CN104751061A - Equipment and device for safety information interaction - Google Patents
Equipment and device for safety information interaction Download PDFInfo
- Publication number
- CN104751061A CN104751061A CN201310741044.5A CN201310741044A CN104751061A CN 104751061 A CN104751061 A CN 104751061A CN 201310741044 A CN201310741044 A CN 201310741044A CN 104751061 A CN104751061 A CN 104751061A
- Authority
- CN
- China
- Prior art keywords
- safety
- safety component
- management devices
- component
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
Abstract
The invention provides equipment and a safety part management device for safety information interaction. The safety part management device can provide the safety application with an operating environment under a safety mode so as to implement safety information interaction process, and the safety part management device manages different types of safety parts by a uniform interface protocol. The equipment and the device for safety information interaction have high safety and applicability and low complexity.
Description
Technical field
The present invention relates to the equipment for information interaction and device, more specifically, relate to for the mutual equipment of safety information and device.
Background technology
At present, along with the becoming increasingly abundant of class of business of the increasingly extensive and different field of cyber-net application, such as, become more and more important for the equipment (especially based on the security information exchange device of mobile terminal) of safety information mutual (namely higher to security requirement information interaction, the transaction processing process in financial field) and device.
In existing technical scheme, in order to improve the security of information interaction equipment, typically in the following way: use the safe unit (SE) with higher-security to store the sensitive information of user, and the safety component (such as NFC module) combining correspondence works together.
But, there are the following problems for existing technical scheme: because different safe units has different management and data interaction pattern (such as using different Data Transport Protocols), therefore when there is multiple safe unit, the complexity of whole system significantly increases (such as needing to support multiple Data Transport Protocol) and operating process loaded down with trivial details (conversion such as between different pieces of information host-host protocol), secondly, because all safe units and corresponding safety component all work under non-security running environment, therefore be still difficult to the potential risk that fundamentally prevents security information from being spied upon and distorting.
Therefore, there is following demand: provide the security and applicability widely with height, and the lower equipment mutual for safety information of complexity and device.
Summary of the invention
In order to solve the problem existing for above-mentioned prior art, the present invention proposes the security and applicability widely with height, and the lower equipment mutual for safety information of complexity and device.
The object of the invention is to be achieved through the following technical solutions:
A kind of safety component management devices, described safety component management devices can provide the running environment under safe mode for security application, to perform safety information reciprocal process, wherein, described safety component management devices manages dissimilar safety component by unified interface protocol.
In scheme disclosed above, preferably, described safety component management devices can provide the running environment under independent safe mode for the security application belonging to different service provider.
In scheme disclosed above, preferably, described unified interface protocol comprises safety management layer, command interaction layer and physical drives layer, described safety management layer is used for performing corresponding safety operation for different safety components, described command interaction layer is used for according to the data communication between different Data Transport Protocols execution security application and corresponding safety component, and described physical drives layer is used for the described dissimilar safety component of actual driving physically.
In scheme disclosed above, preferably, the safety operation performed by described safety management layer comprise following in one or more: safety component access privilege control, safety component identification, safeguard presently used key, provide and safeguard the escape way between security application and corresponding safety component.
In scheme disclosed above, preferably, described safety component management devices manages and safeguards safety component list, the attribute information of the current each safety component be connected with the equipment mutual for safety information of described safety component list records, described attribute information comprises the function that safety component name, safety component identifier and this safety component are supported.
In scheme disclosed above, preferably, when new safety component is connected, described safety component management devices can obtain the attribute information of this safety component from described new safety component by the mode to described new safety component transmission recognition command, and described attribute information is recorded in described safety component list, and be that described new safety component distributes safety component identifier.
In scheme disclosed above, preferably, described safety component management devices can perform following operation by described unified interface protocol to safety component: open safety component operation, safety component read/write operation, safety component query manipulation, closed safe operation of components.
Object of the present invention is also achieved through the following technical solutions:
For the equipment that safety information is mutual, the described equipment mutual for safety information comprises:
The first system management devices, the application that described the first system management devices is routine provides running environment;
Second system management devices, described second system management devices provides the running environment under safe mode for security application, to perform safety information reciprocal process,
Wherein, when application current to be run is conventional application, the described equipment mutual for safety information is using the system management facility of described the first system management devices as current use, and when application current to be run is security application, the described equipment mutual for safety information is using the system management facility of described second system management devices as current use
And wherein, described second system management devices manages dissimilar safety component by unified interface protocol.
In scheme disclosed above, preferably, the resource that described second system management devices uses and the resource that described the first system management devices uses isolated.
In scheme disclosed above, preferably, described second system management devices can provide the running environment under independent safe mode for the security application belonging to different service provider.
In scheme disclosed above, preferably, described unified interface protocol comprises safety management layer, command interaction layer and physical drives layer, described safety management layer is used for performing corresponding safety operation for different safety components, described command interaction layer is used for according to the data communication between different Data Transport Protocols execution security application and corresponding safety component, and described physical drives layer is used for the described dissimilar safety component of actual driving physically.
The equipment mutual for safety information disclosed in this invention and device have following advantages: manage dissimilar safety component owing to can use unified interface protocol, there is security and the applicability widely of height thus, and complexity is lower, thus fundamentally can prevent the potential risk that security information is spied upon and distorted.
Accompanying drawing explanation
By reference to the accompanying drawings, technical characteristic of the present invention and advantage will be understood better by those skilled in the art, wherein:
Fig. 1 is the schematic diagram of equipment mutual for safety information according to an embodiment of the invention.
Embodiment
Fig. 1 is the schematic diagram of equipment mutual for safety information according to an embodiment of the invention.As shown in Figure 1, the equipment mutual for safety information disclosed in this invention comprises the first system management devices 1 and second system management devices 2.Wherein, the multimedia OS that described the first system management devices 1(is such as conventional) provide running environment for the application of routine.Described second system management devices 2 is the running environment under security application (namely higher to security requirement application, such as, payment application in financial field) provides safe mode, to perform safety information reciprocal process.Wherein, when application current to be run is conventional application, the described equipment mutual for safety information is using the system management facility of described the first system management devices 1 as current use, and when application current to be run is security application, the described equipment mutual for safety information using described second system management devices 2 as current use system management facility (exemplarily, the described equipment mutual for safety information can switch between described the first system management devices 1 and described second system management devices 2).Wherein, described second system management devices 2 manages dissimilar safety component by unified interface protocol.
Preferably, in the equipment mutual for safety information disclosed in this invention, the resource that described second system management devices 2 uses and the resource that described the first system management devices 1 uses (mode by hardware mechanisms or software mechanism) are isolated.
Preferably, in the equipment mutual for safety information disclosed in this invention, described second system management devices 2 can provide the running environment under independent safe mode for the security application belonging to different service provider.
Preferably, in the equipment mutual for safety information disclosed in this invention, described unified interface protocol comprises safety management layer, command interaction layer and physical drives layer, described safety management layer is used for performing corresponding safety operation for different safety components, described command interaction layer is used for according to the data communication between different Data Transport Protocols execution security application and corresponding safety component, and described physical drives layer is used for the described dissimilar safety component of actual driving physically.
Preferably, in the equipment mutual for safety information disclosed in this invention, safety operation performed by described safety management layer comprise following in one or more: safety component access privilege control is (such as, the access rights arranging each safety component require), safety component identification (such as, identify the safety component of new connection and record its function supported and relevant parameter, and be its distributing equipment name), safeguard presently used key, there is provided and safeguard that escape way between security application and corresponding safety component (such as, in described escape way, data are encrypted).
Preferably, in the equipment mutual for safety information disclosed in this invention, described second system management devices 2 manages and safeguards safety component list, the attribute information of the current each safety component be connected with the equipment mutual for safety information of described safety component list records, described attribute information comprises the function that safety component name, safety component identifier (ID) and this safety component are supported.
Preferably, in the equipment mutual for safety information disclosed in this invention, when new safety component is connected on the described equipment mutual for safety information, described second system management devices 2 can obtain the attribute information of this safety component (such as by sending the mode of recognition command to described new safety component from described new safety component, implementor name, the function supported, ability information etc.), and described attribute information is recorded in described safety component list, and be that described new safety component distributes safety component identifier (ID).
Preferably, in the equipment mutual for safety information disclosed in this invention, described second system management devices 2 can perform following operation by described unified interface protocol to safety component: open safety component operation (such as, it mainly comprises following operation: provide operation mark when handling safety parts to security application, for identifying the operating process corresponding to each security application under multiple security application simultaneously handling safety parts scenarios, and ensure that each operations flows is independent mutually, wherein, when safety component is operated first, this safety component need be activated and the parameters of this safety component of initialization, and return results data according to the demand of this safety component self), safety component read/write operation (wherein, concrete read-write operation process is relevant to the function that safety component provides, such as, for the safety component of SIM card form, selective gist order can be sent by this operation, read application-dependent data order etc.), safety component query manipulation (such as, the parameters that query safe parts are corresponding, such as, for the safety component of SIM card form, relevant baud rate can be inquired about, its application protocol supported etc. parameter), closed safe operation of components (such as, close the operations flows for targeted security parts, or targeted security parts are slept even crash handling).
Exemplarily, in the equipment mutual for safety information disclosed in this invention, described safety component be following in one or more: safe unit (SE), NFC module, bio-identification module, virtual secure operating environment, coprocessor etc.
Therefore, the equipment mutual for safety information disclosed in this invention has following advantages: manage dissimilar safety component owing to can use unified interface protocol, there is security and the applicability widely of height thus, and complexity is lower, thus fundamentally can prevent the potential risk that security information is spied upon and distorted.
As shown in Figure 1, the invention discloses a kind of safety component management devices, described safety component management devices can be security application (namely higher to security requirement application, such as, payment application in financial field) running environment under safe mode is provided, to perform safety information reciprocal process, wherein, described safety component management devices manages dissimilar safety component by unified interface protocol.
Preferably, safety component management devices disclosed in this invention can provide the running environment under independent safe mode for the security application belonging to different service provider.
Preferably, in safety component management devices disclosed in this invention, described unified interface protocol comprises safety management layer, command interaction layer and physical drives layer, described safety management layer is used for performing corresponding safety operation for different safety components, described command interaction layer is used for according to the data communication between different Data Transport Protocols execution security application and corresponding safety component, and described physical drives layer is used for the described dissimilar safety component of actual driving physically.
Preferably, in safety component management devices disclosed in this invention, safety operation performed by described safety management layer comprise following in one or more: safety component access privilege control is (such as, the access rights arranging each safety component require), safety component identification (such as, identify the safety component of new connection and record its function supported and relevant parameter, and be its distributing equipment name), safeguard presently used key, there is provided and safeguard that escape way between security application and corresponding safety component (such as, in described escape way, data are encrypted).
Preferably, safety component management devices disclosed in this invention manages and safeguards safety component list, the attribute information of the current each safety component be connected with the equipment mutual for safety information of described safety component list records, described attribute information comprises the function that safety component name, safety component identifier (ID) and this safety component are supported.
Preferably, when new safety component is connected, safety component management devices disclosed in this invention can obtain the attribute information of this safety component (such as by sending the mode of recognition command to described new safety component from described new safety component, implementor name, the function supported, ability information etc.), and described attribute information is recorded in described safety component list, and be that described new safety component distributes safety component identifier (ID).
Preferably, safety component management devices disclosed in this invention can perform following operation by described unified interface protocol to safety component: open safety component operation (such as, it mainly comprises following operation: provide operation mark when handling safety parts to security application, for identifying the operating process corresponding to each security application under multiple security application simultaneously handling safety parts scenarios, and ensure that each operations flows is independent mutually, wherein, when safety component is operated first, this safety component need be activated and the parameters of this safety component of initialization, and return results data according to the demand of this safety component self), safety component read/write operation (wherein, concrete read-write operation process is relevant to the function that safety component provides, such as, for the safety component of SIM card form, selective gist order can be sent by this operation, read application-dependent data order etc.), safety component query manipulation (such as, the parameters that query safe parts are corresponding, such as, for the safety component of SIM card form, relevant baud rate can be inquired about, its application protocol supported etc. parameter), closed safe operation of components (such as, close the operations flows for targeted security parts, or targeted security parts are slept even crash handling).
Exemplarily, in safety component management devices disclosed in this invention, described safety component be following in one or more: safe unit (SE), NFC module, bio-identification module, virtual secure operating environment, coprocessor etc.
Therefore, safety component management devices disclosed in this invention has following advantages: manage dissimilar safety component owing to can use unified interface protocol, there is security and the applicability widely of height thus, and complexity is lower, thus fundamentally can prevent the potential risk that security information is spied upon and distorted.
Although the present invention is described by above-mentioned preferred implementation, its way of realization is not limited to above-mentioned embodiment.Should be realized that: when not departing from purport of the present invention and scope, those skilled in the art can make different changes and amendment to the present invention.
Claims (11)
1. a safety component management devices, described safety component management devices can provide the running environment under safe mode for security application, to perform safety information reciprocal process, wherein, described safety component management devices manages dissimilar safety component by unified interface protocol.
2. safety component management devices according to claim 1, is characterized in that, described safety component management devices can provide the running environment under independent safe mode for the security application belonging to different service provider.
3. safety component management devices according to claim 2, it is characterized in that, described unified interface protocol comprises safety management layer, command interaction layer and physical drives layer, described safety management layer is used for performing corresponding safety operation for different safety components, described command interaction layer is used for according to the data communication between different Data Transport Protocols execution security application and corresponding safety component, and described physical drives layer is used for the described dissimilar safety component of actual driving physically.
4. safety component management devices according to claim 3, it is characterized in that, the safety operation performed by described safety management layer comprise following in one or more: safety component access privilege control, safety component identification, safeguard presently used key, provide and safeguard the escape way between security application and corresponding safety component.
5. safety component management devices according to claim 4, it is characterized in that, described safety component management devices manages and safeguards safety component list, the attribute information of the current each safety component be connected with the equipment mutual for safety information of described safety component list records, described attribute information comprises the function that safety component name, safety component identifier and this safety component are supported.
6. safety component management devices according to claim 5, it is characterized in that, when new safety component is connected, described safety component management devices can obtain the attribute information of this safety component from described new safety component by the mode to described new safety component transmission recognition command, and described attribute information is recorded in described safety component list, and be that described new safety component distributes safety component identifier.
7. safety component management devices according to claim 6, it is characterized in that, described safety component management devices can perform following operation by described unified interface protocol to safety component: open safety component operation, safety component read/write operation, safety component query manipulation, closed safe operation of components.
8., for the equipment that safety information is mutual, the described equipment mutual for safety information comprises:
The first system management devices, the application that described the first system management devices is routine provides running environment;
Second system management devices, described second system management devices provides the running environment under safe mode for security application, to perform safety information reciprocal process,
Wherein, when application current to be run is conventional application, the described equipment mutual for safety information is using the system management facility of described the first system management devices as current use, and when application current to be run is security application, the described equipment mutual for safety information is using the system management facility of described second system management devices as current use
And wherein, described second system management devices manages dissimilar safety component by unified interface protocol.
9. the equipment mutual for safety information according to claim 8, is characterized in that, the resource that the resource of described second system management devices use and described the first system management devices use is isolated.
10. the equipment mutual for safety information according to claim 9, is characterized in that, described second system management devices can provide the running environment under independent safe mode for the security application belonging to different service provider.
11. equipment mutual for safety information according to claim 10, it is characterized in that, described unified interface protocol comprises safety management layer, command interaction layer and physical drives layer, described safety management layer is used for performing corresponding safety operation for different safety components, described command interaction layer is used for according to the data communication between different Data Transport Protocols execution security application and corresponding safety component, and described physical drives layer is used for the described dissimilar safety component of actual driving physically.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310741044.5A CN104751061B (en) | 2013-12-30 | 2013-12-30 | Equipment and device for safety information interaction |
| PCT/CN2014/095272 WO2015101249A1 (en) | 2013-12-30 | 2014-12-29 | Device used for secure information interaction and apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310741044.5A CN104751061B (en) | 2013-12-30 | 2013-12-30 | Equipment and device for safety information interaction |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104751061A true CN104751061A (en) | 2015-07-01 |
| CN104751061B CN104751061B (en) | 2018-04-27 |
Family
ID=53493225
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310741044.5A Active CN104751061B (en) | 2013-12-30 | 2013-12-30 | Equipment and device for safety information interaction |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN104751061B (en) |
| WO (1) | WO2015101249A1 (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1776732A (en) * | 2005-12-02 | 2006-05-24 | 肖勇 | Mobile-terminal-based general transaction method and its system |
| CN101017464A (en) * | 2007-02-16 | 2007-08-15 | 北京飞天诚信科技有限公司 | Information safety apparatus having multiple interface and capable of being automatically installed and controlling method therefor |
| US20070294744A1 (en) * | 2004-10-29 | 2007-12-20 | Elisa Alessio | System and Method for Remote Security Management of a User Terminal Via a Trusted User Platform |
| CN101409719A (en) * | 2007-10-08 | 2009-04-15 | 联想(北京)有限公司 | Method and client terminal for implementing network safety payment |
| CN101741826A (en) * | 2008-11-21 | 2010-06-16 | 北京世纪红山科技有限公司 | Method and system for realizing encryption unloading on virtualized platform |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101452397B (en) * | 2008-11-27 | 2012-08-22 | 上海交通大学 | Forced access control method and apparatus in virtual environment |
| CN102314373B (en) * | 2011-07-07 | 2013-12-18 | 胡建斌 | Method for realizing safe working environment based on virtualization technology |
| CN102346669B (en) * | 2011-09-21 | 2014-10-15 | 重庆邮电大学 | Mobile terminal safety middleware system and method based on metadata |
| CN103164260B (en) * | 2011-12-15 | 2016-06-01 | 中国银联股份有限公司 | Application management system and method for mobile terminal |
-
2013
- 2013-12-30 CN CN201310741044.5A patent/CN104751061B/en active Active
-
2014
- 2014-12-29 WO PCT/CN2014/095272 patent/WO2015101249A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070294744A1 (en) * | 2004-10-29 | 2007-12-20 | Elisa Alessio | System and Method for Remote Security Management of a User Terminal Via a Trusted User Platform |
| CN1776732A (en) * | 2005-12-02 | 2006-05-24 | 肖勇 | Mobile-terminal-based general transaction method and its system |
| CN101017464A (en) * | 2007-02-16 | 2007-08-15 | 北京飞天诚信科技有限公司 | Information safety apparatus having multiple interface and capable of being automatically installed and controlling method therefor |
| CN101409719A (en) * | 2007-10-08 | 2009-04-15 | 联想(北京)有限公司 | Method and client terminal for implementing network safety payment |
| CN101741826A (en) * | 2008-11-21 | 2010-06-16 | 北京世纪红山科技有限公司 | Method and system for realizing encryption unloading on virtualized platform |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2015101249A1 (en) | 2015-07-09 |
| CN104751061B (en) | 2018-04-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104380652A (en) | Multi-issuer secure element partition architecture for NFC enabled devices | |
| CN105912272A (en) | Device and method controlling operation of multiple safety applications | |
| CN105144217A (en) | System and method for using multiple payment accounts using a single payment device | |
| CN102333072B (en) | Network banking trusted transaction system and method based on intelligent terminal | |
| CN104301289B (en) | Equipment for safety information interaction | |
| US20160103716A1 (en) | Method for using shared device in apparatus capable of operating two operating systems | |
| US10812486B2 (en) | Utilizing smart data tags to track and control secure enterprise data | |
| CN103544114B (en) | Based on many M1 card control system and the control method thereof of single CPU card | |
| CN102510391B (en) | Application management method and device and smart card | |
| CN201788511U (en) | Safety information exchange device | |
| CN104732391A (en) | Payment terminal, payment background and payment method using virtual card | |
| CN104144405A (en) | Remote user card file managing method and system | |
| CN109151151A (en) | Realize the method and device of the user mode switching of terminal | |
| CN103873245B (en) | Dummy machine system data ciphering method and equipment | |
| CN104751061A (en) | Equipment and device for safety information interaction | |
| CN104270342A (en) | Access method and system for virtual desktop | |
| WO2015192796A1 (en) | Automatic application release method and system based on trusted service manager | |
| EP3007092B1 (en) | Mobile device-based authentication method and authentication apparatus | |
| CN105574425B (en) | Access the method and device of storage data | |
| CN203502986U (en) | Double-chip intelligent card supporting national crypto algorithm | |
| CN105103180B (en) | Method for handling the distribution of mobile credit card | |
| CN105592032A (en) | Internet-based security information interaction method | |
| CN202995911U (en) | Accessing equipment for special hardware | |
| CN102176265B (en) | Personalization method and personalization system for card issuing equipment | |
| CN202142067U (en) | Safety information interactive device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |