CN115017498B - Method for operating applet and electronic device - Google Patents

Abstract

The embodiment of the application provides an operation method of an applet and electronic equipment, which relate to the technical field of terminals, wherein an embedded security module is arranged in the terminal equipment, and the method comprises the following steps: responding to the operation of the small application program in the application program, and sending verification information to the server, wherein the verification information comprises application program information; if the server passes the verification of the verification information, the terminal equipment receives a script file sent by the server; the execution script file operates an auxiliary security domain in the embedded security module, the auxiliary security domain for installing the applet. In the scheme provided by the application, the application program needs to operate the eSE of the terminal equipment, and then when the Applet is operated, the terminal equipment sends the verification information comprising the application program information to the server, so that the permission of the application program is verified by the server.

Description

Method for operating applet and electronic device

Technical Field

The present application relates to the field of terminal technologies, and in particular, to an operating method of an applet and an electronic device.

Background

At present, a plurality of terminal devices with mobile payment functions exist, embedded security modules (eSE) are arranged in the terminal devices, and are mainly responsible for data security storage, data encryption and other work of the terminal devices, and the eSE has high security performance.

An auxiliary security domain (SSD) is set in the eSE, and an Applet (Applet) having a payment function may be set in the SSD. By setting the Applet in the SSD of the eSE, the security performance of the Applet can be improved.

However, if an Applet can operate in the eSE by any application, the security performance of the eSE is degraded.

Disclosure of Invention

The embodiment of the application provides an operation method of an applet and an electronic device, and the safety performance of an eSE is improved.

In a first aspect, an embodiment of the present application provides an applet operating method, which is applied to a terminal device, where an embedded security module is disposed in the terminal device, and the method includes:

responding to the operation of an applet program in the application program, and sending verification information to a server, wherein the verification information comprises application program information;

if the server passes the verification of the verification information, the terminal equipment receives a script file sent by the server;

executing the script file to operate an auxiliary security domain in the embedded security module, the auxiliary security domain being used to install the applet.

In the method for operating the Applet, the application program needs to operate the eSE of the terminal equipment, and when the Applet is further operated, the terminal equipment sends verification information including application program information to the server, so that the server verifies the authority of the application program, if the verification is passed, the terminal equipment can operate the eSE based on the function of the application program, otherwise, the terminal equipment does not operate the eSE. In this way, only the application program passing the verification can operate the eSE, so as to improve the safety performance of the eSE.

In one possible implementation manner, if the operation is an installation operation, the method further includes:

if the applet program is successfully installed in the auxiliary security domain, displaying an interface of the successfully installed applet program;

if the auxiliary security domain is failed to be established in the embedded security module or the applet program is failed to be installed in the auxiliary security domain, displaying an interface of the applet program installation failure.

In the embodiment, the user can know the installation result of the small application program, and the user experience is improved.

In a possible implementation manner, if the operation is a delete operation, the method further includes:

if the auxiliary security domain is deleted successfully, displaying an interface for successfully deleting the applet;

and if the auxiliary security domain is deleted successfully, displaying an interface of which the small application program is deleted unsuccessfully.

In this embodiment, the user can be made aware of the deletion result of the applet, thereby improving the user experience.

In a possible implementation manner, a frame is arranged in the terminal device; the sending verification information to the server in response to the operation of the applet in the application program includes:

the application program receiving an operation on the applet program and sending a security domain operation request to the framework;

the framework acquires a security domain identifier and a private key of the application program, wherein the security domain identifier corresponds to the applet program;

and the framework generates signature data according to the private key and sends the verification information to the server, wherein the verification information comprises the application program information and the first time information, and the application program information comprises the signature data and the security domain identifier.

In this embodiment, the set server is a background server of the terminal device, and the verification information may be sent to the server through a frame set in the terminal device, so that the server may verify the authority of the application program based on the verification information.

In a possible implementation manner, the check information passes the check when the following conditions are satisfied:

the server checks the signature data by using a public key of the application program, determines that a security domain identifier in the application program information corresponds to the application program, and determines that a time interval between second time information acquired by the server and the first time information is smaller than a preset interval.

In this embodiment, the signature data needs to be verified, and the security domain identifier corresponding to the applet needs to be verified, so that the identity of the application program that needs to operate the eSE is fully verified; whether the time information in the verification information meets the requirements needs to be determined, so that the problem that the script file is repeatedly issued in a short time can be solved.

In one possible implementation manner, a frame is arranged in the terminal device; when the operation is an installation operation, the script file is a security domain installation script;

the executing the script file operates an auxiliary security domain in the embedded security module, including:

the framework executes the security domain installation script to create the auxiliary security domain in the embedded security module;

the method further comprises the following steps: the application installs the applet in the secondary security domain.

In this embodiment, if the authority check on the application passes, the SSD is created in the eSE by the framework of the terminal device, and the SSD is created by the framework, so that the application is prevented from directly creating the SSD in the eSE, and the security of the eSE can be further improved. And after the creation is successful, the Applet is installed in the created SSD by the application program, so that the application program with the permission of operating the eSE can install the Applet in the SSD.

In one possible implementation manner, after the framework executes the security domain installation script to create the auxiliary security domain in the embedded security module, the method further includes:

the embedded security module sends a security domain creating result to the framework, and the framework forwards the security domain creating result to the application program;

the application installing the applet in the secondary security domain comprises:

and if the security domain creating result represents that the security domain is successfully created, the application program installs the applet in the created auxiliary security domain.

In this embodiment, the FWK creates an SSD in the eSE, and the application program installs the Applet in the SSD after the SSD is successfully created, so as to prevent the application program from directly creating the SSD in the eSE, and the application program only operates the SSD created for the application program, thereby further improving the security of the eSE.

In one possible implementation, the adding, by the application, the applet in the created secondary security domain includes:

the application downloads the applet and adds the applet in the secondary security domain.

In one possible implementation manner, a frame is arranged in the terminal device; when the operation is a delete operation, the script file is a security domain delete script;

the executing the script file operates an auxiliary security domain in the embedded security module, including:

and the framework executes the security domain deleting script to delete the auxiliary security domain in the embedded security module, wherein the small application program is installed in the auxiliary security domain.

In this embodiment, the FWK deletes the SSD in the eSE, so as to prevent the application program from directly deleting the SSD in the eSE, and the SSD is provided with the Applet, and the Applet therein is also deleted after the SSD is deleted, so that the Applet in the eSE can be deleted in a relatively secure manner.

In a second aspect, an embodiment of the present application provides an applet operating method, including:

the method comprises the steps that terminal equipment receives an operation instruction of an applet program in an application program and sends verification information to a server;

the server checks the checking information, and if the checking information passes, the server sends a script file to the terminal equipment;

the terminal equipment executes the script file to operate an auxiliary security domain in an embedded security module, wherein the auxiliary security domain is used for installing the applet; the terminal equipment is provided with the operation embedded type safety module.

In a possible implementation manner, the verification information includes application information and first time information, and the application information includes signature data and a security domain identifier.

In one possible implementation manner, if the operation is an install operation, the script file is a security domain install script.

In a possible implementation manner, if the operation is an install operation, the script file is a security domain delete script.

In a third aspect, an embodiment of the present application provides an apparatus for operating an applet, where the apparatus may be a terminal device, and may also be a chip or a chip system in the terminal device. The terminal equipment is provided with an embedded security module, and the device can comprise a frame. The operating device of the applet is also provided with a display unit for performing the displaying step.

Illustratively, the framework is configured to send verification information to the server in response to an operation on an applet of the applications, the verification information including application information; the framework is also used for receiving the script file sent by the server if the server passes the verification of the verification information; the framework is configured to execute the script file to operate an auxiliary security domain in the embedded security module, the auxiliary security domain being used to install the applet.

In one possible implementation, if the operation is an installation operation, then the display unit is further configured to:

if the applet program is successfully installed in the auxiliary security domain, displaying an interface of the successfully installed applet program;

if the auxiliary security domain is failed to be established in the embedded security module or the applet program is failed to be installed in the auxiliary security domain, displaying an interface of the applet program installation failure.

In a possible implementation manner, if the operation is a delete operation, the display unit is further configured to:

if the auxiliary security domain is deleted successfully, displaying an interface for successfully deleting the applet;

and if the auxiliary security domain is deleted successfully, displaying an interface of which the applet is deleted unsuccessfully.

In a possible implementation manner, the apparatus is further provided with an application program:

the application program receiving an operation on the applet program and sending a security domain operation request to the framework;

the framework acquires a security domain identifier and a private key of the application program, wherein the security domain identifier corresponds to the applet program;

and the framework generates signature data according to the private key and sends the verification information to the server, wherein the verification information comprises the application program information and the first time information, and the application program information comprises the signature data and the security domain identifier.

In a possible implementation manner, the check information passes the check when the following conditions are satisfied:

the server checks the signature data by using a public key of the application program, determines that a security domain identifier in the application program information corresponds to the application program, and determines that a time interval between second time information acquired by the server and the first time information is smaller than a preset interval.

In a possible implementation manner, when the operation is an installation operation, the script file is a security domain installation script;

the frame is specifically configured to: executing the security domain installation script to create the auxiliary security domain in the embedded security module;

the application is specifically for installing the applet in the secondary security domain.

In one possible implementation manner, after the framework executes the security domain installation script to create the auxiliary security domain in the embedded security module, the embedded security module sends a security domain creation result to the framework, and the framework forwards the security domain creation result to the application program;

the application program is specifically configured to, if the security domain creation result indicates that the security domain is successfully created, install, by the application program, the applet in the created auxiliary security domain.

In one possible implementation, the application is specifically configured to:

the application downloads the applet and adds the applet in the secondary security domain.

In a possible implementation manner, when the operation is a delete operation, the script file is a security domain delete script;

the frame is specifically configured to:

and executing the security domain deleting script to delete the auxiliary security domain in the embedded security module, wherein the small application program is installed in the auxiliary security domain.

In a fourth aspect, an embodiment of the present application provides an electronic device, including: means for performing any of the methods of the first aspect or any of the possible implementations of the first aspect, or means for performing any of the methods of the second aspect or any of the possible implementations of the second aspect.

In a fifth aspect, an embodiment of the present application provides an electronic device, including: the device comprises a processor, a display screen and an interface circuit, wherein the interface circuit is used for communicating with other devices; the display screen is used for executing the display step; the processor is configured to execute the code instructions to implement any of the first aspect or any of the possible implementations of the first aspect, or to implement any of the second aspect or any of the possible implementations of the second aspect.

In a sixth aspect, embodiments of the present application provide a computer-readable storage medium storing instructions that, when executed, implement the first aspect or any one of the possible implementation manners of the first aspect, or implement any one of the possible implementation manners of the second aspect or the second aspect.

Drawings

Fig. 1 is a schematic structural diagram of a terminal device 100 according to an embodiment of the present application;

fig. 2 is a schematic diagram of a software structure of a terminal device 100 according to an embodiment of the present application;

fig. 3 is an architecture diagram of a terminal device according to an exemplary embodiment of the present disclosure;

FIG. 4 is a schematic diagram of an interface shown in an exemplary embodiment of the present disclosure;

fig. 5 is an interface diagram illustrating a successful Applet installation according to an exemplary embodiment of the disclosure;

FIG. 6 is an interface diagram illustrating a failure to install an Applet according to an exemplary embodiment of the present disclosure;

FIG. 7 is a diagram illustrating device interactions according to a first exemplary embodiment of the present disclosure;

FIG. 8 is a device interaction diagram shown for a second exemplary embodiment of the present disclosure;

fig. 9 is a schematic hardware structure diagram of an operating device of an applet according to an embodiment of the present disclosure.

Detailed Description

In the embodiments of the present application, terms such as "first" and "second" are used to distinguish the same or similar items having substantially the same function and action. For example, the interface of the first target function and the interface of the second target function are for distinguishing different response interfaces, and the order of the interfaces is not limited. Those skilled in the art will appreciate that the terms "first," "second," etc. do not denote any order or quantity, nor do the terms "first," "second," etc. denote any order or importance.

It is noted that, in the present application, words such as "exemplary" or "for example" are used to mean exemplary, illustrative, or descriptive. Any embodiment or design described herein as "exemplary" or "e.g.," is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present relevant concepts in a concrete fashion.

The electronic device includes a terminal device, which may also be referred to as a terminal (terminal), a User Equipment (UE), a Mobile Station (MS), a Mobile Terminal (MT), and so on. The terminal device may be a mobile phone (mobile phone), a smart television, a wearable device, a tablet computer (Pad), a computer with a wireless transceiving function, a Virtual Reality (VR) terminal device, an Augmented Reality (AR) terminal device, a wireless terminal in industrial control (industrial control), a wireless terminal in self-driving (self-driving), a wireless terminal in remote surgery (remote medical supply), a wireless terminal in smart grid (smart grid), a wireless terminal in transportation safety (transportation safety), a wireless terminal in smart city (smart city), a wireless terminal in smart home (smart home), and the like. The embodiment of the present application does not limit the specific technology and the specific device form adopted by the terminal device.

In order to better understand the embodiments of the present application, the following describes the structure of the terminal device according to the embodiments of the present application:

fig. 1 shows a schematic configuration of a terminal device 100. The terminal device 100 may include a processor 110, an external memory interface 120, an internal memory 121, a Universal Serial Bus (USB) interface 130, a charging management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2, a mobile communication module 150, a wireless communication module 160, an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, a sensor module 180, a button 190, a motor 191, an indicator 192, a camera 193, a display screen 194, a Subscriber Identity Module (SIM) card interface 195, and the like. The sensor module 180 may include a pressure sensor 180A, a gyroscope sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity light sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, an ambient light sensor 180L, a bone conduction sensor 180M, and the like.

It is to be understood that the illustrated structure of the embodiment of the present application does not constitute a specific limitation to the terminal device 100. In other embodiments of the present application, terminal device 100 may include more or fewer components than shown, or some components may be combined, some components may be split, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.

Processor 110 may include one or more processing units, such as: the processor 110 may include an Application Processor (AP), a modem processor, a Graphics Processor (GPU), an Image Signal Processor (ISP), a controller, a video codec, a Digital Signal Processor (DSP), a baseband processor, and/or a neural-Network Processing Unit (NPU), among others. The different processing units may be separate devices or may be integrated into one or more processors.

The controller can generate an operation control signal according to the instruction operation code and the timing signal to complete the control of instruction fetching and instruction execution.

A memory may also be provided in processor 110 for storing instructions and data. In some embodiments, the memory in the processor 110 is a cache memory. The memory may hold instructions or data that have just been used or recycled by the processor 110. If the processor 110 needs to reuse the instruction or data, it may be called from memory. Avoiding repeated accesses reduces the latency of the processor 110, thereby increasing the efficiency of the system.

In some embodiments, processor 110 may include one or more interfaces. The interface may include an integrated circuit (I2C) interface, an integrated circuit built-in audio (I2S) interface, a Pulse Code Modulation (PCM) interface, a universal asynchronous receiver/transmitter (UART) interface, a Mobile Industry Processor Interface (MIPI), a general-purpose input/output (GPIO) interface, a Subscriber Identity Module (SIM) interface, and/or a Universal Serial Bus (USB) interface, etc.

The I2C interface is a bidirectional synchronous serial bus comprising a serial data line (SDA) and a Serial Clock Line (SCL). In some embodiments, processor 110 may include multiple sets of I2C buses. The processor 110 may be coupled to the touch sensor 180K, the charger, the flash, the camera 193, etc. through different I2C bus interfaces, respectively. For example: the processor 110 may be coupled to the touch sensor 180K through an I2C interface, so that the processor 110 and the touch sensor 180K communicate through an I2C bus interface to implement a touch function of the terminal device 100.

The I2S interface may be used for audio communication. In some embodiments, processor 110 may include multiple sets of I2S buses. The processor 110 may be coupled to the audio module 170 through an I2S bus to enable communication between the processor 110 and the audio module 170. In some embodiments, the audio module 170 may transmit an audio signal to the wireless communication module 160 through the I2S interface, so as to implement a function of answering a call through a bluetooth headset.

The PCM interface may also be used for audio communication, sampling, quantizing and encoding analog signals. In some embodiments, the audio module 170 and the wireless communication module 160 may be coupled by a PCM bus interface. In some embodiments, the audio module 170 may also transmit the audio signal to the wireless communication module 160 through the PCM interface, so as to implement the function of answering a call through the bluetooth headset. Both the I2S interface and the PCM interface may be used for audio communication.

The UART interface is a universal serial data bus used for asynchronous communications. The bus may be a bidirectional communication bus. It converts the data to be transmitted between serial communication and parallel communication. In some embodiments, a UART interface is generally used to connect the processor 110 and the wireless communication module 160. For example: the processor 110 communicates with a bluetooth module in the wireless communication module 160 through a UART interface to implement a bluetooth function. In some embodiments, the audio module 170 may transmit the audio signal to the wireless communication module 160 through a UART interface, so as to implement the function of playing music through a bluetooth headset.

The MIPI interface may be used to connect the processor 110 with peripheral devices such as the display screen 194, the camera 193, and the like. The MIPI interface includes a Camera Serial Interface (CSI), a display screen serial interface (DSI), and the like. In some embodiments, the processor 110 and the camera 193 communicate through a CSI interface to implement the photographing function of the terminal device 100. The processor 110 and the display screen 194 communicate through the DSI interface to implement the display function of the terminal device 100.

The GPIO interface may be configured by software. The GPIO interface may be configured as a control signal and may also be configured as a data signal. In some embodiments, a GPIO interface may be used to connect the processor 110 with the camera 193, the display 194, the wireless communication module 160, the audio module 170, the sensor module 180, and the like. The GPIO interface may also be configured as an I2C interface, an I2S interface, a UART interface, an MIPI interface, and the like.

The USB interface 130 is an interface conforming to the USB standard specification, and may specifically be a Mini USB interface, a Micro USB interface, a USB Type C interface, or the like. The USB interface 130 may be used to connect a charger to charge the terminal device 100, and may also be used to transmit data between the terminal device 100 and a peripheral device. And the earphone can also be used for connecting an earphone and playing audio through the earphone. The interface may also be used to connect other electronic devices, such as AR devices and the like.

It should be understood that the connection relationship between the modules illustrated in the embodiment of the present application is an exemplary illustration, and does not limit the structure of the terminal device 100. In other embodiments of the present application, the terminal device 100 may also adopt different interface connection manners or a combination of multiple interface connection manners in the above embodiments.

The charging management module 140 is configured to receive a charging input from a charger. The charger can be a wireless charger or a wired charger. In some wired charging embodiments, the charging management module 140 may receive charging input from a wired charger via the USB interface 130. In some wireless charging embodiments, the charging management module 140 may receive a wireless charging input through a wireless charging coil of the terminal device 100. The charging management module 140 may also supply power to the terminal device through the power management module 141 while charging the battery 142.

The power management module 141 is used to connect the battery 142, the charging management module 140 and the processor 110. The power management module 141 receives input from the battery 142 and/or the charge management module 140, and supplies power to the processor 110, the internal memory 121, the display 194, the camera 193, the wireless communication module 160, and the like. The power management module 141 may also be used to monitor parameters such as battery capacity, battery cycle count, battery state of health (leakage, impedance), etc. In some other embodiments, the power management module 141 may also be disposed in the processor 110. In other embodiments, the power management module 141 and the charging management module 140 may be disposed in the same device.

The wireless communication function of the terminal device 100 may be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, a modem processor, a baseband processor, and the like.

The antennas 1 and 2 are used for transmitting and receiving electromagnetic wave signals. The antennas in terminal device 100 may be used to cover a single or multiple communication bands. Different antennas can also be multiplexed to improve the utilization of the antennas. For example: the antenna 1 may be multiplexed as a diversity antenna of a wireless local area network. In other embodiments, the antenna may be used in conjunction with a tuning switch.

The mobile communication module 150 may provide a solution including 2G/3G/4G/5G wireless communication applied on the terminal device 100. The mobile communication module 150 may include at least one filter, a switch, a power amplifier, a Low Noise Amplifier (LNA), and the like. The mobile communication module 150 may receive the electromagnetic wave from the antenna 1, filter, amplify, etc. the received electromagnetic wave, and transmit the electromagnetic wave to the modem processor for demodulation. The mobile communication module 150 may also amplify the signal modulated by the modem processor, and convert the signal into electromagnetic wave through the antenna 1 to radiate the electromagnetic wave. In some embodiments, at least some of the functional modules of the mobile communication module 150 may be disposed in the processor 110. In some embodiments, at least some of the functional modules of the mobile communication module 150 may be provided in the same device as at least some of the modules of the processor 110.

The modem processor may include a modulator and a demodulator. The modulator is used for modulating a low-frequency baseband signal to be transmitted into a medium-high frequency signal. The demodulator is used for demodulating the received electromagnetic wave signal into a low-frequency baseband signal. The demodulator then passes the demodulated low frequency baseband signal to a baseband processor for processing. The low frequency baseband signal is processed by the baseband processor and then passed to the application processor. The application processor outputs a sound signal through an audio device (not limited to the speaker 170A, the receiver 170B, etc.) or displays an image or video through the display screen 194. In some embodiments, the modem processor may be a stand-alone device. In other embodiments, the modem processor may be provided in the same device as the mobile communication module 150 or other functional modules, independent of the processor 110.

The wireless communication module 160 may provide solutions for wireless communication applied to the terminal device 100, including Wireless Local Area Networks (WLANs) (e.g., wireless fidelity (Wi-Fi) networks), bluetooth (bluetooth, BT), global Navigation Satellite System (GNSS), frequency Modulation (FM), near Field Communication (NFC), infrared (IR), and the like. The wireless communication module 160 may be one or more devices integrating at least one communication processing module. The wireless communication module 160 receives electromagnetic waves via the antenna 2, performs frequency modulation and filtering processing on electromagnetic wave signals, and transmits the processed signals to the processor 110. The wireless communication module 160 may also receive a signal to be transmitted from the processor 110, perform frequency modulation and amplification on the signal, and convert the signal into electromagnetic waves through the antenna 2 to radiate the electromagnetic waves.

In some embodiments, the antenna 1 of the terminal device 100 is coupled to the mobile communication module 150 and the antenna 2 is coupled to the wireless communication module 160 so that the terminal device 100 can communicate with a network and other devices through wireless communication technology. The wireless communication technology may include global system for mobile communications (GSM), general Packet Radio Service (GPRS), code Division Multiple Access (CDMA), wideband Code Division Multiple Access (WCDMA), time-division code division multiple access (time-division code division multiple access, TD-SCDMA), long Term Evolution (LTE), LTE, BT, GNSS, WLAN, NFC, FM, and/or IR technologies, etc. GNSS may include Global Positioning System (GPS), global navigation satellite system (GLONASS), beidou satellite navigation system (BDS), quasi-zenith satellite system (QZSS), and/or Satellite Based Augmentation System (SBAS).

The terminal device 100 implements a display function by the GPU, the display screen 194, and the application processor. The GPU is a microprocessor for image processing, connected to the display screen 194 and the application processor. The GPU is used to perform mathematical and geometric calculations for graphics rendering. The processor 110 may include one or more GPUs that execute program instructions to generate or alter display information.

The display screen 194 is used to display images, video, and the like. The display screen 194 includes a display panel. The display panel may be a Liquid Crystal Display (LCD), an organic light-emitting diode (OLED), an active-matrix organic light-emitting diode (active-matrix organic light-emitting diode, AMOLED), a flexible light-emitting diode (FLED), a miniature, a Micro-oeld, a quantum dot light-emitting diode (QLED), or the like. In some embodiments, the terminal device 100 may include 1 or N display screens 194, N being a positive integer greater than 1.

The terminal device 100 can implement a photographing function through the ISP, the camera 193, the video codec, the GPU, the display screen 194, and the application processor, etc.

The ISP is used to process the data fed back by the camera 193. For example, when a user takes a picture, the shutter is opened, light is transmitted to the camera photosensitive element through the lens, an optical signal is converted into an electric signal, and the camera photosensitive element transmits the electric signal to the ISP for processing and converting the electric signal into an image visible to the naked eye. The ISP can also carry out algorithm optimization on the noise, brightness and skin color of the image. The ISP can also optimize parameters such as exposure, color temperature and the like of a shooting scene. In some embodiments, the ISP may be provided in camera 193.

The camera 193 is used to capture still images or video. The object generates an optical image through the lens and projects the optical image to the photosensitive element. The photosensitive element may be a Charge Coupled Device (CCD) or a complementary metal-oxide-semiconductor (CMOS) phototransistor. The light sensing element converts the optical signal into an electrical signal, which is then passed to the ISP where it is converted into a digital image signal. And the ISP outputs the digital image signal to the DSP for processing. The DSP converts the digital image signal into image signal in standard RGB, YUV and other formats. In some embodiments, the terminal device 100 may include 1 or N cameras 193, N being a positive integer greater than 1.

The digital signal processor is used for processing digital signals, and can process other digital signals besides digital image signals. For example, when the terminal device 100 selects a frequency bin, the digital signal processor is used to perform fourier transform or the like on the frequency bin energy.

Video codecs are used to compress or decompress digital video. The terminal device 100 may support one or more video codecs. In this way, the terminal device 100 can play or record video in a plurality of encoding formats, such as: moving Picture Experts Group (MPEG) 1, MPEG2, MPEG3, MPEG4, and the like.

The NPU is a neural-network (NN) computing processor that processes input information quickly by using a biological neural network structure, for example, by using a transfer mode between neurons of a human brain, and can also learn by itself continuously. The NPU can implement applications such as intelligent recognition of the terminal device 100, for example: image recognition, face recognition, speech recognition, text understanding, and the like.

The external memory interface 120 may be used to connect an external memory card, such as a Micro SD card, to extend the storage capability of the terminal device 100. The external memory card communicates with the processor 110 through the external memory interface 120 to implement a data storage function. For example, files such as music, video, etc. are saved in an external memory card.

The internal memory 121 may be used to store computer-executable program code, which includes instructions. The internal memory 121 may include a program storage area and a data storage area. The storage program area may store an operating system, an application program (such as a sound playing function, an image playing function, etc.) required by at least one function, and the like. The storage data area may store data (such as audio data, a phonebook, etc.) created during use of the terminal device 100, and the like. In addition, the internal memory 121 may include a high-speed random access memory, and may further include a nonvolatile memory, such as at least one magnetic disk storage device, a flash memory device, a universal flash memory (UFS), and the like. The processor 110 executes various functional applications of the terminal device 100 and data processing by executing instructions stored in the internal memory 121 and/or instructions stored in a memory provided in the processor.

The terminal device 100 may implement an audio function through the audio module 170, the speaker 170A, the receiver 170B, the microphone 170C, the earphone interface 170D, and the application processor. Such as music playing, recording, etc.

The audio module 170 is used to convert digital audio information into analog audio signals for output, and also used to convert analog audio inputs into digital audio signals. The audio module 170 may also be used to encode and decode audio signals. In some embodiments, the audio module 170 may be disposed in the processor 110, or some functional modules of the audio module 170 may be disposed in the processor 110.

The speaker 170A, also called a "horn", is used to convert the audio electrical signal into an acoustic signal. The terminal device 100 can listen to music through the speaker 170A, or listen to a handsfree call.

The receiver 170B, also called "earpiece", is used to convert the electrical audio signal into a sound signal. When the terminal device 100 answers a call or voice information, it is possible to answer a voice by bringing the receiver 170B close to the human ear.

The microphone 170C, also referred to as a "microphone," is used to convert sound signals into electrical signals. When making a call or sending voice information, the user can input a voice signal to the microphone 170C by uttering a voice signal close to the microphone 170C through the mouth of the user. The terminal device 100 may be provided with at least one microphone 170C. In other embodiments, the terminal device 100 may be provided with two microphones 170C, which may implement a noise reduction function in addition to collecting sound signals. In other embodiments, the terminal device 100 may further include three, four or more microphones 170C to collect a sound signal, reduce noise, identify a sound source, and implement a directional recording function.

The earphone interface 170D is used to connect a wired earphone. The headset interface 170D may be the USB interface 130, or may be a 3.5mm open mobile electronic device platform (OMTP) standard interface, a cellular telecommunications industry association (cellular telecommunications industry association of the USA, CTIA) standard interface.

The pressure sensor 180A is used for sensing a pressure signal, and can convert the pressure signal into an electrical signal. In some embodiments, the pressure sensor 180A may be disposed on the display screen 194. The pressure sensor 180A can be of a variety of types, such as a resistive pressure sensor, an inductive pressure sensor, a capacitive pressure sensor, and the like. The capacitive pressure sensor may be a sensor comprising at least two parallel plates having an electrically conductive material. When a force acts on the pressure sensor 180A, the capacitance between the electrodes changes. The terminal device 100 determines the intensity of the pressure from the change in the capacitance. When a touch operation is applied to the display screen 194, the terminal device 100 detects the intensity of the touch operation from the pressure sensor 180A. The terminal device 100 may also calculate the touched position from the detection signal of the pressure sensor 180A. In some embodiments, the touch operations that are applied to the same touch position but have different touch operation intensities may correspond to different operation instructions.

The gyro sensor 180B may be used to determine the motion attitude of the terminal device 100. In some embodiments, the angular velocity of terminal device 100 about three axes (i.e., x, y, and z axes) may be determined by gyroscope sensor 180B. The gyro sensor 180B may be used for photographing anti-shake. Illustratively, when the shutter is pressed, the gyro sensor 180B detects the shake angle of the terminal device 100, calculates the distance to be compensated for the lens module according to the shake angle, and allows the lens to counteract the shake of the terminal device 100 through a reverse movement, thereby achieving anti-shake. The gyroscope sensor 180B may also be used for navigation, somatosensory gaming scenes.

The air pressure sensor 180C is used to measure air pressure. In some embodiments, the terminal device 100 calculates an altitude from the barometric pressure measured by the barometric pressure sensor 180C, and assists in positioning and navigation.

The magnetic sensor 180D includes a hall sensor. The terminal device 100 may detect the opening and closing of the flip holster using the magnetic sensor 180D. In some embodiments, when the terminal device 100 is a flip, the terminal device 100 may detect the opening and closing of the flip according to the magnetic sensor 180D. And then according to the opening and closing state of the leather sheath or the opening and closing state of the flip cover, the automatic unlocking of the flip cover is set.

The acceleration sensor 180E can detect the magnitude of acceleration of the terminal device 100 in various directions (generally, three axes). The magnitude and direction of gravity can be detected when the terminal device 100 is stationary. The method can also be used for recognizing the posture of the terminal equipment, and is applied to application programs such as horizontal and vertical screen switching, pedometers and the like.

A distance sensor 180F for measuring a distance. The terminal device 100 may measure the distance by infrared or laser. In some embodiments, shooting a scene, the terminal device 100 may range using the distance sensor 180F to achieve fast focus.

The proximity light sensor 180G may include, for example, a Light Emitting Diode (LED) and a light detector, such as a photodiode. The light emitting diode may be an infrared light emitting diode. The terminal device 100 emits infrared light to the outside through the light emitting diode. The terminal device 100 detects infrared reflected light from a nearby object using a photodiode. When sufficient reflected light is detected, it can be determined that there is an object near the terminal device 100. When insufficient reflected light is detected, the terminal device 100 can determine that there is no object near the terminal device 100. The terminal device 100 can utilize the proximity light sensor 180G to detect that the user holds the terminal device 100 close to the ear for talking, so as to automatically turn off the screen to achieve the purpose of saving power. The proximity light sensor 180G may also be used in a holster mode, a pocket mode automatically unlocks and locks the screen.

The ambient light sensor 180L is used to sense ambient light brightness. The terminal device 100 may adaptively adjust the brightness of the display screen 194 according to the perceived ambient light level. The ambient light sensor 180L can also be used to automatically adjust the white balance when taking a picture. The ambient light sensor 180L may also cooperate with the proximity light sensor 180G to detect whether the terminal device 100 is in a pocket, in order to prevent accidental touches.

The fingerprint sensor 180H is used to collect a fingerprint. The terminal device 100 can utilize the collected fingerprint characteristics to realize fingerprint unlocking, access to an application lock, fingerprint photographing, fingerprint incoming call answering and the like.

The temperature sensor 180J is used to detect temperature. In some embodiments, the terminal device 100 executes a temperature processing policy using the temperature detected by the temperature sensor 180J. For example, when the temperature reported by the temperature sensor 180J exceeds the threshold, the terminal device 100 performs a reduction in performance of a processor located near the temperature sensor 180J, so as to reduce power consumption and implement thermal protection. In other embodiments, the terminal device 100 heats the battery 142 when the temperature is below another threshold to avoid the terminal device 100 being abnormally shut down due to low temperature. In other embodiments, when the temperature is lower than a further threshold, the terminal device 100 performs boosting on the output voltage of the battery 142 to avoid abnormal shutdown due to low temperature.

The touch sensor 180K is also called a "touch device". The touch sensor 180K may be disposed on the display screen 194, and the touch sensor 180K and the display screen 194 form a touch screen, which is also called a "touch screen". The touch sensor 180K is used to detect a touch operation applied thereto or nearby. The touch sensor can communicate the detected touch operation to the application processor to determine the touch event type. Visual output associated with the touch operation may be provided through the display screen 194. In other embodiments, the touch sensor 180K may be disposed on the surface of the terminal device 100, different from the position of the display screen 194.

The bone conduction sensor 180M can acquire a vibration signal. In some embodiments, the bone conduction sensor 180M may acquire a vibration signal of the human vocal part vibrating the bone mass. The bone conduction sensor 180M may also contact the human body pulse to receive the blood pressure pulsation signal. In some embodiments, the bone conduction sensor 180M may also be disposed in a headset, integrated into a bone conduction headset. The audio module 170 may analyze a voice signal based on the vibration signal of the bone mass vibrated by the sound part acquired by the bone conduction sensor 180M, so as to implement a voice function. The application processor can analyze heart rate information based on the blood pressure beating signals acquired by the bone conduction sensor 180M, and the heart rate detection function is realized.

The keys 190 include a power-on key, a volume key, and the like. The keys 190 may be mechanical keys. Or may be touch keys. The terminal device 100 may receive a key input, and generate a key signal input related to user setting and function control of the terminal device 100.

The motor 191 may generate a vibration cue. The motor 191 may be used for incoming call vibration prompts as well as for touch vibration feedback. For example, touch operations applied to different applications (e.g., photographing, audio playing, etc.) may correspond to different vibration feedback effects. The motor 191 may also respond to different vibration feedback effects for touch operations applied to different areas of the display screen 194. Different application scenes (such as time reminding, receiving information, alarm clock, game and the like) can also correspond to different vibration feedback effects. The touch vibration feedback effect may also support customization.

Indicator 192 may be an indicator light that may be used to indicate a state of charge, a change in charge, or a message, missed call, notification, etc.

The SIM card interface 195 is used to connect a SIM card. The SIM card can be brought into and out of contact with the terminal device 100 by being inserted into the SIM card interface 195 or being pulled out of the SIM card interface 195. The terminal device 100 may support 1 or N SIM card interfaces, where N is a positive integer greater than 1. The SIM card interface 195 may support a Nano SIM card, a Micro SIM card, a SIM card, etc. The same SIM card interface 195 can be inserted with multiple cards at the same time. The types of the plurality of cards may be the same or different. The SIM card interface 195 may also be compatible with different types of SIM cards. The SIM card interface 195 may also be compatible with external memory cards. The terminal device 100 interacts with the network through the SIM card to implement functions such as communication and data communication. In some embodiments, the terminal device 100 employs eSIM, namely: an embedded SIM card. The eSIM card may be embedded in the terminal device 100 and cannot be separated from the terminal device 100.

The software system of the terminal device 100 may adopt a hierarchical architecture, an event-driven architecture, a micro-core architecture, a micro-service architecture, a cloud architecture, or the like. The embodiment of the present application takes an Android system with a hierarchical architecture as an example, and exemplarily illustrates a software structure of the terminal device 100.

Fig. 2 is a block diagram of a software configuration of the terminal device 100 according to the embodiment of the present application.

The layered architecture divides the software into several layers, each layer having a clear role and division of labor. The layers communicate with each other through a software interface. In some embodiments, the Android system is divided into four layers, an application layer, an application framework layer, an Android runtime (Android runtime) and system library, and a kernel layer from top to bottom.

The application layer may include a series of application packages.

As shown in fig. 2, the application package may include camera, calendar, phone, map, phone, music, settings, mailbox, video, social, etc. applications.

The application framework layer provides an Application Programming Interface (API) and a programming framework for the application program of the application layer. The application framework layer includes a number of predefined functions.

As shown in FIG. 2, the application framework layers may include a window manager, content provider, resource manager, view system, notification manager, and the like.

The window manager is used for managing window programs. The window manager can obtain the size of the display screen, judge whether a status bar exists, lock the screen, touch the screen, drag the screen, intercept the screen and the like.

Content providers are used to store and retrieve data and make it accessible to applications. The data may include video, images, audio, calls made and received, browsing history and bookmarks, phone books, etc.

The view system includes visual controls such as controls to display text, controls to display pictures, and the like. The view system may be used to build applications. The display interface may be composed of one or more views. For example, the display interface including the short message notification icon may include a view for displaying text and a view for displaying pictures.

The resource manager provides various resources for the application, such as localized strings, icons, pictures, layout files, video files, and the like.

The notification manager enables the application to display notification information in the status bar, can be used to convey notification-type messages, can disappear automatically after a short dwell, and does not require user interaction. Such as a notification manager used to inform download completion, message alerts, etc. The notification manager may also be a notification that appears in the form of a chart or scrollbar text in a status bar at the top of the system, such as a notification of a running application in the background, or a notification that appears on the screen in the form of a dialog window. For example, text information is prompted in the status bar, a prompt tone is given, the terminal device vibrates, and an indicator light flashes.

The Android runtime comprises a core library and a virtual machine. The Android runtime is responsible for scheduling and managing an Android system.

The core library comprises two parts: one part is a function which needs to be called by java language, and the other part is a core library of android.

The application layer and the application framework layer run in a virtual machine. And executing java files of the application program layer and the application program framework layer into a binary file by the virtual machine. The virtual machine is used for performing the functions of object life cycle management, stack management, thread management, safety and exception management, garbage collection and the like.

The system library may include a plurality of functional modules. For example: surface managers (surface managers), media Libraries (Media Libraries), three-dimensional graphics processing Libraries (e.g., openGL ES), 2D graphics engines (e.g., SGL), and the like.

The surface manager is used to manage the display subsystem and provide a fusion of the 2D and 3D layers for multiple applications.

The media library supports a variety of commonly used audio, video format playback and recording, and still image files, among others. The media library may support a variety of audio-video encoding formats, such as MPEG4, h.264, MP3, AAC, AMR, JPG, PNG, and the like.

The three-dimensional graphic processing library is used for realizing three-dimensional graphic drawing, image rendering, synthesis, layer processing and the like.

The 2D graphics engine is a drawing engine for 2D drawing.

The kernel layer is a layer between hardware and software. The inner core layer at least comprises a display driver, a camera driver, an audio driver and a sensor driver.

The following describes in detail an operation process of application function split-screen setting and a display process of a split-screen function interface in an application program according to an embodiment of the present application with reference to the accompanying drawings. In the present embodiment, "at 8230 \ 8230at 8230:" may be a moment occurring in a certain situation, or may be a period of time after a certain situation occurs, and the present embodiment is not particularly limited thereto.

At present, many terminal devices with transaction payment functions are provided with embedded security modules (eSE), and the eSE is a security module and mainly responsible for data security storage, data encryption and other works of the terminal devices, and the security performance of the eSE is high. An auxiliary security domain (SSD) may be set in the eSE, and an Applet (Applet) may be installed in each SSD. The terminal equipment can pay through the Applet so as to realize the mobile payment function.

When the Applet of the bank card is added into the terminal equipment, the SSD creation interface can be called through the wallet App in the terminal equipment, so that the SSD is created in the eSE of the terminal equipment, and the Applet of the bank card is added into the created SSD.

However, the eSE is highly secure hardware in the terminal device, and if an arbitrary application can operate the SSD in the eSE, the security of the eSE in the terminal device is lowered. In order to solve the above technical problem, in the solution provided by the present disclosure, when an application operates an SSD in an eSE, the application needs to be verified by a server, and after the verification is passed, the application can operate the SSD of the eSE, so that the security performance of the eSE of the terminal device is improved.

Fig. 3 is an architecture diagram of a terminal device according to an exemplary embodiment of the present disclosure.

As shown in fig. 3, an application, FWK (Framework), and eSE may be set in the terminal device. The application can operate the eSE through the functionality provided by the FWK, thereby creating or deleting SSDs therein.

FWK may provide an SSD creation interface that applications may call to create SSDs in eses. The FWK may provide an SSD delete interface that applications may call to delete SSDs in the eSE

Fig. 4 is a schematic interface diagram illustrating an exemplary embodiment of the present disclosure.

An application may be provided in the terminal device, which has a payment function, and may be, for example, a digital RMB wallet. The user can operate the terminal device to run an application having a payment function. The application program can create an SSD in the eSE of the terminal device, and can also install an Applet in the SSD.

The user can operate the application program in the terminal device, so that the application program displays an interface as shown in fig. 4, and then operates the application program to install the Applet in the terminal device.

As shown in fig. 4 (a), an interface for installing an Applet is provided in the application program, and a user may click a button for opening an offline wallet, thereby sending an instruction for installing the Applet to the application program.

After receiving the instruction for installing the Applet, the application program can call an SSD creation interface provided by the FWK, so that an SSD is created in the eSE, and then the Applet is installed in the created SSD.

In order to improve the security of the eSE, when the application calls the SSD to create the interface, the FWK may further send a check request to the server, and the server checks, based on the request, information in the check request, where the information may specifically be information of the application, and therefore the server may check the authority of the application. If the check is passed, the FWK can create an SSD in the eSE, and the application can install the Applet in the SSD. If the check is not passed, the FWK cannot create the SSD in the eSE, and the application cannot install the Applet in the SSD.

In the process of waiting for the server to feed back the message, creating the SSD, and installing the Applet, the terminal device may display an interface as shown in fig. 4 (b).

Fig. 5 is an interface diagram illustrating a successful Applet installation according to an exemplary embodiment of the disclosure.

After the Applet is installed successfully, the terminal device may display an interface schematic diagram as shown in fig. 5, which is schematically illustrated in fig. 5 by taking the Applet as an offline wallet. Specifically, a plurality of information such as the name, card number, balance and the like of the offline wallet can be displayed. A message that the offline wallet opening was successful may also be displayed.

The interface of the off-line wallet is also provided with a transfer-in key and a transfer-out key, and a user can click the transfer-in key or the transfer-out key, so that a certain amount of digital RMB is transferred into the off-line wallet, or a certain amount of digital RMB is transferred out of the off-line wallet.

Fig. 6 is an interface diagram illustrating a failure in installing an Applet according to an exemplary embodiment of the disclosure.

In one case, there may be a failure to install the Applet, for example, the server feeds back a check failure message, and the FWK cannot create the SSD, in which case the application may display an interface as shown in fig. 6 to remind the user that the offline wallet creation failed.

Fig. 7 is a device interaction diagram shown in the first exemplary embodiment of the present disclosure.

As shown in fig. 7, the user may operate the application of the terminal device, click a button to install the Applet, for example, click a button to "create offline wallet" in the application, and further, for example, click a button to "open card" in the application.

After receiving the instruction for installing the Applet, the application program may send an SSD creation request to the FWK of the terminal device. The FWK can provide an SSD creation interface that can be called by the application after receiving an instruction to install the Applet, so that the FWK creates an SSD in the eSE for the application.

In order to avoid that any application program can create the SSD in the eSE through the FWK, the FWK may further send a check request to the server, where the check request may carry information of the application program, so that the server checks the authority of the application program.

In an optional embodiment, before the FWK sends the check request to the server, it may be further determined whether the application is in the white list, and if so, the FWK of the terminal device may send the check request to the server. If not, the FWK of the terminal device rejects the SSD creation request of the application, and the application interface may display information of failure in creating the offline wallet.

The terminal device may further set a private key of the application program, and the server may set a public key of the application program. Therefore, the authority of the application program can be checked according to an asymmetric encryption mode.

The FWK may obtain a private key of the application and use the private key to generate the signature data. For example, information of the application program may be acquired and signed by using a private key of the application program, so as to obtain signature data. For example, the application program identifier, the security domain identifier corresponding to the installed Applet, and the timestamp may be concatenated to obtain a character string, and then the character string is signed by using the private key to obtain signature data. For another example, an identifier of the application program may be obtained, and the identifier is signed by using a private key of the application program to obtain signature data.

The encryption algorithm corresponding to the application program may also be set, and for example, the signature data may be generated based on sm2 (one encryption algorithm) algorithm.

For example, when an SSD is created for the first Applet, the identifier of the SSD is a first SSD AID, and the security domain identifier of the first Applet is the first SSD AID.

Further, the same application program may correspond to multiple security domain identifiers. For example, N applets can be installed by one application program, and N security domain identifiers corresponding to the application program are set in the server. One security domain identification corresponds to one Applet.

In practical applications, different application programs may also correspond to the same security domain identifier, for example, the application program a may install the first Applet, and the application program B may also install the first Applet, so that the application program a may correspond to the security domain identifier of the first Applet, and the application program B may also correspond to the security domain identifier of the first Applet.

After the FWK generates the signature data, a verification request may be sent to the server, and the signature data may be included in the verification request. The server can obtain a public key of the application program, further verify the signature data, and if the verification is passed, the server can send passing information to the FWK, so that the FWK creates the SSD for the application program.

Specifically, the verification request may further include content such as an application identifier, a security domain identifier, and a timestamp. For example, application a sends a create SSD request to FWK, FWK obtains application a's private key and generates signature data. And then the identifier of the application program A, the security domain identifier corresponding to the Applet which needs to be installed currently, the timestamp and the signature data are sent to the server.

After receiving the verification request, the server can obtain the application program identifier therein, and then obtain the public key according to the application program identifier. The server side may store a public key corresponding to the application, for example, if the application a and the application B have the right to create the SSD in the eSE, the server may store the public keys corresponding to the applications a and B.

Further, the server may verify the signature data included in the verification request by using the obtained public key, and if decryption of the signature data by using the public key is successful, it may be determined that the signature data is generated by using a private key of the application program, and then it is determined that the verification of the signature data passes, for example, an encryption algorithm may be preset, and the signature data may be decrypted based on the preset encryption algorithm, and the preset encryption algorithm may be, for example, an sm2 algorithm.

In another embodiment, the server further stores an encryption algorithm corresponding to the application program. In this embodiment, after receiving the verification request, the server may further obtain an encryption algorithm according to the application program identifier, and then decrypt the signature data using the public key of the application program based on the encryption algorithm, thereby verifying the signature data.

For example, the encryption algorithm corresponding to the application program a is sm2, and the encryption algorithm corresponding to the application program B is RSA2048. And if the application program identifier included in the verification request is the identifier of the program A, the encryption algorithm acquired by the server is sm2.

In an alternative embodiment, the server may store multiple encryption algorithms corresponding to the same application for that application. The encryption algorithm may be selected specifically according to the region where the terminal device is located. For example, the server may determine a region where the terminal device is located according to an IP address of the terminal device when sending the verification information, and then select among a plurality of encryption algorithms corresponding to the terminal device according to the region. For example, the encryption algorithms corresponding to the application program a are sm2 and RSA2048, and when the region where the terminal device is located is the first region, the sm2 algorithm may be selected, and when the region where the terminal device is located is the second region, the RSA2048 algorithm may be selected.

The embodiment is particularly suitable for a scenario that all terminal devices in multiple regions can send verification information to the server, for example, a first terminal located in a first area can send the verification information to the server, and when the first terminal generates signature data, an encryption algorithm corresponding to the first area is used; the second terminal located in the second area may also send the verification information to the server, and when the second terminal generates the signature data, an encryption algorithm corresponding to the second area is used. In this scenario, the server may select an encryption algorithm corresponding to the region where the terminal device is located according to the region.

The first region may refer to a region where the first type of country is located, and the second region may refer to a region where the second type of country is located.

The above embodiment is exemplified by two areas, and certainly, the encryption algorithms corresponding to more areas may also be set, and the processing procedure is the same as that of the encryption algorithms corresponding to the two areas, and is not described again.

In an optional embodiment, if the server successfully verifies the signature data, the server may send information that the verification is passed to the FWK of the terminal device. In this embodiment, the FWK sends a verification request to the server including the signature data and the application id.

In actual application, the server may further store a security domain identifier corresponding to the application program. The server may obtain, according to the application identifier in the verification request, a security domain identifier corresponding to the application. And comparing the acquired security domain identifier with the security domain identifier in the verification request, and if the comparison is consistent, determining that the verification of the security domain identifier is passed.

In an optional embodiment, if the server successfully verifies the signature data and the server also verifies the security domain identifier, the server may send information that the verification is passed to the FWK of the terminal device. In this embodiment, the check request sent by the FWK to the server includes the signature data and the application identifier, and further includes the security domain identifier.

The verification request sent by the FWK to the server may further include a timestamp, and when the server verifies, the current time may be obtained and compared with the timestamp, and if the time interval between the current time and the timestamp is smaller than a preset interval, it is determined that the time verification is passed. In this embodiment, the server can be prevented from repeatedly sending the information that the check passes to the FWK.

In an optional implementation manner, if the server successfully verifies the signature data, and the server also passes verification of the security domain identifier, and passes verification of time, the server may send information that the verification passes to the FWK of the terminal device. In this embodiment, the verification request sent by the FWK to the server includes the signature data and the application identifier, and also includes a security domain identifier and a timestamp.

Specifically, the application identifier may be an application package name.

If the server passes the verification of the verification request, information that the verification passes can be sent to the FWK, and the information can include the security domain installation script. After the server passes the verification of the verification request, the security domain installation script can be obtained and sent to the FWK of the terminal device.

Further, the server may obtain the corresponding security domain installation script according to the security domain identifier in the verification request. And acquiring a corresponding security domain installation script according to the Applet which needs to be installed currently.

In actual application, after receiving the security domain installation script, the FWK may execute the security domain installation script, and further create an SSD in the eSE. The eSE can send the creation result, such as a result of successful SSD creation, for example, a result of failed SSD creation, to the FWK. The FWK may also forward the SSD creation results to the application.

In an optional implementation manner, the terminal device and the application may agree in advance a generation manner of the initial key, and when the SSD is created in the eSE of the terminal device, the terminal device may further generate the initial key for the SSD according to the agreed in advance.

If the SSD creation is successful in the eSE, the eSE may send the result of the SSD creation to the FWK, and the FWK may forward the result of the SSD creation to the application. If the application program receives the result that the SSD is successfully created, the application program may generate the initial key according to a predetermined manner, and further may operate the created SSD by using the initial key.

The application program can modify the key of the SSD by using the initial key, so that the created SSD is safer, and the safety of the SSD is further improved. The application may operate the SSD based on the modified key.

The application may also install an Applet in the SSD. The application program may specifically download the Applet and add it to the created SSD. The eSE can also send an install successful message to the application if the Applet is successfully installed in the SSD.

After the Applet is successfully installed in the SSD, the application may also send a card addition request to the FWK, thereby adding the card corresponding to the Applet in the FWK. After the FWK receives the card addition request, the card may be added in the hardware wallet and the addition result is sent to the application. Such as a successful card add message.

Fig. 8 is a device interaction diagram illustrating a second exemplary embodiment of the present disclosure.

As shown in fig. 8, the user may operate the application of the terminal device, click a delete Applet button, for example, a "delete offline wallet" button in the application, and further for example, a "delete card" button in the application.

After receiving the instruction of deleting the Applet, the application program may send an SSD deletion request to the FWK of the terminal device. The FWK can provide an SSD delete interface that the application can call after receiving the delete Applet command, so that the FWK can delete the SSD in the eSE.

In order to avoid that any application program can delete the SSD in the eSE through the FWK, the FWK may further send a check request to the server, where the check request may carry information of the application program, so that the server checks the authority of the application program.

In an optional embodiment, before the FWK sends the check request to the server, it may be further determined whether the application is in the white list, and if so, the FWK of the terminal device may send the check request to the server. If not, the FWK of the terminal device rejects the SSD deletion request of the application, and the application interface may display information of failure in offline wallet deletion.

The terminal device may further set a private key of the application program, and the server may set a public key of the application program. Therefore, the authority of the application program can be checked according to an asymmetric encryption mode.

The FWK may obtain a private key of the application and use the private key to generate the signature data. For example, information of the application program may be acquired and signed by using a private key of the application program, so as to obtain signature data. For example, the application program identifier, the security domain identifier corresponding to the deleted Applet, and the timestamp may be concatenated to obtain a character string, and then the character string is signed by using the private key to obtain signature data. For another example, an identifier of the application program may be obtained, and the identifier is signed by using a private key of the application program to obtain signature data.

The encryption algorithm corresponding to the application program may also be set, and for example, the signature data may be generated based on an sm2 (encryption algorithm) algorithm.

A security domain identifier may be set for each Applet, for example, the security domain identifier corresponding to the first Applet is a first SSD AID.

Further, the same application program may correspond to multiple security domain identifiers. For example, N applets can be installed by one application program, and N security domain identifiers corresponding to the application program are set in the server. One security domain identification corresponds to one Applet.

In practical applications, different application programs may also correspond to the same security domain identifier, for example, the application program a may delete the first Applet, and the application program B may also delete the first Applet, so that the application program a may correspond to the security domain identifier of the first Applet, and the application program B may also correspond to the security domain identifier of the first Applet.

After the FWK generates the signature data, a verification request may be sent to the server, and the signature data may be included in the verification request. The server can obtain a public key of the application program, and then verify the signature data, if the verification is passed, the server can send passing information to the FWK, so that the FWK deletes the corresponding SSD in the eSE.

Specifically, the verification request may further include content such as an application identifier, a security domain identifier, and a timestamp. For example, application a sends a delete SSD request to FWK, FWK obtains application a's private key and generates signature data. And then the identifier of the application program A, the security domain identifier corresponding to the Applet which needs to be deleted currently, the timestamp and the signature data are sent to a server.

After receiving the verification request, the server can obtain the application program identifier therein, and then obtain the public key according to the application program identifier. The server side may store the public key corresponding to the application, for example, if the application a and the application B have the right to delete the SSD in the eSE, the server may store the public keys corresponding to the applications a and B.

Further, the server may verify the signature data included in the verification request by using the obtained public key, and if decryption of the signature data by using the public key is successful, it may be determined that the signature data is generated by using a private key of the application program, and then it is determined that the verification of the signature data passes, for example, an encryption algorithm may be preset, and the signature data may be decrypted based on the preset encryption algorithm, and the preset encryption algorithm may be, for example, an sm2 algorithm.

In another embodiment, the server further stores an encryption algorithm corresponding to the application program. In this embodiment, after receiving the verification request, the server may further obtain an encryption algorithm according to the application program identifier, and then decrypt the signature data using the public key of the application program based on the encryption algorithm, thereby verifying the signature data.

For example, the encryption algorithm corresponding to the application program a is sm2, and the encryption algorithm corresponding to the application program B is RSA2048. And if the application program identifier included in the verification request is the identifier of the program A, the encryption algorithm acquired by the server is sm2.

In an optional embodiment, if the server successfully verifies the signature data, the server may send information that the verification is passed to the FWK of the terminal device. In this embodiment, the FWK sends a verification request to the server including the signature data and the application id.

In actual application, the server may further store a security domain identifier corresponding to the application program. The server may obtain, according to the application identifier in the verification request, a security domain identifier corresponding to the application. And comparing the acquired security domain identifier with the security domain identifier in the verification request, and if the comparison is consistent, determining that the verification of the security domain identifier is passed.

In an optional implementation manner, if the server successfully verifies the signature data and the server passes verification of the security domain identifier, the server may send information that the verification passes to the FWK of the terminal device. In this embodiment, the check request sent by the FWK to the server includes the signature data and the application identifier, and further includes the security domain identifier.

The FWK may further include a timestamp in the verification request sent to the server, and when the server verifies, the current time may be obtained and compared with the timestamp, and if the time interval between the current time and the timestamp is smaller than the preset interval, it is determined that the time verification is passed. In this embodiment, the server can be prevented from repeatedly sending the information that the check passes to the FWK.

In an optional embodiment, if the server successfully verifies the signature data, and the server also passes verification of the security domain identifier, and passes verification of time, the server may send information that the verification passes to the FWK of the terminal device. In this embodiment, the check request sent by the FWK to the server includes the signature data and the application identifier, and further includes the security domain identifier and the timestamp.

Specifically, the application identifier may be an application package name.

If the server passes the verification of the verification request, information that the verification passes can be sent to the FWK, and the information can include a security domain deleting script. After the server passes the verification of the verification request, the security domain deletion script can be acquired and sent to the FWK of the terminal device.

Further, the server may obtain the corresponding security domain deleting script according to the security domain identifier in the verification request. And acquiring a corresponding security domain deleting script according to the Applet which needs to be deleted currently.

In actual application, after receiving the security domain deleting script, the FWK may execute the security domain deleting script, and further delete the SSD in the eSE. The eSE may send the delete result to the FWK, such as a successful SSD delete result, for example, a failed SSD delete result. The FWK may also forward the SSD delete result to the application.

After the SSD is successfully deleted, the application may also send a card delete request to the FWK, thereby deleting the card corresponding to the Applet in the FWK. After the FWK receives the card delete request, it may delete the card in the hardware wallet and send the delete result to the application. Such as a successful card deletion message.

In an optional embodiment provided by the present disclosure, an operating method of an applet is further provided, where the method is applied to a terminal device, where an embedded security module is disposed in the terminal device, and the method includes:

sending verification information to a server in response to the operation of an applet program in the application program, wherein the verification information comprises application program information;

if the server passes the verification of the verification information, the terminal equipment receives a script file sent by the server;

executing the script file operates an auxiliary security domain in the embedded security module, the auxiliary security domain for installing the applet.

The user may operate the application, operate an applet of the application, for example, add an applet to the terminal device, or delete an applet.

The terminal device receives an operation for operating the applet, may generate verification information of the application, and transmits the verification information to the server. For example, the verification information may be generated with a private key of the application.

After receiving the verification information, the server can verify the verification information, and if the verification is passed, the server confirms that the application program in the terminal device has the operation authority, so that the script file can be fed back to the terminal device. For example, if the user's operation is an add applet operation, the server may send a script file for creating the SSD to the terminal device, and if the user's operation is a delete applet operation, the server may send a script file for deleting the SSD to the terminal device.

After receiving the script file, the terminal device may execute the corresponding script file, and further operate the SSD in the eSE. For example, an SSD can be created in the eSE, and for another example, the SSD can be deleted in the eSE.

By the method, when the application program operates the eSE of the terminal equipment, the terminal equipment sends the verification information to the server, so that the terminal equipment operates the eSE again after the application program passes the verification, and the safety of the eSE is improved.

In an optional embodiment provided by the present disclosure, there is also provided an operation method of an applet, including:

the method comprises the steps that terminal equipment receives an operation instruction of a small application program in an application program and sends verification information to a server;

the server checks the checking information, and if the checking information passes, the server sends a script file to the terminal equipment;

the terminal equipment executes the script file to operate an auxiliary security domain in the embedded security module, wherein the auxiliary security domain is used for installing the small application program; the terminal equipment is provided with the operation embedded type safety module.

By the method, when the application program operates the eSE of the terminal equipment, the terminal equipment sends the verification information to the server, so that the terminal equipment operates the eSE again after the application program passes the verification, and the safety of the eSE is improved.

In a possible implementation manner, the computer execution instruction in the embodiment of the present application may also be referred to as an application program code, which is not specifically limited in the embodiment of the present application.

Optionally, the interface circuit 903 may further comprise a transmitter and/or a receiver. Optionally, the processor 902 may include one or more CPUs, and may also be other general-purpose processors, digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in this application may be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules in a processor.

The embodiment of the application also provides a computer readable storage medium. The methods described in the above embodiments may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. If implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media may include both computer storage media and communication media, and may include any medium that can transfer a computer program from one place to another. A storage medium may be any target medium that can be accessed by a computer.

In one possible implementation, the computer-readable medium may include RAM, ROM, a compact disk read-only memory (CD-ROM) or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. Also, any connection is properly termed a computer-readable medium. For example, if the software is transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, digital Subscriber Line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. Disk and Disc, as used herein, includes optical Disc, laser Disc, optical Disc, digital Versatile Disc (DVD), floppy disk and blu-ray Disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.

Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processing unit of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processing unit of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

The above embodiments are only for illustrating the embodiments of the present invention and are not to be construed as limiting the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made on the basis of the embodiments of the present invention shall be included in the scope of the present invention.

Claims (15)

1. An operation method of an applet is applied to a terminal device, wherein an embedded security module is arranged in the terminal device, and the method is characterized by comprising the following steps:

responding to the operation of an applet program in the application program, and sending verification information to a server, wherein the verification information comprises application program information;

if the server passes the verification of the verification information, the terminal equipment receives a script file sent by the server;

executing the script file to operate an auxiliary security domain in the embedded security module, the auxiliary security domain being used for installing the applet;

a frame is arranged in the terminal equipment; when the operation is an installation operation, the script file is a security domain installation script;

the executing the script file operates an auxiliary security domain in the embedded security module, including:

the framework executes the security domain installation script to create the auxiliary security domain in the embedded security module;

when the operation is a delete operation, the script file is a security domain delete script;

the executing the script file operates an auxiliary security domain in the embedded security module, including:

and the framework executes the security domain deleting script to delete the auxiliary security domain in the embedded security module, wherein the applet is installed in the auxiliary security domain.

2. The method of claim 1, wherein if the operation is an install operation, the method further comprises:

if the applet program is successfully installed in the auxiliary security domain, displaying an interface of the successfully installed applet program;

if the auxiliary security domain is failed to be established in the embedded security module or the applet program is failed to be installed in the auxiliary security domain, displaying an interface of the applet program installation failure.

3. The method of claim 1, wherein if the operation is a delete operation, the method further comprises:

if the auxiliary security domain is deleted successfully, displaying an interface for successfully deleting the applet;

and if the auxiliary security domain is failed to be deleted, displaying an interface of the applet which fails to be deleted.

4. The method according to any one of claims 1-3, characterized in that a frame is provided in the terminal device; the sending of the verification information to the server in response to the operation of the applet in the application includes:

the application program receiving an operation on the applet program and sending a security domain operation request to the framework;

the framework acquires a security domain identifier and a private key of the application program, wherein the security domain identifier corresponds to the applet program;

and the framework generates signature data according to the private key and sends the verification information to the server, wherein the verification information comprises the application program information and the first time information, and the application program information comprises the signature data and the security domain identifier.

5. The method of claim 4, wherein the verification information verifies pass when the following conditions are met:

the server checks the signature data by using a public key of the application program, determines that a security domain identifier in the application program information corresponds to the application program, and determines that a time interval between second time information acquired by the server and the first time information is smaller than a preset interval.

6. The method according to claim 5, wherein a plurality of encryption algorithms corresponding to the application program are stored in the server;

and the server verifies the signature data by using the public key of the application program based on a target encryption algorithm, wherein the target encryption algorithm is determined by the server in a plurality of encryption algorithms according to the regional information of the terminal equipment.

7. The method according to any one of claims 1 to 3,

the method further comprises the following steps: the application installs the applet in the secondary security domain.

8. The method of claim 7, wherein the framework executing the security domain installation script after creating the secondary security domain in the embedded security module further comprises:

the embedded security module sends a security domain creating result to the framework, and the framework forwards the security domain creating result to the application program;

the application installing the applet in the secondary security domain comprises:

and if the security domain creating result represents that the security domain is successfully created, the application program installs the applet program in the created auxiliary security domain.

9. The method of claim 8, wherein the application adds the applet in the created secondary security domain, comprising:

the application downloads the applet and adds the applet in the secondary security domain.

10. A method of operating an applet, comprising:

the method comprises the steps that terminal equipment receives an operation instruction of an applet program in an application program and sends verification information to a server;

the server checks the checking information, and if the checking information passes, the server sends a script file to the terminal equipment;

the terminal equipment executes the script file to operate an auxiliary security domain in the embedded security module, wherein the auxiliary security domain is used for installing the small application program; the terminal equipment is provided with the operation embedded type safety module;

a frame is arranged in the terminal equipment; when the operation is an installation operation, the script file is a security domain installation script;

the terminal device executes the script file to operate an auxiliary security domain in the embedded security module, including:

the framework executes the security domain installation script to create the auxiliary security domain in the embedded security module;

when the operation is a deleting operation, the script file is a security domain deleting script;

the terminal equipment executes the script file to operate an auxiliary security domain in the embedded security module, and the method comprises the following steps:

and the framework executes the security domain deleting script to delete the auxiliary security domain in the embedded security module, wherein the applet is installed in the auxiliary security domain.

11. The method according to claim 10, wherein the verification information includes application information and first time information, and the application information includes signature data and security domain identifier.

12. An electronic device, comprising: for performing the method of any one of claims 1-11.

13. An electronic device, comprising: a processor for calling a program in a memory to perform the steps of the processing in the method of any of claims 1-11 and a display for performing the steps of the displaying in the method of any of claims 1-11.

14. An electronic device, comprising: a processor, a display screen, and interface circuitry for communicating with other devices, the processor for performing steps processed in the method of any of claims 1-11, and the display screen for performing steps displayed in the method of any of claims 1-11.

15. A computer-readable storage medium having instructions stored thereon that, when executed, cause a computer to perform the method of any of claims 1-11.

Images