CN107967421A - A kind of signal processing method, device and mobile terminal - Google Patents

A kind of signal processing method, device and mobile terminal Download PDF

Info

Publication number
CN107967421A
CN107967421A CN201610906306.2A CN201610906306A CN107967421A CN 107967421 A CN107967421 A CN 107967421A CN 201610906306 A CN201610906306 A CN 201610906306A CN 107967421 A CN107967421 A CN 107967421A
Authority
CN
China
Prior art keywords
stk
orders
modules
sent
security information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610906306.2A
Other languages
Chinese (zh)
Inventor
任晓明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Communications Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Communications Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Communications Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201610906306.2A priority Critical patent/CN107967421A/en
Publication of CN107967421A publication Critical patent/CN107967421A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of signal processing method, device and mobile terminal, is related to field of communication technology, to improve the security of STK applications.The signal processing method of the present invention, including:Receive the STK orders that SIM card is sent;STK processing orders are generated according to the STK orders;The STK processing order is sent to TEE modules, the STK processing order is used to indicate that the TEE modules perform safety operation;Receive the STK security information that the TEE modules are sent;The STK security information is sent to the SIM card.Present invention is mainly used in mobile terminal.

Description

A kind of signal processing method, device and mobile terminal
Technical field
The present invention relates to field of communication technology, more particularly to a kind of signal processing method, device and mobile terminal.
Background technology
With the continuous development of technology, mobile terminal is while communication tool essential as people, its data Disposal ability is also stronger and stronger.
Since SIM (Subscriber Identity Module, subscriber identification module) blocks no display screen, in order to Make the function domination of SIM card, mobile terminal provides a STK (SIM Tool Ki t, User Identification Application Development Tools) Module, this module are extension of the SIM card in mobile terminal.The instruction for needing to perform can be transmitted to STK modules by SIM card, By STK modules on behalf of execution, so as to achieve the purpose that to extend SIM card function.For example as shown in Figure 1, STK modules can be passed through One section of prompt message of display, can be sent short message by STK modules, made a phone call, carried out by the UI interfaces on mobile phone and user Interaction etc..
STK modules extend the function of SIM card, still, also bring the problem of corresponding.SIM card is safe carrier, its In can store sensitivity information, such as:Bank card information etc..And the security of mobile terminal can be much lower.By mobile whole STK modules on end are extended SIM card, in some scenarios, can will reduce the security of SIM card, such as:
Bank card U-shield application is mounted with SIM card.Need user to input password when accessing U-shield, that is, pass through STK modules show an input frame on mobile terminals.User can input password in this input frame.STK modules are by the password Pass to SIM card.SIM card exports digital signature information after to being verified of the password.In the process, user inputs Password is completed in the UI (User interface, user interface) in mobile terminal.And due to the STK moulds of mobile terminal Block security level is lower than SIM card, and is likely to occur situations such as middle viral, once user cipher is trapped, malicious application can To agree to use U-shield without user, this greatly reduces the security of U-shield.
Therefore, how to improve the security of STK applications becomes technical problem urgently to be resolved hurrily.
The content of the invention
In view of this, the present invention provides a kind of signal processing method, device and mobile terminal, to improve STK applications Security.
To solve the above problems, on the one hand, the present invention provides a kind of signal processing method, including:
Receive the STK orders that SIM card is sent;
STK processing orders are generated according to the STK orders;
The STK processing is sent to TEE (Trusted Execut ion Environment, credible performing environment) module Order, the STK processing order are used to indicate that the TEE modules perform safety operation;
Receive the STK security information that the TEE modules are sent;
The STK security information is sent to the SIM card.
Wherein, described the step of STK processing orders are generated according to the STK orders, including:
Determine whether the STK orders are STK security commands;
If it is determined that the STK orders are STK security commands, in one mark of the head of the STK orders and/or afterbody addition Field, the identification field are used to store the mark for representing that the STK orders are STK security commands;
The STK processing order is obtained using the STK orders, the identification field.
Wherein, the step of whether definite STK orders are STK security commands, including:
Instruction packet according to belonging to the STK orders determine the STK orders;
When the instruction packet belonging to the STK orders is grouped for safety command, determine the STK orders for STK safety Order.
Wherein, described the step of obtaining the STK processing order using the STK orders, the identification field, including:
Determine the need for that the STK orders are encrypted;
If desired the STK orders are encrypted, obtain encryption key, and using the encryption key to the STK Order is encrypted;
The STK processing order is obtained according to the encrypted STK orders, the identification field.
Wherein, it is described to send the step of STK processing is ordered to credible performing environment TEE modules, including:
The STK processing order is sent to REE (Rich Execution Environment, rich performing environment) module, So that the REE modules send the STK processing after determining that the STK processing order is security command to the TEE modules Order;
Described the step of receiving the STK security information that the TEE modules are sent, includes:
Receive the STK security information of the REE module forwards, the STK security information be from the TEE modules to What the REE modules were sent.
Wherein, the step of transmission STK security information to the SIM card, including:
The STK security information is verified;
When the verification to the STK security information passes through, decruption key is obtained, using the decruption key by described in STK security information is decrypted;
The STK security information after the decryption is sent to the SIM card.
Wherein, when the STK security information includes user password, the method further includes:
Receive the signing messages that the SIM card is sent;
The signing messages is sent to REE modules.
Second aspect, the present invention provide a kind of signal processing method, including:
The STK processing orders that receiving modem MODEM modules are sent;
Order is handled according to the STK and performs safety operation, obtains STK security information;
The STK security information is sent to the MODEM modules.
Wherein, the step of STK processing orders that the receiving modem MODEM modules are sent, includes:
Receive the STK processing orders of rich performing environment REE module forwards;Wherein, the STK processing order is by institute State MODEM modules and be sent to the REE modules.
Wherein, it is described that the step of order performs safety operation, obtains STK security information is handled according to the STK, including:
Obtain the STK orders that the STK processing order includes;
User interface is shown according to the STK orders, obtains the user password that user is inputted by the user interface;
Encryption key is obtained, the user password is encrypted using the encryption key, by the encrypted use Registered permanent residence order is used as the STK security information.
Wherein, it is described according to the STK processing after the step of obtaining the STK orders that the STK processing order includes The step of order execution safety operation, acquisition STK security information, further include:
Decrypt the STK orders.
Wherein, it is described according to the STK after the step of user password is encrypted using the encryption key The step of processing order performs safety operation, obtains STK security information further includes:
Check information is added for the encrypted user password;
The encrypted user password of check information will be with the addition of as the STK security information.
Wherein, the step of transmission STK security information to the MODEM modules, including:
The STK security information is sent to rich performing environment REE modules so that the REE modules believe safely the STK Breath is sent to the MODEM modules.
The third aspect, the present invention provide a kind of signal processing method, including:
Receive the STK instructions that MODEM modules are sent;
When it is STK processing orders to determine the STK instructions, to STK processing order described in the TEE module forwards;
Receive the STK security information that the TEE modules are sent;
To STK security information described in the MODEM module forwards.
Wherein, it is described when the definite STK orders are STK processing orders, to described in the TEE module forwards at STK Managing the step of ordering is specially:
When it is the mark of STK security commands that the expression STK orders are stored with the identification field of STK instructions, To STK processing order described in the TEE module forwards.
Wherein, when the STK security information includes user password, the method further includes:
Receive the signing messages that the MOEDEM modules are sent;
The signing messages is sent to STK applications.
Fourth aspect, the present invention provide a kind of signal processing device, including:
First receiving module, for receiving the STK orders of subscriber identification module SIM card transmission;
Processing module, for generating STK processing orders according to the STK orders;
First sending module, for sending the STK processing order, the STK processing to credible performing environment TEE modules Order is used to indicate that the TEE modules perform safety operation;
Second receiving module, the STK security information sent for receiving the TEE modules;
Second sending module, for sending the STK security information to the SIM card.
Wherein, the processing module includes:
Determination sub-module, for determining whether the STK orders are STK security commands;
Add submodule, for if it is determined that the STK orders are STK security commands, the head of the STK orders with/ Or afterbody adds an identification field, the identification field is used to store the mark for representing that the STK orders are STK security commands;
Submodule is generated, for obtaining the STK processing order using the STK orders, the identification field.
Wherein, the determination sub-module includes:
First determination unit, for the instruction packet according to belonging to the definite STK orders of the STK orders;
Second determination unit, for when the instruction packet belonging to the STK orders is grouped for safety command, determining described STK orders are STK security commands.
Wherein, the generation submodule includes:
3rd determination unit, is used to determine whether to need that the STK orders are encrypted;
Encryption unit, for if desired the STK orders to be encrypted, obtains encryption key, and utilize the encryption The STK orders are encrypted in key;
Generation unit, for obtaining the STK processing order according to the encrypted STK orders, the identification field.
Wherein, first sending module is specifically used for:The STK processing order is sent to rich performing environment REE modules, So that the REE modules send the STK processing after determining that the STK processing order is security command to the TEE modules Order;
Second receiving module is specifically used for:Receive the STK security information of the REE module forwards, the STK Security information is sent from the TEE modules to the REE modules.
Wherein, second sending module includes:
Submodule is verified, for being verified to the STK security information;
Submodule is decrypted, for when the verification to the STK security information passes through, obtains decruption key, using described Decruption key decrypts the STK security information;
Sending submodule, for sending the STK security information after the decryption to the SIM card.
Wherein, first receiving module is additionally operable to, and receives the signing messages that the SIM card is sent;
First sending module is additionally operable to, and the signing messages is sent to REE modules.
5th aspect, the present invention provide a kind of signal processing device, including:
Receiving module, order is handled for the STK that receiving modem MODEM modules are sent;
Processing module, performs safety operation for handling order according to the STK, obtains STK security information;
Sending module, for sending the STK security information to the MODEM modules.
Wherein, the receiving module is specifically used for,
Receive the STK processing orders of rich performing environment REE module forwards;Wherein, the STK processing order is by institute State MODEM modules and be sent to the REE modules.
Wherein, the processing module includes:
First acquisition submodule, the STK orders included for obtaining the STK processing order;
Second acquisition submodule, for showing user interface according to the STK orders, obtains user and passes through user circle The user password of face input;
Submodule is encrypted, for obtaining encryption key, the user password is encrypted using the encryption key;
Submodule is handled, for using the encrypted user password as the STK security information.
Wherein, the processing module further includes:
Submodule is decrypted, for decrypting the STK orders.
Wherein, the processing module further includes:
Submodule is added, for adding check information for the encrypted user password;
The processing submodule is specifically used for, and will with the addition of the encrypted user password of check information as described in STK security information.
Wherein, the sending module is specifically used for:The STK security information is sent to rich performing environment REE modules so that The STK security information is sent to the MODEM modules by the REE modules.
6th aspect, the present invention provide a kind of signal processing device, including:
First receiving module, for receiving the STK instructions of MODEM modules transmission;
First sending module, for when it is STK processing orders to determine STK instruction, to the TEE module forwards institute State STK processing orders;
Second receiving module, the STK security information sent for receiving the TEE modules;
Second sending module, for STK security information described in the MODEM module forwards.
Wherein, first sending module is specifically used for:It is stored with when in the identification field of STK instructions described in expression When STK orders are the mark of STK security commands, to STK processing order described in the TEE module forwards.
Wherein, first receiving module is additionally operable to, and receives the signing messages that the MOEDEM modules are sent;
First sending module is additionally operable to, and the signing messages is sent to STK applications.
7th aspect, the present invention provide a kind of mobile terminal, including STK modules;The STK modules include:
MOEDEM modules, for receiving the STK orders of subscriber identification module SIM card transmission;Generated according to the STK orders STK processing orders;The STK processing order is sent to credible performing environment TEE modules, the STK processing order is used to indicate The TEE modules perform safety operation;Receive the STK security information that the TEE modules are sent;To described in SIM card transmission STK security information;
TEE modules, order is handled for the STK that receiving modem MODEM modules are sent;According to the STK processing Order performs safety operation, obtains STK security information;The STK security information is sent to the MODEM modules.
Wherein, the STK modules further include:
REE modules, the STK for receiving the transmission of MODEM modules handle order, are to use when determining that the STK handles order When indicating that TEE modules perform the order of safety operation, to STK processing order described in the TEE module forwards;Described in reception The STK security information that TEE modules are sent, and to STK security information described in the MODEM module forwards.
The above-mentioned technical proposal of the present invention has the beneficial effect that:
In embodiments of the present invention, MODEM modules send it to TEE modules after the STK orders of SIM card are received, Corresponding safety operation is performed by TEE modules and obtains STK security information.The STK security information is sent to by TEE modules again MODEM modules, SIM card is sent it to by MODEM modules.Since TEE modules are a relatively independent secure operating environments, Therefore, compared with prior art, the security of operation can be further ensured that by safety operation being performed by TEE modules, so as to improve The security of STK applications.
Brief description of the drawings
Fig. 1 is the structure diagram of existing mobile terminal;
Fig. 2 is the schematic diagram of existing mobile terminal;
Fig. 3 is the flow chart of the signal processing method of the embodiment of the present invention one;
Fig. 4 is the flow chart of the signal processing method of the embodiment of the present invention two;
Fig. 5 is the flow chart of the signal processing method of the embodiment of the present invention three;
Fig. 6 is the flow chart of the signal processing method of the embodiment of the present invention four;
Fig. 7 is the schematic diagram of the signal processing device of the embodiment of the present invention five;
Fig. 8 is the schematic diagram of the signal processing device of the embodiment of the present invention six;
Fig. 9 is the schematic diagram of the signal processing device of the embodiment of the present invention seven;
Figure 10 is the schematic diagram of the mobile terminal of the embodiment of the present invention eight;
Figure 11 is the another schematic diagram of the mobile terminal of the embodiment of the present invention eight.
Embodiment
Below in conjunction with drawings and examples, the embodiment of the present invention is described in further detail.Following reality Apply example to be used to illustrate the present invention, but be not limited to the scope of the present invention.
As shown in Fig. 2, the STK modules of mobile terminal can include:MODEM (modem) module, TEE modules, REE Module.Wherein, TEE modules refer to an independent secure operating environment in mobile terminal, the environment and normal application Running environment REE module logics are isolated, and can only pass through API (the Appl icat ion Programming of mandate Interface, application programming interface) interact.TEE can support clean boot, safe UI, safety applications management etc. Security feature.
In embodiments of the present invention, above-mentioned MOEDEM modules, TEE modules, REE modules are improved.Specifically, at this In inventive embodiments, MODEM modules support filtering and the verifying function of safe STK instructions;REE modules support safe STK to refer to The filtering and forwarding of order;TEE modules support corresponding security function.
Based on TEE technologies, the embodiment of the present invention proposes a kind of signal processing method, to improve the safety of STK applications Property.
Embodiment one
As shown in figure 3, the signal processing method of the embodiment of the present invention one, is performed by MODEM modules, including:
Step 301, receive the STK orders that SIM card is sent.
In embodiments of the present invention, the flow of the embodiment of the present invention can be triggered in several ways.For example, work as mobile terminal When receiving data SMS, received data SMS is sent to SIM card by MODEM modules.Then, STK lives are returned to by SIM card Order.Wherein, the STK orders of SIM card can be input user password etc..
Step 302, generate STK processing orders according to the STK orders.
In practical applications, the STK orders that SIM card is sent have very much, and some of them are common STK orders (according to this The operation that order performs is not related to safety operation), some are STK security commands (needing to perform safety operation according to the order). In embodiments of the present invention, for common STK orders, in embodiments of the present invention still according to existing flow processing;I.e. Common STK orders are sent to REE modules by MODEM modules, and corresponding behaviour is performed according to common STK orders by REE modules Make.And for STK security commands, it is necessary to be handled in the way of the embodiment of the present invention.Therefore, in this step, MODEM Module needs to distinguish received STK orders.
In a particular application, MODEM modules can be grouped each STK orders, including:Safety command is grouped and commonly refers to Order packet.Wherein, safety command packet includes the STK orders of safety;Ordinary instruction packet includes common STK orders.
Therefore, after the STK orders of SIM are received, MODEM modules are according to belonging to the STK orders determine the STK orders Instruction packet, when the instruction packet belonging to the STK orders is grouped for safety command, determine the STK orders for STK peaces Full order.If it is determined that the STK orders are STK security commands, to enable REE modules or TEE modules accurately to distinguish, In embodiments of the present invention, an identification field is added on the head of the STK orders and/or afterbody, the identification field is used for Storage represents the mark that the STK orders are STK security commands.Then, institute is obtained according to the STK orders, the identification field State STK processing orders.That is, in embodiments of the present invention, STK processing orders include complete STK orders and a mark Character learning section.Wherein, which can arbitrarily be set.For example, when being identified as 1, it is STK security commands to represent the STK orders;It is no It is then common STK orders.
Step 303, send the STK processing order to TEE modules, and the STK processing order is used to indicate the TEE moulds Block performs safety operation.
In embodiments of the present invention, MODEM modules can directly be sent by the interface between TEE modules to TEE modules STK processing orders.Alternatively, in order to reduce the influence to existing mobile terminal system, MODEM modules can order STK processing REE modules are sent to, then TEE modules are sent it to by REE modules.
Step 304, receive the STK security information that the TEE modules are sent.
Corresponding to step 303, the STK security information of TEE modules transmission can be directly received in this MODEM module;Or MODEM modules can be received by the STK security information of the TEE modules of REE module forwards.Wherein, the STK security information bag Include but be not limited to by user password of safety operation processing etc..
Step 305, to the SIM card send the STK security information.
As seen from the above, since TEE modules are a relatively independent secure operating environments, with the prior art Compare, safety operation is performed to the security that can be further ensured that operation by TEE modules, so as to improve the safety of STK applications Property.
Embodiment two
As shown in figure 4, the signal processing method of the embodiment of the present invention two, is performed by TEE modules, including:
Step 401, receive the STK processing orders that MODEM modules are sent.
In this step, TEE modules can receive the STK directly transmitted by MODEM and handle order, or receive by REE moulds The STK processing orders that the MODEM of block forwarding is sent.
Step 402, handle order execution safety operation according to the STK, obtains STK security information.
In this step, identification field and STK orders are included in STK processing order.And here, TEE modules need root Safety operation is performed according to STK orders.Therefore, TEE modules obtain the STK orders that the STK processing order includes.It is if described STK orders are that requirement user inputs user password, then TEE modules show user interface according to the STK orders.User passes through The interface inputs user password, and TEE modules obtain the user password that user is inputted by the user interface.
In order to ensure security, encryption key is stored with TEE modules.Therefore, TEE modules can obtain encryption key, The user password is encrypted using the encryption key, using the encrypted user password as STK safety Information.MODEM modules are decrypted after the STK security information is received using corresponding decruption key.
Step 403, to the MODEM modules send the STK security information.
Here, TEE modules directly can send the STK security information to MODEM modules, also can be first by STK security information REE modules are sent to, then MODEM modules are given by REE module forwards.
As seen from the above, since TEE modules are a relatively independent secure operating environments, with the prior art Compare, safety operation is performed to the security that can be further ensured that operation by TEE modules, so as to improve the safety of STK applications Property.
Embodiment three
As shown in figure 5, the signal processing method of the embodiment of the present invention three, is performed by REE modules, including:
Step 501, receive the STK instructions that MODEM modules are sent.
In practical applications, the STK instructions that REE modules receive may include common STK orders and STK processing orders.
Step 502, when it is STK processing orders to determine STK instruction, to STK processing described in the TEE module forwards Order.
As it was previously stated, by judging whether include the letter in identification field and the identification field in received STK instructions It is safe STK orders to cease the STK orders for indicating whether to include in the instruction, it may be determined that whether STK instructions are STK processing orders.
The STK orders are represented when being stored with the identification field that STK instructions include identification field and STK instructions For STK security commands mark when, to described in the TEE module forwards STK processing order.
Step 503, receive the STK security information that the TEE modules are sent.
Step 504, to STK security information described in the MODEM module forwards.
As seen from the above, since TEE modules are a relatively independent secure operating environments, with the prior art Compare, safety operation is performed to the security that can be further ensured that operation by TEE modules, so as to improve the safety of STK applications Property.
Example IV
In the embodiment of the present invention four, described so that some STK application requirement user inputs password this scene as an example The signaling process flow of the embodiment of the present invention.
As shown in fig. 6, the signal processing method of the embodiment of the present invention four, including:
Step 601, MODEM modules receive the instruction of STK trigger flows, trigger STK trigger flows.
For example, MODEM modules receive data SMS, and then trigger STK flows.
Triggering command is sent to SIM card by step 602, MODEM modules.
Step 603, SIM card return to STK orders.
Wherein, the STK orders expression needs user to input user password.
Step 604, MODEM modules determine whether the STK orders are STK security commands.If so, then perform step 605;It is no Then, the STK orders are directly sent to REE modules, are handled by REE modules.
Step 605, MODEM modules determine the need for that the STK orders are encrypted.
Under normal conditions, the STK orders that SIM card is sent to MODEM modules are all the orders by encryption.But Being not excluded for SIM card does not have encrypted situation yet.Therefore, can be determined the need for as the case may be to STK orders in this MODEM It is encrypted.
In practical applications, encryption key and decruption key are all stored with MODEM modules and TEE modules.MODEM modules Using the STK orders after its encryption keys, TEE modules can utilize the decruption key of TEE modules storage to be decrypted.Phase Instead still.
If desired encrypt, then perform step 606;Otherwise step 607 is performed.
Step 606, be encrypted STK orders.
Step 607, MODEM modules generate STK processing orders according to STK orders.
Specifically, if MODEM modules are not encrypted STK orders, then are that basis is obtained by SIM card herein STK orders generation STK processing orders.If MODEM modules encrypt STK orders, then are according to encrypted herein STK orders generation STK processing order.
Wherein, generating the mode of STK processing orders is:STK orders or head Jing Guo encrypted STK orders and/ Or afterbody increases by an identification field, the mark for being used for representing that the STK orders are security command is set in identification field.For example, It is set to 1.
Step 608, MODEM modules send STK processing orders to REE modules.
Step 609, REE modules judge that STK processing orders instruct for safe STK, then forward it to TEE modules.
Step 610, TEE modules obtain the STK orders that the STK processing order includes, and are required according to instruction, pop-up peace Full UI interfaces, obtain user password input by user.
If the STK orders are encrypted by MODEM modules, then TEE modules also need to order using decryption key decryption STK herein Order.
Step 611, TEE modules encrypt user password input by user using encryption key, and user after encryption Check information is added in password, generates STK security information.
STK security information is sent to REE modules by step 612, TEE modules.
STK security information is sent to MODEM modules by step 613, REE modules.
Step 614, MODEM modules verify the STK security information.If verification passes through, decruption key is obtained, The STK security information is decrypted using the decruption key.
STK security information after decryption is sent to SIM card by step 615, MODEM modules.
Safety applications in step 616, SIM card, A.L.S. is returned to user password verification by backward MODEM modules Breath.
Step 617, MODEM module forwards signing messages give REE modules.
Signing messages is transmitted to STK applications by step 618, REE modules.
So far the signed data that SIM card offer has been provided of STK applications safety
As seen from the above, since TEE modules are a relatively independent secure operating environments, with the prior art Compare, safety operation is performed to the security that can be further ensured that operation by TEE modules, so as to improve the safety of STK applications Property.
Embodiment five
As shown in fig. 7, a kind of signal processing device of the embodiment of the present invention five, including:
First receiving module 701, for receiving the STK orders of subscriber identification module SIM card transmission;Processing module 702, is used Ordered in generating STK processing according to the STK orders;First sending module 703, for being sent out to credible performing environment TEE modules The STK processing order is sent, the STK processing order is used to indicate that the TEE modules perform safety operation;Second receiving module 704, the STK security information sent for receiving the TEE modules;Second sending module 705, for being sent to the SIM card The STK security information.
Wherein, the processing module 702 includes:
Determination sub-module, for determining whether the STK orders are STK security commands;Add submodule, for if it is determined that The STK orders are STK security commands, and an identification field, the mark are added on the head of the STK orders and/or afterbody Field is used to store the mark for representing that the STK orders are STK security commands;Submodule is generated, for being ordered using the STK Make, the identification field obtains the STK processing order.
Specifically, the determination sub-module includes:
First determination unit, for the instruction packet according to belonging to the definite STK orders of the STK orders;Second is true Order member, for when the instruction packet belonging to the STK orders is grouped for safety command, determining that the STK orders are pacified for STK Full order.
Specifically, the generation submodule includes:3rd determination unit, is used to determine whether to need to the STK orders It is encrypted;Encryption unit, for if desired the STK orders to be encrypted, obtains encryption key, and utilize the encryption The STK orders are encrypted in key;Generation unit, for being obtained according to the encrypted STK orders, the identification field Obtain the STK processing order.
Wherein, first sending module 703 is specifically used for:The STK processing life is sent to rich performing environment REE modules Order so that the REE modules are sent at the STK after determining that the STK processing order is security command to the TEE modules Reason order;Second receiving module 704 is specifically used for:The STK security information of the REE module forwards is received, it is described STK security information is sent from the TEE modules to the REE modules.
Wherein, second sending module includes:Submodule is verified, for being verified to the STK security information;Solution Close submodule, will using the decruption key for when the verification to the STK security information passes through, obtaining decruption key The STK security information decryption;Sending submodule, for sending the STK security information after the decryption to the SIM card.
In addition, in order to ensure the integrality of flow, first receiving module 701 is additionally operable to, and is received the SIM card and is sent Signing messages;First sending module 703 is additionally operable to, and the signing messages is sent to REE modules.
The operation principle of device of the present invention can refer to the description of preceding method embodiment.
As seen from the above, since TEE modules are a relatively independent secure operating environments, with the prior art Compare, safety operation is performed to the security that can be further ensured that operation by TEE modules, so as to improve the safety of STK applications Property.
Embodiment six
As shown in figure 8, a kind of signal processing device of the embodiment of the present invention six, including:
Receiving module 801, order is handled for the STK that receiving modem MODEM modules are sent;Processing module 802, Safety operation is performed for handling order according to the STK, obtains STK security information;Sending module 803, for described MODEM modules send the STK security information.
Wherein, the receiving module 801 is specifically used for, and receives the STK processing orders of REE module forwards;Wherein, institute It is to be sent to the REE modules by the MODEM modules to state STK processing orders.
Wherein, the processing module 802 includes:First acquisition submodule, includes for obtaining the STK processing order STK orders;Second acquisition submodule, for showing user interface according to the STK orders, obtains user and passes through the user The user password of interface input;Submodule is encrypted, for obtaining encryption key, using the encryption key to the user password It is encrypted;Submodule is handled, for using the encrypted user password as the STK security information.
In addition, in order to further improve the security, the processing module 802 further includes:Submodule is decrypted, for decrypting State STK orders.
In addition, in order to further improve the security, the processing module 802 further includes:Submodule is added, for be described Encrypted user password adds check information;The processing submodule is specifically used for, and will with the addition of and adds described in check information User password after close is as the STK security information.
Wherein, the sending module 803 is specifically used for:The STK security information is sent to REE modules so that the REE The STK security information is sent to the MODEM modules by module.
The operation principle of device of the present invention can refer to the description of preceding method embodiment.
As seen from the above, since TEE modules are a relatively independent secure operating environments, with the prior art Compare, safety operation is performed to the security that can be further ensured that operation by TEE modules, so as to improve the safety of STK applications Property.
Embodiment seven
As shown in figure 9, a kind of signal processing device of the embodiment of the present invention seven, including:
First receiving module 901, for receiving the STK instructions of MODEM modules transmission;First sending module 902, for working as When to determine STK instruction be STK processing orders, to STK processing order described in the TEE module forwards;Second receiving module 903, the STK security information sent for receiving the TEE modules;Second sending module 904, for the MODEM modules Forward the STK security information.
Wherein, first sending module 902 is specifically used for:When the STK instruction identification field in be stored with expression When the STK orders are the mark of STK security commands, to STK processing order described in the TEE module forwards.
In addition, first receiving module 901 is additionally operable to, the signing messages that the MOEDEM modules are sent is received;It is described First sending module 902 is additionally operable to, and the signing messages is sent to STK applications.
The operation principle of device of the present invention can refer to the description of preceding method embodiment.
As seen from the above, since TEE modules are a relatively independent secure operating environments, with the prior art Compare, safety operation is performed to the security that can be further ensured that operation by TEE modules, so as to improve the safety of STK applications Property.
Embodiment eight
As shown in Figure 10, a kind of mobile terminal of the embodiment of the present invention eight, including STK modules;The STK modules include:
MOEDEM modules 1001, for receiving the STK orders of subscriber identification module SIM card transmission;According to the STK orders Generate STK processing orders;The STK processing order is sent to credible performing environment TEE modules, the STK processing order is used for Indicate that the TEE modules perform safety operation;Receive the STK security information that the TEE modules are sent;Sent to the SIM card The STK security information;
TEE modules 1002, order is handled for the STK that receiving modem MODEM modules are sent;According to the STK Processing order performs safety operation, obtains STK security information;The STK security information is sent to the MODEM modules.
As shown in figure 11, the STK modules further include:
REE modules 1003, for receiving the STK instructions of MODEM modules transmission;It is STK processing when determining that the STK is instructed During order, to STK processing order described in the TEE module forwards;Receive the STK security information that the TEE modules are sent;To institute State STK security information described in MODEM module forwards.
The operation principle of device of the present invention can refer to the description of preceding method embodiment.
As seen from the above, since TEE modules are a relatively independent secure operating environments, with the prior art Compare, safety operation is performed to the security that can be further ensured that operation by TEE modules, so as to improve the safety of STK applications Property.
In several embodiments provided herein, it should be understood that disclosed method and apparatus, can be by other Mode realize.For example, device embodiment described above is only schematical, for example, the division of the unit, only For a kind of division of logic function, there can be other dividing mode when actually realizing, such as multiple units or component can combine Or another system is desirably integrated into, or some features can be ignored, or do not perform.Another, shown or discussed phase Coupling, direct-coupling or communication connection between mutually can be by some interfaces, the INDIRECT COUPLING or communication of device or unit Connection, can be electrical, machinery or other forms.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also That the independent physics of unit includes, can also two or more units integrate in a unit.Above-mentioned integrated list Member can both be realized in the form of hardware, can also be realized in the form of hardware adds SFU software functional unit.
The above-mentioned integrated unit realized in the form of SFU software functional unit, can be stored in one and computer-readable deposit In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a computer Equipment (can be personal computer, server, or network equipment etc.) performs receiving/transmission method described in each embodiment of the present invention Part steps.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (Read-Only Memory, abbreviation ROM), random access memory (Random Access Memory, abbreviation RAM), magnetic disc or CD etc. are various to store The medium of program code.
The above is the preferred embodiment of the present invention, it is noted that for those skilled in the art For, without departing from the principles of the present invention, some improvements and modifications can also be made, these improvements and modifications It should be regarded as protection scope of the present invention.

Claims (34)

  1. A kind of 1. signal processing method, it is characterised in that including:
    Receive the STK orders that subscriber identification module SIM card is sent;
    STK processing orders are generated according to the STK orders;
    The STK processing order is sent to credible performing environment TEE modules, the STK processing order is used to indicate the TEE moulds Block performs safety operation;
    Receive the STK security information that the TEE modules are sent;
    The STK security information is sent to the SIM card.
  2. 2. according to the method described in claim 1, it is characterized in that, described generate STK processing orders according to the STK orders Step, including:
    Determine whether the STK orders are STK security commands;
    If it is determined that the STK orders are STK security commands, an identifier word is added on the head of the STK orders and/or afterbody Section, the identification field are used to store the mark for representing that the STK orders are STK security commands;
    The STK processing order is obtained using the STK orders, the identification field.
  3. 3. according to the method described in claim 2, it is characterized in that, described determine whether the STK orders are STK security commands The step of, including:
    Instruction packet according to belonging to the STK orders determine the STK orders;
    When the instruction packet belonging to the STK orders is grouped for safety command, it is STK security commands to determine the STK orders.
  4. 4. according to the method described in claim 2, it is characterized in that, described obtained using the STK orders, the identification field The step of STK processing order, including:
    Determine the need for that the STK orders are encrypted;
    If desired the STK orders are encrypted, obtain encryption key, and using the encryption key to the STK orders It is encrypted;
    The STK processing order is obtained according to the encrypted STK orders, the identification field.
  5. 5. according to the method described in claim 1, it is characterized in that, described send the STK to credible performing environment TEE modules The step of processing order, including:
    The STK processing order is sent to rich performing environment REE modules so that the REE modules are determining the STK processing life Make to send the STK processing order to the TEE modules after security command;
    Described the step of receiving the STK security information that the TEE modules are sent, includes:
    Receive the STK security information of the REE module forwards, the STK security information is from the TEE modules to described What REE modules were sent.
  6. 6. according to the method described in claim 1, it is characterized in that, described send the STK security information to the SIM card Step, including:
    The STK security information is verified;
    When the verification to the STK security information passes through, decruption key is obtained, is pacified the STK using the decruption key Full information is decrypted;
    The STK security information after the decryption is sent to the SIM card.
  7. 7. according to claim 1-6 any one of them methods, it is characterised in that when the STK security information includes user During password, the method further includes:
    Receive the signing messages that the SIM card is sent;
    The signing messages is sent to REE modules.
  8. A kind of 8. signal processing method, it is characterised in that including:
    The STK processing orders that receiving modem MODEM modules are sent;
    Order is handled according to the STK and performs safety operation, obtains STK security information;
    The STK security information is sent to the MODEM modules.
  9. 9. the according to the method described in claim 8, it is characterized in that, STK that the receiving modem MODEM modules are sent The step of processing order, includes:
    Receive the STK processing orders of rich performing environment REE module forwards;Wherein, the STK processing order is by described MODEM modules are sent to the REE modules.
  10. 10. according to the method described in claim 8, it is characterized in that, described handle order execution safety behaviour according to the STK The step of making, obtaining STK security information, including:
    Obtain the STK orders that the STK processing order includes;
    User interface is shown according to the STK orders, obtains the user password that user is inputted by the user interface;
    Encryption key is obtained, the user password is encrypted using the encryption key, described the registered permanent residence is used by encrypted Order is used as the STK security information.
  11. 11. method according to claim 10, it is characterised in that in the STK orders that the acquisition STK processing order includes The step of after, it is described according to the STK handle order perform safety operation, obtain STK security information the step of, further include:
    Decrypt the STK orders.
  12. 12. according to the method described in claim 10, it is characterized in that, using the encryption key to the user password into After the step of row encryption, described handled according to the STK orders the step of performing safety operation, obtaining STK security information also to be wrapped Include:
    Check information is added for the encrypted user password;
    The encrypted user password of check information will be with the addition of as the STK security information.
  13. 13. according to claim 8-12 any one of them methods, it is characterised in that described to send institute to the MODEM modules The step of stating STK security information, including:
    The STK security information is sent to rich performing environment REE modules so that the REE modules send out the STK security information Give the MODEM modules.
  14. A kind of 14. signal processing method, it is characterised in that including:
    Receive the STK instructions that MODEM modules are sent;
    When it is STK processing orders to determine the STK instructions, to STK processing order described in the TEE module forwards;
    Receive the STK security information that the TEE modules are sent;
    To STK security information described in the MODEM module forwards.
  15. 15. according to the method for claim 14, it is characterised in that described when the definite STK instructions are STK processing orders When, it is specially the step of STK processing is ordered described in the TEE module forwards:
    When it is the mark of STK security commands that the expression STK orders are stored with the identification field of STK instructions, to institute State STK processing order described in TEE module forwards.
  16. 16. the method according to claims 14 or 15, it is characterised in that when the STK security information includes using the registered permanent residence When making, the method further includes:
    Receive the signing messages that the MOEDEM modules are sent;
    The signing messages is sent to STK applications.
  17. A kind of 17. signal processing device, it is characterised in that including:
    First receiving module, for receiving the STK orders of subscriber identification module SIM card transmission;
    Processing module, for generating STK processing orders according to the STK orders;
    First sending module, for sending the STK processing order, the STK processing order to credible performing environment TEE modules For indicating that the TEE modules perform safety operation;
    Second receiving module, the STK security information sent for receiving the TEE modules;
    Second sending module, for sending the STK security information to the SIM card.
  18. 18. device according to claim 17, it is characterised in that the processing module includes:
    Determination sub-module, for determining whether the STK orders are STK security commands;
    Submodule is added, for if it is determined that the STK orders are STK security commands, in the head of the STK orders and/or tail Portion adds an identification field, and the identification field is used to store the mark for representing that the STK orders are STK security commands;
    Submodule is generated, for obtaining the STK processing order using the STK orders, the identification field.
  19. 19. device according to claim 18, it is characterised in that the determination sub-module includes:
    First determination unit, for the instruction packet according to belonging to the definite STK orders of the STK orders;
    Second determination unit, for when the instruction packet belonging to the STK orders is grouped for safety command, determining the STK Order as STK security commands.
  20. 20. device according to claim 18, it is characterised in that the generation submodule includes:
    3rd determination unit, is used to determine whether to need that the STK orders are encrypted;
    Encryption unit, for if desired the STK orders to be encrypted, obtains encryption key, and utilize the encryption key The STK orders are encrypted;
    Generation unit, for obtaining the STK processing order according to the encrypted STK orders, the identification field.
  21. 21. device according to claim 17, it is characterised in that first sending module is specifically used for:Performed to richness Environment REE modules send the STK processing order so that the REE modules are determining that the STK processing order is security command Afterwards the STK processing order is sent to the TEE modules;
    Second receiving module is specifically used for:Receive the STK security information of the REE module forwards, the STK safety Information is sent from the TEE modules to the REE modules.
  22. 22. device according to claim 17, it is characterised in that second sending module includes:
    Submodule is verified, for being verified to the STK security information;
    Submodule is decrypted, for when the verification to the STK security information passes through, obtaining decruption key, utilizing the decryption Key decrypts the STK security information;
    Sending submodule, for sending the STK security information after the decryption to the SIM card.
  23. 23. according to claim 17-22 any one of them devices, it is characterised in that
    First receiving module is additionally operable to, and receives the signing messages that the SIM card is sent;
    First sending module is additionally operable to, and the signing messages is sent to REE modules.
  24. A kind of 24. signal processing device, it is characterised in that including:
    Receiving module, order is handled for the STK that receiving modem MODEM modules are sent;
    Processing module, performs safety operation for handling order according to the STK, obtains STK security information;
    Sending module, for sending the STK security information to the MODEM modules.
  25. 25. device according to claim 24, it is characterised in that the receiving module is specifically used for,
    Receive the STK processing orders of rich performing environment REE module forwards;Wherein, the STK processing order is by described MODEM modules are sent to the REE modules.
  26. 26. device according to claim 24, it is characterised in that the processing module includes:
    First acquisition submodule, the STK orders included for obtaining the STK processing order;
    Second acquisition submodule, for showing user interface according to the STK orders, it is defeated by the user interface to obtain user The user password entered;
    Submodule is encrypted, for obtaining encryption key, the user password is encrypted using the encryption key;
    Submodule is handled, for using the encrypted user password as the STK security information.
  27. 27. device according to claim 26, it is characterised in that the processing module further includes:
    Submodule is decrypted, for decrypting the STK orders.
  28. 28. device according to claim 26, it is characterised in that the processing module further includes:
    Submodule is added, for adding check information for the encrypted user password;
    The processing submodule is specifically used for:The encrypted user password of check information will be with the addition of as the STK Security information.
  29. 29. according to claim 24-28 any one of them devices, it is characterised in that the sending module is specifically used for:Xiang Fu Performing environment REE modules send the STK security information so that the STK security information is sent to described by the REE modules MODEM modules.
  30. A kind of 30. signal processing device, it is characterised in that including:
    First receiving module, for receiving the STK instructions of MODEM modules transmission;
    First sending module, for when it is STK processing orders to determine STK instruction, to described in the TEE module forwards STK processing orders;
    Second receiving module, the STK security information sent for receiving the TEE modules;
    Second sending module, for STK security information described in the MODEM module forwards.
  31. 31. device according to claim 30, it is characterised in that first sending module is specifically used for:As the STK Be stored with the identification field of instruction represent the STK orders for STK security commands mark when, to the TEE module forwards The STK processing order.
  32. 32. the device according to claim 30 or 31, it is characterised in that
    First receiving module is additionally operable to:Receive the signing messages that the MOEDEM modules are sent;
    First sending module is additionally operable to:The signing messages is sent to STK applications.
  33. 33. a kind of mobile terminal, it is characterised in that including STK modules;The STK modules include:
    MOEDEM modules, for receiving the STK orders of subscriber identification module SIM card transmission;STK is generated according to the STK orders Processing order;The STK processing order is sent to credible performing environment TEE modules, the STK processing order is used to indicate described TEE modules perform safety operation;Receive the STK security information that the TEE modules are sent;The STK peaces are sent to the SIM card Full information;
    TEE modules, order is handled for the STK that receiving modem MODEM modules are sent;Handled and ordered according to the STK Safety operation is performed, obtains STK security information;The STK security information is sent to the MODEM modules.
  34. 34. mobile terminal according to claim 33, it is characterised in that the STK modules further include:
    REE modules, for receiving the STK instructions of MODEM modules transmission;When it is STK processing orders to determine the STK instructions, To STK processing order described in the TEE module forwards;Receive the STK security information that the TEE modules are sent;To the MODEM STK security information described in module forwards.
CN201610906306.2A 2016-10-18 2016-10-18 A kind of signal processing method, device and mobile terminal Pending CN107967421A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610906306.2A CN107967421A (en) 2016-10-18 2016-10-18 A kind of signal processing method, device and mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610906306.2A CN107967421A (en) 2016-10-18 2016-10-18 A kind of signal processing method, device and mobile terminal

Publications (1)

Publication Number Publication Date
CN107967421A true CN107967421A (en) 2018-04-27

Family

ID=61996195

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610906306.2A Pending CN107967421A (en) 2016-10-18 2016-10-18 A kind of signal processing method, device and mobile terminal

Country Status (1)

Country Link
CN (1) CN107967421A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1929654A (en) * 2006-09-13 2007-03-14 北京握奇数据系统有限公司 Information directly interactive method for mobile communication subscriber identification recognition card and supporting apparatus thereof
EP2334025A1 (en) * 2009-12-08 2011-06-15 Gemalto SA Proactive commands over secure channel between a mobile equipment and a UICC
CN104301289A (en) * 2013-07-17 2015-01-21 中国银联股份有限公司 Apparatus for security information interaction
EP2884419A1 (en) * 2013-12-16 2015-06-17 Gemalto SA Method for managing secure proactive commands in a terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1929654A (en) * 2006-09-13 2007-03-14 北京握奇数据系统有限公司 Information directly interactive method for mobile communication subscriber identification recognition card and supporting apparatus thereof
EP2334025A1 (en) * 2009-12-08 2011-06-15 Gemalto SA Proactive commands over secure channel between a mobile equipment and a UICC
CN104301289A (en) * 2013-07-17 2015-01-21 中国银联股份有限公司 Apparatus for security information interaction
EP2884419A1 (en) * 2013-12-16 2015-06-17 Gemalto SA Method for managing secure proactive commands in a terminal

Similar Documents

Publication Publication Date Title
CN110401615B (en) Identity authentication method, device, equipment, system and readable storage medium
CN102045333B (en) Method for generating safety message process key
CN105812332A (en) Data protection method
EP3968597B1 (en) Methods for encrypting and decrypting data
CN109818741B (en) Decryption calculation method and device based on elliptic curve
CN104660589A (en) Method and system for controlling encryption of information and analyzing information as well as terminal
CN104463040A (en) Secure input method and system for password
CN112241527B (en) Secret key generation method and system of terminal equipment of Internet of things and electronic equipment
CN108199847B (en) Digital security processing method, computer device, and storage medium
CN111385084A (en) Key management method and device for digital assets and computer readable storage medium
CN104199657A (en) Call method and device for open platform
CN106817346A (en) Data transmission method and device and electronic equipment
CN105975867A (en) Data processing method
CN105610872B (en) Internet-of-things terminal encryption method and internet-of-things terminal encryption device
CN104951366A (en) Mobile terminal application program login method and equipment
CN109981677B (en) Credit granting management method and device
CN106330437A (en) Password resetting method and device
CN104933361A (en) Device and method for protecting login password
CN116455572B (en) Data encryption method, device and equipment
CN104504309A (en) Data encryption method and terminal for application program
CN112199730A (en) Method and device for processing application data on terminal and electronic equipment
CN106778227A (en) Applied program processing method, application program launching method and device
KR101329789B1 (en) Encryption Method of Database of Mobile Communication Device
US20170310646A1 (en) Method to detect an ota (over the air) standard message affected by an error
CN107967421A (en) A kind of signal processing method, device and mobile terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180427