CN113626833A - Card application data backup and recovery method and related equipment - Google Patents

Card application data backup and recovery method and related equipment Download PDF

Info

Publication number
CN113626833A
CN113626833A CN202010797719.8A CN202010797719A CN113626833A CN 113626833 A CN113626833 A CN 113626833A CN 202010797719 A CN202010797719 A CN 202010797719A CN 113626833 A CN113626833 A CN 113626833A
Authority
CN
China
Prior art keywords
card
application
secret key
encrypted
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010797719.8A
Other languages
Chinese (zh)
Inventor
刘扬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Communications Ltd Research Institute filed Critical China Mobile Communications Group Co Ltd
Priority to CN202010797719.8A priority Critical patent/CN113626833A/en
Publication of CN113626833A publication Critical patent/CN113626833A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1458Management of the backup or restore process
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Quality & Reliability (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a card application data backup and recovery method and related equipment, and relates to the field of terminal data, wherein the card application data backup method comprises the following steps: randomly generating a first secret key in the card; storing the first secret key in the card; encrypting personalization data of a first application within the card using the first secret key, the first application being a card application installed within the card; the encrypted personalization data is backed up. In the embodiment of the invention, the personalized data applied by the card is encrypted, and the encryption key is stored in the card, so that the personalized data can be conveniently recovered by the card application, and the security of the personalized data is improved.

Description

Card application data backup and recovery method and related equipment
Technical Field
The invention relates to the technical field of terminal data, in particular to a card application data backup and recovery method and related equipment.
Background
The installation, deletion, etc. of smart card (e.g. SIM card of mobile terminal) application belong to card content management, in the current card content management specification, when deleting card application, all application data of application need to be deleted, including personalized data of user, e.g. certificate, key, PIN, balance, etc. when user uses application; and when the data is updated, the application is deleted first, and then the updated application is downloaded and installed again, and the updating process can also delete all the application data of the card application, namely the personalized data of the user can be lost in the updating process of the card application. Taking the security applications of the smart card, such as a bank shield and a bus card, as an example, the failure of the personalized data of the user to reserve means that the user needs to go to the bank to re-apply for the balance of the bank shield and the bus card after deleting the application or upgrading the application, which brings inconvenience to the user and is not beneficial to business development.
Therefore, in the prior art, after the card application is deleted or updated, the personalized data of the user is difficult to recover, and the subsequent application reinstallation or update of the user is inconvenient to use.
Disclosure of Invention
The embodiment of the invention provides a card application data backup and recovery method and related equipment, which are used for solving the problem that personalized data of a user is difficult to recover after the existing card application is deleted or updated.
In order to solve the technical problem, the invention is realized as follows:
in a first aspect, an embodiment of the present invention provides a card application data backup method, where the method includes:
randomly generating a first secret key in the card;
storing the first secret key in the card;
encrypting personalization data of a first application within the card using the first secret key, the first application being a card application installed within the card;
the encrypted personalization data is backed up.
Optionally, the step of storing the first secret key in the card includes:
encrypting the first key using a second secret key, wherein the second key is generated based on a card identifier when the first application is personalized;
and storing the encrypted first secret key in the card.
Optionally, the step of storing the encrypted first secret key in the card includes:
storing the encrypted first secret key to a card file system in the card;
and/or the presence of a gas in the gas,
storing the encrypted first secret key into a second application in a card, wherein the second application is a card application installed in the card;
and/or the presence of a gas in the gas,
and storing the encrypted first secret key into an operating system (COS) in the card.
Optionally, the second application is installed in the card by the service platform of the first application;
the storing the encrypted first secret key into a second application in the card includes:
and under the condition that the first application is a preset application, storing the encrypted first secret key into a second application through an inter-application communication interface.
Optionally, the step of backing up the encrypted personalized data includes:
and backing up the encrypted personalized data to the cloud end, and/or backing up the encrypted personalized data to a card file system in the card.
In a second aspect, an embodiment of the present invention provides a method for recovering card application data, where the method includes:
acquiring a first secret key from a card, wherein the first secret key is used for encrypting personalization data of a first application in the card, and the first application is a card application installed in the card;
acquiring personalized data encrypted by using the first secret key;
decrypting the encrypted personalization data using the first secret key.
Optionally, the obtaining the first secret key from the card includes:
acquiring a second secret key based on the card identifier;
acquiring a first secret key which is stored in the card and encrypted by using a second secret key;
and decrypting the encrypted first secret key by using the second secret key to obtain the first secret key.
Optionally, the step of obtaining the first secret key stored in the card and encrypted by using the second secret key includes:
reading the encrypted first key of a card file system stored in a card;
or,
reading the encrypted first key of a second application stored in a card, wherein the second application is a card application installed in the card;
or,
reading the encrypted first key stored in the operating system COS in the card.
Optionally, the step of obtaining the personalized data encrypted by using the first secret key includes:
acquiring the encrypted personalized data from a cloud;
or, obtaining the encrypted personalization data from a card file system in the card.
In a third aspect, an embodiment of the present invention provides a card application data backup device, where the device includes:
the generation module is used for randomly generating a first secret key in the card;
the first secret key storage module is used for storing the first secret key in the card;
an encryption module for encrypting personalization data of a first application in the card using the first secret key, the first application being a card application installed in the card;
and the backup module is used for backing up the encrypted personalized data.
In a fourth aspect, an embodiment of the present invention provides an electronic device, including a processor,
the processor is used for randomly generating a first secret key in the card;
storing the first secret key in the card;
encrypting personalization data of a first application within the card using the first secret key, the first application being a card application installed within the card;
the encrypted personalization data is backed up.
In a fifth aspect, an embodiment of the present invention provides an electronic device, including: a processor, a memory and a program stored on the memory and executable on the processor, the program, when executed by the processor, implementing the steps of the card application data backup method of the first aspect.
In a sixth aspect, an embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when being executed by a processor, the computer program implements the steps of the card application data backup method according to the first aspect.
In a seventh aspect, an embodiment of the present invention provides a card application data recovery device, including:
the device comprises a first obtaining module, a second obtaining module and a third obtaining module, wherein the first obtaining module is used for obtaining a first secret key from a card, the first secret key is used for encrypting personalization data of a first application in the card, and the first application is a card application installed in the card;
a second obtaining module, configured to obtain personalized data encrypted with the first secret key;
a decryption module for decrypting the encrypted personalization data using the first secret key.
In an eighth aspect, an embodiment of the present invention provides an electronic device, including a processor,
the processor is configured to obtain a first secret key from a card, where the first secret key is used to encrypt personalization data of a first application in the card, and the first application is a card application installed in the card;
acquiring personalized data encrypted by using the first secret key;
decrypting the encrypted personalization data using the first secret key.
In a ninth aspect, an embodiment of the present invention provides an electronic device, including: a processor, a memory and a program stored on the memory and executable on the processor, the program, when executed by the processor, implementing the steps of the card application data recovery method of the second aspect.
In a tenth aspect, an embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when executed by a processor, the computer program implements the steps of the card application data recovery method according to the second aspect.
According to the technical scheme of the embodiment of the invention, when the card application data is backed up, a first secret key is randomly generated in the card; storing the first secret key in the card; encrypting personalization data of a first application within the card using the first secret key, the first application being a card application installed within the card; backing up the encrypted personalized data; when card application data is recovered, acquiring a first secret key from a card, wherein the first secret key is used for encrypting personalized data of a first application in the card, and the first application is a card application installed in the card; acquiring personalized data encrypted by using the first secret key; decrypting the encrypted personalization data using the first secret key. By encrypting the personalized data applied to the card and storing the encrypted secret key in the card, the personalized data can be conveniently recovered by the card application, and the security of the personalized data is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive exercise.
Fig. 1 is a flowchart of a card application data backup method according to an embodiment of the present invention;
FIG. 2a is a diagram of a card technology architecture provided by an embodiment of the present invention;
FIG. 2b is a diagram of a card technology architecture provided by an embodiment of the present invention;
fig. 3 is a schematic diagram of a card application data backup method according to an embodiment of the present invention;
fig. 4 is a flowchart of a method for recovering card application data according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a method for recovering data of a card application according to an embodiment of the present invention;
fig. 6 is a schematic diagram of a card application data backup device according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of an electronic device provided by an embodiment of the invention;
fig. 8 is a schematic diagram of a card application data recovery apparatus according to an embodiment of the present invention;
fig. 9 is a schematic diagram of another electronic device provided in the embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention provides a card application data backup method, which aims to solve the problem that personalized data of a user is difficult to recover after the existing card application is deleted or updated.
Referring to fig. 1, fig. 1 is a flowchart of a card application data backup method according to an embodiment of the present invention, and as shown in fig. 1, the method includes the following steps:
step 101, randomly generating a first secret key in a card.
In this embodiment of the present invention, the Card may be a Smart Card (Smart Card), for example, a SIM Card of a mobile terminal, a Smart Card including a Secure Element (SE), and the like. Optionally, the Card complies with the related requirements of GlobalPlatform Card Specification 2.2.1(GP2.2.1), and the technical architecture thereof can refer to fig. 2 a.
The card application is installed in the card, and optionally, the card application may be loaded into the card in a preset manner or in a manner of downloading through a TSM (Trusted Service Management) platform. Taking a mobile terminal SIM card as an example, the technical architecture thereof can refer to fig. 2b, wherein Java applets and Toolkit applets modules are card applications.
A first key is randomly generated in the card for encrypting personalization data generated in a personalization process of the card application, wherein the personalization data comprises information of the user using the application, such as a certificate, a secret key, a PIN, a balance and the like.
And step 102, storing the first secret key in the card.
In the embodiment of the present invention, in the step 102, the first secret key is stored in the card, that is, the secret key for encrypting the user personalized data is stored in a form that the secret key does not go out of the card, so that the security of the user personalized data is improved. The first secret key is stored, and the first secret key may be stored in a Card file system in a Card, a second application in the Card, and/or a Chip Operating System (COS) in the Card, wherein the second application is a Card application installed in the Card. The storage may be directly storing the first secret key itself, or may be storing the first secret key after further encrypting the first secret key.
Step 103, encrypting the personalization data of a first application in the card by using the first key, wherein the first application is a card application installed in the card.
In the embodiment of the present invention, in step 103, the first secret key is used to encrypt the personalized data applied to the card, so as to facilitate the secure backup of the subsequent personalized data. Because the first secret key used for encrypting the personalized data is stored in the card, namely the secret key does not go out of the card, the encrypted personalized data can be backed up in a more flexible way, and the encrypted personalized data can be backed up in the card and/or outside the card.
Here, it should be understood that, in the method according to the embodiment of the present invention, the order of step 102 and step 103 is not limited, and step 102 may be executed first and then step 103 may be executed, or step 103 may be executed first and then step 102 may be executed, or both may be executed.
Step 104, backing up the encrypted personalization data.
In the embodiment of the present invention, in the step 104, the encrypted personalized data may be backed up inside and/or outside the card.
Optionally, the encrypted personalized data is backed up to the cloud, and/or the encrypted personalized data is backed up to a card file system in the card.
The encrypted personalized data is backed up to the cloud, so that the occupation of the personalized data backup on the card space can be reduced. Optionally, the encrypted personalized data is backed up to the cloud end through a secure channel between the card application and a service platform corresponding to the card application. The service platform may be understood as a platform for providing application service for card application outside the card, for example, the service platform for the bank shield type card application is a banking service platform, the platform is provided by a bank party, the service platform for the bus card type card application is a bus service platform, and the platform is provided by a bus system. The cloud backup is carried out through the secure channel, and the security of personalized data backup can be further improved.
The Card file system for backing up the encrypted personalized data to the Card may be configured to back up the encrypted personalized data to the Card file system through an Application Programming Interface (API) such as a Universal Integrated Circuit Card (UICC)/Universal Subscriber Identity Module (USIM).
By adopting the backup mode, personalized data can be kept from being lost when the card application is reinstalled or upgraded, the card application does not need to be personalized again after reinstallation or update, a user does not need to sign a contract again at a business outlet, balance can be continuously used, user experience can be effectively improved, and development of card carrier services can be promoted.
Optionally, the step 102 includes:
encrypting the first key using a second secret key, wherein the second key is generated based on a card identifier when the first application is personalized;
and storing the encrypted first secret key in the card.
Wherein the card application-the first application adds a second key at personalization, the second key is associated with the first application, and the second keys of cards of the same ID are consistent for the first application. Optionally, the second key is obtained by dispersing card unique identifiers such as ICCID, so as to ensure that the second keys of cards with the same ID are consistent for the same application. The first secret key is encrypted by using the second secret key, and the encrypted first secret key is stored in the card, so that even if other applications (non-first applications) read the encrypted first secret key in the card, the first secret key cannot be obtained by decrypting the encrypted first secret key, the encrypted personalized data cannot be decrypted, and the security of personalized data backup is further improved. And because the second secret key is associated with the first application, for the same application, the second secret keys of the cards with the same ID are consistent, and when the first application is reinstalled or updated after being deleted, the second secret key can still be recovered according to a preset rule for decrypting the first secret key, so that the encrypted personalized data can be further decrypted.
The step of storing the encrypted first secret key in the card includes:
storing the encrypted first secret key to a card file system in the card;
and/or the presence of a gas in the gas,
storing the encrypted first secret key into a second application in a card, wherein the second application is a card application installed in the card;
and/or the presence of a gas in the gas,
and storing the encrypted first secret key into an operating system (COS) in the card.
Optionally, the card file system that stores the encrypted first secret key in the card includes: and storing the encrypted first secret key into a card file system in the card through a file access related API (file system API) such as UICC/USIM.
Optionally, when the first secret key is stored in a manner that the encrypted first secret key is stored in a second application in the card, the second application needs to be installed before storage, and the second application is used for storing the encrypted first secret key.
Optionally, the second application is installed in the card by the service platform of the first application; the storing the encrypted first secret key into a second application in the card includes:
and under the condition that the first application is a preset application, storing the encrypted first secret key into a second application through an inter-application communication interface.
The second application is installed in the card by the service platform corresponding to the first application, and the second application uses the first application as a preset application, that is, the second application uses the first application as a legal application, so that the second application allows the first key corresponding to the first application to be stored. Optionally, the second Application determines whether the first Application is a legal Application by determining an AID (Application Identifier) of the first Application. The validity judgment is also suitable for reading the first key from the second application, so that the first key (after encryption) is prevented from being acquired by an illegal application, and the security of personalized data backup can be improved.
Optionally, the storing the encrypted first secret key into the operating system COS in the card includes: and storing the encrypted first secret key to an operating system (COS) in the card by calling a system Application Program Interface (API). The system API distinguishes the application data through the AID to provide backup recovery service for the application, namely the system API ensures that the first application cannot read and write data stored in the COS by other applications, and the data stored in the COS by the first application cannot be read and written by other applications. And storing the encrypted first secret key to an operating system (COS) in the card, so that the safety of personalized data backup can be improved.
The card application data backup method in this embodiment may also refer to the schematic diagram of the card application data backup method shown in fig. 3.
In the card application data backup method in this embodiment, a first key is randomly generated in a card; storing the first secret key in the card; encrypting personalization data of a first application within the card using the first secret key, the first application being a card application installed within the card; the encrypted personalization data is backed up. In the embodiment of the invention, the personalized data applied by the card is encrypted, and the encryption key is stored in the card, so that the personalized data can be conveniently recovered by the card application, and the security of the personalized data is improved.
Referring to fig. 4, fig. 4 is a flowchart of a method for recovering card application data according to an embodiment of the present invention, and as shown in fig. 4, the method includes the following steps:
step 401, obtaining a first secret key from a card, where the first secret key is used to encrypt personalization data of a first application in the card, and the first application is a card application installed in the card.
The first secret key used for encrypting the personalization data of the first application is stored in the card, namely the secret key used for encrypting the personalization data of the user is stored in a mode that the secret key does not go out of the card, and therefore the safety of the personalization data of the user is improved. When the data is recovered, the first secret key is obtained from the card.
Step 402, obtaining the personalized data encrypted by using the first secret key.
Because the first secret key used for encrypting the personalized data is stored in the card, namely the secret key does not go out of the card, the encrypted personalized data can be backed up in a more flexible way, and the encrypted personalized data can be backed up in the card and/or outside the card. The obtaining of the personalized data encrypted by using the first secret key may obtain the personalized data encrypted by using the first secret key from inside and/or outside of the card.
Optionally, the encrypted personalized data is obtained from the cloud; or, obtaining the encrypted personalization data from a card file system in the card.
Optionally, the obtaining the encrypted personalized data from the cloud includes: and acquiring the encrypted personalized data backed up by the service platform from the cloud through a secure channel between the card application and the service platform corresponding to the card application.
Step 403, decrypting the encrypted personalization data using the first secret key.
Here, it should be understood that, in the method according to the embodiment of the present invention, the order of step 401 and step 402 is not limited, and step 401 may be executed first and then step 402 is executed, or step 402 may be executed first and then step 401 is executed, or both may be executed.
Optionally, step 401 includes:
acquiring a second secret key based on the card identifier;
acquiring a first secret key which is stored in the card and encrypted by using a second secret key;
and decrypting the encrypted first secret key by using the second secret key to obtain the first secret key.
The first secret key is further encrypted by the second secret key and then stored in the card, and when the first secret key is obtained from the card, the second secret key is obtained based on the card identifier to decrypt the first secret key, so that the first secret key is obtained. The second key is generated based on a card identification when the first application is personalized; the second key is associated with the first application and the second keys of cards of the same ID are identical for the first application. Optionally, the second key may be recovered according to the dispersion rule and the card identifier, and stored in the first application. Optionally, the service platform corresponding to the card application recovers the second secret key according to the dispersion rule and the card identifier, and writes the second secret key into the first application through a secure channel between the card application and the service platform.
Optionally, the step of obtaining the first secret key stored in the card and encrypted by using the second secret key includes:
reading the encrypted first key of a card file system stored in a card;
or,
reading the encrypted first key of a second application stored in a card, wherein the second application is a card application installed in the card;
or,
reading the encrypted first key stored in the operating system COS in the card.
The reading of the encrypted first key of the card file system stored in the card may be reading the encrypted first key of the card file system stored in the card through a file system API.
The reading of the encrypted first key of the second application stored in the card may be reading the encrypted first key of the second application stored in the card through an inter-application call interface.
The reading of the encrypted first key stored in the in-card operating system COS may be reading the encrypted first key stored in the in-card operating system COS through a system API.
The card application data recovery method in this embodiment may also refer to a schematic diagram of the card application data recovery method shown in fig. 5.
After the card application is reinstalled or upgraded, the personalized data decrypted in the step 403 can be restored to the reinstalled or upgraded card application, that is, the personalized data can be kept from being lost when the card application is reinstalled or upgraded, the personalization is not needed to be conducted again after the reinstallation or the upgrade, the user does not need to sign a contract again at a business outlet, the balance can be continuously used, the user experience can be effectively improved, and the development of card carrier type services can be promoted.
It should be noted that, as an implementation manner of the card application data recovery method corresponding to the card application data backup method embodiment shown in fig. 1, a specific implementation manner of this embodiment may refer to relevant descriptions in the embodiment shown in fig. 1, and in order to avoid repeated descriptions, this embodiment is not described again.
The above optional implementation manner may refer to the relevant description in the embodiment shown in fig. 1, and in order to avoid repeated description, the embodiment is not described again.
In the method for recovering card application data in this embodiment, a first secret key is obtained from a card, where the first secret key is used to encrypt personalized data of a first application in the card, and the first application is a card application installed in the card; acquiring personalized data encrypted by using the first secret key; decrypting the encrypted personalization data using the first secret key. In the embodiment of the invention, the personalized data applied by the card is encrypted, the encrypted secret key is stored in the card, and the secret key is obtained from the card when the data is recovered, so that the personalized data can be conveniently recovered by the card application, and the security of the personalized data is improved.
Referring to fig. 6, fig. 6 is a schematic diagram of a card application data backup device according to an embodiment of the present invention, and as shown in fig. 6, the card application data backup device 600 includes:
a generating module 601, configured to randomly generate a first key in a card;
a first secret key storage module 602, configured to store the first secret key in a card;
an encryption module 603 configured to encrypt personalization data of a first application in the card using the first secret key, the first application being a card application installed in the card;
a backup module 604 for backing up the encrypted personalization data.
Optionally, the first secret key storage module 602 includes:
a first secret key encryption unit, configured to encrypt the first secret key using a second secret key, where the second secret key is generated based on a card identifier when the first application is personalized;
and the first secret key storage unit is used for storing the encrypted first secret key in the card.
Optionally, the first secret key storage unit specifically includes:
the first storage subunit is used for storing the encrypted first secret key to a card file system in the card;
and/or the presence of a gas in the gas,
a second storage subunit, configured to store the encrypted first secret key into a second application in a card, where the second application is a card application installed in the card;
and/or the presence of a gas in the gas,
and the third storage subunit is used for storing the encrypted first secret key into the operating system COS in the card.
Optionally, the second application is installed in the card by the service platform of the first application;
the second storage subunit is specifically configured to, when the first application is a preset application, store the encrypted first secret key in a second application through an inter-application communication interface.
Optionally, the backup module 604 is specifically configured to backup the encrypted personalized data to the cloud, and/or backup the encrypted personalized data to a card file system in the card.
It should be noted that, this embodiment is used as an implementation of the card application data backup device corresponding to the embodiment shown in fig. 1, and specific implementation thereof may refer to relevant descriptions in the embodiment shown in fig. 1, and in order to avoid repeated descriptions, the detailed description of this embodiment is not repeated.
The card application data backup device provided by the embodiment of the invention is a device capable of executing the card application data backup method, and all implementation manners in the card application data backup method embodiment are all suitable for the device and can achieve the same or similar beneficial effects.
Specifically, referring to fig. 7, an electronic device according to an embodiment of the present invention further includes a bus 701, a transceiver 702, an antenna 703, a bus interface 704, a processor 705, and a memory 706.
Further, the processor 705 is configured to randomly generate a first key in the card;
storing the first secret key in the card;
encrypting personalization data of a first application within the card using the first secret key, the first application being a card application installed within the card;
the encrypted personalization data is backed up.
Optionally, the step of storing the first secret key in the card includes:
encrypting the first key using a second secret key, wherein the second key is generated based on a card identifier when the first application is personalized;
and storing the encrypted first secret key in the card.
Optionally, the step of storing the encrypted first secret key in the card includes:
storing the encrypted first secret key to a card file system in the card;
and/or the presence of a gas in the gas,
storing the encrypted first secret key into a second application in a card, wherein the second application is a card application installed in the card;
and/or the presence of a gas in the gas,
and storing the encrypted first secret key into an operating system (COS) in the card.
Optionally, the second application is installed in the card by the service platform of the first application;
the storing the encrypted first secret key into a second application in the card includes:
and under the condition that the first application is a preset application, storing the encrypted first secret key into a second application through an inter-application communication interface.
Optionally, the step of backing up the encrypted personalized data includes:
and backing up the encrypted personalized data to the cloud end, and/or backing up the encrypted personalized data to a card file system in the card.
In fig. 7, a bus architecture (represented by the bus 701), the bus 701 may include any number of interconnected buses and bridges, with the bus 701 linking various circuits including one or more processors, represented by the processor 705, and memory, represented by the memory 706. The bus 701 may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. A bus interface 704 provides an interface between the bus 701 and the transceiver 702. The transceiver 702 may be one element or multiple elements, such as multiple receivers and transmitters, providing a means for communicating with various other apparatus over a transmission medium. Data processed by processor 705 is transmitted over a wireless medium via antenna 703, and further, antenna 703 receives data and transmits data to processor 705.
The processor 705 is responsible for managing the bus 701 and general processing, and may also provide various functions including timing, peripheral interfaces, voltage regulation, power management, and other control functions. And memory 706 may be used for storing data used by processor 705 in performing operations.
Optionally, the processor 705 may be a CPU, ASIC, FPGA or CPLD.
It should be noted that, this embodiment is used as an implementation of the card application data backup device corresponding to the embodiment shown in fig. 1, and specific implementation thereof may refer to relevant descriptions in the embodiment shown in fig. 1, and in order to avoid repeated descriptions, the detailed description of this embodiment is not repeated.
The electronic backup device provided by the embodiment of the invention is a device capable of executing the card application data backup method, and all implementation manners in the card application data backup method embodiment are suitable for the device and can achieve the same or similar beneficial effects.
An embodiment of the present invention further provides an electronic device, including: the processor, the memory and the program stored in the memory and capable of running on the processor, wherein the program when executed by the processor realizes each process of the card application data backup method embodiment, and can achieve the same technical effect, and the details are not repeated here to avoid repetition.
The embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program implements each process of the above-mentioned card application data backup method embodiment, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here. The computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
Referring to fig. 8, fig. 8 is a schematic diagram of a card application data recovery device according to an embodiment of the present invention, and as shown in fig. 8, the card application data recovery device 800 includes:
a first obtaining module 801, configured to obtain a first secret key from a card, where the first secret key is used to encrypt personalization data of a first application in the card, and the first application is a card application installed in the card;
a second obtaining module 802, configured to obtain personalized data encrypted by using the first secret key;
a decryption module 803, configured to decrypt the encrypted personalization data using the first secret key.
Optionally, the first obtaining module 801 includes:
a first obtaining unit configured to obtain a second secret key based on the card identifier;
the second obtaining unit is used for obtaining the first secret key which is stored in the card and encrypted by using the second secret key;
the first decryption unit is configured to decrypt the encrypted first key using the second secret key to obtain the first key.
Optionally, the second obtaining unit includes:
a first reading subunit, configured to read the encrypted first key of the card file system stored in the card;
or,
a second reading subunit, configured to read the encrypted first key of a second application stored in a card, where the second application is a card application installed in the card;
or,
and the third reading subunit is used for reading the encrypted first key stored in the operating system COS in the card.
The second obtaining module 802 includes:
a cloud acquisition unit, configured to acquire the encrypted personalized data from a cloud;
or,
an in-card obtaining unit configured to obtain the encrypted personalization data from a card file system in the card.
It should be noted that, this embodiment is used as an implementation of the card application data recovery device corresponding to the embodiment shown in fig. 4, and specific implementation thereof may refer to relevant descriptions in the embodiment shown in fig. 4, and in order to avoid repeated descriptions, the description of this embodiment is not repeated.
The card application data recovery device provided by the embodiment of the invention is a device capable of executing the card application data recovery method, and all implementation manners in the card application data recovery method embodiment are all suitable for the device and can achieve the same or similar beneficial effects.
Specifically, referring to fig. 9, an embodiment of the present invention further provides a receiving end device, which includes a bus 901, a transceiver 902, an antenna 903, a bus interface 904, a processor 905, and a memory 906.
A processor 905, configured to obtain a first secret key from a card, where the first secret key is used to encrypt personalization data of a first application in the card, and the first application is a card application installed in the card;
acquiring personalized data encrypted by using the first secret key;
decrypting the encrypted personalization data using the first secret key.
Optionally, the obtaining the first secret key from the card includes:
acquiring a second secret key based on the card identifier;
acquiring a first secret key which is stored in the card and encrypted by using a second secret key;
and decrypting the encrypted first secret key by using the second secret key to obtain the first secret key.
Optionally, the step of obtaining the first secret key stored in the card and encrypted by using the second secret key includes:
reading the encrypted first key of a card file system stored in a card;
or,
reading the encrypted first key of a second application stored in a card, wherein the second application is a card application installed in the card;
or,
reading the encrypted first key stored in the operating system COS in the card.
Optionally, the step of obtaining the personalized data encrypted by using the first secret key includes:
acquiring the encrypted personalized data from a cloud;
or, obtaining the encrypted personalization data from a card file system in the card.
In fig. 9, a bus architecture (represented by the bus 901), the bus 901 may comprise any number of interconnected buses and bridges, the bus 901 linking together various circuits including one or more processors, represented by the processor 905, and memory, represented by the memory 906. The bus 901 may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. A bus interface 904 provides an interface between the bus 901 and the transceiver 902. The transceiver 902 may be one element or multiple elements, such as multiple receivers and transmitters, providing a means for communicating with various other apparatus over a transmission medium. Data processed by the processor 905 is transmitted over a wireless medium via the antenna 903, and further, the antenna 903 receives the data and transmits the data to the processor 905.
The processor 905 is responsible for managing the bus 901 and general processing, and may also provide various functions including timing, peripheral interfaces, voltage regulation, power management, and other control functions. And memory 906 may be used to store data used by processor 905 in performing operations.
Optionally, the processor 905 may be a CPU, ASIC, FPGA or CPLD.
An embodiment of the present invention further provides an electronic device, including: the processor, the memory and the program stored in the memory and capable of running on the processor, wherein the program, when executed by the processor, implements each process of the above card application data recovery method embodiment, and can achieve the same technical effect, and are not described herein again to avoid repetition.
The embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program implements each process of the above-mentioned card application data recovery method embodiment, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here. The computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (17)

1. A card application data backup method is characterized by comprising the following steps:
randomly generating a first secret key in the card;
storing the first secret key in the card;
encrypting personalization data of a first application within the card using the first secret key, the first application being a card application installed within the card;
the encrypted personalization data is backed up.
2. The method of claim 1, wherein said storing said first secret key in said card step comprises:
encrypting the first key using a second secret key, wherein the second key is generated based on a card identifier when the first application is personalized;
and storing the encrypted first secret key in the card.
3. The method of claim 2, wherein the step of storing the encrypted first secret key in the card comprises:
storing the encrypted first secret key to a card file system in the card;
and/or the presence of a gas in the gas,
storing the encrypted first secret key into a second application in a card, wherein the second application is a card application installed in the card;
and/or the presence of a gas in the gas,
and storing the encrypted first secret key into an operating system (COS) in the card.
4. The method of claim 3, wherein the second application is installed into a card by a service platform of the first application;
the storing the encrypted first secret key into a second application in the card includes:
and under the condition that the first application is a preset application, storing the encrypted first secret key into a second application through an inter-application communication interface.
5. The method according to any of claims 1 to 4, wherein the step of backing up the encrypted personalization data comprises:
and backing up the encrypted personalized data to the cloud end, and/or backing up the encrypted personalized data to a card file system in the card.
6. A method for card application data recovery, comprising:
acquiring a first secret key from a card, wherein the first secret key is used for encrypting personalization data of a first application in the card, and the first application is a card application installed in the card;
acquiring personalized data encrypted by using the first secret key;
decrypting the encrypted personalization data using the first secret key.
7. The method of claim 6, wherein obtaining the first secret key from within the card comprises:
acquiring a second secret key based on the card identifier;
acquiring a first secret key which is stored in the card and encrypted by using a second secret key;
and decrypting the encrypted first secret key by using the second secret key to obtain the first secret key.
8. The method of claim 7, wherein the step of obtaining the first secret key stored in the card and encrypted by the second secret key comprises:
reading the encrypted first key of a card file system stored in a card;
or,
reading the encrypted first key of a second application stored in a card, wherein the second application is a card application installed in the card;
or,
reading the encrypted first key stored in the operating system COS in the card.
9. The method according to any of claims 6 to 8, wherein the step of obtaining the personalization data encrypted using the first secret key comprises:
acquiring the encrypted personalized data from a cloud;
or, obtaining the encrypted personalization data from a card file system in the card.
10. A card application data backup device, comprising:
the generation module is used for randomly generating a first secret key in the card;
the first secret key storage module is used for storing the first secret key in the card;
an encryption module for encrypting personalization data of a first application in the card using the first secret key, the first application being a card application installed in the card;
and the backup module is used for backing up the encrypted personalized data.
11. An electronic device, comprising a processor,
the processor is used for randomly generating a first secret key in the card;
storing the first secret key in the card;
encrypting personalization data of a first application within the card using the first secret key, the first application being a card application installed within the card;
the encrypted personalization data is backed up.
12. An electronic device, comprising: processor, memory and program stored on the memory and executable on the processor, which when executed by the processor implements the steps of the card application data backup method according to any of claims 1 to 5.
13. A computer-readable storage medium, characterized in that a computer program is stored thereon, which computer program, when being executed by a processor, carries out the steps of the card application data backup method according to any one of claims 1 to 5.
14. A card application data recovery apparatus, comprising:
the device comprises a first obtaining module, a second obtaining module and a third obtaining module, wherein the first obtaining module is used for obtaining a first secret key from a card, the first secret key is used for encrypting personalization data of a first application in the card, and the first application is a card application installed in the card;
a second obtaining module, configured to obtain personalized data encrypted with the first secret key;
a decryption module for decrypting the encrypted personalization data using the first secret key.
15. An electronic device, comprising a processor,
the processor is configured to obtain a first secret key from a card, where the first secret key is used to encrypt personalization data of a first application in the card, and the first application is a card application installed in the card;
acquiring personalized data encrypted by using the first secret key;
decrypting the encrypted personalization data using the first secret key.
16. An electronic device, comprising: processor, memory and a program stored on the memory and executable on the processor, which program, when executed by the processor, carries out the steps of the card application data recovery method according to any one of claims 6 to 9.
17. A computer-readable storage medium, characterized in that a computer program is stored thereon, which computer program, when being executed by a processor, carries out the steps of the card application data recovery method according to any one of claims 6 to 9.
CN202010797719.8A 2020-08-10 2020-08-10 Card application data backup and recovery method and related equipment Pending CN113626833A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010797719.8A CN113626833A (en) 2020-08-10 2020-08-10 Card application data backup and recovery method and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010797719.8A CN113626833A (en) 2020-08-10 2020-08-10 Card application data backup and recovery method and related equipment

Publications (1)

Publication Number Publication Date
CN113626833A true CN113626833A (en) 2021-11-09

Family

ID=78377764

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010797719.8A Pending CN113626833A (en) 2020-08-10 2020-08-10 Card application data backup and recovery method and related equipment

Country Status (1)

Country Link
CN (1) CN113626833A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117215831A (en) * 2023-09-05 2023-12-12 中移互联网有限公司 USIM card application data migration method and device, electronic equipment and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117215831A (en) * 2023-09-05 2023-12-12 中移互联网有限公司 USIM card application data migration method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US8959340B2 (en) Method for accessing and transferring data linked to an application installed on a security module associated with a mobile terminal, and associated security module, management server and system
CN103460186B (en) Method for updating a data storage medium
US9647984B2 (en) System and method for securely using multiple subscriber profiles with a security component and a mobile telecommunications device
US9775024B2 (en) Method for changing MNO in embedded SIM on basis of dynamic key generation and embedded SIM and recording medium therefor
EP2521034B1 (en) Managing method, device and terminal for application program
EP2861002B1 (en) Virtual user identification data distributing method and obtaining method, and devices
EP2835997B1 (en) Cell phone data encryption method and decryption method
CN105678192A (en) Smart card based secret key application method and application apparatus
CN101223798B (en) Retrospective implementation of SIM capabilities in a security module
JP6923582B2 (en) Information processing equipment, information processing methods, and programs
CN101917700B (en) Method for using service application and user identification module
US11405782B2 (en) Methods and systems for securing and utilizing a personal data store on a mobile device
CN112883388A (en) File encryption method and device, storage medium and electronic device
CN111399867B (en) Software upgrading method, device, equipment and computer readable storage medium
CN113626833A (en) Card application data backup and recovery method and related equipment
US10531296B2 (en) Method for loading a subscription into an embedded security element of a mobile terminal
CN107995230B (en) A kind of method for down loading and terminal
KR101473656B1 (en) Method and apparatus for security of mobile data
CN116489633A (en) Data migration method, data recovery method, device, equipment and storage medium
CN110287725B (en) Equipment, authority control method thereof and computer readable storage medium
KR20170089887A (en) Method of restoring a secure element to a factory state
CN113992359A (en) Encryption control method and device for user information, computer equipment and storage medium
KR20130141371A (en) Methods for backup and restoration of profile in euicc environment and devices therefor
KR101632541B1 (en) Method for Service File Security Using Universal Subscriber Identity Module
KR101552557B1 (en) Service Server for Preventing Mobile Application Decompiled and Method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination