CN106888448A - Using method for down loading, safety element and terminal - Google Patents

Using method for down loading, safety element and terminal Download PDF

Info

Publication number
CN106888448A
CN106888448A CN201510937381.0A CN201510937381A CN106888448A CN 106888448 A CN106888448 A CN 106888448A CN 201510937381 A CN201510937381 A CN 201510937381A CN 106888448 A CN106888448 A CN 106888448A
Authority
CN
China
Prior art keywords
information
application
verified
security domain
domain key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510937381.0A
Other languages
Chinese (zh)
Other versions
CN106888448B (en
Inventor
陆鸣
王萍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201510937381.0A priority Critical patent/CN106888448B/en
Publication of CN106888448A publication Critical patent/CN106888448A/en
Application granted granted Critical
Publication of CN106888448B publication Critical patent/CN106888448B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Abstract

The invention discloses one kind application method for down loading, including:Safety element (SE) receives the application download instruction from SP TSM;The application download instruction is verified using the first security domain key;First security domain key is the main security domain key of the SE itself generations;After being verified, the application download instruction is performed, carry out the download of correspondence application.The present invention also discloses a kind of SE and terminal.

Description

Using method for down loading, safety element and terminal
Technical field
The present invention relates to the safe practice of the communications field, more particularly to a kind of application method for down loading, safety element (SE, Secure Element) and terminal.
Background technology
With continuing to develop for mobile Internet business and payment technology, the various intelligence with SE functions are eventually End continues to bring out, such as near-field communication (NFC, Near Field Communication) full terminal, insertion Formula SE (eSE, embedded SE) mobile phone (with Apple mobile phones as representative), NFC single-wire-protocols (NFC-SWP, NFC-Single Wire Protocol) mobile phone, Google Intrusion Detection based on host snap gauge intend (HCE, Host-based Card Emulation) equipment, NFC- safe digital cards (NFC-SD, NFC-Secure Digital) the full card apparatus of equipment, NFC, secure operating environment (TEE, Trust Execute Environment) Terminal, flat board (Pad), Intelligent bracelet, other various wearable devices with SE etc..Business is carried Supplier (SP) such as bank, public transport company etc. can be by the credible of SE publisher (SEI, SE Issue) Service Management (TSM, Trust Service Manager) (SEI TSM) dynamic download bank card, mass transit card Deng application.
Because different SE have different publishers, for example for, Apple Pay by Apple Inc. issue, The SE of the full terminal of honor is issued by Huawei, and, by each operators issue, NFC-SD is by Unionpay, drawing card for SIM Numerous manufacturers' issues such as drawing.SE publisher's preset main security domain in SE, and control main security domain on SE Key, business provider need access publisher TSM, under the control of main security domain, aided in The management operations such as security domain is created and application is downloaded, deletion.
Application issuance includes two flows, and one is that the application of business provider is reached the standard grade flow, and one is that user should With discovery and download flow.
However, in above-mentioned flow, because SE is controlled by SE publisher, and SE publisher number Amount is numerous, therefore, easily cause user and business provider and produce isolation, so as to cause user's fragmentation and The repeated work of business provider's Application issuance, reduces treatment effeciency.
The content of the invention
Be to solve existing technical problem, the embodiment of the present invention provide a kind of application method for down loading, SE and Terminal.
To reach above-mentioned purpose, what the technical scheme of the embodiment of the present invention was realized in:
One kind application method for down loading is the embodiment of the invention provides, SE is applied to, methods described includes:
Receive the application download instruction from service provider (SP, Service Provider) TSM;
The application download instruction is verified using the first security domain key;First security domain key It is the main security domain key of the SE itself generations;
After being verified, the application download instruction is performed, carry out the download of correspondence application.
In such scheme, during the application download instruction of the reception SP TSM, methods described also includes:
The download request that receiving terminal sends;
The download request is parsed, the first information is obtained;The first information includes the second information and the 3rd letter Breath;Application download instruction of second information representation from the SP TSM;3rd information representation Corresponding token (TOKEN) signed data of second information;
Correspondingly, before the first security domain key of the use is verified to the application download instruction, institute Stating method also includes:
The 3rd information is verified, using the first security domain key to the application download instruction after being verified Verified.
In such scheme, before the download request that the receiving terminal sends, methods described also includes:
Receive the signature request that the terminal sends;
The signature request is parsed, the 4th information is obtained;4th packet is containing the second information and the 5th letter Breath;The PIN code of the 5th information representation user input;
5th information is verified, it is corresponding for second information generation after being verified TOKEN signed datas, and return to response to the terminal;The TOKEN signed datas are response data.
In such scheme, methods described also includes:
When being initialized, itself generation first security domain key.
In such scheme, before generation first security domain key, methods described also includes:
The initialization requests that receiving terminal sends;
The initialization requests are parsed, the 5th information is obtained;The 5th information representation user input PIN code;
The PIN code is verified, after being verified, itself generation first security domain key;
Initialization response is returned to the terminal.
The embodiment of the present invention additionally provides one kind application method for down loading, is applied to terminal, and methods described includes:
First is received to operate;Described first operates for triggering application download;
According to the described first operation, obtained to SP TSM and apply download instruction accordingly;
Download request is sent to SE;The download request carries the first information;The first information is included Second information and the 3rd information;Application download instruction of second information representation from the SP TSM; Second information is downloaded for indicating the SE to carry out correspondence application;Described in 3rd information representation The corresponding TOKEN signed datas of two information;3rd information is entered for the SE to second information Row checking.
In such scheme, after obtaining corresponding application download instruction, and it is described to SE send download request it Before, methods described also includes:
According to the application download instruction, prompt message is sent, the prompt message is used to point out user input PIN code;
Second is received to operate;Second operation is the response operation to the prompt message;
Operated according to second, signature request is sent to the SE;The signature request carries the 4th information; 4th packet contains the second information and the 5th information;The PIN code of the 5th information representation user input;
Receive the response that the SE is returned;The TOKEN signed datas are response data.
In such scheme, methods described also includes:
Receive the 3rd operation;Described 3rd operates and the SE is initialized for triggering;
According to the described 3rd operation, prompt message is sent, the prompt message is used to point out user input PIN Code;
Receive the 4th operation;4th operation is the response operation to the prompt message;
Operated according to the 4th, generation initialization requests are sent to the SE;The initialization requests are used to refer to Show that the SE generates the first security domain key;The initialization requests carry the 5th information;Described 5th The PIN code of information representation user input;First security domain key is used to answer carrying out readme SP TSM Verified with download instruction;
Receive the initialization response that the SE is returned.
The embodiment of the present invention provides a kind of SE again, including:First receiving unit, the first authentication unit and Download unit;Wherein,
First receiving unit, for receiving the application download instruction from SP TSM;
First authentication unit, for being tested the application download instruction using the first security domain key Card;First security domain key is the main security domain key of the SE itself generations;
The download unit, after being verified, performs the application download instruction, carries out correspondence application Download.
In such scheme, the SE also includes:Resolution unit and the second authentication unit;Wherein,
First receiving unit, for the download request that receiving terminal sends;
The resolution unit, for parsing the download request, obtains the first information;The first information bag Containing the second information and the 3rd information;Application download instruction of second information representation from the SP TSM; The corresponding TOKEN signed datas of second information described in 3rd information representation;
Second authentication unit, for verifying the 3rd information, triggers described first and tests after being verified Card unit;
First authentication unit, for after the triggering for receiving second authentication unit, using the first safety Domain key is verified to the application download instruction.
In such scheme, the SE also includes signature unit;Wherein,
First receiving unit, is additionally operable to receive the signature request that the terminal sends;
The resolution unit, is additionally operable to parse the signature request, obtains the 4th information;4th information Comprising the second information and the 5th information;The PIN code of the 5th information representation user input;
The signature unit, for being verified to the 5th information, is directed to described second after being verified Information generates corresponding TOKEN signed datas, and returns to response to the terminal;The TOKEN is signed Name data are response data.
In such scheme, the SE also includes:Generation unit, during for being initialized, itself generation First security domain key.
In such scheme, first receiving unit is additionally operable to the initialization requests of receiving terminal transmission;
The generation unit, for being parsed to the initialization requests, obtains the 5th information;Described The PIN code of five information representation user inputs;The PIN code is verified, after being verified, itself life Into first security domain key;And return to initialization response to the terminal.
The embodiment of the present invention additionally provides a kind of terminal, including:Second receiving unit, acquiring unit and hair Send unit;Wherein,
Second receiving unit, operates for receiving first;Described first operates for triggering application download;
The acquiring unit, for according to the described first operation, obtaining corresponding application to SP TSM and downloading Instruction;
The transmitting element, for sending download request to SE;The download request carries the first information; The first information includes the second information and the 3rd information;Second information representation comes from the SP TSM Application download instruction;Second information is downloaded for indicating the SE to carry out correspondence application;Described The corresponding TOKEN signed datas of second information described in three information representations;3rd information is used for the SE Second information is verified.
In such scheme, the terminal also includes:Tip element and the 3rd receiving unit;Wherein,
The Tip element, for according to the application download instruction, sending prompt message, the prompting letter Cease for pointing out user input PIN code;
Second receiving unit, is additionally operable to receive the second operation;Second operation is to the prompting letter The response operation of breath;
The transmitting element, is additionally operable to be operated according to second, and signature request is sent to the SE;The label Name request carries the 4th information;4th packet contains the second information and the 5th information;5th information Characterize the PIN code of user input;
3rd receiving unit, for receiving the response that the SE is returned;The TOKEN signed datas It is response data.
In such scheme, second receiving unit is operated for receiving the 3rd;Described 3rd operates and is used for Triggering is initialized to the SE;And receive the 4th operation;4th operation is to the prompting letter The response operation of breath;
The Tip element, is additionally operable to, according to the 3rd operation, send prompt message, the prompt message For pointing out user input PIN code;
The transmitting element, is additionally operable to according to the 4th operation, and generation initialization requests are sent to the SE; The initialization requests are used to indicate the SE to generate the first security domain key;The initialization requests are carried There is the 5th information;The PIN code of the 5th information representation user input;First security domain key is used for Application download instruction to carrying out readme SP TSM is verified;
3rd receiving unit, is additionally operable to receive the initialization response that the SE is returned.
Application method for down loading provided in an embodiment of the present invention, SE and terminal, SE are received from SP TSM's Using download instruction;The application download instruction is verified using the first security domain key;Described first Security domain key is the main security domain key of the SE itself generations;After being verified, the application is performed Download instruction, carries out the download of correspondence application, the peace of itself generation during the main safe key used due to SE Full key, does not rely on the control of publisher, thus download using when avoid the need for by the participation of SEI TSM, The link of SEI TSM is reduced, applying for business provider would not be occurred and be repeated to reach the standard grade in each SEI TSM Problem, in this way, substantially increase operating efficiency, while, moreover it is possible to business provider is effectively managed respectively User.
Brief description of the drawings
In accompanying drawing (it is not necessarily drawn to scale), similar reference can be in different views Described in similar part.Similar reference numerals with different letter suffix can represent the difference of similar component Example.Accompanying drawing generally shows each embodiment discussed herein by way of example and not limitation.
Fig. 1 a are Application issuance system architecture schematic diagram in correlation technique;
Fig. 1 b are the corresponding Application issuance schematic flow sheet of Fig. 1 a systems;
Fig. 2 downloads schematic flow sheet to be applied in correlation technique;
Fig. 3 is that the embodiment of the present invention one applies method for down loading schematic flow sheet;
Fig. 4 is that the embodiment of the present invention two applies method for down loading schematic flow sheet;
Fig. 5 is the SE structural representations of the embodiment of the present invention three;
Fig. 6 is the terminal structure schematic diagram of the embodiment of the present invention four;
Fig. 7 is that the embodiment of the present invention five initializes schematic flow sheet;
Fig. 8 is that schematic flow sheet is downloaded in the application of the embodiment of the present invention five;
Fig. 9 is the service system structure schematic diagram of the embodiment of the present invention five.
Specific embodiment
Below in conjunction with the accompanying drawings and embodiment to the present invention be described in further detail again.
Before the embodiment of the present invention is described, correlation technique is first learnt about.
Application issuance mainly includes two flows, is respectively that the application of business provider is reached the standard grade flow, and one is User's application finds and downloads flow.
Fig. 1 a are Application issuance system architecture schematic diagram;Fig. 1 b are the corresponding Application issuance flow of Fig. 1 a systems Schematic diagram.As shown in Figure 1 b, Application issuance flow is mainly included the following steps that:
Step 101:Service provider and SE publisher's signature cooperation agreement, application SE spaces, with after an action of the bowels Continued access enters SEI TSM;
Step 102:Service provider's platform accesses SEI TSM and carries out test of reaching the standard grade;
Step 103:Business provider uploads application to SEI TSM;
Here, step 101~103 are using flow of reaching the standard grade.
Step 104:User sends out the channels such as business hall and finds application by cell-phone customer terminal, business;
Step 105:User is actively initiated using download request by cell-phone customer terminal and completes to download, or logical Crossing business provider platform request SEI TSM pushed using backstage, completes application and downloads.
Here, step 104~105 are that user's application finds and download flow.
Wherein, main security domain key is controlled by SE publisher, and SEI TSM and SE share main security domain Key, SEI TSM carry out MAC calculating and encryption, SE using security domain key in application downloading process MAC verifications and decryption are carried out using security domain key.
Below so that user initiates application download request by client as an example, describe application in detail and download flow.
As shown in Fig. 2 being mainly included the following steps that using flow is downloaded:
Step 105a:User is downloaded using client request application;
Step 105b:Client forwards the request to SEI TSM;
Step 105c:After SEI TSM receive request, generation application download instruction simultaneously uses main security domain key MAC calculating and encryption are carried out, and these information are sent to client;
Step 105d:Client is received using after download instruction, writes SE;
Step 105e:SE receives to apply download instruction, and using main security domain key carry out MAC verifications and After decryption, and verification and successful decryption, perform response and return to client;
Step 105f:The execution response of application download instruction is returned to SEI TSM by client;
Here, during practical application, step 105c~105f can be repeated several times as needed.
Step 105g:After completing to download, SEI TSM notify that client downloads are completed;
Step 105h:Client-Prompt user application is downloaded and completed.
From the above description, it will be seen that in the distribution process of application, main security domain key is sent out by SE Row side is controlled, and in other words, SE is controlled by SE publisher, and SE publisher's is large number of, So easily cause user and business provider isolation.For business provider, it is easy for causing user Fragmentation (not allowing manageability user) and business provider reach the standard grade using repetition.For example for, use Family uses the full terminals of NFC of cell phone manufacturer A and the bank card of bank B, but due to the SEI of cell phone manufacturer A TSM does not access the application of bank B, so now user cannot be entirely whole by the NFC of cell phone manufacturer A End is serviced using the NFC that the application of bank B is provided.If user still wants to the NFC by cell phone manufacturer A Full terminal is serviced using the NFC that the application of bank B is provided, and according to the scheme of prior art, bank B is needed The SEI TSM of cell phone manufacturer A are first accessed, and application is uploaded to the SEI TSM of cell phone manufacturer A, i.e., The application of the business of carrying out provider is reached the standard grade flow, and so, user could be complete by the NFC of cell phone manufacturer A Terminal is serviced using the NFC that the application of bank B is provided, in this way, the application of bank B may be occurred In the situation that each SEI TSM repeat to reach the standard grade, so as to reduce operating efficiency.
Based on this, in various embodiments of the present invention:SE receives the application download instruction from SP TSM;
The application download instruction is verified using the first security domain key;First security domain key It is the main security domain key of the SE itself generations;After being verified, the application download instruction is performed, Carry out the download of correspondence application.
Embodiment one
The embodiment of the present invention provides one kind application method for down loading, and the method is applied in SE.
Fig. 3 realizes schematic flow sheet for the embodiment of the present invention one using method for down loading.As shown in figure 3, should Method is comprised the following steps:
Step 301:Receive the application download instruction from SP TSM;
Here, in one embodiment, during the application download instruction of the reception SP TSM, the method may be used also To include:
The download request that the SE receiving terminals send;
The download request is parsed, the first information is obtained;The first information includes the second information and the 3rd letter Breath;Application download instruction of second information representation from the SP TSM;3rd information representation The corresponding TOKEN signed datas of second information.
Wherein, before the download request that the receiving terminal sends, the method can also include:
Receive the signature request that the terminal sends;
The signature request is parsed, the 4th information is obtained;4th packet is containing the second information and the 5th letter Breath;The PIN code of the 5th information representation user input;
5th information is verified, it is corresponding for second information generation after being verified TOKEN signed datas, and return to response to the terminal;The TOKEN signed datas are response data.
Here, when (authentication failed) is not passed through to the 5th Information Authentication, subsequent operation will not be carried out, i.e., Corresponding TOKEN signed datas are not generated for second information, and response is returned to the terminal; Response now should characterize authentication failed.
In one embodiment, the method can also include:
When being initialized, itself the first security domain key of generation.
Wherein, first security domain key is the main security domain key of the SE itself generations.
The main security domain key refers to:The key of the application download instruction of any encryption can be decrypted.
Before generation first security domain key, the method can also include:
The initialization requests that the SE receiving terminals send;
The initialization requests are parsed, the 5th information is obtained;The 5th information representation user input PIN code;
The PIN code is verified, after being verified, itself generation first security domain key;
Initialization response is returned to the terminal, to illustrate to initialize successfully.
Here, when (authentication failed) is not passed through to PIN code checking, subsequent operation is not carried out, First security domain key itself is generated, and initialization response is returned to the terminal;Response now Should characterize initialization failure.
During practical application, the first security domain key of generation both can be symmetric key, or asymmetric Key.The embodiment of the present invention is not construed as limiting to the form of the first security domain key, as long as the first safety of generation Domain key can download instruction and be verified to the application from the SP TSM.
Step 302:The application download instruction is verified using the first security domain key;
Here, the application download instruction from SP TSM is the use of auxiliary security domain key carries out MAC Instruction after calculating and encryption, so needing using the first security domain key to the application download instruction Verified.
Specifically, downloading instruction to the application from SP TSM using first security domain key is carried out MAC is verified and decryption processing, so as to obtain the application download instruction of plaintext.
It is described to use the first security domain key to institute when the application download instruction is carried in download request State before being verified using download instruction, the method can also include:
The 3rd information is verified, using the first security domain key to the application download instruction after being verified Verified.
Here, during practical application, subsequent operation will not be then carried out when checking does not pass through (authentication failed), The first security domain key is not used to verify the application download instruction.
Step 303:After being verified, the application download instruction is performed, carry out the download of correspondence application.
Here, subsequent operation will not be then carried out when checking does not pass through (authentication failed), i.e., is not performed described Using download instruction, the download of correspondence application is carried out.
Application method for down loading provided in an embodiment of the present invention, SE receives the application download instruction from SP TSM; The application download instruction is verified using the first security domain key;First security domain key is institute State the main security domain key of SE itself generations;After being verified, the application download instruction is performed, carried out The download of correspondence application, the safe key of itself generation, is independent of during the main safe key used due to SE In the control of publisher, thus download using when avoid the need for, by the participation of SEI TSM, reducing SEI TSM Link, applying for business provider would not occur and repeat the problem reached the standard grade in each SEI TSM, in this way, Operating efficiency is substantially increased, while, moreover it is possible to business provider is effectively managed each user.
In addition, the download request that SE receiving terminals send;The download request is parsed, the first information is obtained; The first information includes the second information and the 3rd information;Second information representation comes from the SP TSM Application download instruction;The corresponding TOKEN signed datas of second information described in 3rd information representation; SE verifies the 3rd information, and the application download instruction is entered using the first security domain key after being verified Row checking, during being downloaded, is participated in using download flow by user by terminal, in this way, Can effectively prevent service publishing from the unwanted application of user is pushed into the SE, improve user's body Test.
Embodiment two
The embodiment of the present invention provides one kind application method for down loading, and the method is applied in terminal.
Fig. 4 realizes schematic flow sheet for the embodiment of the present invention two using method for down loading.As shown in figure 4, should Method is comprised the following steps:
Step 401:First is received to operate;Described first operates for triggering application download;
Here, first operation is the operation of user, and request is carried out using download.
Step 402:According to the described first operation, obtained to SP TSM and apply download instruction accordingly;
Specifically, sent to SP TSM and apply download request;
After SP TSM receive request, download instruction is applied in generation, and is issued to terminal.
Wherein, the application download instruction of SP TSM generations is the use of auxiliary security domain key carries out MAC meters Instruction after calculation and encryption.
Step 403:Download request is sent to SE.
Here, the download request carries the first information.
Wherein, the first information includes the second information and the 3rd information;
Application download instruction of second information representation from the SP TSM;Second information is used for Indicate the SE to carry out correspondence application to download;
The corresponding TOKEN signed datas of second information described in 3rd information representation;3rd information Second information is verified for the SE.
In one embodiment, it is after obtaining corresponding application download instruction and described to SE transmission download requests Before, the method can also include:
According to the application download instruction, prompt message is sent, the prompt message is used to point out user input PIN code;
Second is received to operate;Second operation is the response operation to the prompt message;
Operated according to second, signature request is sent to the SE;The signature request carries the 4th information; 4th packet contains the second information and the 5th information;The PIN code of the 5th information representation user input;
Receive the response that the SE is returned;The TOKEN signed datas are response data.
In one embodiment, the method can also include:
The terminal receives the 3rd and operates;Described 3rd operates and the SE is initialized for triggering;
According to the described 3rd operation, prompt message is sent, the prompt message is used to point out user input PIN Code;
Receive the 4th operation;4th operation is the response operation to the prompt message;
Operated according to the 4th, generation initialization requests are sent to the SE;
Receive the initialization response that the SE is returned.
Wherein, the initialization requests are used to indicate the SE to generate the first security domain key;
The initialization requests carry the 5th information;
The PIN code of the 5th information representation user input;
First security domain key is used to verify the application download instruction for carrying out readme SP TSM.
During practical application, the SE using preceding, it is necessary to the initialization of SE is carried out by terminal by user, with Generate the first security domain key.
Application method for down loading provided in an embodiment of the present invention, terminal receives first and operates;First operation is used Downloaded in triggering application;According to the described first operation, obtained to SP TSM and apply download instruction accordingly; Download request is sent to SE;Download request carries the first information;The first information includes the second information And the 3rd information;Application download instruction of second information representation from the SP TSM;Described second Information is downloaded for indicating the SE to carry out correspondence application;Second information pair described in 3rd information representation The TOKEN signed datas answered;3rd information verifies for the SE to second information, During being downloaded, participated in by terminal using flow is downloaded, in this way, can be effectively by user Prevent service publishing from the unwanted application of user is pushed into the SE, improve Consumer's Experience.
Embodiment three
Method to realize the embodiment of the present invention one, the present embodiment provides a kind of SE, as shown in figure 5, should SE includes:First receiving unit 51, the first authentication unit 52 and download unit 53;Wherein,
First receiving unit 51, for receiving the application download instruction from SP TSM;
First authentication unit 52, for being carried out to the application download instruction using the first security domain key Checking;First security domain key is the main security domain key of the SE itself generations;
The download unit 53, after being verified, performs the application download instruction, and carrying out correspondence should Download.
Wherein, in one embodiment, the SE can also include:Resolution unit and the second authentication unit;Its In,
First receiving unit 51, for the download request that receiving terminal sends;
The resolution unit, for parsing the download request, obtains the first information;The first information bag Containing the second information and the 3rd information;Application download instruction of second information representation from the SP TSM; The corresponding TOKEN signed datas of second information described in 3rd information representation;
Second authentication unit, for verifying the 3rd information, triggers described first and tests after being verified Card unit 52;
First authentication unit 52, for after the triggering for receiving second authentication unit, using the first peace Universe key is verified to the application download instruction.
Here, during practical application, subsequent operation will not be then carried out when checking does not pass through (authentication failed), I.e. described second authentication unit will not trigger first authentication unit 52 using the first security domain key to institute State and verified using download instruction.
Wherein, the SE can also include signature unit;Wherein,
First receiving unit 51, is additionally operable to receive the signature request that the terminal sends;
The resolution unit, is additionally operable to parse the signature request, obtains the 4th information;4th information Comprising the second information and the 5th information;The PIN code of the 5th information representation user input;
The signature unit, for being verified to the 5th information, is directed to described second after being verified Information generates corresponding TO KEN signed datas, and returns to response to the terminal;The TOKEN signatures Data are response data.
Here, when (authentication failed) is not passed through to the 5th Information Authentication, subsequent operation will not be carried out, i.e., The signature unit does not generate corresponding TOKEN signed datas for second information, and to the end End returns to response;Response now should characterize authentication failed.
In one embodiment, the SE can also include:Generation unit, during for being initialized, itself Generate first security domain key.
Here, first security domain key is the main security domain key of the SE itself generations.
The main security domain key refers to:The key of the application download instruction of any encryption can be decrypted.
Wherein, first receiving unit 51, is additionally operable to the initialization requests of receiving terminal transmission;
The generation unit, for being parsed to the initialization requests, obtains the 5th information;Described The PIN code of five information representation user inputs;The PIN code is verified, after being verified, itself life Into first security domain key;And return to initialization response to the terminal.
Here, when (authentication failed) is not passed through to PIN code checking, the generation unit will not be held Row subsequent operation, i.e. itself generation first security domain key, and return to initialization response to the terminal; Response now should characterize initialization failure.
During practical application, the first security domain key of generation both can be symmetric key, or asymmetric Key.The embodiment of the present invention is not construed as limiting to the form of the first security domain key, as long as the first safety of generation Domain key can download instruction and be verified to the application from the SP TSM.
From SP TSM application download instruction be the use of auxiliary security domain key carry out MAC calculating and Instruction after encryption, so needing to test the application download instruction using the first security domain key Card.
Specifically, first authentication unit 52 uses first security domain key to from SP TSM's MAC verifications and decryption processing are carried out using instruction is downloaded, so as to obtain the application download instruction of plaintext.
Subsequent operation will not be then carried out when first authentication unit 52 is verified does not pass through (authentication failed), Do not perform the application download instruction, carry out the download of correspondence application.
During practical application, first receiving unit 51 can be realized by the communication chip in SE;Described first Authentication unit 52, resolution unit, the second authentication unit, signature unit and generation unit can be by SE Reason device is realized;The download unit 53 can be realized by the processor combination communication chip in SE.
SE provided in an embodiment of the present invention, first receiving unit 51 receives the application from SP TSM Download instruction;First authentication unit 52 is carried out using the first security domain key to the application download instruction Checking;First security domain key is the main security domain key of the SE itself generations;After being verified, The download unit 53 performs the application download instruction, the download of correspondence application is carried out, because SE is used Main safe key when itself generation safe key, do not rely on the control of publisher, therefore download application When avoid the need for being reduced by the participation of SEI TSM the link of SEI TSM, business offer would not be provided Side applies the problem reached the standard grade in each SEI TSM repetitions, in this way, operating efficiency is substantially increased, meanwhile, Business provider can also be made effectively to manage each user.
In addition, the download request that the receiving terminal of the first receiving unit 51 sends;The resolution unit parsing The download request, obtains the first information;The first information includes the second information and the 3rd information;It is described Application download instruction of second information representation from the SP TSM;Second described in 3rd information representation The corresponding TOKEN signed datas of information;Second authentication unit verifies the 3rd information, and checking is logical Later first authentication unit 52 verified using the first security domain key to the application download instruction, During being downloaded, participated in by terminal using flow is downloaded, in this way, can be effectively by user Prevent service publishing from the unwanted application of user is pushed into the SE, improve Consumer's Experience.
Example IV
Method to realize the embodiment of the present invention two, the present embodiment provides a kind of terminal, as shown in fig. 6, should Terminal includes:Second receiving unit 61, acquiring unit 62 and transmitting element 63;Wherein,
Second receiving unit 61, operates for receiving first;Described first operates for triggering under application Carry;
The acquiring unit 62, for according to the described first operation, being obtained under corresponding application to SP TSM Carry instruction;
The transmitting element 63, for sending download request to SE;The download request carries the first letter Breath;The first information includes the second information and the 3rd information;Second information representation comes from the SP The application download instruction of TSM;Second information is downloaded for indicating the SE to carry out correspondence application;Institute State the corresponding TOKEN signed datas of the second information described in the 3rd information representation;3rd information is used for institute SE is stated to verify second information.
Here, first operation is the operation of user, and request is carried out using download.
Described acquisition to SP TSM applies download instruction accordingly, specifically includes:
The acquiring unit 62 sends to SP TSM and applies download request;
After SP TSM receive request, download instruction is applied in generation, and is issued to the acquiring unit 62.
Wherein, the application download instruction of SP TSM generations is the use of auxiliary security domain key carries out MAC meters Instruction after calculation and encryption.
In one embodiment, the terminal also includes:Tip element and the 3rd receiving unit;Wherein,
The Tip element, for according to the application download instruction, sending prompt message, the prompting letter Cease for pointing out user input PIN code;
Second receiving unit, is additionally operable to receive the second operation;Second operation is to the prompting letter The response operation of breath;
The transmitting element 63, is additionally operable to be operated according to second, and signature request is sent to the SE;It is described Signature request carries the 4th information;4th packet contains the second information and the 5th information;5th letter Breath characterizes the PIN code of user input;
3rd receiving unit, for receiving the response that the SE is returned;The TOKEN signed datas It is response data.
In one embodiment, second receiving unit, operates for receiving the 3rd;3rd operation is used The SE is initialized in triggering;And receive the 4th operation;4th operation is to the prompting The response operation of information;
The Tip element, is additionally operable to, according to the 3rd operation, send prompt message, the prompt message For pointing out user input PIN code;
The transmitting element, is additionally operable to according to the 4th operation, and generation initialization requests are sent to the SE; The initialization requests are used to indicate the SE to generate the first security domain key;The initialization requests are carried There is the 5th information;The PIN code of the 5th information representation user input;First security domain key is used for Application download instruction to carrying out readme SP TSM is verified;
3rd receiving unit, is additionally operable to receive the initialization response that the SE is returned.
During practical application, the SE using preceding, it is necessary to the initialization of SE is carried out by terminal by user, with Generate the first security domain key.
During practical application, second receiving unit 61, Tip element, can be by the central processing unit in terminal (CPU, Central Processing Unit), microprocessor (MCU, Micro Control Unit), numeral Signal processor (DSP, Digital Signal Processor) or programmable logic array (FPGA, Field - Programmable Gate Array) realize;The acquiring unit 62, transmitting element the 63, the 3rd are received Unit can be realized by the communication chip in terminal.
Terminal provided in an embodiment of the present invention, second receiving unit 61 receives first and operates;Described first Operate and downloaded for triggering application;The acquiring unit 62 is obtained according to the described first operation to SP TSM Apply download instruction accordingly;The transmitting element 63 sends download request to SE;Download request is carried The first information;The first information includes the second information and the 3rd information;Second information representation comes from institute State the application download instruction of SP TSM;Second information is downloaded for indicating the SE to carry out correspondence application; The corresponding TOKEN signed datas of second information described in 3rd information representation;3rd information is used for The SE is verified to second information, during being downloaded, by user by terminal come Participate in application and download flow, in this way, can effectively prevent service publishing from pushing the unwanted application of user To the SE, Consumer's Experience is improved.
Embodiment five
The embodiment of the present invention provides one kind application method for down loading.
It should be noted that:The present embodiment is on the basis of embodiment one, two, three, four, to retouch in detail Flow is downloaded in the application for stating terminal participation.In whole flow process, initialization flow and lower current-carrying can be divided into Journey.
Wherein, Fig. 7 realizes schematic flow sheet for the initialization of the embodiment of the present invention five.As shown in fig. 7, should Method is comprised the following steps:
Step 701:User initializes SE to terminal request;
Step 702:After terminal receives request, user input PIN code is pointed out;
Step 703:After receiving prompting, user input PIN code;
Step 704:After terminal receives the PIN code of user input, request initialization SE;
Here, the PIN code of user input is carried in request.
The request initialization SE, it is, request SE generates the first security domain key.
Step 705:After SE receives request, analysis request obtains PIN code, and verify PIN code;
Step 706:PIN code is verified, and SE internally generates the first security domain key;
In other words, SE itself generates the first security domain key.
Here, first security domain key is the main security domain key of the SE itself generations.
The main security domain key refers to:The key of the application download instruction of any encryption can be decrypted.
During practical application, the embodiment of the present invention does not limit the implementation process that SE generates the first security domain key. In addition, the first security domain key of generation both can be symmetric key, or asymmetric key.This hair Bright embodiment is not construed as limiting to the form of the first security domain key, as long as the first security domain key of generation can be right Application from the SP TSM is downloaded instruction and is verified.
And in the prior art, the first security domain key rule of SE is defined by SE publisher, and in SE Generation phase carries out key dispersion generation and writes.
Step 707:SE returns to initialization response to terminal;
Step 708:After terminal receives initialization response, prompt the user with SE initialization and complete.
It should be noted that:During practical application, the operation of SE initialization only needs to perform once, completes initialization Afterwards, the down operation that user can be applied.
Fig. 8 is that the embodiment of the present invention five realizes schematic flow sheet using what is downloaded.As shown in figure 8, the method Comprise the following steps:
Step 801:User downloads to terminal request application;
Step 802:After terminal receives request, carried out using download to SP TSM requests;
Step 803:After SP TSM receive request, generation is using download instruction and is issued to terminal;
Here, the application download instruction of generation is the use of the second security domain key and carries out MAC calculating and add Instruction after close treatment.Second security domain key refers to:Relative to the auxiliary security of main security domain key Domain key.
Step 804:Terminal is received using after download instruction, asks user input PIN code;
Step 805:After receiving request, user input PIN code;
Step 806:After terminal receives the PIN code of user input, PIN code and application download instruction are submitted to To SE, request is signed to application download instruction;
Step 807:After SE receives request, analysis request obtains PIN code and applies download instruction, and tests Card PIN code;
Step 808:It is to generate TOKEN signed datas using download instruction after being verified;
Here, during practical application, TOKEN signed datas are dynamically generated.
Step 809:TOKEN signed datas are returned to terminal by SE as response data;
Step 810:After terminal receives data, TOKEN signed datas are attached to after applying download instruction, To form complete application download instruction, and it is written in SE;
Step 811:SE receives the application download instruction comprising TOKEN signed datas, verifies TOKEN Signed data;
812:After being verified, the application download instruction is verified using the first security domain key;Test Card carries out the download of correspondence application by execution application download instruction;
Step 813:After completing application download, SE application is downloaded the response data for performing and is returned to terminal;
Step 814:After terminal receives response data, SP TSM will be returned to using response is downloaded;
Step 815:After SP TSM complete application download, notify that terminal applies are downloaded and terminate;
Step 816:After terminal is notified, points out user's application to download and complete.
Here, it is necessary to what is illustrated is:During practical application, the operation of above-mentioned terminal can be realized by a program; At this point it is possible to the program is referred to as into SE control programs.
In order to realize the scheme of the embodiment of the present invention, it is necessary to make following change on the basis of existing SE:
(1) increase SE function of initializing module (generation unit in correspondence embodiment three), for by with Family generates the first security domain key by SE control programs inside SE;
(2) increase TOKEN dynamic systematic functions module (signature unit in correspondence embodiment three), use In under being protected in PIN code (i.e. in the presence of user), for and only called for SE control programs (outside);
(3) increase TOKEN authentication functions module (the second authentication unit in correspondence embodiment three), use Verified by SE intrinsic calls during being downloaded in application.
Be can be seen that in from the description above:Using the scheme of the embodiment of the present invention, entirely using downloading process In and do not need SEI TSM to participate in, so as to ultimately form it is as shown in Figure 9 with user (by terminal, than Such as Wearable, NFC-eSE equipment, NFC-SWP equipment, NFC-SD equipment) centered on skill Art and business structure.
Compared with the existing scheme downloaded by SEI TSM control applications, scheme provided in an embodiment of the present invention, By change the main security domains of SE the right of attribution (in prior art, the ownership ownership of the main security domains of SE In SE publisher) SEI TSM and it is not involved in whole downloading process, so as to reduce publisher's control ring Section, business provider is region be directly facing by user, autonomous selection application, so as to simplify Application issuance on SE Flow, and then reduce the complexity of system architecture.From for the angle of business provider, it is not necessary to will Using SEI TSM are uploaded to, business threshold is reduced;Simultaneously, it is to avoid the fragmentation and application hair of user Capable repeated work, improves operating efficiency.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or meter Calculation machine program product.Therefore, the present invention can using hardware embodiment, software implementation or combine software and The form of the embodiment of hardware aspect.And, the present invention can be used and wherein include calculating at one or more Computer-usable storage medium (the including but not limited to magnetic disk storage and optical storage of machine usable program code Device etc.) on implement computer program product form.
The present invention is with reference to method according to embodiments of the present invention, equipment (system) and computer program product Flow chart and/or block diagram describe.It should be understood that flow chart and/or side can be realized by computer program instructions The knot of flow in each flow and/or square frame and flow chart and/or block diagram and/or square frame in block diagram Close.Can provide these computer program instructions to all-purpose computer, special-purpose computer, Embedded Processor or The processor of other programmable data processing devices is producing a machine so that by computer or other can The instruction of the computing device of programming data processing equipment is produced for realizing in one flow of flow chart or multiple The device of the function of being specified in one square frame of flow and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in can guide computer or other programmable data processing devices In the computer-readable memory for working in a specific way so that storage is in the computer-readable memory Instruction is produced includes the manufacture of command device, and the command device is realized in one flow of flow chart or multiple streams The function of being specified in one square frame of journey and/or block diagram or multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices, made Obtain and series of operation steps is performed on computer or other programmable devices to produce computer implemented place Reason, so as to the instruction performed on computer or other programmable devices is provided for realizing in flow chart one The step of function of being specified in flow or multiple one square frame of flow and/or block diagram or multiple square frames.
The above, only presently preferred embodiments of the present invention is not intended to limit protection model of the invention Enclose.

Claims (16)

1. one kind application method for down loading, it is characterised in that be applied to safety element SE, methods described includes:
Receive the application download instruction from service provider's trusted service management SP TSM;
The application download instruction is verified using the first security domain key;First security domain key It is the main security domain key of the SE itself generations;
After being verified, the application download instruction is performed, carry out the download of correspondence application.
2. method according to claim 1, it is characterised in that under the application of the reception SP TSM When carrying instruction, methods described also includes:
The download request that receiving terminal sends;
The download request is parsed, the first information is obtained;The first information includes the second information and the 3rd letter Breath;Application download instruction of second information representation from the SP TSM;3rd information representation The corresponding token TOKEN signed datas of second information;
Correspondingly, before the first security domain key of the use is verified to the application download instruction, institute Stating method also includes:
The 3rd information is verified, using the first security domain key to the application download instruction after being verified Verified.
3. method according to claim 2, it is characterised in that the download that the receiving terminal sends please Before asking, methods described also includes:
Receive the signature request that the terminal sends;
The signature request is parsed, the 4th information is obtained;4th packet is containing the second information and the 5th letter Breath;The PIN code of the 5th information representation user input;
5th information is verified, it is corresponding for second information generation after being verified TOKEN signed datas, and return to response to the terminal;The TOKEN signed datas are response data.
4. the method according to any one of claims 1 to 3, it is characterised in that methods described also includes:
When being initialized, itself generation first security domain key.
5. method according to claim 4, it is characterised in that generation first security domain is close Before key, methods described also includes:
The initialization requests that receiving terminal sends;
The initialization requests are parsed, the 5th information is obtained;The 5th information representation user input PIN code;
The PIN code is verified, after being verified, itself generation first security domain key;
Initialization response is returned to the terminal.
6. one kind application method for down loading, it is characterised in that be applied to terminal, methods described includes:
First is received to operate;Described first operates for triggering application download;
According to the described first operation, obtained to SP TSM and apply download instruction accordingly;
Download request is sent to SE;The download request carries the first information;The first information is included Second information and the 3rd information;Application download instruction of second information representation from the SP TSM; Second information is downloaded for indicating the SE to carry out correspondence application;Described in 3rd information representation The corresponding TOKEN signed datas of two information;3rd information is entered for the SE to second information Row checking.
7. method according to claim 6, it is characterised in that after obtaining corresponding application download instruction, And before the transmission download request to SE, methods described also includes:
According to the application download instruction, prompt message is sent, the prompt message is used to point out user input PIN code;
Second is received to operate;Second operation is the response operation to the prompt message;
Operated according to second, signature request is sent to the SE;The signature request carries the 4th information; 4th packet contains the second information and the 5th information;The PIN code of the 5th information representation user input;
Receive the response that the SE is returned;The TOKEN signed datas are response data.
8. the method according to claim 6 or 7, it is characterised in that methods described also includes:
Receive the 3rd operation;Described 3rd operates and the SE is initialized for triggering;
According to the described 3rd operation, prompt message is sent, the prompt message is used to point out user input PIN Code;
Receive the 4th operation;4th operation is the response operation to the prompt message;
Operated according to the 4th, generation initialization requests are sent to the SE;The initialization requests are used to refer to Show that the SE generates the first security domain key;The initialization requests carry the 5th information;Described 5th The PIN code of information representation user input;First security domain key is used to answer carrying out readme SP TSM Verified with download instruction;
Receive the initialization response that the SE is returned.
9. a kind of SE, it is characterised in that the SE includes:First receiving unit, the first authentication unit with And download unit;Wherein,
First receiving unit, for receiving the application download instruction from SP TSM;
First authentication unit, for being tested the application download instruction using the first security domain key Card;First security domain key is the main security domain key of the SE itself generations;
The download unit, after being verified, performs the application download instruction, carries out correspondence application Download.
10. SE according to claim 9, it is characterised in that the SE also includes:Resolution unit And second authentication unit;Wherein,
First receiving unit, for the download request that receiving terminal sends;
The resolution unit, for parsing the download request, obtains the first information;The first information bag Containing the second information and the 3rd information;Application download instruction of second information representation from the SP TSM; The corresponding TOKEN signed datas of second information described in 3rd information representation;
Second authentication unit, for verifying the 3rd information, triggers described first and tests after being verified Card unit;
First authentication unit, for after the triggering for receiving second authentication unit, using the first safety Domain key is verified to the application download instruction.
11. SE according to claim 10, it is characterised in that the SE also includes signature unit; Wherein,
First receiving unit, is additionally operable to receive the signature request that the terminal sends;
The resolution unit, is additionally operable to parse the signature request, obtains the 4th information;4th information Comprising the second information and the 5th information;The PIN code of the 5th information representation user input;
The signature unit, for being verified to the 5th information, is directed to described second after being verified Information generates corresponding TOKEN signed datas, and returns to response to the terminal;The TOKEN is signed Name data are response data.
12. SE according to any one of claim 9 to 11, it is characterised in that the SE also includes: Generation unit, during for being initialized, itself generation first security domain key.
13. SE according to claim 12, it is characterised in that
First receiving unit, is additionally operable to the initialization requests of receiving terminal transmission;
The generation unit, for being parsed to the initialization requests, obtains the 5th information;Described The PIN code of five information representation user inputs;The PIN code is verified, after being verified, itself life Into first security domain key;And return to initialization response to the terminal.
14. a kind of terminals, it is characterised in that the terminal includes:Second receiving unit, acquiring unit with And transmitting element;Wherein,
Second receiving unit, operates for receiving first;Described first operates for triggering application download;
The acquiring unit, for according to the described first operation, obtaining corresponding application to SP TSM and downloading Instruction;
The transmitting element, for sending download request to SE;The download request carries the first information; The first information includes the second information and the 3rd information;Second information representation comes from the SP TSM Application download instruction;Second information is downloaded for indicating the SE to carry out correspondence application;Described The corresponding TOKEN signed datas of second information described in three information representations;3rd information is used for the SE Second information is verified.
15. terminals according to claim 14, it is characterised in that the terminal also includes:Prompting is single Unit and the 3rd receiving unit;Wherein,
The Tip element, for according to the application download instruction, sending prompt message, the prompting letter Cease for pointing out user input PIN code;
Second receiving unit, is additionally operable to receive the second operation;Second operation is to the prompting letter The response operation of breath;
The transmitting element, is additionally operable to be operated according to second, and signature request is sent to the SE;The label Name request carries the 4th information;4th packet contains the second information and the 5th information;5th information Characterize the PIN code of user input;
3rd receiving unit, for receiving the response that the SE is returned;The TOKEN signed datas It is response data.
16. terminals according to claim 15, it is characterised in that
Second receiving unit, operates for receiving the 3rd;Described 3rd operates for triggering to the SE Initialized;And receive the 4th operation;4th operation is the response operation to the prompt message;
The Tip element, is additionally operable to, according to the 3rd operation, send prompt message, the prompt message For pointing out user input PIN code;
The transmitting element, is additionally operable to according to the 4th operation, and generation initialization requests are sent to the SE; The initialization requests are used to indicate the SE to generate the first security domain key;The initialization requests are carried There is the 5th information;The PIN code of the 5th information representation user input;First security domain key is used for Application download instruction to carrying out readme SP TSM is verified;
3rd receiving unit, is additionally operable to receive the initialization response that the SE is returned.
CN201510937381.0A 2015-12-15 2015-12-15 Application downloading method, secure element and terminal Active CN106888448B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510937381.0A CN106888448B (en) 2015-12-15 2015-12-15 Application downloading method, secure element and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510937381.0A CN106888448B (en) 2015-12-15 2015-12-15 Application downloading method, secure element and terminal

Publications (2)

Publication Number Publication Date
CN106888448A true CN106888448A (en) 2017-06-23
CN106888448B CN106888448B (en) 2020-08-04

Family

ID=59175425

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510937381.0A Active CN106888448B (en) 2015-12-15 2015-12-15 Application downloading method, secure element and terminal

Country Status (1)

Country Link
CN (1) CN106888448B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109246170A (en) * 2017-07-11 2019-01-18 北京握奇智能科技有限公司 A kind of application security download system
CN109302289A (en) * 2017-07-24 2019-02-01 中国移动通信有限公司研究院 A kind of SE space management and device
CN111404706A (en) * 2019-01-02 2020-07-10 中国移动通信有限公司研究院 Application downloading method, secure element, client device and service management device
CN114760276A (en) * 2022-06-13 2022-07-15 深圳市汇顶科技股份有限公司 Method and device for downloading data and secure element

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101820613A (en) * 2009-02-27 2010-09-01 中兴通讯股份有限公司 Application downloading system and method
US20130159710A1 (en) * 2011-12-20 2013-06-20 Apple Inc. System and method for key management for issuer security domain using global platform specifications
CN103258266A (en) * 2012-04-01 2013-08-21 深圳市家富通汇科技有限公司 Device and method for settlement payment with mobile devices
US20140047235A1 (en) * 2012-08-13 2014-02-13 Nxp B. V. Local trusted service manager
CN104395880A (en) * 2013-01-25 2015-03-04 Jvl风险投资有限责任公司 Systems, methods, and computer program products for managing data re-installation

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101820613A (en) * 2009-02-27 2010-09-01 中兴通讯股份有限公司 Application downloading system and method
US20130159710A1 (en) * 2011-12-20 2013-06-20 Apple Inc. System and method for key management for issuer security domain using global platform specifications
CN103258266A (en) * 2012-04-01 2013-08-21 深圳市家富通汇科技有限公司 Device and method for settlement payment with mobile devices
US20140047235A1 (en) * 2012-08-13 2014-02-13 Nxp B. V. Local trusted service manager
CN103593621A (en) * 2012-08-13 2014-02-19 Nxp股份有限公司 Local trusted service manager
CN104395880A (en) * 2013-01-25 2015-03-04 Jvl风险投资有限责任公司 Systems, methods, and computer program products for managing data re-installation

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109246170A (en) * 2017-07-11 2019-01-18 北京握奇智能科技有限公司 A kind of application security download system
CN109302289A (en) * 2017-07-24 2019-02-01 中国移动通信有限公司研究院 A kind of SE space management and device
CN109302289B (en) * 2017-07-24 2021-07-30 中国移动通信有限公司研究院 SE space management method and device
CN111404706A (en) * 2019-01-02 2020-07-10 中国移动通信有限公司研究院 Application downloading method, secure element, client device and service management device
CN111404706B (en) * 2019-01-02 2023-05-09 中国移动通信有限公司研究院 Application downloading method, secure element, client device and service management device
CN114760276A (en) * 2022-06-13 2022-07-15 深圳市汇顶科技股份有限公司 Method and device for downloading data and secure element
WO2023240941A1 (en) * 2022-06-13 2023-12-21 深圳市汇顶科技股份有限公司 Method and apparatus for downloading data, and secure element

Also Published As

Publication number Publication date
CN106888448B (en) 2020-08-04

Similar Documents

Publication Publication Date Title
CN111143890B (en) Calculation processing method, device, equipment and medium based on block chain
US9432087B2 (en) Communication system and method for near field communication
CN108021805A (en) Detect method, apparatus, equipment and the storage medium of Android application program running environment
KR102242848B1 (en) Data transmission method for mobile near field payment and user equipment
CN106899552A (en) Authentication method, certification terminal and system
CN110692073B (en) Notification-based configuration of card accounts
CN108616360A (en) User identity verification, register method and device
CN111199037B (en) Login method, system and device
US20210058374A1 (en) Headless browser system with virtual api
CN106792637B (en) International mobile equipment identification number wiring method, device and mobile terminal
CN106888448A (en) Using method for down loading, safety element and terminal
CN106817346A (en) Data transmission method and device and electronic equipment
CN108305065B (en) Data processing method, terminal equipment and data processing system
CN109034798A (en) Electronic fare payment system, method, apparatus, equipment and medium based on micro services
CN112308236A (en) Method, device, electronic equipment and storage medium for processing user request
CN111404695A (en) Token request verification method and device
CN109714297A (en) Safe verification method, system and user terminal and application platform
CN110519764A (en) A kind of safe verification method of communication equipment, system, computer equipment and medium
CN111404706A (en) Application downloading method, secure element, client device and service management device
CN104079527A (en) Information processing method and electronic equipment
CN112291183B (en) Account login method, system and related equipment
CN108449186A (en) Safe verification method and device
CN105095694B (en) The method and system of webpage calling plug-in unit
CN110719590A (en) One-key login method, device, equipment and storage medium based on mobile phone number
CN103049693B (en) Method, Apparatus and system that a kind of application program uses

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant