WO2023240941A1 - Procédé et appareil de téléchargement vers l'aval de données, et élément sécurisé - Google Patents

Procédé et appareil de téléchargement vers l'aval de données, et élément sécurisé Download PDF

Info

Publication number
WO2023240941A1
WO2023240941A1 PCT/CN2022/136116 CN2022136116W WO2023240941A1 WO 2023240941 A1 WO2023240941 A1 WO 2023240941A1 CN 2022136116 W CN2022136116 W CN 2022136116W WO 2023240941 A1 WO2023240941 A1 WO 2023240941A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
downloaded
memory
download command
download
Prior art date
Application number
PCT/CN2022/136116
Other languages
English (en)
Chinese (zh)
Inventor
罗建杰
冯涛
Original Assignee
深圳市汇顶科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市汇顶科技股份有限公司 filed Critical 深圳市汇顶科技股份有限公司
Publication of WO2023240941A1 publication Critical patent/WO2023240941A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Definitions

  • the present application relates to the field of information security technology, and more specifically, to a method, device and secure element for downloading data.
  • Secure Element can provide functions such as secure storage of private information and secure execution of important programs.
  • the SE has a physically independent structure and an independent on-chip operating system (Card operation system, COS).
  • the SE can communicate with the outside through security protocols to implement application functions such as secure data storage and encryption and decryption operations. .
  • a method for downloading data is provided, which is applied to the secure element SE.
  • the method includes: receiving a first download command, which carries the first data to be downloaded; and writing the first data to the memory inside the SE. Data to be downloaded; sending the first preset response during at least part of the time period when the first data to be downloaded is written into the memory.
  • the SE does not need to wait for the execution of writing the first data to be downloaded to the memory to be completed before sending a response according to the execution result, but in the process of writing the first data to be downloaded to the memory. , directly sending the preset first preset response, thereby saving the SE's download processing time for the first download command and the carried first data to be downloaded, so as to improve the production efficiency of the SE and the user's experience of using the SE.
  • the method further includes: receiving a second download command during at least part of the time period when writing the first data to be downloaded to the memory. Carrying the second data to be downloaded.
  • the SE does not need to wait for the completion of writing the first data to be downloaded to the memory and sending a response to the upper computer indicating whether the execution of the written data is completed before it can receive the third data sent by the upper computer.
  • Second download command, and the second download command can be received during at least part of the time period when the first data to be downloaded is written to the memory, thereby saving the SE's processing time for the second download command and further saving the SE's processing time for the data to be downloaded. Overall download time.
  • the method further includes: sending a second response, where the second response is used to indicate: writing the first data to be downloaded to the memory. Whether the download data is executed successfully.
  • the second response is a real message generated according to the writing situation of the first data to be downloaded in the memory.
  • Sending the second response to the host computer in real time can facilitate the host computer to accurately and timely grasp the current data download situation in the SE, and perform subsequent operations based on the true second response to improve the efficiency of data downloading in the SE. , and ensure the overall performance of SE.
  • the method further includes: writing the second data to be downloaded to the memory while sending the second response.
  • the SE can synchronize the time of sending the second response to write the second data to be downloaded into the memory, thereby saving the SE's download time for the second data to be downloaded.
  • the method further includes: receiving a third download command during at least part of the time period when writing the second data to be downloaded to the memory, where the third download command carries The third data is to be downloaded.
  • the method further includes: determining that downloading the data fails and stopping receiving subsequent download commands.
  • the SE when the SE fails to write the first data to be downloaded to its internal memory, it can directly stop receiving subsequent download commands to avoid subsequent invalid command reception and data downloads that cause system resource damage. waste, thus improving the execution efficiency of data download in SE.
  • the overall production efficiency of the production line can be improved and the production capacity of SE can be improved.
  • the method further includes: receiving the i+1th download command, the i+th download command during at least part of the time period when writing the ith data to be downloaded to the memory, 1
  • the download command carries the i+1th data to be downloaded, where i is a positive integer; when the i+1th download command is the last download command, write the i+1th data to be downloaded into the memory; send The i+1th response, the i+1th response is used to indicate whether writing the ith data to be downloaded to the memory and the i+1th data to be downloaded are executed successfully.
  • SE can process the last download command in a timely and convenient manner, and send the last two download commands to carry the execution status of data writing in the memory, ensuring the integrity and reliability of the entire data download. performance, thereby ensuring the overall performance of SE.
  • the method further includes: receiving the i+1th download command, the i+th download command during at least part of the time period when writing the ith data to be downloaded to the memory, 1
  • the download command carries the i+1th data to be downloaded, where i is a positive integer; when the i+1th download command is the last download command, whether the ith data to be downloaded is written to the memory is executed successfully. , determine whether to write the i+1th data to be downloaded to the memory; send the i+1th response, the i+1th response is used to indicate: write the ith data to be downloaded to the memory and whether the i+1th data to be downloaded is executed success.
  • the SE may not perform the subsequent process of writing the i+1-th data to be downloaded into the memory, thereby avoiding the waste of system resources. , improve the execution efficiency of data download in SE.
  • SE can send the last two download commands to carry the execution status of data writing in the memory, ensuring the integrity and reliability of the entire data download, thereby ensuring the overall performance of SE.
  • the method further includes: receiving second to jth download commands, wherein the second download command carries second to-be-downloaded data, and the jth The download command carries the jth data to be downloaded, j is a positive integer greater than 1; the second data to be downloaded to the jth data to be downloaded are sequentially written to the memory; the second data to be downloaded to the jth data to be downloaded are sequentially written to the memory.
  • the second preset response is sent to the jth preset response.
  • the SE can be used to sequentially write the second data to be downloaded to at least part of the jth data to be downloaded into its internal memory, and send a second preset response to the host computer to the jth preset data. Set response.
  • the SE's processing time for the second download command to the j-th download command can be saved, that is, the SE's overall download processing time for the second to-be-downloaded data to the j-th data to be downloaded can be saved.
  • the method further includes: receiving second to jth download commands, wherein the second download command carries second to-be-downloaded data, and the jth The download command carries the jth data to be downloaded, where j is a positive integer greater than 1; the second data to be downloaded to the xth data to be downloaded are sequentially written to the memory, where the xth data to be downloaded is the data that failed to be written to the memory.
  • x is a positive integer greater than 1 and less than or equal to j; during at least part of the time period when the second data to be downloaded to the xth data to be downloaded are sequentially written to the memory, the second preset response is sent to the jth preset response.
  • the SE can be used to sequentially write the second data to be downloaded to at least part of the time period of the xth data to be downloaded into its internal memory, and send the second preset response to the host computer to the jth preset data. Assume the response, where the xth data to be downloaded is the data that failed to be written to the memory.
  • the SE can not only save the processing time of the second download command to the jth download command in SE, but also avoid the waste of system resources and improve the execution efficiency of data download in SE.
  • the method further includes: sequentially writing the second data to be downloaded to the x-th data to be downloaded into the memory for at least part of the time period Within, the j+1th download command is received, and the j+1th download command carries the j+1th data to be downloaded; the j+1th response is sent, and the j+1th response is used to indicate: write the first data to be downloaded into the memory. Download data to the j+1th data to be downloaded whether the execution is successful.
  • the SE can instruct the host computer through the j+1th response to write the first data to be downloaded into the memory to whether the j+1th data to be downloaded is executed successfully, so that the host computer can accurately know whether the j+1th data to be downloaded is successfully executed.
  • the relatively accurate download status of the data to be downloaded to the j+1th data to be downloaded in the SE is convenient for the host computer to perform subsequent actions based on the more accurate download status.
  • the first download command is an application protocol data unit APDU command; and/or the first data to be downloaded is on-chip operating system COS data.
  • the method is applied to the flash memory download unit in the SE, and the memory is the flash memory in the SE.
  • a device for downloading data which is provided on the secure element SE.
  • the device includes: a communication module for receiving a first download command, which carries the first data to be downloaded; and an operation module for In writing the first data to be downloaded into the memory inside the SE; during at least part of the time period when the operation module writes the first data to be downloaded into the memory, the communication module is also used to send a first preset response.
  • a device for downloading data including: a processor and a memory, the memory is used to store a program, and the processor is used to call and run the program from the memory to execute the first aspect or any one of the first aspects.
  • the method of downloading data in the implementation.
  • Figure 1 is a schematic diagram of the interaction structure between a host computer and an SE chip provided by an embodiment of the present application.
  • Figure 3 is a schematic flow chart of a method for downloading data provided by an embodiment of the present application.
  • Figure 4 is a schematic flow chart of another method for downloading data provided by an embodiment of the present application.
  • Figure 5 is a schematic flow chart of another method for downloading data provided by an embodiment of the present application.
  • Figure 7 is a schematic flow chart of another method for downloading data provided by an embodiment of the present application.
  • Figure 8 is a schematic flow chart of another method for downloading data provided by an embodiment of the present application.
  • Figure 9 is a schematic flow chart of another method for downloading data provided by an embodiment of the present application.
  • Figure 10 is a schematic flow chart of another method for downloading data provided by an embodiment of the present application.
  • Figure 12 is a schematic structural block diagram of another device for downloading data provided by an embodiment of the present application.
  • the technical solution of the embodiment of the present application relates to a secure element (SE), which is usually provided in the form of a chip.
  • SE secure element
  • the host computer for example, a production line machine or a card reader, etc.
  • the host computer can send the COS program data to the SE chip so that The SE chip burns the COS program data into its internal memory to complete the download of the COS program data in the SE chip.
  • the host computer 11 and the SE chip 12 can be connected to each other to achieve data communication between the two.
  • the host computer 11 can be connected to the SE chip 12 through physical wiring, or the host computer 11 can also be connected to the SE chip 12 through a network.
  • the SE chip 12 can be connected to the host computer 11 through a communication interface such as a serial peripheral interface (Serial Peripheral Interface, SPI) and corresponding communication lines.
  • the host computer 11 includes but is not limited to a production line machine or a card reader.
  • a memory 121 is provided in the SE chip 12, and the memory 121 may include a volatile memory and/or a non-volatile memory.
  • the non-volatile memory can be a read-only memory (Read Only Memory, ROM), a programmable read-only memory (Programmable ROM, PROM), an erasable programmable read-only memory (Erasable PROM, EPROM), an electrically removable memory. Erase programmable read-only memory (Electrically EPROM, EEPROM) or flash memory (Flash).
  • the volatile memory can be a random access memory (Random Access Memory, RAM), etc. This RAM has a fast read and write speed and can be used as an external cache.
  • memory 121 may include Flash.
  • the SE chip 12 receives the COS program data from the host computer 11 through a communication protocol, such as the SPI protocol, and the processor 122 is used to write the COS program data into Flash.
  • the COS program data can be cached in the RAM, and then the processor 122 can be used to write the COS data cached in the RAM to Flash.
  • a Flash loader program can be stored in Flash, and the processor 122 can call the Flash loader program to execute: receive the COS program data from the host computer 11, and transfer the COS program to Data is written to the data storage space of Flash.
  • the size of the COS program data compiled by the host computer is several hundred kilobytes (KB).
  • the host computer 11 can split the COS program data into multiple commands, sequentially Sent to SE chip 12.
  • the SE chip 12 After receiving the multiple commands, the SE chip 12 sequentially burns the COS program data carried by each command into the memory 121 to complete the download of the COS program data in the SE chip 12 .
  • Figure 2 shows a schematic diagram of the interaction flow between the host computer 11 and the SE chip 12.
  • the host computer 11 first sends a first command to the SE chip 12, and the first command may carry part of COS program data, that is, the first COS data.
  • the SE chip 12 After the SE chip 12 receives the first command, the SE chip 12 writes the first COS data into the memory 121 .
  • the SE chip 12 After the SE chip 12 completes writing the first COS data to the memory 121, the SE chip 12 may send a first response to the host computer 11 according to the writing situation of the first COS data in the memory 121. A response is used to indicate whether the first COS data is successfully written in the memory 121 .
  • the host computer 11 may receive the first response and then continue to send subsequent commands to the SE chip. Specifically, after receiving the n-1th response corresponding to the n-1th command, the host computer 11 continues to send the nth command to the SE chip 12, where n is a positive integer greater than 1, and the n-1th command and the n commands all carry part of the COS program data. After the SE chip 12 receives the nth command, the SE chip 12 writes the nth COS data carried by the nth command into the memory 121. Then, the SE chip 12 can write the nth COS data in the memory 121 according to the nth COS data. In the case of writing, the nth response is sent to the host computer 11.
  • the SE chip 12 serially processes multiple commands sent by the host computer 11 according to the above-mentioned process of processing the first command. Until the last command sent by the host computer 11 is processed, the COS of the SE chip 12 Data download is completed.
  • the SE chip 12 serially processes multiple commands sent by the host computer 11, and in the process of processing each command, the SE chip 12 serially executes the reception of commands, writing of data to the memory, and The response is sent.
  • This technical solution will cause the COS data download time of the SE chip 12 to be longer, affecting the production efficiency of the SE chip on the production line and the user experience of the SE chip.
  • Figure 3 shows a schematic flow chart of a method 300 for downloading data provided by an embodiment of the present application.
  • the method 300 for downloading data can be applied to SE, for example, it can be applied to the SE chip 12 shown in Figure 1 and Figure 2 above.
  • the method 300 for downloading data includes the following steps.
  • S310 Receive the first download command, which carries the first data to be downloaded.
  • S320 Write the first data to be downloaded into the memory inside the SE.
  • S330 Send the first preset response during at least part of the time period when the first data to be downloaded is written into the memory.
  • the SE may receive a first download command carrying the first data to be downloaded, where the first download command may be sent by the host computer 11 in the embodiments shown in FIGS. 1 and 2 above.
  • First download command may be any download command sent by the host computer 11 .
  • the first download command may be the first download command sent by the host computer 11 .
  • the first data to be downloaded carried in the first download command includes but is not limited to COS data.
  • the first download command includes but is not limited to an Application Protocol Data Unit (APDU) command.
  • APDU Application Protocol Data Unit
  • the host computer 11 can further split the file into multiple APDU commands, and each APDU command carries part of the COS data.
  • the first download command may be one APDU command among multiple APDU commands, and the first data to be downloaded carried by it may be partial COS data.
  • the SE may include a communication interface, such as an SPI interface.
  • the first data to be downloaded carried by the first download command can be temporarily cached in its internal cache module.
  • the first data to be downloaded can be cached in the RAM inside the SE. middle.
  • the memory inside the SE may be the memory 121 shown in Figure 1 above, which may specifically be NVM to ensure reliable storage of downloaded data.
  • the memory inside the SE includes but is not limited to Flash, or the memory inside the SE may also include Flash and cache memory (such as RAM, etc.).
  • step S320 the processor inside the SE (for example, the processor 122 shown in FIG. 1 above) may be used to write the first to-be-downloaded data carried in the first download command to the memory inside the SE.
  • step S320 may be understood as the processor writing the first to-be-downloaded data cached in the RAM into the NVM memory.
  • step S320 can also be understood as the processor caching the first to-be-downloaded data received by the SE in RAM and writing the first to-be-downloaded data in the RAM into the NVM memory.
  • the process of writing data to be downloaded into the memory inside the SE in the following embodiments is also similar to step S320 and will not be described in detail below.
  • step S330 during at least part of the time period when the SE writes the first data to be downloaded into its internal memory, the SE sends the first preset response.
  • the SE may send the first preset response to the host computer.
  • the first preset response is a preset fixed message.
  • the first preset response is a response message indicating that writing data to the memory is successful.
  • the host computer can identify the first preset response and send subsequent download commands based on the first preset response.
  • the first preset response may be an APDU response.
  • the method 300 of the embodiment of the present application can be applied to the flash loader unit in the SE.
  • the flash download unit may include a flash download program.
  • the processor calls the flash download program to implement the method 300 provided in the embodiment of the present application.
  • the flash memory download program can be stored in Flash, or the flash memory download program can also be stored in other memories in the SE.
  • Figure 4 shows a schematic flow chart of another method 400 for downloading data provided by an embodiment of the present application.
  • the method 400 for downloading data further includes the following steps in addition to the above steps S310 to S330 .
  • the time period during which the SE receives the second download command at least partially coincides with the time period during which the first data to be downloaded is written into the memory, that is, steps S320 and S440 can be executed in parallel.
  • the SE does not need to wait for the completion of writing the first data to be downloaded to the memory and sending a response to the host computer indicating whether the execution of the written data is completed before it can receive the second download sent by the host computer. command, and the second download command can be received during at least part of the time period when the first data to be downloaded is written to the memory, thereby saving the processing time of the second download command by the SE and further saving the overall download of the data to be downloaded by the SE. time.
  • the production efficiency of SE and the user's experience of using SE can be further improved.
  • the method 400 of downloading data also includes the following: step.
  • S450 Send a second response, which is used to indicate whether writing the first data to be downloaded to the memory is executed successfully.
  • the SE writes the first data to be downloaded to its internal memory
  • information indicating whether the first data to be downloaded is successfully written to the memory may be sent to the superior as a second response. machine.
  • the second response corresponds to the second download command.
  • the second download command is an APDU command
  • the second response may be an APDU response.
  • the SE modifies the second response originally used to indicate whether the second download data is written successfully to indicate whether the first data to be downloaded is written successfully, while for the host computer,
  • the second response still indicates whether the second download data is written successfully, that is, based on the content in the second response, the host computer determines whether the second download data carried in the second download command sent by it is successfully written in the SE, so that Determine whether to perform subsequent actions. Therefore, the host computer can still use the method process of the related technology to send the download command and process the corresponding command, which will not affect the reception of the download command and the download of the data to be downloaded by the SE in the embodiment of the present application.
  • the host computer can still process the response messages according to the original processing flow in the related technology.
  • the specific processing process will not be described in detail here.
  • the method 400 for downloading data further includes the following steps.
  • the SE when the SE fails to write the first data to be downloaded to its internal memory, it can directly stop receiving subsequent download commands to avoid subsequent invalid command reception and data downloads that cause system resource damage. waste, thus improving the execution efficiency of data download in SE.
  • the overall production efficiency of the production line can be improved and the production capacity of SE can be improved.
  • the method 400 for downloading data further includes the following steps.
  • the SE may continue to receive the third download command carrying the third data to be downloaded.
  • the third download command may be the next command sent by the host computer after sending the second download command.
  • the third download command may be of the same type as the above first download command and the second download command.
  • step S471 the processing of the third download command and the subsequent processing of each piece of download data may be performed in a similar manner from steps S450 to S461 or steps S450 to S462.
  • steps S450 to S461 or steps S450 to S462. please refer to the detailed descriptions of the above embodiments, and will not be described in detail here.
  • Figure 5 shows a schematic flow chart of another method 500 for downloading data provided by an embodiment of the present application.
  • the method 500 for downloading data may further include the following steps in addition to the above steps S310 to S330 .
  • S540 During at least part of the time period when the i-th data to be downloaded is written into the memory, receive the i+1th download command.
  • the i+1th download command carries the i+1th data to be downloaded, where i is positive. integer.
  • S560 Send the i+1th response, which is used to indicate whether writing the ith data to be downloaded to the memory and the i+1th data to be downloaded are executed successfully.
  • the i-th data to be downloaded may be the data carried by the i-th download command received by the SE.
  • the i-th download command may be any download command received by the SE.
  • the i-th download command may be The first download command, the second download command, the third download command and any subsequent command in the above embodiment.
  • the SE can simultaneously receive the i+1th download command to save the SE for the i-th download command and the i+th download command. 1The overall processing time of the download command.
  • step S550 when the i+1th download command is the last download command, after the SE writes the i-th to-be-downloaded data carried by the i-th download command into its internal memory, the SE then writes Write the i+1th data to be downloaded carried by the i+1th download command.
  • step S560 after the SE writes the i+1th data to be downloaded carried by the i+1th download command into its internal memory, the i+1th data to be downloaded and the i+1th data to be downloaded are stored in the memory according to In the case of writing, the SE can send the i+1th response to the host computer.
  • the i+1th response is used to indicate whether writing the ith data to be downloaded to the memory and the i+1th data to be downloaded are executed successfully.
  • the (i+1)th response may be used to indicate whether the writing of the (i)th data to be downloaded and the (i+1)th data to be downloaded to the memory is executed successfully. Specifically, if any one of the i-th data to be downloaded and the i+1-th data to be downloaded fails to be written in the memory, the i+1-th response may be used to indicate writing the i-th data to be downloaded into the memory and The overall execution of the i+1th data to be downloaded failed.
  • the i+1-th response can be used to indicate that the i-th data to be downloaded and the i+1-th data to be downloaded are written to the memory.
  • the overall execution of the data to be downloaded was successful.
  • the i+1th response may also be used to respectively indicate whether writing the i-th data to be downloaded to the memory is successfully executed, and whether writing the i+1th data to be downloaded to the memory is executed successfully.
  • SE can process the last download command in a timely and convenient manner, and send the last two download commands to carry the execution status of data writing in the memory, ensuring the integrity and reliability of the entire data download. performance, thereby ensuring the overall performance of SE.
  • Figure 6 shows a schematic flow chart of another method 600 for downloading data provided by an embodiment of the present application.
  • the method 600 for downloading data further includes the following steps in addition to the above steps S310 to S330 .
  • S640 During at least part of the time period when the i-th data to be downloaded is written into the memory, receive the i+1th download command.
  • the i+1th download command carries the i+1th data to be downloaded, where i is positive. integer.
  • S660 Send the i+1th response, which is used to indicate whether writing the ith data to be downloaded to the memory and the i+1th data to be downloaded are executed successfully.
  • step S640 can be referred to step S540 in Figure 5 above, and will not be described in detail here.
  • step S650 when the i+1th download command is the last download command, SE can determine whether to write the i+1th data to be downloaded to the memory based on the writing situation of the ith data to be downloaded in the memory. . Specifically, when the writing of the i-th data to be downloaded in the memory fails, the i+1th data to be downloaded may not be written to the memory. On the contrary, when the i-th data to be downloaded is successfully written in the memory, Only then the i+1th data to be downloaded is written to the memory.
  • the i+1th response may be used to indicate whether writing the ith data to be downloaded and the entire i+1th data to be downloaded to the memory is successfully executed.
  • the i+1th response may also be used to respectively indicate whether the writing of the ith data to be downloaded to the memory is successfully executed, and whether the writing of the i+1th data to be downloaded to the memory is executed successfully.
  • Figure 7 shows a schematic flow chart of another method 700 for downloading data provided by an embodiment of the present application.
  • the host computer After receiving the first preset response, the host computer sends a second download command to the communication module. During the process of the operation module writing the first data to be downloaded into the memory, the communication module also receives the second download command synchronously.
  • the communication module may send a second response to the host computer indicating whether the first data to be downloaded is successfully written into the memory.
  • the operation module synchronously writes the second data to be downloaded into the memory.
  • the operation module can write the second data to be downloaded to the memory immediately after writing the first data to be downloaded to the memory, with only a small time difference or even no time difference between the two. Further, since it takes a long time for the operation module to write the second data to be downloaded to the memory, the time for the operation module to write the second data to be downloaded to the memory can be used.
  • the communication module After sending the second response, the communication module also receives The third download command sent by the host computer.
  • the communication module also receives the mth download command synchronously. After the operation module writes the m-1th data to be downloaded into the memory, the communication module may send the mth response to the host computer indicating whether the m-1th data to be downloaded is successfully written into the memory. When the m-1th data to be downloaded is successfully written into the memory, while the communication module sends the mth response to the host computer, the operation module synchronously writes the mth data to be downloaded into the memory.
  • the communication module can send an instruction to the host computer to indicate the mth
  • the m+1th response is whether the data to be downloaded and the m+1th data to be downloaded are successfully written into the memory.
  • S840 Receive the second download command to the j-th download command, where the second download command carries the second data to be downloaded, the j-th download command carries the j-th data to be downloaded, and j is a positive integer greater than 1.
  • S860 Send the second preset response to the jth preset response during at least part of the time period when the second to-be-downloaded data to the j-th to-be-downloaded data are sequentially written into the memory.
  • step S850 after receiving the second download command to the j-th download command, the SE may sequentially write the second data to be downloaded to the j-th data to be downloaded into its internal memory.
  • step S860 the SE sends the second preset response to the jth preset response during at least part of the time period when the second to-be-downloaded data to the j-th to-be-downloaded data are sequentially written into its internal memory.
  • the SE after receiving the second download command sent by the upper computer, the SE sends a second preset response to the upper computer. After receiving the second preset response, the host computer sends a third download command to the SE.
  • the SE may receive the second download command to the j-th download command, and after receiving each download command, send its corresponding preset response.
  • the SE can send the second to the j-th preset response to the host computer.
  • the SE's processing time for the second download command to the j-th download command can be saved, that is, the SE's overall download time for the second to-be-downloaded data to the j-th data to be downloaded can be saved.
  • Figure 9 shows a schematic flow chart of another method 900 for downloading data provided by an embodiment of the present application.
  • the method 900 for downloading data further includes the following steps in addition to the above steps S310 to S330 .
  • S950 Write the second to-be-downloaded data to the x-th data to be downloaded sequentially into the memory, where the x-th data to be downloaded is the data that failed to be written into the memory, and x is a positive integer greater than 1 and less than or equal to j.
  • step S940 reference may be made to the relevant description of step S840 in Figure 8 above, which will not be described again here.
  • step S950 after receiving the second download command to the j-th download command, SE sequentially writes the to-be-downloaded data carried by the at least one download command into its internal memory. While downloading data, write execution failed. In this case, the SE no longer writes the data carried by the subsequent download command to the memory, thereby avoiding the waste of system resources caused by the writing of subsequent data.
  • step S960 the SE sends the second preset response to the jth preset response during at least part of the time period when the second to-be-downloaded data to the x-th to-be-downloaded data are sequentially written into its internal memory.
  • the SE after receiving the second download command sent by the upper computer, the SE sends a second preset response to the upper computer. After receiving the second preset response, the host computer sends a third download command to the SE.
  • the SE may receive the second download command to the j-th download command, and after receiving each download command, send its corresponding preset response.
  • the SE While the SE performs the above-mentioned data communication with the host computer, the SE also sequentially writes the second data to be downloaded to the xth data to be downloaded to its internal memory. That is to say, in the technical solution implemented in this application, the SE can be used to sequentially write the second data to be downloaded to at least part of the time period of the xth data to be downloaded into its internal memory, and send the second preset response to the host computer to the jth data. Canned response. Through this technical solution, it can not only save the processing time of the second download command to the jth download command in SE, but also avoid the waste of system resources and improve the execution efficiency of data download in SE.
  • the method 900 for downloading data may also include the following steps.
  • S980 Send the j+1th response, which is used to indicate whether writing the first data to be downloaded to the j+1th data to be downloaded in the memory is executed successfully.
  • the SE can be used to sequentially write the second to-be-downloaded data to at least part of the x-th data to be downloaded into its internal memory, and receive the j+1th download command sent by the host computer, thereby reducing the The overall processing time for the j+1th download command.
  • the j+1 download command is the next command after the jth download command sent by the host computer.
  • the SE may send the j+1th response to the host computer.
  • the j+1th response may be used to instruct the memory to write the first to-be-downloaded data to the j+th 1. Whether the entire data to be downloaded is executed successfully. Specifically, if any one of the first data to be downloaded to the j+1th data to be downloaded fails to be written into the memory, the j+1th response is used to instruct the writing of the first data to be downloaded into the memory. The overall execution of downloading data to the j+1th data to be downloaded failed.
  • steps S870 to S890 may also be further included.
  • steps S870 to S890 please refer to the related description of steps S970 to S990 in the embodiment of FIG. 9 , not to go into too much detail here.
  • the SE includes a communication module and an operation module.
  • the communication module and the operation module can work in parallel.
  • the communication module is used to realize data communication with the host computer, and the operation module is used to realize data communication with the host computer. To write data to the memory.
  • the operation module writes the first data to be downloaded into the memory.
  • the communication module synchronously sends the first preset response to the host computer.
  • the host computer After receiving the first preset response, the host computer sends a second download command to the communication module. During the process of the operation module writing the first data to be downloaded into the memory, the communication module also receives the second download command synchronously.
  • the communication module After the communication module receives the second download command, the communication module sends a second preset response to the host computer.
  • the operation module can synchronously write the first data to be downloaded to the memory, or write the second data to be downloaded to the memory.
  • the communication module also receives the m+1-th download command. After the operation module writes the first data to be downloaded to the m-th data to be downloaded into the memory, the operation module continues to write the m+1-th data to be downloaded into the memory. And after the operation module writes the m+1th data to be downloaded into the memory, the communication module sends the m+1th data to the host computer to indicate whether the first data to be downloaded to the m+1th data to be downloaded are successfully written into the memory. response.
  • the first data to be downloaded can be first written to the cache memory of the secure element, and then the first preset response can be sent, and then the cached first data to be downloaded can be Write to Flash memory.
  • the device 1100 for downloading data includes: a communication module 1110 and an operation module 1120.
  • the communication module 1110 is configured to receive a first download command, which carries the first data to be downloaded.
  • the operation module 1120 is used to write the first data to be downloaded into the memory inside the SE.
  • the communication module 1110 is also used to send a first preset response.
  • the communication module 1110 is also used to receive a second download command, and the second download command carries the second data to be downloaded. Download data.
  • the communication module 1110 after the communication module 1110 receives the second download command and the operation module 1120 writes the first data to be downloaded to the memory, the communication module 1110 is also used to: send a second response, the second response is used to Indicate: whether the operation module 1120 writes the first data to be downloaded to the memory successfully.
  • the operation module 1120 when the operation module 1120 writes the first data to be downloaded to the memory successfully, the operation module 1120 is also configured to write the first data to the memory while the communication module 1110 sends the second response. The second data is to be downloaded.
  • the operation module 1120 when the operation module 1120 fails to write the first data to be downloaded into the memory, the operation module 1120 is also configured to: determine that the execution of the download data fails, and stop receiving subsequent download commands.
  • the communication module 1110 is also used to: receive the i-th data to be downloaded. +1 download command, the i+1th download command carries the i+1th data to be downloaded, where i is a positive integer; when the i+1th download command is the last download command, the operation module 1120 also uses In: writing the i+1th data to be downloaded into the memory; the communication module 1110 is also used to: send the i+1th response, and the i+1th response is used to instruct: the operation module 1120 writes the ith data to be downloaded into the memory. And whether the i+1th data to be downloaded is executed successfully.
  • the communication module 1110 after the communication module 1110 sends the first preset response, and during at least part of the time period when the operation module 1120 writes the i-th data to be downloaded into the memory, the communication module 1110 is also used to: receive the i-th data to be downloaded.
  • the communication module 1110 is further configured to: receive the second download command to the j-th download command, wherein the second download command carries the second download command to be processed.
  • Download data the jth download command carries the jth data to be downloaded, j is a positive integer greater than 1;
  • the operation module 1120 is also used to: sequentially write the second data to be downloaded to the jth data to be downloaded to the memory; in the operation module 1120.
  • the communication module 1110 is also used to: send the second preset response to the j-th preset response.
  • the communication module 1110 after the communication module 1110 sends the second preset response to the j-th preset response, at least part of the time when the operation module 1120 sequentially writes the second data to be downloaded to the x-th data to be downloaded into the memory.
  • the communication module 1110 is also used to: receive the j+1th download command, which carries the j+1th data to be downloaded; the communication module 1110 is also used to: send the j+1th response, the jth The +1 response is used to indicate whether writing the first data to be downloaded to the j+1th data to be downloaded in the memory is executed successfully.
  • the device 1100 for downloading data is a flash memory download unit in the SE, and the memory is a flash memory in the SE.
  • the flash download unit may include a flash download program, where the flash download program may be stored in Flash, or the flash download program may also be stored in other memories in the SE.
  • the embodiment of the present application also provides a device 1200 for downloading data, including: a memory 1210 and a processor 1220; the memory 1210 is used to store a computer program, and the processor 1220 is used to call the computer program.
  • the device 1200 for downloading data executes the method for downloading data in any of the above embodiments.
  • An embodiment of the present application also provides a computer program product containing instructions, which when executed by a computer causes the computer to perform the method for downloading data in any of the above embodiments.
  • Figure 13 shows a schematic structural block diagram of a security element 1300 provided by an embodiment of the present application.
  • the secure element 1300 may include the above-mentioned device 1100 for downloading data or the device 1200 for downloading data.
  • the secure element 1300 may be a secure element chip.
  • the secure element 1300 may further include an encryption/decryption module for protecting relevant data in the secure element 1300 .
  • the size of the sequence numbers of each process does not mean the order of execution.
  • the execution order of each process should be determined by its functions and internal logic, and should not be used in the embodiments of the present application.
  • the implementation process constitutes any limitation.
  • the processor or processing unit in the embodiment of the present application may be an integrated circuit chip with signal processing capabilities.
  • each step of the above method embodiment can be completed through an integrated logic circuit of hardware in the processor or instructions in the form of software.
  • the steps of the method disclosed in conjunction with the embodiments of the present application can be directly implemented by a hardware decoding processor, or executed by a combination of hardware and software modules in the decoding processor.
  • the software module can be located in random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, registers and other mature storage media in this field.
  • the storage medium is located in the memory, and the processor reads the information in the memory and completes the steps of the above method in combination with its hardware.
  • the memory or storage unit in the embodiment of the present application may be a volatile memory or a non-volatile memory, or may include both volatile and non-volatile memories.
  • the functions are implemented in the form of software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium.
  • the technical solution of the present application is essentially or the part that contributes to the existing technology or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in various embodiments of this application.
  • the aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM), random access memory (RAM), magnetic disk or optical disk and other various media that can store program codes.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Stored Programmes (AREA)
  • Retry When Errors Occur (AREA)

Abstract

La présente demande concerne un procédé et un appareil de téléchargement vers l'aval de données, et un élément sécurisé (SE). Au moyen de la présente demande, un temps de traitement de téléchargement vers l'aval pour des données dans un SE peut être raccourci, de sorte que le rendement de production de SE et l'expérience d'utilisation d'utilisateurs soient améliorés. Le procédé de téléchargement vers l'aval de données est appliqué à un SE, et comprend les étapes suivantes : réception d'une première commande de téléchargement vers l'aval, la première commande de téléchargement vers l'aval portant des premières données à télécharger vers l'aval ; écriture desdites premières données dans une mémoire dans un SE ; et envoi d'une première réponse prédéfinie dans au moins une partie d'une période de temps pendant laquelle lesdites premières données sont écrites dans la mémoire. Dans la solution technique, au lieu d'envoyer une réponse selon un résultat d'exécution uniquement après que l'écriture de premières données à télécharger vers l'aval dans une mémoire soit exécutée, un SE envoie directement une première réponse prédéfinie pendant le processus d'écriture desdites premières données dans la mémoire, de sorte que le temps de traitement de téléchargement vers l'aval du SE pour une première commande de téléchargement vers l'aval et lesdites premières données contenues dans celui-ci soit raccourci, ce qui permet d'améliorer l'efficacité de production du SE et d'améliorer l'expérience d'utilisation d'un utilisateur concernant le SE.
PCT/CN2022/136116 2022-06-13 2022-12-02 Procédé et appareil de téléchargement vers l'aval de données, et élément sécurisé WO2023240941A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210660260.6 2022-06-13
CN202210660260.6A CN114760276B (zh) 2022-06-13 2022-06-13 下载数据的方法、装置和安全元件

Publications (1)

Publication Number Publication Date
WO2023240941A1 true WO2023240941A1 (fr) 2023-12-21

Family

ID=82336790

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/136116 WO2023240941A1 (fr) 2022-06-13 2022-12-02 Procédé et appareil de téléchargement vers l'aval de données, et élément sécurisé

Country Status (2)

Country Link
CN (1) CN114760276B (fr)
WO (1) WO2023240941A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114760276B (zh) * 2022-06-13 2022-09-09 深圳市汇顶科技股份有限公司 下载数据的方法、装置和安全元件

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103019755A (zh) * 2011-09-26 2013-04-03 东莞易步机器人有限公司 嵌入式系统中多cpu的无线程序下载方法
US20160188208A1 (en) * 2014-12-24 2016-06-30 Samsung Electronics Co., Ltd. Nonvolatile memory system and operation method of the same
CN106888448A (zh) * 2015-12-15 2017-06-23 中国移动通信集团公司 应用下载方法、安全元件及终端
CN111404706A (zh) * 2019-01-02 2020-07-10 中国移动通信有限公司研究院 应用下载方法、安全元件、客户端设备及服务管理设备
CN112702418A (zh) * 2020-12-21 2021-04-23 潍柴动力股份有限公司 双缓存数据下载控制方法、装置及车辆
CN114760276A (zh) * 2022-06-13 2022-07-15 深圳市汇顶科技股份有限公司 下载数据的方法、装置和安全元件

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2605202B1 (fr) * 2011-12-15 2015-07-08 BlackBerry Limited Procédé et dispositif pour gérer un élément sécurisé
US9240994B2 (en) * 2013-10-28 2016-01-19 At&T Intellectual Property I, Lp Apparatus and method for securely managing the accessibility to content and applications
EP3295310A4 (fr) * 2015-05-14 2018-12-26 Adesto Technologies Corporation Lecture simultanée et opérations d'écriture reconfigurées dans un dispositif de mémoire
CN105592091B (zh) * 2015-12-30 2018-12-25 中国银联股份有限公司 安全性应用下载方法
CN106940776A (zh) * 2016-01-04 2017-07-11 中国移动通信集团公司 一种敏感数据操作方法和移动终端
US11282056B2 (en) * 2016-04-20 2022-03-22 Thales Dis Usa, Inc. Method, servers and system for downloading an updated profile
CN108696579A (zh) * 2018-04-28 2018-10-23 北京奇艺世纪科技有限公司 一种请求响应方法、装置及电子设备
CN108959117B (zh) * 2018-06-22 2021-01-19 深圳忆联信息系统有限公司 H2d写操作加速方法、装置、计算机设备及存储介质
KR102657876B1 (ko) * 2018-09-07 2024-04-17 삼성전자주식회사 Ssp 단말과 서버가 디지털 인증서를 협의하는 방법 및 장치
CN111124503B (zh) * 2018-11-01 2021-09-14 华为终端有限公司 一种nfc应用的自动激活方法及终端
CN110673849B (zh) * 2019-08-14 2023-04-21 惠州市德赛西威智能交通技术研究院有限公司 一种批量预设置文件安全上下文的方法及装置
CN111143854B (zh) * 2019-12-25 2021-11-30 眸芯科技(上海)有限公司 芯片的安全启动装置、系统及方法
CN110929254B (zh) * 2020-01-09 2023-08-22 成都三零嘉微电子有限公司 安全可信cpu芯片otp数据批量加载系统及方法
CN112540729A (zh) * 2020-12-11 2021-03-23 捷德(中国)科技有限公司 数据下载的方法、装置、智能卡及存储介质

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103019755A (zh) * 2011-09-26 2013-04-03 东莞易步机器人有限公司 嵌入式系统中多cpu的无线程序下载方法
US20160188208A1 (en) * 2014-12-24 2016-06-30 Samsung Electronics Co., Ltd. Nonvolatile memory system and operation method of the same
CN106888448A (zh) * 2015-12-15 2017-06-23 中国移动通信集团公司 应用下载方法、安全元件及终端
CN111404706A (zh) * 2019-01-02 2020-07-10 中国移动通信有限公司研究院 应用下载方法、安全元件、客户端设备及服务管理设备
CN112702418A (zh) * 2020-12-21 2021-04-23 潍柴动力股份有限公司 双缓存数据下载控制方法、装置及车辆
CN114760276A (zh) * 2022-06-13 2022-07-15 深圳市汇顶科技股份有限公司 下载数据的方法、装置和安全元件

Also Published As

Publication number Publication date
CN114760276B (zh) 2022-09-09
CN114760276A (zh) 2022-07-15

Similar Documents

Publication Publication Date Title
JP4960364B2 (ja) ハードウェア支援されたデバイス設定検出
US10783086B2 (en) Method and apparatus for increasing a speed of accessing a storage device
CN109726163B (zh) 一种基于spi的通信系统、方法、设备和储存介质
TWI430097B (zh) 資訊處理設備、資訊處理系統、資訊處理方法及電腦程式
US6810444B2 (en) Memory system allowing fast operation of processor while using flash memory incapable of random access
US5263168A (en) Circuitry for automatically entering and terminating an initialization mode in a data processing system in response to a control signal
KR102331926B1 (ko) 저장 장치를 포함하는 호스트 시스템의 동작 방법 및 저장 장치 제어기의 동작 방법
WO2023240941A1 (fr) Procédé et appareil de téléchargement vers l'aval de données, et élément sécurisé
US10664418B2 (en) Peripheral device controlling device, operation method thereof, and operation method of peripheral device controlling device driver
WO2024093542A1 (fr) Procédé et appareil de communication sans pilote usb, dispositif électronique et support de stockage
CN112596808A (zh) 一种嵌入式系统的参数存储机制
KR20020036717A (ko) 마이크로컴퓨터 및 그 제어 방법
JP7355876B2 (ja) プログラム起動方法及び機器、記憶媒体
KR20040067063A (ko) 디지털 신호 처리장치의 저전력 소비형 캐시 메모리 장치및 이에 대한 제어방법
US6718405B2 (en) Hardware chain pull
JP4793798B2 (ja) マイクロコンピュータ
KR100658918B1 (ko) 블록 단위 입출력 명령어를 이용한 시스템 전역 변수초기화 장치 및 그 방법
CN115599408B (zh) 处理器的数据烧录方法、设备及存储介质
JP4988982B2 (ja) マイクロコンピュータの制御方法
JP5066884B2 (ja) Cpuを内蔵した情報記録媒体及びプログラム
CN108509013B (zh) 一种处理指令的方法及装置
CN117220861A (zh) 秘钥烧录系统、方法、智能网卡以及可读存储介质
CN115617521A (zh) 一种收取应用进程内存快照的方法、装置及介质
CN117435212A (zh) 裸金属服务器管理方法及相关装置
JP5093322B2 (ja) 情報処理装置、情報処理システム、および情報処理方法、並びにコンピュータ・プログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22946607

Country of ref document: EP

Kind code of ref document: A1