CN106304052A - A kind of method of secure communication, device, terminal and client identification module card - Google Patents
A kind of method of secure communication, device, terminal and client identification module card Download PDFInfo
- Publication number
- CN106304052A CN106304052A CN201510309607.2A CN201510309607A CN106304052A CN 106304052 A CN106304052 A CN 106304052A CN 201510309607 A CN201510309607 A CN 201510309607A CN 106304052 A CN106304052 A CN 106304052A
- Authority
- CN
- China
- Prior art keywords
- sim
- tee
- certificate
- grades
- certificates
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Abstract
The present invention provides a kind of method of secure communication, device, terminal and client identification module card, the method of wherein said secure communication includes: send the request message of checking SIM certificate to described SIM, wherein said SIM certificate is the certificate information of the proof SIM identity security signed and issued in advance;Receive and verify the described SIM certificate returned for described request message by described SIM;After described SIM certification authentication is passed through, sending TEE certificate to described SIM, wherein said TEE certificate is the certificate information of the proof TEE identity security signed and issued in advance;Receive the instruction message being verified that returned by described SIM for described TEE certificate, and with described SIM consulting session key, set up and the escape way of described SIM;By described escape way, securely communicate with described SIM.
Description
Technical field
The present invention relates to field of terminal, particularly relate to a kind of method of secure communication, device, terminal and visitor
Family identification module card.
Background technology
Biological identification technology is dependent on the physical trait of people to carry out a solution of authentication.Human body
Biological characteristic include fingerprint, sound, face, retina, palm shape, skeleton etc..So-called biological knowledge
Other core is how to obtain these biological characteristics, and converts it to digital information, is stored in computer
In, utilize reliable matching algorithm complete checking and identify personal identification.
Owing to characteristics of human body has the most reproducible uniqueness that human body is intrinsic, this biological secret key cannot be answered
System, stolen or pass into silence.Common password, IC-card, bar code, magnetic card or key then also exist to be lost
Lose, forget, replicate and stolen many unfavorable factors.Therefore using biology " key ", you can take
The key of the big string of band, without taking a lot of trouble note or changing password.And system manager more need not be because forgetting password
And feel simply helpless.
For preventing the security incident that may cause because server is hacked, the biological characteristic number of current collection
According to being mostly stored in local device, high in the clouds will not be uploaded to.The most safely and effectively manage life
Thing characteristic, is just particularly important.
Mobile phone is now widely used personal device, wherein REE (Rich Execution Environment)
It is the operating system with powerful disposal ability and multimedia function, such as Android, iOS etc..TEE
(Trusted Execution Environment) has secure processing capability and provides secure peripheral operation
Trusted operating system, independent operating mutually isolated with REE on same equipment.As mobile device
In secure operating environment, TEE has safe operational capability, but its safe storage capacity is unanimously short slab.
SIM is the safety storage in mobile phone, arithmetic element, and main user security of being responsible for logs in mobile communication
Network.TEE and SIM can be combined, assist the safety management of biological characteristic,
Offer foundation for security is carried out for business.
Summary of the invention
The purpose of the embodiment of the present invention is to provide a kind of method of secure communication, device, terminal and client to know
Other module card, improves the safety that information is mutual.
To achieve these goals, the embodiment of the present invention provide one realize credible execution environment TEE with
The method of secure communication between client identification module SIM, including:
Send the request message of checking SIM certificate to described SIM, wherein said SIM certificate is
The certificate information of the proof SIM identity security signed and issued in advance;
Receive and verify the described SIM certificate returned for described request message by described SIM;
After described SIM certification authentication is passed through, send TEE certificate to described SIM, wherein said
TEE certificate is the certificate information of the proof TEE identity security signed and issued in advance;
The instruction message being verified that reception is returned for described TEE certificate by described SIM, and with
Described SIM consulting session key, sets up the escape way with described SIM;
By described escape way, securely communicate with described SIM.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM
Receive described in the method for full communication and verify by described SIM for described in the return of described request message
The step of SIM certificate, including:
The root certificate prestored according to described TEE, verifies two grades of SIM certificates in described SIM certificate,
Wherein said two grades of SIM certificates are the card that root certificate management authority CA signs and issues to SIM equipment supplier
Book;
After two grades of SIM certification authentications in described SIM certificate are passed through, verify in described SIM certificate
Three grades of SIM certificates, wherein said three grades of SIM certificates are to be signed and issued by SIM equipment supplier is preset
SIM signature card and or SIM encrypted certificate.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM
TEE certificate described in the method for full communication refer to two grades of TEE certificates and the one of three grades of TEE certificates or
Multiple, wherein said two grades of TEE certificates are that root certificate management authority CA signs and issues to TEE equipment supplier
Certificate, described three grades of TEE certificates are by the preset TEE encrypted certificate signed and issued of TEE equipment supplier.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM
In the method for full communication, described and described SIM consulting session key, set up the peace with described SIM
The step of full tunnel includes:
Send the request of consulting session key to described SIM;
Receive the response message that described SIM returns for described request, and set up and described SIM
Escape way, carries PKI and stochastic generation session key and gives birth at random in wherein said response message
Become session key.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM
In the method for full communication, described by described escape way, the step securely communicated with described SIM
Suddenly include:
Obtain the biological characteristic gathered in advance, and according to described session key, described biological feature encryption is sent
To described SIM, described SIM storing described biological characteristic is with reference to biological characteristic, wherein said
Biological characteristic is the individual figure and features characteristic information for identification;
Receive and returned according to the feedback result of described session key by described SIM, wherein said instead
Feedback result is to store the result of described biological characteristic or do not store the result of described biological characteristic.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM
In the method for full communication, described by described escape way, the step securely communicated with described SIM
Suddenly include:
Obtain the active user's biological characteristic gathered, and according to described session key, described active user is biological
Feature encryption is sent to described SIM, by described SIM verify described active user's biological characteristic with
The described matching degree with reference to biological characteristic of storage, wherein said active user's biological characteristic is active user
The individual figure and features characteristic information of identification;
Receive by described SIM return according to described session key the result, wherein said
The result is described active user's biological characteristic and the described reference unmatched result of biological characteristic or institute
State active user's biological characteristic and the described result with reference to biometric matches.
The one of the embodiment of the present invention realizes between credible execution environment TEE and client identification module SIM
The method of secure communication, including:
Receiving the request message from described TEE checking SIM certificate, wherein said SIM certificate is
The certificate information of the proof SIM identity security signed and issued in advance;
According to the described request message described SIM certificate of transmission to described TEE, described TEE verify institute
State SIM certificate;
Receive the TEE certificate being passed through for described SIM certification authentication by described TEE and returning, and test
Demonstrate,proving described TEE certificate, wherein said TEE certificate is the certificate of the proof TEE identity security signed and issued in advance
Information;
Send for the instruction message being verified of described TEE certificate to described TEE, and with described TEE
Consulting session key, sets up the escape way with described TEE;
By described escape way, securely communicate with described TEE.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM
In the method for full communication, described reception is passed through by described TEE for described SIM certification authentication and returns
TEE certificate, and verify the step of described TEE certificate, including:
According to the root certificate prestored of described SIM, verify two grades of TEE in described TEE certificate
Certificate, wherein said two grades of TEE certificates are that root certificate management authority CA signs and issues to TEE equipment supplier
Certificate;
Two grades of TEE certification authentications in described TEE certificate, by afterwards, are verified in described TEE certificate
Three grades of certificates, wherein said three grades of TEE certificates are to be added by the preset TEE signed and issued of TEE equipment supplier
Close certificate.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM
In the method for full communication, described SIM certificate is two grades of SIM certificates and the one of three grades of SIM certificates
Or multiple, wherein said two grades of SIM certificates are that root certificate management authority CA is to SIM equipment supplier
The certificate signed and issued, described three grades of SIM certificates are by the preset SIM label signed and issued of SIM equipment supplier
Name certificate and or SIM encrypted certificate.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM
In the method for full communication, described and described TEE consulting session key, set up the safety with described TEE and lead to
The step in road includes:
Receive the request from described TEE consulting session key;
For described request, send response message and lead to described TEE, the safety of foundation and described SIM
Road, carries PKI and stochastic generation session key in wherein said response message.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM
In the method for full communication, described by described escape way, securely communicate with described TEE and include:
Receive the biological characteristic crossed according to described session key from described TEE, and store described life
Thing is characterized as with reference to biological characteristic, and wherein said biological characteristic is the individual figure and features feature letter for identification
Breath;
Send the described SIM feedback result according to described session key, to described TEE, wherein
Described feedback result is to store the result of described biological characteristic or do not store the result of described biological characteristic.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM
In the method for full communication, described by described escape way, securely communicate with described TEE and include:
Obtain the active user's biological characteristic crossed according to described session key from described TEE, and test
The described matching degree with reference to biological characteristic demonstrate,proving described active user's biological characteristic and store, wherein said
Active user's biological characteristic is the individual figure and features characteristic information of current user identities identification;
Send and according to the result of described session key to described TEE, wherein said the result be
Described active user's biological characteristic and the described reference unmatched result of biological characteristic or described active user
Biological characteristic and the described result with reference to biometric matches.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM
In the method for full communication, described reception is passed through by described TEE for described SIM certification authentication and returns
TEE certificate, and verify that the step of described TEE certificate includes:
Judge whether the described TEE certificate received has secure access authority;
When described TEE certificate has secure access authority, verify described TEE certificate.
The one of the embodiment of the present invention realizes between credible execution environment TEE and client identification module SIM
The device of secure communication, is applied to credible execution environment TEE system, and described device includes:
First sending module, for sending the request message of checking SIM certificate to described SIM, its
Described in SIM certificate be the certificate information of the proof SIM identity security signed and issued in advance;
First receives authentication module, returns for described request message by described SIM for receiving and verifying
The described SIM certificate returned;
Second sending module, for after described SIM certification authentication is passed through, sends to described SIM
TEE certificate, wherein said TEE certificate is the certificate information of the proof TEE identity security signed and issued in advance;
First sets up module, leads to for receiving the checking returned by described SIM for described TEE certificate
The instruction message crossed, and with described SIM consulting session key, set up and lead to the safety of described SIM
Road;
First communication module, for by described escape way, securely communicates with described SIM.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM
In the device of full communication, described first receives authentication module includes:
First authentication unit, for the root certificate prestored according to described TEE, verifies that described SIM demonstrate,proves
Two grades of SIM certificates in book, wherein said two grades of SIM certificates are that root certificate management authority CA is to SIM
The certificate that card apparatus provider signs and issues;
Second authentication unit, after two grades of SIM certification authentications in described SIM certificate are passed through, tests
Demonstrate,proving three grades of SIM certificates in described SIM certificate, wherein said three grades of SIM certificates are for be set by SIM
The preset SIM signature card signed and issued of standby provider and or SIM encrypted certificate.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM
In the device of full communication, described TEE certificate refers to two grades of TEE certificates and the one of three grades of TEE certificates
Or multiple, wherein said two grades of TEE certificates are that root certificate management authority CA signs to TEE equipment supplier
The certificate sent out, described three grades of TEE certificates are by the preset TEE encrypted certificate signed and issued of TEE equipment supplier.
The embodiment of the present invention also provides for one and realizes credible execution environment TEE and client identification module SIM
Between the device of secure communication, be applied to described SMI card, described device includes:
First receiver module, for receiving the request message from described TEE checking SIM certificate, its
Described in SIM certificate be the certificate information of the proof SIM identity security signed and issued in advance;
3rd sending module, is used for according to the described request message described SIM certificate of transmission to described TEE,
Described SIM certificate is verified by described TEE;
Second receives authentication module, passes through for described SIM certification authentication by described TEE for receiving
And the TEE certificate returned, and verify that described TEE certificate, wherein said TEE certificate are sign and issue in advance
Prove the certificate information of TEE identity security;
Second sets up module, for sending the instruction message being verified for described TEE certificate to institute
State TEE, and with described TEE consulting session key, set up the escape way with described TEE;
Second communication module, for by described escape way, securely communicates with described TEE.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM
In the device of full communication, described second receives authentication module includes:
3rd authentication unit, for the root certificate prestored according to described SIM, verifies described TEE
Two grades of TEE certificates in certificate, wherein said two grades of TEE certificates are that root certificate management authority CA is to TEE
The certificate that equipment supplier signs and issues;
4th authentication unit, for two grades of TEE certification authentications in described TEE certificate by afterwards,
Verifying three grades of certificates in described TEE certificate, wherein said three grades of TEE certificates are for being provided by TEE equipment
The preset TEE encrypted certificate signed and issued of business.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM
In the device of full communication, described SIM certificate is two grades of SIM certificates and the one of three grades of SIM certificates
Or multiple, wherein said two grades of SIM certificates are that root certificate management authority CA is to SIM equipment supplier
The certificate signed and issued, described three grades of SIM certificates are by the preset SIM label signed and issued of SIM equipment supplier
Name certificate and or SIM encrypted certificate.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM
In the device of full communication, described second receives authentication module includes:
Judging unit, for judging whether the described TEE certificate received has secure access authority;
5th authentication unit, for when described TEE certificate has secure access authority, verifying described TEE
Certificate.
The embodiment of the present invention also provides for a kind of terminal, including credible execution environment TEE system, wherein, institute
State TEE system to include realizing described above between credible execution environment TEE and client identification module SIM
The device of secure communication.
The embodiment of the present invention also provides for a kind of client identification module SIM, credible including realizing described above
Perform the device of secure communication between environment TEE and client identification module SIM.
Having the beneficial effect that of the technique scheme of the embodiment of the present invention:
In the scheme of the embodiment of the present invention, between TEE and SIM, set up an escape way, so
In escape way, carry out information mutual, would not be intercepted, by the external world, the content that information is mutual, improve letter
Cease mutual safety.
Accompanying drawing explanation
Fig. 1 is one of step schematic diagram of the method for embodiment of the present invention secure communication;
Fig. 2 is the certificate chain of the embodiment of the present invention;
Fig. 3 is the schematic flow sheet of the method for embodiment of the present invention secure communication;
Fig. 4 is the flow chart of the individual figure and features characteristic information storage of the embodiment of the present invention;
Fig. 5 is the flow chart of the individual figure and features characteristic information checking of the embodiment of the present invention;
Fig. 6 is one of step schematic diagram of the method for embodiment of the present invention secure communication;
Fig. 7 and Fig. 8 is the structural representation of the device of embodiment of the present invention secure communication;
Fig. 9 is the framework map of the embodiment of the present invention.
Detailed description of the invention
For making the technical problem to be solved in the present invention, technical scheme and advantage clearer, below in conjunction with attached
Figure and specific embodiment are described in detail.
Security risk is there is for the offline storage of biological characteristic in prior art, although SIM tool simultaneously
Standby safe storage capacity, but the problem that the communication port between SIM and external equipment exists security risk.
The embodiment of the present invention provides a kind of method of secure communication, device, terminal and client identification module card,
Carry out TEE by certificate of utility and SIM is mutually authenticated after identity passes through, consult a session key
Set up escape way, finally utilize session key to perform subsequent operation, it is possible to resolve between TEE and SIM
Safe transmission problem.
As it is shown in figure 1, the one of the embodiment of the present invention realizes credible execution environment TEE identifies mould with client
Between block SIM in the method for secure communication, including:
Step 11, sends the request message of checking SIM certificate, wherein said SIM to described SIM
Card certificate is the certificate information of the proof SIM identity security signed and issued in advance;
Step 12, receives and verifies the described SIM returned for described request message by described SIM
Certificate;
Step 13, after described SIM certification authentication is passed through, sends TEE certificate to described SIM,
Wherein said TEE certificate is the certificate information of the proof TEE identity security signed and issued in advance;
Step 14, receives the instruction being verified returned for described TEE certificate by described SIM and disappears
Breath, and with described SIM consulting session key, set up and the escape way of described SIM;
Step 15, by described escape way, securely communicates with described SIM.
In the embodiment of the present invention, between TEE and SIM, set up an escape way, so in safety
Passage carries out information mutual, would not be intercepted, by the external world, the content that information is mutual.
It should be understood that described TEE certificate refers to two grades of TEE certificates and the one of three grades of TEE certificates
Planting or multiple, wherein said two grades of TEE certificates are that root certificate management authority CA is to TEE equipment supplier
The certificate signed and issued, described three grades of TEE certificates are by the preset TEE encryption card signed and issued of TEE equipment supplier
Book.
Even if the safety of traditional TEE is the highest, but also can be by key storage in TEE, the present invention
Embodiment realize the method for secure communication between credible execution environment TEE and client identification module SIM
In, step 12 includes:
Step 121, the root certificate prestored according to described TEE, verify two in described SIM certificate
Level SIM certificate, wherein said two grades of SIM certificates are that root certificate management authority CA carries to SIM equipment
The certificate signed and issued for business;
Step 122, after two grades of SIM certification authentications in described SIM certificate are passed through, verifies described SIM
Three grades of SIM certificates in certificate, wherein said three grades of SIM certificates are preset by SIM equipment supplier
Sign and issue SIM signature card and or SIM encrypted certificate.
In the embodiment of the present invention, by root certificate, two grades of certificates and three grades of certificates, (TEE and SIM are demonstrate,proved
Book) certificate chain structure promote system flexibility, the simultaneously present invention the most to greatest extent
Embodiment by different certificates being stored in different places (respectively at TEE and SIM), thus
Avoid the unsafe conditions being stored in same place.
It should be understood that as in figure 2 it is shown, the present invention in process of production, in the TEE in mobile phone
3 certificates are set, SIM arranges 3 certificates, given full play to TEE and SIM is respective
Security capabilities.
Further, the related credentials of SIM is stored in SIM;The related credentials of TEE is stored in TEE
In, the root certificate of SIM with TEE is the same, and root certificate does not transmits, and is used to be carried out by root certificate
Visa certification, when concrete proof procedure: SIM receives the checking request of TEE, then SIM will card
Book is issued TEE and is verified, the root certificate of TEE has public and private key, can be by the private key of root certificate
Remove to verify the certificate of the SIM signed and issued in advance, by first verifying SIM equipment supplier's certificate, at SIM
After card apparatus provider certificate passes through, ability three grades of certificates of certification, without three grades of certificates just without certification
Three grades of certificates.
It addition, as shown in Figure 2, in addition it is also necessary to it is described as follows:
1) root certificate: single certificate (or multiple certificates), each network element (TEE and SIM can be used
Card) all preserve;
2) two grades of certificates:
A) TEE equipment supplier certificate: root CA (certificate authority (Certificate Authority),
Or claim certification authority agent) to the TEE equipment supplier meeting condition (such as: pass through Third Party Authentication)
Grant a certificate;
B) SIM equipment supplier certificate: root CA is to meeting condition (such as: pass through Third Party Authentication)
SIM equipment supplier's grant a certificate.
3) three grades of certificates:
A) TEE signing certificate: signed and issued by TEE equipment supplier and be preset in TEE (such as: ROM electricity
Wipe writeable read only memory)
B) SIM signing certificate: signed and issued by SIM equipment supplier and be preset in SIM;
C) SIM encrypted certificate: signed and issued by SIM equipment supplier and be preset in SIM.
By setting up the session key of escape way, in a subsequent communication, it is ensured that the safety of communication, therefore
The embodiment of the present invention realize secure communication between credible execution environment TEE and client identification module SIM
Method in, step 14 includes:
Step 141, sends the request of consulting session key to described SIM;
Step 142, receives the response message that described SIM returns for described request, and sets up with described
The escape way of SIM, carries PKI and stochastic generation session key in wherein said response message.
In the embodiment of the present invention, it will words key moves and is stored in SIM, utilizes session key adopting
In collection or proof procedure, Content of Communication is encrypted so that Content of Communication is not trapped, thus realizes peace
Full communication, the most not only without shared key in advance between TEE and SIM, and due to SIM
Hardware security is higher than TEE, is therefore not easy to be trapped, and improves the safety of communication port.
As it is shown on figure 3, the embodiment of the present invention set up escape way to implement flow process as follows:
1) TEE sends GetData (acquisition data) order to SIM;Wherein said GetData orders
Order refer to a request sent, when at the beginning SIM being inserted after, need to set up immediately and TEE
Passage;
2), after SIM receives GetData order, card signature (SIM signing certificate), encryption card are prepared
Book and SIM equipment supplier's certificate;
3) SIM returns card signature, encrypted certificate and SIM equipment supplier's certificate;
4) TEE checking card signature and encrypted certificate effectiveness, wherein said effectiveness refers to whether be belonging to
Can the certificate of certification;
5) TEE performs Perform Security Operation (execution safety operation) order, carries self
Certificate and TEE equipment supplier's certificate;
6) SIM checking TEE certificate validity, (optional) SIM judges this TEE according to control strategy
Whether there is secure access authority;
7) SIM returns the result;
8) TEE and SIM certificate of utility consulting session key;
9) TEE and SIM utilize session key to perform subsequent operation.
In order to effectively manage biological attribute data, the embodiment of the present invention realize credible execution environment
Between TEE and client identification module SIM in the method for secure communication, step 15 includes:
Step 151, obtains the biological characteristic gathered in advance, and according to described session key by described biological special
Levy encryption and be sent to described SIM, described SIM storing described biological characteristic is with reference to biological characteristic,
Wherein said biological characteristic is the individual figure and features characteristic information for identification;
Step 152, receives and is returned the feedback result according to described session key by described SIM, its
Described in feedback result be to store the result of described biological characteristic or do not store the result of described biological characteristic.
In the embodiment of the present invention, biological characteristic is stored in SIM, owing to SIM has higher peace
Quan Xing, therefore improves the safety of the individual figure and features characteristic information storage of biological characteristic.
It should be noted that the individual figure and features characteristic information of biological characteristic at least includes finger print information, vocal print is believed
Breath, face information, retinal information, palmprint information, in the information such as iris information and framework information
Plant or multiple.
As shown in Figure 4, the idiographic flow of the embodiment of the present invention is exemplified below.
1) escape way is set up between TEE and SIM;
2) TEE gets the biological characteristic that physical characteristics collecting device gathers;
3) TEE sends preservation biological characteristic order to SIM;
4) SIM storage biological characteristic;
5) SIM returns biometric feedback result;
6) TEE shows biometric feedback result.
In order to ensure in communication process, Content of Communication is difficult to be trapped, the problem solving safe transmission, this
Inventive embodiments realize secure communication between credible execution environment TEE and client identification module SIM
In method, step 15 includes:
Step 153, obtains the active user's biological characteristic gathered, and works as described according to described session key
Front user biological feature encryption is sent to described SIM, described SIM verify that described active user is raw
Thing feature and the described matching degree with reference to biological characteristic stored, wherein said active user's biological characteristic
Individual figure and features characteristic information for current user identities identification;
Step 154, receive by described SIM return according to described session key the result,
Wherein said the result is described active user's biological characteristic and the described reference unmatched knot of biological characteristic
Fruit or described active user's biological characteristic and the described result with reference to biometric matches.
In the embodiment of the present invention, in escape way, transmit biological attribute data by follow-up, it is achieved to life
Thing collection apparatus and checking, also will not be intercepted and captured by the external world, not only increases the safety of biological characteristic, simultaneously
Use biological " key ", also need not carry the key of big string, without taking a lot of trouble note or changing password.
As it is shown in figure 5, the idiographic flow of the embodiment of the present invention is exemplified below.
1) escape way is set up between TEE and SIM;
2) TEE gets the biological characteristic that physical characteristics collecting device gathers;
3) TEE sends checking biological characteristic order to SIM;
4) SIM checking biological characteristic;
5) SIM returns biological characteristic validation result;
6) TEE performs subsequent operation according to the result.
As shown in Figure 6, the embodiment of the present invention also provides for one and realizes credible execution environment TEE and client's knowledge
Between other Module SIM card in the method for secure communication, including:
Step 61, receives the request message from described TEE checking SIM certificate, wherein said SIM
Card certificate is the certificate information of the proof SIM identity security signed and issued in advance;
Step 62, according to the described request message described SIM certificate of transmission to described TEE, by described TEE
Verify described SIM certificate;
Step 63, receives the TEE being passed through by described TEE for described SIM certification authentication and returning
Certificate, and verify that described TEE certificate, wherein said TEE certificate are the proof TEE identity signed and issued in advance
The certificate information of safety;
Step 64, sends for the instruction message being verified of described TEE certificate to described TEE, and
With described TEE consulting session key, set up the escape way with described TEE;
Step 65, by described escape way, securely communicates with described TEE.
In the embodiment of the present invention, between TEE and SIM, set up an escape way, so in safety
Passage carries out information mutual, would not be intercepted, by the external world, the content that information is mutual.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it
Between secure communication method in, described step 63 includes:
Step 631, according to the root certificate prestored of described SIM, verifies in described TEE certificate
Two grades of TEE certificates, wherein said two grades of TEE certificates are that root certificate management authority CA is to TEE equipment
The certificate that provider signs and issues;
Step 632, two grades of TEE certification authentications in described TEE certificate are by afterwards, and checking is described
Three grades of certificates in TEE certificate, wherein said three grades of TEE certificates are by the preset label of TEE equipment supplier
The TEE encrypted certificate sent out.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it
Between secure communication method in,
Described SIM certificate is one or more of two grades of SIM certificates and three grades of SIM certificates, wherein
Described two grades of SIM certificates are the certificate that root certificate management authority CA signs and issues to SIM equipment supplier,
Described three grades of SIM certificates be by the preset SIM signing certificate signed and issued of SIM equipment supplier and or
SIM encrypted certificate.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it
Between secure communication method in, described step 64 includes:
Step 641, receives the request from described TEE consulting session key;
Step 642, for described request, sends response message to described TEE, foundation and described SIM
Escape way, wherein said response message carries PKI and stochastic generation session key.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it
Between secure communication method in, step 65 includes:
Step 651, receives the biological characteristic crossed according to described session key from described TEE, and deposits
Storing up described biological characteristic is that wherein said biological characteristic is the individual human body for identification with reference to biological characteristic
Looks characteristic information;
Step 652, sends the described SIM feedback result according to described session key, to described
TEE, wherein said feedback result is to store the result of described biological characteristic or do not store described biological characteristic
Result.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it
Between secure communication method in, step 65 includes:
Step 651, obtains the active user's biology crossed from described TEE according to described session key special
Levy, and verify described active user's biological characteristic and the described matching degree with reference to biological characteristic stored,
Wherein said active user's biological characteristic is the individual figure and features characteristic information of current user identities identification;
Step 652, sends according to the result of described session key to described TEE, wherein said
The result is described active user's biological characteristic and the described reference unmatched result of biological characteristic or institute
State active user's biological characteristic and the described result with reference to biometric matches.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it
Between secure communication method in, described step 63 includes:
Step 633, it is judged that whether the described TEE certificate of reception has secure access authority;
Step 634, when described TEE certificate has secure access authority, verifies described TEE certificate.
In the embodiment of the present invention, SIM is entered by TEE by certificate (related credentials of REE and SIM)
Row secure access, can be any limitation as with preset control strategy in SIM (such as: set up white list, black name
Single) so that it can be had secure access to by the TEE only meeting condition.Wherein, set up white list or
The reason that person's blacklist is set up, is not all TEE with certificate, can realize and SIM
Card has secure access to, it is possible to operator thinks that the safety of some TEE is relatively low or limits some TEE
Access, and carry out realizing control of authority by control strategy, thus control the legitimacy of terminal.
As it is shown in fig. 7, the corresponding embodiment of the present invention also provide for one realize credible execution environment TEE with
The device of secure communication between client identification module SIM, is applied to credible execution environment TEE system,
Described device includes:
First sending module 71, for sending the request message of checking SIM certificate to described SIM,
Wherein said SIM certificate is the certificate information of the proof SIM identity security signed and issued in advance;
First receives authentication module 72, for receiving and verifying by described SIM for described request message
The described SIM certificate returned;
Second sending module 73, for after described SIM certification authentication is passed through, sends out to described SIM
Sending TEE certificate, wherein said TEE certificate is the certificate information of the proof TEE identity security signed and issued in advance;
First sets up module 74, for receiving the checking returned by described SIM for described TEE certificate
The instruction message passed through, and with described SIM consulting session key, set up and the safety of described SIM
Passage;
First communication module 75, for by described escape way, securely communicates with described SIM.
In the embodiment of the present invention, between TEE and SIM, set up an escape way, so in safety
Passage carries out information mutual, would not be intercepted, by the external world, the content that information is mutual.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it
Between secure communication device in, described first receive authentication module 72 includes:
First authentication unit, for the root certificate prestored according to described TEE, verifies that described SIM demonstrate,proves
Two grades of SIM certificates in book, wherein said two grades of SIM certificates are that root certificate management authority CA is to SIM
The certificate that card apparatus provider signs and issues;
Second authentication unit, after two grades of SIM certification authentications in described SIM certificate are passed through, tests
Demonstrate,proving three grades of SIM certificates in described SIM certificate, wherein said three grades of SIM certificates are for be set by SIM
The preset SIM signature card signed and issued of standby provider and or SIM encrypted certificate.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it
Between secure communication device in,
Described TEE certificate refers to one or more of two grades of TEE certificates and three grades of TEE certificates, wherein
Described two grades of TEE certificates are the certificate that root certificate management authority CA signs and issues to TEE equipment supplier, institute
Stating three grades of TEE certificates is by the preset TEE encrypted certificate signed and issued of TEE equipment supplier.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it
Between secure communication device in, described first sets up module 74 includes:
First transmitting element, for sending the request of consulting session key to described SIM;
Set up unit, for receiving the response message that described SIM returns for described request, and set up
With the escape way of described SIM, wherein said response message carries PKI and stochastic generation meeting
Words key.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it
Between secure communication device in, described first communication module 75 includes:
Interactive unit, for obtaining the biological characteristic gathered in advance, and according to described session key by described life
Thing feature encryption is sent to described SIM, described SIM storing described biological characteristic is with reference to biological
Feature, wherein said biological characteristic is the individual figure and features characteristic information for identification;
First receives unit, is returned anti-according to described session key for receiving by described SIM
Feedback result, wherein said feedback result is to store the result of described biological characteristic or do not store described biological special
The result levied.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it
Between secure communication device in, described first communication module 75 includes:
First acquiring unit, for obtaining active user's biological characteristic of collection, and according to described session key
Described active user's biological feature encryption is sent to described SIM, is worked as by the checking of described SIM is described
Front user biological feature and the described matching degree with reference to biological characteristic stored, wherein said active user
Biological characteristic is the individual figure and features characteristic information of current user identities identification;
Second receive unit, for receive by described SIM return according to described session key
The result, wherein said the result be described active user's biological characteristic with described with reference to biological characteristic not
The result of coupling or described active user's biological characteristic and the described result with reference to biometric matches.
It should be noted that the present invention provide device be application above-mentioned realize credible execution environment TEE with
The device of safety communicating method between client identification module SIM, the most above-mentioned realizes credible execution environment TEE
And all embodiments of safety communicating method are all applicable to this device between client identification module SIM, and
All can reach same or analogous beneficial effect.
As shown in Figure 8, the corresponding embodiment of the present invention also provide for one realize credible execution environment TEE with
The device of secure communication between client identification module SIM, is applied to described SIM, described device bag
Include:
First receiver module 81, for receiving the request message from described TEE checking SIM certificate,
Wherein said SIM certificate is the certificate information of the proof SIM identity security signed and issued in advance;
3rd sending module 82, for sending described SIM certificate to described according to described request message
TEE, is verified described SIM certificate by described TEE;
Second receives authentication module 83, leads to for described SIM certification authentication by described TEE for receiving
The TEE certificate crossed and return, and verify described TEE certificate, wherein said TEE certificate is for sign and issue in advance
The certificate information of proof TEE identity security;
Second sets up module 84, for send for described TEE certificate the instruction message being verified to
Described TEE, and with described TEE consulting session key, set up and the escape way of described TEE;
Second communication module 85, for by described escape way, securely communicates with described TEE.
In the embodiment of the present invention, between TEE and SIM, set up an escape way, so in safety
Passage carries out information mutual, would not be intercepted, by the external world, the content that information is mutual.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it
Between secure communication device in, described second receive authentication module 83 includes:
3rd authentication unit, for the root certificate prestored according to described SIM, verifies described TEE
Two grades of TEE certificates in certificate, wherein said two grades of TEE certificates are that root certificate management authority CA is to TEE
The certificate that equipment supplier signs and issues;
4th authentication unit, for two grades of TEE certification authentications in described TEE certificate by afterwards,
Verifying three grades of certificates in described TEE certificate, wherein said three grades of TEE certificates are for being provided by TEE equipment
The preset TEE encrypted certificate signed and issued of business.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it
Between secure communication device in, described SIM certificate is two grades of SIM certificates and three grades of SIM certificates
One or more, wherein said two grades of SIM certificates are that root certificate management authority CA carries to SIM equipment
The certificate signed and issued for business, described three grades of SIM certificates are by the preset SIM signed and issued of SIM equipment supplier
Card signing certificate and or SIM encrypted certificate.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it
Between secure communication device in, described second sets up module 84 includes:
3rd receives unit, for receiving the request from described TEE consulting session key;
Second transmitting element, for for described request, sends response message to described TEE, foundation and institute
State the escape way of SIM, wherein said response message carries PKI and stochastic generation session is close
Key.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it
Between secure communication device in, described second communication module 85 includes:
Receive memory element, for receiving the biology crossed from described TEE according to described session key
Feature, and store described biological characteristic for reference to biological characteristic, wherein said biological characteristic be for identity knowledge
Other individual's figure and features characteristic information;
3rd transmitting element, for sending the described SIM feedback result according to described session key,
To described TEE, wherein said feedback result is to store the result of described biological characteristic or do not store described life
The result of thing feature.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it
Between secure communication device in, described second communication module 85 includes:
Second acquisition unit, for obtain from described TEE according to described session key cross current
User biological feature, and verify described active user's biological characteristic and the described reference biological characteristic stored
Matching degree, wherein said active user's biological characteristic is the individual figure and features feature letter of current user identities identification
Breath;
4th transmitting element, for sending according to the result of described session key to described TEE,
Wherein said the result is described active user's biological characteristic and the described reference unmatched knot of biological characteristic
Fruit or described active user's biological characteristic and the described result with reference to biometric matches.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it
Between secure communication device in, described second receive authentication module 83 includes:
Judging unit, for judging whether the described TEE certificate received has secure access authority;
5th authentication unit, for when described TEE certificate has secure access authority, verifying described TEE
Certificate.
It should be noted that the present invention provide device be application above-mentioned realize credible execution environment TEE with
The device of safety communicating method between client identification module SIM, the most above-mentioned realizes credible execution environment TEE
And all embodiments of safety communicating method are all applicable to this device between client identification module SIM, and
All can reach same or analogous beneficial effect.
Accordingly, the embodiment of the present invention also provides for a kind of terminal, including credible execution environment TEE system,
Wherein said TEE system includes realizing credible execution environment TEE and client identification module SIM described above
The device of secure communication between card.
Accordingly realize credible execution environment TEE and client identification module SIM due to the embodiment of the present invention
Between card, the device of secure communication, is applied to terminal, and therefore, the embodiment of the present invention additionally provides a kind of terminal,
Wherein, above-mentioned the dress of secure communication between credible execution environment TEE and client identification module SIM is realized
That puts described realizes embodiment all be applicable to the embodiment of this terminal, also can reach identical technique effect.
Accordingly, the embodiment of the present invention also provides for a kind of client identification module SIM, including described above
Realize the device of secure communication between credible execution environment TEE and client identification module SIM.
As it is shown in figure 9, terminal also includes biological harvester, by first interface by biology harvester and
TEE connects, and completes the transmission of information between the two, the most again by the second interface by TEE and SIM
Connect, complete the transmission of information between the two.
It should be understood that SIM is by operators issue, user SIM is inserted equipped with TEE and
The terminal of physical characteristics collecting device (such as: iris capturing device, face contour harvester, fingerprint capturer etc.)
In, passage and the checking of foundation can be used.
Accordingly realize credible execution environment TEE and client identification module SIM due to the embodiment of the present invention
Between card, the device of secure communication, is applied to SIM, and therefore, the embodiment of the present invention additionally provides one
SIM, wherein, above-mentioned realizes safety between credible execution environment TEE and client identification module SIM
The described of device of communication realizes embodiment all be applicable to the embodiment of this SIM, also can reach identical
Technique effect.
The above is the preferred embodiment of the present invention, it is noted that for the common skill of the art
For art personnel, on the premise of without departing from principle of the present invention, it is also possible to make some improvements and modifications,
These improvements and modifications also should be regarded as protection scope of the present invention.
Claims (22)
1. one kind realizes secure communication between credible execution environment TEE and client identification module SIM
Method, it is characterised in that including:
Send the request message of checking SIM certificate to described SIM, wherein said SIM certificate is
The certificate information of the proof SIM identity security signed and issued in advance;
Receive and verify the described SIM certificate returned for described request message by described SIM;
After described SIM certification authentication is passed through, send TEE certificate to described SIM, wherein said
TEE certificate is the certificate information of the proof TEE identity security signed and issued in advance;
The instruction message being verified that reception is returned for described TEE certificate by described SIM, and with
Described SIM consulting session key, sets up the escape way with described SIM;
By described escape way, securely communicate with described SIM.
Method the most according to claim 1, it is characterised in that
Described reception also verifies the described SIM certificate returned by described SIM for described request message
Step, including:
The root certificate prestored according to described TEE, verifies two grades of SIM certificates in described SIM certificate,
Wherein said two grades of SIM certificates are the card that root certificate management authority CA signs and issues to SIM equipment supplier
Book;
After two grades of SIM certification authentications in described SIM certificate are passed through, verify in described SIM certificate
Three grades of SIM certificates, wherein said three grades of SIM certificates are to be signed and issued by SIM equipment supplier is preset
SIM signature card and or SIM encrypted certificate.
Method the most according to claim 1, it is characterised in that
Described TEE certificate refers to one or more of two grades of TEE certificates and three grades of TEE certificates, wherein
Described two grades of TEE certificates are the certificate that root certificate management authority CA signs and issues to TEE equipment supplier, institute
Stating three grades of TEE certificates is by the preset TEE encrypted certificate signed and issued of TEE equipment supplier.
4. according to the method described in any one of claims 1 to 3, it is characterised in that described and described SIM
Card consulting session key, sets up the step with the escape way of described SIM and includes:
Send the request of consulting session key to described SIM;
Receive the response message that described SIM returns for described request, and set up and described SIM
Escape way, carries PKI and stochastic generation session key and gives birth at random in wherein said response message
Become session key.
Method the most according to claim 4, it is characterised in that described by described escape way,
The step securely communicated with described SIM includes:
Obtain the biological characteristic gathered in advance, and according to described session key, described biological feature encryption is sent
To described SIM, described SIM storing described biological characteristic is with reference to biological characteristic, wherein said
Biological characteristic is the individual figure and features characteristic information for identification;
Receive and returned according to the feedback result of described session key by described SIM, wherein said instead
Feedback result is to store the result of described biological characteristic or do not store the result of described biological characteristic.
Method the most according to claim 5, it is characterised in that described by described escape way,
The step securely communicated with described SIM includes:
Obtain the active user's biological characteristic gathered, and according to described session key, described active user is biological
Feature encryption is sent to described SIM, by described SIM verify described active user's biological characteristic with
The described matching degree with reference to biological characteristic of storage, wherein said active user's biological characteristic is active user
The individual figure and features characteristic information of identification;
Receive by described SIM return according to described session key the result, wherein said
The result is described active user's biological characteristic and the described reference unmatched result of biological characteristic or institute
State active user's biological characteristic and the described result with reference to biometric matches.
7. one kind realizes secure communication between credible execution environment TEE and client identification module SIM
Method, it is characterised in that including:
Receiving the request message from described TEE checking SIM certificate, wherein said SIM certificate is
The certificate information of the proof SIM identity security signed and issued in advance;
According to the described request message described SIM certificate of transmission to described TEE, described TEE verify institute
State SIM certificate;
Receive the TEE certificate being passed through for described SIM certification authentication by described TEE and returning, and test
Demonstrate,proving described TEE certificate, wherein said TEE certificate is the certificate of the proof TEE identity security signed and issued in advance
Information;
Send for the instruction message being verified of described TEE certificate to described TEE, and with described TEE
Consulting session key, sets up the escape way with described TEE;
By described escape way, securely communicate with described TEE.
Method the most according to claim 7, it is characterised in that
The TEE certificate that described reception is passed through for described SIM certification authentication by described TEE and returned,
And verify the step of described TEE certificate, including:
According to the root certificate prestored of described SIM, verify two grades of TEE in described TEE certificate
Certificate, wherein said two grades of TEE certificates are that root certificate management authority CA signs and issues to TEE equipment supplier
Certificate;
Two grades of TEE certification authentications in described TEE certificate, by afterwards, are verified in described TEE certificate
Three grades of certificates, wherein said three grades of TEE certificates are to be added by the preset TEE signed and issued of TEE equipment supplier
Close certificate.
Method the most according to claim 7, it is characterised in that
Described SIM certificate is one or more of two grades of SIM certificates and three grades of SIM certificates, wherein
Described two grades of SIM certificates are the certificate that root certificate management authority CA signs and issues to SIM equipment supplier,
Described three grades of SIM certificates be by the preset SIM signing certificate signed and issued of SIM equipment supplier and or
SIM encrypted certificate.
10. according to the method described in any one of claim 7 to 9, it is characterised in that described and described
TEE consulting session key, sets up the step with the escape way of described TEE and includes:
Receive the request from described TEE consulting session key;
For described request, send response message and lead to described TEE, the safety of foundation and described SIM
Road, carries PKI and stochastic generation session key in wherein said response message.
11. methods according to claim 10, it is characterised in that
Described by described escape way, securely communicate with described TEE and include:
Receive the biological characteristic crossed according to described session key from described TEE, and store described life
Thing is characterized as with reference to biological characteristic, and wherein said biological characteristic is the individual figure and features feature letter for identification
Breath;
Send the described SIM feedback result according to described session key, to described TEE, wherein
Described feedback result is to store the result of described biological characteristic or do not store the result of described biological characteristic.
12. methods according to claim 11, it is characterised in that
Described by described escape way, securely communicate with described TEE and include:
Obtain the active user's biological characteristic crossed according to described session key from described TEE, and test
The described matching degree with reference to biological characteristic demonstrate,proving described active user's biological characteristic and store, wherein said
Active user's biological characteristic is the individual figure and features characteristic information of current user identities identification;
Send and according to the result of described session key to described TEE, wherein said the result be
Described active user's biological characteristic and the described reference unmatched result of biological characteristic or described active user
Biological characteristic and the described result with reference to biometric matches.
13. according to the method described in any one of claim 7 to 9, it is characterised in that described reception is by institute
State the TEE certificate that TEE passes through for described SIM certification authentication and returns, and verify described TEE
The step of certificate includes:
Judge whether the described TEE certificate received has secure access authority;
When described TEE certificate has secure access authority, verify described TEE certificate.
14. 1 kinds realize secure communication between credible execution environment TEE and client identification module SIM
Device, is applied to credible execution environment TEE system, it is characterised in that described device includes:
First sending module, for sending the request message of checking SIM certificate to described SIM, its
Described in SIM certificate be the certificate information of the proof SIM identity security signed and issued in advance;
First receives authentication module, returns for described request message by described SIM for receiving and verifying
The described SIM certificate returned;
Second sending module, for after described SIM certification authentication is passed through, sends to described SIM
TEE certificate, wherein said TEE certificate is the certificate information of the proof TEE identity security signed and issued in advance;
First sets up module, leads to for receiving the checking returned by described SIM for described TEE certificate
The instruction message crossed, and with described SIM consulting session key, set up and lead to the safety of described SIM
Road;
First communication module, for by described escape way, securely communicates with described SIM.
15. according to device described in claim 14, it is characterised in that
Described first receives authentication module includes:
First authentication unit, for the root certificate prestored according to described TEE, verifies that described SIM demonstrate,proves
Two grades of SIM certificates in book, wherein said two grades of SIM certificates are that root certificate management authority CA is to SIM
The certificate that card apparatus provider signs and issues;
Second authentication unit, after two grades of SIM certification authentications in described SIM certificate are passed through, tests
Demonstrate,proving three grades of SIM certificates in described SIM certificate, wherein said three grades of SIM certificates are for be set by SIM
The preset SIM signature card signed and issued of standby provider and or SIM encrypted certificate.
16. according to device described in claim 14, it is characterised in that
Described TEE certificate refers to one or more of two grades of TEE certificates and three grades of TEE certificates, wherein
Described two grades of TEE certificates are the certificate that root certificate management authority CA signs and issues to TEE equipment supplier, institute
Stating three grades of TEE certificates is by the preset TEE encrypted certificate signed and issued of TEE equipment supplier.
17. 1 kinds realize secure communication between credible execution environment TEE and client identification module SIM
Device, is applied to described SIM, it is characterised in that described device includes:
First receiver module, for receiving the request message from described TEE checking SIM certificate, its
Described in SIM certificate be the certificate information of the proof SIM identity security signed and issued in advance;
3rd sending module, is used for according to the described request message described SIM certificate of transmission to described TEE,
Described SIM certificate is verified by described TEE;
Second receives authentication module, passes through for described SIM certification authentication by described TEE for receiving
And the TEE certificate returned, and verify that described TEE certificate, wherein said TEE certificate are sign and issue in advance
Prove the certificate information of TEE identity security;
Second sets up module, for sending the instruction message being verified for described TEE certificate to institute
State TEE, and with described TEE consulting session key, set up the escape way with described TEE;
Second communication module, for by described escape way, securely communicates with described TEE.
18. according to device described in claim 17, it is characterised in that
Described second receives authentication module includes:
3rd authentication unit, for the root certificate prestored according to described SIM, verifies described TEE
Two grades of TEE certificates in certificate, wherein said two grades of TEE certificates are that root certificate management authority CA is to TEE
The certificate that equipment supplier signs and issues;
4th authentication unit, for two grades of TEE certification authentications in described TEE certificate by afterwards,
Verifying three grades of certificates in described TEE certificate, wherein said three grades of TEE certificates are for being provided by TEE equipment
The preset TEE encrypted certificate signed and issued of business.
19. according to device described in claim 17, it is characterised in that
Described SIM certificate is one or more of two grades of SIM certificates and three grades of SIM certificates, wherein
Described two grades of SIM certificates are the certificate that root certificate management authority CA signs and issues to SIM equipment supplier,
Described three grades of SIM certificates be by the preset SIM signing certificate signed and issued of SIM equipment supplier and or
SIM encrypted certificate.
20. according to realizing credible execution environment TEE and client described in any one of claim 17 to 19
The device of secure communication between identification module SIM, it is characterised in that described second receives authentication module
Including:
Judging unit, for judging whether the described TEE certificate received has secure access authority;
5th authentication unit, for when described TEE certificate has secure access authority, verifying described TEE
Certificate.
21. 1 kinds of terminals, including credible execution environment TEE system, it is characterised in that described TEE system
System includes that the credible execution environment TEE that realizes as described in any one of claim 14 to 16 identifies with client
The device of secure communication between Module SIM card.
22. 1 kinds of client identification module SIMs, it is characterised in that include such as claim 17 to 20
Secure communication between credible execution environment TEE and client identification module SIM is realized described in any one
Device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510309607.2A CN106304052A (en) | 2015-06-08 | 2015-06-08 | A kind of method of secure communication, device, terminal and client identification module card |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510309607.2A CN106304052A (en) | 2015-06-08 | 2015-06-08 | A kind of method of secure communication, device, terminal and client identification module card |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106304052A true CN106304052A (en) | 2017-01-04 |
Family
ID=57659733
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510309607.2A Pending CN106304052A (en) | 2015-06-08 | 2015-06-08 | A kind of method of secure communication, device, terminal and client identification module card |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106304052A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107277794A (en) * | 2017-06-09 | 2017-10-20 | 中国联合网络通信集团有限公司 | Set up the method, device and mobile terminal of communication connection |
CN108322907A (en) * | 2017-01-17 | 2018-07-24 | 中国移动通信有限公司研究院 | One kind opening chucking method and terminal |
CN112787979A (en) * | 2019-11-07 | 2021-05-11 | 北京地平线机器人技术研发有限公司 | Internet of things equipment access control method and internet of things equipment access control device |
CN114567881A (en) * | 2022-04-24 | 2022-05-31 | 江苏益捷思信息科技有限公司 | SIM card information security protection method and system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1726686A (en) * | 2002-10-17 | 2006-01-25 | 沃达方集团有限公司 | Providing convenience and authentication for trade |
US20080182592A1 (en) * | 2007-01-26 | 2008-07-31 | Interdigital Technology Corporation | Method and apparatus for securing location information and access control using the location information |
CN101483870A (en) * | 2009-02-12 | 2009-07-15 | 浙江大学 | Cross-platform mobile communication security system implementing method |
CN102209317A (en) * | 2010-03-29 | 2011-10-05 | 中兴通讯股份有限公司 | Signing data provision method and system |
CN102695170A (en) * | 2011-03-25 | 2012-09-26 | 国民技术股份有限公司 | Mobile platform possessing identity authentication function and identity authentication method |
CN103985036A (en) * | 2014-05-09 | 2014-08-13 | 杭州晟元芯片技术有限公司 | Two-dimension code payment method with biological characteristics |
-
2015
- 2015-06-08 CN CN201510309607.2A patent/CN106304052A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1726686A (en) * | 2002-10-17 | 2006-01-25 | 沃达方集团有限公司 | Providing convenience and authentication for trade |
US20080182592A1 (en) * | 2007-01-26 | 2008-07-31 | Interdigital Technology Corporation | Method and apparatus for securing location information and access control using the location information |
CN101483870A (en) * | 2009-02-12 | 2009-07-15 | 浙江大学 | Cross-platform mobile communication security system implementing method |
CN102209317A (en) * | 2010-03-29 | 2011-10-05 | 中兴通讯股份有限公司 | Signing data provision method and system |
CN102695170A (en) * | 2011-03-25 | 2012-09-26 | 国民技术股份有限公司 | Mobile platform possessing identity authentication function and identity authentication method |
CN103985036A (en) * | 2014-05-09 | 2014-08-13 | 杭州晟元芯片技术有限公司 | Two-dimension code payment method with biological characteristics |
Non-Patent Citations (1)
Title |
---|
ZAHEER AHMAD ET AL: "Enhancing the Security of Mobile Applications by using TEE and (U)SIM", 《2013 IEEE 10TH INTERNATIONAL CONFERENCE ON UBIQUITOUS INTELLIGENCE AND COMPUTING AND 2013 IEEE 10TH INTERNATIONAL CONFERENCE ON AUTONOMIC AND TRUSTED COMPUTING》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108322907A (en) * | 2017-01-17 | 2018-07-24 | 中国移动通信有限公司研究院 | One kind opening chucking method and terminal |
CN108322907B (en) * | 2017-01-17 | 2021-03-09 | 中国移动通信有限公司研究院 | Card opening method and terminal |
CN107277794A (en) * | 2017-06-09 | 2017-10-20 | 中国联合网络通信集团有限公司 | Set up the method, device and mobile terminal of communication connection |
CN112787979A (en) * | 2019-11-07 | 2021-05-11 | 北京地平线机器人技术研发有限公司 | Internet of things equipment access control method and internet of things equipment access control device |
CN114567881A (en) * | 2022-04-24 | 2022-05-31 | 江苏益捷思信息科技有限公司 | SIM card information security protection method and system |
CN114567881B (en) * | 2022-04-24 | 2022-07-19 | 江苏益捷思信息科技有限公司 | SIM card information security protection method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103856472B (en) | A kind of method and device of Account Logon | |
WO2017197974A1 (en) | Biometric characteristic-based security authentication method, device and electronic equipment | |
CN107800725A (en) | A kind of digital certificate remote online managing device and method | |
CN107113315A (en) | Identity authentication method, terminal and server | |
CN106161032B (en) | A kind of identity authentication method and device | |
CN109150535A (en) | A kind of identity identifying method, equipment, computer readable storage medium and device | |
JP2018532301A (en) | User authentication method and apparatus | |
CN107026874A (en) | One kind instruction signature and verification method and system | |
CN106850201A (en) | Intelligent terminal multiple-factor authentication method, intelligent terminal, certificate server and system | |
CN105164689A (en) | User authentication | |
CN107222373A (en) | Control method, system, terminal, FIDO servers and the safety means of smart home | |
CN106850680A (en) | A kind of intelligent identity identification method and device for Transit Equipment | |
CN107426160A (en) | Control method, system, terminal, FIDO servers and the safety means of smart home | |
CN107517217A (en) | A kind of multiple-factor wireless key fill system based on fingerprint recognition | |
CN106304052A (en) | A kind of method of secure communication, device, terminal and client identification module card | |
CN105991654A (en) | Authorization authentication method, device and system | |
CN207939549U (en) | A kind of digital certificate remote online managing device | |
CN110278084B (en) | eID establishing method, related device and system | |
CN103401686B (en) | A kind of user's OTP WEB Authentication System and application process thereof | |
CN107070918B (en) | A kind of network application login method and system | |
CN108667801A (en) | A kind of Internet of Things access identity safety certifying method and system | |
CN107911211A (en) | Quick Response Code Verification System based on quantum communication network | |
CN108400989B (en) | Security authentication equipment, method and system for shared resource identity authentication | |
CN104579639B (en) | The realization of multi-party collaborative authorization secret key and move the system of controlled in wireless with it | |
CN107786978B (en) | NFC authentication system based on quantum encryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170104 |
|
RJ01 | Rejection of invention patent application after publication |