CN105550604A - Data encapsulation method and device - Google Patents
Data encapsulation method and device Download PDFInfo
- Publication number
- CN105550604A CN105550604A CN201510874841.XA CN201510874841A CN105550604A CN 105550604 A CN105550604 A CN 105550604A CN 201510874841 A CN201510874841 A CN 201510874841A CN 105550604 A CN105550604 A CN 105550604A
- Authority
- CN
- China
- Prior art keywords
- data
- module
- encapsulation
- processing module
- logic processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2143—Clearing memory, e.g. to prevent the data from being stolen
Abstract
The application provides a data encapsulation method and device. The data encapsulation method comprises the steps: creating a data module and a logical processing module; classifying and storing data; encapsulating the data in the modules; establishing a safe channel between the modules. According to the data encapsulation method and device, which are provided by the application, logical processing information and data information are respectively encapsulated in the two modules, the data module performs management of data including a file system and keys, and the logical processing module performs an algorithm processing and external instruction response, so that data processing and logical processing are strictly separated; additionally, when a mobile phone shield performs the logical processing on operation data, an access interface of the data is a unique encapsulation and is also safe and controllable; when an invasion starts, if the data module is broken through, the logical processing module can perform self-destruction elimination on self data, and if the logical processing module is broken through, the data module can also perform the self-destruction elimination on self data; therefore, the to-be-invaded harmfulness is reduced.
Description
Technical field
The present invention relates to a kind of communication technology, particularly relate to a kind of data encapsulation method and device.
Background technology
Along with the development of integrated circuit (IC, IntegratedCircuit) card technique, IC-card is in telecommunications, finance, government, the field application such as traffic are more and more extensive, issued volume increases year by year fast, and card capacity constantly increases, from tens KBytes to the capacity of several GBytes.Data content attribute in card is also more and more abundanter.In order to effectively manage the data on IC-card, introduce a data management platform, thus can utilize resource limited on card in the software platform of smart card, the Various types of data flexibly, efficiently on control card is applied.
Along with increasing of application of IC cards scene, urgent to multi-application smart card demand on market, java card technique is as the mainstream technology of multi-application smart card, and its performance and safety all obtain market accreditation.Java card is the smart card that can run java program code.Java card is different from traditional smart card (Native card), is divided into platform and Applet application two parts.
Existing java card cellphone shield Applet realizes being data and Logic application process are placed on during a data encapsulation Package wrap, and as shown in Figure 1, data and logical process are all access in wrapping.Too much to the access item visible of data in applied logic, the attack point of penetration for data is a lot, and if when running into application renewal upgrading, can not ensure the integrality of data.When running into attack, can not identify in time and destroy critical data.
Summary of the invention
In order to solve the problem, the application proposes a kind of data encapsulation method and device, logical process information and data message are packaged in respectively in two modules, when receiving invasion, when data module is broken, its data can be carried out self-destruction removing by logic processing module, when logic processing module is broken, its data also can be carried out self-destruction removing by data module, reduces invaded harmfulness.
The data encapsulation method that the application proposes, described method comprises:
Step S1: set up data module and logic processing module;
Step S2: data are classified, stores;
Step S3: encapsulate data in the module;
Step S4: set up escape way at intermodule.
Preferably, described step S2, data are classified, store and comprise:
Step S201: delimit two isolated areas in data storage area;
Step S202: analysis classification is carried out to data type;
Step S203: be stored in secure data storage district by what belong to secure data, is stored in logical process data storage area by what belong to logical process data;
Step S204: CRC check code is increased to the data stored.
Preferably, described step S3, encapsulate data and comprise in the module:
Step S301: receive data encapsulation instruction request;
Step S302: call the medium data to be packaged in memory block;
Step S303: confirm the integrality needing encapsulation of data;
Step S304: respectively secure data and logical process data are encapsulated by encapsulation algorithm;
Step S305: whether verification msg encapsulation runs succeeded, if success, performs step S4, unsuccessful then execution step S302.
Preferably, described step S4, set up escape way at intermodule and comprise:
Step S401: logic processing module sends request to bottom, bottom forwards this request to secure data module;
Step S402: secure data module generates PKI and sends PKI to bottom, and bottom forwards this PKI to logic processing module;
Step S403: logic processing module generates an Information key pair, and with public key encryption Information key pair;
Step S404: logic processing module encryption Information key to issuing bottom, bottom encryption Information key to being transmitted to secure data module;
Step S405: secure data module PKI is decrypted and obtains Information key pair;
Step S406: secure data module is set up virtual communication with Information key pair with logic processing module and is connected.
The application also proposes a kind of cellphone shield and individualizes parametric technique, comprising:
Step T1: entity structure is carried out to cellphone shield data module and logic processing module;
Step T2: cellphone shield logic processing module calling data module carries out initialization;
Step T3: personalization process is performed to cellphone shield.
Preferably, described to cellphone shield perform personalization process comprise:
Step T301: cellphone shield master routine calling logic processing module;
Step T302: the personal data in cellphone shield master routine calling data module;
Step T303: cellphone shield carries out logical process and individualizes.
The application also proposes a kind of data encapsulation apparatus, comprising:
MBM, for setting up data module and logic processing module;
Data processing module, for classifying to data, storing;
Data encapsulation module, for encapsulating data in the module;
Secure communication module, for setting up escape way at intermodule.
Preferably, described data processing module comprises:
Control module, for delimiting two isolated areas in data storage area;
Data analysis unit, for carrying out analysis classification to data type;
Storage unit, is stored in secure data storage district by what belong to secure data, is stored in logical process data storage area, and increases CRC check code to the data stored by what belong to logical process data.
Preferably, described data encapsulation module comprises:
Data receipt unit, for receiving data encapsulation instruction request;
Data call unit, for calling the medium data to be packaged in memory block;
Data analysis unit, for confirming the integrality needing encapsulation of data;
Data packaging unit, for encapsulating secure data and logical process data respectively by encapsulation algorithm;
Whether verification unit, run succeeded for verification msg encapsulation.
Preferably, described secure communication module comprises:
Communication unit, send request to bottom for logic processing module, bottom forwards this request to secure data module, secure data module generates PKI and sends PKI to bottom, bottom forwards this PKI to logic processing module, logic processing module is the Information key of encryption to issuing bottom, and bottom is the Information key of encryption to being transmitted to secure data module, and secure data module is set up virtual communication with Information key pair with logic processing module and is connected;
Ciphering unit, generates an Information key pair for logic processing module, and with public key encryption Information key pair;
Decryption unit, is decrypted for secure data module PKI and obtains Information key pair.
The data encapsulation method that the application proposes and device, logical process information and data message are packaged in respectively in two modules, data module realizes the data management comprising file system and secret key, the process of logic processing module implementation algorithm and external instruction response, data are strictly separated with logical process, and when cellphone shield carries out logic processing operations data, be unique packages to the access interface of data, and safety is controlled, when receiving invasion, when data module is broken, its data can be carried out self-destruction removing by logic processing module, when logic processing module is broken, its data also can be carried out self-destruction removing by data module, reduce invaded harmfulness.
Accompanying drawing explanation
Fig. 1 is prior art Applet data encapsulation schematic diagram;
Fig. 2 is the application Applet data encapsulation schematic diagram;
Fig. 3 is the application's data encapsulation apparatus structural representation;
Fig. 4 is the application's data encapsulation apparatus data processing module structural representation;
Fig. 5 is the application's data encapsulation apparatus data encapsulation modular structure schematic diagram;
Fig. 6 is the application's data encapsulation apparatus secure communication modular structure schematic diagram;
Fig. 7 is the application's data encapsulation method process flow diagram;
Fig. 8 is the method flow diagram that the application classifies to data, stores;
Fig. 9 is the method flow diagram that the application encapsulates data in the module;
Figure 10 is that the application sets up the method flow diagram of escape way at intermodule;
Figure 11 is that the application's cellphone shield individualizes parametric technique process flow diagram;
Figure 12 is that the application performs the method flow diagram of personalization process to cellphone shield.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described.
The application Applet data encapsulation as shown in Figure 2, in a cellphone shield application external member based on safety chip, set up two regions, arrange logical process configuration file and application program for one, another layout data configuration file and application program, the two is connected by the shared interface of bottom.
The application proposes a kind of data encapsulation apparatus, as shown in Figure 3, comprises MBM 301, data processing module 302, data encapsulation module 303 and secure communication module 304, is specially:
MBM 301, for setting up data module and logic processing module.
Concrete, in Applet, set up data module and logic processing module respectively, be two standalone modules, makes when logic processing module is broken, and can remove sensitive data, guarantee safety by the self-destroying function of data module own; If data module is broken, then also can take same measure, by logic processing module, self-destruction be carried out to data module data.
More specifically, described self-destroying function, for first cellphone shield is carried out temporary locking, is confirmed whether invaded, if invasion, by cellphone shield permanent locking, and the data in cellphone shield data module is all deleted.
Data processing module 302, for classifying to data, storing.
Namely two isolated areas delimited in data storage area, analysis classification is carried out to data type, be stored in secure data storage district by what belong to secure data, be stored in logical process data storage area by what belong to logical process data, and CRC check code is increased to the data stored.
More specifically, as shown in Figure 4, described data processing module 302 comprises:
Control module, for delimiting two isolated areas in data storage area.
Data analysis unit, for carrying out analysis classification to data type.
More specifically, described data are divided into logical process data and information data, logical process data comprise: all instruction distribution flow, for conclude the business or computing data splicing and peripheral hardware responding device, information data comprises: file system, secret key management system and security algorithm kernel portion.
More specifically, described peripheral hardware responding device: comprise key response process and screen display process, and timeout treatment mechanism etc.;
Described file system comprises: file system creates, and file writes, file reading and file access rights management etc.;
Described secret key management system comprises: secret key generates, secret key write, and secret key reads, and secret key upgrades, secret key life cycle management, secret key condition managing etc.;
Described security algorithm kernel portion comprises: the security algorithm enforcement etc. that Key or SE uses.
Storage unit, is stored in secure data storage district by what belong to secure data, is stored in logical process data storage area, and increases CRC check code to the data stored by what belong to logical process data.
More specifically, the storage space of one page delimited in data storage area, called after information data storing district, in time being greater than this page stored in data, then the storage space of delimiting one page is for it, and records its start address, in memory block, reserved front 6 bit bytes are as next block address information and length information, from the 7th, delimiting one piece of region is CRC check code region, and this area size equals CRC check code length; The storage space of another page delimited in data storage area, called after logical process data storage area is in time being greater than this page stored in data, delimit the storage space of one page again for it, and record its start address, in memory block, reserved front 6 bit bytes are as address information and length information, from the 7th, delimiting one piece of region is CRC check code region, and this area size equals CRC check code length.
More specifically, during by secure data stored in secure data storage district, because secure data is piecemeal process, next empty block address after front 3 log files store, in front 3 to 6 bit address log file length, during each storage, read the empty block address of last piece, store data in sky block.Same, during by logical process data stored in logical process data storage area, because secure data is piecemeal process, next empty block address after front 3 log files store, in front 3 to 6 bit address log file length, during each storage, read the empty block address of last piece, store data in sky block.
More specifically, newly-generated CRC check code is stored in reserved CRC effect code district, memory block, in the process of data encapsulation, carries out the detection of encapsulation of data with CRC check code.
Data encapsulation module 303, for encapsulating data in the module.
Comprise and receive data encapsulation instruction request, call the medium data to be packaged in memory block, and confirm the integrality needing encapsulation of data, respectively secure data and logical process data are encapsulated by encapsulation algorithm, and whether verification msg encapsulation runs succeeded.
More specifically, as shown in Figure 5, described data encapsulation module 303 comprises:
Data receipt unit 501, for receiving data encapsulation instruction request.
Data call unit 502, for calling the medium data to be packaged in memory block.
More specifically, the whole packet called is CRC check code add file data.
Data analysis unit 503, for confirming the integrality needing encapsulation of data.
More specifically, first verification of data integrity will transfer whole packet, CRC check computing is first carried out to file bag in memory block, the end that the data obtained are stored in file bag obtains new file bag, new file bag should be CRC check code add file data and finally checks data in addition, package module carries out CRC check computing to the CRC effect code add file data in new file bag, if obtain same checking computations data, then illustrate that data are not lost, otherwise think and need data exception again data to be stored.
Data packaging unit 504, for encapsulating secure data and logical process data respectively by encapsulation algorithm.
More specifically, namely the data consistent that described encapsulation algorithm and described memory block store, if can carry out classification encapsulation by encapsulation algorithm by the packet of data integrity validation, and by packaged data-mapping in secure data module and logic processing module.
Whether verification unit 505, run succeeded for verification msg encapsulation.
More specifically, resolve packaged data, obtain visible clear data, the data of data and memory block compared, comparison is completely the same, thinks that data encapsulation completes.If comparison failure, re invocation encapsulation instruction, re-starts the encapsulation of secure data and logical process data.
More specifically, the encapsulation of secure data can separate with the encapsulation of logical process data and performs, independent checking, if secure data encapsulation authentication failed, only carries out Reseal to secure data, if the failure of logical process data encapsulation, only carries out Reseal to logical process data.
More specifically, during verification msg encapsulation, it is counted, if counts reaches 5 times, has then verified, no longer perform step S302, exit method for packing, and carry out alarm to user.
Secure communication module 304, for setting up escape way at intermodule.
Comprise and receive data encapsulation instruction request, call the medium data to be packaged in memory block, and confirm the integrality needing encapsulation of data, respectively secure data and logical process data are encapsulated by encapsulation algorithm, and whether verification msg encapsulation runs succeeded.
More specifically, as shown in Figure 6, described secure communication module 304 comprises
Communication unit 601, carries out two-way communication for logic processing module by bottom and secure data module.
Ciphering unit 602, generates an Information key pair for logic processing module, and with public key encryption Information key pair.
More specifically, described Information key generates by randomizer, can be any random number.Random number in the present embodiment is 8 scale-of-two random numbers.
More specifically, 8 scale-of-two random numbers are carried out XOR by described PKI, obtain the Information key pair encrypted.
Decryption unit 603, is decrypted for secure data module PKI and obtains Information key pair.
Based on above-mentioned data encapsulation apparatus, the application also proposes a kind of data encapsulation method, as shown in Figure 7, comprising:
Step S1: set up data module and logic processing module.
Concrete, in Applet, set up data module and logic processing module respectively, be two standalone modules, makes when logic processing module is broken, and can remove sensitive data, guarantee safety by the self-destroying function of data module own; If data module is broken, then also can take same measure, by logic processing module, self-destruction be carried out to data module data.
More specifically, described self-destroying function, for first cellphone shield is carried out temporary locking, is confirmed whether invaded, if invasion, by cellphone shield permanent locking, and the data in cellphone shield data module is all deleted.
Step S2: data are classified, stores.
Concrete, as shown in Figure 8, described step S1: the method classify to data, stored comprises:
Step S201: delimit two isolated areas in data storage area.
More specifically, the storage space of one page delimited in data storage area, called after information data storing district, in time being greater than this page stored in data, then the storage space of delimiting one page is for it, and records its start address, in memory block, reserved front 6 bit bytes are as next block address information and length information, from the 7th, delimiting one piece of region is CRC check code region, and this area size equals CRC check code length; The storage space of another page delimited in data storage area, called after logical process data storage area is in time being greater than this page stored in data, delimit the storage space of one page again for it, and record its start address, in memory block, reserved front 6 bit bytes are as address information and length information, from the 7th, delimiting one piece of region is CRC check code region, and this area size equals CRC check code length.
Step S202: analysis classification is carried out to data type.
More specifically, described data are divided into logical process data and information data, logical process data comprise: all instruction distribution flow, for concluding the business or the data splicing of computing and peripheral hardware responding device etc., information data comprises: file system, secret key management system and security algorithm kernel portion etc.
More specifically, described peripheral hardware responding device: comprise key response process and screen display process, and timeout treatment mechanism etc.;
Described file system comprises: file system creates, and file writes, file reading and file access rights management etc.;
Described secret key management system comprises: secret key generates, secret key write, and secret key reads, and secret key upgrades, secret key life cycle management, secret key condition managing etc.;
Described security algorithm kernel portion comprises: the security algorithm enforcement etc. that Key or SE uses.
Step S203: be stored in secure data storage district by what belong to secure data, is stored in logical process data storage area by what belong to logical process data.
More specifically, during by secure data stored in secure data storage district, because secure data is piecemeal process, next empty block address after front 3 log files store, in front 3 to 6 bit address log file length, during each storage, read the empty block address of last piece, store data in sky block.Same, during by logical process data stored in logical process data storage area, because secure data is piecemeal process, next empty block address after front 3 log files store, in front 3 to 6 bit address log file length, during each storage, read the empty block address of last piece, store data in sky block.
Step S204: CRC check code is increased to the data stored.
More specifically, newly-generated CRC check code is stored in reserved CRC effect code district, memory block, in the process of data encapsulation, carries out the detection of encapsulation of data with CRC check code.
Step S3: encapsulate data in the module.
More specifically, as shown in Figure 9, described step S3: the method encapsulated data in the module comprises:
Step S301: receive data encapsulation instruction request.
Step S302: call the medium data to be packaged in memory block.
More specifically, the whole packet called is CRC check code add file data.
Step S303: confirm the integrality needing encapsulation of data.
More specifically, first verification of data integrity will transfer whole packet, CRC check computing is first carried out to file bag in memory block, the end that the data obtained are stored in file bag obtains new file bag, new file bag should be CRC check code add file data and finally checks data in addition, package module carries out CRC check computing to the CRC effect code add file data in new file bag, if obtain same checking computations data, then illustrate that data are not lost, otherwise think and need data exception again data to be stored.
Step S304: respectively secure data and logical process data are encapsulated by encapsulation algorithm.
More specifically, namely the data consistent that described encapsulation algorithm and described memory block store, if can carry out classification encapsulation by encapsulation algorithm by the packet of data integrity validation, and by packaged data-mapping in secure data module and logic processing module.
Step S305: whether verification msg encapsulation runs succeeded, and is successfully completed encapsulation, unsuccessful execution step S302.
More specifically, resolve packaged data, obtain visible clear data, the data of data and memory block compared, comparison is completely the same, thinks that data encapsulation completes.If comparison failure, re invocation encapsulation instruction, re-starts the encapsulation of secure data and logical process data.
More specifically, the encapsulation of secure data can separate with the encapsulation of logical process data and performs, independent checking, if secure data encapsulation authentication failed, only carries out Reseal to secure data, if the failure of logical process data encapsulation, only carries out Reseal to logical process data.
More specifically, during verification msg encapsulation, it is counted, if counts reaches 5 times, has then verified, no longer perform step S302, exit method for packing, and carry out alarm to user.
Step S4: set up escape way at intermodule.
More specifically, as shown in Figure 10, the described method setting up escape way at intermodule comprises:
Step S401: logic processing module is carried out request to bottom and sent, and bottom turns to secure data module and sends request.
Step S402: secure data module generates PKI and sends PKI to bottom, bottom forwards to logic processing module and send PKI.
Step S403: logic processing module generates an Information key pair, and with public key encryption Information key pair.
More specifically, described Information key generates by randomizer, can be any random number.Random number in the present embodiment is 8 scale-of-two random numbers.
Step S404: logic processing module encryption Information key to issuing bottom, bottom encryption Information key to being transmitted to secure data module.
More specifically, 8 scale-of-two random numbers are carried out XOR by described PKI, obtain the Information key pair encrypted.
Step S405: secure data module PKI is decrypted and obtains Information key pair.
Step S406: secure data module is set up virtual communication with Information key pair with logic processing module and is connected.
Based on above-mentioned data encapsulation method, the application also proposes a kind of individualized parametric technique, as shown in figure 11, comprising:
Step T1: entity structure is carried out to cellphone shield data module and logic processing module.
Step T2: cellphone shield logic processing module calling data module carries out initialization.
More specifically, now data module is carried out initialization respectively, and then to logic processing module initialization, individualized state is treated normally to guarantee that module is in, by data encapsulation method, personal data is encapsulated in data module and logic processing module respectively again, completes individualized standby condition.
More specifically, described personal data includes but not limited to PIN1, PIN2, PUK1, PUK2, ADM1, ICCID, IMSI, Ki etc.
Step T3: personalization process is performed to cellphone shield.
Concrete, as shown in figure 12, described step T3: method cellphone shield being performed to personalization process comprises:
Step T301: cellphone shield master routine calling logic processing module;
Step T302: the personal data in cellphone shield master routine calling data module;
More specifically, logic processing module can communicate with the foundation void of data module safety according to the escape way set up in data encapsulation method.
Step T303: cellphone shield carries out logical process and individualizes.
More specifically, personal data, by the personal data stored in empty communication calling data module, continues, obtains individualized parameter, and process individualized parameter, finally complete personalization process by Logical processing unit.
More specifically, after logic processing module completes individualized parameter processing, logic processing module receives checking request, and logic processing module is analyzed individualized result, if all personal datas all process successfully, then returns individualized successful information.If there is the untreated success of part personal data, then returns individualized failure information, and again personal data is processed.
The above, it is only preferred embodiment of the present invention, not any pro forma restriction is done to the present invention, although the present invention discloses as above with preferred embodiment, but and be not used to limit the present invention, any those skilled in the art, do not departing within the scope of technical solution of the present invention, make a little change when the technology contents of above-mentioned announcement can be utilized or be modified to the Equivalent embodiments of equivalent variations, in every case be the content not departing from technical solution of the present invention, according to any simple modification that technical spirit of the present invention is done above embodiment, equivalent variations and modification, all still belong in the scope of technical solution of the present invention.
Claims (10)
1. a data encapsulation method, is characterized in that, described method comprises:
Step S1: set up data module and logic processing module;
Step S2: data are classified, stores;
Step S3: encapsulate data in the module;
Step S4: set up escape way at intermodule.
2. data encapsulation method as claimed in claim 1, is characterized in that, described step S2, classifies, stores and comprise data:
Step S201: delimit two isolated areas in data storage area;
Step S202: analysis classification is carried out to data type;
Step S203: be stored in secure data storage district by what belong to secure data, is stored in logical process data storage area by what belong to logical process data;
Step S204: CRC check code is increased to the data stored.
3. data encapsulation method as claimed in claim 1, is characterized in that, described step S3, encapsulates data and comprises in the module:
Step S301: receive data encapsulation instruction request;
Step S302: call the medium data to be packaged in memory block;
Step S303: confirm the integrality needing encapsulation of data;
Step S304: respectively secure data and logical process data are encapsulated by encapsulation algorithm;
Step S305: whether verification msg encapsulation runs succeeded, if success, performs step S4, unsuccessful then execution step S302.
4. data encapsulation method as claimed in claim 1, is characterized in that, described step S4, sets up escape way comprise at intermodule:
Step S401: logic processing module sends request to bottom, bottom forwards this request to secure data module;
Step S402: secure data module generates PKI and sends PKI to bottom, and bottom forwards this PKI to logic processing module;
Step S403: logic processing module generates an Information key pair, and with public key encryption Information key pair;
Step S404: logic processing module encryption Information key to issuing bottom, bottom encryption Information key to being transmitted to secure data module;
Step S405: secure data module PKI is decrypted and obtains Information key pair;
Step S406: secure data module is set up virtual communication with Information key pair with logic processing module and is connected.
5. cellphone shield individualizes a parametric technique, it is characterized in that, comprising:
Step T1: entity structure is carried out to cellphone shield data module and logic processing module;
Step T2: cellphone shield logic processing module calling data module carries out initialization;
Step T3: personalization process is performed to cellphone shield.
6. cellphone shield as claimed in claim 5 individualizes parametric technique, it is characterized in that, describedly performs personalization process to cellphone shield and comprises:
Step T301: cellphone shield master routine calling logic processing module;
Step T302: the personal data in cellphone shield master routine calling data module;
Step T303: cellphone shield carries out logical process and individualizes.
7. a data encapsulation apparatus, is characterized in that, comprising:
MBM, for setting up data module and logic processing module;
Data processing module, for classifying to data, storing;
Data encapsulation module, for encapsulating data in the module;
Secure communication module, for setting up escape way at intermodule.
8. as the data encapsulation apparatus that claim 7 is stated, it is characterized in that, described data processing module comprises:
Control module, for delimiting two isolated areas in data storage area;
Data analysis unit, for carrying out analysis classification to data type;
Storage unit, is stored in secure data storage district by what belong to secure data, is stored in logical process data storage area, and increases CRC check code to the data stored by what belong to logical process data.
9. as the data encapsulation apparatus that claim 7 is stated, it is characterized in that, described data encapsulation module comprises:
Data receipt unit, for receiving data encapsulation instruction request;
Data call unit, for calling the medium data to be packaged in memory block;
Data analysis unit, for confirming the integrality needing encapsulation of data;
Data packaging unit, for encapsulating secure data and logical process data respectively by encapsulation algorithm;
Whether verification unit, run succeeded for verification msg encapsulation.
10. as the data encapsulation apparatus that claim 7 is stated, it is characterized in that, described secure communication module comprises:
Communication unit, send request to bottom for logic processing module, bottom forwards this request to secure data module, secure data module generates PKI and sends PKI to bottom, bottom forwards this PKI to logic processing module, logic processing module is the Information key of encryption to issuing bottom, and bottom is the Information key of encryption to being transmitted to secure data module, and secure data module is set up virtual communication with Information key pair with logic processing module and is connected;
Ciphering unit, generates an Information key pair for logic processing module, and with public key encryption Information key pair;
Decryption unit, is decrypted for secure data module PKI and obtains Information key pair.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510874841.XA CN105550604B (en) | 2015-12-02 | 2015-12-02 | A kind of data encapsulation method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510874841.XA CN105550604B (en) | 2015-12-02 | 2015-12-02 | A kind of data encapsulation method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105550604A true CN105550604A (en) | 2016-05-04 |
| CN105550604B CN105550604B (en) | 2018-07-06 |
Family
ID=55829789
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510874841.XA Active CN105550604B (en) | 2015-12-02 | 2015-12-02 | A kind of data encapsulation method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105550604B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107588766A (en) * | 2017-09-15 | 2018-01-16 | 南京轩世琪源软件科技有限公司 | A kind of indoor orientation method based on radio area network |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1932758A (en) * | 2006-09-28 | 2007-03-21 | 江苏恒宝股份有限公司 | Multi-application smart card |
| CN101042737A (en) * | 2006-03-24 | 2007-09-26 | 中国银联股份有限公司 | Smart card and method for creating application and insertion objects in smart card |
| CN101753520A (en) * | 2008-11-28 | 2010-06-23 | 爱思开电讯投资(中国)有限公司 | Method for providing encrypting and deciphering service for external equipment application by utilizing intelligent card |
| CN101794310A (en) * | 2010-03-04 | 2010-08-04 | 北京握奇数据系统有限公司 | Method, system and device for processing smart card database |
| CN101984449A (en) * | 2010-11-30 | 2011-03-09 | 公安部第三研究所 | Smart card COS operating system |
| CN102567009A (en) * | 2011-09-27 | 2012-07-11 | 广州中大微电子有限公司 | Configurable financial smart card operation system architecture |
| CN102760075A (en) * | 2012-06-01 | 2012-10-31 | 大唐微电子技术有限公司 | Method and system for realizing application configuration of intelligent card |
| CN103987030A (en) * | 2014-05-28 | 2014-08-13 | 北京握奇数据系统有限公司 | Method, device and system for achieving number-portability upgrading network |
| CN104408516A (en) * | 2014-12-12 | 2015-03-11 | 恒宝股份有限公司 | Novel dual-chip intelligent card and control method thereof |
-
2015
- 2015-12-02 CN CN201510874841.XA patent/CN105550604B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101042737A (en) * | 2006-03-24 | 2007-09-26 | 中国银联股份有限公司 | Smart card and method for creating application and insertion objects in smart card |
| CN1932758A (en) * | 2006-09-28 | 2007-03-21 | 江苏恒宝股份有限公司 | Multi-application smart card |
| CN101753520A (en) * | 2008-11-28 | 2010-06-23 | 爱思开电讯投资(中国)有限公司 | Method for providing encrypting and deciphering service for external equipment application by utilizing intelligent card |
| CN101794310A (en) * | 2010-03-04 | 2010-08-04 | 北京握奇数据系统有限公司 | Method, system and device for processing smart card database |
| CN101984449A (en) * | 2010-11-30 | 2011-03-09 | 公安部第三研究所 | Smart card COS operating system |
| CN102567009A (en) * | 2011-09-27 | 2012-07-11 | 广州中大微电子有限公司 | Configurable financial smart card operation system architecture |
| CN102760075A (en) * | 2012-06-01 | 2012-10-31 | 大唐微电子技术有限公司 | Method and system for realizing application configuration of intelligent card |
| CN103987030A (en) * | 2014-05-28 | 2014-08-13 | 北京握奇数据系统有限公司 | Method, device and system for achieving number-portability upgrading network |
| CN104408516A (en) * | 2014-12-12 | 2015-03-11 | 恒宝股份有限公司 | Novel dual-chip intelligent card and control method thereof |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107588766A (en) * | 2017-09-15 | 2018-01-16 | 南京轩世琪源软件科技有限公司 | A kind of indoor orientation method based on radio area network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105550604B (en) | 2018-07-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9607192B2 (en) | MIFARE push | |
| US8811971B2 (en) | Mobile communication device and method for disabling applications | |
| US7392404B2 (en) | Enhancing data integrity and security in a processor-based system | |
| US8250288B2 (en) | Flash memory storage system and controller and data protection method thereof | |
| CN107111728B (en) | Secure key derivation functionality | |
| IL235203A (en) | Multi-issuer secure element partition architecture for nfc enabled devices | |
| US8983072B2 (en) | Portable data carrier featuring secure data processing | |
| CN111292091A (en) | Verification method, device and equipment | |
| CN109445705A (en) | Firmware authentication method and solid state hard disk | |
| US20170039549A1 (en) | Method for processing transaction data, device and corresponding program | |
| CN111245620B (en) | Mobile security application architecture in terminal and construction method thereof | |
| US9058498B2 (en) | Runtime environment management of secure communications on card computing devices | |
| CN112199740B (en) | Encryption lock implementation method and encryption lock | |
| CN105550604A (en) | Data encapsulation method and device | |
| EP4280053A1 (en) | Method and system for upgrading firmware of vehicle infotainment system | |
| CN112711752A (en) | Embedded equipment safety system | |
| CN116049318A (en) | Data storage method and communication device | |
| CN102012804B (en) | Method for expanding smart card communication operating system (COS) instruction | |
| CN101227682A (en) | Method and apparatus for protecting data safety in terminal | |
| CA2940465A1 (en) | Device and method for securing commands exchanged between a terminal and an integrated circuit | |
| CN107851044B (en) | Integrated circuit card adapted to transfer first data from a first application for use by a second application | |
| JP4899499B2 (en) | IC card issuing method, IC card issuing system, and IC card | |
| CN116108468A (en) | Method, system and medium for encrypting and decrypting war and jar program package | |
| CN114125561A (en) | Android intelligent television equipment identifier processing method and system | |
| Jang | Secure Object Sharing on Java Card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |