CN105550866A

CN105550866A - Safety control method and apparatus

Info

Publication number: CN105550866A
Application number: CN201510290962.XA
Authority: CN
Inventors: 张子敬; 张晴
Original assignee: Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Current assignee: Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority date: 2015-05-30
Filing date: 2015-05-30
Publication date: 2016-05-04
Anticipated expiration: 2035-05-30
Also published as: CN105550866B; WO2016192453A1

Abstract

The embodiment of the invention discloses a safety control method and apparatus. The safety control method comprises: a current state of a terminal is detected; if the current state of the terminal is detected to be a non-safety state, a host-based card simulation transaction channel is turned off; a host-based card simulation safety module application and correlates authentication information data are encrypted and compressed. Therefore, safety control on the NFC service is realized based on the host-based card simulation technology.

Description

A kind of method of controlling security and device

Technical field

The present invention relates to the communications field, be specifically related to a kind of method of controlling security and device.

Background technology

At present, based on the NFC (NearFieldCommunication of Android4.4, near field communication (NFC)) pay and introduce a new open architecture, i.e. HCE (Host-basedCardEmulation, host card is simulated) technology, thus realize card module in the terminal being equipped with NFC function after, terminal does not need to provide physics SE (SecurityElements, security module), make the application of NFC more simple and flexible.

But HCE technology just simulates agreement and realization that NFC with SE communicate, also namely completes the safety assurance of NFC business in the mode of virtual SE, does not realize SE.The existing SE solution based on HCE technology, can be realized by the simulation of local application software or the simulation of cloud server, but under this two schemes, safety issue due to android system itself causes data security inadequate, such as after system is by Root (acquisition superuser right), all data in system all will be subject to security threat, and the SE stored in system or authentication information are easy to be acquired.The security control so how realizing NFC business under based on HCE technology is a problem demanding prompt solution.

Summary of the invention

Embodiments provide a kind of method of controlling security and device, to the security control of NFC business can be realized under based on HCE technology.

Embodiment of the present invention first aspect provides a kind of method of controlling security, comprising:

The state that sense terminals is current;

If detect, the current state of described terminal is unsafe condition, then Shutdown Hosts snap gauge intends trading channel;

Encrypt and compress host card simulating Safety module application and relative authentication information data.

Embodiment of the present invention second aspect provides a kind of safety control, comprising:

First detection module, for the state that sense terminals is current;

Closing module, if for detecting that the current state of described terminal is unsafe condition, then Shutdown Hosts snap gauge intends trading channel;

Encrypting module, for encrypting and compressing host card simulating Safety module application and relative authentication information data.

Can find out, in the technical scheme that the embodiment of the present invention provides, the state that sense terminals is current; If detect, the current state of described terminal is unsafe condition, then Shutdown Hosts snap gauge intends trading channel, thus no longer continues when SOT state of termination is unsafe condition to use host card mock trading passage; Encrypt and compress host card simulating Safety module application and relative authentication information data, achieving the protection to data in process of exchange.Thus the security control achieved under the technology of Intrusion Detection based on host snap gauge plan NFC business.

Accompanying drawing explanation

In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.

Fig. 1 is the schematic flow sheet of a kind of method of controlling security that the embodiment of the present invention provides;

Fig. 2 is the schematic flow sheet of the another kind of method of controlling security that the embodiment of the present invention provides;

Fig. 3 is the structural representation of a kind of safety control that the embodiment of the present invention provides;

Fig. 4 is the structural representation of the another kind of safety control that the embodiment of the present invention provides;

Fig. 5 is the structural representation of another safety control that the embodiment of the present invention provides.

Embodiment

The present invention program is understood better in order to make those skilled in the art person, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the embodiment of a part of the present invention, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, should belong to the scope of protection of the invention.

Term " first ", " second " and " the 3rd " etc. in instructions of the present invention and claims and above-mentioned accompanying drawing are for distinguishing different object, but not for describing particular order.In addition, term " comprises " and their any distortion, and intention is to cover not exclusive comprising.Such as contain the process of series of steps or unit, method, system, product or equipment and be not defined in the step or unit listed, but also comprise the step or unit do not listed alternatively, or also comprise alternatively for other intrinsic step of these processes, method, product or equipment or unit.

An embodiment of a kind of method of controlling security of the embodiment of the present invention, a kind of method of controlling security comprises: the state that sense terminals is current; If detect, the current state of described terminal is unsafe condition, then Shutdown Hosts snap gauge intends trading channel; Encrypt and compress host card simulating Safety module application and relative authentication information data.

First be the schematic flow sheet of a kind of method of controlling security that one embodiment of the present of invention provide see Fig. 1, Fig. 1.Wherein, as shown in Figure 1, a kind of method of controlling security that one embodiment of the present of invention provide can comprise:

The state that S101, sense terminals are current.

Wherein, terminal is the intelligent terminal that mobile phone, panel computer etc. can install android system, supports HCE, possesses NFC function.The current state of terminal refers to the state of the running environment that terminal is current, such as whether safety etc.

Wherein, HCE refers to that Host Based snap gauge is intended, when the terminal being equipped with NFC function realizes snap gauge plan, do not need to provide SE, by the server in run in terminal one application or high in the clouds to complete the function of SE, now the data that receive of NFC chip have been come by operating system or the application be sent in terminal or by the server that mobile network is sent to high in the clouds alternately.Such as, in NFC mobile phone, can by being used for simulating Safety module SE in mobile phone.

Wherein, security module SE refers to for storing NFC application and user's sensitive data and realizing the chip module of safe key computing, be the core of nfc card simulation, security module is also communicated with exterior read-write equipment by the non-front end that connects, and realizes the security of data storage and process of exchange.

Alternatively, in possible embodiments more of the present invention, NFC terminal can comprise hardware security module SE, provides and provides the execution environment of a safety to the safe storage of sensitive information with for trade transactions, wherein, SE can be integrated in SIM card, SD card or terminal chip.

Alternatively, in possible embodiments more of the present invention, in the terminal with NFC function, Android4.4 system can be installed, because Android4.4 system supports HCE function, thus HCE function can be realized in Android4.4 system, utilize HCE to simulate SE application.

Alternatively, in some other possible embodiment of the present invention, if the terminal system with NFC function be Android4.4 before version, then terminal system can be upgraded to Android4.4 system.Thus the support that can realize HCE function.

Alternatively, in possible embodiments more of the present invention, support that the terminal of HCE function can with APP (Application in terminal, application program) application program analog card, realize the function of host card simulation, this terminal SE analog card technology of also supporting other traditional simultaneously, as hardware SE module, also i.e. terminal compatible HCE and traditional SE simultaneously.

Citing is described, one is had to the mobile phone terminal of the Android4.4 system of NFC function, support HCE function, thus realize the card module to SE by HCE, this mobile phone terminal has hardware SE module simultaneously, so be appreciated that this mobile phone terminal compatible HCE snap gauge plan and traditional hardware SE function simultaneously.

Alternatively, in possible embodiments more of the present invention, the current state of terminal can be safe condition, also can be unsafe condition.

Alternatively, in possible embodiments more of the present invention, terminal HCE mock trading passage open after, with the safe condition that certain frequency detecting terminal is current.

If S102 detects described terminal, current state is unsafe condition, then Shutdown Hosts snap gauge intends trading channel.

Wherein, unsafe condition refers to that the running environment of terminal is dangerous, cause operating in the current data of terminal and be likely stolen or destroy, thus the transaction causing terminal current carried out is dangerous.

Wherein, host card module trading channel (namely HCE snap gauge intends trading channel) refers to the passage utilizing HCE technical modelling SE security module to complete NFC transaction, now NFC chip is as non-contact communication front end, order will be received from external reader, be forwarded to the application of simulation SE, then replied by the application of simulation SE.And traditional hardware based NFC trading channel be NFC chip as non-contact communication front end, order will be received from external reader, be forwarded to SE, then be replied by SE.

Such as, have in the NFC mobile phone of HCE function at one, by APP application simulation SE, thus realize HCE mock trading passage, i.e. host card mock trading passage.

Illustrate, in possible embodiments more of the present invention, when terminal is mobile phone, mobile phone NFC is utilized to pay, after the system of mobile phone is by Root, the data be stored in cell phone system are easy to be stolen or destroy, and now the current state of terminal is unsafe condition, so close HCE mock trading passage, thus stop the payment transaction that this passage carries out.

Be appreciated that Shutdown Hosts snap gauge plan trading channel can not re-use this trading channel and concludes the business when terminal current state is unsafe condition, thus prevent the generation of dangerous transaction.

S103, encryption compress host card simulating Safety module application and relative authentication information data.

Wherein, in NFC terminal, host card simulating Safety module application (namely HCE simulates SE application) refers to simulate the APP application of SE security module in the terminal with HCE card analog functuion, and relative authentication information data refer in the NFC transaction be stored in HCE simulation SE application for the data of certification and user's sensitive data.Such as, in NFC pays, these authentication information data can be the user profile of payment both sides, password and other data etc. relevant to payment.

Alternatively, in possible embodiments more of the present invention, also can compress and encrypt HCE snap gauge and intend security module application and relative authentication information data, thus ensure the security of transaction data.

Illustrate, when mobile phone NFC mobile payment, if pay environment to occur security risk, now close HCE and simulate payment channel, and the user profile relevant to payment, password and other relevant data are encrypted and compress, ensure the security of data.

Be appreciated that and encrypted by certain mode and to compress host card simulating Safety module application and relative authentication information data will strengthen the security of these data.

Can find out, in the scheme of the present embodiment, the state that sense terminals is current; If detect, the current state of described terminal is unsafe condition, then Shutdown Hosts snap gauge intends trading channel, thus no longer continues when SOT state of termination is unsafe condition to use host card mock trading passage; Encrypt and compress host card simulating Safety module application and relative authentication information data, achieving the protection to data in process of exchange.Thus the security control achieved under the technology of Intrusion Detection based on host snap gauge plan NFC business.

Alternatively, in possible embodiments more of the present invention, can realize closing HCE snap gauge by main frame or NFC controller and intend trading channel.

Alternatively, in possible embodiments more of the present invention, the current state of described sense terminals comprises with at least one under type:

Detect described terminal system whether be acquired superuser right, detect application that described terminal installs whether official issue, detect the application that described terminal installs and whether be subject to poisoning intrusion.

Wherein, whether the software that the current safe condition of terminal comprises terminal its operating conditions whether safety and terminal operating is qualified, when detect terminal system be acquired application that superuser right or terminal install be subject to poisoning intrusion time, be judged as that the running environment of terminal self is dangerous, also namely the state of terminal is unsafe condition, now closes HCE snap gauge and intends trading channel.

Be appreciated that, the application of terminal operating and the safety of data will be made in above-mentioned several situation to be on the hazard, as terminal pay time, if terminal is acquired superuser right, then will be acquired with the relevant information of payment, payment transaction is dangerous.

Alternatively, in other some possible embodiments of the present invention, the current state of described sense terminals can also comprise whether the application that sense terminals installs is illegal application or lack of competence application, and other abnormal conditions of sense terminals.

Alternatively, in possible embodiments more of the present invention, described method also comprises:

If detect, be applied as unofficial issue application, illegal application or lack of competence that described terminal is installed are applied, and refuse host card mock trading passage described in described application access.

Be appreciated that, unofficial issue application that what described terminal installed if detect be applied as, valid application or lack of competence application time, now just the application of terminal is defective, and when there is not Root or other security risk in terminal itself, now only limit trading channel is intended in this application access to HCE snap gauge, and do not remove to close HCE snap gauge plan trading channel, make simple to operate, also can not affect the application of other official, valid application and have permission trading channel is intended in application access to HCE snap gauge.

Alternatively, in possible embodiments more of the present invention, described encryption after compressing host card simulating Safety module application and relative authentication information data, described method also comprises:

Described host card mock trading passage is routed in security module entity.

Be appreciated that, when the state that terminal is current is unsafe condition, close HCE snap gauge and intend trading channel, and encrypt simultaneously and compress HCE simulate SE application and relative authentication information data after, thus NFC transaction then cannot be carried out, so now HCE snap gauge plan trading channel is routed in traditional SE module and ensure that carrying out smoothly of transaction, ensure that the security of data simultaneously.

Alternatively, in possible embodiments more of the present invention, described security module entity is hardware entities SE module.

Illustrate, in possible embodiments more of the present invention, when utilizing mobile phone to carry out NFC mobile payment, if detect, mobile phone is by Root, in order to the security of guaranteeing payment, close HCE mock trading passage, encrypt and compress host card simulating Safety module application and relative authentication information data, and HCE mock trading passage is routed in entity SE simultaneously, thus eliminates payment risk and ensure that carrying out smoothly of transaction.

Alternatively, in possible embodiments more of the present invention, described encryption also compresses host card simulating Safety module application and relative authentication information data, comprising:

The individual recognition code corresponding by host card analogue mobile phone wallet or user are encrypted from host card simulating Safety module application described in the codon pair set and relative authentication information data.

Alternatively, in possible embodiments more of the present invention, described encryption is also compressed host card simulating Safety module application and relative authentication information data described in codon pair that host card simulating Safety module application and relative authentication information data can also be formed with certain coding rule by other and is encrypted.

Be appreciated that, utilize individual recognition code corresponding to host card analogue mobile phone wallet (main frame HCE wallet PIN code) described host card simulating Safety module application and relative authentication information data to be encrypted to the password set-up mode met in NFC transaction, ensure cipher safety.

Detect the state that described terminal is current;

If detect, the current state of described terminal is safe condition, opens described host card mock trading passage;

Decompress(ion) also deciphers host card simulating Safety module application and relative authentication information data.

Alternatively, in possible embodiments more of the present invention, when the state that terminal is current is unsafe condition, close HCE snap gauge and intend trading channel, and encrypt simultaneously and compress HCE simulate SE application and relative authentication information data after, continue with the current state of certain frequency detecting terminal.

Be appreciated that, when the state that terminal is current is unsafe condition, close HCE snap gauge and intend trading channel, and encrypt simultaneously and compress HCE simulate SE application and relative authentication information data after, again continuously with the state that certain frequency detecting terminal is current, and after the state that terminal is current is safe condition, open HCE mock trading passage, and recover HCE simulation SE application and relevant authentication information data, thus after the Security status recovery of terminal, HCE mock trading passage can be recovered in time.

Alternatively, in possible embodiments more of the present invention, can realize opening HCE snap gauge by main frame or NFC controller and intend trading channel.

Alternatively, in possible embodiments more of the present invention, when recovering HCE mock trading passage, can decipher and decompress(ion) host card simulating Safety module application and relative authentication information data.

Alternatively, in possible embodiments more of the present invention, if detect, the current state of described terminal is safe condition, then again HCE snap gauge is intended trading channel and from SE entity, be routed to HCE snap gauge intend in trading channel.

Illustrate; when mobile phone NCF pays; after system is by Root; to simulation payment channel close and HCE is simulated SE application and relevant authentication information data protect; HCE mock trading passage is routed to after in entity SE simulation simultaneously; continue the safe condition of sense terminals; after detecting that the unsafe factor of terminal is got rid of; then open original HCE and simulate payment channel; related application and data are discharged; and again trading channel is routed to HCE simulation payment channel from entity SE, recover HCE snap gauge and intend trading function.

For the ease of better understanding and implement the such scheme of the embodiment of the present invention, the application scenarios concrete below in conjunction with some is illustrated.

Refer to Fig. 2, Fig. 2 is the schematic flow sheet of the another kind of method of controlling security that an alternative embodiment of the invention provides, and wherein, as shown in Figure 2, the another kind of method of controlling security that an alternative embodiment of the invention provides can comprise:

The state that S201, sense terminals are current.

Alternatively, in possible embodiments more of the present invention, support that the terminal of HCE function can with APP (Application in terminal, application program) application program analog card, realize the function of host card simulation, this terminal SE scheme of also supporting other traditional simultaneously, as hardware SE module, also i.e. terminal compatible HCE and traditional SE simultaneously.

Citing is described, in possible embodiments more of the present invention, one is had to the mobile phone terminal of the Android4.4 system of NFC function, support HCE function, thus realize the card module to SE by HCE, this mobile phone terminal has hardware SE module, so be appreciated that this mobile phone terminal compatible HCE snap gauge plan and traditional hardware SE function simultaneously simultaneously.

Alternatively, in other some possible embodiments of the present invention, the current state of described sense terminals can also comprise other and detect the situation affecting terminal operating Environmental security.

If S202 detects terminal, current state is unsafe condition, then Shutdown Hosts snap gauge intends trading channel.

Wherein, unsafe condition refers to that the running environment of terminal is dangerous, cause operating in the current data of terminal be likely stolen or destroy, thus the transaction causing terminal current carried out is dangerous, as terminal system is noly subject to poisoning intrusion etc. by the application that Root, terminal are installed.

If detect, be applied as unofficial issue application, illegal application or lack of competence that described terminal is installed are applied, then refuse host card mock trading passage described in described application access.

S203, encryption compress host card simulating Safety module application and relative authentication information data.

S204, host card mock trading passage to be routed in security module entity.

The state that S205, again sense terminals are current.

Be appreciated that, when the state that terminal is current is unsafe condition, close HCE snap gauge and intend trading channel, and encrypt simultaneously and compress HCE simulate SE application and relative authentication information data after, again continuously with the state that certain frequency detecting terminal is current, can the state of Real Time Observation terminal, make response in time when the state of terminal changes.

If S206 detects terminal, current state is safe condition, opens host card mock trading passage.

Alternatively, if when again detecting that the current state of terminal is unsafe condition, do not carry out any action.

S207, decompress(ion) decipher host card simulating Safety module application and relative authentication information data.

Alternatively; in possible embodiments more of the present invention; if when the action of the security module application of protected host snap gauge plan and relative authentication information data is for compressing and encrypting, can decipher and decompress(ion) host card simulating Safety module application and relative authentication information data.

Alternatively, in possible embodiments more of the present invention, the password of deciphering host card simulating Safety module application and relative authentication information data is password when encrypting host card simulating Safety module application and relative authentication information data, is generally main frame HCE wallet PIN code.

To illustrate again below a more specifically application scenarios.

Such as, when terminal is the mobile phone installing Android4.4 system, there is NFC function, support HCE technology, thus on mobile phone, can simulate by HCE the software simulation that SE should be used for realizing NFC.When utilizing NFC to carry out mobile payment, first the state of detection of handset, if whether mobile phone is by Root, whether official issues payment software, whether the software that mobile phone is installed is subject to poisoning intrusion etc., if detect, mobile phone is by Root, user can obtain the highest weight limit of system, thus just can obtain SE or the authentication information of storage, malicious user can by the storage system of alternate manner access terminal, and obtain the transaction that the sensitive data be stored in application has removed some pseudo-cards, this will bring great security risk to disburser, so mobile phone is after this security risk being detected, close HCE snap gauge by NFC controller again and intend trading channel, encrypted by the PIN code that HCE mobile phone wallet is corresponding simultaneously and compress and store HCE simulation SE application and associated authentication data information, ensure the security of data.

Further, when detecting that payment software is unofficial releasing software, refusing this payment software access HCE snap gauge and intending trading channel, thus the unsafe factor that payment software brings can be stopped.

Further, after closedown HCE snap gauge intends trading channel, HCE snap gauge can be intended trading channel and be routed in SE entity.

Further, when after closing hand phone Root authority, when whether the state of detection of handset is safe again, now will detect that the state of mobile phone is safe condition, recover HCE snap gauge and intend trading channel, simultaneously decompress(ion) decipher HCE and simulate SE application and associated authentication data information, now no longer carries out NFC transaction by entity SE.

Refer to Fig. 3, Fig. 3 is the structural representation of a kind of safety control that one embodiment of the present of invention provide, and wherein, as shown in Figure 3, a kind of safety control 300 that one embodiment of the present of invention provide can comprise:

First detection module 310, closing module 320 and encrypting module 330.

Wherein, first detection module 310 is for the current state of sense terminals.

Closing module 320, if for detecting that the current state of described terminal is unsafe condition, then Shutdown Hosts snap gauge intends trading channel.

Encrypting module 330, for encrypting and compressing host card simulating Safety module application and relative authentication information data.

Be understandable that, the function of each functional module of the safety control 300 of the present embodiment can according to the method specific implementation in said method embodiment, and its specific implementation process with reference to the associated description of said method embodiment, can repeat no more herein.

Can find out, in the scheme of the present embodiment, the state that safety control 300 sense terminals is current; If safety control 300 detects described terminal, current state is unsafe condition, then Shutdown Hosts snap gauge intends trading channel, thus no longer continues when SOT state of termination is unsafe condition to use host card mock trading passage; Safety control 300 is encrypted and is compressed host card simulating Safety module application and relative authentication information data, achieves the protection to data in process of exchange.Thus the security control achieved under the technology of Intrusion Detection based on host snap gauge plan NFC business.

Refer to Fig. 4, Fig. 4 is the structural representation of the another kind of safety control that an alternative embodiment of the invention provides, and wherein, as shown in Figure 4, the another kind of safety control 400 that an alternative embodiment of the invention provides can comprise:

First detection module 410, closing module 420 and encrypting module 430.

Wherein, first detection module 410 is for the current state of sense terminals.

Closing module 420, if for detecting that the current state of described terminal is unsafe condition, then Shutdown Hosts snap gauge intends trading channel.

Encrypting module 430, for encrypting and compressing host card simulating Safety module application and relative authentication information data.

Alternatively, in possible embodiments more of the present invention, the current state of described detection module 410 sense terminals comprises with at least one under type:

Alternatively, in possible embodiments more of the present invention, described detection module 410 also for:

Alternatively, in possible embodiments more of the present invention, described safety control 400 also comprises:

Routing module 440, for being routed to described host card mock trading passage in security module entity.

Alternatively, in possible embodiments more of the present invention, described encrypting module 430 specifically for:

Alternatively, in possible embodiments more of the present invention, after described encrypting module 430, described safety control 400 also comprises:

Second detection module 450, for detecting the current state of described terminal;

Opening module 460, if for detecting that the current state of described terminal is safe condition, open described host card mock trading passage;

Deciphering module 470, deciphers host card simulating Safety module application and relative authentication information data for decompress(ion).

Wherein, second detection module 450 can be different from first detection module 410, detecting the current safe condition of described terminal for intending at HCE snap gauge after trading channel is closed, also can being integrated in same module with first detection module 410, for detecting the current state of described terminal.

Alternatively, in possible embodiments more of the present invention, when the state that terminal is current is unsafe condition, close HCE snap gauge and intend trading channel, and encrypt simultaneously and compress HCE simulate SE application and relative authentication information data after, the second detection module 450 continues with the current state of certain frequency detecting terminal.

Alternatively, in possible embodiments more of the present invention, opening module 460 can realize opening HCE snap gauge by main frame or NFC controller and intend trading channel.

Alternatively, in possible embodiments more of the present invention, when recovering HCE mock trading passage, deciphering module 470 can be deciphered and decompress(ion) host card simulating Safety module application and relative authentication information data.

Be understandable that, the function of each functional module of the safety control 400 of the present embodiment can according to the method specific implementation in said method embodiment, and its specific implementation process with reference to the associated description of said method embodiment, can repeat no more herein.

Can find out, in the scheme of the present embodiment, the state that safety control 400 sense terminals is current; If safety control 400 detects described terminal, current state is unsafe condition, then Shutdown Hosts snap gauge intends trading channel, thus no longer continues when SOT state of termination is unsafe condition to use host card mock trading passage; Safety control 400 is encrypted and is compressed host card simulating Safety module application and relative authentication information data, achieves the protection to data in process of exchange.Thus the security control achieved under the technology of Intrusion Detection based on host snap gauge plan NFC business.

See the structural representation that Fig. 5, Fig. 5 are another safety controls that another embodiment of the present invention provides.As shown in Figure 5, another safety control 500 that another embodiment of the present invention provides can comprise: at least one bus 501, at least one processor 502 be connected with bus and at least one storer 503 be connected with bus.

Wherein, processor 502, by bus 501, calls the code that stores in storer 503 for the current state of sense terminals; If detect, the current state of described terminal is unsafe condition, then Shutdown Hosts snap gauge intends trading channel; Encrypt and compress host card simulating Safety module application and relative authentication information data.

Alternatively, in possible embodiments more of the present invention, the current state of processor 502 sense terminals comprises with at least one under type:

Alternatively, in possible embodiments more of the present invention, processor 502 is all right:

Alternatively, in possible embodiments more of the present invention, processor 502 is encrypted and after compressing host card simulating Safety module application and relative authentication information data, processor 502 is all right:

Described host card mock trading passage is routed in security module entity.

Alternatively, in possible embodiments more of the present invention, processor 502 is encrypted and is compressed host card simulating Safety module application and relative authentication information data, processor 502 can:

Alternatively, in possible embodiments more of the present invention, processor 502 is encrypted and after compressing host card simulating Safety module application and relative authentication information data, processor 502 also comprises:

Detect the state that described terminal is current;

Alternatively, in possible embodiments more of the present invention, when recovering HCE mock trading passage, processor 502 can be deciphered and decompress(ion) host card simulating Safety module application and relative authentication information data.

Alternatively, in possible embodiments more of the present invention, if detect, the current state of described terminal is safe condition, and HCE snap gauge is intended trading channel and from SE entity, is routed to HCE snap gauge intends in trading channel by processor 502 again.

Be understandable that, the function of each functional module of the safety control 500 of the present embodiment can according to the method specific implementation in said method embodiment, and its specific implementation process with reference to the associated description of said method embodiment, can repeat no more herein.

Can find out, in the scheme of the present embodiment, the state that safety control 500 sense terminals is current; If safety control 500 detects described terminal, current state is unsafe condition, then Shutdown Hosts snap gauge intends trading channel, thus no longer continues when SOT state of termination is unsafe condition to use host card mock trading passage; Safety control 500 is encrypted and is compressed host card simulating Safety module application and relative authentication information data, achieves the protection to data in process of exchange.Thus the security control achieved under the technology of Intrusion Detection based on host snap gauge plan NFC business.

The embodiment of the present invention also provides a kind of computer-readable storage medium, and wherein, this computer-readable storage medium can have program stored therein, and comprises the part or all of step of any one method for message interaction recorded in said method embodiment when this program performs.

It should be noted that, for aforesaid each embodiment of the method, in order to simple description, therefore it is all expressed as a series of combination of actions, but those skilled in the art should know, the present invention is not by the restriction of described sequence of movement, because according to the present invention, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in instructions all belongs to preferred embodiment, and involved action and module might not be that the present invention is necessary.

In the above-described embodiments, the description of each embodiment is all emphasized particularly on different fields, in certain embodiment, there is no the part described in detail, can see the associated description of other embodiments.

In several embodiments that the application provides, should be understood that, disclosed device, the mode by other realizes.Such as, device embodiment described above is only schematic, the such as division of described unit, be only a kind of logic function to divide, actual can have other dividing mode when realizing, such as multiple unit or assembly can in conjunction with or another system can be integrated into, or some features can be ignored, or do not perform.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, and the indirect coupling of device or unit or communication connection can be electrical or other form.

The described unit illustrated as separating component or can may not be and physically separates, and the parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of unit wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.

In addition, each functional unit in various embodiments of the present invention can be integrated in a processing unit, also can be that the independent physics of unit exists, also can two or more unit in a unit integrated.Above-mentioned integrated unit both can adopt the form of hardware to realize, and the form of SFU software functional unit also can be adopted to realize.

If described integrated unit using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in a computer read/write memory medium.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words or all or part of of this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprises all or part of step of some instructions in order to make a computer equipment (can be personal computer, server or the network equipment etc.) perform method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, ROM (read-only memory) (ROM, Read-OnlyMemory), random access memory (RAM, RandomAccessMemory), portable hard drive, magnetic disc or CD etc. various can be program code stored medium.

The above, above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the scope of various embodiments of the present invention technical scheme.

Claims

1. a method of controlling security, is characterized in that, described method comprises:

The state that sense terminals is current;

2. the method for claim 1, is characterized in that, described encryption after compressing host card simulating Safety module application and relative authentication information data, described method also comprises:

Described host card mock trading passage is routed in security module entity.

3. the method for claim 1, is characterized in that, described encryption after compressing host card simulating Safety module application and relative authentication information data, described method also comprises:

Detect the state that described terminal is current;

4. the method as described in claim 1 or 3, is characterized in that, the current state of described sense terminals comprises with at least one under type:

5. the method for claim 1, is characterized in that, described encryption also compresses host card simulating Safety module application and relative authentication information data, comprising:

6. the method for claim 1, is characterized in that, described method also comprises:

7. a safety control, is characterized in that, described device comprises:

First detection module, for the state that sense terminals is current;

8. device as claimed in claim 7, it is characterized in that, described device also comprises:

Routing module, for being routed to described host card mock trading passage in security module entity.

9. device as claimed in claim 7, it is characterized in that, after described encrypting module, described device also comprises:

Second detection module, for detecting the current state of described terminal;

Opening module, if for detecting that the current state of described terminal is safe condition, open described host card mock trading passage;

Deciphering module, deciphers host card simulating Safety module application and relative authentication information data for decompress(ion).

10. the device as described in claim 6 or 9, is characterized in that, the current state of described detection module sense terminals comprises with at least one under type:

11. devices as claimed in claim 7, is characterized in that, described encrypting module specifically for:

12. devices as claimed in claim 7, is characterized in that, described detection module also for: