CN109863475A - The upgrade method and relevant device of a kind of application in safety element - Google Patents
The upgrade method and relevant device of a kind of application in safety element Download PDFInfo
- Publication number
- CN109863475A CN109863475A CN201780065391.7A CN201780065391A CN109863475A CN 109863475 A CN109863475 A CN 109863475A CN 201780065391 A CN201780065391 A CN 201780065391A CN 109863475 A CN109863475 A CN 109863475A
- Authority
- CN
- China
- Prior art keywords
- application
- upgraded
- mobile terminal
- service management
- management server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
Abstract
The upgrade method and relevant device of a kind of application in safety element, for improving the safety of the application in safety element, and during ensureing the application upgrade in safety element, user data is not lost.This method comprises: receiving the upgrade command of corresponding application to be upgraded;In response to the upgrade command, the upgrade request of the corresponding application to be upgraded is sent to trusted service management server;The significant data of the application to be upgraded is sent to the trusted service management server;The current version of the application to be upgraded in the safety element SE is deleted, the current version of the application to be upgraded includes the significant data;Receive and install the more new version for the application to be upgraded that the trusted service management server is sent according to the upgrade request;The significant data that the trusted service management server is sent is received, and the received significant data is loaded into the more new version of the application to be upgraded.
Description
This application claims on October 9th, 2017 submit Patent Office of the People's Republic of China, application No. is 201710931301.X, the priority of the Chinese patent application of entitled " a kind of upgrade method and relevant device of security element application ", entire contents are hereby incorporated by reference in the application.
This application involves the upgrade methods and relevant device of the application in field of communication technology more particularly to a kind of safety element.
With the rapid development of mobile terminals, the function of mobile terminal is more and more, and the requirement to the safety of mobile terminal is also higher and higher.There are three types of application environments for the mobile terminal of mainstream, from low to high successively by safety are as follows: rich performing environment (rich execution environment, REE), credible performing environment (trusted execution environment,) and safety element (secure element TEE, SE), the application wherein run is successively called: Client application (client application, CA), the application (Applet) in trusted application (TEE application, TA) and SE.TEE is to operate in one of primary processor secure operating environment, and the secure launch process of TEE is to need through verifying, and its secure launch process is separated with REE.It operates between each application program under TEE and is independent from each other, and it cannot be accessed mutually in the case where unauthorized between each application program, guarantee that the resource of application program and the treatment process of data under TEE are executed under a trusted context, to provide security service for REE operating system.The many applications (Applet) being mounted in mobile phone safe element (SE) are all important, with individual bankroll or identity binding, such as bank electronic is paid in cash, all-purpose card payment, electronic identifications (electronic identity, eID) etc..Some SE, which are applied, itself can store the important informations such as user identity, the amount of money.
Due to version defect, the reasons such as business scenario variation, the Applet in SE also has the needs of upgrading.Existing scheme provides two kinds of settling modes: first way is: not upgrading direct replacement, such as financial IC card, once it was found that problematic using Applet, the business provider that then financial integrated circuit (integrated circuit, IC) is blocked, which recycles, to be destroyed old card and distributes new card;The second way is: the mobile phone for being equipped with Applet deletes legacy version and related data, then installs new version Applet.
In existing solution, if not upgrading, the safety of Applet can be reduced, security risk is brought;If upgrading, during upgrading to the Applet in SE, significant data is deleted, and cannot be restored after upgrading, be caused to lose accordingly.It for different Applet, can be needed to define significant data according to business, for example, the amount of money can be defined as significant data by bus card Applet, identity information is defined as significant data by electronic identifications eID.
Summary of the invention
The embodiment of the present application provides the upgrade method and relevant device of the application in a kind of safety element, and for improving the safety of the application in safety element, and during ensureing the application upgrade in safety element, user data is not lost.
The application first aspect provides a kind of upgrade method of the application in safety element, comprising: mobile terminal receives the upgrade command of corresponding application to be upgraded, which can be triggered by trusted service management server or user;Mobile terminal sends the upgrade request of the corresponding application to be upgraded to trusted service management server, the version information of the application to be upgraded can be carried in the upgrade request in response to the upgrade command;Mobile terminal sends institute to the trusted service management server
State the significant data of application to be upgraded;Mobile terminal deletes the current version of the application to be upgraded in the safety element SE, and the current version of the application to be upgraded includes the significant data;Mobile terminal receives and installs the more new version for the application to be upgraded that the trusted service management server is sent according to the upgrade request;Mobile terminal receives the significant data that the trusted service management server is sent, and the received significant data is loaded into the more new version of the application to be upgraded.The embodiment of the present application, mobile terminal upgrade the application in safety element, improve the safety of security element application, and ensure that user data is not lost in security element application escalation process.
In a kind of possible design, in the first implementation of the embodiment of the present application first aspect, before the significant data for sending the application to be upgraded to trusted service management server, the upgrade method a further include: reading mode is set for the current version of the application to be upgraded by the SE.In the embodiment of the present application, the process for setting the application to be upgraded to reading mode is increased, keeps the embodiment of the present application more perfect in step.
In a kind of possible design, in second of implementation of the embodiment of the present application first aspect, the mobile terminal includes running to have security application TA in credible performing environment TEE and rich performing environment REE, the TEE, and operation has client application CA in the REE;Before the upgrade request for sending the corresponding application to be upgraded to trusted service management server, the method also includes: the upgrade request of the application to be upgraded is generated by the TA, the upgrade request of the application to be upgraded includes the mark of the application to be upgraded, alternatively, including the mark and the information of the current version of the application to be upgraded of the application to be upgraded.The embodiment of the present application increases the process for generating the upgrade request of the application to be upgraded, makes the embodiment of the present application with more logicality.
In a kind of possible design, in the third implementation of the embodiment of the present application first aspect, the upgrade command of corresponding application to be upgraded is inputted by user;Before sending the upgrade request of the corresponding application to be upgraded and the significant data of the transmission application to be upgraded to trusted service management server, the method also includes: the input for being used to verify identity of the user is received by the TA or the CA;The input for verifying identity of the user is authenticated by the TA, and the authentication is passed.The embodiment of the present application increases the process authenticated for verifying the input of identity to user, increases the implementation of the embodiment of the present application.
In a kind of possible design, in the 4th kind of implementation of the embodiment of the present application first aspect, after the upgrade request for sending the corresponding application to be upgraded to trusted service management server, before the significant data for sending the application to be upgraded to the trusted service management server, the upgrade method further include: by the SE receive described in can service manager server send upload data command;The significant data for sending the application to be upgraded to the trusted service management server includes, and in response to the upload data command, Xiang Suoshu trusted service management server sends the significant data of the application to be upgraded.In the embodiment of the present application, increases mobile terminal and receive the process for uploading data command, keep the embodiment of the present application more perfect in step.
The application second aspect provides a kind of upgrade method of the application in safety element, is executed by trusted service management server, and the upgrade method includes: the upgrade request that trusted service management server receives the correspondence application to be upgraded that mobile terminal is sent;Trusted service management server receives the significant data for the application to be upgraded that the mobile terminal is sent;Trusted service management server saves the significant data of the application to be upgraded;Trusted service management server sends the more new version of the application to be upgraded according to the upgrade request to the mobile terminal;Trusted service management server sends the significant data of the application to be upgraded to the mobile terminal.The embodiment of the present application, trusted service management server upgrade the application in safety element, improve the safety of security element application, and ensure that user data is not lost in security element application escalation process.
In a kind of possible design, in the first implementation of the embodiment of the present application second aspect, after the significant data for receiving the application to be upgraded that the mobile terminal is sent, before the significant data for saving the application to be upgraded, the upgrade method further include: the corresponding data stored in the total data of the significant data and the trusted service management server are compared, and compare success.The embodiment of the present application increases the process verified to the total data of significant data, increases the realizability and operability of the embodiment of the present application.
In a kind of possible design, in second of implementation of the embodiment of the present application second aspect, after the significant data for receiving the application to be upgraded that the mobile terminal is sent, before the significant data for saving the application to be upgraded, the upgrade method further include: the corresponding data stored in the part of the significant data and the trusted service management server are compared, and compare success.The embodiment of the present application increases the process verify to the partial data of significant data, increases the realizability and operability of the embodiment of the present application.
In a kind of possible design, in the third implementation of the embodiment of the present application second aspect, after the upgrade request for receiving the correspondence application to be upgraded that mobile terminal is sent, before the significant data for receiving the application to be upgraded that the mobile terminal is sent, the upgrade method further include: Xiang Suoshu mobile terminal, which is sent, uploads data command, and the upload data command is used to indicate the mobile terminal and uploads the significant data.The embodiment of the present application increases the process for sending and uploading data command, makes the embodiment of the present application with more logicality.
In a kind of possible design, in the 4th kind of implementation of the embodiment of the present application second aspect, the upgrade request of the application to be upgraded includes version information, before the more new version for sending the application to be upgraded, the upgrade method further include: judge whether the application to be upgraded needs to be updated version according to the version information of the application to be upgraded, and judging result is more new version.The embodiment of the present application increases and judges the process to be upgraded applied and whether need to be updated version, increases the implementation of the embodiment of the present application.
In a kind of possible design, in the 5th kind of implementation of the embodiment of the present application second aspect, before the upgrade request for receiving the correspondence application to be upgraded that mobile terminal is sent, the upgrade method further include: Xiang Suoshu mobile terminal sending application upgrade command, the application upgrade order are used to indicate the mobile terminal and upgrade to the application to be upgraded in safety element.The embodiment of the present application increases trusted service management server to the process of the mobile terminal sending application upgrade command, increases the implementation of the embodiment of the present application.
The application third aspect provides a kind of mobile terminal, and the mobile terminal has safety element, and the safety element is equipped at least one application, and the mobile terminal includes: the first receiving unit, for receiving the upgrade command of corresponding application to be upgraded;First transmission unit, for sending the upgrade request of the corresponding application to be upgraded to trusted service management server in response to the upgrade command;Second transmission unit, for sending the significant data of the application to be upgraded to the trusted service management server;Unit is deleted, for deleting the current version of the application to be upgraded in the safety element SE, the current version of the application to be upgraded includes the significant data;First processing units, for receiving and installing the more new version for the application to be upgraded that the trusted service management server is sent according to the upgrade request;The second processing unit, the significant data sent for receiving the trusted service management server, and the received significant data is loaded into the more new version of the application to be upgraded.The embodiment of the present application, mobile terminal upgrade the application in safety element, improve the safety of security element application, and ensure that user data is not lost in security element application escalation process.
In a kind of possible design, in the first implementation of the embodiment of the present application third aspect, the mobile terminal further include: setting unit before the significant data for sending the application to be upgraded to trusted service management server, leads to
It crosses the SE and sets a reading mode for the current version of the application to be upgraded.In the embodiment of the present application, the process for setting the application to be upgraded to reading mode is increased, keeps the embodiment of the present application more perfect in step.
In a kind of possible design, in second of implementation of the embodiment of the present application third aspect, the mobile terminal includes running to have security application TA in credible performing environment TEE and rich performing environment REE, the TEE, and operation has client application CA in the REE;The mobile terminal further include: generation unit, before upgrade request for sending from the corresponding application to be upgraded to trusted service management server, the upgrade request of the application to be upgraded is generated by the TA, the upgrade request of the application to be upgraded includes the mark of the application to be upgraded, alternatively, including the mark and the information of the current version of the application to be upgraded of the application to be upgraded.The embodiment of the present application increases the process for generating the upgrade request of the application to be upgraded, makes the embodiment of the present application with more logicality.
In a kind of possible design, in the third implementation of the embodiment of the present application third aspect, the upgrade command of corresponding application to be upgraded is inputted by user;The mobile terminal further include: the second receiving unit, for receiving the input for being used to verify identity of the user by the TA or the CA before sending the upgrade request of the corresponding application to be upgraded and the significant data of the transmission application to be upgraded to trusted service management server;Authenticating unit, for being authenticated by the TA to the input for verifying identity of the user, and the authentication is passed.The embodiment of the present application increases the process authenticated for verifying the input of identity to user, increases the implementation of the embodiment of the present application.
In a kind of possible design, in the 4th kind of implementation of the embodiment of the present application third aspect, the mobile terminal further include: third receiving unit, for after the upgrade request for sending the corresponding application to be upgraded to trusted service management server, before the significant data for sending the application to be upgraded to the trusted service management server, by the SE receive described in can service manager server send upload data command;Second transmission unit is specifically used for, and in response to the upload data command, Xiang Suoshu trusted service management server sends the significant data of the application to be upgraded.In the embodiment of the present application, increases mobile terminal and receive the process for uploading data command, keep the embodiment of the present application more perfect in step.
The application fourth aspect provides a kind of trusted service management server, and the trusted service management server includes: the first receiving unit, the upgrade request of the correspondence application to be upgraded for receiving mobile terminal transmission;Second receiving unit, for receiving the significant data for the application to be upgraded that the mobile terminal is sent;Storage unit, for saving the significant data of the application to be upgraded;First transmission unit, for sending the more new version of the application to be upgraded to the mobile terminal according to the upgrade request;Second transmission unit, for sending the significant data of the application to be upgraded to the mobile terminal.The embodiment of the present application, trusted service management server upgrade the application in safety element, improve the safety of security element application, and ensure that user data is not lost in security element application escalation process.
In a kind of possible design, in the first implementation of the embodiment of the present application fourth aspect, the trusted service management server further include: the first comparing unit, for after the significant data for receiving the application to be upgraded that the mobile terminal is sent, before the significant data for saving the application to be upgraded, the corresponding data stored in the total data of the significant data and the trusted service management server are compared, and compare success.The embodiment of the present application increases the process verified to the total data of significant data, increases the realizability and operability of the embodiment of the present application.
In a kind of possible design, in second of implementation of the embodiment of the present application fourth aspect, the trusted service management server further include: the second comparing unit, for after the significant data for receiving the application to be upgraded that the mobile terminal is sent, before the significant data for saving the application to be upgraded, the corresponding data stored in the partial data of the significant data and the trusted service management server are compared, and compare success.The embodiment of the present application increases
To the process of the partial data of significant data verify, the realizability and operability of the embodiment of the present application are increased.
In a kind of possible design, in the third implementation of the embodiment of the present application fourth aspect, the trusted service management server further include: third transmission unit, for after the upgrade request for receiving the correspondence application to be upgraded that mobile terminal is sent, before the significant data for receiving the application to be upgraded that the mobile terminal is sent, it is sent to the mobile terminal and uploads data command, the upload data command is used to indicate the mobile terminal and uploads the significant data.The embodiment of the present application increases the process for sending and uploading data command, makes the embodiment of the present application with more logicality.
In a kind of possible design, in the 4th kind of implementation of the embodiment of the present application fourth aspect, the upgrade request of the application to be upgraded includes version information, the trusted service management server further include: judging unit, for before the more new version for sending the application to be upgraded, judge whether the application to be upgraded needs to be updated version according to the version information of the application to be upgraded, and judging result is more new version.The embodiment of the present application increases and judges the process to be upgraded applied and whether need to be updated version, increases the implementation of the embodiment of the present application.
In a kind of possible design, in the 5th kind of implementation of the embodiment of the present application fourth aspect, the trusted service management server further include: the 4th transmission unit, for before the upgrade request for receiving the correspondence application to be upgraded that mobile terminal is sent, to the mobile terminal sending application upgrade command, the application upgrade order is used to indicate the mobile terminal and upgrades to the application to be upgraded in safety element.The embodiment of the present application increases trusted service management server to the process of the mobile terminal sending application upgrade command, increases the implementation of the embodiment of the present application.
The 5th aspect of the application provides a kind of mobile terminal, including, memory, transceiver and at least one processor, program code is stored in the memory, the memory, the transceiver and at least one described processor are interconnected by route, and the processor runs the code to instruct method described in any one of above-mentioned first aspect of the mobile terminal execution.
The 6th aspect of the application provides a kind of trusted service management server, it include: memory, transceiver and at least one processor, program code is stored in the memory, the memory, the transceiver and at least one described processor are interconnected by route, and the processor runs the code to instruct the trusted service management server to execute method described in any one of above-mentioned second aspect.
The 7th aspect of the application provides a kind of computer readable storage medium, program code is stored in the computer readable storage medium, when run on a computer, so that computer executes method described in above-mentioned first aspect.
The eighth aspect of the application provides a kind of computer readable storage medium, and program code is stored in the computer readable storage medium, when run on a computer, so that computer executes method described in above-mentioned second aspect.
The 9th aspect of the application provides a kind of computer program product comprising instruction, when run on a computer, so that computer executes method described in above-mentioned first aspect.
The tenth aspect of the application provides a kind of computer program product comprising instruction, when run on a computer, so that computer executes method described in above-mentioned second aspect.
Fig. 1 is the network architecture schematic diagram of the embodiment of the present application application;
Fig. 2A is a structural schematic diagram of mobile terminal in the embodiment of the present application;
Fig. 2 B is a structural schematic diagram of trusted service management server in the embodiment of the present application;
Fig. 3 is upgrade method one embodiment schematic diagram of the application in the embodiment of the present application in safety element;
Fig. 4 is the upgrade method of application another embodiment schematic diagram in the embodiment of the present application in safety element;
Fig. 5 is one embodiment schematic diagram of mobile terminal in the embodiment of the present application;
Fig. 6 is another embodiment schematic diagram of mobile terminal in the embodiment of the present application;
Fig. 7 is one embodiment schematic diagram of trusted service management server in the embodiment of the present application;
Fig. 8 is another embodiment schematic diagram of trusted service management server in the embodiment of the present application.
The embodiment of the present application provides the upgrade method and relevant device of the application in a kind of safety element, and for improving the safety of the application in safety element, and during ensureing the application upgrade in safety element, user data is not lost.
In order to make those skilled in the art more fully understand application scheme, below in conjunction with the attached drawing in the embodiment of the present application, the embodiment of the present application is described.
The description and claims of this application and the (if present)s such as term " first " in above-mentioned attached drawing, " second ", " third ", " the 4th " are to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that the data used in this way are interchangeable under appropriate circumstances, so that the embodiments described herein can be implemented with the sequence other than the content for illustrating or describing herein.Furthermore, term " includes " or " having " and its any deformation, it is intended to cover and non-exclusive includes, such as, the process, method, system, product or equipment for containing a series of steps or units those of are not necessarily limited to be clearly listed step or unit, but may include other step or units being not clearly listed or intrinsic for these process, methods, product or equipment.
The embodiment of the present application can be applied to the network architecture as shown in Figure 1, in the network architecture, including mobile terminal and trusted service management (trusted service management, TSM) server, wherein, according to global platform tissue (Global Platform, GP) the definition in relevant criterion, TSM server is divided into two classes: trusted servers management (the secure element issuer trusted service management of safety element provider, SEI-TSM) server and service supplier's trusted service management (service provider trusted service mana Gement, SP-TSM).SEI-TSM is responsible for SE provider and provides SE life cycle and security domain management service, and SP-TSM is responsible for service provider and provides application life cycles service.There are three types of application environments for mobile terminal, it is respectively as follows: rich performing environment (rich execution environment, REE), credible performing environment (trusted execution environment, TEE) and safety element (secure element, SE).
It is interacted between mobile terminal and server by exit passageway realization, realizes the upgrading to the application (Applet) in the safety element SE in mobile terminal, wherein exit passageway is the safe and reliable transmission environment for being used for transmission interaction data.The defined significant data of business provider of Applet to be upgraded is packaged into significant data packet and is sent to TSM server by mobile terminal, mobile terminal again deletes the current version of the Applet to be upgraded, and the latest edition or particular version of the Applet to be upgraded is downloaded from server, it is understood that version updating (i.e. particular version update) of the particular version than current version.After the latest edition of Applet is installed, the significant data packet that mobile terminal uploads before server downloading, significant data in significant data packet is imported in the latest edition Applet for having downloaded installation or in the Applet of particular version, to complete the version updating to Applet to be upgraded.
It should be noted that TA is the application operated in TEE, the processor and memory of accessible mobile terminal, Applet
For the application in SE, safety element SE can be there are many form, microSD card etc. including the chip being embedded in SIM card (be typically moved operator as security module), mobile phone and directly with the connection of wireless near field communication (near field communication, NFC) chip.SE is one piece of independent chip in mobile terminal, also can establish exit passageway between TEE and SE, the data interaction between TA and Applet can be transmitted by exit passageway.TEE has the execution space of its own, higher than the security level of REE operating system, and TEE is not independent physical security chip, but the security architecture to overlap with the hardware structure of application processor used at present.The software and hardware resources that TEE can be accessed are separated with REE operating system, and the isolation of hardware supported is provided.Application in SE can be the application such as cellphone shield, eID, bank card, bus card, TEE Client API V1.0 standard and TEE Internal API V1.0 standard can be respectively adopted in the TEE Client API and TEE Internal API, be as shown in Figure 2 A a kind of composition schematic diagram of mobile terminal of the embodiment of the present application.Hardware components therein may include: memory, processor and communication unit.The memory is used for the program code and data of memory mobile terminal, such as the protected field in the memory can store credible performing environment operating system (trusted execution environment operating system, TEE OS) and TEE in application (TEE application, TA), the non-protected areas of the memory can store rich performing environment operating system (rich execution environment operating system, REE OS) and TEE in application (REE application, CA), memory in SE can store card operation system (ca Rd operating system, COS) and various applications etc..Processor (or controller), such as it can be central processing unit (central processing unit, CPU), general processor, digital signal processor (digital signal processor, DSP), specific integrated circuit (application-specific integrated circuit, ASIC), field programmable gate array (field programmable gate array, ) or other programmable logic device FPGA, transistor logic, hardware component or any combination thereof, such as, the processor may include the processor in application processor chip, with the processor in SE, It is respectively used to run various program codes above-mentioned to instruct mobile terminal to complete the various operations of description of the embodiment of the present invention.The communication unit can be radio circuit etc., for interacting between trusted service management server.
Optionally; the embodiment of the present application also provides a kind of mobile terminal; it does not include SE; the mobile terminal has memory, processor and communication unit, the memory program code and data; such as protected field can store TEE OS and TA in the memory; the non-protected areas of the memory can execute the program code in the memory with REE OS and CA, the processor to instruct the mobile terminal to complete the operation in following methods embodiment, to realize the interaction with SE and trusted service management server.
Fig. 2 B is a kind of structural schematic diagram of trusted service management server provided by the embodiments of the present application, the trusted service management server 200 can generate bigger difference because configuration or performance are different, it may include one or more processors (central processing units, CPU) 201 (such as, one or more processors) and storage medium 208, the storage medium 208 (such as one or more mass memory units) of one or more storage application programs 207 or data 206.Wherein, storage medium 208 can be of short duration storage or persistent storage.The program for being stored in storage medium 208 may include one or more modules (diagram does not mark), and each module may include to a series of codes in trusted service management server.Further, processor 201 can be set to communicate with storage medium 208, processor 201 is the control centre of trusted service management server, using the various pieces of various interfaces and the entire trusted service management server of connection, by running or executing the software program and/or module that are stored in storage medium 208, and the data being stored in storage medium 208 are called, the various functions and processing data of trusted service management server are executed, to realize safety
The upgrading of application in element.
Storage medium 208 can be used for storing software program and module, and processor 201 is stored in the software program and module of storage medium 208 by operation, thereby executing the various function application and data processing of trusted service management server 200.Storage medium 208 can mainly include storing program area and storage data area, wherein storing program area can application program (for example judging whether Applet needs to be updated version etc.) needed for storage program area, at least one function etc.;Storage data area, which can be stored, uses created data (such as upload data command etc.) etc. according to trusted service management server.In addition, storage medium 208 may include high-speed random access memory, it can also include nonvolatile memory, a for example, at least disk memory, flush memory device or other volatile solid-state parts.The program of the upgrade method of the security element application provided in the embodiment of the present application and the data flow received store in memory, and when it is desired to be used, processor 201 is called from storage medium 208.
Trusted service management server 200 can also include one or more power supplys 202, one or more wired or wireless network interfaces 203, one or more input/output interfaces 204, and/or one or more operating systems 205, such as Windows Serve, Mac OS X, Unix, Linux, FreeBSD etc..It will be understood by those skilled in the art that trusted service management server structure shown in Fig. 2 B does not constitute the restriction to trusted service management server, it may include perhaps combining certain components or different component layouts than illustrating more or fewer components.
For ease of description, term involved in the embodiment of the present application is illustrated.Mobile terminal described in this application can be provided simultaneously with the mobile terminal of tri- kinds of security contexts of REE, TEE and SE for mobile phone, tablet computer etc.;Server described in this application is trusted service management server, trusted service management server can specifically include trusted service management (the secure element issuer trusted service management of safety element publisher, SEI-TSM) system and the management of service supplier's trusted service (Service Provider trusted service management, SP-TSM) system;Application upgrade order (Applet upgrade command) in the embodiment of the present application can be carried out operation triggering by user and either be generated and sent by trusted service management server to mobile terminal;The first application upgrade request (Applet upgrade request) to be upgraded in the embodiment of the present application is generated by CA according to application upgrade order, second application upgrade request to be upgraded is generated by TA according to the first application upgrade request to be upgraded, and the second application upgrade request to be upgraded can carry the version information of application to be upgraded, and the version information of application to be upgraded can also be sent to trusted service management server separately as a message;The version for the application to be upgraded that mobile terminal is downloaded from trusted service management server can be latest edition, it is also possible to the particular version updated, the particular version can satisfy the specific safety requirement of the business provider of application to be upgraded, and the embodiment of the present application is illustrated by taking latest edition as an example.Significant data in the embodiment of the present application is defined by the business provider of application to be upgraded, Applet is applied for different, the significant data of definition can be the same or different, such as, the amount of money can be defined as significant data by the business provider of bus card Applet, and identity information can be defined as significant data by the business provider of electronic identifications eID.In the embodiment of the present application, Applet upgrade request can be triggered by user, be can also be and triggered by server.
For ease of understanding, the detailed process of the embodiment of the present application is described below, referring to Fig. 3, one embodiment of the upgrade method of the application in the embodiment of the present application in safety element includes:
301, CA receives the application upgrade order of user.
User has found that at least one of safety element needs to upgrade (Applet i.e. to be upgraded is upgraded) using Applet, then user triggers target Applet upgrading in CA during using mobile terminal according to the needs of itself
Order.It illustrates, for user in the bus card function course using mobile terminal, the notification information sent by public transport company finds that the version of bus card may need to be updated version, then user finds bus card application in the set interface of mobile terminal, and selects upgrading bus card.It should be noted that Applet upgrade command can be received and be parsed by CA, and parsing result is transmitted to TA;It can also be to be forwarded the Applet upgrade command by CA and only play forwarding to TA, CA, TA reception parses the Applet upgrade command after receiving the Applet upgrade command.
It can be understood that, after user triggers upgrade command on mobile terminals, before mobile terminal completes more new version and the significant data of application to be upgraded, mobile terminal keeps network connecting function in the open state and can carry out network downloading, such as, mobile terminal can not execute the operation that user closes network connecting function, to ensure that mobile terminal can go on smoothly the escalation process of Applet to be upgraded.
302, the first application upgrade request to be upgraded is sent to TA by CA.
CA is according to the application upgrade order of user in the REE of mobile terminal, and into TEE, TA sends the first application upgrade request to be upgraded, and the mark of application to be upgraded is carried in first application request to be upgraded, determines the Applet for needing to upgrade for TA.For example, bus card CA sends bus card application upgrade request to TA by the transmission channel between REE and TEE, the identification information for distinguishing other Applet is at least carried in bus card application upgrade request according to the upgrade command of user in REE.
303, TA authenticates the first application upgrade request to be upgraded.
The TA of mobile terminal carries out authentication to user, the means utilized include but is not limited to personal identification number (personal identification number, PIN), fingerprint, iris, the verifying such as recognition of face, it is triggered using verifying the Applet updating operation as the owner of mobile terminal, such as, it is verified when using PIN code, when PIN code pre-stored in mobile terminal is identical as the PIN code that user inputs, then determine that the first application upgrade request operation to be upgraded is that the owner of mobile terminal triggers, TA determines that the first application upgrade request to be upgraded generated is legal, TA is according to the version information of the first application upgrade request corresponding A pplet to be upgraded.TA can use security capabilities possessed by TEE, including but not limited to trusted users interface (trusted user interface, TUI), secure storage, safe biologic recognition capability, trusted clock etc..
By taking finger print identifying as an example, specifically, after user inputs upgrade command by CA, for TA after the corresponding upgrade request for getting CA generation, TA provides a user verifying interface, such as, TA reminds user's checking finger print information, and user carries out fingerprint typing operation according to prompt, and TA calls mobile terminal to identify the fingerprint of user's typing, for example, can directly be acquired by the fingerprint acquisition device on mobile terminal or be acquired by touch screen;TA matches collected finger print information with finger print information stored in mobile terminal, if matching, then determine that the owner that Applet updating operation is mobile terminal triggers, TA determine generate the Applet upgrade request be it is legal, TA according to the Applet upgrade request obtain corresponding A pplet version information.It is understood that being used as the information such as PIN and the finger print information of matching template before being matched, it has been stored in the memory of mobile terminal, when it is desired to be used, TA is called from memory.Wherein, mobile terminal has the functional module for carrying out fingerprint collecting.
By taking PIN code authenticates as an example, specifically, after user inputs upgrade command by CA, TA is after the corresponding first application upgrade request to be upgraded for getting CA generation, TA provides a user PIN code of the credible input frame to acquire user's input, and TA judges whether the PIN code of user's input is correct;If correct, the Applet updating operation that the owner that the updating operation is mobile terminal actively carries out can be confirmed, the first application upgrade request to be upgraded that TA determines that CA is generated is
Legal, TA corresponds to the version information of application to be upgraded according to the first application upgrade request to be upgraded;If incorrect, other operations are executed, for example, verifying again once, or terminate this Applet updating operation, specifically herein without limitation.
It is understood that PIN code is stored and is verified by TA.The PIN code can modify according to the needs of users.
304, TA obtains the version information of application to be upgraded to Applet.
TA is sent to Applet obtains Applet version (GET APPLET VERSION) order, and the key pair upgrading data of Applet agreement are encrypted and signed, and return to TA.Upgrading data packet includes SE ID, current version information of application to be upgraded etc..Specifically, the key of agreement can be secure storage key (secure storage key, SSK), such as, the value of SSK in different mobile terminal devices is different, will use chip ID and HUK when TEE starting and calculates the value for obtaining SSK by hash operation message authentication code (hash-based message authentication code, HMAC), wherein, HUK and chip ID is preset in the chip of mobile terminal.It can also be other keys such as trusted application storage key (trusted applicant storage key, TASK), specifically herein without limitation.
It is understood that under normal circumstances, obtaining two a pair of of keys that are entirely different but being exact matching: public key and private key by asymmetrical encryption algorithm.When using asymmetrical encryption algorithm encryption file, need to complete using matched two pairs of public keys and private key to encryption of plaintext and decrypting process.It is encrypted when being encrypted to data using Target Public Key, use and Target Public Key matched private key is needed when data are decrypted, to complete encrypting and decrypting process.It when mobile terminal signs to data, is signed using target private key, trusted service management server identifies the signature after receiving the data, using with the matched public key of target private key.Before sending the data after encryption and signature, mobile terminal must be sent to trusted service management server by the private key to match with Target Public Key, with the public key that target private key matches, and oneself retains target private key and Target Public Key.
305, the version information of the second application upgrade request to be upgraded and application to be upgraded is sent to trusted service management server by TA.
The version information of second application upgrade request to be upgraded and application to be upgraded is sent to trusted service management (trusted service management by TA, TSM) server, wherein, the version information of application to be upgraded can be carried in the second application upgrade request to be upgraded, it can also be sent to TSM server separately as a message, the version information with upgrade application encrypt and signed by TA.
306, TSM server judges whether application to be upgraded needs to be updated version.
TSM server analyzes the second application upgrade request to be upgraded, gets the identification information of application to be upgraded, and TSM server judges whether application to be upgraded needs to be updated version according to the identification information of Applet and the version information of application to be upgraded;If currently Applet version has been newest, do not need to update, notice mobile terminal does not need to be updated, for example, notify the current Applet version of user be it is newest, do not need to be upgraded, either, notice mobile terminal application to be upgraded does not have renewable new version;If currently Applet version is not newest, need to be updated Applet version, executes step 307.It can be understood that, the corresponding business provider of different Applet can also TSM server to oneself using other business strategies, business strategy is the execution standard that business provider formulates according to their business needs, such as, the business strategy of the business provider of bus card can be with are as follows: if the version of bus card application be not it is newest, prompt to be upgraded when mobile terminal is using bus card function;The business strategy of the business provider of bus card can be with are as follows: if the version of bus card application be not it is newest, in the case where mobile terminal is connected to wireless network, user is prompted to upgrade bus card application.
Specifically, TSM server notifies CA via TA when Applet does not need to be updated, upgrading is terminated, specifically, TSM can issue the order for terminating upgrading, so that mobile terminal stops Applet escalation process.When Applet needs to be updated, TSM server establishes exit passageway with Applet, issues upload data command, is used to indicate mobile terminal and uploads significant data.
307, itself is locked BLOCK by Applet.
Itself is locked BLOCK by Applet, and specific form can be, and is a reading mode by the attribute modification of Applet, the data of Applet cannot modify, so that significant data cannot be updated again.Applet be packaged to each significant data by agreement format to summarize, form significant data packet, wherein, significant data packet may include significant data and the mount message of application to be upgraded etc., agreement format can take various forms, for example, it may be common IP data packet format, it can also be extended formatting, specifically herein without limitation.
Such as, bus card Applet can be according to the amount of money that the business provider of bus card defines as significant data, bus card Applet is after by BLOCK, the amount of money therein cannot change again, mobile terminal can not use bus card business function, for example, cannot reuse bus card function carries out paid service of swiping the card.
It should be noted that business provider needs the Applet for oneself to define significant data and its format, and make its TSM server can be with the same significant data of identifying processing and its format.
It is understood that significant data packet carries out the collection of data inside SE, summarizes and be packaged, concrete processing procedure is herein without limitation.
308, Applet sends significant data to TSM server.
Applet sends the response for uploading data (UPLOAD DATA) and ordering to TSM server by exit passageway, and the response of the upload data command includes the significant data.
It should be noted that, the available transmission channel of maturation that exit passageway is established between TSM server and SE, exit passageway provides necessary safety guarantee for significant data, the specific establishment process of exit passageway is same as the prior art, for example, can use Secure Socket Layer (Secure Sockets Layer, SSL) agreement and/or Transport Layer Security (Transport Layer Security, TLS) agreement establishes exit passageway, and details are not described herein again.In addition to exit passageway transmits significant data packet, Applet, which can choose, carries out ciphering signature with specific key pair significant data packet again, to further increase safety.In this case, TSM server also needs to be decrypted by corresponding logic and signature verification.
309, TSM server verifies significant data.
TSM server verifies significant data.When TSM server receives the upload data command response that Applet is sent, and when getting the significant data packet carried in upload data command response, data some or all of in the significant data packet are compared with the data being stored in advance on TSM server with the correctness to confirm significant data, such as, when carrying out partial data comparison, according to presetting rule selected section data in data in significant data packet, and the data stored in the partial data and TSM server are verified, such as, using IP checking algorithm, the data that the corresponding data stored from the data and trusted service management for selecting 20 byte lengths in data is compared.Data command response is uploaded when TSM server does not receive in preset time period, such as, it is not received by within 3 minutes and uploads data command response, or according to strategy terminate upgrading (such as, significant data packet compares unsuccessful, think there is serious security problem, determine that significant data packet is incorrect), then TSM server can issue deblocking UNBLOCK order to Applet, and CA more new version is notified to fail, and it is mobile after receiving UNBLOCK order, release the locking to Applet, specifically, the attribute of Applet is set from only reading mode
It is set to read-write mode;Or TSM server does not send out UNBLOCK order, keeps the BLOCK state of the Applet, the attribute of Applet is a reading mode always, and other equipment can only be read out the data of Applet, can not modify to data.
It should be noted that when the data in trusted service management server are asynchronous with the data in mobile terminal, mobile terminal execution above-mentioned steps 308 and 309;When the data in trusted service management server are synchronous with the data in mobile terminal, mobile terminal does not need to upload significant data, significant data inventory only need to be uploaded (i.e., step 308 and 309 are replaced with into the step of reporting significant data inventory), after mobile terminal downloads the more new version of application to be upgraded, the corresponding significant data of significant data inventory is issued to mobile terminal by trusted service management server.
310, TSM server sends the more new version of application to be upgraded to mobile terminal.
TSM server sends the more new version of the application to be upgraded to mobile terminal.Specifically, TSM server issues DELETE order to SE, SE deletes the current version of the Applet.After completing the deletion of current version of Applet, TSM server issues LOAD, INSTALL order to SE, and LOAD, INSTALL order are executed by SE, and SE downloads the more new version of application to be upgraded from server and installs.
It should be noted that the Applet in SE after the CA being different from REE, SE must delete the Applet of legacy version, can just download the Applet of new version when carrying out upgrading update.
311, it is synchronous to carry out data to the Applet of more new version for TSM server.
TSM server issues STORE DATA order to the Applet of new version, and significant data and other relevant informations (for example, the relevant information unsealed for treating upgrade application) are synchronized to the Applet of new version.TSM server can issue other orders to Applet, such as download command, keep the download function of Applet completely open-minded, such as, downloadable authentication order is sent to the U-shield Applet of mobile terminal, so that U-shield Applet completes the downloading of safety certificate, it can also be other orders, specifically herein without limitation.
It should be noted that also needing sufficiently to ensure the safety of Data Migration using the exit passageway between SE and TSM server during the significant data in significant data packet is downloaded mobile terminal.
312, TSM server notice updates Applet success.
TSM server can receive the message of the Applet feedback of more new version after by the more new version for being loaded into application to be upgraded of significant data in significant data packet, update Applet success with confirmation.TSM server is shown via CA to user as a result, user is prompted to update Applet success.
In the embodiment of the present application, after user selects triggering Applet upgrading, significant data packing is uploaded to TSM server by mobile terminal, the significant data uploaded before is synchronized to the Applet of more new version after Applet new version is installed successfully, the Information Security of security element application Applet is improved, and ensures that user data is not lost in security element application Applet escalation process.
Referring to Fig. 4, another embodiment of the upgrade method of the application in the embodiment of the present application in safety element includes:
401, CA receives the application upgrade order that TSM server is sent.
TSM server is according to the specific policy of business provider, and after determining that at least one of safety element application Applet needs to upgrade, TSM server receives the Applet upgrade command that TSM server is sent by CA to CA sending application upgrade command, mobile terminal.It illustrates, for the bus card function of mobile terminal, the business provider (bus card company) of the bus card function is according to specific policy, such as, it determines and is upgraded or found original version Applet to service platform there are considerable safety loophole, corresponding bus card Applet is also required to be upgraded to meet the requirement of the service platform after upgrading.Bus card
Company triggers bus card application upgrade on specific opportunity (for example, when mobile phone is in idle condition) by CA sending application upgrade command of the TSM server to mobile terminal in CA.It should be noted that the corresponding business provider of different Applet can also TSM server to oneself using other strategies.
It can be understood that, after TSM server triggers upgrade command on mobile terminals, before mobile terminal completes more new version and the significant data of application to be upgraded, mobile terminal keeps network connecting function in the open state and can carry out network downloading, such as, mobile terminal can not execute the operation that user closes network connecting function, to ensure that mobile terminal can go on smoothly the escalation process of Applet to be upgraded.
402, the first application upgrade request to be upgraded is sent to TA by CA.
Step 402 is similar with step 302, and specific details are not described herein again.
403, whether TA verifies according to preset business provider strategy decision.
Whether TA verifies according to preset business provider strategy decision.If business provider's strategy is verified, verified, if business provider's strategy does not need to verify, thens follow the steps 404.
404, TA obtains the version information of application to be upgraded to Applet.
405, the version information of the second application upgrade request to be upgraded and application to be upgraded is sent to trusted service management server by TA.
Step 404 is similar to step 305 with step 304 to step 405, and specific details are not described herein again.
406, itself is locked BLOCK by Applet.
407, Applet sends significant data to TSM server.
408, TSM server verifies significant data.
409, TSM server sends the more new version of application to be upgraded to mobile terminal.
410, it is synchronous to carry out data to the Applet of more new version for TSM server.
411, TSM server notice updates Applet success.
Step 406 is similar to step 312 with step 307 to step 411, and specific details are not described herein again.
In the embodiment of the present application, after TSM server issues Applet upgrade command to mobile terminal, significant data packing is uploaded to TSM server in escalation process by mobile terminal Applet, after Applet new version is installed successfully, the significant data uploaded before is synchronized in the Applet of more new version, the Information Security of security element application Applet is improved, and ensures that user data is not lost in security element application Applet escalation process.
The upgrade method of the application in safety element in the embodiment of the present application is described above, below in the embodiment of the present application mobile terminal and trusted service management server be described, referring to Fig. 5, one embodiment of mobile terminal includes: in the embodiment of the present application
First receiving unit 501, for receiving the upgrade command of corresponding application to be upgraded;
First transmission unit 502, for sending the upgrade request of the corresponding application to be upgraded to trusted service management server in response to the upgrade command;
Second transmission unit 503, for sending the significant data of the application to be upgraded to the trusted service management server;
Unit 504 is deleted, for deleting the current version of the application to be upgraded in the safety element SE, the current version of the application to be upgraded includes the significant data;
First processing units 505 are sent for receiving and installing the trusted service management server according to the upgrade request
The application to be upgraded more new version;
The second processing unit 506, the significant data sent for receiving the trusted service management server, and the received significant data is loaded into the more new version of the application to be upgraded.
The embodiment of the present application, mobile terminal upgrade the application in safety element, improve the safety of security element application, and ensure that user data is not lost in security element application escalation process.
Referring to Fig. 6, another embodiment of mobile terminal includes: in the embodiment of the present application
First receiving unit 601, for receiving the upgrade command of corresponding application to be upgraded;
First transmission unit 602, for sending the upgrade request of the corresponding application to be upgraded to trusted service management server in response to the upgrade command;
Second transmission unit 603, for sending the significant data of the application to be upgraded to the trusted service management server;
Unit 604 is deleted, for deleting the current version of the application to be upgraded in the safety element SE, the current version of the application to be upgraded includes the significant data;
First processing units 605, for receiving and installing the more new version for the application to be upgraded that the trusted service management server is sent according to the upgrade request;
The second processing unit 606, the significant data sent for receiving the trusted service management server, and the received significant data is loaded into the more new version of the application to be upgraded.
In one example, mobile terminal can further include:
Setting unit 607 before the significant data for sending the application to be upgraded to trusted service management server, sets a reading mode for the current version of the application to be upgraded by the SE.
In one example, mobile terminal can further include:
Generation unit 608, before upgrade request for sending from the corresponding application to be upgraded to trusted service management server, the upgrade request of the application to be upgraded is generated by the TA, the upgrade request of the application to be upgraded includes the mark of the application to be upgraded, alternatively, including the mark and the information of the current version of the application to be upgraded of the application to be upgraded.
In one example, mobile terminal can further include:
Second receiving unit 609, for receiving the input for being used to verify identity of the user by the TA or the CA before sending the upgrade request for corresponding to the application to be upgraded to trusted service management server;
Authenticating unit 610, for being authenticated by the TA to the input for verifying identity of the user, and the authentication is passed.
In one example, mobile terminal can further include:
Third receiving unit 611, for after the upgrade request for sending the corresponding application to be upgraded to trusted service management server, before the significant data for sending the application to be upgraded to the trusted service management server, by the SE receive described in can service manager server send upload data command;
Second transmission unit 609 is specifically used for, and in response to the upload data command, Xiang Suoshu trusted service management server sends the significant data of the application to be upgraded.
In the embodiment of the present application, mobile terminal is after receiving Applet upgrade command, significant data packing is uploaded to TSM server in the escalation process of Applet by mobile terminal, the significant data uploaded before is synchronized to the Applet of more new version after the more new version of Applet is mounted to function, the safety using Applet in safety element is improved, and is ensured
User data is not lost in application Applet escalation process in safety element.
Referring to Fig. 7, one embodiment of trusted service management server includes: in the embodiment of the present application
First receiving unit 701, the upgrade request of the correspondence application to be upgraded for receiving mobile terminal transmission;
Second receiving unit 702, for receiving the significant data for the application to be upgraded that the mobile terminal is sent;
Storage unit 703, for saving the significant data of the application to be upgraded;
First transmission unit 704, for sending the more new version of the application to be upgraded to the mobile terminal according to the upgrade request;
Second transmission unit 705, for sending the significant data of the application to be upgraded to the mobile terminal.
The embodiment of the present application, trusted service management server upgrade the application in safety element, improve the safety of security element application, and user data is not lost during ensureing the application upgrade in safety element.
Referring to Fig. 8, another embodiment of trusted service management server includes: in the embodiment of the present application
First receiving unit 801, the upgrade request of the correspondence application to be upgraded for receiving mobile terminal transmission;
Second receiving unit 802, for receiving the significant data for the application to be upgraded that the mobile terminal is sent;
Storage unit 803, for saving the significant data of the application to be upgraded;
First transmission unit 804, for sending the more new version of the application to be upgraded to the mobile terminal according to the upgrade request;
Second transmission unit 805, for sending the significant data of the application to be upgraded to the mobile terminal.
In one example, trusted service management server can further include:
First comparing unit 806, for after the significant data for receiving the application to be upgraded that the mobile terminal is sent, before the significant data for saving the application to be upgraded, the data stored in the total data of the significant data and trusted service management server are compared, and compare success.
In one example, authentication unit 805 is specifically used for:
Second comparing unit 807, for after the significant data for receiving the application to be upgraded that the mobile terminal is sent, before the significant data for saving the application to be upgraded, the data stored in the partial data of the significant data and trusted service management server are compared, and compare success.
In one example, trusted service management server can further include:
Third transmission unit 808, for after the upgrade request for receiving the correspondence application to be upgraded that mobile terminal is sent, before the significant data for receiving the application to be upgraded that the mobile terminal is sent, it is sent to the mobile terminal and uploads data command, the upload data command is used to indicate the mobile terminal and uploads the significant data.
In one example, trusted service management server can further include:
Judging unit 809, for judging whether the application to be upgraded needs to be updated version according to the version information of the application to be upgraded before the more new version for sending the application to be upgraded.
In one example, trusted service management server can further include:
4th transmission unit 810, for before the upgrade request for receiving the correspondence application to be upgraded that mobile terminal is sent, to the mobile terminal sending application upgrade command, the application upgrade order is used to indicate the mobile terminal and upgrades to the application to be upgraded in safety element.
In the embodiment of the present application, trusted service management server receives the weight of mobile terminal transmission in the escalation process of Applet
Data are wanted, after Applet completes upgrading, the significant data received is synchronized to the Applet of more new version, improves the safety using Applet in safety element, and ensure that user data is not lost in the application Applet escalation process in safety element.
The computer program product includes one or more computer instructions.When loading on computers and executing the computer program instructions, entirely or partly generate according to process or function described in the embodiment of the present application.The computer can be general purpose computer, special purpose computer, computer network or other programmable devices.The computer instruction may be stored in a computer readable storage medium, or it is transmitted from a computer readable storage medium to another computer readable storage medium, such as, the computer instruction can be transmitted from a web-site, computer, server or data center by wired (such as coaxial cable, optical fiber, Digital Subscriber Line (digital subscriber line, DSL)) or wireless (such as infrared, wireless, microwave etc.) mode to another web-site, computer, server or data center.The computer readable storage medium can be any usable medium that computer can store or include the data storage devices such as one or more usable mediums integrated server, data center.The usable medium can be magnetic medium, (for example, floppy disk, hard disk, tape), optical medium (for example, DVD) or semiconductor medium (such as solid state hard disk (solid state disk, SSD)) etc..
If the integrated unit is realized in the form of SFU software functional unit and when sold or used as an independent product, can store in a computer readable storage medium.Based on this understanding, substantially all or part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products the technical solution of the application in other words, the computer software product is stored in a storage medium, it uses including some instructions so that a computer equipment (can be personal computer, server or the network equipment etc.) execute each embodiment the method for the application all or part of the steps.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (read-only memory, ROM), the various media that can store program code such as random access memory (random access memory, RAM), magnetic or disk.
Claims (26)
- A kind of upgrade method of application in safety element, the safety element are equipped at least one application, and the method is by the mobile terminal execution with the safety element, which is characterized in that the described method includes:Receive the upgrade command of corresponding application to be upgraded;In response to the upgrade command, the upgrade request of the corresponding application to be upgraded is sent to trusted service management server;The significant data of the application to be upgraded is sent to the trusted service management server;The current version of the application to be upgraded in the safety element SE is deleted, the current version of the application to be upgraded includes the significant data;Receive and install the more new version for the application to be upgraded that the trusted service management server is sent according to the upgrade request;The significant data that the trusted service management server is sent is received, and the received significant data is loaded into the more new version of the application to be upgraded.
- Upgrade method according to claim 1, which is characterized in that before the significant data for sending the application to be upgraded to trusted service management server, the upgrade method further include:A reading mode is set by the current version of the application to be upgraded by the SE.
- Upgrade method according to claim 1 or 2, which is characterized in that the mobile terminal includes running to have security application TA in credible performing environment TEE and rich performing environment REE, the TEE, and operation has client application CA in the REE;Before the upgrade request for sending the corresponding application to be upgraded to trusted service management server, the method also includes:The upgrade request of the application to be upgraded is generated by the TA, the upgrade request of the application to be upgraded includes the mark of the application to be upgraded, alternatively, including the mark and the information of the current version of the application to be upgraded of the application to be upgraded.
- Upgrade method according to claim 3, which is characterized in that the upgrade command of corresponding application to be upgraded is inputted by user;Before sending the upgrade request of the corresponding application to be upgraded and the significant data of the transmission application to be upgraded to trusted service management server, the method also includes:The input for being used to verify identity of the user is received by the TA or the CA;The input for verifying identity of the user is authenticated by the TA, and the authentication is passed.
- Upgrade method according to any one of claim 1 to 4, it is characterized in that, after the upgrade request for sending the corresponding application to be upgraded to trusted service management server, before the significant data for sending the application to be upgraded to the trusted service management server, the upgrade method further include:By the SE receive described in can service manager server send upload data command;The significant data for sending the application to be upgraded to the trusted service management server includes, and in response to the upload data command, Xiang Suoshu trusted service management server sends the significant data of the application to be upgraded.
- A kind of upgrade method of security element application, is executed by trusted service management server, which is characterized in that the upgrade method includes:Receive the upgrade request for the correspondence application to be upgraded that mobile terminal is sent;Receive the significant data for the application to be upgraded that the mobile terminal is sent;Save the significant data of the application to be upgraded;The more new version of the application to be upgraded is sent to the mobile terminal according to the upgrade request;The significant data of the application to be upgraded is sent to the mobile terminal.
- Upgrade method according to claim 6, which is characterized in that after the significant data for receiving the application to be upgraded that the mobile terminal is sent, before the significant data for saving the application to be upgraded, the upgrade method further include:The corresponding data stored in the total data of the significant data and the trusted service management server are compared, and compare success.
- Upgrade method according to claim 6, which is characterized in that after the significant data for receiving the application to be upgraded that the mobile terminal is sent, before the significant data for saving the application to be upgraded, the upgrade method further include:The corresponding data stored in the partial data of the significant data and the trusted service management server are compared, and compare success.
- The upgrade method according to any one of claim 6 to 8, it is characterized in that, after the upgrade request for receiving the correspondence application to be upgraded that mobile terminal is sent, before the significant data for receiving the application to be upgraded that the mobile terminal is sent, the upgrade method further include:It is sent to the mobile terminal and uploads data command, the upload data command is used to indicate the mobile terminal and uploads the significant data.
- Upgrade method according to any one of claims 6 to 9, which is characterized in that the upgrade request of the application to be upgraded includes version information, before the more new version for sending the application to be upgraded, the upgrade method further include:Judge whether the application to be upgraded needs to be updated version according to the version information of the application to be upgraded, and judging result is more new version.
- Upgrade method according to any one of claims 6 to 9, which is characterized in that before the upgrade request for receiving the correspondence application to be upgraded that mobile terminal is sent, the upgrade method further include:To the mobile terminal sending application upgrade command, the application upgrade order is used to indicate the mobile terminal and upgrades to the application to be upgraded in safety element.
- A kind of mobile terminal, the mobile terminal have safety element, and the safety element is equipped at least one application, which is characterized in that the mobile terminal includes:First receiving unit, for receiving the upgrade command of corresponding application to be upgraded;First transmission unit, for sending the upgrade request of the corresponding application to be upgraded to trusted service management server in response to the upgrade command;Second transmission unit, for sending the significant data of the application to be upgraded to the trusted service management server;Unit is deleted, for deleting the current version of the application to be upgraded in the safety element SE, the current version of the application to be upgraded includes the significant data;First processing units, for receiving and installing the more new version for the application to be upgraded that the trusted service management server is sent according to the upgrade request;The second processing unit, the significant data sent for receiving the trusted service management server, and the received significant data is loaded into the more new version of the application to be upgraded.
- Mobile terminal according to claim 12, which is characterized in that the mobile terminal further include:Setting unit before the significant data for sending the application to be upgraded to trusted service management server, sets a reading mode for the current version of the application to be upgraded by the SE.
- Mobile terminal according to claim 12 or 13, which is characterized in that the mobile terminal includes running to have security application TA in credible performing environment TEE and rich performing environment REE, the TEE, and operation has client application CA in the REE;The mobile terminal further include:Generation unit, before upgrade request for sending from the corresponding application to be upgraded to trusted service management server, the upgrade request of the application to be upgraded is generated by the TA, the upgrade request of the application to be upgraded includes the mark of the application to be upgraded, alternatively, including the mark and the information of the current version of the application to be upgraded of the application to be upgraded.
- Mobile terminal according to claim 14, which is characterized in that the upgrade command of corresponding application to be upgraded is inputted by user;The mobile terminal further include:Second receiving unit, for receiving the input for being used to verify identity of the user by the TA or the CA before sending the upgrade request of the corresponding application to be upgraded and the significant data of the transmission application to be upgraded to trusted service management server;Authenticating unit, for being authenticated by the TA to the input for verifying identity of the user, and the authentication is passed.
- Mobile terminal described in any one of 2 to 15 according to claim 1, which is characterized in that the mobile terminal further include:Third receiving unit, for after the upgrade request for sending the corresponding application to be upgraded to trusted service management server, before the significant data for sending the application to be upgraded to the trusted service management server, by the SE receive described in can service manager server send upload data command;Second transmission unit is specifically used for, and in response to the upload data command, Xiang Suoshu trusted service management server sends the significant data of the application to be upgraded.
- A kind of trusted service management server, which is characterized in that the trusted service management server includes:First receiving unit, the upgrade request of the correspondence application to be upgraded for receiving mobile terminal transmission;Second receiving unit, for receiving the significant data for the application to be upgraded that the mobile terminal is sent;Storage unit, for saving the significant data of the application to be upgraded;First transmission unit, for sending the more new version of the application to be upgraded to the mobile terminal according to the upgrade request;Second transmission unit, for sending the significant data of the application to be upgraded to the mobile terminal.
- Trusted service management server according to claim 17, which is characterized in that the trusted service management server further include:First comparing unit, for after the significant data for receiving the application to be upgraded that the mobile terminal is sent, before the significant data for saving the application to be upgraded, the corresponding data stored in the total data of the significant data and the trusted service management server are compared, and compare success.
- Trusted service management server according to claim 17, which is characterized in that the trusted service management clothes Business device further include:Second comparing unit, for after the significant data for receiving the application to be upgraded that the mobile terminal is sent, before the significant data for saving the application to be upgraded, the corresponding data stored in the partial data of the significant data and the trusted service management server are compared, and compare success.
- Trusted service management server described in any one of 7 to 19 according to claim 1, which is characterized in that the trusted service management server further include:Third transmission unit, for after the upgrade request for receiving the correspondence application to be upgraded that mobile terminal is sent, before the significant data for receiving the application to be upgraded that the mobile terminal is sent, it is sent to the mobile terminal and uploads data command, the upload data command is used to indicate the mobile terminal and uploads the significant data.
- Trusted service management server described in any one of 7 to 20 according to claim 1, which is characterized in that the upgrade request of the application to be upgraded includes version information, the trusted service management server further include:Judging unit, for judging whether the application to be upgraded needs to be updated version according to the version information of the application to be upgraded, and judging result is more new version before the more new version for sending the application to be upgraded.
- Trusted service management server described in any one of 7 to 20 according to claim 1, which is characterized in that the trusted service management server further include:4th transmission unit, for before the upgrade request for receiving the correspondence application to be upgraded that mobile terminal is sent, to the mobile terminal sending application upgrade command, the application upgrade order is used to indicate the mobile terminal and upgrades to the application to be upgraded in safety element.
- A kind of mobile terminal, it is characterized in that, it include: memory, transceiver and at least one processor, program code is stored in the memory, by line traffic, the processor runs the code to instruct described mobile terminal execution the method according to claim 1 to 5 for the memory, the transceiver and at least one described processor.
- A kind of trusted service management server, it is characterized in that, it include: memory, transceiver and at least one processor, program code is stored in the memory, by line traffic, the processor runs the code to instruct the trusted service management server to execute such as the described in any item methods of claim 6-11 for the memory, the transceiver and at least one described processor.
- A kind of computer readable storage medium, including instruction, when run on a computer, so that computer executes the method as described in claim 1-5 any one.
- A kind of computer program product comprising instruction, when run on a computer, so that computer executes the method as described in claim 1-5 any one.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710931301X | 2017-10-09 | ||
| CN201710931301 | 2017-10-09 | ||
| PCT/CN2017/107016 WO2019071650A1 (en) | 2017-10-09 | 2017-10-20 | Method for upgrading application in security element and related device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109863475A true CN109863475A (en) | 2019-06-07 |
Family
ID=66101219
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201780065391.7A Pending CN109863475A (en) | 2017-10-09 | 2017-10-20 | The upgrade method and relevant device of a kind of application in safety element |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN109863475A (en) |
| WO (1) | WO2019071650A1 (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111177701A (en) * | 2019-12-11 | 2020-05-19 | 北京握奇智能科技有限公司 | Method and equipment for realizing cryptographic function service based on trusted execution environment and security chip |
| CN112052023A (en) * | 2020-09-14 | 2020-12-08 | 艾体威尔电子技术(北京)有限公司 | Intelligent terminal upgrading strategy management method |
| CN112381538A (en) * | 2020-11-12 | 2021-02-19 | 深圳市欢太科技有限公司 | Data processing method, terminal equipment and storage medium |
| CN112732288A (en) * | 2020-12-11 | 2021-04-30 | 北京握奇智能科技有限公司 | Method and device for upgrading application of digital currency hardware wallet |
| CN113347620A (en) * | 2021-08-05 | 2021-09-03 | 深圳市深圳通有限公司 | Method, device, equipment and storage medium for compatibility of multi-version application air card issuing |
| CN117369854A (en) * | 2023-12-07 | 2024-01-09 | 浪潮云洲工业互联网有限公司 | OTA upgrading method, device and medium for active identification industrial equipment |
| CN117424893A (en) * | 2023-12-19 | 2024-01-19 | 深圳竹云科技股份有限公司 | Data transmission method, device, computer equipment and storage medium |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111898151B (en) * | 2020-08-20 | 2024-03-29 | 捷德(中国)科技有限公司 | Data transmission assisting method, system, terminal device and storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101216771A (en) * | 2007-12-29 | 2008-07-09 | 宇龙计算机通信科技(深圳)有限公司 | Method, system and device for accomplishing mobile phones software upgrading through personal computer |
| CN102609281A (en) * | 2012-02-24 | 2012-07-25 | 中国电子科技集团公司第十五研究所 | Distributed software patch updating method and distributed software patch updating system |
| CN102981811A (en) * | 2011-09-05 | 2013-03-20 | 北大方正集团有限公司 | Processing method and device of user option data |
| CN104081311A (en) * | 2011-12-30 | 2014-10-01 | 英特尔公司 | Apparatus and method for managing operation of a mobile device |
| CN104769554A (en) * | 2012-04-05 | 2015-07-08 | 阿苏兰特公司 | System, method, apparatus, and computer program product for providing mobile device support services |
| CN105324752A (en) * | 2013-05-21 | 2016-02-10 | 谷歌公司 | Systems, methods, and computer program products for managing service upgrades |
| CN105760777A (en) * | 2016-02-16 | 2016-07-13 | 上海斐讯数据通信技术有限公司 | Safety information management method and system based on intelligent platform |
| FR3031614A1 (en) * | 2015-01-09 | 2016-07-15 | Cie Ind Et Financiere D'ingenierie Ingenico | METHOD FOR PROCESSING A TRANSACTION FROM A COMMUNICATION TERMINAL |
| CN105843653A (en) * | 2016-04-12 | 2016-08-10 | 恒宝股份有限公司 | TA (trusted application) configuration method and device |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140031024A1 (en) * | 2012-02-05 | 2014-01-30 | Rfcyber Corporation | Method and system for providing controllable trusted service manager |
| EP2884692B1 (en) * | 2013-12-13 | 2020-05-20 | Nxp B.V. | Updating software on a secure element |
-
2017
- 2017-10-20 WO PCT/CN2017/107016 patent/WO2019071650A1/en active Application Filing
- 2017-10-20 CN CN201780065391.7A patent/CN109863475A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101216771A (en) * | 2007-12-29 | 2008-07-09 | 宇龙计算机通信科技(深圳)有限公司 | Method, system and device for accomplishing mobile phones software upgrading through personal computer |
| CN102981811A (en) * | 2011-09-05 | 2013-03-20 | 北大方正集团有限公司 | Processing method and device of user option data |
| CN104081311A (en) * | 2011-12-30 | 2014-10-01 | 英特尔公司 | Apparatus and method for managing operation of a mobile device |
| CN102609281A (en) * | 2012-02-24 | 2012-07-25 | 中国电子科技集团公司第十五研究所 | Distributed software patch updating method and distributed software patch updating system |
| CN104769554A (en) * | 2012-04-05 | 2015-07-08 | 阿苏兰特公司 | System, method, apparatus, and computer program product for providing mobile device support services |
| CN105324752A (en) * | 2013-05-21 | 2016-02-10 | 谷歌公司 | Systems, methods, and computer program products for managing service upgrades |
| FR3031614A1 (en) * | 2015-01-09 | 2016-07-15 | Cie Ind Et Financiere D'ingenierie Ingenico | METHOD FOR PROCESSING A TRANSACTION FROM A COMMUNICATION TERMINAL |
| CN105760777A (en) * | 2016-02-16 | 2016-07-13 | 上海斐讯数据通信技术有限公司 | Safety information management method and system based on intelligent platform |
| CN105843653A (en) * | 2016-04-12 | 2016-08-10 | 恒宝股份有限公司 | TA (trusted application) configuration method and device |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111177701A (en) * | 2019-12-11 | 2020-05-19 | 北京握奇智能科技有限公司 | Method and equipment for realizing cryptographic function service based on trusted execution environment and security chip |
| CN112052023A (en) * | 2020-09-14 | 2020-12-08 | 艾体威尔电子技术(北京)有限公司 | Intelligent terminal upgrading strategy management method |
| CN112052023B (en) * | 2020-09-14 | 2024-01-26 | 艾体威尔电子技术(北京)有限公司 | Intelligent terminal upgrade strategy management method |
| CN112381538A (en) * | 2020-11-12 | 2021-02-19 | 深圳市欢太科技有限公司 | Data processing method, terminal equipment and storage medium |
| CN112732288A (en) * | 2020-12-11 | 2021-04-30 | 北京握奇智能科技有限公司 | Method and device for upgrading application of digital currency hardware wallet |
| CN113347620A (en) * | 2021-08-05 | 2021-09-03 | 深圳市深圳通有限公司 | Method, device, equipment and storage medium for compatibility of multi-version application air card issuing |
| CN113347620B (en) * | 2021-08-05 | 2021-11-12 | 深圳市深圳通有限公司 | Method, device, equipment and storage medium for compatibility of multi-version application air card issuing |
| CN117369854A (en) * | 2023-12-07 | 2024-01-09 | 浪潮云洲工业互联网有限公司 | OTA upgrading method, device and medium for active identification industrial equipment |
| CN117424893A (en) * | 2023-12-19 | 2024-01-19 | 深圳竹云科技股份有限公司 | Data transmission method, device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2019071650A1 (en) | 2019-04-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109863475A (en) | The upgrade method and relevant device of a kind of application in safety element | |
| US9858428B2 (en) | Controlling mobile device access to secure data | |
| US8064598B2 (en) | Apparatus, method and computer program product providing enforcement of operator lock | |
| JP6262278B2 (en) | Method and apparatus for storage and computation of access control client | |
| US10356070B2 (en) | Method for transferring profile and electronic device supporting the same | |
| WO2017177383A1 (en) | Remote management method and device | |
| US9477848B2 (en) | System and method for managing and diagnosing a computing device equipped with unified extensible firmware interface (UEFI)-compliant firmware | |
| KR101716743B1 (en) | Mobile apparatus supporting a plurality of access control clients, and corresponding methods | |
| WO2015184891A1 (en) | Security management and control method, apparatus, and system for android system | |
| US9348575B2 (en) | Update of a data-carrier application | |
| US11665532B2 (en) | Securing private wireless gateways | |
| TW201539242A (en) | On-board applet migration | |
| US11552807B2 (en) | Data processing method and apparatus | |
| EP3326098B1 (en) | Anonymous application wrapping | |
| WO2014150737A2 (en) | Method and system for enabling the federation of unrelated applications | |
| EP3541106A1 (en) | Methods and apparatus for euicc certificate management | |
| CN104348616A (en) | Method for visiting terminal security component, device thereof and system thereof | |
| US8621191B2 (en) | Methods, apparatuses, and computer program products for providing a secure predefined boot sequence | |
| US11528276B2 (en) | System for prevention of unauthorized access using authorized environment hash outputs | |
| KR20150030047A (en) | Method and system for application authentication | |
| US10939297B1 (en) | Secure unlock of mobile phone | |
| US11973762B2 (en) | System for prevention of unauthorized access using authorized environment hash outputs | |
| WO2020177116A1 (en) | Counterfeit app identification method and apparatus | |
| EP2973173A2 (en) | Method and system for enabling the federation of unrelated applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |