CN106102054A - A kind of method and communication system that safe unit is carried out safety management - Google Patents
A kind of method and communication system that safe unit is carried out safety management Download PDFInfo
- Publication number
- CN106102054A CN106102054A CN201610359171.2A CN201610359171A CN106102054A CN 106102054 A CN106102054 A CN 106102054A CN 201610359171 A CN201610359171 A CN 201610359171A CN 106102054 A CN106102054 A CN 106102054A
- Authority
- CN
- China
- Prior art keywords
- management
- trusted application
- trusted
- application
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Abstract
The present invention relates to a kind of method that safe unit is carried out safety management and the communication system utilizing the method to realize.The method comprises the steps: to load trusted application in terminal unit;Manage in described trusted application and described trusted service and set up escape way between server;Described trusted service management server issues management key to described trusted application by described escape way, by the described trusted application described management key of storage;Described trusted service management server issues management instruction by described escape way and arrives described trusted application, described trusted application store described management instruction;And described trusted application carries out Content Management based on management key and management instruction to described safe unit.In accordance with the invention it is possible on the basis of assuring data security, reduce networking number of times, improve the execution efficiency of task.
Description
Technical field
The present invention relates to mobile communication technology, a kind of method that safe unit is carried out safety management and
Communication system.
Background technology
Along with the development of mobile communication technology, can be with integrated increasing application in terminal.Should in order to realize these
By, terminal by some sensitive informations, such as (i.e. SE, Security during user profile etc. are arranged on the safe unit of terminal
Element), when needs use sensitive information, the user profile in this safe unit of the accessible with application software of terminal.In safety
The user profile arranged in unit such as includes personal information and the accounts information etc. of user, when accessing safe unit, and terminal
On any one application software can pass through the application programming in terminal operating system (OS, Operation System)
Interface (API, Application Programming Interface) accesses safe unit.In this case, safety is single
Unit probably attacked by malicious application software, cause in safe unit arrange user profile disappearance, distort and/or
Revealing, cause the user is lost.In order to ensure user information safety set in safe unit, the access to safe unit
Need to carry out security monitoring.
At present, the mode that safe unit accesses employing security monitoring is: employing trusted service management (TSM,
Trusted Service Manager) server and terminal unit combine, pacify the application software accessing safe unit
Full monitoring.
Specifically, as the method for existing this terminal unit safe unit Content Management, the safety shown in Fig. 1 is enumerated
The communication system of location contents management.As it is shown in figure 1, arrange TSM server (i.e. trusted service management server) 10, pass through
TSM server 10 and the two-way authentication of the safe unit (i.e. SE) 21 in terminal unit 20, set up escape way 30, utilize safety
Passage 30 implements the Content Management of safe unit, and these Content Management include such as, and application is downloaded, application is installed, auxiliary security
Territory creates, application locking, application unblock and application deletion etc..
Have an advantage in that, trusted service management server 10 pass through TSM Agent 22 and the safety of terminal unit 20
Unit (i.e. SE) 21 directly sets up escape way, and its safety is higher.But the shortcoming of there is also, i.e. need real-time with credible
Service manager server 10 communicates, and terminal unit its error probability the most outstanding for network environment can be higher,
Mourn in silence and when processing, be also possible to cause the situation of flow of escaping, will be unable to carry out in the case of terminal unit does not has network simultaneously
Content Management, cannot accomplish smoothness for slightly bigger the applying of some data volumes on Consumer's Experience.
Summary of the invention
In view of the above problems, it is desirable to provide one has only to carry out half on the basis of assuring data security
Networking can be realized as safe unit carrying out the method for managing security of the safe unit of effective Content Management and utilizing the party
The communication system that method realizes.
The method that safe unit is carried out safety management of the present invention, it is characterised in that comprise the steps:
Trusted application loads and initialization step, loads trusted application in terminal unit;
Escape way establishment step, manages in described trusted application and described trusted service and sets up escape way between server;
Management delivering key storing step, described trusted service management server issues management key by described escape way and arrives
Described trusted application, is stored described management key by described trusted application;
Management instruction issues step, and described trusted service management server issues management instruction to described by described escape way
Trusted application, is stored described management instruction by described trusted application;And
Content Management operating procedure, described trusted application carries out content based on management key and management instruction to described safe unit
Management.
Preferably, load and in initialization step in described trusted application, by trusted application integrated in terminal unit
Or download online trusted application realizes the loading of trusted application,
Wherein, described trusted application comprises the server certificate that trusted service management server is signed and issued.
Preferably, in described escape way establishment step, manage service in described trusted application and described trusted service
Between device, the public private key pair comprised in described server certificate is utilized to set up escape way or directly set up SSL connection.
Preferably, load and in initialization step in trusted application so that trusted application is in TEE environment.
Preferably, described Content Management includes: application is downloaded, applies installation, the establishment of auxiliary security territory, application locking, answered
With unlocking and application deletion.
The communication system of the present invention, this communication system possesses trusted service management server and terminal unit, and its feature exists
In,
Described terminal unit possesses:
Safe unit;And
Trusted application, for setting up escape way between described trusted service management server and described terminal unit, receives
And store the data come from the management server transmission of described trusted service and based on described data, described safe unit carried out
Content Management.
Preferably, described trusted application is integrated in terminal unit or by download online to terminal unit.
Preferably, described trusted application possesses storage module, and described storage module is used for storing the management of described trusted service
Server certificate that server is signed and issued and the management key issued from described trusted service management server and management instruction.
Preferably, manage between server in described trusted application and described trusted service, utilize described server certificate
In the public private key pair that comprises set up escape way or directly set up SSL and connect.
Preferably, during described trusted application is arranged on TEE environment.
As it has been described above, the method that safe unit is carried out safety management of the present invention and the communication utilizing the method to realize
System, on the basis of the safety ensureing data transmission, it is possible to effectively solve to carry out during safe unit Content Management necessary real
Time networking problem, user only need connect primary network can not limit number of times Content Management operation,
Thereby, it is possible to the network service reduced between trusted servers management server, meanwhile, improve the success rate of task and carry
High execution efficiency.
Accompanying drawing explanation
Fig. 1 illustrates the communication system that safe unit carries out Content Management of the prior art.
Fig. 2 illustrates the communication system that safe unit carries out Content Management of the present invention.
Fig. 3 is the flow chart of the method that safe unit carries out Content Management of the present invention.
Detailed description of the invention
Be described below be the present invention multiple embodiments in some, it is desirable to provide the basic understanding to the present invention.And
It is not intended to confirm the crucial of the present invention or conclusive key element or limit scope of the claimed.
It is an object of the invention to solve to carry out the problem of necessary real-time interconnection, energy of the present invention during safe unit Content Management
Reaching user on the basis of ensureing safety only needs connection primary network can not limit the content of number of times
Management operation, it is possible to reduce the network service between trusted servers management server, in addition to necessary state synchronized
Particular content management instruction is issued without trusted service management server.
Fig. 2 illustrates the communication system that safe unit carries out Content Management of the present invention.
As in figure 2 it is shown, the communication system of the present invention possesses trusted service management server 100 (is shown as TSM clothes in fig. 2
Business device) and terminal unit 200.
Wherein, terminal unit 200 possesses: safe unit 210, trusted application 220 and TSM Agent 230.Terminal sets
Standby 200 such as have smart mobile phone, intelligent watch, panel computer etc., and its CPU should comprise TEE environment.At safe unit 210
In can store the safety information of terminal unit and user, such as, the personal information of user and accounts information etc..
In the present invention, trusted application 220 can be to be previously integrated in terminal unit, it is also possible to is to pass through download online
In terminal unit 200.Trusted application 220 is for setting up peace between trusted service management server 100 and terminal unit 200
Full tunnel 300, and trusted application 220 sends the data come also for receiving and storing from trusted service management server 100
And based on data, safe unit 210 is carried out Content Management.Meanwhile, during trusted application 220 is arranged on TEE environment.TEE
(Trusted Execution Environment, credible execution environment) refers to an independent safety in terminal unit
Running environment, this environment and normal application runtime environment REE(Rich Execution Environment) logic isolation, only
Can be interacted by the API authorized.TEE can support the security feature such as clean boot, safety applications management.Due to TEE ring
Border is security context, and therefore, the storage that the trusted application 220 in TEE environment is carried out may be considered safe.
Specifically, trusted application 220 possesses storage module, stores module and is used for storing trusted service management server 100
The server certificate signed and issued and the management key and the management that issue from trusted service management server 100 instruct.Answer credible
Manage between server 100 with 220 and trusted service, utilize the public private key pair comprised in described server certificate to set up safety logical
Road or directly set up SSL connect.Wherein, SSL(Secure Sockets Layer, SSL) it is to carry for network service
For safety and a kind of security protocol of data integrity, in order to be guaranteed in the safety of data transmission on networks, it utilizes data
Encryption technology, it can be ensured that data are difficult in the transmitting procedure on network be intercepted and eavesdrop, and SSL has been widely used end
Authentication between end and server and encrypted data transmission.
So, the escape way 300 between server 100, trusted service are managed by trusted application 220 and trusted service
Management server 100 can issue SE management key and management instruction, based on the SE management key issued and management instruction, credible
Application 220 can carry out Content Management to safe unit 210, and the instruction of its management may come from trusted service management server
100, it is also possible to come from the TSM Agent 230 of terminal unit 200.
So, trusted application 220 is by receiving the pipe that trusted service management server 100 or TSM Agent 230 is sent
Reason instruction, uses SE management key to carry out safe unit 210 and carries out Content Management, and these Content Management include but not limited to application
Downloading, application is installed, and auxiliary security territory creates, application locking, and application unlocks, and application is deleted.
Then, the communication system for the present invention realizes carrying out safe unit the method for Content Management and illustrates.
Fig. 3 is the flow chart of the method that safe unit carries out Content Management of the present invention.As it is shown on figure 3, the present invention
The method that safe unit carries out safety management comprises the steps:
Trusted application loads and initialization step S100: load trusted application 220 in terminal unit 200;
Escape way establishment step S200: manage in trusted application 220 and trusted service and set up escape way between server 100
300;
Management delivering key storing step S300: trusted service management server 100 issues management key by escape way 300
To trusted application 220, and stored this management key by trusted application 220;
Management instruction issues step S400: trusted service management server 100 issues management instruction to can by escape way 300
Letter application 220, and stored described management instruction by trusted application 220;And
Content Management operating procedure S500: in safe unit 210 is carried out by trusted application 220 based on management key and management instruction
Hold management.
Then, these steps are specifically described.
Load and in initialization step S100 in trusted application, by trusted application integrated in terminal unit 200, such as
It is integrated in the ROM of terminal unit 200, or download online is installed and updated trusted application, it is possible to realize trusted application
Load.And, it is necessary to trusted application 220 is arranged in TEE environment, owing to TEE environment is security context, therefore, TEE ring
The storage that trusted application 220 in border is carried out is considered as safe.
Wherein, for the initialization of trusted application 220 so that comprise trusted service management service in trusted application 220
The server certificate that device 100 is signed and issued, this server certificate include producing a public private key pair (its algorithm include but not limited to RSA,
The asymmetric arithmetics such as ECC), for setting up escape way with trusted service management server 100 in subsequent step.
In escape way establishment step S200, manage between server 100 in trusted application 220 and trusted service, profit
Escape way 300 is set up specifically with the public private key pair comprised in server certificate, such as public including but not limited to using the other side
Key is directly encrypted and is thus set up escape way, such as, can also directly set up SSL and connect.
In management delivering key storing step S300, trusted service management server 100 is issued by escape way 300
Management key, to trusted application 220, is stored this management key by trusted application 220, owing to trusted application 220 is in TEE environment
In, therefore, its storage carried out is safe.
Issuing in step S400 in management instruction, trusted service management server 100 issues management by escape way 300
Instruction, to trusted application 220, is stored described management instruction by trusted application 220, owing to trusted application 220 is in TEE environment,
Therefore, its storage carried out is safe.Furthermore in the present invention it is possible to issue disposable instruction to arrive trusted application 220,
Command content is including but not limited to timed task, delayed tasks, preprocessing tasks etc..
In Content Management operating procedure S500, trusted application 220 instructs safe unit based on management key and management
210 carry out Content Management, such as by trusted application 220 organization instruction, and can be in the internal preset predetermined operation of trusted application 220
Instruction code, according to trusted service management server 100 send come instruction, choose from instruction code and assemble calculate suitable
Close the instruction of safe unit, carry out the Content Management of safe unit.These Content Management include: application download, application install, auxiliary
Help security domain to create, application locking, application unblock and application are deleted.And, this step can be realized as without networking, this
Sample, needs time consuming operation (such as download and install application, individualize) for some, owing to can reduce networking time
Number, saving networking time, it is possible to reduce and perform failure because of what network quality difference caused, improve the success rate of task, improve meanwhile
Execution efficiency.
It is to say, in the present invention, user only needs to connect primary network and (includes step: escape way establishment step
S200, management delivering key storing step S300 and management instruction issue step S400) connection can be not required on terminal unit 200
Entoilage does not limit Content Management operation (i.e. Content Management operating procedure S500) of number of times, thereby, it is possible to reduce terminal unit
Network service between 200 and trusted servers management server 100, manages without trusted service in addition to necessary state synchronized
Server 100 issues particular content management instruction.Thus, the present invention is capable of on the basis of assuring data security only needing
Carry out half networking and can be realized as safe unit is carried out the method for managing security of the safe unit of effective Content Management.
As it has been described above, the method that safe unit is carried out safety management of the present invention and the communication utilizing the method to realize
System, on the basis of the safety ensureing data transmission, it is possible to effectively solve to carry out during safe unit Content Management necessary real
Time networking problem, user only need connect primary network can not limit number of times Content Management operation,
Thereby, it is possible to the network service reduced between trusted servers management server, meanwhile, improve the success rate of task and carry
High execution efficiency.
Example above primarily illustrates method and the communication system that safe unit carries out safety management of the present invention.To the greatest extent
The detailed description of the invention of the some of them present invention is only described by pipe, but those of ordinary skill in the art it is to be appreciated that
The present invention can be implementing with other forms many with in scope without departing from its spirit.Therefore, the example shown and enforcement
Mode is considered illustrative and not restrictive, without departing from the spirit of the present invention as defined in appended claims and model
In the case of enclosing, the present invention may contain various amendments and replacement.
Claims (10)
1. the method that safe unit is carried out safety management, it is characterised in that comprise the steps:
Trusted application loads and initialization step, loads trusted application in terminal unit;
Escape way establishment step, manages in described trusted application and described trusted service and sets up escape way between server;
Management delivering key storing step, described trusted service management server issues management key by described escape way and arrives
Described trusted application, is stored described management key by described trusted application;
Management instruction issues step, and described trusted service management server issues management instruction to described by described escape way
Trusted application, is stored described management instruction by described trusted application;And
Content Management operating procedure, described trusted application carries out content based on management key and management instruction to described safe unit
Management.
2. the method as claimed in claim 1 safe unit being carried out safety management, it is characterised in that
Load and in initialization step in described trusted application, by trusted application integrated in terminal unit or download online
Trusted application realizes the loading of trusted application,
Wherein, described trusted application comprises the server certificate that trusted service management server is signed and issued.
3. the method as claimed in claim 2 safe unit being carried out safety management, it is characterised in that
In described escape way establishment step, manage between server in described trusted application and described trusted service, utilize
The public private key pair comprised in described server certificate is set up escape way or directly sets up SSL connection.
4. the method as claimed in claim 2 safe unit being carried out safety management, it is characterised in that
Load and in initialization step in trusted application so that trusted application is in TEE environment.
5. the method that safe unit is carried out safety management as described in Claims 1 to 4 any one, it is characterised in that
Described Content Management includes: application is downloaded, applies installation, the establishment of auxiliary security territory, application locking, applied unblock and answer
With deletion.
6. a communication system, this communication system possesses trusted service management server and terminal unit, it is characterised in that
Described terminal unit possesses:
Safe unit;And
Trusted application, for setting up escape way between described trusted service management server and described terminal unit, receives
And store the data come from the management server transmission of described trusted service and based on described data, described safe unit carried out
Content Management.
7. communication system as claimed in claim 6, it is characterised in that
Described trusted application is integrated in terminal unit or by download online to terminal unit.
8. communication system as claimed in claim 7, it is characterised in that
Described trusted application possesses storage module, and described storage module is for storing what described trusted service management server was signed and issued
Server certificate and the management key and the management that issue from described trusted service management server instruct.
9. communication system as claimed in claim 8, it is characterised in that
Manage between server at described trusted application and described trusted service, utilize comprise in described server certificate public and private
Key is to setting up escape way or directly setting up SSL connection.
10. the communication system as described in claim 6~9 any one, it is characterised in that
Described trusted application is arranged in TEE environment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610359171.2A CN106102054A (en) | 2016-05-27 | 2016-05-27 | A kind of method and communication system that safe unit is carried out safety management |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610359171.2A CN106102054A (en) | 2016-05-27 | 2016-05-27 | A kind of method and communication system that safe unit is carried out safety management |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106102054A true CN106102054A (en) | 2016-11-09 |
Family
ID=57230852
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610359171.2A Pending CN106102054A (en) | 2016-05-27 | 2016-05-27 | A kind of method and communication system that safe unit is carried out safety management |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106102054A (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107682159A (en) * | 2017-10-12 | 2018-02-09 | 北京握奇智能科技有限公司 | The trusted application management method and trusted application management system of a kind of intelligent terminal |
| CN108200078A (en) * | 2018-01-18 | 2018-06-22 | 中国建设银行股份有限公司 | The download and installation method and terminal device of signature authentication tool |
| CN108282467A (en) * | 2017-12-29 | 2018-07-13 | 北京握奇智能科技有限公司 | The application process of digital certificate, system |
| CN108282466A (en) * | 2017-12-29 | 2018-07-13 | 北京握奇智能科技有限公司 | Method, system for providing digital certificate functionality in TEE |
| CN108985756A (en) * | 2017-06-05 | 2018-12-11 | 华为技术有限公司 | SE application processing method, user terminal and server |
| CN109145653A (en) * | 2018-08-01 | 2019-01-04 | Oppo广东移动通信有限公司 | Data processing method and device, electronic equipment, computer readable storage medium |
| CN109347629A (en) * | 2018-10-12 | 2019-02-15 | 阿里巴巴集团控股有限公司 | Key transmission method and system based on shared security application, storage medium, equipment |
| CN109922056A (en) * | 2019-02-26 | 2019-06-21 | 阿里巴巴集团控股有限公司 | Data safety processing method and its terminal, server |
| CN111034118A (en) * | 2017-09-18 | 2020-04-17 | 华为技术有限公司 | Secure delegation credentials in third party networks |
| CN111414605A (en) * | 2020-03-17 | 2020-07-14 | Oppo(重庆)智能科技有限公司 | Unlocking method and device of embedded security unit, electronic equipment and storage medium |
| CN112134777A (en) * | 2020-09-09 | 2020-12-25 | 中国科学院信息工程研究所 | Trusted IPSec module and VPN tunnel construction method |
| CN112560116A (en) * | 2020-12-04 | 2021-03-26 | Oppo(重庆)智能科技有限公司 | Function control method, device and storage medium |
| WO2022170857A1 (en) * | 2021-02-09 | 2022-08-18 | 深圳市汇顶科技股份有限公司 | Secure transmission method and apparatus for signaling, and server and se chip |
| CN115604715A (en) * | 2022-12-01 | 2023-01-13 | 北京紫光青藤微系统有限公司(Cn) | NFC function control method based on security channel and mobile terminal device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103793815A (en) * | 2014-01-23 | 2014-05-14 | 武汉天喻信息产业股份有限公司 | Mobile intelligent terminal acquirer system and method suitable for bank cards and business cards |
| CN103856485A (en) * | 2014-02-14 | 2014-06-11 | 武汉天喻信息产业股份有限公司 | System and method for initializing safety indicator of credible user interface |
| CN104010044A (en) * | 2014-06-12 | 2014-08-27 | 北京握奇数据系统有限公司 | Application limitation installing method, manager and terminal based on trusted execution environment technology |
| CN104125216A (en) * | 2014-06-30 | 2014-10-29 | 华为技术有限公司 | Method, system and terminal capable of improving safety of trusted execution environment |
| CN104125226A (en) * | 2014-07-28 | 2014-10-29 | 北京握奇智能科技有限公司 | Locking and unlocking application method, device and system |
| CN104933355A (en) * | 2015-06-18 | 2015-09-23 | 上海斐讯数据通信技术有限公司 | Installation checkout system and checkout method thereof of trustable application of mobile terminal |
| CN105101169A (en) * | 2014-05-13 | 2015-11-25 | 中国移动通信集团公司 | Method and apparatus of information processing by trusted execution environment, terminal and SIM card |
-
2016
- 2016-05-27 CN CN201610359171.2A patent/CN106102054A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103793815A (en) * | 2014-01-23 | 2014-05-14 | 武汉天喻信息产业股份有限公司 | Mobile intelligent terminal acquirer system and method suitable for bank cards and business cards |
| CN103856485A (en) * | 2014-02-14 | 2014-06-11 | 武汉天喻信息产业股份有限公司 | System and method for initializing safety indicator of credible user interface |
| CN105101169A (en) * | 2014-05-13 | 2015-11-25 | 中国移动通信集团公司 | Method and apparatus of information processing by trusted execution environment, terminal and SIM card |
| CN104010044A (en) * | 2014-06-12 | 2014-08-27 | 北京握奇数据系统有限公司 | Application limitation installing method, manager and terminal based on trusted execution environment technology |
| CN104125216A (en) * | 2014-06-30 | 2014-10-29 | 华为技术有限公司 | Method, system and terminal capable of improving safety of trusted execution environment |
| CN104125226A (en) * | 2014-07-28 | 2014-10-29 | 北京握奇智能科技有限公司 | Locking and unlocking application method, device and system |
| CN104933355A (en) * | 2015-06-18 | 2015-09-23 | 上海斐讯数据通信技术有限公司 | Installation checkout system and checkout method thereof of trustable application of mobile terminal |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10977021B2 (en) | 2017-06-05 | 2021-04-13 | Huawei Technologies Co., Ltd. | SE applet processing method, terminal, and server |
| CN108985756A (en) * | 2017-06-05 | 2018-12-11 | 华为技术有限公司 | SE application processing method, user terminal and server |
| WO2018223831A1 (en) * | 2017-06-05 | 2018-12-13 | 华为技术有限公司 | Se application processing method, user terminal, and server |
| CN111034118A (en) * | 2017-09-18 | 2020-04-17 | 华为技术有限公司 | Secure delegation credentials in third party networks |
| CN111034118B (en) * | 2017-09-18 | 2021-08-31 | 华为技术有限公司 | Secure delegation credentials in third party networks |
| CN107682159B (en) * | 2017-10-12 | 2021-02-02 | 北京握奇智能科技有限公司 | Trusted application management method and trusted application management system of intelligent terminal |
| CN107682159A (en) * | 2017-10-12 | 2018-02-09 | 北京握奇智能科技有限公司 | The trusted application management method and trusted application management system of a kind of intelligent terminal |
| CN108282467B (en) * | 2017-12-29 | 2020-12-18 | 北京握奇智能科技有限公司 | Application method and system of digital certificate |
| CN108282467A (en) * | 2017-12-29 | 2018-07-13 | 北京握奇智能科技有限公司 | The application process of digital certificate, system |
| CN108282466B (en) * | 2017-12-29 | 2021-02-02 | 北京握奇智能科技有限公司 | Method, system for providing digital certificate functionality in a TEE |
| CN108282466A (en) * | 2017-12-29 | 2018-07-13 | 北京握奇智能科技有限公司 | Method, system for providing digital certificate functionality in TEE |
| CN108200078B (en) * | 2018-01-18 | 2021-01-05 | 中国建设银行股份有限公司 | Downloading and installing method of signature authentication tool and terminal equipment |
| CN108200078A (en) * | 2018-01-18 | 2018-06-22 | 中国建设银行股份有限公司 | The download and installation method and terminal device of signature authentication tool |
| CN109145653A (en) * | 2018-08-01 | 2019-01-04 | Oppo广东移动通信有限公司 | Data processing method and device, electronic equipment, computer readable storage medium |
| TWI706660B (en) * | 2018-10-12 | 2020-10-01 | 香港商阿里巴巴集團服務有限公司 | Key transfer method and system based on shared security application, storage medium and equipment |
| CN109347629A (en) * | 2018-10-12 | 2019-02-15 | 阿里巴巴集团控股有限公司 | Key transmission method and system based on shared security application, storage medium, equipment |
| CN109922056A (en) * | 2019-02-26 | 2019-06-21 | 阿里巴巴集团控股有限公司 | Data safety processing method and its terminal, server |
| US11251976B2 (en) | 2019-02-26 | 2022-02-15 | Advanced New Technologies Co., Ltd. | Data security processing method and terminal thereof, and server |
| CN111414605A (en) * | 2020-03-17 | 2020-07-14 | Oppo(重庆)智能科技有限公司 | Unlocking method and device of embedded security unit, electronic equipment and storage medium |
| CN111414605B (en) * | 2020-03-17 | 2023-07-18 | Oppo(重庆)智能科技有限公司 | Unlocking method and device of embedded security unit, electronic equipment and storage medium |
| CN112134777A (en) * | 2020-09-09 | 2020-12-25 | 中国科学院信息工程研究所 | Trusted IPSec module and VPN tunnel construction method |
| CN112560116A (en) * | 2020-12-04 | 2021-03-26 | Oppo(重庆)智能科技有限公司 | Function control method, device and storage medium |
| WO2022170857A1 (en) * | 2021-02-09 | 2022-08-18 | 深圳市汇顶科技股份有限公司 | Secure transmission method and apparatus for signaling, and server and se chip |
| CN115604715A (en) * | 2022-12-01 | 2023-01-13 | 北京紫光青藤微系统有限公司(Cn) | NFC function control method based on security channel and mobile terminal device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106102054A (en) | A kind of method and communication system that safe unit is carried out safety management | |
| CN107690793B (en) | Method, equipment and the computer-readable storage medium of tunnelling for mobile platform | |
| JP6687641B2 (en) | Client device authentication based on entropy from server or other device | |
| CN106471783B (en) | Via the business system certification and authorization of gateway | |
| CN111523108B (en) | System and method for encryption key management, federation, and distribution | |
| CN105308923B (en) | Data management to the application with multiple operating mode | |
| US8887296B2 (en) | Method and system for object-based multi-level security in a service oriented architecture | |
| US11880490B2 (en) | Context-based access control and revocation for data governance and loss mitigation | |
| US20140020062A1 (en) | Techniques for protecting mobile applications | |
| CN106031128B (en) | The method and apparatus of mobile device management | |
| CN105379223A (en) | Validating the identity of a mobile application for mobile application management | |
| CN105637523A (en) | Secure client drive mapping and file storage system for mobile device management type security | |
| US11082413B2 (en) | Secure network connections | |
| CN107852585A (en) | improve the performance of packaged application program | |
| CA3083722C (en) | Re-encrypting data on a hash chain | |
| US20140229603A1 (en) | Validation of service management requests of a mobile device in a geographically bounded space | |
| US20220407694A1 (en) | Attested end-to-end encryption for transporting sensitive data | |
| KR20210119491A (en) | API and encryption key secret management system and method | |
| CN103973715A (en) | Cloud computing security system and method | |
| US11509465B2 (en) | Computing device and related methods providing virtual session access using group connection leases and user interface (UI) caches | |
| CN114679473B (en) | Financial account management system and method based on distributed digital identity | |
| CN103793658B (en) | A kind of protection system and method for off-line files based on VPN | |
| CN117882337A (en) | Certificate revocation as a service at a data center | |
| US11184354B2 (en) | Network-based authorization for disconnected devices | |
| Kandil et al. | Mobile agents' authentication using a proposed light Kerberos system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20161109 |
|
| WD01 | Invention patent application deemed withdrawn after publication |