WO2023240941A1

WO2023240941A1 - Method and apparatus for downloading data, and secure element

Info

Publication number: WO2023240941A1
Application number: PCT/CN2022/136116
Authority: WO
Inventors: 罗建杰; 冯涛
Original assignee: 深圳市汇顶科技股份有限公司
Priority date: 2022-06-13
Filing date: 2022-12-02
Publication date: 2023-12-21
Also published as: CN114760276B; CN114760276A

Abstract

Provided in the present application are a method and apparatus for downloading data, and a secure element (SE). By means of the present application, download processing time for data in an SE can be shortened, such that the production efficiency of SEs and the use experience of users are improved. The method for downloading data is applied to an SE, and comprises: receiving a first download command, wherein the first download command carries first data to be downloaded; writing said first data into a memory in an SE; and sending a first preset response within at least part of a time period during which said first data is written into the memory. In the technical solution, instead of sending a response according to an execution result only after the writing of first data to be downloaded into a memory is executed, an SE directly sends a first preset response during the process of writing said first data into the memory, such that the download processing time of the SE for a first download command and said first data carried therein is shortened, thereby improving the production efficiency of the SE and improving the use experience of a user regarding the SE.

Description

Method, device and secure element for downloading data

This application claims the priority of the Chinese invention application filed with the China Patent Office on June 13, 2022, with the application number 202210660260.6 and the invention name "Method, device and secure element for downloading data", the entire content of which is incorporated into this application by application middle.

Technical field

The present application relates to the field of information security technology, and more specifically, to a method, device and secure element for downloading data.

Background technique

In the field of information security, Secure Element (SE) can provide functions such as secure storage of private information and secure execution of important programs. Specifically, the SE has a physically independent structure and an independent on-chip operating system (Card operation system, COS). The SE can communicate with the outside through security protocols to implement application functions such as secure data storage and encryption and decryption operations. .

For different application fields, different program data need to be downloaded in SE to meet different usage requirements. Therefore, in the actual industrial production process and actual user use, how to reduce the download processing time of data in SE, thereby improving the production of SE Efficiency and user experience are technical issues that need to be solved urgently.

Contents of the invention

This application provides a method, device and secure element for downloading data, which can reduce the download processing time of data in the secure element, thereby improving the production efficiency of the secure element and the user experience.

In a first aspect, a method for downloading data is provided, which is applied to the secure element SE. The method includes: receiving a first download command, which carries the first data to be downloaded; and writing the first data to the memory inside the SE. Data to be downloaded; sending the first preset response during at least part of the time period when the first data to be downloaded is written into the memory.

In the technical solution of the embodiment of the present application, the SE does not need to wait for the execution of writing the first data to be downloaded to the memory to be completed before sending a response according to the execution result, but in the process of writing the first data to be downloaded to the memory. , directly sending the preset first preset response, thereby saving the SE's download processing time for the first download command and the carried first data to be downloaded, so as to improve the production efficiency of the SE and the user's experience of using the SE.

In some possible implementations, after sending the first preset response, the method further includes: receiving a second download command during at least part of the time period when writing the first data to be downloaded to the memory. Carrying the second data to be downloaded.

In the technical solution of this embodiment, the SE does not need to wait for the completion of writing the first data to be downloaded to the memory and sending a response to the upper computer indicating whether the execution of the written data is completed before it can receive the third data sent by the upper computer. Second download command, and the second download command can be received during at least part of the time period when the first data to be downloaded is written to the memory, thereby saving the SE's processing time for the second download command and further saving the SE's processing time for the data to be downloaded. Overall download time. Through the technical solutions of the embodiments of this application, the production efficiency of SE and the user's experience of using SE can be further improved.

In some possible implementations, after receiving the second download command and writing the first data to be downloaded to the memory, the method further includes: sending a second response, where the second response is used to indicate: writing the first data to be downloaded to the memory. Whether the download data is executed successfully.

In the technical solution of this embodiment, the second response is a real message generated according to the writing situation of the first data to be downloaded in the memory. Sending the second response to the host computer in real time can facilitate the host computer to accurately and timely grasp the current data download situation in the SE, and perform subsequent operations based on the true second response to improve the efficiency of data downloading in the SE. , and ensure the overall performance of SE.

In some possible implementations, if writing the first data to be downloaded to the memory is successfully executed, the method further includes: writing the second data to be downloaded to the memory while sending the second response.

In the technical solution of this embodiment, the SE can synchronize the time of sending the second response to write the second data to be downloaded into the memory, thereby saving the SE's download time for the second data to be downloaded. Through the technical solutions of the embodiments of this application, the production efficiency of SE and the user's experience of using SE can be further improved.

In some possible implementations, after sending the second response, the method further includes: receiving a third download command during at least part of the time period when writing the second data to be downloaded to the memory, where the third download command carries The third data is to be downloaded.

In some possible implementations, if writing of the first to-be-downloaded data to the memory fails, the method further includes: determining that downloading the data fails and stopping receiving subsequent download commands.

Through the technical solution of this embodiment, when the SE fails to write the first data to be downloaded to its internal memory, it can directly stop receiving subsequent download commands to avoid subsequent invalid command reception and data downloads that cause system resource damage. waste, thus improving the execution efficiency of data download in SE. Especially in the production line production process, through the technical solution of this embodiment, the overall production efficiency of the production line can be improved and the production capacity of SE can be improved.

In some possible implementations, after sending the first preset response, the method further includes: receiving the i+1th download command, the i+th download command during at least part of the time period when writing the ith data to be downloaded to the memory, 1 The download command carries the i+1th data to be downloaded, where i is a positive integer; when the i+1th download command is the last download command, write the i+1th data to be downloaded into the memory; send The i+1th response, the i+1th response is used to indicate whether writing the ith data to be downloaded to the memory and the i+1th data to be downloaded are executed successfully.

Through the technical solution of this implementation mode, SE can process the last download command in a timely and convenient manner, and send the last two download commands to carry the execution status of data writing in the memory, ensuring the integrity and reliability of the entire data download. performance, thereby ensuring the overall performance of SE.

In some possible implementations, after sending the first preset response, the method further includes: receiving the i+1th download command, the i+th download command during at least part of the time period when writing the ith data to be downloaded to the memory, 1 The download command carries the i+1th data to be downloaded, where i is a positive integer; when the i+1th download command is the last download command, whether the ith data to be downloaded is written to the memory is executed successfully. , determine whether to write the i+1th data to be downloaded to the memory; send the i+1th response, the i+1th response is used to indicate: write the ith data to be downloaded to the memory and whether the i+1th data to be downloaded is executed success.

Through the technical solution of this embodiment, when the i-th data to be downloaded fails to be written in the memory, the SE may not perform the subsequent process of writing the i+1-th data to be downloaded into the memory, thereby avoiding the waste of system resources. , improve the execution efficiency of data download in SE. At the same time, SE can send the last two download commands to carry the execution status of data writing in the memory, ensuring the integrity and reliability of the entire data download, thereby ensuring the overall performance of SE.

In some possible implementations, after sending the first preset response, the method further includes: receiving second to jth download commands, wherein the second download command carries second to-be-downloaded data, and the jth The download command carries the jth data to be downloaded, j is a positive integer greater than 1; the second data to be downloaded to the jth data to be downloaded are sequentially written to the memory; the second data to be downloaded to the jth data to be downloaded are sequentially written to the memory. During at least part of the time period when the data is downloaded, the second preset response is sent to the jth preset response.

In the technical solution of this embodiment, the SE can be used to sequentially write the second data to be downloaded to at least part of the jth data to be downloaded into its internal memory, and send a second preset response to the host computer to the jth preset data. Set response. Through this technical solution, the SE's processing time for the second download command to the j-th download command can be saved, that is, the SE's overall download processing time for the second to-be-downloaded data to the j-th data to be downloaded can be saved.

In some possible implementations, after sending the first preset response, the method further includes: receiving second to jth download commands, wherein the second download command carries second to-be-downloaded data, and the jth The download command carries the jth data to be downloaded, where j is a positive integer greater than 1; the second data to be downloaded to the xth data to be downloaded are sequentially written to the memory, where the xth data to be downloaded is the data that failed to be written to the memory. , x is a positive integer greater than 1 and less than or equal to j; during at least part of the time period when the second data to be downloaded to the xth data to be downloaded are sequentially written to the memory, the second preset response is sent to the jth preset response.

In the technical solution of this embodiment, the SE can be used to sequentially write the second data to be downloaded to at least part of the time period of the xth data to be downloaded into its internal memory, and send the second preset response to the host computer to the jth preset data. Assume the response, where the xth data to be downloaded is the data that failed to be written to the memory. Through this technical solution, it can not only save the processing time of the second download command to the jth download command in SE, but also avoid the waste of system resources and improve the execution efficiency of data download in SE.

In some possible implementations, after sending the second preset response to the j-th preset response, the method further includes: sequentially writing the second data to be downloaded to the x-th data to be downloaded into the memory for at least part of the time period Within, the j+1th download command is received, and the j+1th download command carries the j+1th data to be downloaded; the j+1th response is sent, and the j+1th response is used to indicate: write the first data to be downloaded into the memory. Download data to the j+1th data to be downloaded whether the execution is successful.

Through the technical solution of this embodiment, the SE can instruct the host computer through the j+1th response to write the first data to be downloaded into the memory to whether the j+1th data to be downloaded is executed successfully, so that the host computer can accurately know whether the j+1th data to be downloaded is successfully executed. The relatively accurate download status of the data to be downloaded to the j+1th data to be downloaded in the SE is convenient for the host computer to perform subsequent actions based on the more accurate download status.

In some possible implementations, the first download command is an application protocol data unit APDU command; and/or the first data to be downloaded is on-chip operating system COS data.

In some possible implementations, the method is applied to the flash memory download unit in the SE, and the memory is the flash memory in the SE.

In a second aspect, a device for downloading data is provided, which is provided on the secure element SE. The device includes: a communication module for receiving a first download command, which carries the first data to be downloaded; and an operation module for In writing the first data to be downloaded into the memory inside the SE; during at least part of the time period when the operation module writes the first data to be downloaded into the memory, the communication module is also used to send a first preset response.

In a third aspect, a device for downloading data is provided, including: a processor and a memory, the memory is used to store a program, and the processor is used to call and run the program from the memory to execute the first aspect or any one of the first aspects. The method of downloading data in the implementation.

A fourth aspect provides a secure element, including: the device for downloading data in the second aspect or the third aspect.

Description of the drawings

Figure 1 is a schematic diagram of the interaction structure between a host computer and an SE chip provided by an embodiment of the present application.

Figure 2 is a schematic diagram of the interaction flow between a host computer and an SE chip provided by an embodiment of the present application.

Figure 3 is a schematic flow chart of a method for downloading data provided by an embodiment of the present application.

Figure 4 is a schematic flow chart of another method for downloading data provided by an embodiment of the present application.

Figure 5 is a schematic flow chart of another method for downloading data provided by an embodiment of the present application.

Figure 6 is a schematic flow chart of another method for downloading data provided by an embodiment of the present application.

Figure 7 is a schematic flow chart of another method for downloading data provided by an embodiment of the present application.

Figure 8 is a schematic flow chart of another method for downloading data provided by an embodiment of the present application.

Figure 9 is a schematic flow chart of another method for downloading data provided by an embodiment of the present application.

Figure 10 is a schematic flow chart of another method for downloading data provided by an embodiment of the present application.

Figure 11 is a schematic structural block diagram of a device for downloading data provided by an embodiment of the present application.

Figure 12 is a schematic structural block diagram of another device for downloading data provided by an embodiment of the present application.

Figure 13 is a schematic structural block diagram of a security element provided by an embodiment of the present application.

Detailed ways

The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings.

The technical solution of the embodiment of the present application relates to a secure element (SE), which is usually provided in the form of a chip. In order to prevent external malicious parsing attacks and protect data security, there is an encryption/decryption logic circuit in the chip.

In some implementations, the internal components of the SE chip include: processors, memories, encryption engine circuits, sensors and other components. In terms of external appearance, the SE chip can be integrated into a physically independent card or integrated inside an electronic device. For example, the SE chip can be integrated into a Universal Integrated Circuit Card (UICC) or a Secure Digital Memory Card (Secure Digital Memory Card), or the SE chip can be an embedded secure element (eSE). ) chip, which is integrated into the device by the electronic equipment manufacturer before it leaves the factory. The SE chip has been widely used in various electronic devices, such as mobile phones and other user terminal devices, and can provide users with reliable and secure data storage.

In the SE chip, it is generally configured with an independent on-chip operating system (COS). According to different industry applications and specifications, different types of COS can be configured in the SE chip to meet the needs of different application scenarios. As an example and not a limitation, the COS can be programmed into the non-volatile memory (Non-Volatile Memory, NVM) stored in the SE chip to ensure reliable operation of the COS in the SE chip.

During the manufacturing process of the SE chip, or during the actual use of the SE chip in the user terminal, the host computer (for example, a production line machine or a card reader, etc.) can send the COS program data to the SE chip so that The SE chip burns the COS program data into its internal memory to complete the download of the COS program data in the SE chip.

Figure 1 shows a schematic diagram of the interaction structure between the host computer and the SE chip.

As shown in Figure 1, the host computer 11 and the SE chip 12 can be connected to each other to achieve data communication between the two. Optionally, the host computer 11 can be connected to the SE chip 12 through physical wiring, or the host computer 11 can also be connected to the SE chip 12 through a network. As an example and not a limitation, the SE chip 12 can be connected to the host computer 11 through a communication interface such as a serial peripheral interface (Serial Peripheral Interface, SPI) and corresponding communication lines. Optionally, the host computer 11 includes but is not limited to a production line machine or a card reader.

A memory 121 is provided in the SE chip 12, and the memory 121 may include a volatile memory and/or a non-volatile memory. Among them, the non-volatile memory can be a read-only memory (Read Only Memory, ROM), a programmable read-only memory (Programmable ROM, PROM), an erasable programmable read-only memory (Erasable PROM, EPROM), an electrically removable memory. Erase programmable read-only memory (Electrically EPROM, EEPROM) or flash memory (Flash). The volatile memory can be a random access memory (Random Access Memory, RAM), etc. This RAM has a fast read and write speed and can be used as an external cache.

In addition, the SE chip 12 is also provided with a processor 122, which can be a general-purpose processor, a central processing unit (Central Processing Unit, CPU), a digital signal processor (Digital Signal Processor, DSP), an application-specific integrated circuit ( Application Specific Integrated Circuit (ASIC), off-the-shelf programmable gate array (Field Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.

Specifically, computer program code may be stored in the memory 121 , and the processor 122 may call the computer program code to perform related operations of the SE chip 12 .

In some implementations, memory 121 may include Flash. The SE chip 12 receives the COS program data from the host computer 11 through a communication protocol, such as the SPI protocol, and the processor 122 is used to write the COS program data into Flash. Optionally, after the SE chip 12 obtains the COS program data from the host computer 11 through the SPI protocol, the COS program data can be cached in the RAM, and then the processor 122 can be used to write the COS data cached in the RAM to Flash.

Optionally, in this implementation, a Flash loader program can be stored in Flash, and the processor 122 can call the Flash loader program to execute: receive the COS program data from the host computer 11, and transfer the COS program to Data is written to the data storage space of Flash.

Under normal circumstances, the size of the COS program data compiled by the host computer is several hundred kilobytes (KB). In this case, the host computer 11 can split the COS program data into multiple commands, sequentially Sent to SE chip 12. After receiving the multiple commands, the SE chip 12 sequentially burns the COS program data carried by each command into the memory 121 to complete the download of the COS program data in the SE chip 12 .

Figure 2 shows a schematic diagram of the interaction flow between the host computer 11 and the SE chip 12.

As shown in Figure 2, in the embodiment of the present application, in the process of the SE chip downloading the COS program data transmitted by the host computer 11, the host computer 11 first sends a first command to the SE chip 12, and the first command may carry part of COS program data, that is, the first COS data. After the SE chip 12 receives the first command, the SE chip 12 writes the first COS data into the memory 121 . After the SE chip 12 completes writing the first COS data to the memory 121, the SE chip 12 may send a first response to the host computer 11 according to the writing situation of the first COS data in the memory 121. A response is used to indicate whether the first COS data is successfully written in the memory 121 .

Further, the host computer 11 may receive the first response and then continue to send subsequent commands to the SE chip. Specifically, after receiving the n-1th response corresponding to the n-1th command, the host computer 11 continues to send the nth command to the SE chip 12, where n is a positive integer greater than 1, and the n-1th command and the n commands all carry part of the COS program data. After the SE chip 12 receives the nth command, the SE chip 12 writes the nth COS data carried by the nth command into the memory 121. Then, the SE chip 12 can write the nth COS data in the memory 121 according to the nth COS data. In the case of writing, the nth response is sent to the host computer 11.

By analogy, the SE chip 12 serially processes multiple commands sent by the host computer 11 according to the above-mentioned process of processing the first command. Until the last command sent by the host computer 11 is processed, the COS of the SE chip 12 Data download is completed.

In this technical solution, the SE chip 12 serially processes multiple commands sent by the host computer 11, and in the process of processing each command, the SE chip 12 serially executes the reception of commands, writing of data to the memory, and The response is sent. This technical solution will cause the COS data download time of the SE chip 12 to be longer, affecting the production efficiency of the SE chip on the production line and the user experience of the SE chip.

In view of this, embodiments of the present application provide a method for downloading data applied to SE (for example, the SE chip described above), which can reduce the download processing time of data in the SE, improve the production efficiency of SE on the production line, and User experience with this SE.

Figure 3 shows a schematic flow chart of a method 300 for downloading data provided by an embodiment of the present application. In this embodiment of the present application, the method 300 for downloading data can be applied to SE, for example, it can be applied to the SE chip 12 shown in Figure 1 and Figure 2 above.

As shown in Figure 3, the method 300 for downloading data includes the following steps.

S310: Receive the first download command, which carries the first data to be downloaded.

S320: Write the first data to be downloaded into the memory inside the SE.

S330: Send the first preset response during at least part of the time period when the first data to be downloaded is written into the memory.

Specifically, in step S310, the SE may receive a first download command carrying the first data to be downloaded, where the first download command may be sent by the host computer 11 in the embodiments shown in FIGS. 1 and 2 above. First download command. Optionally, the first download command may be any download command sent by the host computer 11 . For example, the first download command may be the first download command sent by the host computer 11 .

In some implementations, the first data to be downloaded carried in the first download command includes but is not limited to COS data. The first download command includes but is not limited to an Application Protocol Data Unit (APDU) command. Specifically, after the host computer 11 compiles the complete COS data to be written into the SE into a file, the host computer 11 can further split the file into multiple APDU commands, and each APDU command carries part of the COS data. The first download command may be one APDU command among multiple APDU commands, and the first data to be downloaded carried by it may be partial COS data.

In this embodiment, the APDU command is an information command specifically used between the host and the smart card in the smart card field, and is compatible with most SE products. In addition, COS data is an indispensable program data in SE. Reducing the download time of the COS data in SE can effectively improve the production efficiency of SE and improve the user experience of SE.

Optionally, in some implementations, the SE may include a communication interface, such as an SPI interface. After the SE receives the first download command through the communication interface, the first data to be downloaded carried by the first download command can be temporarily cached in its internal cache module. For example, the first data to be downloaded can be cached in the RAM inside the SE. middle.

In step S320, the memory inside the SE may be the memory 121 shown in Figure 1 above, which may specifically be NVM to ensure reliable storage of downloaded data. For example, the memory inside the SE includes but is not limited to Flash, or the memory inside the SE may also include Flash and cache memory (such as RAM, etc.).

Specifically, in step S320, the processor inside the SE (for example, the processor 122 shown in FIG. 1 above) may be used to write the first to-be-downloaded data carried in the first download command to the memory inside the SE. . As an example, in the case where the first to-be-downloaded data received by the SE is cached in the RAM, step S320 may be understood as the processor writing the first to-be-downloaded data cached in the RAM into the NVM memory. As another example, step S320 can also be understood as the processor caching the first to-be-downloaded data received by the SE in RAM and writing the first to-be-downloaded data in the RAM into the NVM memory. Similarly, the process of writing data to be downloaded into the memory inside the SE in the following embodiments is also similar to step S320 and will not be described in detail below.

In step S330, during at least part of the time period when the SE writes the first data to be downloaded into its internal memory, the SE sends the first preset response. Specifically, during at least part of the time period when the SE writes the first data to be downloaded into its internal memory, the SE may send the first preset response to the host computer. The first preset response is a preset fixed message. For example, the first preset response is a response message indicating that writing data to the memory is successful. The host computer can identify the first preset response and send subsequent download commands based on the first preset response.

Optionally, corresponding to the first download command, when the first download command is an APDU command, the first preset response may be an APDU response.

In this embodiment of the present application, the time period during which the SE sends the first preset response at least partially coincides with the time period during which the first data to be downloaded is written into the memory, that is, steps S320 and S330 can be executed in parallel. Therefore, in the embodiment of the present application, the SE does not need to wait for the execution of writing the first data to be downloaded to the memory to be completed before sending a response according to the execution result. Instead, during the process of writing the first data to be downloaded to the memory, The preset first preset response is directly sent, thereby saving the SE's download processing time for the first download command and the carried first to-be-downloaded data. Through the technical solutions of the embodiments of this application, the production efficiency of SE and the user's experience of using SE can be improved.

Optionally, when the memory is Flash, the method 300 of the embodiment of the present application can be applied to the flash loader unit in the SE. The flash download unit may include a flash download program. Specifically, the processor calls the flash download program to implement the method 300 provided in the embodiment of the present application. As an example and not a limitation, the flash memory download program can be stored in Flash, or the flash memory download program can also be stored in other memories in the SE.

Specifically, in step S310 and step S330, the processor may receive the first download command through the communication interface and send the first preset response by calling the flash download program. In step S320, the processor may write the first to-be-downloaded data carried in the first download command into the memory by calling the flash memory download program. Among them, step S320 and step S330 can be executed synchronously.

Figure 4 shows a schematic flow chart of another method 400 for downloading data provided by an embodiment of the present application.

As shown in FIG. 4 , the method 400 for downloading data further includes the following steps in addition to the above steps S310 to S330 .

S440: During at least part of the time period when the first data to be downloaded is written into the memory, a second download command is received, and the second download command carries the second data to be downloaded.

Specifically, in this step, after receiving the first download command carrying the first data to be downloaded, the SE may receive the second download command carrying the second data to be downloaded. Optionally, the second download command may be the next command sent by the host computer after sending the first download command, and the second download command may be of the same type as the above first download command. For example, the second download command and subsequent download commands may both be APDU commands. The data to be downloaded carried by the second download command and subsequent download commands may be COS data.

In the technical solution of the embodiment of the present application, the time period during which the SE receives the second download command at least partially coincides with the time period during which the first data to be downloaded is written into the memory, that is, steps S320 and S440 can be executed in parallel. In the embodiment of the present application, the SE does not need to wait for the completion of writing the first data to be downloaded to the memory and sending a response to the host computer indicating whether the execution of the written data is completed before it can receive the second download sent by the host computer. command, and the second download command can be received during at least part of the time period when the first data to be downloaded is written to the memory, thereby saving the processing time of the second download command by the SE and further saving the overall download of the data to be downloaded by the SE. time. Through the technical solutions of the embodiments of this application, the production efficiency of SE and the user's experience of using SE can be further improved.

Optionally, as shown in Figure 4, in this embodiment of the present application, after step S440, that is, after receiving the second download command and writing the first data to be downloaded to the memory, the method 400 of downloading data also includes the following: step.

S450: Send a second response, which is used to indicate whether writing the first data to be downloaded to the memory is executed successfully.

Specifically, in this step, after the SE writes the first data to be downloaded to its internal memory, information indicating whether the first data to be downloaded is successfully written to the memory may be sent to the superior as a second response. machine. The second response corresponds to the second download command. When the second download command is an APDU command, the second response may be an APDU response.

Specifically, different from the above-mentioned first preset response, in this embodiment of the present application, the second response is a real message generated according to the writing situation of the first data to be downloaded in the memory. Sending the second response to the host computer in real time can facilitate the host computer to accurately and timely grasp the current data download situation in the SE, and perform subsequent operations based on the true second response to improve the efficiency of data downloading in the SE. , and ensure the overall performance of SE.

It should be noted that for the SE, it modifies the second response originally used to indicate whether the second download data is written successfully to indicate whether the first data to be downloaded is written successfully, while for the host computer, The second response still indicates whether the second download data is written successfully, that is, based on the content in the second response, the host computer determines whether the second download data carried in the second download command sent by it is successfully written in the SE, so that Determine whether to perform subsequent actions. Therefore, the host computer can still use the method process of the related technology to send the download command and process the corresponding command, which will not affect the reception of the download command and the download of the data to be downloaded by the SE in the embodiment of the present application. Similarly, in the following embodiments, for other response messages sent by the SE, the host computer can still process the response messages according to the original processing flow in the related technology. The specific processing process will not be described in detail here. Optionally, continuing to refer to FIG. 4 , the method 400 for downloading data further includes the following steps.

S461: When writing the first data to be downloaded into the memory is successfully executed, while sending the second response, write the second data to be downloaded into the memory.

S462: If the execution of writing the first data to be downloaded to the memory fails, it is determined that the execution of downloading the data fails, and the reception of subsequent download commands is stopped.

Specifically, in step S461, if SE successfully writes the first data to be downloaded to its internal memory, the first data to be downloaded can be accurately and completely stored in the memory, and can continue to write to the memory. Follow-up data. The SE may simultaneously write the second data to be downloaded to the memory while sending the second response.

In this implementation, while sending the second response, the SE writes the second data to be downloaded into the memory, that is, step S450 and step S461 can be executed in parallel. In the technical solution of this embodiment, the SE can synchronize the time of sending the second response to write the second data to be downloaded into the memory, thereby saving the SE's download time for the second data to be downloaded. Through the technical solutions of the embodiments of this application, the production efficiency of SE and the user's experience of using SE can be further improved.

In step S462, if the SE fails to write the first data to be downloaded into its internal memory, the first data to be downloaded cannot be accurately and completely stored in the memory, and the download of the first data to be downloaded fails. In this embodiment of the present application, as long as any data to be downloaded fails to download, it will affect the download results of all data, causing the entire data to fail to download. Therefore, when the download of the first data to be downloaded fails, it can be directly determined that the overall download data has failed, and the SE can stop receiving subsequent download commands and end the current data download process.

Optionally, in some embodiments, when the SE fails to write the first data to be downloaded to its internal memory, the second response sent by the SE to the host computer can be used to indicate the execution of the first data to be downloaded. If it fails, the host computer can stop sending subsequent download commands to the SE according to the second response, so that the SE stops receiving subsequent download commands and ends the current data download process.

Or, in other embodiments, when the SE fails to write the first data to be downloaded to its internal memory, the SE can actively control its internal communication module to stop receiving subsequent download commands to end the current data. Download process.

Continuing to refer to FIG. 4 , when writing the first data to be downloaded into the memory is successfully executed, the method 400 for downloading data further includes the following steps.

S471: During at least part of the time period when the second data to be downloaded is written into the memory, a third download command is received, and the third download command carries the third data to be downloaded.

Similar to step S440 above, in this step, after receiving the second download command carrying the second data to be downloaded, the SE may continue to receive the third download command carrying the third data to be downloaded. Optionally, the third download command may be the next command sent by the host computer after sending the second download command. The third download command may be of the same type as the above first download command and the second download command.

After step S471, the processing of the third download command and the subsequent processing of each piece of download data may be performed in a similar manner from steps S450 to S461 or steps S450 to S462. For specific implementation methods, please refer to the detailed descriptions of the above embodiments, and will not be described in detail here.

Figure 5 shows a schematic flow chart of another method 500 for downloading data provided by an embodiment of the present application.

As shown in FIG. 5 , the method 500 for downloading data may further include the following steps in addition to the above steps S310 to S330 .

S540: During at least part of the time period when the i-th data to be downloaded is written into the memory, receive the i+1th download command. The i+1th download command carries the i+1th data to be downloaded, where i is positive. integer.

S550: When the i+1th download command is the last download command, write the i+1th data to be downloaded into the memory.

S560: Send the i+1th response, which is used to indicate whether writing the ith data to be downloaded to the memory and the i+1th data to be downloaded are executed successfully.

Specifically, in step S540, the i-th data to be downloaded may be the data carried by the i-th download command received by the SE. The i-th download command may be any download command received by the SE. For example, the i-th download command may be The first download command, the second download command, the third download command and any subsequent command in the above embodiment.

During at least part of the time period when the SE writes the i-th data to be downloaded carried by the i-th download command into its internal memory, the SE can simultaneously receive the i+1th download command to save the SE for the i-th download command and the i+th download command. 1The overall processing time of the download command.

In step S550, when the i+1th download command is the last download command, after the SE writes the i-th to-be-downloaded data carried by the i-th download command into its internal memory, the SE then writes Write the i+1th data to be downloaded carried by the i+1th download command.

In step S560, after the SE writes the i+1th data to be downloaded carried by the i+1th download command into its internal memory, the i+1th data to be downloaded and the i+1th data to be downloaded are stored in the memory according to In the case of writing, the SE can send the i+1th response to the host computer. The i+1th response is used to indicate whether writing the ith data to be downloaded to the memory and the i+1th data to be downloaded are executed successfully.

Optionally, in some implementations, the (i+1)th response may be used to indicate whether the writing of the (i)th data to be downloaded and the (i+1)th data to be downloaded to the memory is executed successfully. Specifically, if any one of the i-th data to be downloaded and the i+1-th data to be downloaded fails to be written in the memory, the i+1-th response may be used to indicate writing the i-th data to be downloaded into the memory and The overall execution of the i+1th data to be downloaded failed. On the contrary, only when the i-th data to be downloaded and the i+1-th data to be downloaded are successfully written in the memory, the i+1-th response can be used to indicate that the i-th data to be downloaded and the i+1-th data to be downloaded are written to the memory. The overall execution of the data to be downloaded was successful.

Alternatively, in other implementations, the i+1th response may also be used to respectively indicate whether writing the i-th data to be downloaded to the memory is successfully executed, and whether writing the i+1th data to be downloaded to the memory is executed successfully.

Figure 6 shows a schematic flow chart of another method 600 for downloading data provided by an embodiment of the present application.

As shown in FIG. 6 , the method 600 for downloading data further includes the following steps in addition to the above steps S310 to S330 .

S640: During at least part of the time period when the i-th data to be downloaded is written into the memory, receive the i+1th download command. The i+1th download command carries the i+1th data to be downloaded, where i is positive. integer.

S650: In the case where the i+1th download command is the last download command, determine whether to write the i+1th data to be downloaded to the memory based on whether writing the ith data to be downloaded to the memory is successfully executed.

S660: Send the i+1th response, which is used to indicate whether writing the ith data to be downloaded to the memory and the i+1th data to be downloaded are executed successfully.

Specifically, in this embodiment of the present application, the specific implementation of step S640 can be referred to step S540 in Figure 5 above, and will not be described in detail here.

In step S650, when the i+1th download command is the last download command, SE can determine whether to write the i+1th data to be downloaded to the memory based on the writing situation of the ith data to be downloaded in the memory. . Specifically, when the writing of the i-th data to be downloaded in the memory fails, the i+1th data to be downloaded may not be written to the memory. On the contrary, when the i-th data to be downloaded is successfully written in the memory, Only then the i+1th data to be downloaded is written to the memory.

Similar to step S560 in FIG. 5 above, in step S660, the i+1th response may be used to indicate whether writing the ith data to be downloaded and the entire i+1th data to be downloaded to the memory is successfully executed. Alternatively, the i+1th response may also be used to respectively indicate whether the writing of the ith data to be downloaded to the memory is successfully executed, and whether the writing of the i+1th data to be downloaded to the memory is executed successfully.

Through the technical solution of this embodiment, when the i-th data to be downloaded fails to be written in the memory, the SE may not perform the subsequent process of writing the i+1-th data to be downloaded into the memory, thereby avoiding the waste of system resources. , improve the execution efficiency of data download in SE. At the same time, SE can send the last two download commands to carry the writing execution status of data in the memory, ensuring the integrity and reliability of the entire data download, thereby ensuring the overall performance of SE.

Figure 7 shows a schematic flow chart of another method 700 for downloading data provided by an embodiment of the present application.

As shown in Figure 7, in the embodiment of the present application, the SE includes a communication module and an operation module. The communication module and the operation module can work in parallel. The communication module is used to realize data communication with the host computer, and the operation module is used to realize data communication with the host computer. To write data to the memory.

Specifically, after the communication module receives the first download command sent by the host computer, the operation module writes the first data to be downloaded into the memory. During the process of the operation module writing the first data to be downloaded into the memory, the communication module synchronously sends the first preset response to the host computer.

After receiving the first preset response, the host computer sends a second download command to the communication module. During the process of the operation module writing the first data to be downloaded into the memory, the communication module also receives the second download command synchronously.

Referring to Figure 7, in the embodiment of the present application, it takes a long time for the operation module to write the first data to be downloaded to the memory. Therefore, the time for the operation module to write the first data to be downloaded to the memory can be used, and the communication module synchronously sends The first preset responds and receives the second download command.

After the operation module writes the first data to be downloaded into the memory, the communication module may send a second response to the host computer indicating whether the first data to be downloaded is successfully written into the memory. When the first data to be downloaded is successfully written into the memory, while the communication module sends the second response to the host computer, the operation module synchronously writes the second data to be downloaded into the memory. And the operation module can write the second data to be downloaded to the memory immediately after writing the first data to be downloaded to the memory, with only a small time difference or even no time difference between the two. Further, since it takes a long time for the operation module to write the second data to be downloaded to the memory, the time for the operation module to write the second data to be downloaded to the memory can be used. After sending the second response, the communication module also receives The third download command sent by the host computer.

When the first data to be downloaded is not successfully written into the memory, only the communication module sends the second response to the host computer, and the operation module no longer writes the second data to be downloaded and subsequent data to the memory, and the communication module no longer writes Receive the third download command and subsequent commands.

By analogy, during the process of the operation module writing the m-1th data to be downloaded (not shown in Figure 7) into the memory, the communication module also receives the mth download command synchronously. After the operation module writes the m-1th data to be downloaded into the memory, the communication module may send the mth response to the host computer indicating whether the m-1th data to be downloaded is successfully written into the memory. When the m-1th data to be downloaded is successfully written into the memory, while the communication module sends the mth response to the host computer, the operation module synchronously writes the mth data to be downloaded into the memory. Furthermore, since it takes a long time for the operation module to write the mth data to be downloaded into the memory, the time for the operation module to write the mth data to be downloaded into the memory can be used. After sending the mth response, the communication module also receives The m+1 download command sent by the host computer. Among them, m is a positive integer greater than 1.

In the case where the m+1th download command is the last download command, after the operation module writes the mth data to be downloaded and the m+1th data to be downloaded into the memory, the communication module can send an instruction to the host computer to indicate the mth The m+1th response is whether the data to be downloaded and the m+1th data to be downloaded are successfully written into the memory.

Figure 8 shows a schematic flow chart of another method 800 for downloading data provided by an embodiment of the present application.

As shown in FIG. 8 , in the embodiment of the present application, the method 800 for downloading data further includes the following steps in addition to the above steps S310 to S330.

S840: Receive the second download command to the j-th download command, where the second download command carries the second data to be downloaded, the j-th download command carries the j-th data to be downloaded, and j is a positive integer greater than 1.

S850: Write the second data to be downloaded to the j-th data to be downloaded into the memory in sequence.

S860: Send the second preset response to the jth preset response during at least part of the time period when the second to-be-downloaded data to the j-th to-be-downloaded data are sequentially written into the memory.

Specifically, in step S840, when j=2, the SE may receive the second download command, and when j>2, the SE may receive the second to jth download commands. The second download command to the j-th download command may be at least one command sent sequentially by the host computer after sending the first download command. Each of the second download command to the j-th download command carries data to be downloaded, and each download command can be of the same type as the first download command.

In step S850, after receiving the second download command to the j-th download command, the SE may sequentially write the second data to be downloaded to the j-th data to be downloaded into its internal memory.

In step S860, the SE sends the second preset response to the jth preset response during at least part of the time period when the second to-be-downloaded data to the j-th to-be-downloaded data are sequentially written into its internal memory.

Optionally, in some implementations, after receiving the second download command sent by the upper computer, the SE sends a second preset response to the upper computer. After receiving the second preset response, the host computer sends a third download command to the SE. By analogy, the SE may receive the second download command to the j-th download command, and after receiving each download command, send its corresponding preset response.

While the SE performs the above data communication with the host computer, the SE also sequentially writes the second data to be downloaded to the jth data to be downloaded to its internal memory. Since the data communication time between the SE and the host computer is short, and the time to write the download data to its internal memory is relatively long, the SE can receive the data carried by the SE before writing the data to be downloaded to its internal memory. The download command for the data to be downloaded. For example, while the SE is writing the first data to be downloaded into its internal memory, the SE may simultaneously receive the second download command and even more subsequent download commands.

Using at least part of the time period during which the SE sequentially writes the second to-be-downloaded data to the j-th data to be downloaded into its internal memory, the SE can send the second to the j-th preset response to the host computer. Through this technical solution, the SE's processing time for the second download command to the j-th download command can be saved, that is, the SE's overall download time for the second to-be-downloaded data to the j-th data to be downloaded can be saved. Through the technical solutions of the embodiments of this application, the production efficiency of SE and the user's experience of using SE can be improved.

Figure 9 shows a schematic flow chart of another method 900 for downloading data provided by an embodiment of the present application.

As shown in FIG. 9 , in this embodiment of the present application, the method 900 for downloading data further includes the following steps in addition to the above steps S310 to S330 .

S940: Receive the second download command to the jth download command, where the second download command carries the second data to be downloaded, the jth download command carries the jth data to be downloaded, and j is a positive integer greater than 1.

S950: Write the second to-be-downloaded data to the x-th data to be downloaded sequentially into the memory, where the x-th data to be downloaded is the data that failed to be written into the memory, and x is a positive integer greater than 1 and less than or equal to j.

S960: Send the second preset response to the jth preset response during at least part of the time period when the second to-be-downloaded data to the x-th to-be-downloaded data are sequentially written into the memory.

Specifically, in this embodiment of the present application, for step S940, reference may be made to the relevant description of step S840 in Figure 8 above, which will not be described again here.

In step S950, after receiving the second download command to the j-th download command, SE sequentially writes the to-be-downloaded data carried by the at least one download command into its internal memory. While downloading data, write execution failed. In this case, the SE no longer writes the data carried by the subsequent download command to the memory, thereby avoiding the waste of system resources caused by the writing of subsequent data.

In step S960, the SE sends the second preset response to the jth preset response during at least part of the time period when the second to-be-downloaded data to the x-th to-be-downloaded data are sequentially written into its internal memory.

While the SE performs the above-mentioned data communication with the host computer, the SE also sequentially writes the second data to be downloaded to the xth data to be downloaded to its internal memory. That is to say, in the technical solution implemented in this application, the SE can be used to sequentially write the second data to be downloaded to at least part of the time period of the xth data to be downloaded into its internal memory, and send the second preset response to the host computer to the jth data. Canned response. Through this technical solution, it can not only save the processing time of the second download command to the jth download command in SE, but also avoid the waste of system resources and improve the execution efficiency of data download in SE.

Continuing to refer to FIG. 9 , in this embodiment of the present application, the method 900 for downloading data may also include the following steps.

S970: Receive the j+1th download command during at least part of the time period when the second data to be downloaded to the xth data to be downloaded are sequentially written into the memory.

S980: Send the j+1th response, which is used to indicate whether writing the first data to be downloaded to the j+1th data to be downloaded in the memory is executed successfully.

Specifically, in step S970, the SE can be used to sequentially write the second to-be-downloaded data to at least part of the x-th data to be downloaded into its internal memory, and receive the j+1th download command sent by the host computer, thereby reducing the The overall processing time for the j+1th download command. Among them, the j+1 download command is the next command after the jth download command sent by the host computer.

In step S980, after receiving the j+1th download command, the SE may send the j+1th response to the host computer. The j+1th response may be used to instruct the memory to write the first to-be-downloaded data to the j+th 1. Whether the entire data to be downloaded is executed successfully. Specifically, if any one of the first data to be downloaded to the j+1th data to be downloaded fails to be written into the memory, the j+1th response is used to instruct the writing of the first data to be downloaded into the memory. The overall execution of downloading data to the j+1th data to be downloaded failed. On the contrary, when all the data to be downloaded from the first data to be downloaded to the j+1th data to be downloaded are successfully written to the memory, then the j+1th response is used to instruct the writing of the first data to be downloaded to the memory. The overall execution of data to the j+1th data to be downloaded is successful.

Optionally, referring back to FIG. 8 , in the embodiment shown in FIG. 8 , steps S870 to S890 may also be further included. For relevant technical solutions of steps S870 to S890, please refer to the related description of steps S970 to S990 in the embodiment of FIG. 9 , not to go into too much detail here.

Figure 10 shows a schematic flow chart of another method 1000 for downloading data provided by an embodiment of the present application.

As shown in Figure 10, in the embodiment of the present application, the SE includes a communication module and an operation module. The communication module and the operation module can work in parallel. The communication module is used to realize data communication with the host computer, and the operation module is used to realize data communication with the host computer. To write data to the memory.

After the communication module receives the second download command, the communication module sends a second preset response to the host computer. When the communication module sends the second preset response to the host computer, the operation module can synchronously write the first data to be downloaded to the memory, or write the second data to be downloaded to the memory.

In the embodiment of the present application, the communication module can receive the first download command to the m-th download command in sequence, and after receiving each download command, send a preset response to the host computer. While the communication module performs data communication, the operation module sequentially writes the first data to be downloaded to the m-th data to be downloaded into the memory. Among them, m is a positive integer greater than 1.

During the process of the operation module writing the first data to be downloaded to the m-th data to be downloaded into the memory, the communication module also receives the m+1-th download command. After the operation module writes the first data to be downloaded to the m-th data to be downloaded into the memory, the operation module continues to write the m+1-th data to be downloaded into the memory. And after the operation module writes the m+1th data to be downloaded into the memory, the communication module sends the m+1th data to the host computer to indicate whether the first data to be downloaded to the m+1th data to be downloaded are successfully written into the memory. response.

Optionally, in the process of the operation module sequentially writing the first data to be downloaded to the m-th data to be downloaded into the memory, if the writing of the x-th data to be downloaded fails, subsequent processing of the data to be downloaded in the memory may not be performed. Write. Among them, x is a positive integer less than m.

Further, during the process of the operation module writing the first data to be downloaded to the xth data to be downloaded into the memory, the communication module also receives the m+1th download command, and after the communication module receives the m+1th download command, The communication module sends the m+1th response to the host computer to indicate whether the first data to be downloaded to the m+1th data to be downloaded are successfully written into the memory. Specifically, since the writing of the xth data to be downloaded from the first data to be downloaded to the m+1th data to be downloaded fails, the m+1th response is used to indicate the first data to be downloaded to the m+1th data to be downloaded. Data writing failed.

It should be noted that in the methods for downloading data provided in the above embodiments, at least some of the steps can also be executed in series. For example, in steps S320 and S330 of the embodiment shown in FIG. 3 , the first data to be downloaded can be first written to the cache memory of the secure element, and then the first preset response can be sent, and then the cached first data to be downloaded can be Write to Flash memory.

The method embodiments of the present application are described in detail above with reference to Figures 3 to 10. The device embodiments of the present application are described below with reference to Figures 11 to 12. The device embodiments below are mutually exclusive with the method embodiments above. Correspondingly, for parts not described in detail, please refer to the relevant descriptions of the above embodiments, and will not be described again here.

Figure 11 shows a schematic structural block diagram of a device 1100 for downloading data provided by an embodiment of the present application. Alternatively, the device 1100 for downloading data may be disposed on a secure element (SE). For example, the device 1100 for downloading data may be disposed on an SE chip.

As shown in Figure 11, the device 1100 for downloading data includes: a communication module 1110 and an operation module 1120.

Specifically, the communication module 1110 is configured to receive a first download command, which carries the first data to be downloaded. The operation module 1120 is used to write the first data to be downloaded into the memory inside the SE. During at least part of the time period when the operation module 1120 writes the first data to be downloaded into the memory, the communication module 1110 is also used to send a first preset response.

In some possible implementations, during at least part of the time period when the operation module 1120 writes the first data to be downloaded into the memory, the communication module 1110 is also used to receive a second download command, and the second download command carries the second data to be downloaded. Download data.

In some possible implementations, after the communication module 1110 receives the second download command and the operation module 1120 writes the first data to be downloaded to the memory, the communication module 1110 is also used to: send a second response, the second response is used to Indicate: whether the operation module 1120 writes the first data to be downloaded to the memory successfully.

In some possible implementations, when the operation module 1120 writes the first data to be downloaded to the memory successfully, the operation module 1120 is also configured to write the first data to the memory while the communication module 1110 sends the second response. The second data is to be downloaded.

In some possible implementations, after the communication module 1110 sends the second response, and during at least part of the time period when the operation module 1120 writes the second data to be downloaded to the memory, the communication module 1110 is also used to: receive the third download command. , the third download command carries the third data to be downloaded.

In some possible implementations, when the operation module 1120 fails to write the first data to be downloaded into the memory, the operation module 1120 is also configured to: determine that the execution of the download data fails, and stop receiving subsequent download commands.

In some possible implementations, after the communication module 1110 sends the first preset response, and during at least part of the time period when the operation module 1120 writes the i-th data to be downloaded into the memory, the communication module 1110 is also used to: receive the i-th data to be downloaded. +1 download command, the i+1th download command carries the i+1th data to be downloaded, where i is a positive integer; when the i+1th download command is the last download command, the operation module 1120 also uses In: writing the i+1th data to be downloaded into the memory; the communication module 1110 is also used to: send the i+1th response, and the i+1th response is used to instruct: the operation module 1120 writes the ith data to be downloaded into the memory. And whether the i+1th data to be downloaded is executed successfully.

In some possible implementations, after the communication module 1110 sends the first preset response, and during at least part of the time period when the operation module 1120 writes the i-th data to be downloaded into the memory, the communication module 1110 is also used to: receive the i-th data to be downloaded. +1 download command, the i+1th download command carries the i+1th data to be downloaded, where i is a positive integer; when the i+1th download command is the last download command, the operation module 1120 also uses Based on: judging whether to write the i+1th data to be downloaded to the memory based on whether the ith data to be downloaded is successfully executed; the communication module 1110 is also used to: send the i+1th response, and the i+1th response is used Instruction: whether writing the i-th data to be downloaded and the i+1-th data to be downloaded into the memory is executed successfully.

In some possible implementations, after the communication module 1110 sends the first preset response, the communication module 1110 is further configured to: receive the second download command to the j-th download command, wherein the second download command carries the second download command to be processed. Download data, the jth download command carries the jth data to be downloaded, j is a positive integer greater than 1; the operation module 1120 is also used to: sequentially write the second data to be downloaded to the jth data to be downloaded to the memory; in the operation module 1120. During at least part of the time period when the second data to be downloaded to the j-th data to be downloaded are sequentially written into the memory, the communication module 1110 is also used to: send the second preset response to the j-th preset response.

In some possible implementations, after the communication module 1110 sends the first preset response, the communication module 1110 is further configured to: receive the second download command to the j-th download command, wherein the second download command carries the second download command to be processed. Download data, the jth download command carries the jth data to be downloaded, j is a positive integer greater than 1; the operation module 1120 is also used to: sequentially write the second data to be downloaded to the xth data to be downloaded to the memory, where, the The x data to be downloaded is the data that failed to be written to the memory, and x is a positive integer greater than 1 and less than or equal to j; in the operation module 1120, at least part of the second data to be downloaded to the xth data to be downloaded is sequentially written to the memory. During the time period, the communication module 1110 is also used to: send the second preset response to the jth preset response.

In some possible implementations, after the communication module 1110 sends the second preset response to the j-th preset response, at least part of the time when the operation module 1120 sequentially writes the second data to be downloaded to the x-th data to be downloaded into the memory. Within the section, the communication module 1110 is also used to: receive the j+1th download command, which carries the j+1th data to be downloaded; the communication module 1110 is also used to: send the j+1th response, the jth The +1 response is used to indicate whether writing the first data to be downloaded to the j+1th data to be downloaded in the memory is executed successfully.

In some possible implementations, the device 1100 for downloading data is a flash memory download unit in the SE, and the memory is a flash memory in the SE.

In this embodiment, the flash download unit may include a flash download program, where the flash download program may be stored in Flash, or the flash download program may also be stored in other memories in the SE.

Figure 12 shows a schematic structural block diagram of a device 1200 for downloading data provided by an embodiment of the present application.

As shown in Figure 12, the embodiment of the present application also provides a device 1200 for downloading data, including: a memory 1210 and a processor 1220; the memory 1210 is used to store a computer program, and the processor 1220 is used to call the computer program. When the computer program is executed by the processor, the device 1200 for downloading data executes the method for downloading data in any of the above embodiments.

An embodiment of the present application also provides a computer-readable storage medium on which a computer program is stored. When the computer program is executed by a computer, the computer performs the method for downloading data in any of the above embodiments.

An embodiment of the present application also provides a computer program product containing instructions, which when executed by a computer causes the computer to perform the method for downloading data in any of the above embodiments.

Figure 13 shows a schematic structural block diagram of a security element 1300 provided by an embodiment of the present application.

As shown in FIG. 13 , the secure element 1300 may include the above-mentioned device 1100 for downloading data or the device 1200 for downloading data.

Optionally, the secure element 1300 may be a secure element chip.

In addition to the above-mentioned device for downloading data, the secure element 1300 may further include an encryption/decryption module for protecting relevant data in the secure element 1300 .

It should be understood that the specific examples herein are only to help those skilled in the art better understand the embodiments of the present application, but are not intended to limit the scope of the embodiments of the present application.

It should also be understood that in the various embodiments of the present application, the size of the sequence numbers of each process does not mean the order of execution. The execution order of each process should be determined by its functions and internal logic, and should not be used in the embodiments of the present application. The implementation process constitutes any limitation.

It should also be understood that the various implementation modes described in this specification can be implemented individually or in combination, and the embodiments of the present application are not limited to this.

Unless otherwise stated, all technical and scientific terms used in the embodiments of this application have the same meanings as commonly understood by those skilled in the technical field of this application. The terminology used in this application is for the purpose of describing specific embodiments only and is not intended to limit the scope of this application. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items. As used in the embodiments and the appended claims, the singular forms "a," "above," and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise.

It should be understood that the processor or processing unit in the embodiment of the present application may be an integrated circuit chip with signal processing capabilities. During the implementation process, each step of the above method embodiment can be completed through an integrated logic circuit of hardware in the processor or instructions in the form of software. The steps of the method disclosed in conjunction with the embodiments of the present application can be directly implemented by a hardware decoding processor, or executed by a combination of hardware and software modules in the decoding processor. The software module can be located in random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, registers and other mature storage media in this field. The storage medium is located in the memory, and the processor reads the information in the memory and completes the steps of the above method in combination with its hardware.

The memory or storage unit in the embodiment of the present application may be a volatile memory or a non-volatile memory, or may include both volatile and non-volatile memories.

Those of ordinary skill in the art will appreciate that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented with electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may implement the described functionality using different methods for each specific application, but such implementations should not be considered beyond the scope of this application.

Those skilled in the art can clearly understand that for the convenience and simplicity of description, the specific working processes of the systems, devices and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be described again here.

In the several embodiments provided in this application, it should be understood that the disclosed systems, devices and methods can be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or can be integrated into another system, or some features can be ignored, or not implemented. On the other hand, the coupling or direct coupling or communication connection between each other shown or discussed may be through some interfaces, and the indirect coupling or communication connection of the devices or units may be in electrical, mechanical or other forms.

The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or they may be distributed to multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application can be integrated into one processing unit, each unit can exist physically alone, or two or more units can be integrated into one unit.

If the functions are implemented in the form of software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application is essentially or the part that contributes to the existing technology or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in various embodiments of this application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM), random access memory (RAM), magnetic disk or optical disk and other various media that can store program codes.

The above are only specific embodiments of the present application, but the protection scope of the present application is not limited thereto. Any person familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the present application. should be covered by the protection scope of this application. Therefore, the protection scope of this application should be determined by the protection scope of the claims.

Claims

A method for downloading data, characterized in that it is applied to secure element SE, and the method includes:

Receive a first download command, where the first download command carries first data to be downloaded;

writing the first data to be downloaded to the memory inside the secure element;

A first preset response is sent during at least part of the time period when the first data to be downloaded is written to the memory.
The method according to claim 1, wherein after sending the first preset response, the method further includes:

During at least part of the time period when the first data to be downloaded is written into the memory, a second download command is received, where the second download command carries the second data to be downloaded.
The method of claim 2, wherein after receiving the second download command and writing the first to-be-downloaded data to the memory, the method further includes:

A second response is sent, where the second response is used to indicate whether writing the first data to be downloaded to the memory is executed successfully.
The method according to claim 3, characterized in that when writing the first data to be downloaded into the memory is successfully executed, the method further includes:

While sending the second response, the second data to be downloaded is written to the memory.
The method according to claim 4, characterized in that, after sending the second response, the method further includes:

During at least part of the time period when the second data to be downloaded is written into the memory, a third download command is received, where the third download command carries the third data to be downloaded.
The method according to claim 3, characterized in that when writing the first to-be-downloaded data to the memory fails, the method further includes:

It is determined that the download data execution failed and stops receiving subsequent download commands.
The method according to claim 1, wherein after sending the first preset response, the method further includes:

During at least part of the time period when the i-th data to be downloaded is written to the memory, the i+1th download command is received, and the i+1th download command carries the i+1th data to be downloaded, where i is positive integer;

When the i+1th download command is the last download command, write the i+1th data to be downloaded into the memory;

The i+1th response is sent, and the i+1th response is used to indicate: writing the ith data to be downloaded to the memory and whether the i+1th data to be downloaded is executed successfully.
The method according to claim 1, wherein after sending the first preset response, the method further includes:

During at least part of the time period when the i-th data to be downloaded is written to the memory, the i+1th download command is received, and the i+1th download command carries the i+1th data to be downloaded, where i is positive integer;

In the case where the i+1th download command is the last download command, it is determined whether to write the i+1th data to the memory based on whether writing of the ith data to be downloaded to the memory is executed successfully. Data to be downloaded;

The i+1th response is sent, and the i+1th response is used to indicate: writing the ith data to be downloaded to the memory and whether the i+1th data to be downloaded is executed successfully.
The method according to claim 1, wherein after sending the first preset response, the method further includes:

Receive the second download command to the jth download command, wherein the second download command carries the second data to be downloaded, the jth download command carries the jth data to be downloaded, and j is a positive integer greater than 1;

sequentially writing the second data to be downloaded to the jth data to be downloaded into the memory;

During at least part of the time period when the second to-be-downloaded data to the j-th to-be-downloaded data are sequentially written into the memory, the second to j-th preset responses are sent.
The method according to claim 1, wherein after sending the first preset response, the method further includes:

Receive the second download command to the jth download command, wherein the second download command carries the second data to be downloaded, the jth download command carries the jth data to be downloaded, and j is a positive integer greater than 1;

Write the second to-be-downloaded data to the x-th data to be downloaded sequentially into the memory, where the x-th data to be downloaded is data that failed to be written to the memory, and x is greater than 1 and less than or equal to j is a positive integer;

During at least part of the time period when the second data to be downloaded to the xth data to be downloaded are sequentially written to the memory, the second preset response to the jth preset response is sent.
The method according to claim 10, characterized in that after sending the second preset response to the jth preset response, the method further includes:

During at least part of the time period when the second data to be downloaded to the xth data to be downloaded are sequentially written to the memory, the j+1th download command is received, and the j+1th download command carries the jth +1 data to be downloaded;

The j+1th response is sent, and the j+1th response is used to indicate whether writing the first data to be downloaded to the j+1th data to be downloaded in the memory is executed successfully.
The method according to any one of claims 1 to 11, characterized in that the first download command is an application protocol data unit APDU command; and/or,

The first data to be downloaded is COS data of the on-chip operating system.
The method according to any one of claims 1 to 11, characterized in that the method is applied to a flash memory download unit in the secure element, and the memory is a flash memory in the secure element.
A device for downloading data, characterized in that it is provided on the secure element SE, and the device includes:

A communication module, configured to receive a first download command, where the first download command carries first data to be downloaded;

An operation module, configured to write the first data to be downloaded to the memory inside the secure element;

During at least part of the time period when the operation module writes the first data to be downloaded to the memory, the communication module is also used to send a first preset response.
The device according to claim 14, characterized in that, during at least part of the time period when the operation module writes the first data to be downloaded to the memory, the communication module is also used to receive a second download command. , the second download command carries the second data to be downloaded.
The device according to claim 15, wherein after the communication module receives the second download command and the operation module writes the first data to be downloaded into the memory, the communication module further Used for:

Send a second response, where the second response is used to indicate whether the operation module writes the first data to be downloaded to the memory successfully.
The device according to claim 16, wherein when the operation module writes the first data to be downloaded into the memory successfully, the operation module is further configured to:

While the communication module sends the second response, the second data to be downloaded is written into the memory.
The device according to claim 16, wherein when the operation module fails to write the first data to be downloaded into the memory, the operation module is further configured to:

It is determined that the download data execution failed and stops receiving subsequent download commands.
The device according to claim 14, wherein after the communication module sends the first preset response, at least part of the time period when the operation module writes the i-th data to be downloaded into the memory. , the communication module is also used for:

Receive the i+1th download command, the i+1th download command carries the i+1th data to be downloaded, where i is a positive integer;

In the case where the i+1th download command is the last download command, the operation module is also configured to: write the i+1th data to be downloaded into the memory;

The communication module is also used to send the i+1th response, and the i+1th response is used to indicate that the operation module writes the ith data to be downloaded and the i+1th data to the memory. Whether the data to be downloaded is executed successfully.
The device according to claim 14, wherein after the communication module sends the first preset response, at least part of the time period when the operation module writes the i-th data to be downloaded into the memory. , the communication module is also used for:

Receive the i+1th download command, the i+1th download command carries the i+1th data to be downloaded, where i is a positive integer;

In the case where the i+1th download command is the last download command, the operation module is also configured to: determine whether to write the i-th data to be downloaded to the memory based on whether the writing of the i-th data to be downloaded to the memory is successfully executed. Write the i+1th data to be downloaded;

The communication module is also used to: send the i+1th response, the i+1th response is used to indicate: write the ith data to be downloaded to the memory and whether the i+1th data to be downloaded is execution succeed.
The device according to any one of claims 14 to 20, wherein the first download command is an application protocol data unit APDU command; and/or,

The first data to be downloaded is COS data of the on-chip operating system.
The device according to any one of claims 14 to 20, wherein the device is a flash memory download unit in the secure element, and the memory is a flash memory in the secure element.
A device for downloading data, characterized in that it includes: a processor and a memory, the memory is used to store a program, the processor is used to call and run the program from the memory to execute any one of claims 1 to 13 The method of downloading data described in the item.
A secure element, characterized by comprising: the device for downloading data according to any one of claims 14 to 22.