CN111147428B - Access control method, system, security element SE access plug-in device and terminal - Google Patents
Access control method, system, security element SE access plug-in device and terminal Download PDFInfo
- Publication number
- CN111147428B CN111147428B CN201811312083.2A CN201811312083A CN111147428B CN 111147428 B CN111147428 B CN 111147428B CN 201811312083 A CN201811312083 A CN 201811312083A CN 111147428 B CN111147428 B CN 111147428B
- Authority
- CN
- China
- Prior art keywords
- access
- access control
- applet
- plug
- card interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Stored Programmes (AREA)
Abstract
The disclosure relates to an access control method, a system, an SE access plug-in device and a terminal, and relates to the technical field of mobile communication. The method comprises the following steps: the SE access plug-in of the terminal receives request information sent by the SP for accessing the applet in the intelligent card; the SE access plug-in sends request information to the small application program through a machine-card interface of the terminal so that the small application program can determine whether to allow SP access according to a first access control strategy, and the first access control strategy is stored in the small application program; in the case where the applet allows SP access, the SE access plug-in allows the SP access to the applet through the SE access plug-in. The technical scheme of the disclosure can improve the safety of access control.
Description
Technical Field
The present disclosure relates to the field of mobile communications technologies, and in particular, to an access control method, an access control system, a SE (Secure Element) access plug-in device, a terminal, and a computer-readable storage medium.
Background
The SE of SIM (Subscriber identity Module) and eSIM (Embedded-SIM) card operators can provide hardware-level financial-level secure storage and computing service capabilities. The SE supports the APP (Application) of the mobile phone to access the APPLET (small Application) on the smart card, so that the safety of APP access is enhanced.
In the related art, in order to ensure that APP accessing the APPLET is legal, GPAC (Global Platform Access Control) is used for Access Control.
Disclosure of Invention
The inventors of the present disclosure found that the following problems exist in the above-described related art: the access control strategy stored by adopting the special file of the intelligent card has limited quantity, and the access control strategy stored by adopting the cloud end is easy to be attacked, so that the access control safety is low.
In view of this, the present disclosure provides an access control solution, which can improve security.
According to some embodiments of the present disclosure, there is provided an access control method including: an SE access plug-in of a terminal receives request information sent by an SP (Service Provider) for accessing a small application program in a smart card; the SE access plug-in sends the request information to the small application program through a machine card interface of the terminal so that the small application program can determine whether to allow the SP access according to a first access control strategy, and the first access control strategy is stored in the small application program; in the event that the applet allows the SP access, the SE access plug-in allows the SP access to the applet through the SE access plug-in.
In some embodiments, the SE access plug-in sends an authentication request to the set-card interface, so that the set-card interface determines whether the SE access plug-in is authenticated according to a second access control policy, where the second access control policy is stored in a dedicated file of the smart card; and under the condition that the machine-card interface is authenticated by the SE access plug-in, the SE access plug-in sends the request information to the applet program through the machine-card interface.
In some embodiments, the second access control policy is written to the dedicated file by an operator.
In some embodiments, the SE access plug-in receives the first access control policy sent when the SP first accesses the terminal; and the SE access plug-in writes the first access control strategy into the applet through the machine-card interface.
In some embodiments, the request information includes a digitally signed digest of an application of the SP and an ID of an applet that the SP wants to access; the first access control policy includes a digital signature digest of the application of each SP and an ID assigned to the applet of each SP.
According to another embodiment of the present disclosure, there is provided an SE access plug-in device, disposed in a terminal, including: the receiving unit is used for receiving request information sent by the SP and used for accessing the applet in the intelligent card; a sending unit, configured to send the request information to the applet through a machine-card interface of the terminal, so that the applet determines whether to allow the SP access according to a first access control policy, where the first access control policy is stored in the applet; and the access unit is used for allowing the SP to access the applet through the SE access plug-in device under the condition that the applet allows the SP to access.
In some embodiments, the sending unit sends an authentication request to the machine-card interface so that the machine-card interface determines whether to pass authentication of the SE access plug-in device according to a second access control policy, where the second access control policy is stored in a dedicated file of the smart card, and the sending unit sends the request information to the applet through the machine-card interface if the machine-card interface passes authentication of the SE access plug-in.
In some embodiments, the second access control policy is written to the dedicated file by an operator.
In some embodiments, the receiving unit receives the first access control policy sent when the SP first accesses the terminal.
In some embodiments, the SE access plug-in device further comprises: and the writing unit is used for writing the first access control strategy into the small application program through the machine-card interface.
In some embodiments, the request information includes a digitally signed digest of an application of the SP and an ID of an applet that the SP wants to access; the first access control policy includes a digital signature digest of the application of each SP and an ID assigned to the applet of each SP.
According to still further embodiments of the present disclosure, there is provided a terminal including: an SE access plug-in device for executing the access control method in any of the above embodiments; and the machine-card interface is used for realizing the information interaction between the SE access plug-in device and the applet program in the intelligent card.
According to still further embodiments of the present disclosure, there is provided an access control system including: a terminal and a smart card as in any of the above embodiments.
In accordance with still other embodiments of the present disclosure, there is provided a SE access plug-in apparatus including: a memory; and a processor coupled to the memory, the processor configured to perform the access control method of any of the above embodiments based on instructions stored in the memory device.
According to still further embodiments of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the access control method in any of the above embodiments.
In the above embodiment, the access control policy for determining whether the APP of the SP has the right to access the APPLET is stored in the APPLET, and the APP of the SP indirectly accesses the APPLET through the SE access plug-in. Therefore, large-capacity access control strategy storage can be supported without the help of a cloud, and therefore the security of access control is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
fig. 1 illustrates a flow diagram of some embodiments of an access control method of the present disclosure;
FIG. 2 illustrates a flow diagram of some embodiments of step 120 in FIG. 1;
fig. 3 illustrates a signaling diagram of some embodiments of the access control method of the present disclosure;
FIG. 4 illustrates a flow diagram of further embodiments of the access control method of the present disclosure;
FIG. 5 illustrates a block diagram of some embodiments of the SE access plug-in device of the present disclosure;
fig. 6 illustrates a block diagram of some embodiments of a terminal of the present disclosure;
FIG. 7 illustrates a block diagram of some embodiments of an access control system of the present disclosure;
FIG. 8 illustrates a block diagram of further embodiments of the SE access plug-in device of the present disclosure;
fig. 9 illustrates a block diagram of still further embodiments of the SE access plug-in apparatus of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
Fig. 1 illustrates a flow diagram of some embodiments of an access control method of the present disclosure.
As shown in fig. 1, the method includes: step 110, receiving request information; step 120, sending request information; and step 130, allowing the SP to access the applet.
In step 110, the SE access plug-in of the terminal receives request information sent by the SP to access the applet in the smart card. For example, the request message includes a digital signature digest (e.g., Hash value) of the SP's application and the ID of the applet that the SP wants to access.
In some embodiments, the smart card may be a SIM card or an eSIM card. For example, the SIM card is provided with SE application and AC (Access Control) specific files.
In step 120, the SE access plug-in sends a request message to the applet through the terminal's machine-card interface. The applet determines whether to allow the SP access based on a first access control policy, which is stored in the applet. For example, the card interface may be an ACF (Access Control Function) entity.
In some embodiments, the first access control policy includes a digital signature digest of the application of each SP and an ID assigned to the applet of each SP. For example, the first access control policy may be stored in a private database storage area of the APPLET using a data structure of (Hash, AID). Hash is the digital signature digest of the SP's APP, AID is the ID assigned to the SP's APPLET by the SP's service provider.
In some embodiments, the request information includes a digitally signed digest of the application of the SP and an ID of the applet that the SP wants to access. For example, the APPLET may determine whether to pass the access request of the SP by comparing whether the Hash and the AID in the request information are consistent with the Hash and the AID stored in the APPLET.
In some embodiments, multiple APPLETs with different functions, such as an APPLET with secure encryption function, an APPLET with payment function, etc., may be stored in the smart card. Different APPLETs may store different first access control policies as desired. The first access control strategy is self-defined by a service provider of the APPLET and is used for judging whether the APP of each SP has the authority to indirectly access the APPLET through the SE access plug-in.
In some embodiments, step 120 may be performed by the embodiment in fig. 2.
Fig. 2 illustrates a flow diagram of some embodiments of step 120 in fig. 1.
As shown in fig. 2, step 120 includes: step 1210, sending an authentication request; at step 1220, the request message is sent.
In step 1210, the SE access plug-in sends an authentication request to the set-card interface so that the set-card interface determines whether the SE access plug-in is authenticated according to a second access control policy. The second access control policy is stored in a dedicated file of the smart card.
In some embodiments, the second access control policy is written into a dedicated file by the operator, and is used to determine whether the SE access plug-in has a right to access the APPLET (e.g., determine whether the SE plug-in is counterfeit), and the operator writes the second access control policy into a GPAC file or a database of the SIM, which needs the operator's right to access, and the SP has no right to access.
Thus, the access control strategy is divided into a first access control strategy and a second access control strategy, and the first access control strategy and the second access control strategy are respectively stored in different storage spaces of the SIM card, so that the storage capacity of the access control strategy is expanded, and the security is improved.
In step 1220, the SE access plug-in sends a request message to the applet through the machine-card interface, with the machine-card interface authenticated by the SE access plug-in.
After authenticating the SE access plug-in and SP, APPLET access may be implemented via step 130 of FIG. 1.
In step 130, in the event that the applet allows SP access, the SE access plug-in allows the SP access to the applet through the SE access plug-in.
Fig. 3 illustrates a signaling diagram of some embodiments of the access control method of the present disclosure.
As shown in FIG. 3, in event 310, the APP of the SP in the terminal sends access information to the SE access plug-in.
At event 320, the SE access plug-in sends an authentication request to the ACF entity.
In event 330, the ACF entity obtains a second access control policy from the private file in the SIM card.
In event 340, the ACF entity authenticates the SE access plugin according to the second access control policy.
In event 350, if the authentication is again passed, the SE access plug-in sends the access information to the APPLET in the SIM card.
In event 360, the APPLET authenticates the access information according to the first access control policy stored by itself.
In event 370, if authentication is again passed, the SP's APP accesses the APPLET.
Fig. 4 shows a flow diagram of further embodiments of the access control method of the present disclosure.
As shown in fig. 4, compared to the above embodiment, the method further comprises: step 410, receiving a first access control policy; and step 420, writing the applet.
In step 410, the SE access plug-in receives the first access control policy sent by the SP when the SP first accesses the terminal.
In step 420, the SE access plug-in writes a first access control policy to the applet via the machine-card interface. For example, the SE access plug-in sends an authentication request to the set-card interface, and the set-card interface determines whether the authentication of the SE access plug-in is passed according to the second access control policy. And under the condition that the machine card interface is authenticated by the SE access plug-in, the SE access plug-in writes the first access control strategy into the applet program through the machine card interface.
In some embodiments, the addition may be dynamically adjusted by access control policies stored within APPLETs in the smart card.
In the above embodiment, the access control policy for determining whether the APP of the SP has the right to access the APPLET is stored in the APPLET, and the APP of the SP indirectly accesses the APPLET through the SE access plug-in. Therefore, large-capacity access control strategy storage can be supported without the help of a cloud, and therefore the security of access control is improved.
Fig. 5 illustrates a block diagram of some embodiments of the SE access plug-in apparatus of the present disclosure.
As shown in fig. 5, the SE access plug-in device 5 is provided in the terminal, and includes a receiving unit 51, a transmitting unit 52, and an accessing unit 53.
The receiving unit 51 receives request information from the SP to access the applet in the smart card.
The transmitting unit 52 transmits request information to the applet through the machine-card interface of the terminal so that the applet determines whether to allow the SP access according to the first access control policy. The first access control policy is stored in the applet. For example, the request information includes a digital signature digest of the application of the SP and an ID of the applet that the SP wants to access. The first access control policy includes a digital signature digest of the application of each SP and an ID assigned to the applet of each SP.
In some embodiments, the sending unit 52 sends an authentication request to the set-card interface so that the set-card interface determines whether the authentication of the plug-in device 5 is accessed through the SE according to the second access control policy. The second access control policy is stored in a dedicated file of the smart card. For example, the second access control policy is written by the operator to a dedicated file. In the case where the set-card interface is authenticated by the SE access plug-in 5, the sending unit 52 sends request information to the applet through the set-card interface.
The accessing unit 53 allows the SP to access the applet through the SE access plug-in device in the case where the applet allows the SP access.
In some embodiments, the SE access plug-in device 5 further comprises a write unit 54.
The receiving unit 51 receives a first access control policy sent when an SP first accesses a terminal. The writing unit 54 writes the first access control policy into the applet through the machine-card interface.
In the above embodiment, the access control policy for determining whether the APP of the SP has the right to access the APPLET is stored in the APPLET, and the APP of the SP indirectly accesses the APPLET through the SE access plug-in. Therefore, large-capacity access control strategy storage can be supported without the help of a cloud, and therefore the security of access control is improved.
Fig. 6 illustrates a block diagram of some embodiments of a terminal of the present disclosure.
As shown in fig. 6, the terminal 6 includes an SE access plug-in device 61 and a card interface 62.
The SE access plug-in device 61 executes the access control method in any of the above embodiments. The set-card interface 62 enables information interaction between the SE access plug-in device 61 and the applet in the smart card.
Fig. 7 illustrates a block diagram of some embodiments of an access control system of the present disclosure.
As shown in fig. 7, the access control system 7 includes a terminal 71 in any of the above embodiments; and a smart card 72.
Fig. 8 illustrates a block diagram of further embodiments of the SE access plug-in apparatus of the present disclosure.
As shown in fig. 8, the apparatus 8 of this embodiment includes: a memory 81 and a processor 82 coupled to the memory 81, the processor 82 being configured to execute the access control method in any one of the embodiments of the present disclosure based on instructions stored in the memory 51.
The memory 81 may include, for example, a system memory, a fixed nonvolatile storage medium, and the like. The system memory stores, for example, an operating system, an application program, a Boot Loader (Boot Loader), a database, and other programs.
Fig. 9 illustrates a block diagram of still further embodiments of the SE access plug-in apparatus of the present disclosure.
As shown in fig. 9, the SE access plug-in device 9 of this embodiment includes: a memory 910 and a processor 920 coupled to the memory 910, the processor 920 being configured to execute the access control method in any of the embodiments described above based on instructions stored in the memory 910.
The memory 910 may include, for example, system memory, fixed non-volatile storage media, and the like. The system memory stores, for example, an operating system, an application program, a Boot Loader (Boot Loader), and other programs.
The SE access plug-in device 9 may further include an input output interface 930, a network interface 940, a storage interface 950, and the like. These interfaces 930, 940, 950 and the memory 910 and the processor 920 may be connected, for example, by a bus 960. The input/output interface 930 provides a connection interface for input/output devices such as a display, a mouse, a keyboard, and a touch screen. The network interface 940 provides a connection interface for various networking devices. The storage interface 950 provides a connection interface for external storage devices such as an SD card and a usb disk.
As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
So far, the access control method, the access control system, the SE access plug-in device, the terminal, and the computer-readable storage medium according to the present disclosure have been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
The method and system of the present disclosure may be implemented in a number of ways. For example, the methods and systems of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the foregoing examples are for purposes of illustration only and are not intended to limit the scope of the present disclosure. It will be appreciated by those skilled in the art that modifications may be made to the above embodiments without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.
Claims (12)
1. An access control method comprising:
a security element SE access plug-in of a terminal receives request information sent by a service provider SP for accessing a small application program in an intelligent card;
the SE access plug-in sends the request information to the small application program through a machine card interface of the terminal so that the small application program can determine whether to allow the SP access according to a first access control strategy, and the first access control strategy is stored in the small application program;
in the event that the applet allows the SP access, the SE access plug-in allows the SP access to the applet through the SE access plug-in;
the SE access plug-in receives the first access control strategy sent by the SP when the SP is accessed into the terminal for the first time;
and the SE access plug-in writes the first access control strategy into the applet through the machine-card interface.
2. The access control method of claim 1, wherein the sending, by the SE access plug-in, the request information to the applet through a machine-card interface of the terminal comprises:
the SE access plug-in sends an authentication request to the machine card interface so that the machine card interface can determine whether the authentication of the SE access plug-in passes or not according to a second access control strategy, and the second access control strategy is stored in a special file of the smart card;
and under the condition that the machine-card interface is authenticated by the SE access plug-in, the SE access plug-in sends the request information to the applet program through the machine-card interface.
3. The access control method according to claim 2,
the second access control policy is written to the dedicated file by an operator.
4. The access control method according to any one of claims 1 to 3, wherein
The request information comprises a digital signature digest of an application program of the SP and an ID of an applet program which the SP wants to access;
the first access control policy includes a digital signature digest of an application of each SP and an ID assigned to an applet of the each SP.
5. A Secure Element (SE) access plug-in device, which is arranged in a terminal and comprises:
the receiving unit is used for receiving request information sent by a service provider SP for accessing the applet in the intelligent card;
a sending unit, configured to send the request information to the applet through a machine-card interface of the terminal, so that the applet determines whether to allow the SP access according to a first access control policy, where the first access control policy is stored in the applet;
an accessing unit, configured to allow the SP to access the applet through the SE access plug-in device if the applet allows the SP to access;
the receiving unit receives the first access control strategy sent by the SP when the SP accesses the terminal for the first time;
the SE access plug-in device further comprises:
and the writing unit is used for writing the first access control strategy into the small application program through the machine-card interface.
6. The SE access plug-in device of claim 5,
the sending unit sends an authentication request to the machine card interface so that the machine card interface can determine whether to pass the authentication of the SE access plug-in device according to a second access control strategy, the second access control strategy is stored in a special file of the smart card, and the sending unit sends the request information to the applet through the machine card interface under the condition that the machine card interface passes the SE access plug-in authentication.
7. The SE access plug-in device of claim 6,
the second access control policy is written to the dedicated file by an operator.
8. The SE access plug-in device of any of claims 5 to 7, wherein
The request information comprises a digital signature digest of an application program of the SP and an ID of an applet program which the SP wants to access;
the first access control policy includes a digital signature digest of an application of each SP and an ID assigned to an applet of the each SP.
9. A terminal, comprising:
a security element SE access plug-in device for performing the access control method according to any one of claims 1 to 4;
and the machine-card interface is used for realizing the information interaction between the SE access plug-in device and the applet program in the intelligent card.
10. An access control system comprising:
the terminal of claim 9; and
a smart card.
11. A security element, SE, access plug-in device, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the access control method of any of claims 1-4 based on instructions stored in the memory device.
12. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the access control method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811312083.2A CN111147428B (en) | 2018-11-06 | 2018-11-06 | Access control method, system, security element SE access plug-in device and terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811312083.2A CN111147428B (en) | 2018-11-06 | 2018-11-06 | Access control method, system, security element SE access plug-in device and terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111147428A CN111147428A (en) | 2020-05-12 |
| CN111147428B true CN111147428B (en) | 2022-04-26 |
Family
ID=70515899
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811312083.2A Active CN111147428B (en) | 2018-11-06 | 2018-11-06 | Access control method, system, security element SE access plug-in device and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111147428B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1918549A (en) * | 2003-12-22 | 2007-02-21 | 太阳微系统有限公司 | Framework for providing a security context and configurable firewall for computing systems |
| CN101938563A (en) * | 2010-09-09 | 2011-01-05 | 宇龙计算机通信科技(深圳)有限公司 | Protection method, system and mobile terminal of SIM card information |
| WO2013100419A1 (en) * | 2011-12-30 | 2013-07-04 | 에스케이씨앤씨 주식회사 | System and method for controlling applet access |
| CN103812649A (en) * | 2012-11-07 | 2014-05-21 | 中国电信股份有限公司 | Method and system for safety access control of machine-card interface, and handset terminal |
| CN104899506A (en) * | 2015-05-08 | 2015-09-09 | 深圳市雪球科技有限公司 | Security system implementation method based on virtual security element in trusted execution environment |
| EP3048553A1 (en) * | 2015-01-22 | 2016-07-27 | Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. | Method for distributing applets, and entities for distributing applets |
| CN108701201A (en) * | 2018-04-08 | 2018-10-23 | 深圳大学 | A kind of access control method of mobile terminal, device, terminal and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6993665B2 (en) * | 2002-05-01 | 2006-01-31 | Sun Microsystems, Inc. | Applet permissions manager |
| WO2014160715A1 (en) * | 2013-03-26 | 2014-10-02 | Jvl Ventures, Llc | Systems, methods, and computer program products for managing access control |
-
2018
- 2018-11-06 CN CN201811312083.2A patent/CN111147428B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1918549A (en) * | 2003-12-22 | 2007-02-21 | 太阳微系统有限公司 | Framework for providing a security context and configurable firewall for computing systems |
| CN101938563A (en) * | 2010-09-09 | 2011-01-05 | 宇龙计算机通信科技(深圳)有限公司 | Protection method, system and mobile terminal of SIM card information |
| WO2013100419A1 (en) * | 2011-12-30 | 2013-07-04 | 에스케이씨앤씨 주식회사 | System and method for controlling applet access |
| CN103812649A (en) * | 2012-11-07 | 2014-05-21 | 中国电信股份有限公司 | Method and system for safety access control of machine-card interface, and handset terminal |
| EP3048553A1 (en) * | 2015-01-22 | 2016-07-27 | Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. | Method for distributing applets, and entities for distributing applets |
| CN104899506A (en) * | 2015-05-08 | 2015-09-09 | 深圳市雪球科技有限公司 | Security system implementation method based on virtual security element in trusted execution environment |
| CN108701201A (en) * | 2018-04-08 | 2018-10-23 | 深圳大学 | A kind of access control method of mobile terminal, device, terminal and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| Android应用与智能卡交互技术研究;刘晓宁等;《中国科技信息》;20170815(第16期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111147428A (en) | 2020-05-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109510849B (en) | Cloud-storage account authentication method and device | |
| CN111723383B (en) | Data storage and verification method and device | |
| KR101089023B1 (en) | Smart card, anti-virus system and scanning method using the same | |
| CN105446713B (en) | Method for secure storing and equipment | |
| EP3029593A1 (en) | System and method of limiting the operation of trusted applications in the presence of suspicious programs | |
| US8955056B2 (en) | Terminal and method for assigning permission to application | |
| CN105447406A (en) | Method and apparatus for accessing storage space | |
| KR101414932B1 (en) | System and method for controlling access to applet | |
| CN110009776B (en) | Identity authentication method and device | |
| CN107124431A (en) | Method for authenticating, device, computer-readable recording medium and right discriminating system | |
| US20140150055A1 (en) | Data reference system and application authentication method | |
| CN110908786A (en) | Intelligent contract calling method, device and medium | |
| JP6923582B2 (en) | Information processing equipment, information processing methods, and programs | |
| US9807595B2 (en) | Terminal read with smart card update list | |
| CN111404706B (en) | Application downloading method, secure element, client device and service management device | |
| CN107645474B (en) | Method and device for logging in open platform | |
| US20170372311A1 (en) | Secure payment-protecting method and related electronic device | |
| CN112514323A (en) | Electronic device for processing digital key and operation method thereof | |
| CN106919812B (en) | Application process authority management method and device | |
| CN111147428B (en) | Access control method, system, security element SE access plug-in device and terminal | |
| CN105871840A (en) | Certificate management method and system | |
| CN110362350A (en) | Manage multiple operating systems in integrated circuit card | |
| CN112422281B (en) | Method and system for changing secret key in security module | |
| CN110830930B (en) | Verification code anti-sniffing processing method and device | |
| CN111209561B (en) | Application calling method and device of terminal equipment and terminal equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |