CN108924822A - It is a kind of that card safety communicating method and mobile terminal are had based on trusted context - Google Patents

It is a kind of that card safety communicating method and mobile terminal are had based on trusted context Download PDF

Info

Publication number
CN108924822A
CN108924822A CN201810791762.6A CN201810791762A CN108924822A CN 108924822 A CN108924822 A CN 108924822A CN 201810791762 A CN201810791762 A CN 201810791762A CN 108924822 A CN108924822 A CN 108924822A
Authority
CN
China
Prior art keywords
key
safety
safety chip
application
sent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810791762.6A
Other languages
Chinese (zh)
Other versions
CN108924822B (en
Inventor
王玉岗
陆道如
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Hengbao Intelligent System Technology Co Ltd
Original Assignee
Jiangsu Hengbao Intelligent System Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Hengbao Intelligent System Technology Co Ltd filed Critical Jiangsu Hengbao Intelligent System Technology Co Ltd
Priority to CN201810791762.6A priority Critical patent/CN108924822B/en
Publication of CN108924822A publication Critical patent/CN108924822A/en
Application granted granted Critical
Publication of CN108924822B publication Critical patent/CN108924822B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier

Abstract

This application discloses a kind of to have card safety communicating method based on trusted context, and applied to the mobile terminal with safety chip and secure communication element, this method comprises the following steps:In response to the wireless communication information that entity card is sent, safety chip encrypts the received wireless communication information;The encrypted wireless communication information is sent to secure communication element;The wireless communication information is forwarded to common application by secure communication element.The application's has card safety communicating method to be applied to secure access field based on trusted context.

Description

It is a kind of that card safety communicating method and mobile terminal are had based on trusted context
Technical field
This application involves secure access field more particularly to a kind of card safety communicating method and shifting are had based on trusted context Dynamic terminal.
Background technique
With the fast development of mobile terminal and 4G network, authentication on line is carried out using mobile terminal to complete to use The various application blowouts of family identification are gushed out, and wherein the acquisition of user identity is substantially by inputting relevant information, it Afterwards realize information binding to complete, but it is this input, binding form there are personal information leaking data, be forged duplication Etc. risks.
Summary of the invention
The application be designed to provide it is a kind of card safety communicating method and mobile terminal are had based on trusted context, be used for Promote the security performance of existing mobile terminal.
The first aspect of the application propose it is a kind of card safety communicating method is had based on trusted context, be applied to have safety The mobile terminal of chip and secure communication element, this method comprises the following steps:The wireless communication letter sent in response to entity card Breath, safety chip encrypt the received wireless communication information;It is logical that the encrypted wireless communication information is sent to safety Cell part;The wireless communication information is forwarded to common application by secure communication element.
It according to a first aspect of the present application, further include step:The wireless communication information is sent business by common application Processing front server is handled.
According to a first aspect of the present application, wherein safety chip is placed into mobile terminal in a manner of removable or is embedded In.
According to a first aspect of the present application, wherein safety chip includes the wireless antenna carried out wireless communication with entity card.
It according to a first aspect of the present application, further include following steps:Business processing front server sends processing result Return common application;Common application sends it to secure communication element;Secure communication element calling safety chip decryption processing knot Fruit.
According to a first aspect of the present application, wherein common application is located in untrusted executive component.
According to a first aspect of the present application, trusted application is wherein installed in secure communication element, trusted application and public is answered It is communicated with being realized by communication interface.
It according to a first aspect of the present application, further include as follows before the wireless communication information sent in response to entity card Step:Business processing front server and safety element pass through common application two-way authentication;Certification is after at consultation business service The master key of reason;Master key is stored in safety chip.
According to a first aspect of the present application, business processing front server fixed time intervals more new master key.
According to a first aspect of the present application, after master key being stored in safety chip, each safety chip is being received It further include step before the wireless communication information that entity card is sent:Safety chip and the communication of business processing front server are with more New working key.
According to a first aspect of the present application, safety chip and the communication of business processing front server are to update working key packet Include following sub-step:Obtain the equipment unique identifier of safety chip;The equipment unique identifier is sent to business processing Front server;Business processing front server obtains the equipment unique identifier phase with the safety chip by inquiry table Corresponding master key;Use the master key encryption working key;Calculate the MAC value of working key before encrypting, and by itself and The working key of encryption is sent to common application;Common application sends safety for the working key of the MAC value and encryption and leads to Cell part;Secure communication element decrypts the working key of the encryption using the master key stored in safety chip, and verifies MAC Value obtains working key.
The safety communicating method of the application may make user is realized using entity card to communicate on various lines, thus guaranteeing The convenience of communication is taken into account on the basis of communication security.
The second aspect of the application also protects a kind of mobile terminal, including such as lower component:Safety chip, including can be with entity Block the wireless antenna of wireless communication and the secure storage unit of storage master key and working key, uses working key encryption reality The information that body card is sent;Secure communication element, in untrusted executive component common application and safety chip communicate, forwarding obtains Encryption entity card information to common application;Untrusted executive component, including common application.
According to a second aspect of the present application, wherein safety chip is placed into mobile terminal in a manner of removable or is embedded In.
According to a second aspect of the present application, the wireless communication information is sent the preposition service of business processing by common application Device is handled.
According to a second aspect of the present application, wherein processing result is sent back common application by business processing front server; Common application sends it to secure communication element;Secure communication element calling safety chip decryption processing result.
According to a second aspect of the present application, wherein further including before safety chip and entity card wireless communication:At business It manages front server and safety element passes through common application two-way authentication;The master key of certification consultation business service processing after; Master key is stored in safety chip.
According to a second aspect of the present application, business processing front server fixed time intervals more new master key.
According to a second aspect of the present application, after master key being stored in safety chip, each safety chip is being received It further include step before the wireless communication information that entity card is sent:Safety chip and the communication of business processing front server are with more New working key.
According to a second aspect of the present application, safety chip and the communication of business processing front server are to update working key packet Include following steps:Obtain the equipment unique identifier of safety chip;Before the equipment unique identifier is sent to business processing Set server;Business processing front server is obtained opposite with the equipment unique identifier of the safety chip by inquiry table The master key answered;Use the master key encryption working key;The MAC value of working key before encrypting is calculated, and by it and is added Close working key is sent to common application;The working key of the MAC value and encryption is sent secure communication by common application Element;The working key that secure communication element is encrypted using the master key decryption stored in safety chip, and MAC value is verified, it obtains Obtain working key.
A kind of program comprising program code is claimed in the third aspect of the application, when being loaded into CPU and hold in CPU When row, program make CPU execute as above one of described in method.
Safe communication system and the terminal effect obtained of the application is consistent with the above method, and details are not described herein.
Detailed description of the invention
Fig. 1 is the structural schematic diagram that has card safe communication system of the application based on trusted context;
Fig. 2 is the structural schematic diagram of the application mobile terminal;
Fig. 3 is the master key machinery of consultation flow chart of trusted application and business processing front server;
Fig. 4 is the working key machinery of consultation flow chart of trusted application and business processing front server.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on this hair Embodiment in bright, every other implementation obtained by those of ordinary skill in the art without making creative efforts Example, shall fall in the protection scope of this application.
In order to solve the safety issue of existing communication of mobile terminal, the hardware and software of terminal, construction safety are utilized Communication environment, as shown in Figure 1, wherein the structure for having card safe communication system based on trusted context includes the preposition clothes of business processing Business device 101, mobile terminal 102 and IC card 103, IC card may be, for example, bank card, at this moment should have card peace based on trusted context User identity authentication system when full communication system can be for using bank card progress online payment.Wherein mobile terminal 102 and IC Card is wirelessly communicated.Those skilled in the art are it is found that IC card is as schematically showing, as long as having wireless communication The entity card of function can be used to the system.Mobile terminal 102 and business processing front server 101 can pass through wired or nothing The mode of line realizes communication, exchanges information.
Embodiment one
The structure for describing safe communication system in conjunction with attached drawing 1 above, 2 is further described in the application with reference to the accompanying drawing The specific structure of mobile terminal 102, wherein mobile terminal 102 includes untrusted executive component 1021, secure communication element 1022 And safety chip 1023.Wherein untrusted executive component 1021 and secure communication element 1022 is on chip cards in mobile terminal Integrated hardware or software, to realize the communication function of mobile terminal.
Wherein untrusted executive component 1021 includes three-decker, i.e. application layer 10211, and ccf layer 10212, untrusted is held Units operating system nucleus 10213, includes various common applications and control in application layer 10211, realize with before business processing Set the external devices such as server and the communication of user.Ccf layer 10212 provides middle layer service, such as exemplary in Fig. 2 shows Safety chip service out, for realizing between application layer 10211 and operating system nucleus communication and funcall.It is non-can Letter executive component operating system nucleus 10213 is that intermediate ccf layer 10212 and application layer 10211 provide the kernel of operating system It supports, for example services driving shown in figure, and realize logical with the untrusted executive component of secure communication element bottom communication Letter agency.
Secure communication element 1022 includes trusted application 10221 and secure communication components operating system 10222, wherein safety Communication device operating system 10222 is acted on behalf of including secure communication element communication, to logical with untrusted executive component communication agent Letter, human-computer interaction (TUI) engine receive the security information such as PIN code that user inputs show safe input keyboard to user, Safety chip driver provides driving for trusted application, so that trusted application operates normally, drives journey by safety chip The communication interface that sequence provides, trusted application and safety chip realize communication.Secure communication element 1022 further includes trusted application 10221。
Safety chip 1023 is the chip card being embedded into the chip of mobile terminal, or can be dismantled from mobile terminal hard Part chip has the application program for supporting its function and the radio antenna communicated with IC card 103, such as uses such as figure Shown in NFC card reading mode control, realize and the communication of extraneous IC card 103.
Embodiment two
The structure of safe communication system and mobile terminal is described above, safe communication system and mobile terminal is described below Working method, which includes the following steps:
Step S310, the wireless communication information sent in response to entity card, safety chip encrypt the received channel radio Letter information.
Step S320, the encrypted wireless communication information is sent to secure communication element;
Step S330, the wireless communication information is forwarded to common application by secure communication element;
Step S340, common application sends business processing front server for the wireless communication information and handles.
Two-way authentication, consultation business service processing are realized between business processing front server and the trusted application of secure communication element Master key, master key update rule by business processing front server according to certain Policy Updates, such as monthly replacement or 3 Moon replacement etc., the master key for negotiating to obtain is stored in safety chip
Safety chip needs before using card reading mode control, such as NFC card reading mode control, initiation to communicate with IC card to industry Business processing front server is registered, and is issued working key, is stored in safety chip, working key includes that magnetic track information adds Key, PIN code encryption key and calculating message MAC key.The data of all and IC card interaction are sent out by safety chip NFC card reading Pattern completion is played, magnetic track information encryption keys when sensitive information therein is by registering, the PIN being related to is defeated Enter the safety keyboard input in security context calling human-computer interaction (TUI) engine of secure communication element and is encrypted using PIN close Key encryption.
With in business processing front server communication process data be added MAC verification, guarantee data be not tampered with and The integrality of data.
Wherein master key negotiations process is as follows:
Trusted application and business processing front server initiate two-way authentication, negotiate master key, and by the master key of acquisition It is stored in the secure storage unit of safety chip.
The key agreement of trusted application and business processing front server can hold consultation in the following way, but not It is limited to this method, (can be symmetric key, (3Des, AES, SM4 etc., can also as long as negotiating by a kind of safe mode To be based on RSA or ECC, the asymmetric encryption and decryption of SM2), the two-way authentication based on trusted application and business processing front server, association The mode of quotient's symmetric cryptographic key.
Business processing front server generates public and private key according to oneself signature root certificate, and is signed using root private key, before generation Set Application Certificate CA1.It exports to preservation built in trusted application.In mobile terminal device secure communication element system by offline or Online mode generates public private key pair, generates certificate CA2, as root key pair, and public key certificate is exported preposition to business processing Server saves.
Detailed process is as shown in figure 3, include following sub-step, application APP therein is untrusted application, preposition service Device is business processing front server, such as rsa2048 asymmetric encryption mode can be used and complete identifying procedure, worked Journey is as follows:
1, in untrusted executive component using APP initiate obtain master key process, into secure communication element can Letter application sends the request of the master key state of the ID and safety chip that obtain secure communication element;
2, the trusted application of secure communication element obtains unique identification of the device id of secure communication element as equipment, and Read the master key status information of safety chip;
3, above- mentioned information are sent back to using APP;
4, using APP giving front server in trusted application master key state and trade company's status information.
5, front server is compared according to local state and trusted application state, decides whether to initiate certification or master is close The process that key updates;
6, front server generates public and private key (puk1 and pri1), and root key is called to generate preposition certification certificate Capp1; 8 random number Rs 1 of preposition generation;
And R1 and Capp1 certificate is sent to using APP;
7, trusted application is passed through using APP photos and sending messages;
8, trusted application saves R1 and Capp1 when Capp1 is legal according to the legitimacy of preset CA1 verifying Capp1;
9, trusted application calls safety chip to generate public private key pair (pub2 and pri2), and calling system platform root key is raw Certificate Capp2 is authenticated at trusted application side;Generate 8 random number Rs 2;
10, Capp2 and R2 are sent to using APP by trusted application;
11, certificate Capp2 and R2 are passed through front server using App;
12, front server saves R2 and Capp2 according to the legitimacy of preset CA2 verifying Capp2 when legal;
13, front server is using private key pri1 (step 6 generation) to 8 random number Rs 2 and character string " server The ascii code of hello " is digitally signed (signature algorithm uses DSA with sha256), generates S1;
14, signature result S1 is sent to using APP by front server;
15, information is passed through trusted application using APP;
16, the preposition Capp1 certification certificate saved in trusted application invocation step 8, verifies signature result S1;
17, after S1 is verified, using private key Pri2 (step 9 generation), to random number R 1, (step 8 is obtained for trusted application side Take) and the ascii code of character string " client hello " be digitally signed (signature algorithm use DSA with sha256), Generate S2;
18, trusted application is sent to S2 using APP;
19, processing information is sent to front server using APP;
20, front server verifies signature result S2 using Capp2 (step 12 acquisition);
21, after S2 is verified, front server generates the master key of the 16 symmetrical encryption and decryption of byte 3DES, uses Capp2 To master key encryption (PKCS1Padding mode can be used in encryption pad mode);
22, front server is sent to the master key of encryption using App;
23, master key ciphertext is passed through trusted application using App;
24, trusted application decrypts master key ciphertext using private key Pri2, obtains master key and saves, more new master key shape State;
25, processing result is returned to APP;
26, result is passed through front server using APP;
27, it front server more new master key state and saves;
28, front server notice APP certification terminates;
Verification process is using front server final updating state as end mark, if there is exception in centre, requires again Initiate certification.If such as trusted application side more new master key is successful, but front server does not update final state, is considered as and recognizes Card failure, needs to re-initiate.
In verification process, be related to a master key update (according to security strategy, master key can periodically update, such as Every month updates primary), process CIMS is simple, does not need to initiate certification, detailed process is as follows:
It is preposition to generate new master key, 3DES encryption is carried out using old key;Calculate the MAC of new master key before encrypting Value;The key of MAC value and encryption is sent to trusted application, trusted application is decrypted using old key, and verifies MAC, and verifying is logical Later master key is replaced;More new state is sent back front server by trusted application, and front server more new state simultaneously terminates more New technological process.
In view of the complexity of verification process and the efficiency of asymmetric encryption and decryption, when initiating operation flow, using pair Claim key encryption and decryption sensitive data, to guarantee transaction security, all updates the working key of symmetrical encryption and decryption when transaction every time, specifically Process is as follows:The ID that the control of untrusted application obtains safety chip above gives front server as equipment unique identifier, Front server is by the working key of master key encryption symmetry algorithm, the MAC authentication value of encryption key and working key, one It rises and is handed down to mobile terminal, mobile terminal is decrypted after receiving working key using master key and MAC is verified, and saves three by rear Working key is to safety chip.
Specific workflow is as follows:
1, the request of load trusted application is initialized using APP (i.e. untrusted application);
2, the corresponding untrusted application controls (calling control in the following text) of safety chip card reading mode load trusted application, trusted application The legitimacy for verifying untrusted application returns to loading result to control after verifying is legal.
3, loading result is returned;
4, initialization result is returned;
5, it initiates to communicate using APP;
6, untrusted application controls call trusted application communication interface;
7, trusted application display interface;
8, human-computer interaction engine initiates card seeking process after confirmation message is errorless;
9, safety chip application program opens the reading model of wireless communication, such as starting NFC reader;
10, NFC reader returns to safety chip for result is started;
11, safety chip application program returns result to trusted application;
12. waiting user IC card close to NFC reader, NFC reader notifies untrusted application controls after seeking card
13. untrusted control initiates instruction processing to trusted application
14. trusted application sends service order and gives safety chip application program
15, safety chip application program and NFC reader start interactive instruction;
16, safety chip application program and NFC reader circulation execute interaction;
17, kernel executes processing (such as the non-EMV kernel connect in transaction terminal processing specification of standard IC card), and sensitivity is believed Encryption for information;
18, business processing director data is returned to trusted application;
19, trusted application opens the pin code input of human-computer interaction (TUI) engine;
20, the pin code that user is inputted by Encryption Keyboard, returns in an encrypted form;
21, the IC card data of acquisition and pin data are returned into untrusted application controls in the form that mac is verified;
22, front server is sent by above-mentioned encrypted result;
23, front server decrypts it, sends IC card data and PIN gives specific transaction processing system (the full channel of Unionpay Or other Third-party payment corporate business systems), processing result is returned into untrusted application controls;
24, untrusted application controls call trusted application decryption interface;
25, trusted application calls the application program decryption interface in safety chip;
26, safety chip decrypts result of communication;
27, result of communication is returned into untrusted application controls;
28, transaction terminates.
Meanwhile the application also protects a kind of storage medium, stores computer program on the storage medium, the computer program It can be executed, the method for executing step access trusted application as described in embodiment one and two, and established by execution structure Trusted List identifies the step of described in the method for table and trusted application list.
Description and application of the invention herein are illustrative, is not wishing to limit the scope of the invention to above-described embodiment In.The deformation and change of embodiments disclosed herein are possible, the realities for those skilled in the art The replacement and equivalent various parts for applying example are well known.It should be appreciated by the person skilled in the art that not departing from the present invention Spirit or essential characteristics in the case where, the present invention can in other forms, structure, arrangement, ratio, and with other components, Material and component are realized.Without departing from the scope and spirit of the present invention, can to embodiments disclosed herein into The other deformations of row and change.

Claims (10)

1. a kind of have card safety communicating method based on trusted context, applied to the shifting with safety chip and secure communication element Dynamic terminal, which is characterized in that this method comprises the following steps:
In response to the wireless communication information that entity card is sent, safety chip encrypts the received wireless communication information;
The encrypted wireless communication information is sent to secure communication element;
The wireless communication information is forwarded to common application by secure communication element.
2. safety communicating method as described in claim 1 further includes step:Common application sends the wireless communication information It is handled to business processing front server.
3. safety communicating method as claimed in claim 2 further includes following steps:
Processing result is sent back common application by business processing front server;
Common application sends it to secure communication element;
Secure communication element calling safety chip decryption processing result.
4. safety communicating method as described in claim 1 also wraps before the wireless communication information sent in response to entity card Include following steps:
Business processing front server and safety element pass through common application two-way authentication;
The master key of certification consultation business service processing after;
Master key is stored in safety chip.
5. safety communicating method as claimed in claim 2, safety chip and the communication of business processing front server are to update work It include following sub-step as key:
Obtain the equipment unique identifier of safety chip;
The equipment unique identifier is sent to business processing front server;
Business processing front server obtains master corresponding with the equipment unique identifier of the safety chip by inquiry table Key;
Use the master key encryption working key;
The MAC value of working key before encrypting is calculated, and the working key of itself and encryption is sent collectively to common application;
The working key of the MAC value and encryption is sent secure communication element by common application;
Secure communication element decrypts the cryptographic work key using the master key stored in safety chip, and verifies MAC value, obtains Obtain working key.
6. a kind of mobile terminal, including such as lower component:
Safety chip, the safety including the wireless antenna and storage master key and working key that can wirelessly communicate with entity card are deposited Storage unit, the information sent using working key encryption entity card;
Secure communication element, in untrusted executive component common application and safety chip communicate, forward the encryption of acquisition Entity card information is to common application;
Untrusted executive component, including common application.
7. mobile terminal as claimed in claim 6, it is preposition that the wireless communication information is sent business processing by common application Server is handled.
8. mobile terminal as claimed in claim 7, wherein further including before safety chip and entity card wireless communication:
Business processing front server and safety element pass through common application two-way authentication;
The master key of certification consultation business service processing after;
Master key is stored in safety chip.
9. a kind of terminal, the system including the access trusted application as described in one of claim 6-8 further include storage untrusted The public environment of application.
10. a kind of program comprising program code, when being loaded into CPU and executing in CPU, program executes CPU according to power Benefit requires method described in one of 1-5.
CN201810791762.6A 2018-07-18 2018-07-18 Card-contained secure communication method based on trusted environment and mobile terminal Active CN108924822B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810791762.6A CN108924822B (en) 2018-07-18 2018-07-18 Card-contained secure communication method based on trusted environment and mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810791762.6A CN108924822B (en) 2018-07-18 2018-07-18 Card-contained secure communication method based on trusted environment and mobile terminal

Publications (2)

Publication Number Publication Date
CN108924822A true CN108924822A (en) 2018-11-30
CN108924822B CN108924822B (en) 2021-06-01

Family

ID=64415750

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810791762.6A Active CN108924822B (en) 2018-07-18 2018-07-18 Card-contained secure communication method based on trusted environment and mobile terminal

Country Status (1)

Country Link
CN (1) CN108924822B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110110548A (en) * 2019-04-12 2019-08-09 深圳市中易通安全芯科技有限公司 The correlation technique that file encryption stores under credible performing environment based on encryption chip
CN110992049A (en) * 2019-12-02 2020-04-10 北京市燃气集团有限责任公司 Intelligent card writing method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101593389A (en) * 2009-07-01 2009-12-02 中国建设银行股份有限公司 A kind of key management method and system that is used for the POS terminal
US20130166456A1 (en) * 2010-09-07 2013-06-27 Zte Corporation System and Method for Remote Payment Based on Mobile Terminal
CN103559757A (en) * 2013-11-21 2014-02-05 武汉天喻信息产业股份有限公司 OTA (over the air) charging system and method for financial IC (integrated circuit) card

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101593389A (en) * 2009-07-01 2009-12-02 中国建设银行股份有限公司 A kind of key management method and system that is used for the POS terminal
US20130166456A1 (en) * 2010-09-07 2013-06-27 Zte Corporation System and Method for Remote Payment Based on Mobile Terminal
CN103559757A (en) * 2013-11-21 2014-02-05 武汉天喻信息产业股份有限公司 OTA (over the air) charging system and method for financial IC (integrated circuit) card

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110110548A (en) * 2019-04-12 2019-08-09 深圳市中易通安全芯科技有限公司 The correlation technique that file encryption stores under credible performing environment based on encryption chip
CN110110548B (en) * 2019-04-12 2022-11-11 深圳市中易通安全芯科技有限公司 Method for storing files in trusted execution environment in encrypted manner based on encryption chip
CN110992049A (en) * 2019-12-02 2020-04-10 北京市燃气集团有限责任公司 Intelligent card writing method and device

Also Published As

Publication number Publication date
CN108924822B (en) 2021-06-01

Similar Documents

Publication Publication Date Title
US20210365938A1 (en) Authentication system and method for server-based payments
US10135614B2 (en) Integrated contactless MPOS implementation
CN105684346B (en) Ensure the method for air communication safety between mobile application and gateway
AU2016228544B2 (en) Mutual authentication of software layers
KR102119895B1 (en) Secure remote payment transaction processing
CN102057386B (en) Trusted service manager (TSM) architectures and methods
US9760886B2 (en) Device provisioning using partial personalization scripts
CN107925572A (en) Secure binding of the software application to communicator
WO2020192698A1 (en) Data secure backup and secure recovery methods, and electronic device
US20150310427A1 (en) Method, apparatus, and system for generating transaction-signing one-time password
JP2017530586A (en) System and method for authenticating a client to a device
EP3230935A1 (en) Systems and method for enabling secure transaction
JP2002158650A (en) Proxy server for certification/ciphering processing, access card program recording medium and portable terminal
US10325260B2 (en) System, method and computer program product for secure peer-to-peer transactions
JP2015537399A (en) Application system for mobile payment and method for providing and using mobile payment means
US11182785B2 (en) Systems and methods for authorization and access to services using contactless cards
CN111131416A (en) Business service providing method and device, storage medium and electronic device
CN110740136A (en) Network security control method for open bank and open bank platform
CN104835038A (en) Networking payment device and networking payment method
CN105635164B (en) The method and apparatus of safety certification
CN108924822A (en) It is a kind of that card safety communicating method and mobile terminal are had based on trusted context
CN116823257A (en) Information processing method, device, equipment and storage medium
Jayasinghe et al. Extending emv tokenised payments to offline-environments
CN107947934A (en) The fingerprint recognition Verification System and method of mobile terminal based on banking system
JPWO2003025771A1 (en) Authentication terminal device, reception terminal device, authentication server, authentication method, and authentication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 801, 8 / F, building 4a, international R & D headquarters park, 68 Olympic street, Jianye District, Nanjing City, Jiangsu Province 210019

Applicant after: JIANGSU HENGBAO INTELLIGENT SYSTEM TECHNOLOGY Co.,Ltd.

Address before: Hengtang Industrial Park, Yunyang town, Danyang City, Zhenjiang City, Jiangsu Province

Applicant before: JIANGSU HENGBAO INTELLIGENT SYSTEM TECHNOLOGY Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant