CN106304052A - A kind of method of secure communication, device, terminal and client identification module card - Google Patents

A kind of method of secure communication, device, terminal and client identification module card Download PDF

Info

Publication number
CN106304052A
CN106304052A CN201510309607.2A CN201510309607A CN106304052A CN 106304052 A CN106304052 A CN 106304052A CN 201510309607 A CN201510309607 A CN 201510309607A CN 106304052 A CN106304052 A CN 106304052A
Authority
CN
China
Prior art keywords
sim
tee
certificate
grades
certificates
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510309607.2A
Other languages
Chinese (zh)
Inventor
乐祖晖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chellona Mobile Communications Corp Cmcc
Original Assignee
Chellona Mobile Communications Corp Cmcc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chellona Mobile Communications Corp Cmcc filed Critical Chellona Mobile Communications Corp Cmcc
Priority to CN201510309607.2A priority Critical patent/CN106304052A/en
Publication of CN106304052A publication Critical patent/CN106304052A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Abstract

The present invention provides a kind of method of secure communication, device, terminal and client identification module card, the method of wherein said secure communication includes: send the request message of checking SIM certificate to described SIM, wherein said SIM certificate is the certificate information of the proof SIM identity security signed and issued in advance;Receive and verify the described SIM certificate returned for described request message by described SIM;After described SIM certification authentication is passed through, sending TEE certificate to described SIM, wherein said TEE certificate is the certificate information of the proof TEE identity security signed and issued in advance;Receive the instruction message being verified that returned by described SIM for described TEE certificate, and with described SIM consulting session key, set up and the escape way of described SIM;By described escape way, securely communicate with described SIM.

Description

A kind of method of secure communication, device, terminal and client identification module card
Technical field
The present invention relates to field of terminal, particularly relate to a kind of method of secure communication, device, terminal and visitor Family identification module card.
Background technology
Biological identification technology is dependent on the physical trait of people to carry out a solution of authentication.Human body Biological characteristic include fingerprint, sound, face, retina, palm shape, skeleton etc..So-called biological knowledge Other core is how to obtain these biological characteristics, and converts it to digital information, is stored in computer In, utilize reliable matching algorithm complete checking and identify personal identification.
Owing to characteristics of human body has the most reproducible uniqueness that human body is intrinsic, this biological secret key cannot be answered System, stolen or pass into silence.Common password, IC-card, bar code, magnetic card or key then also exist to be lost Lose, forget, replicate and stolen many unfavorable factors.Therefore using biology " key ", you can take The key of the big string of band, without taking a lot of trouble note or changing password.And system manager more need not be because forgetting password And feel simply helpless.
For preventing the security incident that may cause because server is hacked, the biological characteristic number of current collection According to being mostly stored in local device, high in the clouds will not be uploaded to.The most safely and effectively manage life Thing characteristic, is just particularly important.
Mobile phone is now widely used personal device, wherein REE (Rich Execution Environment) It is the operating system with powerful disposal ability and multimedia function, such as Android, iOS etc..TEE (Trusted Execution Environment) has secure processing capability and provides secure peripheral operation Trusted operating system, independent operating mutually isolated with REE on same equipment.As mobile device In secure operating environment, TEE has safe operational capability, but its safe storage capacity is unanimously short slab.
SIM is the safety storage in mobile phone, arithmetic element, and main user security of being responsible for logs in mobile communication Network.TEE and SIM can be combined, assist the safety management of biological characteristic, Offer foundation for security is carried out for business.
Summary of the invention
The purpose of the embodiment of the present invention is to provide a kind of method of secure communication, device, terminal and client to know Other module card, improves the safety that information is mutual.
To achieve these goals, the embodiment of the present invention provide one realize credible execution environment TEE with The method of secure communication between client identification module SIM, including:
Send the request message of checking SIM certificate to described SIM, wherein said SIM certificate is The certificate information of the proof SIM identity security signed and issued in advance;
Receive and verify the described SIM certificate returned for described request message by described SIM;
After described SIM certification authentication is passed through, send TEE certificate to described SIM, wherein said TEE certificate is the certificate information of the proof TEE identity security signed and issued in advance;
The instruction message being verified that reception is returned for described TEE certificate by described SIM, and with Described SIM consulting session key, sets up the escape way with described SIM;
By described escape way, securely communicate with described SIM.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM Receive described in the method for full communication and verify by described SIM for described in the return of described request message The step of SIM certificate, including:
The root certificate prestored according to described TEE, verifies two grades of SIM certificates in described SIM certificate, Wherein said two grades of SIM certificates are the card that root certificate management authority CA signs and issues to SIM equipment supplier Book;
After two grades of SIM certification authentications in described SIM certificate are passed through, verify in described SIM certificate Three grades of SIM certificates, wherein said three grades of SIM certificates are to be signed and issued by SIM equipment supplier is preset SIM signature card and or SIM encrypted certificate.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM TEE certificate described in the method for full communication refer to two grades of TEE certificates and the one of three grades of TEE certificates or Multiple, wherein said two grades of TEE certificates are that root certificate management authority CA signs and issues to TEE equipment supplier Certificate, described three grades of TEE certificates are by the preset TEE encrypted certificate signed and issued of TEE equipment supplier.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM In the method for full communication, described and described SIM consulting session key, set up the peace with described SIM The step of full tunnel includes:
Send the request of consulting session key to described SIM;
Receive the response message that described SIM returns for described request, and set up and described SIM Escape way, carries PKI and stochastic generation session key and gives birth at random in wherein said response message Become session key.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM In the method for full communication, described by described escape way, the step securely communicated with described SIM Suddenly include:
Obtain the biological characteristic gathered in advance, and according to described session key, described biological feature encryption is sent To described SIM, described SIM storing described biological characteristic is with reference to biological characteristic, wherein said Biological characteristic is the individual figure and features characteristic information for identification;
Receive and returned according to the feedback result of described session key by described SIM, wherein said instead Feedback result is to store the result of described biological characteristic or do not store the result of described biological characteristic.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM In the method for full communication, described by described escape way, the step securely communicated with described SIM Suddenly include:
Obtain the active user's biological characteristic gathered, and according to described session key, described active user is biological Feature encryption is sent to described SIM, by described SIM verify described active user's biological characteristic with The described matching degree with reference to biological characteristic of storage, wherein said active user's biological characteristic is active user The individual figure and features characteristic information of identification;
Receive by described SIM return according to described session key the result, wherein said The result is described active user's biological characteristic and the described reference unmatched result of biological characteristic or institute State active user's biological characteristic and the described result with reference to biometric matches.
The one of the embodiment of the present invention realizes between credible execution environment TEE and client identification module SIM The method of secure communication, including:
Receiving the request message from described TEE checking SIM certificate, wherein said SIM certificate is The certificate information of the proof SIM identity security signed and issued in advance;
According to the described request message described SIM certificate of transmission to described TEE, described TEE verify institute State SIM certificate;
Receive the TEE certificate being passed through for described SIM certification authentication by described TEE and returning, and test Demonstrate,proving described TEE certificate, wherein said TEE certificate is the certificate of the proof TEE identity security signed and issued in advance Information;
Send for the instruction message being verified of described TEE certificate to described TEE, and with described TEE Consulting session key, sets up the escape way with described TEE;
By described escape way, securely communicate with described TEE.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM In the method for full communication, described reception is passed through by described TEE for described SIM certification authentication and returns TEE certificate, and verify the step of described TEE certificate, including:
According to the root certificate prestored of described SIM, verify two grades of TEE in described TEE certificate Certificate, wherein said two grades of TEE certificates are that root certificate management authority CA signs and issues to TEE equipment supplier Certificate;
Two grades of TEE certification authentications in described TEE certificate, by afterwards, are verified in described TEE certificate Three grades of certificates, wherein said three grades of TEE certificates are to be added by the preset TEE signed and issued of TEE equipment supplier Close certificate.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM In the method for full communication, described SIM certificate is two grades of SIM certificates and the one of three grades of SIM certificates Or multiple, wherein said two grades of SIM certificates are that root certificate management authority CA is to SIM equipment supplier The certificate signed and issued, described three grades of SIM certificates are by the preset SIM label signed and issued of SIM equipment supplier Name certificate and or SIM encrypted certificate.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM In the method for full communication, described and described TEE consulting session key, set up the safety with described TEE and lead to The step in road includes:
Receive the request from described TEE consulting session key;
For described request, send response message and lead to described TEE, the safety of foundation and described SIM Road, carries PKI and stochastic generation session key in wherein said response message.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM In the method for full communication, described by described escape way, securely communicate with described TEE and include:
Receive the biological characteristic crossed according to described session key from described TEE, and store described life Thing is characterized as with reference to biological characteristic, and wherein said biological characteristic is the individual figure and features feature letter for identification Breath;
Send the described SIM feedback result according to described session key, to described TEE, wherein Described feedback result is to store the result of described biological characteristic or do not store the result of described biological characteristic.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM In the method for full communication, described by described escape way, securely communicate with described TEE and include:
Obtain the active user's biological characteristic crossed according to described session key from described TEE, and test The described matching degree with reference to biological characteristic demonstrate,proving described active user's biological characteristic and store, wherein said Active user's biological characteristic is the individual figure and features characteristic information of current user identities identification;
Send and according to the result of described session key to described TEE, wherein said the result be Described active user's biological characteristic and the described reference unmatched result of biological characteristic or described active user Biological characteristic and the described result with reference to biometric matches.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM In the method for full communication, described reception is passed through by described TEE for described SIM certification authentication and returns TEE certificate, and verify that the step of described TEE certificate includes:
Judge whether the described TEE certificate received has secure access authority;
When described TEE certificate has secure access authority, verify described TEE certificate.
The one of the embodiment of the present invention realizes between credible execution environment TEE and client identification module SIM The device of secure communication, is applied to credible execution environment TEE system, and described device includes:
First sending module, for sending the request message of checking SIM certificate to described SIM, its Described in SIM certificate be the certificate information of the proof SIM identity security signed and issued in advance;
First receives authentication module, returns for described request message by described SIM for receiving and verifying The described SIM certificate returned;
Second sending module, for after described SIM certification authentication is passed through, sends to described SIM TEE certificate, wherein said TEE certificate is the certificate information of the proof TEE identity security signed and issued in advance;
First sets up module, leads to for receiving the checking returned by described SIM for described TEE certificate The instruction message crossed, and with described SIM consulting session key, set up and lead to the safety of described SIM Road;
First communication module, for by described escape way, securely communicates with described SIM.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM In the device of full communication, described first receives authentication module includes:
First authentication unit, for the root certificate prestored according to described TEE, verifies that described SIM demonstrate,proves Two grades of SIM certificates in book, wherein said two grades of SIM certificates are that root certificate management authority CA is to SIM The certificate that card apparatus provider signs and issues;
Second authentication unit, after two grades of SIM certification authentications in described SIM certificate are passed through, tests Demonstrate,proving three grades of SIM certificates in described SIM certificate, wherein said three grades of SIM certificates are for be set by SIM The preset SIM signature card signed and issued of standby provider and or SIM encrypted certificate.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM In the device of full communication, described TEE certificate refers to two grades of TEE certificates and the one of three grades of TEE certificates Or multiple, wherein said two grades of TEE certificates are that root certificate management authority CA signs to TEE equipment supplier The certificate sent out, described three grades of TEE certificates are by the preset TEE encrypted certificate signed and issued of TEE equipment supplier.
The embodiment of the present invention also provides for one and realizes credible execution environment TEE and client identification module SIM Between the device of secure communication, be applied to described SMI card, described device includes:
First receiver module, for receiving the request message from described TEE checking SIM certificate, its Described in SIM certificate be the certificate information of the proof SIM identity security signed and issued in advance;
3rd sending module, is used for according to the described request message described SIM certificate of transmission to described TEE, Described SIM certificate is verified by described TEE;
Second receives authentication module, passes through for described SIM certification authentication by described TEE for receiving And the TEE certificate returned, and verify that described TEE certificate, wherein said TEE certificate are sign and issue in advance Prove the certificate information of TEE identity security;
Second sets up module, for sending the instruction message being verified for described TEE certificate to institute State TEE, and with described TEE consulting session key, set up the escape way with described TEE;
Second communication module, for by described escape way, securely communicates with described TEE.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM In the device of full communication, described second receives authentication module includes:
3rd authentication unit, for the root certificate prestored according to described SIM, verifies described TEE Two grades of TEE certificates in certificate, wherein said two grades of TEE certificates are that root certificate management authority CA is to TEE The certificate that equipment supplier signs and issues;
4th authentication unit, for two grades of TEE certification authentications in described TEE certificate by afterwards, Verifying three grades of certificates in described TEE certificate, wherein said three grades of TEE certificates are for being provided by TEE equipment The preset TEE encrypted certificate signed and issued of business.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM In the device of full communication, described SIM certificate is two grades of SIM certificates and the one of three grades of SIM certificates Or multiple, wherein said two grades of SIM certificates are that root certificate management authority CA is to SIM equipment supplier The certificate signed and issued, described three grades of SIM certificates are by the preset SIM label signed and issued of SIM equipment supplier Name certificate and or SIM encrypted certificate.
Further, described realization is pacified between credible execution environment TEE and client identification module SIM In the device of full communication, described second receives authentication module includes:
Judging unit, for judging whether the described TEE certificate received has secure access authority;
5th authentication unit, for when described TEE certificate has secure access authority, verifying described TEE Certificate.
The embodiment of the present invention also provides for a kind of terminal, including credible execution environment TEE system, wherein, institute State TEE system to include realizing described above between credible execution environment TEE and client identification module SIM The device of secure communication.
The embodiment of the present invention also provides for a kind of client identification module SIM, credible including realizing described above Perform the device of secure communication between environment TEE and client identification module SIM.
Having the beneficial effect that of the technique scheme of the embodiment of the present invention:
In the scheme of the embodiment of the present invention, between TEE and SIM, set up an escape way, so In escape way, carry out information mutual, would not be intercepted, by the external world, the content that information is mutual, improve letter Cease mutual safety.
Accompanying drawing explanation
Fig. 1 is one of step schematic diagram of the method for embodiment of the present invention secure communication;
Fig. 2 is the certificate chain of the embodiment of the present invention;
Fig. 3 is the schematic flow sheet of the method for embodiment of the present invention secure communication;
Fig. 4 is the flow chart of the individual figure and features characteristic information storage of the embodiment of the present invention;
Fig. 5 is the flow chart of the individual figure and features characteristic information checking of the embodiment of the present invention;
Fig. 6 is one of step schematic diagram of the method for embodiment of the present invention secure communication;
Fig. 7 and Fig. 8 is the structural representation of the device of embodiment of the present invention secure communication;
Fig. 9 is the framework map of the embodiment of the present invention.
Detailed description of the invention
For making the technical problem to be solved in the present invention, technical scheme and advantage clearer, below in conjunction with attached Figure and specific embodiment are described in detail.
Security risk is there is for the offline storage of biological characteristic in prior art, although SIM tool simultaneously Standby safe storage capacity, but the problem that the communication port between SIM and external equipment exists security risk.
The embodiment of the present invention provides a kind of method of secure communication, device, terminal and client identification module card, Carry out TEE by certificate of utility and SIM is mutually authenticated after identity passes through, consult a session key Set up escape way, finally utilize session key to perform subsequent operation, it is possible to resolve between TEE and SIM Safe transmission problem.
As it is shown in figure 1, the one of the embodiment of the present invention realizes credible execution environment TEE identifies mould with client Between block SIM in the method for secure communication, including:
Step 11, sends the request message of checking SIM certificate, wherein said SIM to described SIM Card certificate is the certificate information of the proof SIM identity security signed and issued in advance;
Step 12, receives and verifies the described SIM returned for described request message by described SIM Certificate;
Step 13, after described SIM certification authentication is passed through, sends TEE certificate to described SIM, Wherein said TEE certificate is the certificate information of the proof TEE identity security signed and issued in advance;
Step 14, receives the instruction being verified returned for described TEE certificate by described SIM and disappears Breath, and with described SIM consulting session key, set up and the escape way of described SIM;
Step 15, by described escape way, securely communicates with described SIM.
In the embodiment of the present invention, between TEE and SIM, set up an escape way, so in safety Passage carries out information mutual, would not be intercepted, by the external world, the content that information is mutual.
It should be understood that described TEE certificate refers to two grades of TEE certificates and the one of three grades of TEE certificates Planting or multiple, wherein said two grades of TEE certificates are that root certificate management authority CA is to TEE equipment supplier The certificate signed and issued, described three grades of TEE certificates are by the preset TEE encryption card signed and issued of TEE equipment supplier Book.
Even if the safety of traditional TEE is the highest, but also can be by key storage in TEE, the present invention Embodiment realize the method for secure communication between credible execution environment TEE and client identification module SIM In, step 12 includes:
Step 121, the root certificate prestored according to described TEE, verify two in described SIM certificate Level SIM certificate, wherein said two grades of SIM certificates are that root certificate management authority CA carries to SIM equipment The certificate signed and issued for business;
Step 122, after two grades of SIM certification authentications in described SIM certificate are passed through, verifies described SIM Three grades of SIM certificates in certificate, wherein said three grades of SIM certificates are preset by SIM equipment supplier Sign and issue SIM signature card and or SIM encrypted certificate.
In the embodiment of the present invention, by root certificate, two grades of certificates and three grades of certificates, (TEE and SIM are demonstrate,proved Book) certificate chain structure promote system flexibility, the simultaneously present invention the most to greatest extent Embodiment by different certificates being stored in different places (respectively at TEE and SIM), thus Avoid the unsafe conditions being stored in same place.
It should be understood that as in figure 2 it is shown, the present invention in process of production, in the TEE in mobile phone 3 certificates are set, SIM arranges 3 certificates, given full play to TEE and SIM is respective Security capabilities.
Further, the related credentials of SIM is stored in SIM;The related credentials of TEE is stored in TEE In, the root certificate of SIM with TEE is the same, and root certificate does not transmits, and is used to be carried out by root certificate Visa certification, when concrete proof procedure: SIM receives the checking request of TEE, then SIM will card Book is issued TEE and is verified, the root certificate of TEE has public and private key, can be by the private key of root certificate Remove to verify the certificate of the SIM signed and issued in advance, by first verifying SIM equipment supplier's certificate, at SIM After card apparatus provider certificate passes through, ability three grades of certificates of certification, without three grades of certificates just without certification Three grades of certificates.
It addition, as shown in Figure 2, in addition it is also necessary to it is described as follows:
1) root certificate: single certificate (or multiple certificates), each network element (TEE and SIM can be used Card) all preserve;
2) two grades of certificates:
A) TEE equipment supplier certificate: root CA (certificate authority (Certificate Authority), Or claim certification authority agent) to the TEE equipment supplier meeting condition (such as: pass through Third Party Authentication) Grant a certificate;
B) SIM equipment supplier certificate: root CA is to meeting condition (such as: pass through Third Party Authentication) SIM equipment supplier's grant a certificate.
3) three grades of certificates:
A) TEE signing certificate: signed and issued by TEE equipment supplier and be preset in TEE (such as: ROM electricity Wipe writeable read only memory)
B) SIM signing certificate: signed and issued by SIM equipment supplier and be preset in SIM;
C) SIM encrypted certificate: signed and issued by SIM equipment supplier and be preset in SIM.
By setting up the session key of escape way, in a subsequent communication, it is ensured that the safety of communication, therefore The embodiment of the present invention realize secure communication between credible execution environment TEE and client identification module SIM Method in, step 14 includes:
Step 141, sends the request of consulting session key to described SIM;
Step 142, receives the response message that described SIM returns for described request, and sets up with described The escape way of SIM, carries PKI and stochastic generation session key in wherein said response message.
In the embodiment of the present invention, it will words key moves and is stored in SIM, utilizes session key adopting In collection or proof procedure, Content of Communication is encrypted so that Content of Communication is not trapped, thus realizes peace Full communication, the most not only without shared key in advance between TEE and SIM, and due to SIM Hardware security is higher than TEE, is therefore not easy to be trapped, and improves the safety of communication port.
As it is shown on figure 3, the embodiment of the present invention set up escape way to implement flow process as follows:
1) TEE sends GetData (acquisition data) order to SIM;Wherein said GetData orders Order refer to a request sent, when at the beginning SIM being inserted after, need to set up immediately and TEE Passage;
2), after SIM receives GetData order, card signature (SIM signing certificate), encryption card are prepared Book and SIM equipment supplier's certificate;
3) SIM returns card signature, encrypted certificate and SIM equipment supplier's certificate;
4) TEE checking card signature and encrypted certificate effectiveness, wherein said effectiveness refers to whether be belonging to Can the certificate of certification;
5) TEE performs Perform Security Operation (execution safety operation) order, carries self Certificate and TEE equipment supplier's certificate;
6) SIM checking TEE certificate validity, (optional) SIM judges this TEE according to control strategy Whether there is secure access authority;
7) SIM returns the result;
8) TEE and SIM certificate of utility consulting session key;
9) TEE and SIM utilize session key to perform subsequent operation.
In order to effectively manage biological attribute data, the embodiment of the present invention realize credible execution environment Between TEE and client identification module SIM in the method for secure communication, step 15 includes:
Step 151, obtains the biological characteristic gathered in advance, and according to described session key by described biological special Levy encryption and be sent to described SIM, described SIM storing described biological characteristic is with reference to biological characteristic, Wherein said biological characteristic is the individual figure and features characteristic information for identification;
Step 152, receives and is returned the feedback result according to described session key by described SIM, its Described in feedback result be to store the result of described biological characteristic or do not store the result of described biological characteristic.
In the embodiment of the present invention, biological characteristic is stored in SIM, owing to SIM has higher peace Quan Xing, therefore improves the safety of the individual figure and features characteristic information storage of biological characteristic.
It should be noted that the individual figure and features characteristic information of biological characteristic at least includes finger print information, vocal print is believed Breath, face information, retinal information, palmprint information, in the information such as iris information and framework information Plant or multiple.
As shown in Figure 4, the idiographic flow of the embodiment of the present invention is exemplified below.
1) escape way is set up between TEE and SIM;
2) TEE gets the biological characteristic that physical characteristics collecting device gathers;
3) TEE sends preservation biological characteristic order to SIM;
4) SIM storage biological characteristic;
5) SIM returns biometric feedback result;
6) TEE shows biometric feedback result.
In order to ensure in communication process, Content of Communication is difficult to be trapped, the problem solving safe transmission, this Inventive embodiments realize secure communication between credible execution environment TEE and client identification module SIM In method, step 15 includes:
Step 153, obtains the active user's biological characteristic gathered, and works as described according to described session key Front user biological feature encryption is sent to described SIM, described SIM verify that described active user is raw Thing feature and the described matching degree with reference to biological characteristic stored, wherein said active user's biological characteristic Individual figure and features characteristic information for current user identities identification;
Step 154, receive by described SIM return according to described session key the result, Wherein said the result is described active user's biological characteristic and the described reference unmatched knot of biological characteristic Fruit or described active user's biological characteristic and the described result with reference to biometric matches.
In the embodiment of the present invention, in escape way, transmit biological attribute data by follow-up, it is achieved to life Thing collection apparatus and checking, also will not be intercepted and captured by the external world, not only increases the safety of biological characteristic, simultaneously Use biological " key ", also need not carry the key of big string, without taking a lot of trouble note or changing password.
As it is shown in figure 5, the idiographic flow of the embodiment of the present invention is exemplified below.
1) escape way is set up between TEE and SIM;
2) TEE gets the biological characteristic that physical characteristics collecting device gathers;
3) TEE sends checking biological characteristic order to SIM;
4) SIM checking biological characteristic;
5) SIM returns biological characteristic validation result;
6) TEE performs subsequent operation according to the result.
As shown in Figure 6, the embodiment of the present invention also provides for one and realizes credible execution environment TEE and client's knowledge Between other Module SIM card in the method for secure communication, including:
Step 61, receives the request message from described TEE checking SIM certificate, wherein said SIM Card certificate is the certificate information of the proof SIM identity security signed and issued in advance;
Step 62, according to the described request message described SIM certificate of transmission to described TEE, by described TEE Verify described SIM certificate;
Step 63, receives the TEE being passed through by described TEE for described SIM certification authentication and returning Certificate, and verify that described TEE certificate, wherein said TEE certificate are the proof TEE identity signed and issued in advance The certificate information of safety;
Step 64, sends for the instruction message being verified of described TEE certificate to described TEE, and With described TEE consulting session key, set up the escape way with described TEE;
Step 65, by described escape way, securely communicates with described TEE.
In the embodiment of the present invention, between TEE and SIM, set up an escape way, so in safety Passage carries out information mutual, would not be intercepted, by the external world, the content that information is mutual.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it Between secure communication method in, described step 63 includes:
Step 631, according to the root certificate prestored of described SIM, verifies in described TEE certificate Two grades of TEE certificates, wherein said two grades of TEE certificates are that root certificate management authority CA is to TEE equipment The certificate that provider signs and issues;
Step 632, two grades of TEE certification authentications in described TEE certificate are by afterwards, and checking is described Three grades of certificates in TEE certificate, wherein said three grades of TEE certificates are by the preset label of TEE equipment supplier The TEE encrypted certificate sent out.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it Between secure communication method in,
Described SIM certificate is one or more of two grades of SIM certificates and three grades of SIM certificates, wherein Described two grades of SIM certificates are the certificate that root certificate management authority CA signs and issues to SIM equipment supplier, Described three grades of SIM certificates be by the preset SIM signing certificate signed and issued of SIM equipment supplier and or SIM encrypted certificate.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it Between secure communication method in, described step 64 includes:
Step 641, receives the request from described TEE consulting session key;
Step 642, for described request, sends response message to described TEE, foundation and described SIM Escape way, wherein said response message carries PKI and stochastic generation session key.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it Between secure communication method in, step 65 includes:
Step 651, receives the biological characteristic crossed according to described session key from described TEE, and deposits Storing up described biological characteristic is that wherein said biological characteristic is the individual human body for identification with reference to biological characteristic Looks characteristic information;
Step 652, sends the described SIM feedback result according to described session key, to described TEE, wherein said feedback result is to store the result of described biological characteristic or do not store described biological characteristic Result.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it Between secure communication method in, step 65 includes:
Step 651, obtains the active user's biology crossed from described TEE according to described session key special Levy, and verify described active user's biological characteristic and the described matching degree with reference to biological characteristic stored, Wherein said active user's biological characteristic is the individual figure and features characteristic information of current user identities identification;
Step 652, sends according to the result of described session key to described TEE, wherein said The result is described active user's biological characteristic and the described reference unmatched result of biological characteristic or institute State active user's biological characteristic and the described result with reference to biometric matches.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it Between secure communication method in, described step 63 includes:
Step 633, it is judged that whether the described TEE certificate of reception has secure access authority;
Step 634, when described TEE certificate has secure access authority, verifies described TEE certificate.
In the embodiment of the present invention, SIM is entered by TEE by certificate (related credentials of REE and SIM) Row secure access, can be any limitation as with preset control strategy in SIM (such as: set up white list, black name Single) so that it can be had secure access to by the TEE only meeting condition.Wherein, set up white list or The reason that person's blacklist is set up, is not all TEE with certificate, can realize and SIM Card has secure access to, it is possible to operator thinks that the safety of some TEE is relatively low or limits some TEE Access, and carry out realizing control of authority by control strategy, thus control the legitimacy of terminal.
As it is shown in fig. 7, the corresponding embodiment of the present invention also provide for one realize credible execution environment TEE with The device of secure communication between client identification module SIM, is applied to credible execution environment TEE system, Described device includes:
First sending module 71, for sending the request message of checking SIM certificate to described SIM, Wherein said SIM certificate is the certificate information of the proof SIM identity security signed and issued in advance;
First receives authentication module 72, for receiving and verifying by described SIM for described request message The described SIM certificate returned;
Second sending module 73, for after described SIM certification authentication is passed through, sends out to described SIM Sending TEE certificate, wherein said TEE certificate is the certificate information of the proof TEE identity security signed and issued in advance;
First sets up module 74, for receiving the checking returned by described SIM for described TEE certificate The instruction message passed through, and with described SIM consulting session key, set up and the safety of described SIM Passage;
First communication module 75, for by described escape way, securely communicates with described SIM.
In the embodiment of the present invention, between TEE and SIM, set up an escape way, so in safety Passage carries out information mutual, would not be intercepted, by the external world, the content that information is mutual.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it Between secure communication device in, described first receive authentication module 72 includes:
First authentication unit, for the root certificate prestored according to described TEE, verifies that described SIM demonstrate,proves Two grades of SIM certificates in book, wherein said two grades of SIM certificates are that root certificate management authority CA is to SIM The certificate that card apparatus provider signs and issues;
Second authentication unit, after two grades of SIM certification authentications in described SIM certificate are passed through, tests Demonstrate,proving three grades of SIM certificates in described SIM certificate, wherein said three grades of SIM certificates are for be set by SIM The preset SIM signature card signed and issued of standby provider and or SIM encrypted certificate.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it Between secure communication device in,
Described TEE certificate refers to one or more of two grades of TEE certificates and three grades of TEE certificates, wherein Described two grades of TEE certificates are the certificate that root certificate management authority CA signs and issues to TEE equipment supplier, institute Stating three grades of TEE certificates is by the preset TEE encrypted certificate signed and issued of TEE equipment supplier.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it Between secure communication device in, described first sets up module 74 includes:
First transmitting element, for sending the request of consulting session key to described SIM;
Set up unit, for receiving the response message that described SIM returns for described request, and set up With the escape way of described SIM, wherein said response message carries PKI and stochastic generation meeting Words key.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it Between secure communication device in, described first communication module 75 includes:
Interactive unit, for obtaining the biological characteristic gathered in advance, and according to described session key by described life Thing feature encryption is sent to described SIM, described SIM storing described biological characteristic is with reference to biological Feature, wherein said biological characteristic is the individual figure and features characteristic information for identification;
First receives unit, is returned anti-according to described session key for receiving by described SIM Feedback result, wherein said feedback result is to store the result of described biological characteristic or do not store described biological special The result levied.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it Between secure communication device in, described first communication module 75 includes:
First acquiring unit, for obtaining active user's biological characteristic of collection, and according to described session key Described active user's biological feature encryption is sent to described SIM, is worked as by the checking of described SIM is described Front user biological feature and the described matching degree with reference to biological characteristic stored, wherein said active user Biological characteristic is the individual figure and features characteristic information of current user identities identification;
Second receive unit, for receive by described SIM return according to described session key The result, wherein said the result be described active user's biological characteristic with described with reference to biological characteristic not The result of coupling or described active user's biological characteristic and the described result with reference to biometric matches.
It should be noted that the present invention provide device be application above-mentioned realize credible execution environment TEE with The device of safety communicating method between client identification module SIM, the most above-mentioned realizes credible execution environment TEE And all embodiments of safety communicating method are all applicable to this device between client identification module SIM, and All can reach same or analogous beneficial effect.
As shown in Figure 8, the corresponding embodiment of the present invention also provide for one realize credible execution environment TEE with The device of secure communication between client identification module SIM, is applied to described SIM, described device bag Include:
First receiver module 81, for receiving the request message from described TEE checking SIM certificate, Wherein said SIM certificate is the certificate information of the proof SIM identity security signed and issued in advance;
3rd sending module 82, for sending described SIM certificate to described according to described request message TEE, is verified described SIM certificate by described TEE;
Second receives authentication module 83, leads to for described SIM certification authentication by described TEE for receiving The TEE certificate crossed and return, and verify described TEE certificate, wherein said TEE certificate is for sign and issue in advance The certificate information of proof TEE identity security;
Second sets up module 84, for send for described TEE certificate the instruction message being verified to Described TEE, and with described TEE consulting session key, set up and the escape way of described TEE;
Second communication module 85, for by described escape way, securely communicates with described TEE.
In the embodiment of the present invention, between TEE and SIM, set up an escape way, so in safety Passage carries out information mutual, would not be intercepted, by the external world, the content that information is mutual.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it Between secure communication device in, described second receive authentication module 83 includes:
3rd authentication unit, for the root certificate prestored according to described SIM, verifies described TEE Two grades of TEE certificates in certificate, wherein said two grades of TEE certificates are that root certificate management authority CA is to TEE The certificate that equipment supplier signs and issues;
4th authentication unit, for two grades of TEE certification authentications in described TEE certificate by afterwards, Verifying three grades of certificates in described TEE certificate, wherein said three grades of TEE certificates are for being provided by TEE equipment The preset TEE encrypted certificate signed and issued of business.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it Between secure communication device in, described SIM certificate is two grades of SIM certificates and three grades of SIM certificates One or more, wherein said two grades of SIM certificates are that root certificate management authority CA carries to SIM equipment The certificate signed and issued for business, described three grades of SIM certificates are by the preset SIM signed and issued of SIM equipment supplier Card signing certificate and or SIM encrypted certificate.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it Between secure communication device in, described second sets up module 84 includes:
3rd receives unit, for receiving the request from described TEE consulting session key;
Second transmitting element, for for described request, sends response message to described TEE, foundation and institute State the escape way of SIM, wherein said response message carries PKI and stochastic generation session is close Key.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it Between secure communication device in, described second communication module 85 includes:
Receive memory element, for receiving the biology crossed from described TEE according to described session key Feature, and store described biological characteristic for reference to biological characteristic, wherein said biological characteristic be for identity knowledge Other individual's figure and features characteristic information;
3rd transmitting element, for sending the described SIM feedback result according to described session key, To described TEE, wherein said feedback result is to store the result of described biological characteristic or do not store described life The result of thing feature.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it Between secure communication device in, described second communication module 85 includes:
Second acquisition unit, for obtain from described TEE according to described session key cross current User biological feature, and verify described active user's biological characteristic and the described reference biological characteristic stored Matching degree, wherein said active user's biological characteristic is the individual figure and features feature letter of current user identities identification Breath;
4th transmitting element, for sending according to the result of described session key to described TEE, Wherein said the result is described active user's biological characteristic and the described reference unmatched knot of biological characteristic Fruit or described active user's biological characteristic and the described result with reference to biometric matches.
Another embodiment of the present invention realize credible execution environment TEE and client identification module SIM it Between secure communication device in, described second receive authentication module 83 includes:
Judging unit, for judging whether the described TEE certificate received has secure access authority;
5th authentication unit, for when described TEE certificate has secure access authority, verifying described TEE Certificate.
It should be noted that the present invention provide device be application above-mentioned realize credible execution environment TEE with The device of safety communicating method between client identification module SIM, the most above-mentioned realizes credible execution environment TEE And all embodiments of safety communicating method are all applicable to this device between client identification module SIM, and All can reach same or analogous beneficial effect.
Accordingly, the embodiment of the present invention also provides for a kind of terminal, including credible execution environment TEE system, Wherein said TEE system includes realizing credible execution environment TEE and client identification module SIM described above The device of secure communication between card.
Accordingly realize credible execution environment TEE and client identification module SIM due to the embodiment of the present invention Between card, the device of secure communication, is applied to terminal, and therefore, the embodiment of the present invention additionally provides a kind of terminal, Wherein, above-mentioned the dress of secure communication between credible execution environment TEE and client identification module SIM is realized That puts described realizes embodiment all be applicable to the embodiment of this terminal, also can reach identical technique effect.
Accordingly, the embodiment of the present invention also provides for a kind of client identification module SIM, including described above Realize the device of secure communication between credible execution environment TEE and client identification module SIM.
As it is shown in figure 9, terminal also includes biological harvester, by first interface by biology harvester and TEE connects, and completes the transmission of information between the two, the most again by the second interface by TEE and SIM Connect, complete the transmission of information between the two.
It should be understood that SIM is by operators issue, user SIM is inserted equipped with TEE and The terminal of physical characteristics collecting device (such as: iris capturing device, face contour harvester, fingerprint capturer etc.) In, passage and the checking of foundation can be used.
Accordingly realize credible execution environment TEE and client identification module SIM due to the embodiment of the present invention Between card, the device of secure communication, is applied to SIM, and therefore, the embodiment of the present invention additionally provides one SIM, wherein, above-mentioned realizes safety between credible execution environment TEE and client identification module SIM The described of device of communication realizes embodiment all be applicable to the embodiment of this SIM, also can reach identical Technique effect.
The above is the preferred embodiment of the present invention, it is noted that for the common skill of the art For art personnel, on the premise of without departing from principle of the present invention, it is also possible to make some improvements and modifications, These improvements and modifications also should be regarded as protection scope of the present invention.

Claims (22)

1. one kind realizes secure communication between credible execution environment TEE and client identification module SIM Method, it is characterised in that including:
Send the request message of checking SIM certificate to described SIM, wherein said SIM certificate is The certificate information of the proof SIM identity security signed and issued in advance;
Receive and verify the described SIM certificate returned for described request message by described SIM;
After described SIM certification authentication is passed through, send TEE certificate to described SIM, wherein said TEE certificate is the certificate information of the proof TEE identity security signed and issued in advance;
The instruction message being verified that reception is returned for described TEE certificate by described SIM, and with Described SIM consulting session key, sets up the escape way with described SIM;
By described escape way, securely communicate with described SIM.
Method the most according to claim 1, it is characterised in that
Described reception also verifies the described SIM certificate returned by described SIM for described request message Step, including:
The root certificate prestored according to described TEE, verifies two grades of SIM certificates in described SIM certificate, Wherein said two grades of SIM certificates are the card that root certificate management authority CA signs and issues to SIM equipment supplier Book;
After two grades of SIM certification authentications in described SIM certificate are passed through, verify in described SIM certificate Three grades of SIM certificates, wherein said three grades of SIM certificates are to be signed and issued by SIM equipment supplier is preset SIM signature card and or SIM encrypted certificate.
Method the most according to claim 1, it is characterised in that
Described TEE certificate refers to one or more of two grades of TEE certificates and three grades of TEE certificates, wherein Described two grades of TEE certificates are the certificate that root certificate management authority CA signs and issues to TEE equipment supplier, institute Stating three grades of TEE certificates is by the preset TEE encrypted certificate signed and issued of TEE equipment supplier.
4. according to the method described in any one of claims 1 to 3, it is characterised in that described and described SIM Card consulting session key, sets up the step with the escape way of described SIM and includes:
Send the request of consulting session key to described SIM;
Receive the response message that described SIM returns for described request, and set up and described SIM Escape way, carries PKI and stochastic generation session key and gives birth at random in wherein said response message Become session key.
Method the most according to claim 4, it is characterised in that described by described escape way, The step securely communicated with described SIM includes:
Obtain the biological characteristic gathered in advance, and according to described session key, described biological feature encryption is sent To described SIM, described SIM storing described biological characteristic is with reference to biological characteristic, wherein said Biological characteristic is the individual figure and features characteristic information for identification;
Receive and returned according to the feedback result of described session key by described SIM, wherein said instead Feedback result is to store the result of described biological characteristic or do not store the result of described biological characteristic.
Method the most according to claim 5, it is characterised in that described by described escape way, The step securely communicated with described SIM includes:
Obtain the active user's biological characteristic gathered, and according to described session key, described active user is biological Feature encryption is sent to described SIM, by described SIM verify described active user's biological characteristic with The described matching degree with reference to biological characteristic of storage, wherein said active user's biological characteristic is active user The individual figure and features characteristic information of identification;
Receive by described SIM return according to described session key the result, wherein said The result is described active user's biological characteristic and the described reference unmatched result of biological characteristic or institute State active user's biological characteristic and the described result with reference to biometric matches.
7. one kind realizes secure communication between credible execution environment TEE and client identification module SIM Method, it is characterised in that including:
Receiving the request message from described TEE checking SIM certificate, wherein said SIM certificate is The certificate information of the proof SIM identity security signed and issued in advance;
According to the described request message described SIM certificate of transmission to described TEE, described TEE verify institute State SIM certificate;
Receive the TEE certificate being passed through for described SIM certification authentication by described TEE and returning, and test Demonstrate,proving described TEE certificate, wherein said TEE certificate is the certificate of the proof TEE identity security signed and issued in advance Information;
Send for the instruction message being verified of described TEE certificate to described TEE, and with described TEE Consulting session key, sets up the escape way with described TEE;
By described escape way, securely communicate with described TEE.
Method the most according to claim 7, it is characterised in that
The TEE certificate that described reception is passed through for described SIM certification authentication by described TEE and returned, And verify the step of described TEE certificate, including:
According to the root certificate prestored of described SIM, verify two grades of TEE in described TEE certificate Certificate, wherein said two grades of TEE certificates are that root certificate management authority CA signs and issues to TEE equipment supplier Certificate;
Two grades of TEE certification authentications in described TEE certificate, by afterwards, are verified in described TEE certificate Three grades of certificates, wherein said three grades of TEE certificates are to be added by the preset TEE signed and issued of TEE equipment supplier Close certificate.
Method the most according to claim 7, it is characterised in that
Described SIM certificate is one or more of two grades of SIM certificates and three grades of SIM certificates, wherein Described two grades of SIM certificates are the certificate that root certificate management authority CA signs and issues to SIM equipment supplier, Described three grades of SIM certificates be by the preset SIM signing certificate signed and issued of SIM equipment supplier and or SIM encrypted certificate.
10. according to the method described in any one of claim 7 to 9, it is characterised in that described and described TEE consulting session key, sets up the step with the escape way of described TEE and includes:
Receive the request from described TEE consulting session key;
For described request, send response message and lead to described TEE, the safety of foundation and described SIM Road, carries PKI and stochastic generation session key in wherein said response message.
11. methods according to claim 10, it is characterised in that
Described by described escape way, securely communicate with described TEE and include:
Receive the biological characteristic crossed according to described session key from described TEE, and store described life Thing is characterized as with reference to biological characteristic, and wherein said biological characteristic is the individual figure and features feature letter for identification Breath;
Send the described SIM feedback result according to described session key, to described TEE, wherein Described feedback result is to store the result of described biological characteristic or do not store the result of described biological characteristic.
12. methods according to claim 11, it is characterised in that
Described by described escape way, securely communicate with described TEE and include:
Obtain the active user's biological characteristic crossed according to described session key from described TEE, and test The described matching degree with reference to biological characteristic demonstrate,proving described active user's biological characteristic and store, wherein said Active user's biological characteristic is the individual figure and features characteristic information of current user identities identification;
Send and according to the result of described session key to described TEE, wherein said the result be Described active user's biological characteristic and the described reference unmatched result of biological characteristic or described active user Biological characteristic and the described result with reference to biometric matches.
13. according to the method described in any one of claim 7 to 9, it is characterised in that described reception is by institute State the TEE certificate that TEE passes through for described SIM certification authentication and returns, and verify described TEE The step of certificate includes:
Judge whether the described TEE certificate received has secure access authority;
When described TEE certificate has secure access authority, verify described TEE certificate.
14. 1 kinds realize secure communication between credible execution environment TEE and client identification module SIM Device, is applied to credible execution environment TEE system, it is characterised in that described device includes:
First sending module, for sending the request message of checking SIM certificate to described SIM, its Described in SIM certificate be the certificate information of the proof SIM identity security signed and issued in advance;
First receives authentication module, returns for described request message by described SIM for receiving and verifying The described SIM certificate returned;
Second sending module, for after described SIM certification authentication is passed through, sends to described SIM TEE certificate, wherein said TEE certificate is the certificate information of the proof TEE identity security signed and issued in advance;
First sets up module, leads to for receiving the checking returned by described SIM for described TEE certificate The instruction message crossed, and with described SIM consulting session key, set up and lead to the safety of described SIM Road;
First communication module, for by described escape way, securely communicates with described SIM.
15. according to device described in claim 14, it is characterised in that
Described first receives authentication module includes:
First authentication unit, for the root certificate prestored according to described TEE, verifies that described SIM demonstrate,proves Two grades of SIM certificates in book, wherein said two grades of SIM certificates are that root certificate management authority CA is to SIM The certificate that card apparatus provider signs and issues;
Second authentication unit, after two grades of SIM certification authentications in described SIM certificate are passed through, tests Demonstrate,proving three grades of SIM certificates in described SIM certificate, wherein said three grades of SIM certificates are for be set by SIM The preset SIM signature card signed and issued of standby provider and or SIM encrypted certificate.
16. according to device described in claim 14, it is characterised in that
Described TEE certificate refers to one or more of two grades of TEE certificates and three grades of TEE certificates, wherein Described two grades of TEE certificates are the certificate that root certificate management authority CA signs and issues to TEE equipment supplier, institute Stating three grades of TEE certificates is by the preset TEE encrypted certificate signed and issued of TEE equipment supplier.
17. 1 kinds realize secure communication between credible execution environment TEE and client identification module SIM Device, is applied to described SIM, it is characterised in that described device includes:
First receiver module, for receiving the request message from described TEE checking SIM certificate, its Described in SIM certificate be the certificate information of the proof SIM identity security signed and issued in advance;
3rd sending module, is used for according to the described request message described SIM certificate of transmission to described TEE, Described SIM certificate is verified by described TEE;
Second receives authentication module, passes through for described SIM certification authentication by described TEE for receiving And the TEE certificate returned, and verify that described TEE certificate, wherein said TEE certificate are sign and issue in advance Prove the certificate information of TEE identity security;
Second sets up module, for sending the instruction message being verified for described TEE certificate to institute State TEE, and with described TEE consulting session key, set up the escape way with described TEE;
Second communication module, for by described escape way, securely communicates with described TEE.
18. according to device described in claim 17, it is characterised in that
Described second receives authentication module includes:
3rd authentication unit, for the root certificate prestored according to described SIM, verifies described TEE Two grades of TEE certificates in certificate, wherein said two grades of TEE certificates are that root certificate management authority CA is to TEE The certificate that equipment supplier signs and issues;
4th authentication unit, for two grades of TEE certification authentications in described TEE certificate by afterwards, Verifying three grades of certificates in described TEE certificate, wherein said three grades of TEE certificates are for being provided by TEE equipment The preset TEE encrypted certificate signed and issued of business.
19. according to device described in claim 17, it is characterised in that
Described SIM certificate is one or more of two grades of SIM certificates and three grades of SIM certificates, wherein Described two grades of SIM certificates are the certificate that root certificate management authority CA signs and issues to SIM equipment supplier, Described three grades of SIM certificates be by the preset SIM signing certificate signed and issued of SIM equipment supplier and or SIM encrypted certificate.
20. according to realizing credible execution environment TEE and client described in any one of claim 17 to 19 The device of secure communication between identification module SIM, it is characterised in that described second receives authentication module Including:
Judging unit, for judging whether the described TEE certificate received has secure access authority;
5th authentication unit, for when described TEE certificate has secure access authority, verifying described TEE Certificate.
21. 1 kinds of terminals, including credible execution environment TEE system, it is characterised in that described TEE system System includes that the credible execution environment TEE that realizes as described in any one of claim 14 to 16 identifies with client The device of secure communication between Module SIM card.
22. 1 kinds of client identification module SIMs, it is characterised in that include such as claim 17 to 20 Secure communication between credible execution environment TEE and client identification module SIM is realized described in any one Device.
CN201510309607.2A 2015-06-08 2015-06-08 A kind of method of secure communication, device, terminal and client identification module card Pending CN106304052A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510309607.2A CN106304052A (en) 2015-06-08 2015-06-08 A kind of method of secure communication, device, terminal and client identification module card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510309607.2A CN106304052A (en) 2015-06-08 2015-06-08 A kind of method of secure communication, device, terminal and client identification module card

Publications (1)

Publication Number Publication Date
CN106304052A true CN106304052A (en) 2017-01-04

Family

ID=57659733

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510309607.2A Pending CN106304052A (en) 2015-06-08 2015-06-08 A kind of method of secure communication, device, terminal and client identification module card

Country Status (1)

Country Link
CN (1) CN106304052A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107277794A (en) * 2017-06-09 2017-10-20 中国联合网络通信集团有限公司 Set up the method, device and mobile terminal of communication connection
CN108322907A (en) * 2017-01-17 2018-07-24 中国移动通信有限公司研究院 One kind opening chucking method and terminal
CN112787979A (en) * 2019-11-07 2021-05-11 北京地平线机器人技术研发有限公司 Internet of things equipment access control method and internet of things equipment access control device
CN114567881A (en) * 2022-04-24 2022-05-31 江苏益捷思信息科技有限公司 SIM card information security protection method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1726686A (en) * 2002-10-17 2006-01-25 沃达方集团有限公司 Providing convenience and authentication for trade
US20080182592A1 (en) * 2007-01-26 2008-07-31 Interdigital Technology Corporation Method and apparatus for securing location information and access control using the location information
CN101483870A (en) * 2009-02-12 2009-07-15 浙江大学 Cross-platform mobile communication security system implementing method
CN102209317A (en) * 2010-03-29 2011-10-05 中兴通讯股份有限公司 Signing data provision method and system
CN102695170A (en) * 2011-03-25 2012-09-26 国民技术股份有限公司 Mobile platform possessing identity authentication function and identity authentication method
CN103985036A (en) * 2014-05-09 2014-08-13 杭州晟元芯片技术有限公司 Two-dimension code payment method with biological characteristics

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1726686A (en) * 2002-10-17 2006-01-25 沃达方集团有限公司 Providing convenience and authentication for trade
US20080182592A1 (en) * 2007-01-26 2008-07-31 Interdigital Technology Corporation Method and apparatus for securing location information and access control using the location information
CN101483870A (en) * 2009-02-12 2009-07-15 浙江大学 Cross-platform mobile communication security system implementing method
CN102209317A (en) * 2010-03-29 2011-10-05 中兴通讯股份有限公司 Signing data provision method and system
CN102695170A (en) * 2011-03-25 2012-09-26 国民技术股份有限公司 Mobile platform possessing identity authentication function and identity authentication method
CN103985036A (en) * 2014-05-09 2014-08-13 杭州晟元芯片技术有限公司 Two-dimension code payment method with biological characteristics

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ZAHEER AHMAD ET AL: "Enhancing the Security of Mobile Applications by using TEE and (U)SIM", 《2013 IEEE 10TH INTERNATIONAL CONFERENCE ON UBIQUITOUS INTELLIGENCE AND COMPUTING AND 2013 IEEE 10TH INTERNATIONAL CONFERENCE ON AUTONOMIC AND TRUSTED COMPUTING》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108322907A (en) * 2017-01-17 2018-07-24 中国移动通信有限公司研究院 One kind opening chucking method and terminal
CN108322907B (en) * 2017-01-17 2021-03-09 中国移动通信有限公司研究院 Card opening method and terminal
CN107277794A (en) * 2017-06-09 2017-10-20 中国联合网络通信集团有限公司 Set up the method, device and mobile terminal of communication connection
CN112787979A (en) * 2019-11-07 2021-05-11 北京地平线机器人技术研发有限公司 Internet of things equipment access control method and internet of things equipment access control device
CN114567881A (en) * 2022-04-24 2022-05-31 江苏益捷思信息科技有限公司 SIM card information security protection method and system
CN114567881B (en) * 2022-04-24 2022-07-19 江苏益捷思信息科技有限公司 SIM card information security protection method and system

Similar Documents

Publication Publication Date Title
CN103856472B (en) A kind of method and device of Account Logon
WO2017197974A1 (en) Biometric characteristic-based security authentication method, device and electronic equipment
CN107800725A (en) A kind of digital certificate remote online managing device and method
CN107113315A (en) Identity authentication method, terminal and server
CN106161032B (en) A kind of identity authentication method and device
CN109150535A (en) A kind of identity identifying method, equipment, computer readable storage medium and device
JP2018532301A (en) User authentication method and apparatus
CN107026874A (en) One kind instruction signature and verification method and system
CN106850201A (en) Intelligent terminal multiple-factor authentication method, intelligent terminal, certificate server and system
CN105164689A (en) User authentication
CN107222373A (en) Control method, system, terminal, FIDO servers and the safety means of smart home
CN106850680A (en) A kind of intelligent identity identification method and device for Transit Equipment
CN107426160A (en) Control method, system, terminal, FIDO servers and the safety means of smart home
CN107517217A (en) A kind of multiple-factor wireless key fill system based on fingerprint recognition
CN106304052A (en) A kind of method of secure communication, device, terminal and client identification module card
CN105991654A (en) Authorization authentication method, device and system
CN207939549U (en) A kind of digital certificate remote online managing device
CN110278084B (en) eID establishing method, related device and system
CN103401686B (en) A kind of user's OTP WEB Authentication System and application process thereof
CN107070918B (en) A kind of network application login method and system
CN108667801A (en) A kind of Internet of Things access identity safety certifying method and system
CN107911211A (en) Quick Response Code Verification System based on quantum communication network
CN108400989B (en) Security authentication equipment, method and system for shared resource identity authentication
CN104579639B (en) The realization of multi-party collaborative authorization secret key and move the system of controlled in wireless with it
CN107786978B (en) NFC authentication system based on quantum encryption

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170104

RJ01 Rejection of invention patent application after publication