CN105592033B - trusted service management system and method - Google Patents
trusted service management system and method Download PDFInfo
- Publication number
- CN105592033B CN105592033B CN201410843731.2A CN201410843731A CN105592033B CN 105592033 B CN105592033 B CN 105592033B CN 201410843731 A CN201410843731 A CN 201410843731A CN 105592033 B CN105592033 B CN 105592033B
- Authority
- CN
- China
- Prior art keywords
- individualized
- service provider
- mode
- file
- personal data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
This application discloses a kind of trusted service management system, the system comprises judging unit, for safety barrier initiate application it is individualized when, judge the individualized mode using affiliated service provider;First execution unit is sent to the safety barrier for when the individualized mode is DP file mode, obtaining APDU instruction from database, and by APDU instruction to execute individualized operation;And second execution unit, for when the individualized mode is APDU instruction mode, online message is sent to the service provider, and receives the response to the online message from the service provider and executes individualized operation to be transmitted to the safety barrier.Present invention also provides a kind of methods that trusted service management system executes.
Description
Technical field
The present invention relates to trusted service management (TSM) system and method.
Background technique
Active computer, which does not have, executes personalized function by TSM platform, member mechanism in hair fastener, open card, card
During personalized, traditional hair fastener mode can only be selected, DP file mode or APDU can not be selected according to their needs to refer to
Enable the mode of collection;Meanwhile the security level needed can not be also selected according to their needs;In addition, existing individualized technology is only
Support the application of PBOC 2.0 individualized, the function of not having the support of multi version CAP packet also therefore individualizes open-minded after not supporting
3.0 new features of the PBOC such as expanded application and national secret algorithm.
Summary of the invention
To solve the above-mentioned problems, according to the one aspect of the application, a kind of trusted service management system is provided, it is described
System includes: judging unit, for judging using affiliated service provider when safety barrier is initiated using individualizing
Peopleization mode;First execution unit, for obtaining APDU from database and referring to when the individualized mode is DP file mode
It enables, and APDU instruction is sent to the safety barrier to execute individualized operation;And second execution unit, it is used for
When the individualized mode is APDU instruction mode, online message is sent to the service provider, and mention from the service
The response to the online message, which is received, for quotient executes individualized operation to be transmitted to the safety barrier.
Above system may also include that resolution unit, and being used for will be received comprising personal data from the service provider
DP document analysis instructed at APDU, and be persisted to the database.
In above system, the response to the online message include directly generated by the service provider it is executable
Individualized instruction set.
Above system may also include that control unit, still be held by described second for controlling by first execution unit
Row unit executes current operation.
In above system, the CAP of system configuration finance PBOC application different editions in pairs executes individualized.
In above system, when user opens expanded application, the system configuration sends extension to service provider
Using opening online message, and the response that the service provider opens online message to the expanded application is transmitted to safety
Carrier executes individualized operation, to open expanded application, wherein the response for opening online message to the expanded application includes
Instruction set is individualized by executable " expanded application is open-minded " that the service provider directly generates afterwards.
Above system may also include that Network File System, including one or more catalogues corresponding with service provider, institute
Catalogue is stated for for using the personalized service provider of DP mode to upload DP file.
Above system may also include that scanning element, for regularly executing scan task to Network File System.
Above system may also include that two or more trusted service managing main frames, for according to pre-set scheduling plan
Slightly concomitantly dispatch deal DP file.
In above system, described two or more trusted service managing main frames are configured to be numbered according to application node, appoint
Business flowing water and document time stamp are to determine whether by this host schedules DP document analysis task.
In above system, second execution unit is configured to send dynamic key before sending the online message
Request.
Above system may also include that encryption equipment, the encryption equipment are used to receive transmission key TK from service provider, according to
The transmission key TK decrypts dynamic key, and carries out cryptographic operation to sensitive data according to the dynamic key.
In above system, the dynamic key includes KEK key and MAC key.
In above system, the resolution unit is configured to solve DP file according to the analysis mode being put in storage in batches
Analysis, wherein the analysis mode being put in storage in batches includes the following steps: the personal data quantity for a) pre-defining each batch
The upper limit;B) batch size needed for calculating all personal data storages;And personal data c) is parsed in batches: every batch of
Peopleization data are persisted to database after being parsed, then execute the parsing and persistence of next batch, until all batches
Personal data complete parsing and persistence.
Above system may also include that notification unit, for notifying the specific instruction execution result of service provider.
According to further aspect of the application, a kind of method that trusted service management system executes, the method are provided
It include: to judge the individualized mode using affiliated service provider when safety barrier is initiated using individualizing;At described
When peopleization mode is DP file mode, APDU instruction is obtained from database, and APDU instruction is sent to the safety
Carrier is to execute individualized operation;And when the individualized mode is APDU instruction mode, to the service provider
Online message is sent, and receives the response to the online message from the service provider to be transmitted to the safety barrier
Execute individualized operation.
Detailed description of the invention
After having read a specific embodiment of the invention referring to attached drawing, those skilled in the art will be more clearly
Solve various aspects of the invention.Skilled person would appreciate that: these attached drawings are used only for cooperation specific embodiment party
Formula illustrates technical solution of the present invention, and is not intended to limit the scope of protection of the present invention.
Fig. 1 is the method flow diagram according to one embodiment of the application, individualized model selection;
Fig. 2 is according to individualizing the schematic diagram for opening expanded application after one embodiment of the application, PBOC 3.0;
Fig. 3 is the flow chart of one embodiment according to the application, TSM system multi-machine Scheduling strategy;
Fig. 4 is one embodiment, the NFS system structure diagram according to the application;
Fig. 5 is according to one embodiment of the application, comprising static transmission cipher key mode and dynamic transmission cipher key mode
Individualized flow diagram;
Fig. 6 is the flow chart being put in storage according to one embodiment of the application, DP file fragmentation.
Specific embodiment
What is be described below is some in multiple possible embodiments of the invention, it is desirable to provide to of the invention basic
Solution, it is no intended to confirm crucial or conclusive element of the invention or limit scope of the claimed.It is readily appreciated that, according to this
The technical solution of invention, in the case where not changing connotation of the invention, those of ordinary skill in the art can propose can be mutual
Other implementations of replacement.Therefore, following specific embodiments and attached drawing are only the examples to technical solution of the present invention
Property explanation, and be not to be construed as whole of the invention or be considered as to define or limit technical solution of the present invention.
The traditional hair fastener mode of card sending mechanism uses the DP file mode under line, and the same user opens card to multiple bank cards
(and individualized) needs longer process.In order to reach the target of instant hair fastener and card Content Management, TSM system has been built by Unionpay
System.TSM is the abbreviation of Trusted Service Management, and the TSM of the application is built based on " card is applied more " technology
" the aerial hair fastener " and application management system of vertical complete set.By TSM platform, card sending mechanism can safe and efficiently will be more
It opens on financial smart card Information personalization to mobile phone or IC card, had not only facilitated user to carry, use, but also be convenient for itself hair fastener and pipe
Reason.
It may include following several main operating processes: 1, a according to trusted service management (TSM) system of the application
Peopleization instruction obtains;2, instruction secure parsing is individualized;3, instruction execution and implementing result notice are individualized.
Individualized instruction is obtained, the TSM of the application guides industry while supporting traditional off line DP file mode
Each side, which is transitioned into, uses online APDU instruction mode.Meanwhile the TSM of the application had both supported the individualized finger of 2.0 version of PBOC
It enables, also supports the individualized instruction of 3.0 version of PBOC, and the individualized instruction of more highest version can be extended on demand.
To the security solution of individualized instruction, the TSM of the application guarantees high availability by the way of multi-machine Scheduling.Separately
Outside, to realize distributed file management, NFS Network File System is introduced to manage individualized command file.In addition, to all
The member mechanism of access, provides maltilevel security mechanism, it is ensured that the confidentiality and reliability of individualized instruction.For security solution institute
Instruction must be individualized, the TSM of the application reduces system load, guarantee system even running in such a way that segmentation batch is put in storage
And its high availability.
Individualized instruction to completing to execute, the TSM of the application will notify member mechanism to individualize instruction execution result, with
For the business information of synchronous both sides.
Fig. 1 is the method flow diagram according to one embodiment of the application, individualized model selection.Pass through the application's
Two kinds of individualized tupes: DP file mode and APDU instruction mode can be achieved in TSM system, service provider (SP).
DP file mode, i.e. SP send the personal data document (DP file) of generation to the TSM system of the application
System.It may include several pieces personal data in one DP file.The timing scan task of TSM system is swept according to the time of configuration
The catalogue that SP uploads DP file is retouched, is persisted to database after being parsed into APDU instruction.It is individualized that application is initiated in safety barrier
When, the individualized mode of the affiliated SP of TSM system judgement application obtains APDU instruction from database if it is DP file mode,
It is sent to safety barrier and executes individualized operation;
When safety barrier is initiated using individualizing, the individualized mode of the affiliated SP of TSM system judgement application, if it is
APDU instruction mode, TSM system send online message to SP, are directly generated executable individualized instruction set by SP and be assembled into
Online message response executes individualized operation to safety barrier by the TSM system forwards of the application to the TSM system of the application.
TSM system supports above two individualized mode simultaneously, meanwhile, it, can be at any time at this by modifying configuration parameter
Switch between both of which.
According to one embodiment of the application, a kind of trusted service management (TSM) system is provided comprising: judgement is single
Member, for judging the individualized mode using affiliated service provider when safety barrier is initiated using individualizing;First holds
Row unit, for obtaining APDU instruction from database, and by the APDU when the individualized mode is DP file mode
Instruction is sent to the safety barrier to execute individualized operation;And second execution unit, in the individualized mould
When formula is APDU instruction mode, online message is sent to the service provider, and receive to described from the service provider
The response of online message executes individualized operation to be transmitted to the safety barrier.
It should be pointed out that hardware, software can be used in above-mentioned judging unit, the first execution unit and the second execution unit
Or the mode of software and hardware combining is realized.
According to one embodiment of the application, the trusted service management system of the application can apply different versions to financial PBOC
This CAP packet executes individualized.Compatible CAP packet version includes PBOC 2.0 and PBOC 3.0 at present, while being supported two-way simultaneous
Hold (upward-compatible, backward compatible).According to the difference of configuration parameter, what the SP of commission TSM system management applications can be as needed
Application characteristic selects the PBOC CAP packet of different editions.To the SP of selection PBOC 3.0CAP packet, TSM system is provided to the close calculation of state
The support of method and expanded application.
As shown in Fig. 2, TSM sends expanded application to SP and opens online message, direct by SP when user opens expanded application
Executable " expanded application is open-minded " is generated to individualize instruction set afterwards and be assembled into online message response to the TSM system of the application
System, individualized operation after being executed by TSM system forwards to safety barrier, opens expanded application.
In one embodiment, to the personalized SP of DP mode is used, TSM system provides specified Network File System
(NFS) path uploads DP file for SP and uses, and network structure is as shown in Figure 4.
In one embodiment, to the selection personalized DP of DP mode, TSM system is distributed specific path in NFS and is supplied
SP uploads DP file (if it is dynamic key mode, while need to upload dynamic key cryptograph files).When user is in cell phone customer
When application downloading application is initiated at end, TSM system forwards application message to SP, and SP generates executable individualized instruction set and assembles
It is uploaded at DP file (may include the corresponding individualized instruction set of downloading application of multiple users in a DP file), then by SP
Into NFS.
When SP logs on to NFS using SFTP mode, only has the permission for accessing corresponding DP file storage path.Such as Fig. 4 institute
Show, two TSM applied host machines can access the file in NFS as access local file.After completing DP document analysis, DP
Another path that file will be transferred in NFS retains as historical data.
In one embodiment, more TSM applied host machines are extended if necessary, and access NFS can also be configured by host.
In one embodiment, TSM system may include Network File System.Network File System further comprise one or
Multiple catalogues corresponding with service provider, the catalogue are used for for using the personalized service provider of DP mode to upload DP text
Part.
Due to the use of NFS system, the problem of introducing more TSM host concurrent processing same DP file.For this
The TSM system of the problem of sample, the application evade this problem using configurable scheduling strategy.Scheduling strategy judges such as Fig. 3 institute
Show.
In conjunction with Fig. 3 and Fig. 4, the scanning element in TSM system periodically executes scan task to NFS.When scanning is to be resolved
DP file when, TSM host according to preconfigured scheduling strategy (including application node number, task flowing water, document time stamp
Equal scheduling strategies judgment basis) judge whether by this host schedules DP document analysis task.If taking turns to the parsing of this host schedules
Task then continues to execute;Otherwise the DP file is skipped, other DP files under NFS are continued to scan on, until all untreated in NFS
DP file it is processed.It can reduce database to avoid more TSM hosts to the concurrent operations of same DP file in this way and generate
The potential risk of dirty data improves TSM application reliability.
Fig. 5 has been shown in particular one embodiment according to the application, is included in the complete individualized of security key model selection
Process.
In one embodiment, TSM system supports following two cipher key mode: static transmission cipher key mode and dynamic pass
Defeated cipher key mode.In one embodiment, transmission key KEK and MAC key are generated by SP, are passed to the transmission mode of safety
TSM system.
1) static transmission cipher key mode
Before transmission DP file or APDU instruction set, SP passes through static transmission key KEK and MAC key formally
(under line) key exchange process passes to hardware encryption equipment, and TSM is called in encryption equipment when individualized to carrier application execution every time
The every batch data of transmission key KEK and MAC key pair carry out sensitive data and turn encryption and MAC verification operation.
2) dynamic transmission cipher key mode
SP generates a dynamic set of KEK and MAC key, in a manner of ciphertext and DP while transmission DP file every time
File passes to TSM system together.Before transmitting personal data, SP will protect the transmission key TK of KEK and MAC key to pass through
It crosses formal key exchange process and passes to encryption equipment.The transmission key TK in encryption equipment is called to solve KEK when each hair fastener of TSM
With MAC key, then sensitive data being carried out to every batch data and turns encryption and MAC verification operation, this operation must complete by encryption equipment,
The plaintext of KEK and MAC key must not be exported.
If the individualized mode of SP is APDU mode, TSM needs before sending the online message for obtaining APDU instruction set
The online message for obtaining dynamic key is first sent, triggering SP is generated a dynamic set of KEK and MAC key, answered in a manner of ciphertext
It answers to Unionpay.
It in one embodiment, may include more parts of personal datas in DP file.In view of the robustness of TSM system,
Resolution unit in system is to the DP file comprising batch personal data using the analysis mode being put in storage in batches, it may be assumed that fixed in advance
The upper limit of the personal data quantity of the good each batch of justice, when parsing DP file, calculates the quantity of wherein all personal datas
Personal data is put in storage in batches with after the relationship of batch, calculation formula is as follows:
Personal data batch size=personal data quantity/every batch of personal data the upper limit of the number.
Fig. 6 specifically illustrates the flow chart of DP file fragmentation storage.When starting to parse DP file, TSM calculates all
Batch size needed for peopleization data loading then begins to parse personal data in batches, and every batch of personal data is parsed
After be persisted to database, then the parsing and persistence of next batch are executed, until the personal data of all batches is complete
At parsing and persistence.By using the analysis mode of segmentation storage, the robustness of TSM system can be greatly enhanced.This aspect
It avoids because personal data is excessive in DP file, leads to that connection exception, memory is caused to overflow when submitting db transaction.It is another
Aspect avoids because of certain a personal data parsing storage failure by being divided into multiple issued transaction batch datas, causes institute
There is individualized instruction parsing storage failure.
In one embodiment, after completing individualized instruction execution, TSM system will inform the specific instruction execution knot of SP
Fruit.In one embodiment, if instruction execution fails, TSM will inform the reason of SP instruction execution fails simultaneously, and SP is promoted to repair
Change personal data, guarantees the smooth of follow-up business.In one embodiment, if parsing this son in individualized instruction secure
It malfunctions in process, then will inform the information such as the specific location of SP error.
It is easily understood that the TSM system in the application can be realized in several ways, including but not limited to software,
The combination of hardware and software and hardware.By providing the compatibility off-line file mode and online-order mode of the application
Personalized TSM system and method realize the parsing of the individualized instruction to the versions such as PBOC 2.0 and PBOC 3.0 and execute
While support.The characteristics of TSM system and method for the application, is the individualized instruction support of the multi version of Highly Scalable and net
The segmentation of network file system, configurable multi-machine Scheduling strategy, highly reliable maltilevel security mechanism and High Availabitity is put in storage in batches.It is logical
These features are crossed, the system resource of TSM can be saved, guarantee even running of the system when facing Large Volume Data, and are ensured a
It is not tampered when the parsing of peopleization data, execution.
To sum up, the technical solution of the application provides the individualized of a kind of compatible off-line file mode and online-order mode
TSM system and method, which mainly has the following advantages: 1) flexibly, SP can choose using two kinds of individuals for configuration
One kind of change mode, if it is desired, another individualized mode can also be switched at any time and do not need to restart application;2) multimachine
Scheduling, can lateral dilatation arrive the mainframe cluster of required scale, guarantee the high availability serviced;3) big data segmentation batch is put in storage,
It guarantees data integrity;4) security mechanism is complete, using the security mechanism of dynamic bind static state, guarantees data confidentiality.
Above, a specific embodiment of the invention is described with reference to the accompanying drawings.But those skilled in the art
It is understood that without departing from the spirit and scope of the present invention, can also make to a specific embodiment of the invention each
Kind change and replacement.These changes and replacement are all fallen within the scope of the invention as defined in the claims.
Claims (30)
1. a kind of trusted service management system, which is characterized in that the system comprises:
Judging unit, for judging using the individualized of affiliated service provider when safety barrier is initiated using individualizing
Mode;
First execution unit, for when the individualized mode is DP file mode, obtaining APDU instruction from database, and
APDU instruction is sent to the safety barrier to execute individualized operation;And
Second execution unit, for sending and joining to the service provider when the individualized mode is APDU instruction mode
Machine message, and the response to the online message is received from the service provider to be transmitted to the safety barrier execution
Peopleization operation.
2. the system as claimed in claim 1, further includes:
Resolution unit, for will refer to from the received DP document analysis comprising personal data of the service provider at APDU
It enables, and is persisted to the database.
3. the system as claimed in claim 1, wherein the response to the online message includes direct by the service provider
The executable individualized instruction set generated.
4. the system as claimed in claim 1, further includes:
Control unit still executes current behaviour by second execution unit by first execution unit for controlling
Make.
5. the system as claimed in claim 1, wherein the CAP of system configuration finance PBOC application different editions in pairs is held
Row is individualized.
6. system as claimed in claim 5, wherein when user opens expanded application, the system configuration is mentioned to service
Expanded application is sent for quotient and opens online message, and the service provider is opened into online message to the expanded application and is answered
It answers and is transmitted to safety barrier execution individualized operation, to open expanded application, wherein open online report to the expanded application
The response of text includes that executable " expanded application is open-minded " directly generated by the service provider individualizes instruction set afterwards.
7. the system as claimed in claim 1, further includes:
Network File System, including one or more catalogues corresponding with service provider, the catalogue are used for for using DP mould
The personalized service provider of formula uploads DP file.
8. system as claimed in claim 1 or 7, further includes:
Scanning element, for regularly executing scan task to Network File System.
9. the system as claimed in claim 1, further includes:
Two or more trusted service managing main frames, for concomitantly dispatch deal DP to be literary according to pre-set scheduling strategy
Part.
10. system as claimed in claim 9, wherein described two or more trusted service managing main frames are configured to basis and answer
With node serial number, task flowing water and document time stamp to determine whether by this host schedules DP document analysis task.
11. the system as claimed in claim 1, wherein second execution unit is configured to before sending the online message
Send the request of dynamic key.
12. the system as claimed in claim 1, further includes:
Encryption equipment, the encryption equipment are used to receive transmission key TK from service provider, be decrypted according to the transmission key TK
Dynamic key, and cryptographic operation is carried out to sensitive data according to the dynamic key.
13. system as claimed in claim 12, wherein the dynamic key includes KEK key and MAC key.
14. system as claimed in claim 2, wherein the resolution unit is configured to according to the analysis mode pair being put in storage in batches
DP file is parsed, wherein the analysis mode being put in storage in batches includes the following steps:
A) upper limit of the personal data quantity of each batch is pre-defined;
B) batch size needed for calculating all personal data storages;And
C) parse personal data in batches: every batch of personal data is persisted to database after being parsed, then executes next
The parsing and persistence of batch, until the personal data of all batches completes parsing and persistence.
15. the system as claimed in claim 1, further includes:
Notification unit, for notifying the specific instruction execution result of service provider.
16. a kind of method that trusted service management system executes, which is characterized in that the described method includes:
When safety barrier is initiated using individualizing, the individualized mode using affiliated service provider is judged;
When the individualized mode is DP file mode, APDU instruction is obtained from database, and the APDU is instructed and is sent out
The safety barrier is given to execute individualized operation;And
When the individualized mode is APDU instruction mode, online message is sent to the service provider, and from the clothes
Business provider receives the response to the online message and executes individualized operation to be transmitted to the safety barrier.
17. the method described in claim 16, further includes:
It will be instructed from the received DP document analysis comprising personal data of the service provider at APDU, and be persisted to institute
State database.
18. the method described in claim 16, wherein the response to the online message includes straight by the service provider
The executable individualized instruction set delivered a child.
19. the method described in claim 16, further includes:
By modifying configuration parameter, switched between DP file mode and APDU instruction mode.
20. the method described in claim 16, further includes: executed to the CAP packet of financial PBOC application different editions individualized.
21. method as claimed in claim 20, wherein when user opens expanded application, send and extend to service provider
Using opening online message, and the response that the service provider opens online message to the expanded application is transmitted to safety
Carrier executes individualized operation, to open expanded application, wherein the response for opening online message to the expanded application includes
Instruction set is individualized by executable " expanded application is open-minded " that the service provider directly generates afterwards.
22. the method described in claim 16, further includes:
Specified Network File System is provided for using the personalized service provider of DP mode to upload DP file.
23. the method described in claim 16, further includes:
Scan task regularly is executed to Network File System.
24. the method described in claim 16, further includes:
According to pre-set scheduling strategy concomitantly dispatch deal DP file.
25. method as claimed in claim 24, wherein pre-set scheduling strategy includes application node number, task flow
Water and document time stamp.
26. the method described in claim 16, wherein before sending the online message, first send the request of dynamic key.
27. the method described in claim 16, further includes:
Transmission key TK is received from service provider, dynamic key is decrypted according to the transmission key TK, and according to described
Dynamic key carries out cryptographic operation to sensitive data.
28. method as claimed in claim 27, wherein the dynamic key includes KEK key and MAC key.
29. method as claimed in claim 17, wherein DP file is parsed according to the analysis mode being put in storage in batches,
In, the analysis mode being put in storage in batches includes the following steps:
A) upper limit of the personal data quantity of each batch is pre-defined;
B) batch size needed for calculating all personal data storages;And
C) parse personal data in batches: every batch of personal data is persisted to database after being parsed, then executes next
The parsing and persistence of batch, until the personal data of all batches completes parsing and persistence.
30. the method described in claim 16, further includes:
Notify the specific instruction execution result of service provider.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410843731.2A CN105592033B (en) | 2014-12-30 | 2014-12-30 | trusted service management system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410843731.2A CN105592033B (en) | 2014-12-30 | 2014-12-30 | trusted service management system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105592033A CN105592033A (en) | 2016-05-18 |
CN105592033B true CN105592033B (en) | 2018-12-25 |
Family
ID=55931251
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410843731.2A Active CN105592033B (en) | 2014-12-30 | 2014-12-30 | trusted service management system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105592033B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108718238B (en) * | 2018-05-11 | 2023-04-18 | 北京握奇智能科技有限公司 | Universal personalization method and system |
CN113347620B (en) * | 2021-08-05 | 2021-11-12 | 深圳市深圳通有限公司 | Method, device, equipment and storage medium for compatibility of multi-version application air card issuing |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1759376A (en) * | 2003-01-16 | 2006-04-12 | 太阳微系统公司 | Ordering program data for loading on a device |
CN1954345A (en) * | 2004-05-28 | 2007-04-25 | 国际商业机器公司 | Smart card data transaction system and method for providing storage and transmission security |
CN103530775A (en) * | 2012-09-28 | 2014-01-22 | 深圳市家富通汇科技有限公司 | Method and system for providing controllable trusted service manager |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4322021B2 (en) * | 2003-02-06 | 2009-08-26 | 株式会社ルネサステクノロジ | Memory card |
US9172539B2 (en) * | 2011-09-14 | 2015-10-27 | Mastercard International Incorporated | In-market personalization of payment devices |
-
2014
- 2014-12-30 CN CN201410843731.2A patent/CN105592033B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1759376A (en) * | 2003-01-16 | 2006-04-12 | 太阳微系统公司 | Ordering program data for loading on a device |
CN1954345A (en) * | 2004-05-28 | 2007-04-25 | 国际商业机器公司 | Smart card data transaction system and method for providing storage and transmission security |
CN103530775A (en) * | 2012-09-28 | 2014-01-22 | 深圳市家富通汇科技有限公司 | Method and system for providing controllable trusted service manager |
Also Published As
Publication number | Publication date |
---|---|
CN105592033A (en) | 2016-05-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102508791B (en) | Method and device for encrypting hard disk partition | |
EP4081921B1 (en) | Contactless card personal identification system | |
CN104331644A (en) | Transparent encryption and decryption method for intelligent terminal file | |
CN105022966B (en) | Database data encryption decryption method and system | |
US11621849B2 (en) | Call center web-based authentication using a contactless card | |
CN104199657A (en) | Call method and device for open platform | |
EP4241221A1 (en) | Web-based activation of contactless cards | |
CN109697370A (en) | Database data encipher-decipher method, device, computer equipment and storage medium | |
CN107196907A (en) | A kind of guard method of Android SO files and device | |
CN109977039A (en) | HD encryption method for storing cipher key, device, equipment and readable storage medium storing program for executing | |
CN103164659A (en) | Method for realizing data storage safety and electronic device | |
CN103592927A (en) | Method for binding product server and service function through license | |
CN101807237B (en) | Signature method and device | |
CN105592033B (en) | trusted service management system and method | |
CN105187410A (en) | Application self-upgrading method and system | |
CN104732391A (en) | Payment terminal, payment background and payment method using virtual card | |
CN106664535A (en) | Information sending method and apparatus, terminal device, and system | |
CN113014545B (en) | Data processing method and device, computer equipment and storage medium | |
CN108062713B (en) | Annuity data file obtaining method and device, computer equipment and storage medium | |
CN102118745B (en) | Method and device for secure encryption for mobile payment data, and mobile phone | |
EP3021516A1 (en) | Method and server for providing transaction keys | |
CN105871840A (en) | Certificate management method and system | |
CN106685931B (en) | Smart card application management method and system, terminal and smart card | |
CN111931222B (en) | Application data encryption method, device, terminal and storage medium | |
CN110008724A (en) | Solid-state hard disk controller method for secure loading, device and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |