CN113329041B - Method, apparatus, electronic device and storage medium for controlling a secure element - Google Patents
Method, apparatus, electronic device and storage medium for controlling a secure element Download PDFInfo
- Publication number
- CN113329041B CN113329041B CN202110883708.6A CN202110883708A CN113329041B CN 113329041 B CN113329041 B CN 113329041B CN 202110883708 A CN202110883708 A CN 202110883708A CN 113329041 B CN113329041 B CN 113329041B
- Authority
- CN
- China
- Prior art keywords
- instruction
- random number
- public key
- user terminal
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
Abstract
The application relates to the technical field of information security, and discloses a method for controlling a security element, which is applied to a server side and comprises the following steps: under the condition of receiving a request instruction, a security certificate, a first public key and a security element ID which are sent by a user terminal, verifying the security certificate; acquiring an execution instruction corresponding to the request instruction under the condition that the security certificate passes verification; encrypting the execution instruction by using the ID of the secure element and the first public key to obtain an encrypted instruction; and issuing the encryption command to the user terminal, triggering the user terminal to decrypt the encryption command to obtain an execution command, and controlling the safety element according to the execution command. The method provided by the application reduces the interaction times between the server and the user terminal, thereby reducing the flow interaction time between the server and the user terminal. The application also discloses a device, an electronic device and a storage medium for controlling the secure element.
Description
Technical Field
The present application relates to the field of information security technologies, and for example, to a method, an apparatus, an electronic device, and a storage medium for controlling a secure element.
Background
The secure element generally refers to a phone card embedded in a user terminal such as a mobile phone, and during the use of the secure element, the secure element needs to be maintained, that is, the content of the secure element needs to be updated, such as installation of a new function, system activation, and the like, which are usually performed by remote operations of a server.
In the prior art, whether a secure element corresponds to a server is determined by a user terminal; after receiving a request instruction sent by a user terminal, the server sends a first authentication instruction to the user terminal, receives authentication response data sent by the user terminal, calculates authentication data according to the authentication response data, sends the authentication data to the user terminal, triggers the user terminal to verify the authentication data, generates and sends an authentication result to the server, and determines that a security element needing to be maintained corresponds to the server under the condition that the authentication result is passed.
In the process of implementing the embodiments of the present disclosure, it is found that at least the following problems exist in the related art:
in the process of determining whether the server corresponds to the secure element, repeated flow interaction exists between the server and the user terminal, and in the actual use process, the flow interaction is affected by factors such as a network and the like, so that the flow interaction time is prolonged under the condition of poor network conditions.
Disclosure of Invention
The following presents a simplified summary in order to provide a basic understanding of some aspects of the disclosed embodiments. This summary is not an extensive overview nor is intended to identify key/critical elements or to delineate the scope of such embodiments but rather as a prelude to the more detailed description that is presented later.
The embodiment of the disclosure provides a method, a device, an electronic device and a storage medium for controlling a secure element, so as to reduce the number of interactions between a server and a user terminal and shorten the time of process interaction.
In some embodiments, the method for controlling a secure element, applied to a server side, includes: under the condition of receiving a request instruction, a security certificate, a first public key and a security element ID (identity document) sent by a user terminal, verifying the security certificate; under the condition that the security certificate passes verification, acquiring an execution instruction corresponding to the request instruction; encrypting the execution instruction by using the ID of the secure element and the first public key to obtain an encrypted instruction; and issuing the encryption instruction to the user terminal, triggering the user terminal to decrypt the encryption instruction to obtain the execution instruction, and controlling a safety element according to the execution instruction.
In some embodiments, the method for controlling a secure element is applied to a user terminal side, and includes: sending a request instruction, a security certificate, a first public key and a security element ID to a server, triggering the server to verify the security certificate, acquiring an execution instruction corresponding to the request instruction under the condition that the security certificate passes verification, encrypting the execution instruction by using the security element ID and the first public key to obtain an encryption instruction, and sending the encryption instruction to the user terminal; receiving the encrypted instruction, and decrypting the encrypted instruction to obtain the execution instruction; and controlling the safety element according to the execution instruction.
In some embodiments, the apparatus comprises a processor and a memory storing program instructions, the processor being configured to perform the method for controlling a secure element described above when executing the program instructions.
In some embodiments, the electronic device comprises the above-described apparatus for controlling a secure element.
In some embodiments, the storage medium stores program instructions that, when executed, perform the method for controlling a secure element described above.
The method, the device, the electronic equipment and the storage medium for controlling the secure element provided by the embodiment of the disclosure can achieve the following technical effects: verifying the security certificate sent by the user terminal through the server, and issuing an encryption instruction to the user terminal under the condition that the certificate is verified; the complicated authentication process between the server and the user terminal in the prior art is simplified into the process that the user terminal sends a security certificate and the server issues an encryption instruction; therefore, the number of times of interaction between the server and the user terminal is reduced, and the flow interaction time between the server and the user terminal is reduced. Therefore, under the condition of poor network, the flow interaction between the server and the user terminal can be realized more quickly.
The foregoing general description and the following description are exemplary and explanatory only and are not restrictive of the application.
Drawings
One or more embodiments are illustrated by way of example in the accompanying drawings, which correspond to the accompanying drawings and not in limitation thereof, in which elements having the same reference numeral designations are shown as like elements and not in limitation thereof, and wherein:
fig. 1 is a schematic diagram of a method for controlling a secure element provided by an embodiment of the present disclosure;
fig. 2 is a schematic diagram of another method for controlling a secure element provided by an embodiment of the present disclosure;
fig. 3 is a schematic diagram of another method for controlling a secure element provided by an embodiment of the present disclosure;
fig. 4 is a schematic diagram of an apparatus for controlling a secure element according to an embodiment of the present disclosure.
Detailed Description
So that the manner in which the features and elements of the disclosed embodiments can be understood in detail, a more particular description of the disclosed embodiments, briefly summarized above, may be had by reference to the embodiments, some of which are illustrated in the appended drawings. In the following description of the technology, for purposes of explanation, numerous details are set forth in order to provide a thorough understanding of the disclosed embodiments. However, one or more embodiments may be practiced without these details. In other instances, well-known structures and devices may be shown in simplified form in order to simplify the drawing.
The terms "first," "second," and the like in the description and in the claims, and the above-described drawings of embodiments of the present disclosure, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It should be understood that the data so used may be interchanged under appropriate circumstances such that embodiments of the present disclosure described herein may be made. Furthermore, the terms "comprising" and "having," as well as any variations thereof, are intended to cover non-exclusive inclusions.
The term "plurality" means two or more unless otherwise specified.
In the embodiment of the present disclosure, the character "/" indicates that the preceding and following objects are in an or relationship. For example, A/B represents: a or B.
The term "and/or" is an associative relationship that describes objects, meaning that three relationships may exist. For example, a and/or B, represents: a or B, or A and B.
The term "correspond" may refer to an association or binding relationship, and a corresponds to B refers to an association or binding relationship between a and B.
With reference to fig. 1, an embodiment of the present disclosure provides a method for controlling a secure element, applied to a server side, including:
step S101, a server verifies a security certificate sent by a user terminal under the condition of receiving a request instruction, the security certificate, a first public key and a security element ID sent by the user terminal;
step S102, under the condition that the safety certificate is verified to be passed, the server acquires an execution instruction corresponding to the request instruction;
step S103, the server encrypts the execution instruction by using the secure element ID and the first public key to obtain an encrypted instruction;
and step S104, the server issues the encryption command to the user terminal, triggers the user terminal to decrypt the encryption command to obtain an execution command, and controls the security element according to the execution command.
By adopting the method for controlling the security element provided by the embodiment of the disclosure, the security certificate sent by the user terminal is verified through the server, and the encryption instruction is issued to the user terminal under the condition that the security certificate is verified; simplifying the complicated authentication process between the server and the user terminal in the prior art into a process that the server receives the security certificate and issues an encryption instruction; therefore, the number of times of interaction between the server and the user terminal is reduced, and the flow interaction time between the server and the user terminal is reduced. Therefore, under the condition of poor network, the flow interaction between the server and the user terminal can be realized more quickly. Because the instruction issued by the server is an encrypted instruction, the user terminal is required to decrypt the encrypted instruction and then can obtain an execution instruction; therefore, under the condition that the encrypted instruction is intercepted by the third party, the third party does not know how to decrypt the encrypted instruction so as to obtain the execution instruction, so that the third party cannot obtain the execution instruction from the encrypted instruction, and communication contents between the server and the user terminal are protected, namely the execution instruction is protected from being easily obtained by the third party.
Optionally, the verifying, by the server, the security certificate sent by the user terminal includes: and determining whether the security certificate sent by the user terminal is the security certificate signed by the server, if so, determining that the security certificate sent by the user terminal passes verification, and if not, determining that the security certificate does not pass verification.
Optionally, the server encrypts the execution instruction by using the secure element ID and the first public key to obtain an encrypted instruction, including: the server calculates the ID of the safety element according to a preset algorithm to obtain a first random number; and the server encrypts the execution instruction according to the first random number and the first public key to obtain an encrypted instruction.
Optionally, the preset Algorithm is a 3DES Algorithm (Triple Data Encryption Algorithm TDEA). Namely, the server calculates the ID of the secure element according to the 3DES algorithm to obtain a first random number.
Optionally, a second public key, a second private key, and an initial key are stored in the server, and the server encrypts the execution instruction according to the first random number and the first public key, and obtaining the encryption instruction includes: the server calculates the initial key according to a preset algorithm to obtain a second random number; and the server encrypts the execution instruction by using the first random number, the second random number, the first public key, the second public key and the second private key according to the key negotiation algorithm to obtain an encryption instruction.
Optionally, the second public key is a public key of the server, and the second private key is a private key of the server.
Optionally, the server encrypts, according to a key agreement algorithm, the execution instruction by using the first random number, the second random number, the first public key, the second public key, and the second private key, to obtain an encryption instruction, including: the server calculates by using a first random number, a second random number, a first public key, a second public key and a second private key according to a key negotiation algorithm to obtain a shared key; and the server encrypts the execution instruction by using the shared secret key to obtain an encrypted instruction.
As shown in fig. 2, an embodiment of the present disclosure provides a method for controlling a secure element, applied to a user terminal, including:
step S201, a user terminal sends a request instruction, a security certificate, a first public key and a security element ID to a server, a trigger server verifies the security certificate, acquires an execution instruction corresponding to the request instruction under the condition that the security certificate passes verification, encrypts the execution instruction by using the security element ID and the first public key to acquire an encryption instruction, and sends the encryption instruction to the user terminal;
step S202, the user terminal receives the encryption command, and decrypts the encryption command to obtain an execution command;
and step S203, the user terminal controls the safety element according to the execution instruction.
By adopting the method for controlling the security element provided by the embodiment of the disclosure, the security certificate is sent to the server through the user terminal, the server is triggered to verify the security certificate, and an encryption instruction is issued to the user terminal under the condition that the security certificate is verified; simplifying the complicated authentication process between the server and the user terminal in the prior art into the process of sending a security certificate and receiving an encryption instruction by the user terminal; therefore, the number of times of interaction between the server and the user terminal is reduced, and the flow interaction time between the server and the user terminal is reduced. Therefore, under the condition of poor network, the flow interaction between the server and the user terminal can be realized more quickly. Moreover, because the instruction issued by the server is an encrypted instruction, the user terminal is required to decrypt the encrypted instruction to obtain an execution instruction; therefore, under the condition that the instruction is intercepted by the third party, the third party does not know how to decrypt the encrypted instruction so as to obtain the execution instruction, so that the third party cannot obtain the execution instruction from the encrypted instruction, and communication content between the server and the user terminal is protected, namely the execution instruction is protected from being easily obtained by the third party.
Optionally, the user terminal includes a mobile phone, a computer or a tablet.
Optionally, an initial key is stored in the server, the trigger server encrypts the execution instruction by using the secure element ID and the first public key to obtain an encryption instruction, and the encryption instruction is issued to the user terminal; the method comprises the following steps: the trigger server calculates the initial key according to a preset algorithm to obtain a second random number, encrypts the execution instruction by using the ID of the security element, the first public key and the second random number to obtain an encryption instruction, and sends the encryption instruction and the second random number to the user terminal.
Optionally, the user terminal receives the encrypted instruction, and decrypts the encrypted instruction to obtain an execution instruction; the method comprises the following steps: and the user terminal receives the encryption instruction and the second random number, and decrypts the encryption instruction according to the second random number to obtain an execution instruction.
Optionally, a first private key and a second public key are stored in the user terminal, the user terminal receives the encryption instruction and the second random number, and decrypts the encryption instruction according to the second random number to obtain the execution instruction, including: the user terminal calculates the ID of the security element according to a preset algorithm to obtain a first random number, and calculates by using the first random number, a second random number, a first public key, a first private key and a second public key according to a key negotiation algorithm to obtain a shared key; and the user terminal decrypts the encrypted instruction by using the shared secret key to obtain an execution instruction.
Optionally, the user terminal comprises a secure element, and the client is provided in the user terminal.
Optionally, the first public key is a public key of the secure element, and the first private key is a private key of the secure element.
Optionally, the first public key, the first private key, the second public key, the security certificate, and the secure element ID are all stored in the secure element.
Optionally, an initial key, a second public key and a second private key are stored in the server, the server is triggered to encrypt the execution instruction by using the security element ID and the first public key to obtain an encryption instruction, and the encryption instruction is issued to the user terminal; the method comprises the following steps: the trigger server calculates the initial key according to a preset algorithm to obtain a second random number, and encrypts the execution instruction by using the ID of the secure element, the first public key, the second private key and the second random number to obtain an encryption instruction; and issuing the encryption instruction, the second random number and the second public key to the user terminal.
Optionally, a first private key is stored in the user terminal, the user terminal receives the encryption instruction, the second random number and the second public key, and the user terminal calculates the ID of the secure element according to a preset algorithm to obtain the first random number; the user terminal calculates by using a first random number, a second random number, a first public key, a first private key and a second public key according to a key negotiation algorithm to obtain a shared key; and the user terminal decrypts the encrypted instruction by using the shared secret key to obtain an execution instruction.
Optionally, the first public key, the first private key, the security certificate, and the secure element ID are all stored in the secure element.
Optionally, the controlling, by the user terminal, the secure element according to the execution instruction includes: the user terminal deletes the contents in the secure element, modifies the contents in the secure element, adds the contents in the secure element, or activates the contents stored in the secure element, etc. according to the execution instruction.
As shown in fig. 3, an embodiment of the present disclosure provides a method for controlling a secure element, where a user terminal includes the secure element and a client, and the method includes:
step S301, the client obtains the security certificate, the first public key, the first private key, the second public key, and the security element ID from the security element.
In step S302, the client sends the request instruction, the security certificate, the first public key, and the security element ID to the server.
Step S303, the server receives the request instruction, the security certificate, the first public key, and the security element ID sent by the client, and verifies the security certificate sent by the client.
In step S304, when the security certificate is verified, the server acquires an execution instruction corresponding to the request instruction.
Step S305, the server calculates the ID of the secure element according to the 3DES algorithm to obtain a first random number, and calculates the initial key according to the 3DES algorithm to obtain a second random number; the server calculates by using a first random number, a second random number, a first public key, a second public key and a second private key according to a key negotiation algorithm to obtain a shared key; and encrypting the execution instruction by using the shared secret key to obtain an encrypted instruction.
And step S306, the server sends the encryption command and the second random number to the client.
Step S307, the client receives the encryption instruction and the second random number, calculates the ID of the secure element according to a 3DES algorithm to obtain a first random number, and calculates by using the first random number, the second random number, the first public key, the first private key and the second public key according to a key agreement algorithm to obtain a shared key; and decrypting the execution instruction by using the shared secret key to obtain the execution instruction.
And step S308, the client controls the secure element according to the execution instruction.
By adopting the method for controlling the security element provided by the embodiment of the disclosure, the security certificate is sent to the server through the client, the server receives the security certificate and verifies the security certificate, and an encryption instruction is issued to the client under the condition that the security certificate passes verification; simplifying the complicated authentication process between the server and the user terminal in the prior art into the processes of sending a security certificate by the client, receiving the security certificate by the server and issuing an encryption instruction; therefore, the number of times of interaction between the server and the client is reduced, and the flow interaction time between the server and the client is reduced. Therefore, under the condition of poor network, the flow interaction between the server and the client can be realized more quickly. Moreover, because the instruction issued by the server is an encrypted instruction, the execution instruction can be obtained only after the client decrypts the encrypted instruction; therefore, under the condition that the instruction is intercepted by the third party, the third party does not know how to decrypt the encrypted instruction so as to obtain the execution instruction, so that the third party cannot obtain the execution instruction from the encrypted instruction, and therefore communication content between the server and the client is protected, namely the execution instruction is protected from being easily obtained by the third party.
As shown in fig. 4, an apparatus for controlling a secure element according to an embodiment of the present disclosure includes a processor (processor) 400 and a memory (memory) 401. Optionally, the apparatus may also include a Communication Interface 402 and a bus 403. The processor 400, the communication interface 402, and the memory 401 may communicate with each other through a bus 403. Communication interface 402 may be used for information transfer. The processor 400 may call logic instructions in the memory 401 to perform the method for controlling a secure element of the above-described embodiment.
By adopting the device for controlling the safety element, which is provided by the embodiment of the disclosure, the safety certificate is sent through the user terminal, the server verifies the safety certificate, and an encryption instruction is issued to the user terminal when the certificate is verified; simplifying the complicated authentication process between the server and the user terminal in the prior art into the process that the user terminal sends a security certificate and the server issues an encryption instruction; therefore, the number of times of interaction between the server and the user terminal is reduced, and the flow interaction time between the server and the user terminal is reduced. Therefore, under the condition of poor network, the flow interaction between the server and the user terminal can be realized more quickly.
In addition, the logic instructions in the memory 401 may be implemented in the form of software functional units and may be stored in a computer readable storage medium when the logic instructions are sold or used as independent products.
The memory 401 is a computer-readable storage medium and can be used for storing software programs, computer-executable programs, such as program instructions/modules corresponding to the methods in the embodiments of the present disclosure. The processor 400 executes functional applications and data processing, i.e. implements the method for controlling the secure element in the above-described embodiments, by executing program instructions/modules stored in the memory 401.
The memory 401 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal device, and the like. Further, the memory 401 may include a high-speed random access memory, and may also include a nonvolatile memory.
The embodiment of the disclosure provides an electronic device, which includes the above-mentioned device for controlling a secure element.
Optionally, the electronic device is a server, and the electronic device verifies the security certificate sent by the user terminal when receiving the request instruction, the security certificate, the first public key and the security element ID sent by the user terminal; under the condition that the security certificate is verified to be passed, the electronic equipment acquires an execution instruction corresponding to the request instruction; the electronic equipment encrypts the execution instruction by using the ID of the safety element and the first public key to obtain an encrypted instruction; the electronic equipment issues the encryption command to the user terminal, triggers the user terminal to decrypt the encryption command to obtain an execution command, and controls the safety element according to the execution command.
Optionally, the electronic device is a user terminal, the electronic device sends a request instruction, a security certificate, a first public key and a security element ID to the server, the trigger server verifies the security certificate, acquires an execution instruction corresponding to the request instruction when the security certificate passes verification, encrypts the execution instruction by using the security element ID and the first public key to obtain an encryption instruction, and sends the encryption instruction to the user terminal; the electronic equipment receives the encryption instruction, and decrypts the encryption instruction to obtain an execution instruction; the electronic device controls the secure element according to the execution instruction.
Optionally, the user terminal is a computer, a smart phone, a tablet computer, or the like.
The disclosed embodiments provide a storage medium storing program instructions that, when executed, perform the above-described method for controlling a secure element.
Embodiments of the present disclosure provide a computer program product comprising a computer program stored on a computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, cause the computer to perform the above-described method for controlling a secure element.
The computer-readable storage medium described above may be a transitory computer-readable storage medium or a non-transitory computer-readable storage medium.
The technical solution of the embodiments of the present disclosure may be embodied in the form of a software product, where the computer software product is stored in a storage medium and includes one or more instructions to enable a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method of the embodiments of the present disclosure. And the aforementioned storage medium may be a non-transitory storage medium comprising: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes, and may also be a transient storage medium.
The above description and drawings sufficiently illustrate embodiments of the disclosure to enable those skilled in the art to practice them. Other embodiments may incorporate structural, logical, electrical, process, and other changes. The examples merely typify possible variations. Individual components and functions are optional unless explicitly required, and the sequence of operations may vary. Portions and features of some embodiments may be included in or substituted for those of others. Furthermore, the words used in the specification are words of description only and are not intended to limit the claims. As used in the description of the embodiments and the claims, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. Similarly, the term "and/or" as used in this application is meant to encompass any and all possible combinations of one or more of the associated listed. Furthermore, the terms "comprises" and/or "comprising," when used in this application, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. Without further limitation, an element defined by the phrase "comprising an …" does not exclude the presence of other like elements in a process, method or apparatus that comprises the element. In this document, each embodiment may be described with emphasis on differences from other embodiments, and the same and similar parts between the respective embodiments may be referred to each other. For methods, products, etc. of the embodiment disclosures, reference may be made to the description of the method section for relevance if it corresponds to the method section of the embodiment disclosure.
Those of skill in the art would appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software may depend upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the disclosed embodiments. It can be clearly understood by the skilled person that, for convenience and brevity of description, the specific working processes of the system, the apparatus and the unit described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the embodiments disclosed herein, the disclosed methods, products (including but not limited to devices, apparatuses, etc.) may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units may be merely a logical division, and in actual implementation, there may be another division, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form. The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to implement the present embodiment. In addition, functional units in the embodiments of the present disclosure may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. In the description corresponding to the flowcharts and block diagrams in the figures, operations or steps corresponding to different blocks may also occur in different orders than disclosed in the description, and sometimes there is no specific order between the different operations or steps. For example, two sequential operations or steps may in fact be executed substantially concurrently, or they may sometimes be executed in the reverse order, depending upon the functionality involved. Each block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Claims (11)
1. A method for controlling a secure element, applied on a server side, comprising:
under the condition that a request instruction, a security certificate, a first public key and a security element ID sent by a user terminal are received, verifying the security certificate;
under the condition that the security certificate passes verification, acquiring an execution instruction corresponding to the request instruction;
encrypting the execution instruction by using the ID of the secure element and the first public key to obtain an encrypted instruction;
and issuing the encryption instruction to the user terminal, triggering the user terminal to decrypt the encryption instruction to obtain the execution instruction, and controlling a safety element according to the execution instruction.
2. The method of claim 1, wherein encrypting the execution instruction using the secure element ID and the first public key to obtain an encrypted instruction comprises:
calculating the ID of the safety element according to a preset algorithm to obtain a first random number;
and encrypting the execution instruction according to the first random number and the first public key to obtain the encrypted instruction.
3. The method according to claim 2, wherein a second public key, a second private key and an initial key are stored in the server, and the encrypting the execution instruction according to the first random number and the first public key to obtain the encrypted instruction comprises:
calculating the initial key according to the preset algorithm to obtain a second random number;
and encrypting the execution instruction by using the first random number, the second random number, the first public key, the second public key and the second private key according to a key negotiation algorithm to obtain the encryption instruction.
4. The method of claim 3, wherein encrypting the execution instruction with the first random number, the second random number, the first public key, the second public key, and the second private key according to a key agreement algorithm to obtain the encrypted instruction comprises:
calculating by using the first random number, the second random number, the first public key, the second public key and the second private key according to the key negotiation algorithm to obtain a shared key;
and encrypting the execution instruction by using the shared secret key to obtain the encrypted instruction.
5. A method for controlling a secure element, applied at a user terminal, comprising:
sending a request instruction, a security certificate, a first public key and a security element ID to a server, triggering the server to verify the security certificate, acquiring an execution instruction corresponding to the request instruction under the condition that the security certificate passes verification, triggering the server to encrypt the execution instruction by using the security element ID and the first public key to obtain an encryption instruction, and sending the encryption instruction to the user terminal;
receiving the encrypted instruction, and decrypting the encrypted instruction to obtain the execution instruction;
and controlling the safety element according to the execution instruction.
6. The method according to claim 5, wherein an initial key is stored in the server, the server is triggered to encrypt the execution instruction by using the secure element ID and the first public key to obtain an encrypted instruction, and the encrypted instruction is issued to the user terminal; the method comprises the following steps:
triggering the server to calculate the initial secret key according to a preset algorithm to obtain a second random number, encrypting the execution instruction by using the ID of the safety element, the first public key and the second random number to obtain an encryption instruction, and sending the encryption instruction and the second random number to the user terminal.
7. The method of claim 6, wherein receiving the encrypted instruction, decrypting the encrypted instruction to obtain the execution instruction comprises:
and receiving the encryption instruction and the second random number, and decrypting the encryption instruction according to the second random number to obtain the execution instruction.
8. The method according to claim 7, wherein a first private key and a second public key are stored in the user terminal, the receiving the encrypted instruction and the second random number, and the decrypting the encrypted instruction according to the second random number to obtain the execution instruction comprises:
calculating the ID of the safety element according to the preset algorithm to obtain a first random number;
calculating by using the first random number, the second random number, the first public key, the first private key and the second public key according to a key negotiation algorithm to obtain a shared key;
and decrypting the encrypted instruction by using the shared key to obtain the execution instruction.
9. An apparatus for controlling a secure element, comprising a processor and a memory having stored thereon program instructions, characterized in that the processor is configured to perform the method for controlling a secure element according to any of claims 1 to 8 when executing the program instructions.
10. An electronic device, characterized in that it comprises an arrangement for controlling a secure element according to claim 9.
11. A storage medium storing program instructions, characterized in that, when executed, the program instructions perform the method for controlling a secure element according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110883708.6A CN113329041B (en) | 2021-08-03 | 2021-08-03 | Method, apparatus, electronic device and storage medium for controlling a secure element |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110883708.6A CN113329041B (en) | 2021-08-03 | 2021-08-03 | Method, apparatus, electronic device and storage medium for controlling a secure element |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113329041A CN113329041A (en) | 2021-08-31 |
| CN113329041B true CN113329041B (en) | 2021-11-02 |
Family
ID=77426858
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110883708.6A Active CN113329041B (en) | 2021-08-03 | 2021-08-03 | Method, apparatus, electronic device and storage medium for controlling a secure element |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113329041B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115396222B (en) * | 2022-08-30 | 2024-03-12 | 重庆紫光华山智安科技有限公司 | Device instruction execution method, system, electronic device and readable storage medium |
| CN115348114B (en) * | 2022-10-19 | 2023-02-28 | 浙江浩普智能科技有限公司 | Intelligent power plant data safety transmission method and system, electronic equipment and medium |
| CN115604715B (en) * | 2022-12-01 | 2023-04-18 | 北京紫光青藤微系统有限公司 | NFC function control method based on security channel and mobile terminal device |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160127353A1 (en) * | 2014-10-30 | 2016-05-05 | Motorola Solutions, Inc. | Method and apparatus for enabling secured certificate enrollment in a hybrid cloud public key infrastructure |
| CN105007164B (en) * | 2015-07-30 | 2021-07-06 | 青岛海尔智能家电科技有限公司 | Centralized safety control method and device |
| CN106650373A (en) * | 2016-12-15 | 2017-05-10 | 珠海格力电器股份有限公司 | SIM card information protection method and device |
| CN107396359A (en) * | 2017-08-02 | 2017-11-24 | 歌尔股份有限公司 | A kind of method and apparatus for controlling access mobile data network |
-
2021
- 2021-08-03 CN CN202110883708.6A patent/CN113329041B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN113329041A (en) | 2021-08-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113329041B (en) | Method, apparatus, electronic device and storage medium for controlling a secure element | |
| JP4562464B2 (en) | Information processing device | |
| CN109379189B (en) | Block chain account key backup and recovery method, device, terminal and system | |
| CN105634737B (en) | Data transmission method, terminal and system | |
| CN110311787B (en) | Authorization management method, system, device and computer readable storage medium | |
| CN110868291B (en) | Data encryption transmission method, device, system and storage medium | |
| CN111178884A (en) | Information processing method, device, equipment and readable storage medium | |
| EP2937806A1 (en) | Method and system for securing electronic data exchange between an industrial programmable device and a portable programmable device | |
| CN110677382A (en) | Data security processing method, device, computer system and storage medium | |
| CN104917787A (en) | File secure sharing method and system based on group key | |
| WO2018072403A1 (en) | Password reset method, apparatus, terminal device and server, and computer-readable medium | |
| CN105139205A (en) | Payment verification method, terminal and server | |
| CN103973646A (en) | Method, client device and system for storing services by aid of public cloud | |
| CN110838919B (en) | Communication method, storage method, operation method and device | |
| CN112003697A (en) | Encryption and decryption method and device for cryptographic module, electronic equipment and computer storage medium | |
| CN103592927A (en) | Method for binding product server and service function through license | |
| CN105187410A (en) | Application self-upgrading method and system | |
| CN109446793B (en) | Account encryption method and device based on Windows agent | |
| CN113079002B (en) | Data encryption method, data decryption method, key management method, medium, and device | |
| CN108964883B (en) | Digital certificate storage and signature method taking smart phone as medium | |
| CN107070842B (en) | Method and system for authenticating surrounding web applications by embedding web applications | |
| KR20190134935A (en) | System for protecting personal stored file securely in cloud environment | |
| CN111901312A (en) | Method, system, equipment and readable storage medium for network access control | |
| CN110287725B (en) | Equipment, authority control method thereof and computer readable storage medium | |
| EP3340094A1 (en) | Method for renewal of cryptographic whiteboxes under binding of new public key and old identifier |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |