CN108684036B - Electronic terminal and eSIM data processing method based on trusted execution environment - Google Patents

Electronic terminal and eSIM data processing method based on trusted execution environment Download PDF

Info

Publication number
CN108684036B
CN108684036B CN201810407494.3A CN201810407494A CN108684036B CN 108684036 B CN108684036 B CN 108684036B CN 201810407494 A CN201810407494 A CN 201810407494A CN 108684036 B CN108684036 B CN 108684036B
Authority
CN
China
Prior art keywords
esim
data
storage module
client application
execution environment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201810407494.3A
Other languages
Chinese (zh)
Other versions
CN108684036A (en
Inventor
许培培
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Runyang Starch Products Co ltd
Original Assignee
Nanjing Runyang Starch Products Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Runyang Starch Products Co ltd filed Critical Nanjing Runyang Starch Products Co ltd
Priority to CN201810407494.3A priority Critical patent/CN108684036B/en
Publication of CN108684036A publication Critical patent/CN108684036A/en
Application granted granted Critical
Publication of CN108684036B publication Critical patent/CN108684036B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • H04W8/24Transfer of terminal data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to an electronic terminal and an eSIM data processing method based on a trusted execution environment, wherein the electronic terminal comprises: the system comprises a baseband chip, an eSIM client application, an eSIM trusted application and a first storage module; the eSIM client application works in a common execution environment, and the eSIM trusted application and the first storage module work in a trusted execution environment; the eSIM client application is used for forwarding data between the baseband chip and the eSIM trusted application, and caching data to be forwarded in the first storage module under a preset condition. The electronic terminal is based on the eSIM framework of the trusted execution environment, and the first storage module is added for caching data of the eSIM client application working in the common execution environment so as to improve the data processing speed; in addition, the first storage module operates in a trusted execution environment to ensure security of data cached by the eSIM client application.

Description

Electronic terminal and eSIM data processing method based on trusted execution environment
Technical Field
The invention relates to the technical field of communication, in particular to an electronic terminal and an eSIM data processing method based on a trusted execution environment.
Background
At present, mobile terminals (e.g., mobile phones) are increasingly designed to be compact for the purpose of improving their portability. Such as a mobile eSIM card, an Embedded-SIM, Embedded SIM card. The eSIM card concept is to embed a conventional SIM card directly onto the device chip rather than adding it as a separate removable component to the device, without the user having to insert a physical SIM card. This will allow the user more flexibility in choosing a package of operators or changing operators at any time without having to unlock the equipment or purchase new equipment. The future universal eSIM standard establishment can save more mobile equipment use cost for common consumers and enterprise users, and bring more convenience and safety.
Disclosure of Invention
According to a first aspect of the present invention, there is provided an electronic terminal comprising: the system comprises a baseband chip, an eSIM client application, an eSIM trusted application and a first storage module; the eSIM client application works in a common execution environment, and the eSIM trusted application and the first storage module work in a trusted execution environment; the eSIM client application is used for forwarding data between the baseband chip and the eSIM trusted application, and caching data to be forwarded in the first storage module under a preset condition.
In one embodiment, the electronic terminal further comprises a second storage module, and the second storage module operates in a common execution environment; the eSIM client application is used for caching sensitive type data in the first storage module and caching non-sensitive type data in the second storage module.
Preferably, the eSIM client application is configured to prioritize data when caching the data in the first storage module and/or the second storage module.
In one embodiment, an eSIM client application prioritizes the data, generates priority information, and inserts the priority information into corresponding data;
or the eSIM client application generates priority information after prioritizing the data, wherein the priority information is used for storing the data in the second storage module; and calling out corresponding data from the first storage module by the eSIM client application according to the priority information stored in the second storage module.
In an embodiment, the first storage module is further used for data storage of an eSIM trusted application.
According to a third aspect of the present invention, the present invention further provides an eSIM data processing method for an electronic terminal based on a trusted execution environment, where the electronic terminal includes a baseband chip, an eSIM client application operating in a normal execution environment, and an eSIM trusted application operating in a trusted execution environment; the method comprises the following steps: the eSIM client application acquires data from the baseband chip and forwards the data to the eSIM trusted application, and the data returned by the eSIM trusted application is acquired and then forwarded to the baseband chip; and under a preset condition, the eSIM client application caches the data in a first storage module after acquiring the data, wherein the first storage module works in a trusted execution environment.
In one embodiment, under a preset condition, after the eSIM client application obtains data, caching the sensitive type data in the first storage module, and caching the non-sensitive type data in the second storage module; the second storage module operates in a common execution environment.
Preferably, the eSIM client application prioritizes data as it is cached to the first storage module and/or the second storage module.
In one embodiment, an eSIM client application prioritizes the data, generates priority information, and inserts the priority information into corresponding data;
or the eSIM client application generates priority information after prioritizing the data, wherein the priority information is used for storing the data in the second storage module; and calling out corresponding data from the first storage module by the eSIM client application according to the priority information stored in the second storage module.
By implementing the electronic terminal and the eSIM data processing method based on the trusted execution environment, the first storage module is added and is used for caching data of the eSIM client application working in the common execution environment so as to improve the data processing speed; in addition, the first storage module operates in a trusted execution environment to ensure security of data cached by the eSIM client application.
Drawings
Fig. 1 is a general architecture diagram of an electronic terminal based on an eSIM in a trusted execution environment according to an embodiment of the present invention;
fig. 2 is a general architecture diagram of an electronic terminal based on an eSIM in a trusted execution environment according to another embodiment of the present invention;
fig. 3 is a diagram illustrating an overall architecture of an electronic terminal based on an eSIM in a trusted execution environment according to another embodiment of the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantageous effects to be solved by the present invention clearer and clearer, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
It should be noted that the electronic terminal referred to in the present invention may be a mobile terminal or other fixed terminal. The electronic terminal may be implemented in various forms. For example, the electronic terminals described in the embodiments of the present invention may include mobile terminals such as mobile phones, smart phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PMPs (portable multimedia players), navigation devices, and the like, and stationary terminals such as digital TVs, desktop computers, stationary photographing terminals, and the like.
eSIM is a solution for future electronic terminals to enable communication, which will replace the current physical SIM card. At present, some relevant technical standards for eSIM are not yet established, technical proposals for implementing eSIM have great differences, and how to establish the overall architecture of eSIM is also a focus problem to be solved.
The first embodiment is as follows:
the present embodiment provides an electronic terminal and an eSIM data processing method based on a trusted execution environment thereof, and the architecture and method are specifically described below with reference to the accompanying drawings.
Please refer to fig. 1, which is a diagram illustrating an overall architecture of the electronic terminal based on the eSIM in the trusted execution environment according to the present embodiment.
The eSIM trusted application 103 operates in a trusted execution environment of the electronic terminal 10, and is configured to implement functions of a SIM card, such as: the generation, storage and management of the key, the decryption of encrypted PROFILE, the storage and verification of the certificate, the network authentication, the data calculation and the like. The SIM card function may refer to an existing physical SIM card (i.e., non-eSIM card), which is not described in detail in this embodiment.
The eSIM client application 102 operates in the normal execution environment of the electronic terminal 10 and is primarily responsible for interacting with the baseband chip 101 (primarily with a Modem, Modem interaction), using eSIM functions, and forwarding instructions for the baseband chip 101. Of course, in some cases, the baseband chip 101 may also directly send the instruction data to the eSIM trusted application 103.
In this embodiment, the electronic terminal further includes a first storage module 104 operating in a trusted execution environment. When the eSIM client application performs data forwarding between the baseband chip 101 and the eSIM trusted application 103, under a preset condition, data to be forwarded is cached in the first storage module 104.
The "data" referred to in the present embodiment includes instruction data and information data.
Generally, the preset condition refers to when the eSIM client application 102 is processing a large amount of data, i.e., the eSIM client application 102 is in a busy time. For example, the eSIM client Application 102 forwards an APDU (Application Protocol Data Unit) instruction sent from the baseband chip 101 to the eSIM trusted Application 103 for processing, and sends a processing result of the eSIM trusted Application 103 back to the baseband chip 101. When APDUs with large data volumes are processed, the response speed of the baseband chip 101 can be increased by caching partial data, and the situation that the eSIM trusted application 103 is frequently called is avoided.
Meanwhile, since the first storage module 104 operates in a trusted execution environment, the security of the cached data can be ensured.
Preferably, in this embodiment, the eSIM client application 102 is further configured to prioritize data when caching the data in the first storage module 104. The priority ranking mode can be preset, for example, ranking according to the importance of data.
In some embodiments, the eSIM client application 102 generates priority information upon prioritizing the data and inserts the priority information into the corresponding data. I.e. the data itself carries the priority information. At this time, the eSIM client application 102 directly stores the data carrying the priority information in the first storage module 104, and when the data is taken out from the first storage module 104, the data with a high priority is taken out first according to the corresponding priority information.
In this embodiment, the first storage module 104 is electrically connected to only the eSIM client application 102, that is, the first storage module 104 is only used by the eSIM client application 102 for storing data.
As shown in fig. 2, in another embodiment, the first storage module 104 is also used for data storage of the eSIM trusted application 103, i.e., the eSIM client application 102 and the eSIM trusted application 103 share the first storage module 104.
Example two:
the present embodiment provides another electronic terminal and an eSIM data processing method based on a trusted execution environment thereof, and the architecture and method are specifically described below with reference to the accompanying drawings.
Fig. 3 is a diagram illustrating an overall architecture of the electronic terminal based on the eSIM in the trusted execution environment according to the present embodiment.
The eSIM trusted application 103 operates in a trusted execution environment of the electronic terminal 10, and is configured to implement functions of a SIM card, such as: the generation, storage and management of the key, the decryption of encrypted PROFILE, the storage and verification of the certificate, the network authentication, the data calculation and the like. The SIM card function may refer to an existing physical SIM card (i.e., non-eSIM card), which is not described in detail in this embodiment.
The eSIM client application 102 operates in the normal execution environment of the electronic terminal 10 and is primarily responsible for interacting with the baseband chip 101 (primarily with a Modem, Modem interaction), using eSIM functions, and forwarding instructions for the baseband chip 101. Of course, in some cases, the baseband chip 101 may also directly send the instruction data to the eSIM trusted application 103.
In this embodiment, the electronic terminal further includes a first storage module 104 operating in a trusted execution environment. When the eSIM client application performs data forwarding between the baseband chip 101 and the eSIM trusted application 103, under a preset condition, data to be forwarded is cached in the first storage module 104.
The difference between the present embodiment and the first embodiment is that the electronic terminal further includes a second storage module 201, and the second storage module 201 operates in a common execution environment. The eSIM client application 102 is configured to cache sensitive type data in the first storage module 104 and non-sensitive type data in the second storage module 201.
The "data" referred to in the present embodiment includes instruction data and information data.
Generally, the preset condition refers to when the eSIM client application 102 is processing a large amount of data, i.e., the eSIM client application 102 is in a busy time. For example, the eSIM client Application 102 forwards an APDU (Application Protocol Data Unit) instruction sent from the baseband chip 101 to the eSIM trusted Application 103 for processing, and sends a processing result of the eSIM trusted Application 103 back to the baseband chip 101. When APDUs with large data volumes are processed, the response speed of the baseband chip 101 can be increased by caching partial data, and the situation that the eSIM trusted application 103 is frequently called is avoided.
Meanwhile, since the first storage module 104 operates in a trusted execution environment, the security of the cached sensitive type data can be ensured.
Preferably, in this embodiment, the eSIM client application 102 is further configured to prioritize data when caching the data in the first storage module 104 and the second storage module 201. The priority ranking mode can be preset, for example, ranking according to the importance of data.
In some embodiments, the eSIM client application 102 generates priority information upon prioritizing the data and inserts the priority information into the corresponding data. I.e. the data itself carries the priority information. At this time, the eSIM client application 102 directly stores the data carrying the priority information in the first storage module 104 and the second storage module 201, and when the data is fetched from the first storage module 104 and the second storage module 201, the data with a high priority is fetched first according to the corresponding priority information.
In other embodiments, the eSIM client application 102 generates priority information after prioritizing the data, the priority information for storage to the second storage module 201. When the eSIM client application 102 fetches the data from the first storage module 104 and the second storage module 201, the corresponding data is called from the first storage module 104 and the second storage module 201 according to the priority information stored in the second storage module 201. That is, the first storage module 104 operating in the trusted execution environment simply stores the original data of the sensitive type data, and as for the priority information, stores the original data in the second storage module 201 operating in the normal execution environment.
In this embodiment, the first storage module 104 is electrically connected to only the eSIM client application 102, that is, the first storage module 104 is only used by the eSIM client application 102 for storing data.
Of course, in another embodiment, as described in the first embodiment, the first storage module 104 is also used for storing data of the eSIM trusted application 103, that is, the eSIM client application 102 and the eSIM trusted application 103 share the first storage module 104.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (7)

1. An electronic terminal, comprising: the system comprises a baseband chip, an eSIM client application, an eSIM trusted application and a first storage module; the eSIM client application works in a common execution environment, and the eSIM trusted application and the first storage module work in a trusted execution environment; the eSIM client application is used for forwarding data between the baseband chip and the eSIM trusted application and caching data to be forwarded in the first storage module under a preset condition;
the electronic terminal also comprises a second storage module, and the second storage module works in a common execution environment; the eSIM client application is used for caching sensitive type data in the first storage module and caching non-sensitive type data in the second storage module.
2. The electronic terminal of claim 1, wherein the eSIM client application is configured to prioritize data as it is cached to the first storage module and/or the second storage module.
3. The electronic terminal of claim 2, wherein an eSIM client application generates priority information after prioritizing the data and inserts the priority information into corresponding data;
or the eSIM client application generates priority information after prioritizing the data, wherein the priority information is used for storing the data in the second storage module; and calling out corresponding data from the first storage module by the eSIM client application according to the priority information stored in the second storage module.
4. The electronic terminal of claim 1, wherein the first storage module is further for data storage of an eSIM trusted application.
5. An electronic terminal is based on an eSIM data processing method of a trusted execution environment, and is characterized in that the electronic terminal comprises a baseband chip, an eSIM client application working in a common execution environment and an eSIM trusted application working in the trusted execution environment; the method comprises the following steps: the eSIM client application acquires data from the baseband chip and forwards the data to the eSIM trusted application, and the data returned by the eSIM trusted application is acquired and then forwarded to the baseband chip; under a preset condition, the eSIM client application caches the data in a first storage module after acquiring the data, wherein the first storage module works in a trusted execution environment;
the method further comprises the following steps: under a preset condition, caching sensitive data in the first storage module and caching non-sensitive data in the second storage module after the eSIM client application acquires the data; the second storage module operates in a common execution environment.
6. The method of claim 5, wherein the data is prioritized by the eSIM client application when caching the data to the first storage module and/or the second storage module.
7. The method of claim 6, wherein an eSIM client application generates priority information upon prioritizing the data and inserts the priority information into corresponding data;
or the eSIM client application generates priority information after prioritizing the data, wherein the priority information is used for storing the data in the second storage module; and calling out corresponding data from the first storage module by the eSIM client application according to the priority information stored in the second storage module.
CN201810407494.3A 2018-04-28 2018-04-28 Electronic terminal and eSIM data processing method based on trusted execution environment Expired - Fee Related CN108684036B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810407494.3A CN108684036B (en) 2018-04-28 2018-04-28 Electronic terminal and eSIM data processing method based on trusted execution environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810407494.3A CN108684036B (en) 2018-04-28 2018-04-28 Electronic terminal and eSIM data processing method based on trusted execution environment

Publications (2)

Publication Number Publication Date
CN108684036A CN108684036A (en) 2018-10-19
CN108684036B true CN108684036B (en) 2021-11-23

Family

ID=63802751

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810407494.3A Expired - Fee Related CN108684036B (en) 2018-04-28 2018-04-28 Electronic terminal and eSIM data processing method based on trusted execution environment

Country Status (1)

Country Link
CN (1) CN108684036B (en)

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102236530A (en) * 2010-04-23 2011-11-09 广州盛华信息技术有限公司 System for realizing mobile phone buffer memory mechanism and method for loading mobile phone operation system
CN104205891B (en) * 2011-12-30 2019-02-26 瑞典爱立信有限公司 Virtual SIM card cloud platform
GB201909199D0 (en) * 2013-02-22 2019-08-07 Tran Bao Communication apparatus
CN106230916A (en) * 2016-07-26 2016-12-14 深圳市乐唯科技开发有限公司 Data receiver that a kind of anti-user interface is stuck and management method
CN106446719B (en) * 2016-09-29 2020-09-11 宇龙计算机通信科技(深圳)有限公司 Method for preventing eSIM file from being tampered and mobile terminal
CN106658474B (en) * 2016-10-31 2019-11-19 上海路随通信科技有限公司 SIM card data security protection method is realized using embedded-type security element
CN107027115B (en) * 2017-04-18 2020-06-16 深圳融卡智能科技有限公司 Equipment and method for safely realizing soft SIM card

Also Published As

Publication number Publication date
CN108684036A (en) 2018-10-19

Similar Documents

Publication Publication Date Title
US20210089644A1 (en) Method, means, system, processor, and memory for intercepting malicious websites
US10171449B2 (en) Account login method and device
US9769266B2 (en) Controlling access to resources on a network
CN106997439B (en) TrustZone-based data encryption and decryption method and device and terminal equipment
US20090298468A1 (en) System and method for deleting data in a communication device
CN112287372B (en) Method and apparatus for protecting clipboard privacy
KR20110124342A (en) Method and apparatus to vet an executable program using a model
CN109995876B (en) File transmission method, device, system and computer storage medium
US11250421B2 (en) Storing secure credential information in different regions
KR20190069574A (en) Wireless network type detection method and apparatus, and electronic device
EP2770768A2 (en) Method and system for replacing an se key of a mobile terminal
US9047470B2 (en) Secure provisioning of commercial off-the-shelf (COTS) devices
CN105790948A (en) Identity authentication method and identity authentication device
US10469575B2 (en) Techniques for contact exporting
CN112115500A (en) Method, device and system for accessing file
EP3210403B1 (en) Method of sending data from a secure token to a distant server
CN108684036B (en) Electronic terminal and eSIM data processing method based on trusted execution environment
CN109474591B (en) Method and device for sharing accounts among multiple systems, electronic equipment and storage medium
CN106576329B (en) Context-based resource access mediation
US9642010B2 (en) Management server, data processing method, and program
WO2019127468A1 (en) Grouped application using same key for sharing data
KR102261789B1 (en) Smishing message monitoring method and smishing level determination method
JP2014011711A (en) Communication system, communication terminal device, server device, communication service utilization method, determination method, and program
KR20140129669A (en) Method for controlling access to data and an electronic device thereof
US11176021B2 (en) Messaging systems with improved reliability

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20211108

Address after: 210000 tuanjiewei grain depot, Chunxi Town, Gaochun District, Nanjing City, Jiangsu Province

Applicant after: Nanjing Runyang starch products Co.,Ltd.

Address before: Room 202, building a, phase II, science and technology building, 1057 Nanhai Avenue, Nanshan District, Shenzhen, Guangdong 518000

Applicant before: Xu Peipei

GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20211123