CN108924822B - Card-contained secure communication method based on trusted environment and mobile terminal - Google Patents
Card-contained secure communication method based on trusted environment and mobile terminal Download PDFInfo
- Publication number
- CN108924822B CN108924822B CN201810791762.6A CN201810791762A CN108924822B CN 108924822 B CN108924822 B CN 108924822B CN 201810791762 A CN201810791762 A CN 201810791762A CN 108924822 B CN108924822 B CN 108924822B
- Authority
- CN
- China
- Prior art keywords
- secure
- secure communication
- application
- key
- chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/20—Transfer of user or subscriber data
- H04W8/205—Transfer to or from user equipment or user record carrier
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application discloses a card-contained secure communication method based on a trusted environment, which is applied to a mobile terminal with a secure chip and a secure communication element, and comprises the following steps: in response to wireless communication information sent by an entity card, a security chip encrypts the received wireless communication information; sending the encrypted wireless communication information to a secure communication element; the secure communication element forwards the wireless communication information to a public application. The card-containing secure communication method based on the trusted environment is applied to the field of secure access.
Description
Technical Field
The present application relates to the field of secure access, and in particular, to a card secure communication method and a mobile terminal based on a trusted environment.
Background
With the rapid development of mobile terminals and 4G networks, various applications of user identity identification are gushed out in a blowout manner by using the mobile terminals to perform online identity authentication, wherein the user identity is basically obtained by inputting relevant information and then realizing information binding, but the input and binding form has the risks of personal information data leakage, counterfeiting and copying and the like.
Disclosure of Invention
The application aims to provide a card-containing secure communication method based on a trusted environment and a mobile terminal, which are used for improving the security performance of the conventional mobile terminal.
In a first aspect of the present application, a card secure communication method based on a trusted environment is provided, which is applied to a mobile terminal having a secure chip and a secure communication element, and includes the following steps: in response to wireless communication information sent by an entity card, a security chip encrypts the received wireless communication information; sending the encrypted wireless communication information to a secure communication element; the secure communication element forwards the wireless communication information to a public application.
According to the first aspect of the present application, further comprising the steps of: and the public application sends the wireless communication information to a service processing prepositive server for processing.
According to a first aspect of the application, wherein the secure chip is removably or inline placed in the mobile terminal.
According to a first aspect of the application, wherein the secure chip comprises a wireless antenna for wireless communication with the physical card.
According to the first aspect of the present application, further comprising the steps of: the business processing prepositive server sends the processing result back to the public application; the public application sends it to the secure communication element; and the secure communication element calls the decryption processing result of the secure chip.
According to a first aspect of the application, wherein the common application is located in an untrusted execution element.
According to the first aspect of the present application, wherein the trusted application is installed in the secure communication element, the trusted application and the public application communicate via the communication interface.
According to the first aspect of the present application, before responding to the wireless communication information sent by the entity card, the method further comprises the following steps: the business processing front-end server and the safety element are subjected to mutual authentication through public application; after passing the authentication, negotiating a main key for service processing; the master key is stored in the secure chip.
According to a first aspect of the application, the traffic handling front-end server updates the master key at regular intervals.
According to the first aspect of the present application, after the master key is stored in the secure chip, each time before the secure chip receives the wireless communication information sent by the entity card, the method further includes the steps of: the security chip communicates with the business process front-end server to update the working key.
According to a first aspect of the application, the communication between the security chip and the service processing front-end server to update the working key comprises the following sub-steps: obtaining a device unique identifier of the secure chip; sending the unique identifier of the equipment to a service processing prepositive server; the business processing prepositive server obtains a master key corresponding to the equipment unique identifier of the security chip through a lookup table; encrypting a work key using the master key; calculating the MAC value of the work key before encryption, and sending the MAC value and the encrypted work key to public application; the public application sending the MAC value and the encrypted working key to a secure communication element; the secure communication element decrypts the encrypted working key using the master key stored in the secure chip and verifies the MAC value to obtain the working key.
The secure communication method can enable a user to use the entity card to realize various online communications, thereby ensuring the convenience of the communications on the basis of ensuring the security of the communications.
A second aspect of the present application also protects a mobile terminal, comprising the following components: the security chip comprises a wireless antenna capable of wirelessly communicating with the entity card and a security storage unit for storing a master key and a working key, and the working key is used for encrypting information sent by the entity card; the secure communication element is used for communicating with the public application and the secure chip in the untrusted execution element and forwarding the obtained encrypted entity card information to the public application; untrusted execution elements, including public applications.
According to a second aspect of the application, wherein the security chip is removably or embedded in the mobile terminal.
According to the second aspect of the application, the public application sends the wireless communication information to a service processing preposition server for processing.
According to the second aspect of the present application, wherein the business process front-end server sends the processing result back to the public application; the public application sends it to the secure communication element; and the secure communication element calls the decryption processing result of the secure chip.
According to the second aspect of the present application, before the wireless communication between the secure chip and the physical card, the method further comprises: the business processing front-end server and the safety element are subjected to mutual authentication through public application; after passing the authentication, negotiating a main key for service processing; the master key is stored in the secure chip.
According to a second aspect of the application, the traffic handling front end server updates the master key at fixed time intervals.
According to the second aspect of the present application, after the master key is stored in the secure chip, each time before the secure chip receives the wireless communication information sent by the entity card, the method further includes the steps of: the security chip communicates with the business process front-end server to update the working key.
According to a second aspect of the present application, the step of communicating the security chip and the service processing front-end server to update the working key comprises: obtaining a device unique identifier of the secure chip; sending the unique identifier of the equipment to a service processing prepositive server; the business processing prepositive server obtains a master key corresponding to the equipment unique identifier of the security chip through a lookup table; encrypting a work key using the master key; calculating the MAC value of the work key before encryption, and sending the MAC value and the encrypted work key to public application; the public application sending the MAC value and the encrypted working key to a secure communication element; the secure communication element decrypts the encrypted working key using the master key stored in the secure chip and verifies the MAC value to obtain the working key.
A third aspect of the present application claims a program comprising program code which, when loaded into and executed in a CPU, causes the CPU to perform a method as described in one of the above.
The effect obtained by the secure communication system and the terminal of the application is consistent with the method, and is not described herein again.
Drawings
FIG. 1 is a schematic structural diagram of a card secure communication system based on a trusted environment according to the present application;
fig. 2 is a schematic structural diagram of a mobile terminal according to the present application;
FIG. 3 is a flowchart of a master key agreement method for a trusted application and a service processing front-end server;
fig. 4 is a flowchart of a work key negotiation method of the trusted application and the service processing front-end server.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In order to solve the security problem of the existing mobile terminal communication, a secure communication environment is constructed by using hardware and software of the terminal, as shown in fig. 1, wherein the trusted environment-based card secure communication system has a structure including a business processing front-end server 101, a mobile terminal 102, and an IC card 103, which may be, for example, a bank card, and this trusted environment-based card secure communication system may be a user identity authentication system when using the bank card to perform online payment. Wherein the mobile terminal 102 and the IC card communicate wirelessly. It is known to those skilled in the art that the IC card is schematically shown, and any physical card having a wireless communication function may be used in the system. The mobile terminal 102 and the service processing front-end server 101 can communicate and exchange information in a wired or wireless manner.
Example one
The structure of the secure communication system is described above with reference to fig. 1, and the specific structure of the mobile terminal 102 in the present application is further described below with reference to fig. 2, wherein the mobile terminal 102 includes an untrusted executing element 1021, a secure communication element 1022, and a secure chip 1023. Wherein the untrusted execution element 1021 and the secure communication element 1022 are hardware or software integrated on a chip card in the mobile terminal to implement a communication function of the mobile terminal.
The untrusted execution element 1021 includes a three-layer structure, that is, an application layer 10211, a framework layer 10212, and an untrusted execution element operating system kernel 10213, where the application layer 10211 includes various common applications and controls, and implements communication with an external device such as a business processing front-end server and a user. The framework layer 10212 provides intermediate layer services, such as the secure chip services exemplarily shown in fig. 2, for enabling communication and function calls between the application layer 10211 and the operating system kernel. The untrusted executive operating system kernel 10213 provides kernel support for the intermediate framework layer 10212 and application layer 10211 for an operating system, such as the service drivers shown in the figure, and an untrusted executive communication agent that implements communication with the secure communication element bottom layer.
The secure communication element 1022 includes a trusted application 10221 and a secure communication element operating system 10222, wherein the secure communication element operating system 10222 includes a secure communication element communication agent for communicating with the untrusted execution element communication agent, a human-machine interaction (TUI) engine for displaying a secure input keyboard to a user, receiving secure information such as a PIN code input by the user, and a secure chip driver for providing a driver for the trusted application to enable the trusted application to operate normally, and the trusted application and the secure chip communicate with each other through a communication interface provided by the secure chip driver. The secure communication element 1022 also includes a trusted application 10221.
The security chip 1023 is a chip card embedded in the chip of the mobile terminal or a hardware chip detachable from the mobile terminal, which has an application program supporting its functions and a wireless communication antenna for communicating with the IC card 103, for example, using NFC card reading mode control as shown in the figure, to realize communication with the external IC card 103.
Example two
The structures of the secure communication system and the mobile terminal are introduced above, and the following introduces the working methods of the secure communication system and the mobile terminal, the secure communication method comprising the steps of:
step S310, responding to the wireless communication information sent by the entity card, and encrypting the received wireless communication information by the security chip.
Step S320, sending the encrypted wireless communication information to a secure communication element;
step S330, the secure communication element forwards the wireless communication information to a public application;
and step S340, the public application sends the wireless communication information to a service processing prepositive server for processing.
The business processing preposed server and the credible application of the safety communication element realize mutual authentication, negotiate a main key of business processing, the main key updating rule is updated by the business processing preposed server according to a certain rule, such as monthly replacement or 3-month replacement, and the like, and the main key obtained by negotiation is stored in the safety chip.
The security chip uses a card reading mode control, such as an NFC card reading mode control, to sign in to a service processing preposed server before initiating communication with an IC card, issues a working key, and stores the working key in the security chip, wherein the working key comprises a magnetic track information encryption key, a PIN code encryption key and a calculation message MAC key. All data interacted with the IC card is completed by initiating an NFC card reading mode through the security chip, sensitive information in the data is encrypted through a magnetic track information encryption key when the data is signed, and related PIN input invokes a security keyboard input of a human-computer interaction (TUI) engine in a security environment of the security communication element and is encrypted by using the PIN encryption key.
And adding MAC verification to data in the communication process with the service processing front-end server to ensure that the data is not tampered and the integrity of the data.
The main key negotiation process is as follows:
the trusted application and service processing front-end server initiates bidirectional authentication, negotiates a master key and stores the obtained master key in a secure storage unit of a secure chip.
The key agreement between the trusted application and the service processing front-end server may be performed in the following manner, but is not limited to this method, as long as it is performed in a secure manner (may be a symmetric key (3Des, AES, SM4, etc., or may be based on RSA or ECC, SM2 asymmetric encryption/decryption), and a symmetric encryption key may be negotiated based on mutual authentication between the trusted application and the service processing front-end server.
The business processing prepositive server generates a public private key according to the self-signed root certificate, and generates a prepositive application certificate CA1 by utilizing the root private key for signature. Exporting to a built-in storage of the trusted application. And generating a public and private key pair in the mobile terminal equipment secure communication element system in an off-line or on-line mode, generating a certificate CA2 as a root key pair, and exporting the public key certificate to a service processing preposed server for storage.
The specific process is shown in fig. 3, and includes the following substeps, where the APP is an untrusted application, the front-end server is a service processing front-end server, and for example, an rsa2048 asymmetric encryption manner may be adopted to complete an authentication process, and the working process is as follows:
1. an application APP in the untrusted execution element initiates a process of acquiring a master key, and sends a request for acquiring an ID of the secure communication element and a master key state of the secure chip to the trusted application in the secure communication element;
2. the trusted application of the secure communication element acquires the device ID of the secure communication element as the unique identifier of the device, and reads the master key state information of the secure chip;
3. sending the information back to the application APP;
4. and the application APP sends the trusted application master key state and the merchant state information to the front-end server.
5. The front-end server compares the local state with the credible application state to determine whether to initiate a flow of authentication or master key updating;
6. the front-end server generates public and private keys (puk1 and pri1) and invokes the root key to generate a front-end certificate of authentication, Capp 1; pre-generating an 8-bit random number R1;
and sending the R1 and Capp1 certificates to the application APP;
7. the application APP sends information to the trusted application;
8. the credible application verifies the legality of the Capp1 according to the preset CA1, and when the Capp1 is legal, R1 and Capp1 are stored;
9. the trusted application calls the security chip to generate a public and private key pair (pub2 and pri2) and calls a system platform root key to generate a trusted application side authentication certificate Capp 2; generating an 8-bit random number R2;
10. the trusted application sends Capp2 and R2 to the application APP;
11. the application App transparently transmits the certificates Capp2 and R2 to the front-end server;
12. the front-end server verifies the legality of the Capp2 according to the preset CA2, and stores R2 and Capp2 when legal;
13. the front-end server digitally signs the ascii code of the 8-bit random number R2 and the character string "server hello" (the signature algorithm adopts DSA with sha256) by using a private key pri1 (generated in step 6), and generates S1;
14. the front-end server sends the signature result S1 to the application APP;
15. the application APP transparently transmits the information to the trusted application;
16. the trusted application calls the pre-Capp 1 certificate saved in the step 8 to verify the signature result S1;
17. after the verification of S1, the trusted application side uses a private key Pri2 (generated in step 9) to digitally sign the random number R1 (obtained in step 8) and ascii code of the character string "client hello" (the signature algorithm adopts DSA with sha256), and S2 is generated;
18. the trusted application sends S2 to the application APP;
19. the application APP sends the processing information to the front-end server;
20. the front-end server verifies the signature result S2 using the Capp2 (obtained at step 12);
21. s2, after the verification is passed, the front-end server generates a 16-byte 3DES symmetric encryption and decryption master key, and encrypts the master key by using Capp2 (the encryption filling mode can adopt a PKCS1Padding mode);
22. the front-end server sends the encrypted master key to the application App;
23. the application App transparently transmits the master key ciphertext to the trusted application;
24. the trusted application decrypts the master key ciphertext by using the private key Pri2, obtains and stores the master key, and updates the master key state;
25. returning the processing result to the APP;
26. the APP is used for transmitting the result to the front-end server;
27. the prepositive server updates and stores the state of the master key;
28. the front server informs the APP of the completion of authentication;
the authentication process takes the last updated state of the prepositive server as an end mark, and if the middle is abnormal, the authentication needs to be initiated again. For example, if the trusted application side succeeds in updating the master key but the front-end server does not update the last state, the authentication is considered to fail, and re-initiation is required.
In the authentication process, a master key is updated (according to a security policy, the master key can be updated regularly, for example, once every month), the process is simple, authentication does not need to be initiated, and the specific process is as follows:
generating a new master key in advance, and performing 3DES encryption by using the old key; calculating the MAC value of a new master key before encryption; sending the MAC value and the encrypted key to the trusted application, decrypting by the trusted application by using the old key, verifying the MAC, and replacing the main key after the verification is passed; the trusted application sends the update status back to the front-end server, which updates the status and ends the update process.
Considering the complexity of the authentication process and the efficiency of asymmetric encryption and decryption, when a business process is initiated, the symmetric key is used for encrypting and decrypting sensitive data, and in order to ensure the transaction safety, the working key of the symmetric encryption and decryption is updated every transaction, and the specific process is as follows: the method comprises the steps that a control of an untrusted application acquires an ID of a security chip as a unique identifier of equipment, the ID is uploaded to a front-end server, the front-end server encrypts a working key of a symmetric algorithm through a main key, the encrypted key and an MAC authentication value of the working key are issued to a mobile terminal together, the mobile terminal decrypts and MAC verifies the encrypted key and the working key after receiving the working key, and the three working keys are stored in the security chip after passing the MAC authentication value.
The specific working process is as follows:
1. an application APP (i.e. an untrusted application) initiates a request for loading a trusted application;
2. and loading the trusted application by the untrusted application control (hereinafter referred to as control) corresponding to the card reading mode of the security chip, verifying the legality of the untrusted application by the trusted application, and returning a loading result to the control after the legality is verified.
3. Returning a loading result;
4. returning an initialization result;
5. initiating communication by applying the APP;
6. calling a trusted application communication interface by the untrusted application control;
7. a trusted application display interface;
8. after confirming that the message is correct, the man-machine interaction engine initiates a card searching process;
9. the secure chip application program starts a reading mode of wireless communication, for example, an NFC reader is started;
10. the NFC reader returns the starting result to the security chip;
11. the security chip application program returns the result to the trusted application;
12. waiting for a user to make the IC card approach the NFC card reader, and informing the untrusted application control after the NFC card reader finds the card;
13. the non-trusted control initiates an instruction to be processed to the trusted application;
14. the trusted application sends a service instruction to the security chip application program;
15. the method comprises the steps that a security chip application program and an NFC reader start interacting instructions;
16. the secure chip application program and the NFC reader circularly execute interaction;
17. the kernel executes processing (such as an EMV kernel in a standard IC card non-connection transaction terminal processing specification), and encrypts sensitive information;
18. returning the service processing instruction data to the trusted application;
19. the trusted application starts pin code input of a human-computer interaction (TUI) engine;
20. the user inputs the pin code through the encryption keyboard and returns the pin code in an encrypted form;
21. returning the obtained IC card data and pin data to the untrusted application control in a mac verification mode;
22. sending the encryption result to a front server;
23. the prepositive server decrypts the information, sends the IC card data and the PIN to a specific business processing system (a Unionpay channel or other third-party payment company business systems), and returns a processing result to the untrusted application control;
24. calling a trusted application decryption interface by the untrusted application control;
25. the trusted application calls an application program decryption interface in the security chip;
26. the security chip decrypts the communication result;
27. returning the communication result to the untrusted application control;
28. the transaction is ended.
Also claimed is a storage medium having stored thereon a computer program executable by an execution structure to perform the steps of the method for accessing trusted applications as described in embodiments one and two, and the steps described in the method for establishing a list of trusted application identifications and a list of trusted applications.
The description and applications of the invention herein are illustrative and are not intended to limit the scope of the invention to the embodiments described above. Variations and modifications of the embodiments disclosed herein are possible, and alternative and equivalent various components of the embodiments will be apparent to those skilled in the art. It will be clear to those skilled in the art that the present invention may be embodied in other forms, structures, arrangements, proportions, and with other components, materials, and parts, without departing from the spirit or essential characteristics thereof. Other variations and modifications of the embodiments disclosed herein may be made without departing from the scope and spirit of the invention.
Claims (8)
1. A card secure communication method based on a trusted environment is applied to a mobile terminal with a secure chip and a secure communication element, and is characterized by comprising the following steps:
in response to wireless communication information sent by an entity card, a security chip encrypts the received wireless communication information;
sending the encrypted wireless communication information to a secure communication element;
the secure communication element forwards the wireless communication information to a public application;
the secure communication element comprises a trusted application and a secure communication element operating system, and the secure communication element operating system comprises a secure communication element communication agent and a secure chip driver;
the secure communication element communication agent is used for communicating with the non-trusted execution element communication agent;
the security chip driver provides a drive for the trusted application;
before responding to the wireless communication information sent by the entity card, the method further comprises the following steps:
bidirectional authentication is realized between the business processing front-end server and the trusted application of the secure communication element;
after passing the authentication, negotiating a main key for service processing;
the master key is stored in the secure chip.
2. The secure communication method of claim 1, further comprising the steps of: and the public application sends the wireless communication information to a service processing prepositive server for processing.
3. The secure communication method of claim 2, further comprising the steps of:
the business processing prepositive server sends the processing result back to the public application;
the public application sends it to the secure communication element;
and the secure communication element calls the decryption processing result of the secure chip.
4. The secure communication method of claim 2, the secure chip communicating with the service processing front-end server to update the working key comprising the sub-steps of:
obtaining a device unique identifier of the secure chip;
sending the unique identifier of the equipment to a service processing prepositive server;
the business processing prepositive server obtains a master key corresponding to the equipment unique identifier of the security chip through a lookup table;
encrypting a work key using the master key;
calculating the MAC value of the work key before encryption, and sending the MAC value and the encrypted work key to the public application;
the public application sending the MAC value and the encrypted working key to a secure communication element;
the secure communication element decrypts the encrypted working key using the master key stored in the secure chip and verifies the MAC value to obtain the working key.
5. A mobile terminal comprising the following components:
the security chip comprises a wireless antenna capable of wirelessly communicating with the entity card and a security storage unit for storing a master key and a working key, and the working key is used for encrypting information sent by the entity card;
the secure communication element is used for communicating with the public application and the secure chip in the untrusted execution element and forwarding the obtained encrypted entity card information to the public application;
an untrusted execution element comprising a public application;
the secure communication element comprises a trusted application and a secure communication element operating system, and the secure communication element operating system comprises a secure communication element communication agent and a secure chip driver;
the secure communication element communication agent is used for communicating with the non-trusted execution element communication agent;
the security chip driver provides a drive for the trusted application;
before responding to the wireless communication information sent by the entity card, the method further comprises the following steps:
bidirectional authentication is realized between the business processing front-end server and the trusted application of the secure communication element;
after passing the authentication, negotiating a main key for service processing;
the master key is stored in the secure chip.
6. The mobile terminal of claim 5, wherein the public application sends the wireless communication information to a service processing pre-server for processing.
7. A secure communication system comprising a mobile terminal according to any of claims 5 to 6, wherein the mobile terminal comprises an untrusted execution element storing a public application.
8. A storage medium containing program code which, when loaded into and executed in a CPU, performs the method according to one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810791762.6A CN108924822B (en) | 2018-07-18 | 2018-07-18 | Card-contained secure communication method based on trusted environment and mobile terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810791762.6A CN108924822B (en) | 2018-07-18 | 2018-07-18 | Card-contained secure communication method based on trusted environment and mobile terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108924822A CN108924822A (en) | 2018-11-30 |
| CN108924822B true CN108924822B (en) | 2021-06-01 |
Family
ID=64415750
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810791762.6A Active CN108924822B (en) | 2018-07-18 | 2018-07-18 | Card-contained secure communication method based on trusted environment and mobile terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108924822B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110110548B (en) * | 2019-04-12 | 2022-11-11 | 深圳市中易通安全芯科技有限公司 | Method for storing files in trusted execution environment in encrypted manner based on encryption chip |
| CN110992049B (en) * | 2019-12-02 | 2021-02-26 | 北京市燃气集团有限责任公司 | Intelligent card writing method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101593389A (en) * | 2009-07-01 | 2009-12-02 | 中国建设银行股份有限公司 | A kind of key management method and system that is used for the POS terminal |
| US20130166456A1 (en) * | 2010-09-07 | 2013-06-27 | Zte Corporation | System and Method for Remote Payment Based on Mobile Terminal |
| CN103559757A (en) * | 2013-11-21 | 2014-02-05 | 武汉天喻信息产业股份有限公司 | OTA (over the air) charging system and method for financial IC (integrated circuit) card |
-
2018
- 2018-07-18 CN CN201810791762.6A patent/CN108924822B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101593389A (en) * | 2009-07-01 | 2009-12-02 | 中国建设银行股份有限公司 | A kind of key management method and system that is used for the POS terminal |
| US20130166456A1 (en) * | 2010-09-07 | 2013-06-27 | Zte Corporation | System and Method for Remote Payment Based on Mobile Terminal |
| CN103559757A (en) * | 2013-11-21 | 2014-02-05 | 武汉天喻信息产业股份有限公司 | OTA (over the air) charging system and method for financial IC (integrated circuit) card |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108924822A (en) | 2018-11-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103067401B (en) | Method and system for key protection | |
| EP4081921B1 (en) | Contactless card personal identification system | |
| US8495383B2 (en) | Method for the secure storing of program state data in an electronic device | |
| EP3255832A1 (en) | Dynamic encryption method, terminal and server | |
| CN103078742B (en) | Generation method and system of digital certificate | |
| RU2628492C2 (en) | Telecommunication chip-card | |
| WO2018090763A1 (en) | Method and device for configuring terminal master key | |
| CN108200078B (en) | Downloading and installing method of signature authentication tool and terminal equipment | |
| WO2019001061A1 (en) | Payment verification method and system, and mobile device and security authentication device | |
| US20150339665A1 (en) | Post-manufacture configuration of pin-pad terminals | |
| CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
| WO2015109949A1 (en) | Network security method and network security system | |
| KR20120108599A (en) | Credit card payment service using online credit card payment device | |
| CN108924822B (en) | Card-contained secure communication method based on trusted environment and mobile terminal | |
| CN104835038A (en) | Networking payment device and networking payment method | |
| CN110100411B (en) | Cryptographic system management | |
| CN105678542B (en) | payment service interaction method, payment terminal and payment cloud terminal | |
| KR101750165B1 (en) | USIM Simple Authentication Method and System using SMS and USAT Applet | |
| EP3026620A1 (en) | Network authentication method using a card device | |
| CN114338055A (en) | Identity authentication method and device | |
| JP7461564B2 (en) | Secure end-to-end pairing of secure elements with mobile devices | |
| CN115765981A (en) | Trusted network communication method and device | |
| KR20180003089A (en) | Method for Providing Server type One Time Password by using Secure Operating System | |
| KR20150053520A (en) | A server authentication method using PIM(Personal Identification Message) on SSL/TLS |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 801, 8 / F, building 4a, international R & D headquarters park, 68 Olympic street, Jianye District, Nanjing City, Jiangsu Province 210019 Applicant after: JIANGSU HENGBAO INTELLIGENT SYSTEM TECHNOLOGY Co.,Ltd. Address before: Hengtang Industrial Park, Yunyang town, Danyang City, Zhenjiang City, Jiangsu Province Applicant before: JIANGSU HENGBAO INTELLIGENT SYSTEM TECHNOLOGY Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |