CN113626833A - Card application data backup and recovery method and related equipment - Google Patents

Card application data backup and recovery method and related equipment Download PDF

Info

Publication number
CN113626833A
CN113626833A CN202010797719.8A CN202010797719A CN113626833A CN 113626833 A CN113626833 A CN 113626833A CN 202010797719 A CN202010797719 A CN 202010797719A CN 113626833 A CN113626833 A CN 113626833A
Authority
CN
China
Prior art keywords
card
application
secret key
encrypted
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010797719.8A
Other languages
Chinese (zh)
Inventor
刘扬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Research Institute of China Mobile Communication Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Research Institute of China Mobile Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, Research Institute of China Mobile Communication Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202010797719.8A priority Critical patent/CN113626833A/en
Publication of CN113626833A publication Critical patent/CN113626833A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1458Management of the backup or restore process
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Quality & Reliability (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

本发明提供一种卡应用数据备份和恢复方法及相关设备,涉及终端数据领域,其中,所述卡应用数据备份方法,包括:在卡内随机生成第一秘钥;在卡内对所述第一秘钥进行存储;使用所述第一秘钥对所述卡内的第一应用的个人化数据加密,所述第一应用为安装在所述卡内的卡应用;备份加密后的个人化数据。本发明实施例中通过对卡应用的个人化数据进行加密,并将加密秘钥存储在卡内,在方便卡应用恢复个人化数据的同时,提高个人化数据的安全性。

Figure 202010797719

The invention provides a card application data backup and recovery method and related equipment, and relates to the field of terminal data, wherein the card application data backup method includes: randomly generating a first secret key in a card; A secret key for storage; use the first secret key to encrypt the personalized data of the first application in the card, where the first application is the card application installed in the card; backup the encrypted personalized data data. In the embodiment of the present invention, by encrypting the personalized data of the card application and storing the encryption key in the card, the security of the personalized data is improved while facilitating the card application to restore the personalized data.

Figure 202010797719

Description

一种卡应用数据备份和恢复方法及相关设备A kind of card application data backup and recovery method and related equipment

技术领域technical field

本发明涉及终端数据技术领域,尤其涉及一种卡应用数据备份和恢复方法及相关设备。The present invention relates to the technical field of terminal data, in particular to a method and related equipment for backing up and restoring card application data.

背景技术Background technique

智能卡(例如,移动终端的SIM卡)应用的安装、删除等属于卡内容管理,现行的卡内容管理规范中,在删除卡应用时,需要将应用所有的应用数据删除,包括用户的个人化数据,例如,用户使用应用时的证书、密钥、PIN、余额等;而在数据更新时也需要先删除应用,再重新下载安装更新的应用,这种更新过程同样会删除卡应用所有的应用数据删除,即在卡应用更新过程中会丢失用户的个人化数据。以智能卡的安全类应用为例,如银行盾、公交卡等,用户的个人化数据无法保留意味着用户删除后重装应用或升级应用后需要去银行重新申请银行盾、公交卡的余额无法保留继续使用,这为用户带来不便,也不利于业务开展。The installation and deletion of smart card (for example, SIM card of mobile terminal) applications belong to card content management. In the current card content management specification, when deleting a card application, it is necessary to delete all application data of the application, including the user's personalization data. , for example, the certificate, key, PIN, balance, etc. when the user uses the application; and when the data is updated, the application needs to be deleted first, and then the updated application is downloaded and installed again. This update process will also delete all the application data of the card application. Deletion, i.e. the user's personalization data is lost during the card application update process. Taking the security applications of smart cards as an example, such as bank shield, bus card, etc., the user's personal data cannot be retained, which means that the user needs to go to the bank to re-apply for the bank shield after deleting and reinstalling the application or after upgrading the application, and the balance of the bus card cannot be retained. Continuing to use it will bring inconvenience to users and is not conducive to business development.

由此可见,现有技术中,卡应用的删除或更新后,难以恢复用户的个人化数据,不便于用户的后续的应用重装或更新使用。It can be seen that, in the prior art, after the card application is deleted or updated, it is difficult to restore the user's personalized data, and it is inconvenient for the user to reinstall or update the subsequent application.

发明内容SUMMARY OF THE INVENTION

本发明实施例提供一种卡应用数据备份和恢复方法及相关设备,以解决现有卡应用的删除或更新后,难以恢复用户的个人化数据的问题。Embodiments of the present invention provide a card application data backup and recovery method and related equipment, so as to solve the problem that it is difficult to restore a user's personalized data after deletion or update of an existing card application.

为解决上述技术问题,本发明是这样实现的:In order to solve the above-mentioned technical problems, the present invention is achieved in this way:

第一方面,本发明实施例提供了一种卡应用数据备份方法,所述方法包括:In a first aspect, an embodiment of the present invention provides a method for backing up card application data, the method comprising:

在卡内随机生成第一秘钥;Randomly generate the first secret key in the card;

在卡内对所述第一秘钥进行存储;storing the first secret key in the card;

使用所述第一秘钥对所述卡内的第一应用的个人化数据加密,所述第一应用为安装在所述卡内的卡应用;encrypting personalization data of a first application in the card using the first secret key, where the first application is a card application installed in the card;

备份加密后的个人化数据。Back up encrypted personal data.

可选的,所述在卡内对所述第一秘钥进行存储步骤,包括:Optionally, the step of storing the first secret key in the card includes:

利用第二秘钥加密所述第一秘钥,其中,所述第二秘钥为所述第一应用个人化时基于卡标识生成的;Encrypt the first secret key with a second secret key, wherein the second secret key is generated based on the card identifier when the first application is personalized;

在卡内对加密后的所述第一秘钥进行存储。The encrypted first secret key is stored in the card.

可选的,所述在卡内对加密后的所述第一秘钥进行存储步骤,包括:Optionally, the step of storing the encrypted first secret key in the card includes:

将加密后的第一秘钥存储至卡内的卡文件系统;Store the encrypted first secret key in the card file system in the card;

和/或,and / or,

将加密后的所述第一秘钥存储至卡内的第二应用中,所述第二应用为安装在所述卡内的卡应用;storing the encrypted first secret key in a second application in the card, where the second application is a card application installed in the card;

和/或,and / or,

将加密后的所述第一秘钥存储至卡内操作系统COS中。The encrypted first secret key is stored in the in-card operating system COS.

可选的,所述第二应用由所述第一应用的业务平台安装至卡内;Optionally, the second application is installed into the card by the service platform of the first application;

所述将加密后的所述第一秘钥存储至卡内的第二应用中,包括:The storing of the encrypted first secret key in the second application in the card includes:

在所述第一应用为预设应用的情况下,通过应用间通信接口将加密后的所述第一秘钥存储至第二应用中。When the first application is a preset application, the encrypted first key is stored in the second application through an inter-application communication interface.

可选的,所述备份加密后的个人化数据步骤,包括:Optionally, the step of backing up the encrypted personalized data includes:

将加密后的个人化数据备份至云端,和/或,将加密后的个人化数据备份至卡内的卡文件系统。Back up encrypted personalization data to the cloud, and/or back up encrypted personalization data to the card file system in the card.

第二方面,本发明实施例提供了一种卡应用数据恢复方法,所述方法包括:In a second aspect, an embodiment of the present invention provides a method for recovering card application data, the method comprising:

从卡内获取第一秘钥,其中,所述第一秘钥用于加密所述卡内的第一应用的个人化数据,所述第一应用为安装在所述卡内的卡应用;Obtain a first secret key from the card, wherein the first secret key is used to encrypt personalized data of a first application in the card, and the first application is a card application installed in the card;

获取使用所述第一秘钥加密后的个人化数据;obtaining personalized data encrypted with the first secret key;

使用所述第一秘钥解密所述加密后的个人化数据。The encrypted personalization data is decrypted using the first secret key.

可选的,所述从卡内获取第一秘钥包括:Optionally, the obtaining the first secret key from the card includes:

基于卡标识获取第二秘钥;Obtain the second secret key based on the card identifier;

获取卡内存储的利用第二秘钥加密后的第一秘钥;Obtain the first secret key encrypted with the second secret key stored in the card;

利用所述第二秘钥解密所述加密后的第一秘钥,得到所述第一秘钥。Decrypt the encrypted first key by using the second key to obtain the first key.

可选的,所述获取卡内存储的利用第二秘钥加密后的第一秘钥步骤,包括:Optionally, the step of obtaining the first secret key encrypted with the second secret key stored in the card includes:

读取存储在卡内的卡文件系统的所述加密后的第一秘钥;reading the encrypted first secret key of the card file system stored in the card;

或者,or,

读取存储在卡内的第二应用的所述加密后的第一秘钥,所述第二应用为安装在所述卡内的卡应用;reading the encrypted first secret key of a second application stored in the card, where the second application is a card application installed in the card;

或者,or,

读取存储在卡内操作系统COS中的所述加密后的第一秘钥。Read the encrypted first secret key stored in the operating system COS in the card.

可选的,所述获取使用所述第一秘钥加密后的个人化数据步骤,包括:Optionally, the step of obtaining the personalized data encrypted with the first secret key includes:

从云端获取所述加密后的个人化数据;obtain the encrypted personalization data from the cloud;

或者,从卡内的卡文件系统获取所述加密后的个人化数据。Alternatively, the encrypted personalization data is obtained from the card file system in the card.

第三方面,本发明实施例提供了一种卡应用数据备份设备,所述设备包括:In a third aspect, an embodiment of the present invention provides a device for backing up card application data, the device comprising:

生成模块,用于在卡内随机生成第一秘钥;a generating module for randomly generating the first secret key in the card;

第一秘钥存储模块,用于在卡内对所述第一秘钥进行存储;a first secret key storage module for storing the first secret key in the card;

加密模块,用于使用所述第一秘钥对所述卡内的第一应用的个人化数据加密,所述第一应用为安装在所述卡内的卡应用;an encryption module, configured to use the first secret key to encrypt personalized data of a first application in the card, where the first application is a card application installed in the card;

备份模块,用于备份加密后的个人化数据。Backup module for backing up encrypted personal data.

第四方面,本发明实施例提供了一种电子设备,包括处理器,In a fourth aspect, an embodiment of the present invention provides an electronic device, including a processor,

所述处理器,用于在卡内随机生成第一秘钥;The processor is used to randomly generate the first secret key in the card;

在卡内对所述第一秘钥进行存储;storing the first secret key in the card;

使用所述第一秘钥对所述卡内的第一应用的个人化数据加密,所述第一应用为安装在所述卡内的卡应用;encrypting personalization data of a first application in the card using the first secret key, where the first application is a card application installed in the card;

备份加密后的个人化数据。Back up encrypted personal data.

第五方面,本发明实施例提供了一种电子设备,包括:处理器、存储器及存储在所述存储器上并可在所述处理器上运行的程序,所述程序被所述处理器执行时实现上述第一方面所述的卡应用数据备份方法的步骤。In a fifth aspect, an embodiment of the present invention provides an electronic device, including: a processor, a memory, and a program stored on the memory and executable on the processor, when the program is executed by the processor The steps of implementing the method for backing up card application data described in the first aspect above.

第六方面,本发明实施例提供了一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现上述第一方面所述的卡应用数据备份方法的步骤。In a sixth aspect, an embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the card application described in the first aspect above is implemented Steps of data backup method.

第七方面,本发明实施例提供了一种卡应用数据恢复设备,包括:In a seventh aspect, an embodiment of the present invention provides a card application data recovery device, including:

第一获取模块,用于从卡内获取第一秘钥,其中,所述第一秘钥用于加密所述卡内的第一应用的个人化数据,所述第一应用为安装在所述卡内的卡应用;The first obtaining module is used to obtain the first secret key from the card, wherein the first secret key is used to encrypt the personalized data of the first application in the card, and the first application is installed in the card. Card application within the card;

第二获取模块,用于获取使用所述第一秘钥加密后的个人化数据;A second acquisition module, configured to acquire personalized data encrypted with the first secret key;

解密模块,用于使用所述第一秘钥解密所述加密后的个人化数据。A decryption module, configured to decrypt the encrypted personalization data using the first secret key.

第八方面,本发明实施例提供了一种电子设备,包括处理器,In an eighth aspect, an embodiment of the present invention provides an electronic device, including a processor,

所述处理器,用于从卡内获取第一秘钥,其中,所述第一秘钥用于加密所述卡内的第一应用的个人化数据,所述第一应用为安装在所述卡内的卡应用;The processor is configured to obtain a first secret key from the card, wherein the first secret key is used to encrypt personalized data of a first application in the card, and the first application is installed in the card. Card application within the card;

获取使用所述第一秘钥加密后的个人化数据;obtaining personalized data encrypted with the first secret key;

使用所述第一秘钥解密所述加密后的个人化数据。The encrypted personalization data is decrypted using the first secret key.

第九方面,本发明实施例提供了一种电子设备,包括:处理器、存储器及存储在所述存储器上并可在所述处理器上运行的程序,所述程序被所述处理器执行时实现上述第二方面所述的卡应用数据恢复方法的步骤。In a ninth aspect, an embodiment of the present invention provides an electronic device, including: a processor, a memory, and a program stored on the memory and executable on the processor, when the program is executed by the processor The steps of implementing the method for recovering card application data described in the second aspect above.

第十方面,本发明实施例提供了一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现上述第二方面所述的卡应用数据恢复方法的步骤。In a tenth aspect, an embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the card application described in the second aspect above is implemented Steps of data recovery method.

本发明实施例的上述技术方案,卡应用数据备份时,在卡内随机生成第一秘钥;在卡内对所述第一秘钥进行存储;使用所述第一秘钥对所述卡内的第一应用的个人化数据加密,所述第一应用为安装在所述卡内的卡应用;备份加密后的个人化数据;卡应用数据恢复时,从卡内获取第一秘钥,其中,所述第一秘钥用于加密所述卡内的第一应用的个人化数据,所述第一应用为安装在所述卡内的卡应用;获取使用所述第一秘钥加密后的个人化数据;使用所述第一秘钥解密所述加密后的个人化数据。通过对卡应用的个人化数据进行加密,并将加密秘钥存储在卡内,在方便卡应用恢复个人化数据的同时,提高个人化数据的安全性。In the above technical solution of the embodiment of the present invention, when the card application data is backed up, a first secret key is randomly generated in the card; the first secret key is stored in the card; the first secret key is stored in the card; The personalized data of the first application is encrypted, the first application is the card application installed in the card; the encrypted personalized data is backed up; when the card application data is restored, the first secret key is obtained from the card, wherein , the first secret key is used to encrypt the personalized data of the first application in the card, and the first application is the card application installed in the card; Personalization data; decrypt the encrypted personalization data using the first secret key. By encrypting the personalized data of the card application and storing the encryption key in the card, the security of the personalized data is improved while the recovery of the personalized data is convenient for the card application.

附图说明Description of drawings

为了更清楚地说明本发明实施例的技术方案,下面将对本发明实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the technical solutions of the embodiments of the present invention more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments of the present invention. Obviously, the drawings in the following description are only some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained from these drawings without creative labor.

图1是本发明实施例提供的一种卡应用数据备份方法的流程图;1 is a flowchart of a method for backing up card application data provided by an embodiment of the present invention;

图2a是本发明实施例提供的一种卡技术架构的示意图;2a is a schematic diagram of a card technology architecture provided by an embodiment of the present invention;

图2b是本发明实施例提供的一种卡技术架构的示意图;2b is a schematic diagram of a card technology architecture provided by an embodiment of the present invention;

图3是本发明实施例提供的一种卡应用数据备份方法的示意图;3 is a schematic diagram of a method for backing up card application data according to an embodiment of the present invention;

图4是本发明实施例提供的一种卡应用数据恢复方法的流程图;4 is a flowchart of a method for recovering card application data provided by an embodiment of the present invention;

图5是本发明实施例提供的一种卡应用数据恢复方法的示意图;5 is a schematic diagram of a method for recovering card application data provided by an embodiment of the present invention;

图6是本发明实施例提供的一种卡应用数据备份设备的示意图;6 is a schematic diagram of a card application data backup device provided by an embodiment of the present invention;

图7是本发明实施例提供的一种电子设备的示意图;7 is a schematic diagram of an electronic device provided by an embodiment of the present invention;

图8是本发明实施例提供的一种卡应用数据恢复设备的示意图;8 is a schematic diagram of a card application data recovery device provided by an embodiment of the present invention;

图9是本发明实施例提供的又一电子设备的示意图。FIG. 9 is a schematic diagram of still another electronic device provided by an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

本发明实施例中,提出了一种卡应用数据备份方法,以解决现有卡应用的删除或更新后,难以恢复用户的个人化数据的问题。In the embodiment of the present invention, a card application data backup method is proposed to solve the problem that it is difficult to restore the user's personalized data after the existing card application is deleted or updated.

参见图1,图1是本发明实施例提供的一种卡应用数据备份方法的流程图,如图1所示,所述方法包括以下步骤:Referring to FIG. 1, FIG. 1 is a flowchart of a method for backing up card application data provided by an embodiment of the present invention. As shown in FIG. 1, the method includes the following steps:

步骤101、在卡内随机生成第一秘钥。Step 101: Randomly generate a first secret key in the card.

本发明实施例中,所述卡可以是智能卡(Smart Card),例如,移动终端SIM卡、包括安全元件(Secure Element,SE)的智能卡等。可选的,所述卡为遵照GlobalPlatform CardSpecification 2.2.1(GP2.2.1)的相关要求的卡,其技术架构可以参考图2a。In this embodiment of the present invention, the card may be a smart card (Smart Card), for example, a mobile terminal SIM card, a smart card including a secure element (Secure Element, SE), and the like. Optionally, the card is a card that complies with the relevant requirements of GlobalPlatform Card Specification 2.2.1 (GP2.2.1), and its technical architecture can refer to FIG. 2a.

上述卡应用安装于卡内,可选的,所述卡应用可以为预置或通过TSM(TrustedService Management,可信服务管理)平台后下载的方式加载至卡中。以移动终端SIM卡为例,其技术架构可以参考图2b,其中的Java applets、Toolkit appletes模块为卡应用。The above-mentioned card application is installed in the card. Optionally, the card application may be preset or loaded into the card in a manner of downloading through a TSM (Trusted Service Management, Trusted Service Management) platform. Taking a mobile terminal SIM card as an example, its technical architecture can refer to Fig. 2b, wherein the Java applets and Toolkit appletes modules are card applications.

在卡内随机生成第一秘钥,用于加密卡应用个人化过程中生成的个人化数据,上述个人化数据包括用户使用应用时的信息,如证书、密钥、PIN、余额等。The first secret key is randomly generated in the card to encrypt the personalization data generated during the personalization process of the card application. The personalization data includes the information of the user when using the application, such as certificate, key, PIN, balance and so on.

步骤102、在卡内对所述第一秘钥进行存储。Step 102: Store the first secret key in the card.

本发明实施例中,上述步骤102中,将第一秘钥存储在卡内,即以秘钥不出卡的形式,对加密用户个人化数据的秘钥进行存储,提高用户个人化数据的安全性。其中,对所述第一秘钥进行存储,所述第一秘钥可以存储在卡内的卡文件系统,卡内的第二应用中,和/或卡内操作系统COS(Chip operating system或Card operating system)中,其中,所述第二应用为安装在所述卡内的卡应用。上述存储可以是直接对第一秘钥本身进行存储,也可以是对第一秘钥进一步加密后进行存储。In the embodiment of the present invention, in the above step 102, the first secret key is stored in the card, that is, the secret key for encrypting the user's personalization data is stored in the form of the secret key not leaving the card, so as to improve the security of the user's personalization data. sex. Wherein, the first secret key is stored, and the first secret key can be stored in the card file system in the card, in the second application in the card, and/or in the card operating system COS (Chip operating system or Card operating system), wherein the second application is a card application installed in the card. The above-mentioned storage may be directly storing the first secret key itself, or may be storing the first secret key after further encryption.

步骤103、使用所述第一秘钥对所述卡内的第一应用的个人化数据加密,所述第一应用为安装在所述卡内的卡应用。Step 103: Use the first secret key to encrypt the personalized data of a first application in the card, where the first application is a card application installed in the card.

本发明实施例中,上述步骤103中,利用第一秘钥对卡应用个人化数据加密,方便后续个人化数据的安全备份。由于用于加密个人化数据第一秘钥存储在卡内,即秘钥不出卡,使得加密后的个人化数据能够以更为灵活的方式进行备份,可以在卡内和/或卡外对加密后的个人化数据进行备份。In the embodiment of the present invention, in the above step 103, the personalized data encryption is applied to the card by using the first secret key, so as to facilitate the subsequent safe backup of the personalized data. Since the first secret key used to encrypt the personalization data is stored in the card, that is, the secret key cannot be stored in the card, so that the encrypted personalization data can be backed up in a more flexible way, and can be backed up in the card and/or outside the card. Encrypted personalization data is backed up.

在此,应当理解的是,本发明具体实施例的方法中步骤102和步骤103顺序不受限制,可以先执行步骤102后执行步骤103,也可以先执行步骤103后执行步骤102或者同时执行。Here, it should be understood that the order of step 102 and step 103 in the method of the specific embodiment of the present invention is not limited, and step 102 may be performed first and then step 103 may be performed, or step 103 may be performed first and then step 102 or simultaneously.

步骤104、备份加密后的个人化数据。Step 104 , back up the encrypted personalized data.

本发明实施例中,上述步骤104中,可以在卡内和/或卡外对加密后的个人化数据进行备份。In the embodiment of the present invention, in the foregoing step 104, the encrypted personalized data may be backed up in the card and/or outside the card.

可选的,将加密后的个人化数据备份至云端,和/或,将加密后的个人化数据备份至卡内的卡文件系统。Optionally, the encrypted personalized data is backed up to the cloud, and/or the encrypted personalized data is backed up to a card file system in the card.

其中,将加密后的个人化数据备份至云端,可以减少个人化数据备份对卡空间的占用。可选的,所述将加密后的个人化数据备份至云端,可以是通过卡应用与卡应用对应的业务平台之间的安全通道,将加密后的个人化数据备份至云端。其中,业务平台可以理解为卡外为卡应用提供应用服务的平台,例如,银行盾类型的卡应用的业务平台为银行业务平台,由银行方提供该平台,公交卡类型的的卡应用的业务平台为公交业务平台,由公交系统提供该平台。通过上述安全通道进行云端备份,能够进一步提高个人化数据备份的安全性。Among them, backing up the encrypted personalized data to the cloud can reduce the occupation of the card space by the personalized data backup. Optionally, backing up the encrypted personalized data to the cloud may be backing up the encrypted personalized data to the cloud through a secure channel between the card application and the business platform corresponding to the card application. Among them, the business platform can be understood as a platform that provides application services for card applications outside the card. For example, the business platform of the bank shield type card application is the banking business platform, which is provided by the bank, and the business of the bus card type card application. The platform is a public transportation business platform, which is provided by the public transportation system. Cloud backup through the above-mentioned secure channel can further improve the security of personalized data backup.

其中,所述将加密后的个人化数据备份至卡内的卡文件系统,可以是通过UICC(Universal Integrated Circuit Card,通用集成电路卡)/USIM(Universal SubscriberIdentity Module,通用用户身份识别模块)等文件访问相关API(ApplicationProgramming Interface,应用程序接口),将加密后的个人化数据备份至卡文件系统。Wherein, the encrypted personalized data is backed up to the card file system in the card, which may be through files such as UICC (Universal Integrated Circuit Card, Universal Integrated Circuit Card)/USIM (Universal Subscriber Identity Module, Universal Subscriber Identity Module). Access the relevant API (ApplicationProgramming Interface, application program interface), and back up the encrypted personalized data to the card file system.

本实施例中采用上述备份方式,可以在卡应用重装或卡应用升级时保留个人化数据不丢失,重装或更新后无需重新个人化,用户无需到营业网点重新签约、余额可以继续使用,可以有效提升用户体验、推动卡载体类业务发展。In this embodiment, the above-mentioned backup method is adopted, so that the personalized data can be kept without loss when the card application is reinstalled or the card application is upgraded. There is no need to re-personalize after the card application is reinstalled or updated. It can effectively improve user experience and promote the development of card carrier business.

可选的,上述步骤102,包括:Optionally, the above step 102 includes:

利用第二秘钥加密所述第一秘钥,其中,所述第二秘钥为所述第一应用个人化时基于卡标识生成的;Encrypt the first secret key with a second secret key, wherein the second secret key is generated based on the card identifier when the first application is personalized;

在卡内对加密后的所述第一秘钥进行存储。The encrypted first secret key is stored in the card.

其中,所述卡应用——第一应用在个人化时增加第二密钥,所述第二密钥关联第一应用,且对于第一应用而言,相同ID的卡的第二密钥一致。可选的所述第二密钥是使用卡唯一标识如ICCID分散得到的,保证对于同一应用而言,相同ID的卡的第二密钥一致。利用第二秘钥加密所述第一秘钥,在卡内对加密后的所述第一秘钥进行存储,即便其他应用(非第一应用)在卡内读取了加密后的所述第一秘钥,仍然无法对其解密来获取第一秘钥,从而无法解密加密后的个人化数据,从而进一步提高了个人化数据备份的安全性。而由于所述第二密钥关联第一应用,对于同一应用而言,相同ID的卡的第二密钥一致,第一应用删除后重装或更新时,仍然能够根据预设规则恢复第二秘钥,用于解密第一秘钥,从而进一步解密加密后的个人化数据。Wherein, the card application—the first application adds a second key during personalization, the second key is associated with the first application, and for the first application, the second keys of cards with the same ID are the same . Optionally, the second key is obtained by using a unique card identifier such as ICCID, which ensures that the second keys of cards with the same ID are consistent for the same application. Encrypt the first secret key with the second secret key, and store the encrypted first secret key in the card, even if other applications (not the first application) read the encrypted first secret key in the card The first secret key cannot be decrypted to obtain the first secret key, so that the encrypted personalized data cannot be decrypted, thereby further improving the security of the personalized data backup. Since the second key is associated with the first application, for the same application, the second keys of cards with the same ID are the same. When the first application is deleted and reinstalled or updated, the second key can still be restored according to the preset rules. The secret key is used to decrypt the first secret key, thereby further decrypting the encrypted personalization data.

所述在卡内对加密后的所述第一秘钥进行存储步骤,包括:The step of storing the encrypted first secret key in the card includes:

将加密后的第一秘钥存储至卡内的卡文件系统;Store the encrypted first secret key in the card file system in the card;

和/或,and / or,

将加密后的所述第一秘钥存储至卡内的第二应用中,所述第二应用为安装在所述卡内的卡应用;storing the encrypted first secret key in a second application in the card, where the second application is a card application installed in the card;

和/或,and / or,

将加密后的所述第一秘钥存储至卡内操作系统COS中。The encrypted first secret key is stored in the in-card operating system COS.

其中,可选的,所述将加密后的第一秘钥存储至卡内的卡文件系统,包括:通过UICC/USIM等文件访问相关API(文件系统API)将加密后的第一秘钥存储至卡内的卡文件系统。Wherein, optionally, storing the encrypted first secret key in the card file system in the card includes: storing the encrypted first secret key through a file access related API (file system API) such as UICC/USIM to the card file system inside the card.

可选的,当通过将加密后的所述第一秘钥存储至卡内的第二应用中的方式进行第一秘钥存储时,需要在存储前安装第二应用,上述第二应用用于存储加密后的第一秘钥。Optionally, when storing the first secret key by storing the encrypted first secret key in the second application in the card, the second application needs to be installed before storage, and the second application is used for Store the encrypted first secret key.

可选的,所述第二应用由所述第一应用的业务平台安装至卡内;所述将加密后的所述第一秘钥存储至卡内的第二应用中,包括:Optionally, the second application is installed in the card by the business platform of the first application; and the storing of the encrypted first secret key in the second application in the card includes:

在所述第一应用为预设应用的情况下,通过应用间通信接口将加密后的所述第一秘钥存储至第二应用中。When the first application is a preset application, the encrypted first key is stored in the second application through an inter-application communication interface.

其中,所述第二应用由第一应用对应的业务平台安装至卡内,第二应用将第一应用作为预设的应用,也就是第二应用将第一应用作为合法应用,从而第二应用允许存储第一应用对应的第一秘钥。可选的,所述第二应用通过判断第一应用的AID(ApplicationIdentifier,应用标识)来判断第一应用是否为合法应用。这种合法性判断,同样适用于从第二应用读取所述第一秘钥,避免非法应用获取(加密后的)第一秘钥,从而能够提高个人化数据备份的安全性。The second application is installed in the card by the service platform corresponding to the first application, and the second application uses the first application as a preset application, that is, the second application uses the first application as a legal application, so the second application The first secret key corresponding to the first application is allowed to be stored. Optionally, the second application determines whether the first application is a legitimate application by determining an AID (Application Identifier, application identifier) of the first application. This legality judgment is also applicable to reading the first secret key from the second application, preventing illegal applications from obtaining the (encrypted) first secret key, thereby improving the security of personalized data backup.

可选的,所述将加密后的所述第一秘钥存储至卡内操作系统COS中,包括:通过调用系统API将加密后的所述第一秘钥存储至卡内操作系统COS。系统API通过AID区分应用数据为应用提供备份恢复服务,即系统API保证第一应用不能读写其它应用存储在COS的数据,第一应用存储在COS的数据也不能被其他应用读写。将加密后的所述第一秘钥存储至卡内操作系统COS,能够提高个人化数据备份的安全性。Optionally, the storing the encrypted first secret key in the in-card operating system COS includes: storing the encrypted first secret key in the in-card operating system COS by calling a system API. The system API provides backup and recovery services for applications by distinguishing application data through AID, that is, the system API ensures that the first application cannot read and write data stored in COS by other applications, and the data stored in COS by the first application cannot be read and written by other applications. The encrypted first secret key is stored in the operating system COS in the card, which can improve the security of personalized data backup.

本实施例中的所述卡应用数据备份方法,还可以参考附图3所示的卡应用数据备份方法的示意图。For the card application data backup method in this embodiment, reference may also be made to the schematic diagram of the card application data backup method shown in FIG. 3 .

本实施例中的所述卡应用数据备份方法,在卡内随机生成第一秘钥;在卡内对所述第一秘钥进行存储;使用所述第一秘钥对所述卡内的第一应用的个人化数据加密,所述第一应用为安装在所述卡内的卡应用;备份加密后的个人化数据。本发明实施例中通过对卡应用的个人化数据进行加密,并将加密秘钥存储在卡内,在方便卡应用恢复个人化数据的同时,提高个人化数据的安全性。The card in this embodiment applies the data backup method to randomly generate a first secret key in the card; store the first secret key in the card; use the first secret key to restore the first secret key in the card Personalized data of an application is encrypted, and the first application is a card application installed in the card; the encrypted personalized data is backed up. In the embodiment of the present invention, by encrypting the personalized data of the card application and storing the encryption key in the card, the security of the personalized data is improved while facilitating the card application to restore the personalized data.

参见图4,图4是本发明实施例提供的一种卡应用数据恢复方法的流程图,如图4所示,所述方法包括以下步骤:Referring to FIG. 4, FIG. 4 is a flowchart of a method for recovering card application data provided by an embodiment of the present invention. As shown in FIG. 4, the method includes the following steps:

步骤401、从卡内获取第一秘钥,其中,所述第一秘钥用于加密所述卡内的第一应用的个人化数据,所述第一应用为安装在所述卡内的卡应用。Step 401: Obtain a first secret key from a card, wherein the first secret key is used to encrypt personalized data of a first application in the card, and the first application is a card installed in the card application.

用于加密第一应用的个人化数据的第一秘钥被存储在卡内,即以秘钥不出卡的形式,对加密用户个人化数据的秘钥进行存储,提高用户个人化数据的安全性。数据恢复时,即从卡内获取上述第一秘钥。The first secret key used to encrypt the personalization data of the first application is stored in the card, that is, the secret key used for encrypting the personalization data of the user is stored in the form that the secret key does not come out of the card, so as to improve the security of the personalization data of the user sex. When the data is recovered, the above-mentioned first secret key is obtained from the card.

步骤402、获取使用所述第一秘钥加密后的个人化数据。Step 402: Obtain personalized data encrypted by using the first secret key.

由于用于加密个人化数据第一秘钥存储在卡内,即秘钥不出卡,使得加密后的个人化数据能够以更为灵活的方式进行备份,可以在卡内和/或卡外对加密后的个人化数据进行备份。其中,所述获取使用所述第一秘钥加密后的个人化数据,可以从卡内和/或卡外获取使用所述第一秘钥加密后的个人化数据。Since the first secret key used to encrypt the personalization data is stored in the card, that is, the secret key cannot be stored in the card, so that the encrypted personalization data can be backed up in a more flexible way, and can be backed up in the card and/or outside the card. Encrypted personalization data is backed up. Wherein, in the obtaining of the personalized data encrypted with the first secret key, the personalized data encrypted with the first secret key may be obtained from inside the card and/or outside the card.

可选的,从云端获取所述加密后的个人化数据;或者,从卡内的卡文件系统获取所述加密后的个人化数据。Optionally, the encrypted personalized data is obtained from the cloud; or, the encrypted personalized data is obtained from a card file system in the card.

可选的,所述从云端获取所述加密后的个人化数据,包括:通过卡应用与卡应用对应的业务平台的之间的安全通道从云端获取业务平台备份的所述加密后的个人化数据。Optionally, the obtaining the encrypted personalized data from the cloud includes: obtaining the encrypted personalized data backed up by the business platform from the cloud through a secure channel between the card application and the business platform corresponding to the card application. data.

步骤403、使用所述第一秘钥解密所述加密后的个人化数据。Step 403: Decrypt the encrypted personalized data using the first secret key.

在此,应当理解的是,本发明具体实施例的方法中步骤401和步骤402顺序不受限制,可以先执行步骤401后执行步骤402,也可以先执行步骤402后执行步骤401或者同时执行。Here, it should be understood that the order of step 401 and step 402 in the method of the specific embodiment of the present invention is not limited, and step 401 may be performed first and then step 402, or step 402 may be performed first and then step 401 or simultaneously.

可选的,上述步骤401括:Optionally, the above step 401 includes:

基于卡标识获取第二秘钥;Obtain the second secret key based on the card identifier;

获取卡内存储的利用第二秘钥加密后的第一秘钥;Obtain the first secret key encrypted with the second secret key stored in the card;

利用所述第二秘钥解密所述加密后的第一秘钥,得到所述第一秘钥。Decrypt the encrypted first key by using the second key to obtain the first key.

所述第一秘钥经过第二秘钥进一步加密后被存储在卡内,从卡内获取第一秘钥时,需要基于卡标识获取第二秘钥对第一秘钥进行解密,从而得到所述第一秘钥。所述第二秘钥为所述第一应用个人化时基于卡标识生成的;所述第二密钥关联第一应用,且对于第一应用而言,相同ID的卡的第二密钥一致。可选的,可以根据分散规则及卡标识恢复第二密钥,并存储在第一应用中。可选的,卡应用对应的业务平台根据分散规则及卡标识恢复第二密钥,并通过卡应用与所述业务平台之间的安全通道,将所述第二秘钥写入所述第一应用。The first secret key is further encrypted by the second secret key and then stored in the card. When the first secret key is obtained from the card, it is necessary to obtain the second secret key based on the card identifier to decrypt the first secret key, so as to obtain the first secret key. Describe the first key. The second key is generated based on the card identifier when the first application is personalized; the second key is associated with the first application, and for the first application, the second keys of cards with the same ID are the same . Optionally, the second key can be recovered according to the distribution rule and the card identifier, and stored in the first application. Optionally, the business platform corresponding to the card application recovers the second key according to the dispersion rules and the card identifier, and writes the second key into the first key through the secure channel between the card application and the business platform. application.

可选的,所述获取卡内存储的利用第二秘钥加密后的第一秘钥步骤,包括:Optionally, the step of obtaining the first secret key encrypted with the second secret key stored in the card includes:

读取存储在卡内的卡文件系统的所述加密后的第一秘钥;reading the encrypted first secret key of the card file system stored in the card;

或者,or,

读取存储在卡内的第二应用的所述加密后的第一秘钥,所述第二应用为安装在所述卡内的卡应用;reading the encrypted first secret key of a second application stored in the card, where the second application is a card application installed in the card;

或者,or,

读取存储在卡内操作系统COS中的所述加密后的第一秘钥。Read the encrypted first secret key stored in the operating system COS in the card.

其中,所述读取存储在卡内的卡文件系统的所述加密后的第一秘钥,可以是通过文件系统API读取存储在卡内的卡文件系统的所述加密后的第一秘钥。Wherein, the reading of the encrypted first secret key of the card file system stored in the card may be reading the encrypted first secret key of the card file system stored in the card through a file system API key.

所述读取存储在卡内的第二应用的所述加密后的第一秘钥,可以是通过应用间调用接口读取存储在卡内的第二应用的所述加密后的第一秘钥。The reading of the encrypted first secret key of the second application stored in the card may be reading the encrypted first secret key of the second application stored in the card through an inter-application calling interface .

所述读取存储在卡内操作系统COS中的所述加密后的第一秘钥,可以是通过系统API读取存储在卡内操作系统COS中的所述加密后的第一秘钥。The reading of the encrypted first secret key stored in the operating system COS in the card may be reading the encrypted first secret key stored in the operating system COS in the card through a system API.

本实施例中的所述卡应用数据恢复方法,还可以参考附图5所示的卡应用数据恢复方法的示意图。For the method for restoring card application data in this embodiment, reference may also be made to the schematic diagram of the method for restoring card application data shown in FIG. 5 .

进行卡应用重装或卡应用升级后,可将步骤403中解密后的个人化数据恢复至重装或升级后的卡应用中,即可以在卡应用重装或卡应用升级时保留个人化数据不丢失,重装或更新后无需重新个人化,用户无需到营业网点重新签约、余额可以继续使用,可以有效提升用户体验、推动卡载体类业务发展。After the card application is reinstalled or the card application is upgraded, the personalized data decrypted in step 403 can be restored to the reinstalled or upgraded card application, that is, the personalized data can be retained when the card application is reinstalled or the card application is upgraded. No loss, no need to re-personalize after reinstallation or update, users do not need to sign a new contract at a business outlet, and the balance can continue to be used, which can effectively improve the user experience and promote the development of card carrier business.

需要说明的是,本实施例作为与图1所示的卡应用数据备份方法实施例中对应的卡应用数据恢复方法的实施方式,其具体的实施方式可以参见图1所示的实施例中的相关说明,为避免重复说明,本实施例不再赘述。It should be noted that this embodiment is an implementation of the method for restoring card application data corresponding to the embodiment of the method for backing up card application data shown in FIG. For related descriptions, in order to avoid repeated descriptions, details are not repeated in this embodiment.

上述可选的实施方式可以参见图1所示的实施例中的相关说明,为避免重复说明,本实施例不再赘述。For the above-mentioned optional implementation manner, reference may be made to the relevant description in the embodiment shown in FIG. 1 . To avoid repeated descriptions, detailed descriptions are not repeated in this embodiment.

本实施例中的卡应用数据恢复方法,从卡内获取第一秘钥,其中,所述第一秘钥用于加密所述卡内的第一应用的个人化数据,所述第一应用为安装在所述卡内的卡应用;获取使用所述第一秘钥加密后的个人化数据;使用所述第一秘钥解密所述加密后的个人化数据。本发明实施例中通过对卡应用的个人化数据进行加密,并将加密秘钥存储在卡内,数据恢复时,从卡内获取秘钥,在方便卡应用恢复个人化数据的同时,提高个人化数据的安全性。In the method for recovering card application data in this embodiment, a first secret key is obtained from the card, wherein the first secret key is used to encrypt the personalized data of the first application in the card, and the first application is A card application installed in the card; obtaining personalization data encrypted with the first secret key; decrypting the encrypted personalization data using the first secret key. In the embodiment of the present invention, by encrypting the personalization data of the card application, and storing the encryption key in the card, when the data is recovered, the key is obtained from the card, which facilitates the card application to recover the personalized data, and improves the personalization of the card application. data security.

参见图6,图6是本发明实施例提供的一种卡应用数据备份设备的示意图,如图6所示,所述卡应用数据备份设备600包括:Referring to FIG. 6, FIG. 6 is a schematic diagram of a card application data backup device provided by an embodiment of the present invention. As shown in FIG. 6, the card application data backup device 600 includes:

生成模块601,用于在卡内随机生成第一秘钥;A generating module 601 is used to randomly generate a first secret key in the card;

第一秘钥存储模块602,用于在卡内对所述第一秘钥进行存储;a first key storage module 602, configured to store the first key in the card;

加密模块603,用于使用所述第一秘钥对所述卡内的第一应用的个人化数据加密,所述第一应用为安装在所述卡内的卡应用;an encryption module 603, configured to use the first secret key to encrypt the personalized data of a first application in the card, where the first application is a card application installed in the card;

备份模块604,用于备份加密后的个人化数据。The backup module 604 is used for backing up the encrypted personalization data.

可选的,所述第一秘钥存储模块602,包括:Optionally, the first key storage module 602 includes:

第一秘钥加密单元,用于利用第二秘钥加密所述第一秘钥,其中,所述第二秘钥为所述第一应用个人化时基于卡标识生成的;a first secret key encryption unit, configured to encrypt the first secret key with a second secret key, wherein the second secret key is generated based on the card identifier when the first application is personalized;

第一秘钥存储单元,用于在卡内对加密后的所述第一秘钥进行存储。The first secret key storage unit is used for storing the encrypted first secret key in the card.

可选的,所述第一秘钥存储单元,具体包括:Optionally, the first key storage unit specifically includes:

第一存储子单元,用于将加密后的第一秘钥存储至卡内的卡文件系统;a first storage subunit for storing the encrypted first secret key in the card file system in the card;

和/或,and / or,

第二存储子单元,用于将加密后的所述第一秘钥存储至卡内的第二应用中,所述第二应用为安装在所述卡内的卡应用;a second storage subunit, configured to store the encrypted first secret key in a second application in the card, where the second application is a card application installed in the card;

和/或,and / or,

第三存储子单元,用于将加密后的所述第一秘钥存储至卡内操作系统COS中。The third storage subunit is configured to store the encrypted first secret key in the in-card operating system COS.

可选的,所述第二应用由所述第一应用的业务平台安装至卡内;Optionally, the second application is installed into the card by the service platform of the first application;

所述第二存储子单元,具体用于在所述第一应用为预设应用的情况下,通过应用间通信接口将加密后的所述第一秘钥存储至第二应用中。The second storage subunit is specifically configured to store the encrypted first secret key in the second application through an inter-application communication interface when the first application is a preset application.

可选的,所述备份模块604,具体用于将加密后的个人化数据备份至云端,和/或,将加密后的个人化数据备份至卡内的卡文件系统。Optionally, the backup module 604 is specifically configured to back up the encrypted personalized data to the cloud, and/or back up the encrypted personalized data to the card file system in the card.

需要说明的是,本实施例作为与图1所示的实施例中对应的卡应用数据备份设备的实施方式,其具体的实施方式可以参见图1所示的实施例中的相关说明,为避免重复说明,本实施例不再赘述。It should be noted that this embodiment is an implementation of the card application data backup device corresponding to the embodiment shown in FIG. 1 . For the specific implementation, please refer to the relevant description in the embodiment shown in FIG. 1 . The description is repeated, and details are not repeated in this embodiment.

本发明实施例提供的卡应用数据备份设备是能够执行上述卡应用数据备份方法的装置,则上述卡应用数据备份方法实施例中的所有实现方式均适用于该装置,且均能达到相同或相似的有益效果。The card application data backup device provided in the embodiment of the present invention is a device capable of executing the above-mentioned card application data backup method, and all implementations in the above-mentioned card application data backup method embodiments are applicable to the device, and can achieve the same or similar beneficial effect.

具体的,参见图7所示,本发明实施例还提供了一种电子设备,包括总线701、收发机702、天线703、总线接口704、处理器705和存储器706。Specifically, as shown in FIG. 7 , an embodiment of the present invention further provides an electronic device including a bus 701 , a transceiver 702 , an antenna 703 , a bus interface 704 , a processor 705 and a memory 706 .

进一步地,处理器705,用于在卡内随机生成第一秘钥;Further, the processor 705 is configured to randomly generate the first secret key in the card;

在卡内对所述第一秘钥进行存储;storing the first secret key in the card;

使用所述第一秘钥对所述卡内的第一应用的个人化数据加密,所述第一应用为安装在所述卡内的卡应用;encrypting personalization data of a first application in the card using the first secret key, where the first application is a card application installed in the card;

备份加密后的个人化数据。Back up encrypted personal data.

可选的,所述在卡内对所述第一秘钥进行存储步骤,包括:Optionally, the step of storing the first secret key in the card includes:

利用第二秘钥加密所述第一秘钥,其中,所述第二秘钥为所述第一应用个人化时基于卡标识生成的;Encrypt the first secret key with a second secret key, wherein the second secret key is generated based on the card identifier when the first application is personalized;

在卡内对加密后的所述第一秘钥进行存储。The encrypted first secret key is stored in the card.

可选的,所述在卡内对加密后的所述第一秘钥进行存储步骤,包括:Optionally, the step of storing the encrypted first secret key in the card includes:

将加密后的第一秘钥存储至卡内的卡文件系统;Store the encrypted first secret key in the card file system in the card;

和/或,and / or,

将加密后的所述第一秘钥存储至卡内的第二应用中,所述第二应用为安装在所述卡内的卡应用;storing the encrypted first secret key in a second application in the card, where the second application is a card application installed in the card;

和/或,and / or,

将加密后的所述第一秘钥存储至卡内操作系统COS中。The encrypted first secret key is stored in the in-card operating system COS.

可选的,所述第二应用由所述第一应用的业务平台安装至卡内;Optionally, the second application is installed into the card by the service platform of the first application;

所述将加密后的所述第一秘钥存储至卡内的第二应用中,包括:The storing of the encrypted first secret key in the second application in the card includes:

在所述第一应用为预设应用的情况下,通过应用间通信接口将加密后的所述第一秘钥存储至第二应用中。When the first application is a preset application, the encrypted first key is stored in the second application through an inter-application communication interface.

可选的,所述备份加密后的个人化数据步骤,包括:Optionally, the step of backing up the encrypted personalized data includes:

将加密后的个人化数据备份至云端,和/或,将加密后的个人化数据备份至卡内的卡文件系统。Back up encrypted personalization data to the cloud, and/or back up encrypted personalization data to the card file system in the card.

在图7中,总线架构(用总线701来代表),总线701可以包括任意数量的互联的总线和桥,总线701将包括由处理器705代表的一个或多个处理器和存储器706代表的存储器的各种电路链接在一起。总线701还可以将诸如外围设备、稳压器和功率管理电路等之类的各种其他电路链接在一起,这些都是本领域所公知的,因此,本文不再对其进行进一步描述。总线接口704在总线701和收发机702之间提供接口。收发机702可以是一个元件,也可以是多个元件,比如多个接收器和发送器,提供用于在传输介质上与各种其他装置通信的单元。经处理器705处理的数据通过天线703在无线介质上进行传输,进一步,天线703还接收数据并将数据传送给处理器705。In Figure 7, a bus architecture (represented by bus 701), which may include any number of interconnected buses and bridges, bus 701 will include one or more processors represented by processor 705 and memory represented by memory 706 The various circuits are linked together. The bus 701 may also link together various other circuits, such as peripherals, voltage regulators and power management circuits, etc., which are well known in the art and therefore will not be described further herein. Bus interface 704 provides an interface between bus 701 and transceiver 702 . Transceiver 702 may be a single element or multiple elements, such as multiple receivers and transmitters, providing means for communicating with various other devices over a transmission medium. The data processed by the processor 705 is transmitted on the wireless medium through the antenna 703 , and further, the antenna 703 also receives the data and transmits the data to the processor 705 .

处理器705负责管理总线701和通常的处理,还可以提供各种功能,包括定时,外围接口,电压调节、电源管理以及其他控制功能。而存储器706可以被用于存储处理器705在执行操作时所使用的数据。Processor 705 is responsible for managing bus 701 and general processing, and may also provide various functions including timing, peripheral interface, voltage regulation, power management, and other control functions. In turn, memory 706 may be used to store data used by processor 705 in performing operations.

可选的,处理器705可以是CPU、ASIC、FPGA或CPLD。Optionally, the processor 705 may be a CPU, ASIC, FPGA or CPLD.

需要说明的是,本实施例作为与图1所示的实施例中对应的卡应用数据备份设备的实施方式,其具体的实施方式可以参见图1所示的实施例中的相关说明,为避免重复说明,本实施例不再赘述。It should be noted that this embodiment is an implementation of the card application data backup device corresponding to the embodiment shown in FIG. 1 . For the specific implementation, please refer to the relevant description in the embodiment shown in FIG. 1 . The description is repeated, and details are not repeated in this embodiment.

本发明实施例提供的电子备份设备是能够执行上述卡应用数据备份方法的装置,则上述卡应用数据备份方法实施例中的所有实现方式均适用于该装置,且均能达到相同或相似的有益效果。The electronic backup device provided in the embodiment of the present invention is a device capable of executing the above-mentioned method for backing up card application data, and all implementations in the above-mentioned embodiments of the above-mentioned method for backing up card application data are applicable to the device, and can achieve the same or similar benefits. Effect.

本发明实施例还提供了一种电子设备,包括:处理器、存储器及存储在所述存储器上并可在所述处理器上运行的程序,所述程序被所述处理器执行时实现上述卡应用数据备份方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。An embodiment of the present invention further provides an electronic device, including: a processor, a memory, and a program stored on the memory and executable on the processor, and the program implements the above-mentioned card when executed by the processor Each process of the embodiments of the data backup method is applied, and the same technical effect can be achieved. To avoid repetition, details are not repeated here.

本发明实施例还提供一种计算机可读存储介质,计算机可读存储介质上存储有计算机程序,该计算机程序被处理器执行时实现上述卡应用数据备份方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。其中,所述的计算机可读存储介质,如只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等。Embodiments of the present invention further provide a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, each process of the above-mentioned embodiment of the method for backing up application data for a card can be implemented, and can achieve the same In order to avoid repetition, the technical effect will not be repeated here. The computer-readable storage medium is, for example, a read-only memory (Read-Only Memory, ROM), a random access memory (Random Access Memory, RAM), a magnetic disk, or an optical disk.

参见图8,图8是本发明实施例提供的一种卡应用数据恢复设备的示意图,如图8所示,上述卡应用数据恢复设备设备800包括:Referring to FIG. 8, FIG. 8 is a schematic diagram of a card application data recovery device provided by an embodiment of the present invention. As shown in FIG. 8, the above card application data recovery device 800 includes:

第一获取模块801,用于从卡内获取第一秘钥,其中,所述第一秘钥用于加密所述卡内的第一应用的个人化数据,所述第一应用为安装在所述卡内的卡应用;The first obtaining module 801 is used to obtain a first secret key from the card, wherein the first secret key is used to encrypt the personalized data of the first application in the card, and the first application is installed in the card. the card application in the card;

第二获取模块802,用于获取使用所述第一秘钥加密后的个人化数据;A second obtaining module 802, configured to obtain personalized data encrypted by using the first secret key;

解密模块803,用于使用所述第一秘钥解密所述加密后的个人化数据。A decryption module 803, configured to decrypt the encrypted personalization data by using the first secret key.

可选的,所述第一获取模块801,包括:Optionally, the first obtaining module 801 includes:

第一获取单元,用于基于卡标识获取第二秘钥;a first obtaining unit, configured to obtain the second secret key based on the card identifier;

第二获取单元,用于获取卡内存储的利用第二秘钥加密后的第一秘钥;A second obtaining unit, configured to obtain the first secret key encrypted with the second secret key stored in the card;

第一解密单元,用于利用所述第二秘钥解密所述加密后的第一秘钥,得到所述第一秘钥。A first decryption unit, configured to decrypt the encrypted first secret key by using the second secret key to obtain the first secret key.

可选的,第二获取单元,包括:Optionally, the second obtaining unit includes:

第一读取子单元,用于读取存储在卡内的卡文件系统的所述加密后的第一秘钥;a first reading subunit, used for reading the encrypted first secret key of the card file system stored in the card;

或者,or,

第二读取子单元,用于读取存储在卡内的第二应用的所述加密后的第一秘钥,所述第二应用为安装在所述卡内的卡应用;a second reading subunit, configured to read the encrypted first secret key of a second application stored in the card, where the second application is a card application installed in the card;

或者,or,

第三读取子单元,用于读取存储在卡内操作系统COS中的所述加密后的第一秘钥。The third reading subunit is used for reading the encrypted first secret key stored in the operating system COS in the card.

所述第二获取模块802,包括:The second obtaining module 802 includes:

云端获取单元,用于从云端获取所述加密后的个人化数据;a cloud acquisition unit, configured to acquire the encrypted personalized data from the cloud;

或者,or,

卡内获取单元,用于从卡内的卡文件系统获取所述加密后的个人化数据。An in-card acquiring unit, configured to acquire the encrypted personalization data from a card file system in the card.

需要说明的是,本实施例作为与图4所示的实施例中对应的卡应用数据恢复设备的实施方式,其具体的实施方式可以参见图4所示的实施例中的相关说明,为避免重复说明,本实施例不再赘述。It should be noted that this embodiment is an implementation of the card application data recovery device corresponding to the embodiment shown in FIG. 4 , and reference may be made to the relevant description in the embodiment shown in FIG. 4 for the specific implementation. The description is repeated, and details are not repeated in this embodiment.

本发明实施例提供的卡应用数据恢复设备是能够执行上述卡应用数据恢复方法的装置,则上述卡应用数据恢复方法实施例中的所有实现方式均适用于该装置,且均能达到相同或相似的有益效果。The card application data recovery device provided by the embodiment of the present invention is a device capable of executing the above-mentioned card application data recovery method, and all implementations in the above-mentioned card application data recovery method embodiments are applicable to the device, and can achieve the same or similar beneficial effect.

具体的,参见图9所示,本发明实施例还提供了一种接收端设备,包括总线901、收发机902、天线903、总线接口904、处理器905和存储器906。Specifically, as shown in FIG. 9 , an embodiment of the present invention further provides a receiving end device including a bus 901 , a transceiver 902 , an antenna 903 , a bus interface 904 , a processor 905 and a memory 906 .

处理器905,用于从卡内获取第一秘钥,其中,所述第一秘钥用于加密所述卡内的第一应用的个人化数据,所述第一应用为安装在所述卡内的卡应用;The processor 905 is configured to obtain a first secret key from the card, wherein the first secret key is used to encrypt the personalized data of a first application in the card, and the first application is installed on the card within the card app;

获取使用所述第一秘钥加密后的个人化数据;obtaining personalized data encrypted with the first secret key;

使用所述第一秘钥解密所述加密后的个人化数据。The encrypted personalization data is decrypted using the first secret key.

可选的,所述从卡内获取第一秘钥包括:Optionally, the obtaining the first secret key from the card includes:

基于卡标识获取第二秘钥;Obtain the second secret key based on the card identifier;

获取卡内存储的利用第二秘钥加密后的第一秘钥;Obtain the first secret key encrypted with the second secret key stored in the card;

利用所述第二秘钥解密所述加密后的第一秘钥,得到所述第一秘钥。Decrypt the encrypted first key by using the second key to obtain the first key.

可选的,所述获取卡内存储的利用第二秘钥加密后的第一秘钥步骤,包括:Optionally, the step of obtaining the first secret key encrypted with the second secret key stored in the card includes:

读取存储在卡内的卡文件系统的所述加密后的第一秘钥;reading the encrypted first secret key of the card file system stored in the card;

或者,or,

读取存储在卡内的第二应用的所述加密后的第一秘钥,所述第二应用为安装在所述卡内的卡应用;reading the encrypted first secret key of a second application stored in the card, where the second application is a card application installed in the card;

或者,or,

读取存储在卡内操作系统COS中的所述加密后的第一秘钥。Read the encrypted first secret key stored in the operating system COS in the card.

可选的,所述获取使用所述第一秘钥加密后的个人化数据步骤,包括:Optionally, the step of obtaining the personalized data encrypted with the first secret key includes:

从云端获取所述加密后的个人化数据;obtain the encrypted personalization data from the cloud;

或者,从卡内的卡文件系统获取所述加密后的个人化数据。Alternatively, the encrypted personalization data is obtained from the card file system in the card.

在图9中,总线架构(用总线901来代表),总线901可以包括任意数量的互联的总线和桥,总线901将包括由处理器905代表的一个或多个处理器和存储器906代表的存储器的各种电路链接在一起。总线901还可以将诸如外围设备、稳压器和功率管理电路等之类的各种其他电路链接在一起,这些都是本领域所公知的,因此,本文不再对其进行进一步描述。总线接口904在总线901和收发机902之间提供接口。收发机902可以是一个元件,也可以是多个元件,比如多个接收器和发送器,提供用于在传输介质上与各种其他装置通信的单元。经处理器905处理的数据通过天线903在无线介质上进行传输,进一步,天线903还接收数据并将数据传送给处理器905。In Figure 9, a bus architecture (represented by bus 901), which may include any number of interconnected buses and bridges, bus 901 will include one or more processors represented by processor 905 and memory represented by memory 906 The various circuits are linked together. The bus 901 may also link together various other circuits such as peripherals, voltage regulators, and power management circuits, etc., which are well known in the art and therefore will not be described further herein. Bus interface 904 provides an interface between bus 901 and transceiver 902 . Transceiver 902 may be a single element or multiple elements, such as multiple receivers and transmitters, that provide means for communicating with various other devices over a transmission medium. The data processed by the processor 905 is transmitted on the wireless medium through the antenna 903 , and further, the antenna 903 also receives the data and transmits the data to the processor 905 .

处理器905负责管理总线901和通常的处理,还可以提供各种功能,包括定时,外围接口,电压调节、电源管理以及其他控制功能。而存储器906可以被用于存储处理器905在执行操作时所使用的数据。The processor 905 is responsible for managing the bus 901 and general processing, and may also provide various functions including timing, peripheral interface, voltage regulation, power management, and other control functions. And memory 906 may be used to store data used by processor 905 in performing operations.

可选的,处理器905可以是CPU、ASIC、FPGA或CPLD。Optionally, the processor 905 may be a CPU, ASIC, FPGA or CPLD.

本发明实施例还提供了一种电子设备,包括:处理器、存储器及存储在所述存储器上并可在所述处理器上运行的程序,所述程序被所述处理器执行时实现上述卡应用数据恢复方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。An embodiment of the present invention further provides an electronic device, including: a processor, a memory, and a program stored on the memory and executable on the processor, and the program implements the above-mentioned card when executed by the processor Each process of the data recovery method embodiment is applied, and the same technical effect can be achieved. To avoid repetition, details are not repeated here.

本发明实施例还提供一种计算机可读存储介质,计算机可读存储介质上存储有计算机程序,该计算机程序被处理器执行时实现上述卡应用数据恢复方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。其中,所述的计算机可读存储介质,如只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等。Embodiments of the present invention further provide a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium. When the computer program is executed by a processor, each process of the above-mentioned embodiment of the method for recovering application data for a card can be realized, and the same can be achieved. In order to avoid repetition, the technical effect will not be repeated here. The computer-readable storage medium is, for example, a read-only memory (Read-Only Memory, ROM), a random access memory (Random Access Memory, RAM), a magnetic disk, or an optical disk.

需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。It should be noted that, herein, the terms "comprising", "comprising" or any other variation thereof are intended to encompass non-exclusive inclusion, such that a process, method, article or device comprising a series of elements includes not only those elements, It also includes other elements not expressly listed or inherent to such a process, method, article or apparatus. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in a process, method, article or apparatus that includes the element.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本发明各个实施例所述的方法。From the description of the above embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus a necessary general hardware platform, and of course hardware can also be used, but in many cases the former is better implementation. Based on this understanding, the technical solutions of the present invention can be embodied in the form of software products in essence or the parts that make contributions to the prior art, and the computer software products are stored in a storage medium (such as ROM/RAM, magnetic disk, CD-ROM), including several instructions to make a terminal (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) execute the methods described in the various embodiments of the present invention.

上面结合附图对本发明的实施例进行了描述,但是本发明并不局限于上述的具体实施方式,上述的具体实施方式仅仅是示意性的,而不是限制性的,本领域的普通技术人员在本发明的启示下,在不脱离本发明宗旨和权利要求所保护的范围情况下,还可做出很多形式,均属于本发明的保护之内。The embodiments of the present invention have been described above in conjunction with the accompanying drawings, but the present invention is not limited to the above-mentioned specific embodiments, which are merely illustrative rather than restrictive. Under the inspiration of the present invention, without departing from the spirit of the present invention and the scope protected by the claims, many forms can be made, which all belong to the protection of the present invention.

Claims (17)

1.一种卡应用数据备份方法,其特征在于,包括:1. a card application data backup method, is characterized in that, comprises: 在卡内随机生成第一秘钥;Randomly generate the first secret key in the card; 在卡内对所述第一秘钥进行存储;storing the first secret key in the card; 使用所述第一秘钥对所述卡内的第一应用的个人化数据加密,所述第一应用为安装在所述卡内的卡应用;encrypting personalization data of a first application in the card using the first secret key, where the first application is a card application installed in the card; 备份加密后的个人化数据。Back up encrypted personal data. 2.根据权利要求1所述的方法,其特征在于,所述在卡内对所述第一秘钥进行存储步骤,包括:2. The method according to claim 1, wherein the step of storing the first secret key in the card comprises: 利用第二秘钥加密所述第一秘钥,其中,所述第二秘钥为所述第一应用个人化时基于卡标识生成的;Encrypt the first secret key with a second secret key, wherein the second secret key is generated based on the card identifier when the first application is personalized; 在卡内对加密后的所述第一秘钥进行存储。The encrypted first secret key is stored in the card. 3.根据权利要求2所述的方法,其特征在于,所述在卡内对加密后的所述第一秘钥进行存储步骤,包括:3. The method according to claim 2, wherein the step of storing the encrypted first secret key in the card comprises: 将加密后的第一秘钥存储至卡内的卡文件系统;Store the encrypted first secret key in the card file system in the card; 和/或,and / or, 将加密后的所述第一秘钥存储至卡内的第二应用中,所述第二应用为安装在所述卡内的卡应用;storing the encrypted first secret key in a second application in the card, where the second application is a card application installed in the card; 和/或,and / or, 将加密后的所述第一秘钥存储至卡内操作系统COS中。The encrypted first secret key is stored in the in-card operating system COS. 4.根据权利要求3所述的方法,其特征在于,所述第二应用由所述第一应用的业务平台安装至卡内;4. The method according to claim 3, wherein the second application is installed into the card by the service platform of the first application; 所述将加密后的所述第一秘钥存储至卡内的第二应用中,包括:The storing of the encrypted first secret key in the second application in the card includes: 在所述第一应用为预设应用的情况下,通过应用间通信接口将加密后的所述第一秘钥存储至第二应用中。When the first application is a preset application, the encrypted first key is stored in the second application through an inter-application communication interface. 5.根据权利要求1至4中任一项所述的方法,其特征在于,所述备份加密后的个人化数据步骤,包括:5. The method according to any one of claims 1 to 4, wherein the step of backing up the encrypted personalized data comprises: 将加密后的个人化数据备份至云端,和/或,将加密后的个人化数据备份至卡内的卡文件系统。Back up encrypted personalization data to the cloud, and/or back up encrypted personalization data to the card file system in the card. 6.一种卡应用数据恢复方法,其特征在于,包括:6. A method for recovering card application data, comprising: 从卡内获取第一秘钥,其中,所述第一秘钥用于加密所述卡内的第一应用的个人化数据,所述第一应用为安装在所述卡内的卡应用;Obtain a first secret key from the card, wherein the first secret key is used to encrypt personalized data of a first application in the card, and the first application is a card application installed in the card; 获取使用所述第一秘钥加密后的个人化数据;obtaining personalized data encrypted with the first secret key; 使用所述第一秘钥解密所述加密后的个人化数据。The encrypted personalization data is decrypted using the first secret key. 7.根据权利要求6所述的方法,其特征在于,所述从卡内获取第一秘钥包括:7. The method according to claim 6, wherein the obtaining the first secret key from the card comprises: 基于卡标识获取第二秘钥;Obtain the second secret key based on the card identifier; 获取卡内存储的利用第二秘钥加密后的第一秘钥;Obtain the first secret key encrypted with the second secret key stored in the card; 利用所述第二秘钥解密所述加密后的第一秘钥,得到所述第一秘钥。Decrypt the encrypted first key by using the second key to obtain the first key. 8.根据权利要求7所述的方法,其特征在于,所述获取卡内存储的利用第二秘钥加密后的第一秘钥步骤,包括:8. The method according to claim 7, wherein the step of obtaining the first secret key encrypted with the second secret key stored in the card comprises: 读取存储在卡内的卡文件系统的所述加密后的第一秘钥;reading the encrypted first secret key of the card file system stored in the card; 或者,or, 读取存储在卡内的第二应用的所述加密后的第一秘钥,所述第二应用为安装在所述卡内的卡应用;reading the encrypted first secret key of a second application stored in the card, where the second application is a card application installed in the card; 或者,or, 读取存储在卡内操作系统COS中的所述加密后的第一秘钥。Read the encrypted first secret key stored in the operating system COS in the card. 9.根据权利要求6至8中任一项所述的方法,其特征在于,所述获取使用所述第一秘钥加密后的个人化数据步骤,包括:9. The method according to any one of claims 6 to 8, wherein the step of obtaining the personalized data encrypted by using the first secret key comprises: 从云端获取所述加密后的个人化数据;obtain the encrypted personalization data from the cloud; 或者,从卡内的卡文件系统获取所述加密后的个人化数据。Alternatively, the encrypted personalization data is obtained from the card file system in the card. 10.一种卡应用数据备份设备,其特征在于,包括:10. A card application data backup device, comprising: 生成模块,用于在卡内随机生成第一秘钥;a generating module for randomly generating the first secret key in the card; 第一秘钥存储模块,用于在卡内对所述第一秘钥进行存储;a first secret key storage module for storing the first secret key in the card; 加密模块,用于使用所述第一秘钥对所述卡内的第一应用的个人化数据加密,所述第一应用为安装在所述卡内的卡应用;an encryption module, configured to use the first secret key to encrypt personalized data of a first application in the card, where the first application is a card application installed in the card; 备份模块,用于备份加密后的个人化数据。Backup module for backing up encrypted personal data. 11.一种电子设备,其特征在于,包括处理器,11. An electronic device, characterized in that it comprises a processor, 所述处理器,用于在卡内随机生成第一秘钥;The processor is used to randomly generate the first secret key in the card; 在卡内对所述第一秘钥进行存储;storing the first secret key in the card; 使用所述第一秘钥对所述卡内的第一应用的个人化数据加密,所述第一应用为安装在所述卡内的卡应用;encrypting personalization data of a first application in the card using the first secret key, where the first application is a card application installed in the card; 备份加密后的个人化数据。Back up encrypted personal data. 12.一种电子设备,其特征在于,包括:处理器、存储器及存储在所述存储器上并可在所述处理器上运行的程序,所述程序被所述处理器执行时实现如权利要求1至5中任一项所述的卡应用数据备份方法的步骤。12. An electronic device, characterized by comprising: a processor, a memory, and a program stored on the memory and executable on the processor, the program being executed by the processor to achieve as claimed in the claims Steps of the card application data backup method described in any one of 1 to 5. 13.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如权利要求1至5中任一项所述的卡应用数据备份方法的步骤。13. A computer-readable storage medium, wherein a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program according to any one of claims 1 to 5 is implemented. Steps of the card application data backup method. 14.一种卡应用数据恢复设备,其特征在于,包括:14. A card application data recovery device, comprising: 第一获取模块,用于从卡内获取第一秘钥,其中,所述第一秘钥用于加密所述卡内的第一应用的个人化数据,所述第一应用为安装在所述卡内的卡应用;The first obtaining module is used to obtain the first secret key from the card, wherein the first secret key is used to encrypt the personalized data of the first application in the card, and the first application is installed in the card. Card application within the card; 第二获取模块,用于获取使用所述第一秘钥加密后的个人化数据;A second acquisition module, configured to acquire personalized data encrypted with the first secret key; 解密模块,用于使用所述第一秘钥解密所述加密后的个人化数据。A decryption module, configured to decrypt the encrypted personalization data using the first secret key. 15.一种电子设备,其特征在于,包括处理器,15. An electronic device, characterized in that it comprises a processor, 所述处理器,用于从卡内获取第一秘钥,其中,所述第一秘钥用于加密所述卡内的第一应用的个人化数据,所述第一应用为安装在所述卡内的卡应用;The processor is configured to obtain a first secret key from the card, wherein the first secret key is used to encrypt personalized data of a first application in the card, and the first application is installed in the card. Card application within the card; 获取使用所述第一秘钥加密后的个人化数据;obtaining personalized data encrypted with the first secret key; 使用所述第一秘钥解密所述加密后的个人化数据。The encrypted personalization data is decrypted using the first secret key. 16.一种电子设备,其特征在于,包括:处理器、存储器及存储在所述存储器上并可在所述处理器上运行的程序,所述程序被所述处理器执行时实现如权利要求6至9中任一项所述的卡应用数据恢复方法的步骤。16. An electronic device, characterized in that it comprises: a processor, a memory and a program stored on the memory and executable on the processor, the program being executed by the processor to achieve as claimed in the claims Steps of the card application data recovery method described in any one of 6 to 9. 17.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如权利要求6至9中任一项所述的卡应用数据恢复方法的步骤。17. A computer-readable storage medium, wherein a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program according to any one of claims 6 to 9 is implemented. The steps of the card application data recovery method.
CN202010797719.8A 2020-08-10 2020-08-10 Card application data backup and recovery method and related equipment Pending CN113626833A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010797719.8A CN113626833A (en) 2020-08-10 2020-08-10 Card application data backup and recovery method and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010797719.8A CN113626833A (en) 2020-08-10 2020-08-10 Card application data backup and recovery method and related equipment

Publications (1)

Publication Number Publication Date
CN113626833A true CN113626833A (en) 2021-11-09

Family

ID=78377764

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010797719.8A Pending CN113626833A (en) 2020-08-10 2020-08-10 Card application data backup and recovery method and related equipment

Country Status (1)

Country Link
CN (1) CN113626833A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117215831A (en) * 2023-09-05 2023-12-12 中移互联网有限公司 USIM card application data migration method and device, electronic equipment and storage medium
WO2024239869A1 (en) * 2023-05-19 2024-11-28 中移动金融科技有限公司 Data migration method and apparatus, data recovery method and apparatus, and device and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102915263A (en) * 2012-10-19 2013-02-06 北京小米科技有限责任公司 Data backup method, system and equipment
CN105786641A (en) * 2014-12-17 2016-07-20 北京数码视讯科技股份有限公司 Method, equipment and intelligent card for back-upping and recovery of intelligent card application data
CN109635581A (en) * 2018-12-12 2019-04-16 深圳市网心科技有限公司 A kind of data processing method, equipment, system and storage medium
CN109936446A (en) * 2019-01-16 2019-06-25 深圳壹账通智能科技有限公司 Code key management method, device and computer equipment under distributed environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102915263A (en) * 2012-10-19 2013-02-06 北京小米科技有限责任公司 Data backup method, system and equipment
CN105786641A (en) * 2014-12-17 2016-07-20 北京数码视讯科技股份有限公司 Method, equipment and intelligent card for back-upping and recovery of intelligent card application data
CN109635581A (en) * 2018-12-12 2019-04-16 深圳市网心科技有限公司 A kind of data processing method, equipment, system and storage medium
CN109936446A (en) * 2019-01-16 2019-06-25 深圳壹账通智能科技有限公司 Code key management method, device and computer equipment under distributed environment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024239869A1 (en) * 2023-05-19 2024-11-28 中移动金融科技有限公司 Data migration method and apparatus, data recovery method and apparatus, and device and storage medium
CN117215831A (en) * 2023-09-05 2023-12-12 中移互联网有限公司 USIM card application data migration method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN110912701B (en) Social key recovery method and related device
US9880830B2 (en) On-board applet migration
WO2020192698A1 (en) Data secure backup and secure recovery methods, and electronic device
US10432619B2 (en) Remote keychain for mobile devices
CN102859963B (en) From non-local memory load and configuration subsystem safely
TWI246289B (en) Method, apparatus, and recording medium for providing a user device with a set of access codes
EP2988470A1 (en) Automatic purposed-application creation
CN108763917B (en) Data encryption and decryption method and device
US20200195433A1 (en) System and method for secure sensitive data storage and recovery
CN109672521B (en) Security storage system and method based on national encryption engine
US9276748B2 (en) Data-encrypting method and decrypting method for a mobile phone
CN107679370B (en) Equipment identifier generation method and device
US9313185B1 (en) Systems and methods for authenticating devices
CN105005731A (en) A data encryption and decryption method and mobile terminal
CN204360381U (en) mobile device
CN107124279B (en) Method and device for erasing terminal data
CN109495252A (en) Data ciphering method, device, computer equipment and storage medium
CN104573551A (en) File processing method and mobile terminal
JP2019054363A (en) Server device, secret dispersion management system and secret dispersion management device
KR101680536B1 (en) Method for Service Security of Mobile Business Data for Enterprise and System thereof
CN113626833A (en) Card application data backup and recovery method and related equipment
CN116489633A (en) Data migration method, data recovery method, device, equipment and storage medium
CN104994498A (en) Method and system for interaction between terminal application and mobile phone card application
JP2014150518A (en) User terminal, key generation management device, and program
CN117040754A (en) Method and apparatus for generating, verifying, and decentralizing identity, and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination