flow process.

Step S202: after the escape way of setting up between credible Key, the first trusted application on terminal device is utilized safe storage function and the credible computing function of credible Key, realizes the operation flow operation of the first trusted application on terminal device.

Fig. 4 shows after the escape way of setting up between credible Key, the first trusted application on terminal device is utilized safe storage function and the credible computing function of credible Key, the schematic flow sheet of realizing the specific implementation of the operation flow operation of the first trusted application on terminal device, can comprise:

Step S401: after the escape way of setting up between credible Key, the first trusted application on terminal device is to the upper services request that sends safe storage or credible calculating of credible Key.

Step S402: credible Key, according to the request of the first trusted application on terminal device, carries out credible calculating or the safe storage function corresponding with request, and execution result is returned to the first trusted application on terminal device.

After operation flow EO, return to the flow process of method for safely carrying out:

Step S203: after the operation flow EO of the first trusted application on terminal device, close the escape way between credible Key.

After the first trusted application end of run on terminal device, by operation power, give trusted operating system Trusted OS.

Flow process via aforesaid operations method is known, under the passive service pattern of credible Key, after the first trusted application in credible running environment on terminal device is triggered, this first trusted application, as host applications, is used the safe storage function of credible KEY or credible computing function to realize operation flow operation.

Refer to Fig. 5, the schematic flow sheet of the method for safely carrying out of credible Key under the master mode providing for the embodiment of the present invention, can comprise:

Step S501: when the first trusted application on terminal device receives triggering command, trigger the second trusted application on credible key.

Step S502: the escape way between the trusted users interactive interface TUI of the trusted operating system on the second trusted application foundation and terminal device on credible Key.

Step S503: after the escape way between the TUI of the trusted operating system on foundation and terminal device, the second trusted application on credible Key utilizes the service of TUI of the trusted operating system on terminal device and other can telecommunications services, realizes the operation flow operation of the second trusted application on credible Key.

Fig. 5 show set up and terminal device on the TUI of trusted operating system between escape way after, the second trusted application on credible Key utilizes the service of TUI of the trusted operating system on terminal device and other can telecommunications services, the schematic flow sheet of realizing the specific implementation of the operation flow operation of the second trusted application on credible Key, can comprise:

Step S601: set up with terminal device on the TUI of trusted operating system between escape way after, the second trusted application on credible Key sends and the request of user interactions to the TUI of the trusted operating system on terminal device.

Step S602: the TUI of the trusted operating system on terminal device utilizes the service of TUI and other telecommunications services to determine and to ask corresponding user interactive data.

Step S603: the user interactive data corresponding with request of determining returned to the second trusted application on credible Key.

After operation flow EO, return to the flow process of method for safely carrying out:

Step S504: after the operation flow EO of the second trusted application on credible Key, the second trusted application on credible Key close and terminal device on escape way between the TUI of trusted operating system.

After the second trusted application end of run on credible Key, by operation power, give trusted operating system Trusted OS.

Flow process via aforesaid operations method is known, under the master mode of credible Key, after the first trusted application in credible running environment on terminal device is triggered, the first trusted application triggers the second trusted application on credible Key, the second trusted application on credible Key, as host applications, is used the TUI service of the trusted operating system Trusted OS in credible running environment TEE on terminal device can telecommunications services realize operation flow operation with other.

It should be noted that, in above-described embodiment, mentioned credible running environment may be the TEE of GP tissue definition, may be also the credible running environment of TEEI of China Unionpay's definition.

Credible Key and method for safely carrying out thereof that the embodiment of the present invention provides, make under credible running environment, credible Key and Trusted OS can set up escape way, based on this escape way, credible Key and Trusted OS carry out safe data interaction, the private information that therefore, can effectively guarantee user is not illegally accessed and monitors.In addition, due to the existence of credible running environment, make credible Key than traditional Key equipment simplicity of design, portable, easy to operate; Credible Key can be used the TUI service of credible running environment, and user has better experience in operating process.

It should be noted that, term in the embodiment of the present invention " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thereby the process, method, article or the equipment that make to comprise a series of key elements not only comprise those key elements, but also comprise other key elements of clearly not listing, or be also included as the intrinsic key element of this process, method, article or equipment.The in the situation that of more restrictions not, the key element being limited by statement " comprising ... ", and be not precluded within process, method, article or the equipment that comprises described key element and also have other identical element.

While for convenience of description, describing above device, with function, being divided into various unit describes respectively.Certainly, when implementing the application, the function of each unit can be realized in same or multiple software and/or hardware.As seen through the above description of the embodiments, those skilled in the art can be well understood to the mode that the application can add essential general hardware platform by software and realizes.Based on such understanding, the part that the application's technical scheme contributes to prior art in essence in other words can embody with the form of software product, this computer software product can be stored in storage medium, as ROM/RAM, magnetic disc, CD etc., comprise that some instructions (can be personal computers in order to make a computer equipment, server, or the network equipment etc.) carry out the method described in some part of each embodiment of the application or embodiment.

To the above-mentioned explanation of the disclosed embodiments, make professional and technical personnel in the field can realize or use the present invention.To the multiple modification of these embodiment, will be apparent for those skilled in the art, General Principle as defined herein can, in the situation that not departing from the spirit or scope of the present invention, realize in other embodiments.Therefore, the present invention will can not be restricted to these embodiment shown in this article, but will meet the widest scope consistent with principle disclosed herein and features of novelty.

Claims (9)

1. a credible Key, is characterized in that, described credible Key at least comprises:
Communication agent module, for set up escape way between described credible Key and the trusted operating system of terminal device, described escape way is mutual for realizing secure data between described credible Key and the trusted operating system of terminal device;
Secure storage module, is used to exploitation trusted application that safe storage API is provided, and, for described credible Key provides safe storage function;
Creditable calculation modules, is used to trusted application that credible calculating API is provided, and, for described terminal device provides credible computing function;
Credible interactive module, sends interactive command by described communication agent module to the trusted operating system of described terminal device for the operation based on user.
2. credible Key according to claim 1, is characterized in that, described credible Key is the contactless smart card based on 13.56MHz wireless communication technology.
3. credible Key according to claim 1, is characterized in that, described credible Key is the contact smart card based on wired connection.
4. a method for safely carrying out of credible Key, is characterized in that, comprising:
When the first trusted application on terminal device receives triggering command, set up the escape way between described credible Key, to realize and the data interaction of described credible Key;
After the escape way of setting up between described credible Key, the first trusted application on described terminal device is utilized safe storage function and the credible computing function of described credible Key, realizes the operation flow operation of the first trusted application on described terminal device.
5. method according to claim 4, it is characterized in that, after the escape way of setting up between described credible Key, the first trusted application on described terminal device is utilized safe storage function and the credible computing function of described credible Key, realize the operation flow operation of the first trusted application on described terminal device, be specially:
After the escape way of setting up between described credible Key, the first trusted application on described terminal device sends the services request of safe storage or credible calculating to described credible Key;
The request that described credible Key sends according to the first trusted application on described terminal device, carries out credible calculating or the safe storage function corresponding with described request, and execution result is returned to the first trusted application on described terminal device.
6. according to the method described in claim 4 or 5, it is characterized in that, also comprise:
After the operation flow EO of the first trusted application on described terminal device, close the escape way between described credible Key.
7. a method for safely carrying out of credible Key, is characterized in that, comprising:
When the first trusted application on terminal device receives triggering command, trigger the second trusted application on described credible key;
Escape way between the trusted users interactive interface TUI of the trusted operating system on the second trusted application foundation and described terminal device on described credible Key;
After escape way between the TUI of the trusted operating system on foundation and described terminal device, the second trusted application on described credible Key utilizes the service of TUI of the trusted operating system on described terminal device and other can telecommunications services, realizes the operation flow operation of the second trusted application on described credible Key.
8. method according to claim 7, it is characterized in that, after escape way between the TUI of the trusted operating system on foundation and described terminal device, the second trusted application on described credible Key utilizes the service of TUI of the trusted operating system on described terminal device and other can telecommunications services, realize the operation flow operation of the second trusted application on described credible Key, be specially:
Set up with described terminal device on the TUI of trusted operating system between escape way after, the second trusted application on described credible Key sends and the request of user interactions to the TUI of the trusted operating system on described terminal device;
The TUI of the trusted operating system on described terminal device utilizes the service of described TUI can telecommunications services determine the user interactive data corresponding with described request with other;
The user interactive data corresponding with described request of determining returned to the second trusted application on described credible Key.
9. method according to claim 6, is characterized in that, also comprises:
After the operation flow EO of the second trusted application on described credible Key, the second trusted application on described credible Key close and described terminal device on escape way between the TUI of trusted operating system.
CN201410004113.9A 2014-01-03 2014-01-03 Credible Key and safe operation method thereof CN103745155A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410004113.9A CN103745155A (en) 2014-01-03 2014-01-03 Credible Key and safe operation method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410004113.9A CN103745155A (en) 2014-01-03 2014-01-03 Credible Key and safe operation method thereof

Publications (1)

Publication Number Publication Date
CN103745155A true CN103745155A (en) 2014-04-23

Family

ID=50502172

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410004113.9A CN103745155A (en) 2014-01-03 2014-01-03 Credible Key and safe operation method thereof

Country Status (1)

Country Link
CN (1) CN103745155A (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104021470A (en) * 2014-05-28 2014-09-03 恒宝股份有限公司 Wireless communication-based mobile payment system and mobile payment method
CN104077533A (en) * 2014-07-17 2014-10-01 北京握奇智能科技有限公司 Sensitive data operating method and device
CN104125216A (en) * 2014-06-30 2014-10-29 华为技术有限公司 Method, system and terminal capable of improving safety of trusted execution environment
CN105307163A (en) * 2015-12-01 2016-02-03 恒宝股份有限公司 Safe communication method and device
CN105446713A (en) * 2014-08-13 2016-03-30 阿里巴巴集团控股有限公司 Safe storage method and equipment
CN105468659A (en) * 2014-09-28 2016-04-06 阿里巴巴集团控股有限公司 Data synchronizing method and apparatus
CN105574720A (en) * 2015-12-14 2016-05-11 联想(北京)有限公司 Secure information processing method and secure information processing apparatus
WO2016070810A1 (en) * 2014-11-05 2016-05-12 中国银联股份有限公司 Method for a dual access application between two execution environments
CN105592403A (en) * 2014-12-29 2016-05-18 中国银联股份有限公司 Communication device and communication method based on NFC
CN105931042A (en) * 2015-09-22 2016-09-07 中国银联股份有限公司 Application authority management method and intelligent POS terminal
CN105978920A (en) * 2016-07-28 2016-09-28 恒宝股份有限公司 Method for having access to credible application, CA and TA
CN106228072A (en) * 2016-07-21 2016-12-14 恒宝股份有限公司 A kind of general TA payment platform and method of payment
WO2017088261A1 (en) * 2015-11-23 2017-06-01 小米科技有限责任公司 Biometric technology-based mobile payment method, device and apparatus
CN107924449A (en) * 2016-03-18 2018-04-17 华为技术有限公司 A kind of notification message processing method, device and terminal
US10432611B2 (en) 2015-08-07 2019-10-01 Alibaba Group Holding Limited Transaction processing method and client based on trusted execution environment
WO2019192344A1 (en) * 2018-04-02 2019-10-10 华为技术有限公司 Trust zone-based operating system and method
WO2019237814A1 (en) * 2018-06-11 2019-12-19 中国银联股份有限公司 Non-contact communication method and communication device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004029860A1 (en) * 2002-09-27 2004-04-08 Nokia Corporation Wireless communication device providing a contactless interface for a smart card reader
CN101031939A (en) * 2004-10-19 2007-09-05 英特尔公司 Method and apparatus for securing communications between a smartcard and a terminal
CN101996332A (en) * 2009-08-26 2011-03-30 深圳市文鼎创数据科技有限公司 Intelligent security device
CN102402820A (en) * 2010-09-13 2012-04-04 中国移动通信有限公司 Electronic transaction method and terminal equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004029860A1 (en) * 2002-09-27 2004-04-08 Nokia Corporation Wireless communication device providing a contactless interface for a smart card reader
CN101031939A (en) * 2004-10-19 2007-09-05 英特尔公司 Method and apparatus for securing communications between a smartcard and a terminal
CN101996332A (en) * 2009-08-26 2011-03-30 深圳市文鼎创数据科技有限公司 Intelligent security device
CN102402820A (en) * 2010-09-13 2012-04-04 中国移动通信有限公司 Electronic transaction method and terminal equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
国炜等: "移动智能终端可信环境分析", 《现代电信科技》 *

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104021470B (en) * 2014-05-28 2017-05-10 恒宝股份有限公司 Wireless communication-based mobile payment system and mobile payment method
CN104021470A (en) * 2014-05-28 2014-09-03 恒宝股份有限公司 Wireless communication-based mobile payment system and mobile payment method
CN104125216B (en) * 2014-06-30 2017-12-15 华为技术有限公司 A kind of method, system and terminal for lifting credible performing environment security
CN104125216A (en) * 2014-06-30 2014-10-29 华为技术有限公司 Method, system and terminal capable of improving safety of trusted execution environment
CN104077533A (en) * 2014-07-17 2014-10-01 北京握奇智能科技有限公司 Sensitive data operating method and device
CN105446713A (en) * 2014-08-13 2016-03-30 阿里巴巴集团控股有限公司 Safe storage method and equipment
CN105446713B (en) * 2014-08-13 2019-04-26 阿里巴巴集团控股有限公司 Method for secure storing and equipment
CN105468659B (en) * 2014-09-28 2019-01-04 阿里巴巴集团控股有限公司 A kind of method of data synchronization and device
CN105468659A (en) * 2014-09-28 2016-04-06 阿里巴巴集团控股有限公司 Data synchronizing method and apparatus
US10367789B2 (en) 2014-09-28 2019-07-30 Alibaba Group Holding Limited Data synchronization method and apparatus
WO2016070810A1 (en) * 2014-11-05 2016-05-12 中国银联股份有限公司 Method for a dual access application between two execution environments
CN105592019A (en) * 2014-11-05 2016-05-18 中国银联股份有限公司 Method for bidirectional access to application between dual execution environments
CN105592019B (en) * 2014-11-05 2018-12-25 中国银联股份有限公司 The method that two-way access is applied between dual execution environment
WO2016107381A1 (en) * 2014-12-29 2016-07-07 中国银联股份有限公司 Nfc-based communication device and method
CN105592403A (en) * 2014-12-29 2016-05-18 中国银联股份有限公司 Communication device and communication method based on NFC
US10432611B2 (en) 2015-08-07 2019-10-01 Alibaba Group Holding Limited Transaction processing method and client based on trusted execution environment
CN105931042A (en) * 2015-09-22 2016-09-07 中国银联股份有限公司 Application authority management method and intelligent POS terminal
RU2649786C2 (en) * 2015-11-23 2018-04-04 Сяоми Инк. Mobile payment device based on biological technology, method and device
WO2017088261A1 (en) * 2015-11-23 2017-06-01 小米科技有限责任公司 Biometric technology-based mobile payment method, device and apparatus
CN105307163A (en) * 2015-12-01 2016-02-03 恒宝股份有限公司 Safe communication method and device
CN105307163B (en) * 2015-12-01 2019-03-19 恒宝股份有限公司 A kind of safety communicating method and device
CN105574720A (en) * 2015-12-14 2016-05-11 联想(北京)有限公司 Secure information processing method and secure information processing apparatus
CN107924449A (en) * 2016-03-18 2018-04-17 华为技术有限公司 A kind of notification message processing method, device and terminal
CN106228072A (en) * 2016-07-21 2016-12-14 恒宝股份有限公司 A kind of general TA payment platform and method of payment
CN105978920A (en) * 2016-07-28 2016-09-28 恒宝股份有限公司 Method for having access to credible application, CA and TA
CN105978920B (en) * 2016-07-28 2019-05-24 恒宝股份有限公司 A kind of method and TA accessing trusted application
WO2019192344A1 (en) * 2018-04-02 2019-10-10 华为技术有限公司 Trust zone-based operating system and method
WO2019237814A1 (en) * 2018-06-11 2019-12-19 中国银联股份有限公司 Non-contact communication method and communication device

Similar Documents

Publication Publication Date Title
KR101596279B1 (en) Method and device for conducting trusted remote payment transactions
US20130173477A1 (en) Storing and forwarding credentials securely from one RFID device to another
TWI554048B (en) Management of near field communications using low power modes of an electronic device
TWI529560B (en) Secure platform system, method for secure provisioning of credentials on an electronic device, and related electronic device and non-transitory computer-readable medium
KR102051931B1 (en) Online payments using a secure element of an electronic device
EP3438812A1 (en) System and method for providing secure data communication permissions to trusted applications on a portable communication device
KR20160015693A (en) The wearble device and control method thereof
CN105493538B (en) The system and method for NFC access control for safety element center type NFC framework
KR20120071982A (en) Near field communication device for secure payment and method for secure payment using near field communication device
KR101830952B1 (en) Using biometric authentication for nfc-based payments
CN100485726C (en) A mobile payment system based on distributed cipher key
US8650635B2 (en) Pressure sensitive multi-layer passwords
CN103793815B (en) Mobile intelligent terminal acquirer system and method suitable for bank cards and business cards
CN104102876A (en) Device for safeguarding operational security of client side
US10540657B2 (en) Secure passcode entry user interface
WO2014115605A1 (en) Method for propagating authentication state among plurality of terminals, and server and computer program thereof
CN103164792B (en) Payment services supplying method on wireless terminal and relevant device and system
CN104823207A (en) Securing personal identification numbers for mobile payment applications by combining with random components
US9923902B2 (en) Remote processsing of mobile applications
EP2860681A1 (en) Mobile terminal and method and system for inquiring information of intelligent card
US10089607B2 (en) Mobile merchant proximity solution for financial transactions
CN105874464B (en) System and method for introducing variation in subsystem output signal to prevent device-fingerprint from analyzing
EP2752766A1 (en) Touch event processing method and portable device implementing the same
WO2015078184A1 (en) Password input method and system
US9558491B2 (en) Scrambling passcode entry interface

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20140423

RJ01 Rejection of invention patent application after publication