CN106888448A - Using method for down loading, safety element and terminal - Google Patents
Using method for down loading, safety element and terminal Download PDFInfo
- Publication number
- CN106888448A CN106888448A CN201510937381.0A CN201510937381A CN106888448A CN 106888448 A CN106888448 A CN 106888448A CN 201510937381 A CN201510937381 A CN 201510937381A CN 106888448 A CN106888448 A CN 106888448A
- Authority
- CN
- China
- Prior art keywords
- information
- application
- verified
- security domain
- domain key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/20—Transfer of user or subscriber data
- H04W8/205—Transfer to or from user equipment or user record carrier
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Abstract
The invention discloses one kind application method for down loading, including:Safety element (SE) receives the application download instruction from SP TSM;The application download instruction is verified using the first security domain key;First security domain key is the main security domain key of the SE itself generations;After being verified, the application download instruction is performed, carry out the download of correspondence application.The present invention also discloses a kind of SE and terminal.
Description
Technical field
The present invention relates to the safe practice of the communications field, more particularly to a kind of application method for down loading, safety element
(SE, Secure Element) and terminal.
Background technology
With continuing to develop for mobile Internet business and payment technology, the various intelligence with SE functions are eventually
End continues to bring out, such as near-field communication (NFC, Near Field Communication) full terminal, insertion
Formula SE (eSE, embedded SE) mobile phone (with Apple mobile phones as representative), NFC single-wire-protocols
(NFC-SWP, NFC-Single Wire Protocol) mobile phone, Google Intrusion Detection based on host snap gauge intend (HCE,
Host-based Card Emulation) equipment, NFC- safe digital cards (NFC-SD, NFC-Secure
Digital) the full card apparatus of equipment, NFC, secure operating environment (TEE, Trust Execute Environment)
Terminal, flat board (Pad), Intelligent bracelet, other various wearable devices with SE etc..Business is carried
Supplier (SP) such as bank, public transport company etc. can be by the credible of SE publisher (SEI, SE Issue)
Service Management (TSM, Trust Service Manager) (SEI TSM) dynamic download bank card, mass transit card
Deng application.
Because different SE have different publishers, for example for, Apple Pay by Apple Inc. issue,
The SE of the full terminal of honor is issued by Huawei, and, by each operators issue, NFC-SD is by Unionpay, drawing card for SIM
Numerous manufacturers' issues such as drawing.SE publisher's preset main security domain in SE, and control main security domain on SE
Key, business provider need access publisher TSM, under the control of main security domain, aided in
The management operations such as security domain is created and application is downloaded, deletion.
Application issuance includes two flows, and one is that the application of business provider is reached the standard grade flow, and one is that user should
With discovery and download flow.
However, in above-mentioned flow, because SE is controlled by SE publisher, and SE publisher number
Amount is numerous, therefore, easily cause user and business provider and produce isolation, so as to cause user's fragmentation and
The repeated work of business provider's Application issuance, reduces treatment effeciency.
The content of the invention
Be to solve existing technical problem, the embodiment of the present invention provide a kind of application method for down loading, SE and
Terminal.
To reach above-mentioned purpose, what the technical scheme of the embodiment of the present invention was realized in:
One kind application method for down loading is the embodiment of the invention provides, SE is applied to, methods described includes:
Receive the application download instruction from service provider (SP, Service Provider) TSM;
The application download instruction is verified using the first security domain key;First security domain key
It is the main security domain key of the SE itself generations;
After being verified, the application download instruction is performed, carry out the download of correspondence application.
In such scheme, during the application download instruction of the reception SP TSM, methods described also includes:
The download request that receiving terminal sends;
The download request is parsed, the first information is obtained;The first information includes the second information and the 3rd letter
Breath;Application download instruction of second information representation from the SP TSM;3rd information representation
Corresponding token (TOKEN) signed data of second information;
Correspondingly, before the first security domain key of the use is verified to the application download instruction, institute
Stating method also includes:
The 3rd information is verified, using the first security domain key to the application download instruction after being verified
Verified.
In such scheme, before the download request that the receiving terminal sends, methods described also includes:
Receive the signature request that the terminal sends;
The signature request is parsed, the 4th information is obtained;4th packet is containing the second information and the 5th letter
Breath;The PIN code of the 5th information representation user input;
5th information is verified, it is corresponding for second information generation after being verified
TOKEN signed datas, and return to response to the terminal;The TOKEN signed datas are response data.
In such scheme, methods described also includes:
When being initialized, itself generation first security domain key.
In such scheme, before generation first security domain key, methods described also includes:
The initialization requests that receiving terminal sends;
The initialization requests are parsed, the 5th information is obtained;The 5th information representation user input
PIN code;
The PIN code is verified, after being verified, itself generation first security domain key;
Initialization response is returned to the terminal.
The embodiment of the present invention additionally provides one kind application method for down loading, is applied to terminal, and methods described includes:
First is received to operate;Described first operates for triggering application download;
According to the described first operation, obtained to SP TSM and apply download instruction accordingly;
Download request is sent to SE;The download request carries the first information;The first information is included
Second information and the 3rd information;Application download instruction of second information representation from the SP TSM;
Second information is downloaded for indicating the SE to carry out correspondence application;Described in 3rd information representation
The corresponding TOKEN signed datas of two information;3rd information is entered for the SE to second information
Row checking.
In such scheme, after obtaining corresponding application download instruction, and it is described to SE send download request it
Before, methods described also includes:
According to the application download instruction, prompt message is sent, the prompt message is used to point out user input
PIN code;
Second is received to operate;Second operation is the response operation to the prompt message;
Operated according to second, signature request is sent to the SE;The signature request carries the 4th information;
4th packet contains the second information and the 5th information;The PIN code of the 5th information representation user input;
Receive the response that the SE is returned;The TOKEN signed datas are response data.
In such scheme, methods described also includes:
Receive the 3rd operation;Described 3rd operates and the SE is initialized for triggering;
According to the described 3rd operation, prompt message is sent, the prompt message is used to point out user input PIN
Code;
Receive the 4th operation;4th operation is the response operation to the prompt message;
Operated according to the 4th, generation initialization requests are sent to the SE;The initialization requests are used to refer to
Show that the SE generates the first security domain key;The initialization requests carry the 5th information;Described 5th
The PIN code of information representation user input;First security domain key is used to answer carrying out readme SP TSM
Verified with download instruction;
Receive the initialization response that the SE is returned.
The embodiment of the present invention provides a kind of SE again, including:First receiving unit, the first authentication unit and
Download unit;Wherein,
First receiving unit, for receiving the application download instruction from SP TSM;
First authentication unit, for being tested the application download instruction using the first security domain key
Card;First security domain key is the main security domain key of the SE itself generations;
The download unit, after being verified, performs the application download instruction, carries out correspondence application
Download.
In such scheme, the SE also includes:Resolution unit and the second authentication unit;Wherein,
First receiving unit, for the download request that receiving terminal sends;
The resolution unit, for parsing the download request, obtains the first information;The first information bag
Containing the second information and the 3rd information;Application download instruction of second information representation from the SP TSM;
The corresponding TOKEN signed datas of second information described in 3rd information representation;
Second authentication unit, for verifying the 3rd information, triggers described first and tests after being verified
Card unit;
First authentication unit, for after the triggering for receiving second authentication unit, using the first safety
Domain key is verified to the application download instruction.
In such scheme, the SE also includes signature unit;Wherein,
First receiving unit, is additionally operable to receive the signature request that the terminal sends;
The resolution unit, is additionally operable to parse the signature request, obtains the 4th information;4th information
Comprising the second information and the 5th information;The PIN code of the 5th information representation user input;
The signature unit, for being verified to the 5th information, is directed to described second after being verified
Information generates corresponding TOKEN signed datas, and returns to response to the terminal;The TOKEN is signed
Name data are response data.
In such scheme, the SE also includes:Generation unit, during for being initialized, itself generation
First security domain key.
In such scheme, first receiving unit is additionally operable to the initialization requests of receiving terminal transmission;
The generation unit, for being parsed to the initialization requests, obtains the 5th information;Described
The PIN code of five information representation user inputs;The PIN code is verified, after being verified, itself life
Into first security domain key;And return to initialization response to the terminal.
The embodiment of the present invention additionally provides a kind of terminal, including:Second receiving unit, acquiring unit and hair
Send unit;Wherein,
Second receiving unit, operates for receiving first;Described first operates for triggering application download;
The acquiring unit, for according to the described first operation, obtaining corresponding application to SP TSM and downloading
Instruction;
The transmitting element, for sending download request to SE;The download request carries the first information;
The first information includes the second information and the 3rd information;Second information representation comes from the SP TSM
Application download instruction;Second information is downloaded for indicating the SE to carry out correspondence application;Described
The corresponding TOKEN signed datas of second information described in three information representations;3rd information is used for the SE
Second information is verified.
In such scheme, the terminal also includes:Tip element and the 3rd receiving unit;Wherein,
The Tip element, for according to the application download instruction, sending prompt message, the prompting letter
Cease for pointing out user input PIN code;
Second receiving unit, is additionally operable to receive the second operation;Second operation is to the prompting letter
The response operation of breath;
The transmitting element, is additionally operable to be operated according to second, and signature request is sent to the SE;The label
Name request carries the 4th information;4th packet contains the second information and the 5th information;5th information
Characterize the PIN code of user input;
3rd receiving unit, for receiving the response that the SE is returned;The TOKEN signed datas
It is response data.
In such scheme, second receiving unit is operated for receiving the 3rd;Described 3rd operates and is used for
Triggering is initialized to the SE;And receive the 4th operation;4th operation is to the prompting letter
The response operation of breath;
The Tip element, is additionally operable to, according to the 3rd operation, send prompt message, the prompt message
For pointing out user input PIN code;
The transmitting element, is additionally operable to according to the 4th operation, and generation initialization requests are sent to the SE;
The initialization requests are used to indicate the SE to generate the first security domain key;The initialization requests are carried
There is the 5th information;The PIN code of the 5th information representation user input;First security domain key is used for
Application download instruction to carrying out readme SP TSM is verified;
3rd receiving unit, is additionally operable to receive the initialization response that the SE is returned.
Application method for down loading provided in an embodiment of the present invention, SE and terminal, SE are received from SP TSM's
Using download instruction;The application download instruction is verified using the first security domain key;Described first
Security domain key is the main security domain key of the SE itself generations;After being verified, the application is performed
Download instruction, carries out the download of correspondence application, the peace of itself generation during the main safe key used due to SE
Full key, does not rely on the control of publisher, thus download using when avoid the need for by the participation of SEI TSM,
The link of SEI TSM is reduced, applying for business provider would not be occurred and be repeated to reach the standard grade in each SEI TSM
Problem, in this way, substantially increase operating efficiency, while, moreover it is possible to business provider is effectively managed respectively
User.
Brief description of the drawings
In accompanying drawing (it is not necessarily drawn to scale), similar reference can be in different views
Described in similar part.Similar reference numerals with different letter suffix can represent the difference of similar component
Example.Accompanying drawing generally shows each embodiment discussed herein by way of example and not limitation.
Fig. 1 a are Application issuance system architecture schematic diagram in correlation technique;
Fig. 1 b are the corresponding Application issuance schematic flow sheet of Fig. 1 a systems;
Fig. 2 downloads schematic flow sheet to be applied in correlation technique;
Fig. 3 is that the embodiment of the present invention one applies method for down loading schematic flow sheet;
Fig. 4 is that the embodiment of the present invention two applies method for down loading schematic flow sheet;
Fig. 5 is the SE structural representations of the embodiment of the present invention three;
Fig. 6 is the terminal structure schematic diagram of the embodiment of the present invention four;
Fig. 7 is that the embodiment of the present invention five initializes schematic flow sheet;
Fig. 8 is that schematic flow sheet is downloaded in the application of the embodiment of the present invention five;
Fig. 9 is the service system structure schematic diagram of the embodiment of the present invention five.
Specific embodiment
Below in conjunction with the accompanying drawings and embodiment to the present invention be described in further detail again.
Before the embodiment of the present invention is described, correlation technique is first learnt about.
Application issuance mainly includes two flows, is respectively that the application of business provider is reached the standard grade flow, and one is
User's application finds and downloads flow.
Fig. 1 a are Application issuance system architecture schematic diagram;Fig. 1 b are the corresponding Application issuance flow of Fig. 1 a systems
Schematic diagram.As shown in Figure 1 b, Application issuance flow is mainly included the following steps that:
Step 101:Service provider and SE publisher's signature cooperation agreement, application SE spaces, with after an action of the bowels
Continued access enters SEI TSM;
Step 102:Service provider's platform accesses SEI TSM and carries out test of reaching the standard grade;
Step 103:Business provider uploads application to SEI TSM;
Here, step 101~103 are using flow of reaching the standard grade.
Step 104:User sends out the channels such as business hall and finds application by cell-phone customer terminal, business;
Step 105:User is actively initiated using download request by cell-phone customer terminal and completes to download, or logical
Crossing business provider platform request SEI TSM pushed using backstage, completes application and downloads.
Here, step 104~105 are that user's application finds and download flow.
Wherein, main security domain key is controlled by SE publisher, and SEI TSM and SE share main security domain
Key, SEI TSM carry out MAC calculating and encryption, SE using security domain key in application downloading process
MAC verifications and decryption are carried out using security domain key.
Below so that user initiates application download request by client as an example, describe application in detail and download flow.
As shown in Fig. 2 being mainly included the following steps that using flow is downloaded:
Step 105a:User is downloaded using client request application;
Step 105b:Client forwards the request to SEI TSM;
Step 105c:After SEI TSM receive request, generation application download instruction simultaneously uses main security domain key
MAC calculating and encryption are carried out, and these information are sent to client;
Step 105d:Client is received using after download instruction, writes SE;
Step 105e:SE receives to apply download instruction, and using main security domain key carry out MAC verifications and
After decryption, and verification and successful decryption, perform response and return to client;
Step 105f:The execution response of application download instruction is returned to SEI TSM by client;
Here, during practical application, step 105c~105f can be repeated several times as needed.
Step 105g:After completing to download, SEI TSM notify that client downloads are completed;
Step 105h:Client-Prompt user application is downloaded and completed.
From the above description, it will be seen that in the distribution process of application, main security domain key is sent out by SE
Row side is controlled, and in other words, SE is controlled by SE publisher, and SE publisher's is large number of,
So easily cause user and business provider isolation.For business provider, it is easy for causing user
Fragmentation (not allowing manageability user) and business provider reach the standard grade using repetition.For example for, use
Family uses the full terminals of NFC of cell phone manufacturer A and the bank card of bank B, but due to the SEI of cell phone manufacturer A
TSM does not access the application of bank B, so now user cannot be entirely whole by the NFC of cell phone manufacturer A
End is serviced using the NFC that the application of bank B is provided.If user still wants to the NFC by cell phone manufacturer A
Full terminal is serviced using the NFC that the application of bank B is provided, and according to the scheme of prior art, bank B is needed
The SEI TSM of cell phone manufacturer A are first accessed, and application is uploaded to the SEI TSM of cell phone manufacturer A, i.e.,
The application of the business of carrying out provider is reached the standard grade flow, and so, user could be complete by the NFC of cell phone manufacturer A
Terminal is serviced using the NFC that the application of bank B is provided, in this way, the application of bank B may be occurred
In the situation that each SEI TSM repeat to reach the standard grade, so as to reduce operating efficiency.
Based on this, in various embodiments of the present invention:SE receives the application download instruction from SP TSM;
The application download instruction is verified using the first security domain key;First security domain key
It is the main security domain key of the SE itself generations;After being verified, the application download instruction is performed,
Carry out the download of correspondence application.
Embodiment one
The embodiment of the present invention provides one kind application method for down loading, and the method is applied in SE.
Fig. 3 realizes schematic flow sheet for the embodiment of the present invention one using method for down loading.As shown in figure 3, should
Method is comprised the following steps:
Step 301:Receive the application download instruction from SP TSM;
Here, in one embodiment, during the application download instruction of the reception SP TSM, the method may be used also
To include:
The download request that the SE receiving terminals send;
The download request is parsed, the first information is obtained;The first information includes the second information and the 3rd letter
Breath;Application download instruction of second information representation from the SP TSM;3rd information representation
The corresponding TOKEN signed datas of second information.
Wherein, before the download request that the receiving terminal sends, the method can also include:
Receive the signature request that the terminal sends;
The signature request is parsed, the 4th information is obtained;4th packet is containing the second information and the 5th letter
Breath;The PIN code of the 5th information representation user input;
5th information is verified, it is corresponding for second information generation after being verified
TOKEN signed datas, and return to response to the terminal;The TOKEN signed datas are response data.
Here, when (authentication failed) is not passed through to the 5th Information Authentication, subsequent operation will not be carried out, i.e.,
Corresponding TOKEN signed datas are not generated for second information, and response is returned to the terminal;
Response now should characterize authentication failed.
In one embodiment, the method can also include:
When being initialized, itself the first security domain key of generation.
Wherein, first security domain key is the main security domain key of the SE itself generations.
The main security domain key refers to:The key of the application download instruction of any encryption can be decrypted.
Before generation first security domain key, the method can also include:
The initialization requests that the SE receiving terminals send;
The initialization requests are parsed, the 5th information is obtained;The 5th information representation user input
PIN code;
The PIN code is verified, after being verified, itself generation first security domain key;
Initialization response is returned to the terminal, to illustrate to initialize successfully.
Here, when (authentication failed) is not passed through to PIN code checking, subsequent operation is not carried out,
First security domain key itself is generated, and initialization response is returned to the terminal;Response now
Should characterize initialization failure.
During practical application, the first security domain key of generation both can be symmetric key, or asymmetric
Key.The embodiment of the present invention is not construed as limiting to the form of the first security domain key, as long as the first safety of generation
Domain key can download instruction and be verified to the application from the SP TSM.
Step 302:The application download instruction is verified using the first security domain key;
Here, the application download instruction from SP TSM is the use of auxiliary security domain key carries out MAC
Instruction after calculating and encryption, so needing using the first security domain key to the application download instruction
Verified.
Specifically, downloading instruction to the application from SP TSM using first security domain key is carried out
MAC is verified and decryption processing, so as to obtain the application download instruction of plaintext.
It is described to use the first security domain key to institute when the application download instruction is carried in download request
State before being verified using download instruction, the method can also include:
The 3rd information is verified, using the first security domain key to the application download instruction after being verified
Verified.
Here, during practical application, subsequent operation will not be then carried out when checking does not pass through (authentication failed),
The first security domain key is not used to verify the application download instruction.
Step 303:After being verified, the application download instruction is performed, carry out the download of correspondence application.
Here, subsequent operation will not be then carried out when checking does not pass through (authentication failed), i.e., is not performed described
Using download instruction, the download of correspondence application is carried out.
Application method for down loading provided in an embodiment of the present invention, SE receives the application download instruction from SP TSM;
The application download instruction is verified using the first security domain key;First security domain key is institute
State the main security domain key of SE itself generations;After being verified, the application download instruction is performed, carried out
The download of correspondence application, the safe key of itself generation, is independent of during the main safe key used due to SE
In the control of publisher, thus download using when avoid the need for, by the participation of SEI TSM, reducing SEI TSM
Link, applying for business provider would not occur and repeat the problem reached the standard grade in each SEI TSM, in this way,
Operating efficiency is substantially increased, while, moreover it is possible to business provider is effectively managed each user.
In addition, the download request that SE receiving terminals send;The download request is parsed, the first information is obtained;
The first information includes the second information and the 3rd information;Second information representation comes from the SP TSM
Application download instruction;The corresponding TOKEN signed datas of second information described in 3rd information representation;
SE verifies the 3rd information, and the application download instruction is entered using the first security domain key after being verified
Row checking, during being downloaded, is participated in using download flow by user by terminal, in this way,
Can effectively prevent service publishing from the unwanted application of user is pushed into the SE, improve user's body
Test.
Embodiment two
The embodiment of the present invention provides one kind application method for down loading, and the method is applied in terminal.
Fig. 4 realizes schematic flow sheet for the embodiment of the present invention two using method for down loading.As shown in figure 4, should
Method is comprised the following steps:
Step 401:First is received to operate;Described first operates for triggering application download;
Here, first operation is the operation of user, and request is carried out using download.
Step 402:According to the described first operation, obtained to SP TSM and apply download instruction accordingly;
Specifically, sent to SP TSM and apply download request;
After SP TSM receive request, download instruction is applied in generation, and is issued to terminal.
Wherein, the application download instruction of SP TSM generations is the use of auxiliary security domain key carries out MAC meters
Instruction after calculation and encryption.
Step 403:Download request is sent to SE.
Here, the download request carries the first information.
Wherein, the first information includes the second information and the 3rd information;
Application download instruction of second information representation from the SP TSM;Second information is used for
Indicate the SE to carry out correspondence application to download;
The corresponding TOKEN signed datas of second information described in 3rd information representation;3rd information
Second information is verified for the SE.
In one embodiment, it is after obtaining corresponding application download instruction and described to SE transmission download requests
Before, the method can also include:
According to the application download instruction, prompt message is sent, the prompt message is used to point out user input
PIN code;
Second is received to operate;Second operation is the response operation to the prompt message;
Operated according to second, signature request is sent to the SE;The signature request carries the 4th information;
4th packet contains the second information and the 5th information;The PIN code of the 5th information representation user input;
Receive the response that the SE is returned;The TOKEN signed datas are response data.
In one embodiment, the method can also include:
The terminal receives the 3rd and operates;Described 3rd operates and the SE is initialized for triggering;
According to the described 3rd operation, prompt message is sent, the prompt message is used to point out user input PIN
Code;
Receive the 4th operation;4th operation is the response operation to the prompt message;
Operated according to the 4th, generation initialization requests are sent to the SE;
Receive the initialization response that the SE is returned.
Wherein, the initialization requests are used to indicate the SE to generate the first security domain key;
The initialization requests carry the 5th information;
The PIN code of the 5th information representation user input;
First security domain key is used to verify the application download instruction for carrying out readme SP TSM.
During practical application, the SE using preceding, it is necessary to the initialization of SE is carried out by terminal by user, with
Generate the first security domain key.
Application method for down loading provided in an embodiment of the present invention, terminal receives first and operates;First operation is used
Downloaded in triggering application;According to the described first operation, obtained to SP TSM and apply download instruction accordingly;
Download request is sent to SE;Download request carries the first information;The first information includes the second information
And the 3rd information;Application download instruction of second information representation from the SP TSM;Described second
Information is downloaded for indicating the SE to carry out correspondence application;Second information pair described in 3rd information representation
The TOKEN signed datas answered;3rd information verifies for the SE to second information,
During being downloaded, participated in by terminal using flow is downloaded, in this way, can be effectively by user
Prevent service publishing from the unwanted application of user is pushed into the SE, improve Consumer's Experience.
Embodiment three
Method to realize the embodiment of the present invention one, the present embodiment provides a kind of SE, as shown in figure 5, should
SE includes:First receiving unit 51, the first authentication unit 52 and download unit 53;Wherein,
First receiving unit 51, for receiving the application download instruction from SP TSM;
First authentication unit 52, for being carried out to the application download instruction using the first security domain key
Checking;First security domain key is the main security domain key of the SE itself generations;
The download unit 53, after being verified, performs the application download instruction, and carrying out correspondence should
Download.
Wherein, in one embodiment, the SE can also include:Resolution unit and the second authentication unit;Its
In,
First receiving unit 51, for the download request that receiving terminal sends;
The resolution unit, for parsing the download request, obtains the first information;The first information bag
Containing the second information and the 3rd information;Application download instruction of second information representation from the SP TSM;
The corresponding TOKEN signed datas of second information described in 3rd information representation;
Second authentication unit, for verifying the 3rd information, triggers described first and tests after being verified
Card unit 52;
First authentication unit 52, for after the triggering for receiving second authentication unit, using the first peace
Universe key is verified to the application download instruction.
Here, during practical application, subsequent operation will not be then carried out when checking does not pass through (authentication failed),
I.e. described second authentication unit will not trigger first authentication unit 52 using the first security domain key to institute
State and verified using download instruction.
Wherein, the SE can also include signature unit;Wherein,
First receiving unit 51, is additionally operable to receive the signature request that the terminal sends;
The resolution unit, is additionally operable to parse the signature request, obtains the 4th information;4th information
Comprising the second information and the 5th information;The PIN code of the 5th information representation user input;
The signature unit, for being verified to the 5th information, is directed to described second after being verified
Information generates corresponding TO KEN signed datas, and returns to response to the terminal;The TOKEN signatures
Data are response data.
Here, when (authentication failed) is not passed through to the 5th Information Authentication, subsequent operation will not be carried out, i.e.,
The signature unit does not generate corresponding TOKEN signed datas for second information, and to the end
End returns to response;Response now should characterize authentication failed.
In one embodiment, the SE can also include:Generation unit, during for being initialized, itself
Generate first security domain key.
Here, first security domain key is the main security domain key of the SE itself generations.
The main security domain key refers to:The key of the application download instruction of any encryption can be decrypted.
Wherein, first receiving unit 51, is additionally operable to the initialization requests of receiving terminal transmission;
The generation unit, for being parsed to the initialization requests, obtains the 5th information;Described
The PIN code of five information representation user inputs;The PIN code is verified, after being verified, itself life
Into first security domain key;And return to initialization response to the terminal.
Here, when (authentication failed) is not passed through to PIN code checking, the generation unit will not be held
Row subsequent operation, i.e. itself generation first security domain key, and return to initialization response to the terminal;
Response now should characterize initialization failure.
During practical application, the first security domain key of generation both can be symmetric key, or asymmetric
Key.The embodiment of the present invention is not construed as limiting to the form of the first security domain key, as long as the first safety of generation
Domain key can download instruction and be verified to the application from the SP TSM.
From SP TSM application download instruction be the use of auxiliary security domain key carry out MAC calculating and
Instruction after encryption, so needing to test the application download instruction using the first security domain key
Card.
Specifically, first authentication unit 52 uses first security domain key to from SP TSM's
MAC verifications and decryption processing are carried out using instruction is downloaded, so as to obtain the application download instruction of plaintext.
Subsequent operation will not be then carried out when first authentication unit 52 is verified does not pass through (authentication failed),
Do not perform the application download instruction, carry out the download of correspondence application.
During practical application, first receiving unit 51 can be realized by the communication chip in SE;Described first
Authentication unit 52, resolution unit, the second authentication unit, signature unit and generation unit can be by SE
Reason device is realized;The download unit 53 can be realized by the processor combination communication chip in SE.
SE provided in an embodiment of the present invention, first receiving unit 51 receives the application from SP TSM
Download instruction;First authentication unit 52 is carried out using the first security domain key to the application download instruction
Checking;First security domain key is the main security domain key of the SE itself generations;After being verified,
The download unit 53 performs the application download instruction, the download of correspondence application is carried out, because SE is used
Main safe key when itself generation safe key, do not rely on the control of publisher, therefore download application
When avoid the need for being reduced by the participation of SEI TSM the link of SEI TSM, business offer would not be provided
Side applies the problem reached the standard grade in each SEI TSM repetitions, in this way, operating efficiency is substantially increased, meanwhile,
Business provider can also be made effectively to manage each user.
In addition, the download request that the receiving terminal of the first receiving unit 51 sends;The resolution unit parsing
The download request, obtains the first information;The first information includes the second information and the 3rd information;It is described
Application download instruction of second information representation from the SP TSM;Second described in 3rd information representation
The corresponding TOKEN signed datas of information;Second authentication unit verifies the 3rd information, and checking is logical
Later first authentication unit 52 verified using the first security domain key to the application download instruction,
During being downloaded, participated in by terminal using flow is downloaded, in this way, can be effectively by user
Prevent service publishing from the unwanted application of user is pushed into the SE, improve Consumer's Experience.
Example IV
Method to realize the embodiment of the present invention two, the present embodiment provides a kind of terminal, as shown in fig. 6, should
Terminal includes:Second receiving unit 61, acquiring unit 62 and transmitting element 63;Wherein,
Second receiving unit 61, operates for receiving first;Described first operates for triggering under application
Carry;
The acquiring unit 62, for according to the described first operation, being obtained under corresponding application to SP TSM
Carry instruction;
The transmitting element 63, for sending download request to SE;The download request carries the first letter
Breath;The first information includes the second information and the 3rd information;Second information representation comes from the SP
The application download instruction of TSM;Second information is downloaded for indicating the SE to carry out correspondence application;Institute
State the corresponding TOKEN signed datas of the second information described in the 3rd information representation;3rd information is used for institute
SE is stated to verify second information.
Here, first operation is the operation of user, and request is carried out using download.
Described acquisition to SP TSM applies download instruction accordingly, specifically includes:
The acquiring unit 62 sends to SP TSM and applies download request;
After SP TSM receive request, download instruction is applied in generation, and is issued to the acquiring unit 62.
Wherein, the application download instruction of SP TSM generations is the use of auxiliary security domain key carries out MAC meters
Instruction after calculation and encryption.
In one embodiment, the terminal also includes:Tip element and the 3rd receiving unit;Wherein,
The Tip element, for according to the application download instruction, sending prompt message, the prompting letter
Cease for pointing out user input PIN code;
Second receiving unit, is additionally operable to receive the second operation;Second operation is to the prompting letter
The response operation of breath;
The transmitting element 63, is additionally operable to be operated according to second, and signature request is sent to the SE;It is described
Signature request carries the 4th information;4th packet contains the second information and the 5th information;5th letter
Breath characterizes the PIN code of user input;
3rd receiving unit, for receiving the response that the SE is returned;The TOKEN signed datas
It is response data.
In one embodiment, second receiving unit, operates for receiving the 3rd;3rd operation is used
The SE is initialized in triggering;And receive the 4th operation;4th operation is to the prompting
The response operation of information;
The Tip element, is additionally operable to, according to the 3rd operation, send prompt message, the prompt message
For pointing out user input PIN code;
The transmitting element, is additionally operable to according to the 4th operation, and generation initialization requests are sent to the SE;
The initialization requests are used to indicate the SE to generate the first security domain key;The initialization requests are carried
There is the 5th information;The PIN code of the 5th information representation user input;First security domain key is used for
Application download instruction to carrying out readme SP TSM is verified;
3rd receiving unit, is additionally operable to receive the initialization response that the SE is returned.
During practical application, the SE using preceding, it is necessary to the initialization of SE is carried out by terminal by user, with
Generate the first security domain key.
During practical application, second receiving unit 61, Tip element, can be by the central processing unit in terminal
(CPU, Central Processing Unit), microprocessor (MCU, Micro Control Unit), numeral
Signal processor (DSP, Digital Signal Processor) or programmable logic array (FPGA, Field
- Programmable Gate Array) realize;The acquiring unit 62, transmitting element the 63, the 3rd are received
Unit can be realized by the communication chip in terminal.
Terminal provided in an embodiment of the present invention, second receiving unit 61 receives first and operates;Described first
Operate and downloaded for triggering application;The acquiring unit 62 is obtained according to the described first operation to SP TSM
Apply download instruction accordingly;The transmitting element 63 sends download request to SE;Download request is carried
The first information;The first information includes the second information and the 3rd information;Second information representation comes from institute
State the application download instruction of SP TSM;Second information is downloaded for indicating the SE to carry out correspondence application;
The corresponding TOKEN signed datas of second information described in 3rd information representation;3rd information is used for
The SE is verified to second information, during being downloaded, by user by terminal come
Participate in application and download flow, in this way, can effectively prevent service publishing from pushing the unwanted application of user
To the SE, Consumer's Experience is improved.
Embodiment five
The embodiment of the present invention provides one kind application method for down loading.
It should be noted that:The present embodiment is on the basis of embodiment one, two, three, four, to retouch in detail
Flow is downloaded in the application for stating terminal participation.In whole flow process, initialization flow and lower current-carrying can be divided into
Journey.
Wherein, Fig. 7 realizes schematic flow sheet for the initialization of the embodiment of the present invention five.As shown in fig. 7, should
Method is comprised the following steps:
Step 701:User initializes SE to terminal request;
Step 702:After terminal receives request, user input PIN code is pointed out;
Step 703:After receiving prompting, user input PIN code;
Step 704:After terminal receives the PIN code of user input, request initialization SE;
Here, the PIN code of user input is carried in request.
The request initialization SE, it is, request SE generates the first security domain key.
Step 705:After SE receives request, analysis request obtains PIN code, and verify PIN code;
Step 706:PIN code is verified, and SE internally generates the first security domain key;
In other words, SE itself generates the first security domain key.
Here, first security domain key is the main security domain key of the SE itself generations.
The main security domain key refers to:The key of the application download instruction of any encryption can be decrypted.
During practical application, the embodiment of the present invention does not limit the implementation process that SE generates the first security domain key.
In addition, the first security domain key of generation both can be symmetric key, or asymmetric key.This hair
Bright embodiment is not construed as limiting to the form of the first security domain key, as long as the first security domain key of generation can be right
Application from the SP TSM is downloaded instruction and is verified.
And in the prior art, the first security domain key rule of SE is defined by SE publisher, and in SE
Generation phase carries out key dispersion generation and writes.
Step 707:SE returns to initialization response to terminal;
Step 708:After terminal receives initialization response, prompt the user with SE initialization and complete.
It should be noted that:During practical application, the operation of SE initialization only needs to perform once, completes initialization
Afterwards, the down operation that user can be applied.
Fig. 8 is that the embodiment of the present invention five realizes schematic flow sheet using what is downloaded.As shown in figure 8, the method
Comprise the following steps:
Step 801:User downloads to terminal request application;
Step 802:After terminal receives request, carried out using download to SP TSM requests;
Step 803:After SP TSM receive request, generation is using download instruction and is issued to terminal;
Here, the application download instruction of generation is the use of the second security domain key and carries out MAC calculating and add
Instruction after close treatment.Second security domain key refers to:Relative to the auxiliary security of main security domain key
Domain key.
Step 804:Terminal is received using after download instruction, asks user input PIN code;
Step 805:After receiving request, user input PIN code;
Step 806:After terminal receives the PIN code of user input, PIN code and application download instruction are submitted to
To SE, request is signed to application download instruction;
Step 807:After SE receives request, analysis request obtains PIN code and applies download instruction, and tests
Card PIN code;
Step 808:It is to generate TOKEN signed datas using download instruction after being verified;
Here, during practical application, TOKEN signed datas are dynamically generated.
Step 809:TOKEN signed datas are returned to terminal by SE as response data;
Step 810:After terminal receives data, TOKEN signed datas are attached to after applying download instruction,
To form complete application download instruction, and it is written in SE;
Step 811:SE receives the application download instruction comprising TOKEN signed datas, verifies TOKEN
Signed data;
812:After being verified, the application download instruction is verified using the first security domain key;Test
Card carries out the download of correspondence application by execution application download instruction;
Step 813:After completing application download, SE application is downloaded the response data for performing and is returned to terminal;
Step 814:After terminal receives response data, SP TSM will be returned to using response is downloaded;
Step 815:After SP TSM complete application download, notify that terminal applies are downloaded and terminate;
Step 816:After terminal is notified, points out user's application to download and complete.
Here, it is necessary to what is illustrated is:During practical application, the operation of above-mentioned terminal can be realized by a program;
At this point it is possible to the program is referred to as into SE control programs.
In order to realize the scheme of the embodiment of the present invention, it is necessary to make following change on the basis of existing SE:
(1) increase SE function of initializing module (generation unit in correspondence embodiment three), for by with
Family generates the first security domain key by SE control programs inside SE;
(2) increase TOKEN dynamic systematic functions module (signature unit in correspondence embodiment three), use
In under being protected in PIN code (i.e. in the presence of user), for and only called for SE control programs (outside);
(3) increase TOKEN authentication functions module (the second authentication unit in correspondence embodiment three), use
Verified by SE intrinsic calls during being downloaded in application.
Be can be seen that in from the description above:Using the scheme of the embodiment of the present invention, entirely using downloading process
In and do not need SEI TSM to participate in, so as to ultimately form it is as shown in Figure 9 with user (by terminal, than
Such as Wearable, NFC-eSE equipment, NFC-SWP equipment, NFC-SD equipment) centered on skill
Art and business structure.
Compared with the existing scheme downloaded by SEI TSM control applications, scheme provided in an embodiment of the present invention,
By change the main security domains of SE the right of attribution (in prior art, the ownership ownership of the main security domains of SE
In SE publisher) SEI TSM and it is not involved in whole downloading process, so as to reduce publisher's control ring
Section, business provider is region be directly facing by user, autonomous selection application, so as to simplify Application issuance on SE
Flow, and then reduce the complexity of system architecture.From for the angle of business provider, it is not necessary to will
Using SEI TSM are uploaded to, business threshold is reduced;Simultaneously, it is to avoid the fragmentation and application hair of user
Capable repeated work, improves operating efficiency.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or meter
Calculation machine program product.Therefore, the present invention can using hardware embodiment, software implementation or combine software and
The form of the embodiment of hardware aspect.And, the present invention can be used and wherein include calculating at one or more
Computer-usable storage medium (the including but not limited to magnetic disk storage and optical storage of machine usable program code
Device etc.) on implement computer program product form.
The present invention is with reference to method according to embodiments of the present invention, equipment (system) and computer program product
Flow chart and/or block diagram describe.It should be understood that flow chart and/or side can be realized by computer program instructions
The knot of flow in each flow and/or square frame and flow chart and/or block diagram and/or square frame in block diagram
Close.Can provide these computer program instructions to all-purpose computer, special-purpose computer, Embedded Processor or
The processor of other programmable data processing devices is producing a machine so that by computer or other can
The instruction of the computing device of programming data processing equipment is produced for realizing in one flow of flow chart or multiple
The device of the function of being specified in one square frame of flow and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in can guide computer or other programmable data processing devices
In the computer-readable memory for working in a specific way so that storage is in the computer-readable memory
Instruction is produced includes the manufacture of command device, and the command device is realized in one flow of flow chart or multiple streams
The function of being specified in one square frame of journey and/or block diagram or multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices, made
Obtain and series of operation steps is performed on computer or other programmable devices to produce computer implemented place
Reason, so as to the instruction performed on computer or other programmable devices is provided for realizing in flow chart one
The step of function of being specified in flow or multiple one square frame of flow and/or block diagram or multiple square frames.
The above, only presently preferred embodiments of the present invention is not intended to limit protection model of the invention
Enclose.
Claims (16)
1. one kind application method for down loading, it is characterised in that be applied to safety element SE, methods described includes:
Receive the application download instruction from service provider's trusted service management SP TSM;
The application download instruction is verified using the first security domain key;First security domain key
It is the main security domain key of the SE itself generations;
After being verified, the application download instruction is performed, carry out the download of correspondence application.
2. method according to claim 1, it is characterised in that under the application of the reception SP TSM
When carrying instruction, methods described also includes:
The download request that receiving terminal sends;
The download request is parsed, the first information is obtained;The first information includes the second information and the 3rd letter
Breath;Application download instruction of second information representation from the SP TSM;3rd information representation
The corresponding token TOKEN signed datas of second information;
Correspondingly, before the first security domain key of the use is verified to the application download instruction, institute
Stating method also includes:
The 3rd information is verified, using the first security domain key to the application download instruction after being verified
Verified.
3. method according to claim 2, it is characterised in that the download that the receiving terminal sends please
Before asking, methods described also includes:
Receive the signature request that the terminal sends;
The signature request is parsed, the 4th information is obtained;4th packet is containing the second information and the 5th letter
Breath;The PIN code of the 5th information representation user input;
5th information is verified, it is corresponding for second information generation after being verified
TOKEN signed datas, and return to response to the terminal;The TOKEN signed datas are response data.
4. the method according to any one of claims 1 to 3, it is characterised in that methods described also includes:
When being initialized, itself generation first security domain key.
5. method according to claim 4, it is characterised in that generation first security domain is close
Before key, methods described also includes:
The initialization requests that receiving terminal sends;
The initialization requests are parsed, the 5th information is obtained;The 5th information representation user input
PIN code;
The PIN code is verified, after being verified, itself generation first security domain key;
Initialization response is returned to the terminal.
6. one kind application method for down loading, it is characterised in that be applied to terminal, methods described includes:
First is received to operate;Described first operates for triggering application download;
According to the described first operation, obtained to SP TSM and apply download instruction accordingly;
Download request is sent to SE;The download request carries the first information;The first information is included
Second information and the 3rd information;Application download instruction of second information representation from the SP TSM;
Second information is downloaded for indicating the SE to carry out correspondence application;Described in 3rd information representation
The corresponding TOKEN signed datas of two information;3rd information is entered for the SE to second information
Row checking.
7. method according to claim 6, it is characterised in that after obtaining corresponding application download instruction,
And before the transmission download request to SE, methods described also includes:
According to the application download instruction, prompt message is sent, the prompt message is used to point out user input
PIN code;
Second is received to operate;Second operation is the response operation to the prompt message;
Operated according to second, signature request is sent to the SE;The signature request carries the 4th information;
4th packet contains the second information and the 5th information;The PIN code of the 5th information representation user input;
Receive the response that the SE is returned;The TOKEN signed datas are response data.
8. the method according to claim 6 or 7, it is characterised in that methods described also includes:
Receive the 3rd operation;Described 3rd operates and the SE is initialized for triggering;
According to the described 3rd operation, prompt message is sent, the prompt message is used to point out user input PIN
Code;
Receive the 4th operation;4th operation is the response operation to the prompt message;
Operated according to the 4th, generation initialization requests are sent to the SE;The initialization requests are used to refer to
Show that the SE generates the first security domain key;The initialization requests carry the 5th information;Described 5th
The PIN code of information representation user input;First security domain key is used to answer carrying out readme SP TSM
Verified with download instruction;
Receive the initialization response that the SE is returned.
9. a kind of SE, it is characterised in that the SE includes:First receiving unit, the first authentication unit with
And download unit;Wherein,
First receiving unit, for receiving the application download instruction from SP TSM;
First authentication unit, for being tested the application download instruction using the first security domain key
Card;First security domain key is the main security domain key of the SE itself generations;
The download unit, after being verified, performs the application download instruction, carries out correspondence application
Download.
10. SE according to claim 9, it is characterised in that the SE also includes:Resolution unit
And second authentication unit;Wherein,
First receiving unit, for the download request that receiving terminal sends;
The resolution unit, for parsing the download request, obtains the first information;The first information bag
Containing the second information and the 3rd information;Application download instruction of second information representation from the SP TSM;
The corresponding TOKEN signed datas of second information described in 3rd information representation;
Second authentication unit, for verifying the 3rd information, triggers described first and tests after being verified
Card unit;
First authentication unit, for after the triggering for receiving second authentication unit, using the first safety
Domain key is verified to the application download instruction.
11. SE according to claim 10, it is characterised in that the SE also includes signature unit;
Wherein,
First receiving unit, is additionally operable to receive the signature request that the terminal sends;
The resolution unit, is additionally operable to parse the signature request, obtains the 4th information;4th information
Comprising the second information and the 5th information;The PIN code of the 5th information representation user input;
The signature unit, for being verified to the 5th information, is directed to described second after being verified
Information generates corresponding TOKEN signed datas, and returns to response to the terminal;The TOKEN is signed
Name data are response data.
12. SE according to any one of claim 9 to 11, it is characterised in that the SE also includes:
Generation unit, during for being initialized, itself generation first security domain key.
13. SE according to claim 12, it is characterised in that
First receiving unit, is additionally operable to the initialization requests of receiving terminal transmission;
The generation unit, for being parsed to the initialization requests, obtains the 5th information;Described
The PIN code of five information representation user inputs;The PIN code is verified, after being verified, itself life
Into first security domain key;And return to initialization response to the terminal.
14. a kind of terminals, it is characterised in that the terminal includes:Second receiving unit, acquiring unit with
And transmitting element;Wherein,
Second receiving unit, operates for receiving first;Described first operates for triggering application download;
The acquiring unit, for according to the described first operation, obtaining corresponding application to SP TSM and downloading
Instruction;
The transmitting element, for sending download request to SE;The download request carries the first information;
The first information includes the second information and the 3rd information;Second information representation comes from the SP TSM
Application download instruction;Second information is downloaded for indicating the SE to carry out correspondence application;Described
The corresponding TOKEN signed datas of second information described in three information representations;3rd information is used for the SE
Second information is verified.
15. terminals according to claim 14, it is characterised in that the terminal also includes:Prompting is single
Unit and the 3rd receiving unit;Wherein,
The Tip element, for according to the application download instruction, sending prompt message, the prompting letter
Cease for pointing out user input PIN code;
Second receiving unit, is additionally operable to receive the second operation;Second operation is to the prompting letter
The response operation of breath;
The transmitting element, is additionally operable to be operated according to second, and signature request is sent to the SE;The label
Name request carries the 4th information;4th packet contains the second information and the 5th information;5th information
Characterize the PIN code of user input;
3rd receiving unit, for receiving the response that the SE is returned;The TOKEN signed datas
It is response data.
16. terminals according to claim 15, it is characterised in that
Second receiving unit, operates for receiving the 3rd;Described 3rd operates for triggering to the SE
Initialized;And receive the 4th operation;4th operation is the response operation to the prompt message;
The Tip element, is additionally operable to, according to the 3rd operation, send prompt message, the prompt message
For pointing out user input PIN code;
The transmitting element, is additionally operable to according to the 4th operation, and generation initialization requests are sent to the SE;
The initialization requests are used to indicate the SE to generate the first security domain key;The initialization requests are carried
There is the 5th information;The PIN code of the 5th information representation user input;First security domain key is used for
Application download instruction to carrying out readme SP TSM is verified;
3rd receiving unit, is additionally operable to receive the initialization response that the SE is returned.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510937381.0A CN106888448B (en) | 2015-12-15 | 2015-12-15 | Application downloading method, secure element and terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510937381.0A CN106888448B (en) | 2015-12-15 | 2015-12-15 | Application downloading method, secure element and terminal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106888448A true CN106888448A (en) | 2017-06-23 |
CN106888448B CN106888448B (en) | 2020-08-04 |
Family
ID=59175425
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510937381.0A Active CN106888448B (en) | 2015-12-15 | 2015-12-15 | Application downloading method, secure element and terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106888448B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109246170A (en) * | 2017-07-11 | 2019-01-18 | 北京握奇智能科技有限公司 | A kind of application security download system |
CN109302289A (en) * | 2017-07-24 | 2019-02-01 | 中国移动通信有限公司研究院 | A kind of SE space management and device |
CN111404706A (en) * | 2019-01-02 | 2020-07-10 | 中国移动通信有限公司研究院 | Application downloading method, secure element, client device and service management device |
CN114760276A (en) * | 2022-06-13 | 2022-07-15 | 深圳市汇顶科技股份有限公司 | Method and device for downloading data and secure element |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101820613A (en) * | 2009-02-27 | 2010-09-01 | 中兴通讯股份有限公司 | Application downloading system and method |
US20130159710A1 (en) * | 2011-12-20 | 2013-06-20 | Apple Inc. | System and method for key management for issuer security domain using global platform specifications |
CN103258266A (en) * | 2012-04-01 | 2013-08-21 | 深圳市家富通汇科技有限公司 | Device and method for settlement payment with mobile devices |
US20140047235A1 (en) * | 2012-08-13 | 2014-02-13 | Nxp B. V. | Local trusted service manager |
CN104395880A (en) * | 2013-01-25 | 2015-03-04 | Jvl风险投资有限责任公司 | Systems, methods, and computer program products for managing data re-installation |
-
2015
- 2015-12-15 CN CN201510937381.0A patent/CN106888448B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101820613A (en) * | 2009-02-27 | 2010-09-01 | 中兴通讯股份有限公司 | Application downloading system and method |
US20130159710A1 (en) * | 2011-12-20 | 2013-06-20 | Apple Inc. | System and method for key management for issuer security domain using global platform specifications |
CN103258266A (en) * | 2012-04-01 | 2013-08-21 | 深圳市家富通汇科技有限公司 | Device and method for settlement payment with mobile devices |
US20140047235A1 (en) * | 2012-08-13 | 2014-02-13 | Nxp B. V. | Local trusted service manager |
CN103593621A (en) * | 2012-08-13 | 2014-02-19 | Nxp股份有限公司 | Local trusted service manager |
CN104395880A (en) * | 2013-01-25 | 2015-03-04 | Jvl风险投资有限责任公司 | Systems, methods, and computer program products for managing data re-installation |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109246170A (en) * | 2017-07-11 | 2019-01-18 | 北京握奇智能科技有限公司 | A kind of application security download system |
CN109302289A (en) * | 2017-07-24 | 2019-02-01 | 中国移动通信有限公司研究院 | A kind of SE space management and device |
CN109302289B (en) * | 2017-07-24 | 2021-07-30 | 中国移动通信有限公司研究院 | SE space management method and device |
CN111404706A (en) * | 2019-01-02 | 2020-07-10 | 中国移动通信有限公司研究院 | Application downloading method, secure element, client device and service management device |
CN111404706B (en) * | 2019-01-02 | 2023-05-09 | 中国移动通信有限公司研究院 | Application downloading method, secure element, client device and service management device |
CN114760276A (en) * | 2022-06-13 | 2022-07-15 | 深圳市汇顶科技股份有限公司 | Method and device for downloading data and secure element |
WO2023240941A1 (en) * | 2022-06-13 | 2023-12-21 | 深圳市汇顶科技股份有限公司 | Method and apparatus for downloading data, and secure element |
Also Published As
Publication number | Publication date |
---|---|
CN106888448B (en) | 2020-08-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111143890B (en) | Calculation processing method, device, equipment and medium based on block chain | |
US9432087B2 (en) | Communication system and method for near field communication | |
CN108021805A (en) | Detect method, apparatus, equipment and the storage medium of Android application program running environment | |
KR102242848B1 (en) | Data transmission method for mobile near field payment and user equipment | |
CN106899552A (en) | Authentication method, certification terminal and system | |
CN110692073B (en) | Notification-based configuration of card accounts | |
CN108616360A (en) | User identity verification, register method and device | |
CN111199037B (en) | Login method, system and device | |
US20210058374A1 (en) | Headless browser system with virtual api | |
CN106792637B (en) | International mobile equipment identification number wiring method, device and mobile terminal | |
CN106888448A (en) | Using method for down loading, safety element and terminal | |
CN106817346A (en) | Data transmission method and device and electronic equipment | |
CN108305065B (en) | Data processing method, terminal equipment and data processing system | |
CN109034798A (en) | Electronic fare payment system, method, apparatus, equipment and medium based on micro services | |
CN112308236A (en) | Method, device, electronic equipment and storage medium for processing user request | |
CN111404695A (en) | Token request verification method and device | |
CN109714297A (en) | Safe verification method, system and user terminal and application platform | |
CN110519764A (en) | A kind of safe verification method of communication equipment, system, computer equipment and medium | |
CN111404706A (en) | Application downloading method, secure element, client device and service management device | |
CN104079527A (en) | Information processing method and electronic equipment | |
CN112291183B (en) | Account login method, system and related equipment | |
CN108449186A (en) | Safe verification method and device | |
CN105095694B (en) | The method and system of webpage calling plug-in unit | |
CN110719590A (en) | One-key login method, device, equipment and storage medium based on mobile phone number | |
CN103049693B (en) | Method, Apparatus and system that a kind of application program uses |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |