CN108684036B - Electronic terminal and eSIM data processing method based on trusted execution environment - Google Patents
Electronic terminal and eSIM data processing method based on trusted execution environment Download PDFInfo
- Publication number
- CN108684036B CN108684036B CN201810407494.3A CN201810407494A CN108684036B CN 108684036 B CN108684036 B CN 108684036B CN 201810407494 A CN201810407494 A CN 201810407494A CN 108684036 B CN108684036 B CN 108684036B
- Authority
- CN
- China
- Prior art keywords
- esim
- data
- storage module
- client application
- execution environment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
- H04W8/24—Transfer of terminal data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to an electronic terminal and an eSIM data processing method based on a trusted execution environment, wherein the electronic terminal comprises: the system comprises a baseband chip, an eSIM client application, an eSIM trusted application and a first storage module; the eSIM client application works in a common execution environment, and the eSIM trusted application and the first storage module work in a trusted execution environment; the eSIM client application is used for forwarding data between the baseband chip and the eSIM trusted application, and caching data to be forwarded in the first storage module under a preset condition. The electronic terminal is based on the eSIM framework of the trusted execution environment, and the first storage module is added for caching data of the eSIM client application working in the common execution environment so as to improve the data processing speed; in addition, the first storage module operates in a trusted execution environment to ensure security of data cached by the eSIM client application.
Description
Technical Field
The invention relates to the technical field of communication, in particular to an electronic terminal and an eSIM data processing method based on a trusted execution environment.
Background
At present, mobile terminals (e.g., mobile phones) are increasingly designed to be compact for the purpose of improving their portability. Such as a mobile eSIM card, an Embedded-SIM, Embedded SIM card. The eSIM card concept is to embed a conventional SIM card directly onto the device chip rather than adding it as a separate removable component to the device, without the user having to insert a physical SIM card. This will allow the user more flexibility in choosing a package of operators or changing operators at any time without having to unlock the equipment or purchase new equipment. The future universal eSIM standard establishment can save more mobile equipment use cost for common consumers and enterprise users, and bring more convenience and safety.
Disclosure of Invention
According to a first aspect of the present invention, there is provided an electronic terminal comprising: the system comprises a baseband chip, an eSIM client application, an eSIM trusted application and a first storage module; the eSIM client application works in a common execution environment, and the eSIM trusted application and the first storage module work in a trusted execution environment; the eSIM client application is used for forwarding data between the baseband chip and the eSIM trusted application, and caching data to be forwarded in the first storage module under a preset condition.
In one embodiment, the electronic terminal further comprises a second storage module, and the second storage module operates in a common execution environment; the eSIM client application is used for caching sensitive type data in the first storage module and caching non-sensitive type data in the second storage module.
Preferably, the eSIM client application is configured to prioritize data when caching the data in the first storage module and/or the second storage module.
In one embodiment, an eSIM client application prioritizes the data, generates priority information, and inserts the priority information into corresponding data;
or the eSIM client application generates priority information after prioritizing the data, wherein the priority information is used for storing the data in the second storage module; and calling out corresponding data from the first storage module by the eSIM client application according to the priority information stored in the second storage module.
In an embodiment, the first storage module is further used for data storage of an eSIM trusted application.
According to a third aspect of the present invention, the present invention further provides an eSIM data processing method for an electronic terminal based on a trusted execution environment, where the electronic terminal includes a baseband chip, an eSIM client application operating in a normal execution environment, and an eSIM trusted application operating in a trusted execution environment; the method comprises the following steps: the eSIM client application acquires data from the baseband chip and forwards the data to the eSIM trusted application, and the data returned by the eSIM trusted application is acquired and then forwarded to the baseband chip; and under a preset condition, the eSIM client application caches the data in a first storage module after acquiring the data, wherein the first storage module works in a trusted execution environment.
In one embodiment, under a preset condition, after the eSIM client application obtains data, caching the sensitive type data in the first storage module, and caching the non-sensitive type data in the second storage module; the second storage module operates in a common execution environment.
Preferably, the eSIM client application prioritizes data as it is cached to the first storage module and/or the second storage module.
In one embodiment, an eSIM client application prioritizes the data, generates priority information, and inserts the priority information into corresponding data;
or the eSIM client application generates priority information after prioritizing the data, wherein the priority information is used for storing the data in the second storage module; and calling out corresponding data from the first storage module by the eSIM client application according to the priority information stored in the second storage module.
By implementing the electronic terminal and the eSIM data processing method based on the trusted execution environment, the first storage module is added and is used for caching data of the eSIM client application working in the common execution environment so as to improve the data processing speed; in addition, the first storage module operates in a trusted execution environment to ensure security of data cached by the eSIM client application.
Drawings
Fig. 1 is a general architecture diagram of an electronic terminal based on an eSIM in a trusted execution environment according to an embodiment of the present invention;
fig. 2 is a general architecture diagram of an electronic terminal based on an eSIM in a trusted execution environment according to another embodiment of the present invention;
fig. 3 is a diagram illustrating an overall architecture of an electronic terminal based on an eSIM in a trusted execution environment according to another embodiment of the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantageous effects to be solved by the present invention clearer and clearer, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
It should be noted that the electronic terminal referred to in the present invention may be a mobile terminal or other fixed terminal. The electronic terminal may be implemented in various forms. For example, the electronic terminals described in the embodiments of the present invention may include mobile terminals such as mobile phones, smart phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PMPs (portable multimedia players), navigation devices, and the like, and stationary terminals such as digital TVs, desktop computers, stationary photographing terminals, and the like.
eSIM is a solution for future electronic terminals to enable communication, which will replace the current physical SIM card. At present, some relevant technical standards for eSIM are not yet established, technical proposals for implementing eSIM have great differences, and how to establish the overall architecture of eSIM is also a focus problem to be solved.
The first embodiment is as follows:
the present embodiment provides an electronic terminal and an eSIM data processing method based on a trusted execution environment thereof, and the architecture and method are specifically described below with reference to the accompanying drawings.
Please refer to fig. 1, which is a diagram illustrating an overall architecture of the electronic terminal based on the eSIM in the trusted execution environment according to the present embodiment.
The eSIM trusted application 103 operates in a trusted execution environment of the electronic terminal 10, and is configured to implement functions of a SIM card, such as: the generation, storage and management of the key, the decryption of encrypted PROFILE, the storage and verification of the certificate, the network authentication, the data calculation and the like. The SIM card function may refer to an existing physical SIM card (i.e., non-eSIM card), which is not described in detail in this embodiment.
The eSIM client application 102 operates in the normal execution environment of the electronic terminal 10 and is primarily responsible for interacting with the baseband chip 101 (primarily with a Modem, Modem interaction), using eSIM functions, and forwarding instructions for the baseband chip 101. Of course, in some cases, the baseband chip 101 may also directly send the instruction data to the eSIM trusted application 103.
In this embodiment, the electronic terminal further includes a first storage module 104 operating in a trusted execution environment. When the eSIM client application performs data forwarding between the baseband chip 101 and the eSIM trusted application 103, under a preset condition, data to be forwarded is cached in the first storage module 104.
The "data" referred to in the present embodiment includes instruction data and information data.
Generally, the preset condition refers to when the eSIM client application 102 is processing a large amount of data, i.e., the eSIM client application 102 is in a busy time. For example, the eSIM client Application 102 forwards an APDU (Application Protocol Data Unit) instruction sent from the baseband chip 101 to the eSIM trusted Application 103 for processing, and sends a processing result of the eSIM trusted Application 103 back to the baseband chip 101. When APDUs with large data volumes are processed, the response speed of the baseband chip 101 can be increased by caching partial data, and the situation that the eSIM trusted application 103 is frequently called is avoided.
Meanwhile, since the first storage module 104 operates in a trusted execution environment, the security of the cached data can be ensured.
Preferably, in this embodiment, the eSIM client application 102 is further configured to prioritize data when caching the data in the first storage module 104. The priority ranking mode can be preset, for example, ranking according to the importance of data.
In some embodiments, the eSIM client application 102 generates priority information upon prioritizing the data and inserts the priority information into the corresponding data. I.e. the data itself carries the priority information. At this time, the eSIM client application 102 directly stores the data carrying the priority information in the first storage module 104, and when the data is taken out from the first storage module 104, the data with a high priority is taken out first according to the corresponding priority information.
In this embodiment, the first storage module 104 is electrically connected to only the eSIM client application 102, that is, the first storage module 104 is only used by the eSIM client application 102 for storing data.
As shown in fig. 2, in another embodiment, the first storage module 104 is also used for data storage of the eSIM trusted application 103, i.e., the eSIM client application 102 and the eSIM trusted application 103 share the first storage module 104.
Example two:
the present embodiment provides another electronic terminal and an eSIM data processing method based on a trusted execution environment thereof, and the architecture and method are specifically described below with reference to the accompanying drawings.
Fig. 3 is a diagram illustrating an overall architecture of the electronic terminal based on the eSIM in the trusted execution environment according to the present embodiment.
The eSIM trusted application 103 operates in a trusted execution environment of the electronic terminal 10, and is configured to implement functions of a SIM card, such as: the generation, storage and management of the key, the decryption of encrypted PROFILE, the storage and verification of the certificate, the network authentication, the data calculation and the like. The SIM card function may refer to an existing physical SIM card (i.e., non-eSIM card), which is not described in detail in this embodiment.
The eSIM client application 102 operates in the normal execution environment of the electronic terminal 10 and is primarily responsible for interacting with the baseband chip 101 (primarily with a Modem, Modem interaction), using eSIM functions, and forwarding instructions for the baseband chip 101. Of course, in some cases, the baseband chip 101 may also directly send the instruction data to the eSIM trusted application 103.
In this embodiment, the electronic terminal further includes a first storage module 104 operating in a trusted execution environment. When the eSIM client application performs data forwarding between the baseband chip 101 and the eSIM trusted application 103, under a preset condition, data to be forwarded is cached in the first storage module 104.
The difference between the present embodiment and the first embodiment is that the electronic terminal further includes a second storage module 201, and the second storage module 201 operates in a common execution environment. The eSIM client application 102 is configured to cache sensitive type data in the first storage module 104 and non-sensitive type data in the second storage module 201.
The "data" referred to in the present embodiment includes instruction data and information data.
Generally, the preset condition refers to when the eSIM client application 102 is processing a large amount of data, i.e., the eSIM client application 102 is in a busy time. For example, the eSIM client Application 102 forwards an APDU (Application Protocol Data Unit) instruction sent from the baseband chip 101 to the eSIM trusted Application 103 for processing, and sends a processing result of the eSIM trusted Application 103 back to the baseband chip 101. When APDUs with large data volumes are processed, the response speed of the baseband chip 101 can be increased by caching partial data, and the situation that the eSIM trusted application 103 is frequently called is avoided.
Meanwhile, since the first storage module 104 operates in a trusted execution environment, the security of the cached sensitive type data can be ensured.
Preferably, in this embodiment, the eSIM client application 102 is further configured to prioritize data when caching the data in the first storage module 104 and the second storage module 201. The priority ranking mode can be preset, for example, ranking according to the importance of data.
In some embodiments, the eSIM client application 102 generates priority information upon prioritizing the data and inserts the priority information into the corresponding data. I.e. the data itself carries the priority information. At this time, the eSIM client application 102 directly stores the data carrying the priority information in the first storage module 104 and the second storage module 201, and when the data is fetched from the first storage module 104 and the second storage module 201, the data with a high priority is fetched first according to the corresponding priority information.
In other embodiments, the eSIM client application 102 generates priority information after prioritizing the data, the priority information for storage to the second storage module 201. When the eSIM client application 102 fetches the data from the first storage module 104 and the second storage module 201, the corresponding data is called from the first storage module 104 and the second storage module 201 according to the priority information stored in the second storage module 201. That is, the first storage module 104 operating in the trusted execution environment simply stores the original data of the sensitive type data, and as for the priority information, stores the original data in the second storage module 201 operating in the normal execution environment.
In this embodiment, the first storage module 104 is electrically connected to only the eSIM client application 102, that is, the first storage module 104 is only used by the eSIM client application 102 for storing data.
Of course, in another embodiment, as described in the first embodiment, the first storage module 104 is also used for storing data of the eSIM trusted application 103, that is, the eSIM client application 102 and the eSIM trusted application 103 share the first storage module 104.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (7)
1. An electronic terminal, comprising: the system comprises a baseband chip, an eSIM client application, an eSIM trusted application and a first storage module; the eSIM client application works in a common execution environment, and the eSIM trusted application and the first storage module work in a trusted execution environment; the eSIM client application is used for forwarding data between the baseband chip and the eSIM trusted application and caching data to be forwarded in the first storage module under a preset condition;
the electronic terminal also comprises a second storage module, and the second storage module works in a common execution environment; the eSIM client application is used for caching sensitive type data in the first storage module and caching non-sensitive type data in the second storage module.
2. The electronic terminal of claim 1, wherein the eSIM client application is configured to prioritize data as it is cached to the first storage module and/or the second storage module.
3. The electronic terminal of claim 2, wherein an eSIM client application generates priority information after prioritizing the data and inserts the priority information into corresponding data;
or the eSIM client application generates priority information after prioritizing the data, wherein the priority information is used for storing the data in the second storage module; and calling out corresponding data from the first storage module by the eSIM client application according to the priority information stored in the second storage module.
4. The electronic terminal of claim 1, wherein the first storage module is further for data storage of an eSIM trusted application.
5. An electronic terminal is based on an eSIM data processing method of a trusted execution environment, and is characterized in that the electronic terminal comprises a baseband chip, an eSIM client application working in a common execution environment and an eSIM trusted application working in the trusted execution environment; the method comprises the following steps: the eSIM client application acquires data from the baseband chip and forwards the data to the eSIM trusted application, and the data returned by the eSIM trusted application is acquired and then forwarded to the baseband chip; under a preset condition, the eSIM client application caches the data in a first storage module after acquiring the data, wherein the first storage module works in a trusted execution environment;
the method further comprises the following steps: under a preset condition, caching sensitive data in the first storage module and caching non-sensitive data in the second storage module after the eSIM client application acquires the data; the second storage module operates in a common execution environment.
6. The method of claim 5, wherein the data is prioritized by the eSIM client application when caching the data to the first storage module and/or the second storage module.
7. The method of claim 6, wherein an eSIM client application generates priority information upon prioritizing the data and inserts the priority information into corresponding data;
or the eSIM client application generates priority information after prioritizing the data, wherein the priority information is used for storing the data in the second storage module; and calling out corresponding data from the first storage module by the eSIM client application according to the priority information stored in the second storage module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810407494.3A CN108684036B (en) | 2018-04-28 | 2018-04-28 | Electronic terminal and eSIM data processing method based on trusted execution environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810407494.3A CN108684036B (en) | 2018-04-28 | 2018-04-28 | Electronic terminal and eSIM data processing method based on trusted execution environment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108684036A CN108684036A (en) | 2018-10-19 |
CN108684036B true CN108684036B (en) | 2021-11-23 |
Family
ID=63802751
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810407494.3A Expired - Fee Related CN108684036B (en) | 2018-04-28 | 2018-04-28 | Electronic terminal and eSIM data processing method based on trusted execution environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108684036B (en) |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102236530A (en) * | 2010-04-23 | 2011-11-09 | 广州盛华信息技术有限公司 | System for realizing mobile phone buffer memory mechanism and method for loading mobile phone operation system |
CN104205891B (en) * | 2011-12-30 | 2019-02-26 | 瑞典爱立信有限公司 | Virtual SIM card cloud platform |
GB201909199D0 (en) * | 2013-02-22 | 2019-08-07 | Tran Bao | Communication apparatus |
CN106230916A (en) * | 2016-07-26 | 2016-12-14 | 深圳市乐唯科技开发有限公司 | Data receiver that a kind of anti-user interface is stuck and management method |
CN106446719B (en) * | 2016-09-29 | 2020-09-11 | 宇龙计算机通信科技(深圳)有限公司 | Method for preventing eSIM file from being tampered and mobile terminal |
CN106658474B (en) * | 2016-10-31 | 2019-11-19 | 上海路随通信科技有限公司 | SIM card data security protection method is realized using embedded-type security element |
CN107027115B (en) * | 2017-04-18 | 2020-06-16 | 深圳融卡智能科技有限公司 | Equipment and method for safely realizing soft SIM card |
-
2018
- 2018-04-28 CN CN201810407494.3A patent/CN108684036B/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
CN108684036A (en) | 2018-10-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210089644A1 (en) | Method, means, system, processor, and memory for intercepting malicious websites | |
US10171449B2 (en) | Account login method and device | |
US9769266B2 (en) | Controlling access to resources on a network | |
CN106997439B (en) | TrustZone-based data encryption and decryption method and device and terminal equipment | |
US20090298468A1 (en) | System and method for deleting data in a communication device | |
CN112287372B (en) | Method and apparatus for protecting clipboard privacy | |
KR20110124342A (en) | Method and apparatus to vet an executable program using a model | |
CN109995876B (en) | File transmission method, device, system and computer storage medium | |
US11250421B2 (en) | Storing secure credential information in different regions | |
KR20190069574A (en) | Wireless network type detection method and apparatus, and electronic device | |
EP2770768A2 (en) | Method and system for replacing an se key of a mobile terminal | |
US9047470B2 (en) | Secure provisioning of commercial off-the-shelf (COTS) devices | |
CN105790948A (en) | Identity authentication method and identity authentication device | |
US10469575B2 (en) | Techniques for contact exporting | |
CN112115500A (en) | Method, device and system for accessing file | |
EP3210403B1 (en) | Method of sending data from a secure token to a distant server | |
CN108684036B (en) | Electronic terminal and eSIM data processing method based on trusted execution environment | |
CN109474591B (en) | Method and device for sharing accounts among multiple systems, electronic equipment and storage medium | |
CN106576329B (en) | Context-based resource access mediation | |
US9642010B2 (en) | Management server, data processing method, and program | |
WO2019127468A1 (en) | Grouped application using same key for sharing data | |
KR102261789B1 (en) | Smishing message monitoring method and smishing level determination method | |
JP2014011711A (en) | Communication system, communication terminal device, server device, communication service utilization method, determination method, and program | |
KR20140129669A (en) | Method for controlling access to data and an electronic device thereof | |
US11176021B2 (en) | Messaging systems with improved reliability |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20211108 Address after: 210000 tuanjiewei grain depot, Chunxi Town, Gaochun District, Nanjing City, Jiangsu Province Applicant after: Nanjing Runyang starch products Co.,Ltd. Address before: Room 202, building a, phase II, science and technology building, 1057 Nanhai Avenue, Nanshan District, Shenzhen, Guangdong 518000 Applicant before: Xu Peipei |
|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20211123 |