WO2024071769A1 - Dispositif électronique comprenant un élément sécurisé et son procédé de fonctionnement - Google Patents

Dispositif électronique comprenant un élément sécurisé et son procédé de fonctionnement Download PDF

Info

Publication number
WO2024071769A1
WO2024071769A1 PCT/KR2023/013918 KR2023013918W WO2024071769A1 WO 2024071769 A1 WO2024071769 A1 WO 2024071769A1 KR 2023013918 W KR2023013918 W KR 2023013918W WO 2024071769 A1 WO2024071769 A1 WO 2024071769A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
applet
reset
installation
option
Prior art date
Application number
PCT/KR2023/013918
Other languages
English (en)
Korean (ko)
Inventor
이동훈
조대행
김학현
김현석
Original Assignee
삼성전자 주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020220145022A external-priority patent/KR20240045934A/ko
Application filed by 삼성전자 주식회사 filed Critical 삼성전자 주식회사
Publication of WO2024071769A1 publication Critical patent/WO2024071769A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/24Resetting means
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Definitions

  • Embodiments of the present disclosure relate to an electronic device including a secure element (SE) and a method of operating the same.
  • SE secure element
  • Electronic devices Due to the development of wireless communication technology and security technology, the functions and services provided by personal electronic devices such as smartphones are gradually expanding. Electronic devices may include multiple applications to provide various functions and services.
  • the electronic device can use security functions to provide services that require security.
  • the electronic device includes a secure element (SE) (e.g., an embedded SE (eSE)), through which the user experiences a service that requires high security (e.g., a digital key, electronic banking, or electronic payment).
  • SE secure element
  • eSE embedded SE
  • the security element may include one or multiple applets, and may provide various services to the user through execution of the applets.
  • An electronic device may include an application processor and a security element including the processor and memory.
  • the processor may be configured to receive a first installation command including installation data of the first applet from the application processor.
  • the processor may be configured to install the first applet based on the first installation command.
  • the processor may be configured to store the installation data and execution data of the first applet in the memory.
  • the processor may be configured to store first user data associated with the first applet in the memory.
  • the processor may be configured to receive a reset command for the secure element from the application processor.
  • the processor may be configured to maintain the installation data and/or the execution data and remove the first user data in response to the reset command.
  • a method of operating an electronic device may include receiving a first installation command including installation data of a first applet.
  • the method may include installing the first applet based on the first installation command.
  • the method may include storing the installation data and execution data of the first applet in memory.
  • the method may include storing first user data associated with the first applet in the memory.
  • the method may include receiving a reset command for the secure element.
  • the method may include maintaining the installation data and the execution data and removing the first user data in response to the reset command.
  • a non-transitory computer-readable storage medium storing one or more programs, wherein the one or more programs, when executed by at least one processor of an electronic device, cause the electronic device to: include installation data of a first applet; Receive a first installation command, install the first applet based on the first installation command, store the installation data and execution data of the first applet in a memory, and determine a first user associated with the first applet. store data in the memory, receive a reset command for the secure element from the application processor, and in response to the reset command, retain the installation data and/or the executable data and remove the first user data. It may contain configuring commands.
  • FIG. 1 is a block diagram of an electronic device in a network environment according to various embodiments.
  • FIG. 2 is a diagram for explaining the configuration of an electronic device including a security element, according to an embodiment.
  • FIG. 3 is a diagram for explaining the configuration of an electronic device that stores user data of a security element according to an embodiment.
  • FIG. 4 is a diagram illustrating a data storage area of a security element according to an embodiment.
  • Figure 5 is a diagram for explaining the operation of a security element that removes user data according to an embodiment.
  • FIG. 6 is a diagram illustrating the operation of a security element that removes user data through an applet according to an embodiment.
  • Figure 7 is a flowchart for explaining the operation of a security element according to an embodiment.
  • FIG. 8 is a flowchart illustrating the operation of a security element that removes user data through an applet according to an embodiment.
  • Figure 9 shows a signal flow diagram illustrating a procedure for removing user data of a secure element according to one embodiment.
  • Figure 10 shows a signal flow diagram illustrating a procedure for removing data from a secure element according to one embodiment.
  • Figure 11 shows a signal flow diagram illustrating a procedure for removing user data of a secure element through an applet according to one embodiment.
  • Figure 12 shows a signal flow diagram explaining a procedure for changing the reset type according to one embodiment.
  • FIG. 1 is a block diagram of an electronic device 101 in a network environment 100, according to various embodiments.
  • the electronic device 101 communicates with the electronic device 102 through a first network 198 (e.g., a short-range wireless communication network) or a second network 199. It is possible to communicate with the electronic device 104 or the server 108 through (e.g., a long-distance wireless communication network). According to one embodiment, the electronic device 101 may communicate with the electronic device 104 through the server 108.
  • a first network 198 e.g., a short-range wireless communication network
  • a second network 199 e.g., a long-distance wireless communication network.
  • the electronic device 101 may communicate with the electronic device 104 through the server 108.
  • the electronic device 101 includes a processor 120, a memory 130, an input module 150, an audio output module 155, a display module 160, an audio module 170, and a sensor module ( 176), interface 177, connection terminal 178, haptic module 179, camera module 180, power management module 188, battery 189, communication module 190, subscriber identification module 196 , or may include an antenna module 197.
  • at least one of these components eg, the connection terminal 178) may be omitted or one or more other components may be added to the electronic device 101.
  • some of these components e.g., sensor module 176, camera module 180, or antenna module 197) are integrated into one component (e.g., display module 160). It can be.
  • the processor 120 for example, executes software (e.g., program 140) to operate at least one other component (e.g., hardware or software component) of the electronic device 101 connected to the processor 120. It can be controlled and various data processing or calculations can be performed. According to one embodiment, as at least part of data processing or computation, the processor 120 stores commands or data received from another component (e.g., sensor module 176 or communication module 190) in volatile memory 132. The commands or data stored in the volatile memory 132 can be processed, and the resulting data can be stored in the non-volatile memory 134.
  • software e.g., program 140
  • the processor 120 stores commands or data received from another component (e.g., sensor module 176 or communication module 190) in volatile memory 132.
  • the commands or data stored in the volatile memory 132 can be processed, and the resulting data can be stored in the non-volatile memory 134.
  • the processor 120 includes a main processor 121 (e.g., a central processing unit or an application processor) or an auxiliary processor 123 that can operate independently or together (e.g., a graphics processing unit, a neural network processing unit ( It may include a neural processing unit (NPU), an image signal processor, a sensor hub processor, or a communication processor).
  • a main processor 121 e.g., a central processing unit or an application processor
  • auxiliary processor 123 e.g., a graphics processing unit, a neural network processing unit ( It may include a neural processing unit (NPU), an image signal processor, a sensor hub processor, or a communication processor.
  • the electronic device 101 includes a main processor 121 and a secondary processor 123
  • the secondary processor 123 may be set to use lower power than the main processor 121 or be specialized for a designated function. You can.
  • the auxiliary processor 123 may be implemented separately from the main processor 121 or as part of it.
  • the auxiliary processor 123 may, for example, act on behalf of the main processor 121 while the main processor 121 is in an inactive (e.g., sleep) state, or while the main processor 121 is in an active (e.g., application execution) state. ), together with the main processor 121, at least one of the components of the electronic device 101 (e.g., the display module 160, the sensor module 176, or the communication module 190) At least some of the functions or states related to can be controlled.
  • co-processor 123 e.g., image signal processor or communication processor
  • may be implemented as part of another functionally related component e.g., camera module 180 or communication module 190. there is.
  • the auxiliary processor 123 may include a hardware structure specialized for processing artificial intelligence models.
  • Artificial intelligence models can be created through machine learning. For example, such learning may be performed in the electronic device 101 itself, where artificial intelligence is performed, or may be performed through a separate server (e.g., server 108).
  • Learning algorithms may include, for example, supervised learning, unsupervised learning, semi-supervised learning, or reinforcement learning, but It is not limited.
  • An artificial intelligence model may include multiple artificial neural network layers.
  • Artificial neural networks include deep neural network (DNN), convolutional neural network (CNN), recurrent neural network (RNN), restricted boltzmann machine (RBM), belief deep network (DBN), bidirectional recurrent deep neural network (BRDNN), It may be one of deep Q-networks or a combination of two or more of the above, but is not limited to the examples described above.
  • artificial intelligence models may additionally or alternatively include software structures.
  • the memory 130 may store various data used by at least one component (eg, the processor 120 or the sensor module 176) of the electronic device 101. Data may include, for example, input data or output data for software (e.g., program 140) and instructions related thereto.
  • Memory 130 may include volatile memory 132 or non-volatile memory 134.
  • the program 140 may be stored as software in the memory 130 and may include, for example, an operating system 142, middleware 144, or application 146.
  • the input module 150 may receive commands or data to be used in a component of the electronic device 101 (e.g., the processor 120) from outside the electronic device 101 (e.g., a user).
  • the input module 150 may include, for example, a microphone, mouse, keyboard, keys (eg, buttons), or digital pen (eg, stylus pen).
  • the sound output module 155 may output sound signals to the outside of the electronic device 101.
  • the sound output module 155 may include, for example, a speaker or a receiver. Speakers can be used for general purposes such as multimedia playback or recording playback.
  • the receiver can be used to receive incoming calls. According to one embodiment, the receiver may be implemented separately from the speaker or as part of it.
  • the display module 160 can visually provide information to the outside of the electronic device 101 (eg, a user).
  • the display module 160 may include, for example, a display, a hologram device, or a projector, and a control circuit for controlling the device.
  • the display module 160 may include a touch sensor configured to detect a touch, or a pressure sensor configured to measure the intensity of force generated by the touch.
  • the audio module 170 can convert sound into an electrical signal or, conversely, convert an electrical signal into sound. According to one embodiment, the audio module 170 acquires sound through the input module 150, the sound output module 155, or an external electronic device (e.g., directly or wirelessly connected to the electronic device 101). Sound may be output through the electronic device 102 (e.g., speaker or headphone).
  • the electronic device 102 e.g., speaker or headphone
  • the sensor module 176 detects the operating state (e.g., power or temperature) of the electronic device 101 or the external environmental state (e.g., user state) and generates an electrical signal or data value corresponding to the detected state. can do.
  • the sensor module 176 includes, for example, a gesture sensor, a gyro sensor, an air pressure sensor, a magnetic sensor, an acceleration sensor, a grip sensor, a proximity sensor, a color sensor, an IR (infrared) sensor, a biometric sensor, It may include a temperature sensor, humidity sensor, or light sensor.
  • the interface 177 may support one or more designated protocols that can be used to connect the electronic device 101 directly or wirelessly with an external electronic device (eg, the electronic device 102).
  • the interface 177 may include, for example, a high definition multimedia interface (HDMI), a universal serial bus (USB) interface, an SD card interface, or an audio interface.
  • HDMI high definition multimedia interface
  • USB universal serial bus
  • SD card interface Secure Digital Card interface
  • audio interface audio interface
  • connection terminal 178 may include a connector through which the electronic device 101 can be physically connected to an external electronic device (eg, the electronic device 102).
  • the connection terminal 178 may include, for example, an HDMI connector, a USB connector, an SD card connector, or an audio connector (eg, a headphone connector).
  • the haptic module 179 can convert electrical signals into mechanical stimulation (e.g., vibration or movement) or electrical stimulation that the user can perceive through tactile or kinesthetic senses.
  • the haptic module 179 may include, for example, a motor, a piezoelectric element, or an electrical stimulation device.
  • the camera module 180 can capture still images and moving images.
  • the camera module 180 may include one or more lenses, image sensors, image signal processors, or flashes.
  • the power management module 188 can manage power supplied to the electronic device 101.
  • the power management module 188 may be implemented as at least a part of, for example, a power management integrated circuit (PMIC).
  • PMIC power management integrated circuit
  • the battery 189 may supply power to at least one component of the electronic device 101.
  • the battery 189 may include, for example, a non-rechargeable primary battery, a rechargeable secondary battery, or a fuel cell.
  • Communication module 190 is configured to provide a direct (e.g., wired) communication channel or wireless communication channel between electronic device 101 and an external electronic device (e.g., electronic device 102, electronic device 104, or server 108). It can support establishment and communication through established communication channels. Communication module 190 operates independently of processor 120 (e.g., an application processor) and may include one or more communication processors that support direct (e.g., wired) communication or wireless communication.
  • processor 120 e.g., an application processor
  • the communication module 190 is a wireless communication module 192 (e.g., a cellular communication module, a short-range wireless communication module, or a global navigation satellite system (GNSS) communication module) or a wired communication module 194 (e.g., : LAN (local area network) communication module, or power line communication module) may be included.
  • a wireless communication module 192 e.g., a cellular communication module, a short-range wireless communication module, or a global navigation satellite system (GNSS) communication module
  • GNSS global navigation satellite system
  • wired communication module 194 e.g., : LAN (local area network) communication module, or power line communication module
  • the corresponding communication module is a first network 198 (e.g., a short-range communication network such as Bluetooth, wireless fidelity (WiFi) direct, or infrared data association (IrDA)) or a second network 199 (e.g., legacy It may communicate with an external electronic device 104 through a telecommunication network such as a cellular network, a 5G network, a next-generation communication network, the Internet, or a computer network (e.g., LAN or WAN).
  • a telecommunication network such as a cellular network, a 5G network, a next-generation communication network, the Internet, or a computer network (e.g., LAN or WAN).
  • a telecommunication network such as a cellular network, a 5G network, a next-generation communication network, the Internet, or a computer network (e.g., LAN or WAN).
  • a telecommunication network such as a cellular network, a 5G network, a next-generation communication network
  • the wireless communication module 192 uses subscriber information (e.g., International Mobile Subscriber Identifier (IMSI)) stored in the subscriber identification module 196 within a communication network such as the first network 198 or the second network 199.
  • subscriber information e.g., International Mobile Subscriber Identifier (IMSI)
  • IMSI International Mobile Subscriber Identifier
  • the wireless communication module 192 may support 5G networks after 4G networks and next-generation communication technologies, for example, NR access technology (new radio access technology).
  • NR access technology provides high-speed transmission of high-capacity data (eMBB (enhanced mobile broadband)), minimization of terminal power and access to multiple terminals (mMTC (massive machine type communications)), or high reliability and low latency (URLLC (ultra-reliable and low latency). -latency communications)) can be supported.
  • the wireless communication module 192 may support high frequency bands (eg, mmWave bands), for example, to achieve high data rates.
  • the wireless communication module 192 uses various technologies to secure performance in high frequency bands, for example, beamforming, massive array multiple-input and multiple-output (MIMO), and full-dimensional multiplexing. It can support technologies such as input/output (FD-MIMO: full dimensional MIMO), array antenna, analog beam-forming, or large scale antenna.
  • the wireless communication module 192 may support various requirements specified in the electronic device 101, an external electronic device (e.g., electronic device 104), or a network system (e.g., second network 199).
  • the wireless communication module 192 supports Peak data rate (e.g., 20 Gbps or more) for realizing eMBB, loss coverage (e.g., 164 dB or less) for realizing mmTC, or U-plane latency (e.g., 164 dB or less) for realizing URLLC.
  • Peak data rate e.g., 20 Gbps or more
  • loss coverage e.g., 164 dB or less
  • U-plane latency e.g., 164 dB or less
  • the antenna module 197 may transmit or receive signals or power to or from the outside (eg, an external electronic device).
  • the antenna module 197 may include an antenna including a radiator made of a conductor or a conductive pattern formed on a substrate (eg, PCB).
  • the antenna module 197 may include a plurality of antennas (eg, an array antenna). In this case, at least one antenna suitable for a communication method used in a communication network such as the first network 198 or the second network 199 is connected to the plurality of antennas by, for example, the communication module 190. can be selected Signals or power may be transmitted or received between the communication module 190 and an external electronic device through the at least one selected antenna.
  • other components eg, radio frequency integrated circuit (RFIC) may be additionally formed as part of the antenna module 197.
  • RFIC radio frequency integrated circuit
  • a mmWave antenna module includes: a printed circuit board, an RFIC disposed on or adjacent to a first side (e.g., bottom side) of the printed circuit board and capable of supporting a designated high frequency band (e.g., mmWave band); And a plurality of antennas (e.g., array antennas) disposed on or adjacent to the second side (e.g., top or side) of the printed circuit board and capable of transmitting or receiving signals in the designated high frequency band. can do.
  • a first side e.g., bottom side
  • a designated high frequency band e.g., mmWave band
  • a plurality of antennas e.g., array antennas
  • peripheral devices e.g., bus, general purpose input and output (GPIO), serial peripheral interface (SPI), or mobile industry processor interface (MIPI)
  • signal e.g. commands or data
  • commands or data may be transmitted or received between the electronic device 101 and the external electronic device 104 through the server 108 connected to the second network 199.
  • Each of the external electronic devices 102 or 104 may be of the same or different type as the electronic device 101.
  • all or part of the operations performed in the electronic device 101 may be executed in one or more of the external electronic devices 102, 104, or 108.
  • the electronic device 101 may perform the function or service instead of executing the function or service on its own.
  • one or more external electronic devices may be requested to perform at least part of the function or service.
  • One or more external electronic devices that have received the request may execute at least part of the requested function or service, or an additional function or service related to the request, and transmit the result of the execution to the electronic device 101.
  • the electronic device 101 may process the result as is or additionally and provide it as at least part of a response to the request.
  • cloud computing distributed computing, mobile edge computing (MEC), or client-server computing technology can be used.
  • the electronic device 101 may provide an ultra-low latency service using, for example, distributed computing or mobile edge computing.
  • the external electronic device 104 may include an Internet of Things (IoT) device.
  • Server 108 may be an intelligent server using machine learning and/or neural networks.
  • the external electronic device 104 or server 108 may be included in the second network 199.
  • the electronic device 101 may be applied to intelligent services (e.g., smart home, smart city, smart car, or healthcare) based on 5G communication technology and IoT-related technology.
  • FIG. 2 is a diagram for explaining the configuration of an electronic device including a security element, according to an embodiment.
  • the electronic device 200 (e.g., the electronic device 101 of FIG. 1) includes an application processor (AP) 202 (e.g., the processor 120 of FIG. 1) and a security element ( 210), and the security element 210 may include a processor 212 and memory 214.
  • the application processor 202 may include an application processor of the electronic device 200.
  • the application processor 202 may execute an application that can communicate with the secure element 210.
  • the application processor 202 may communicate with the security element 210 through execution of the application.
  • security element 210 may include an embedded security element (eSE).
  • the security element 210 may include a chip designed to securely store data, securely process data, and protect against unauthorized access to enable secure communication with external electronic devices (not shown). there is.
  • Processor 212 within secure element 210 may store confidential data and/or cryptographic data in memory 214 and may execute restricted applications (e.g., applets). It can be run.
  • processor 212 may execute payment applets that require a high level of security and may provide a trusted user interface that can securely transmit electronic signatures or personal information.
  • Processor 212 may store applets (e.g., installation data and/or executable data) directly in memory 214 and may filter access to the applets. Additionally, the processor 212 can store data (eg, user data) generated through execution of the applets in the memory 214 and keep the user data safe.
  • applets e.g., installation data and/or executable data
  • data e.g, user data
  • the application processor 202 may provide a reset function (e.g., factory reset, hard reset, or master reset) to restore the electronic device 200 to its initial system state by removing information stored in the electronic device 200.
  • a reset function e.g., factory reset, hard reset, or master reset
  • the application processor 202 may perform a factory reset in response to a user input or a reset command from a server (eg, a service provider server).
  • Factory reset may include removing all data, settings, and applications stored in the electronic device 200.
  • the application processor 202 cannot select data to be removed by accessing the memory 214 of the security element 210.
  • all contents e.g., installation data, execution data, and user data
  • the electronic device 200 e.g., the application processor 202
  • the security element 210 It may take a lot of time to restart the security element 210 because the necessary applets of 210 must be reinstalled.
  • the memory 214 of the secure element 210 may include data related to device booting or applet execution, as well as data related to functions required by a service provider (e.g., a telecommunications carrier), such data needs to be maintained even during factory reset.
  • a service provider e.g., a telecommunications carrier
  • Embodiments of the present disclosure may retain some data (e.g., installation data and/or execution data) and remove certain data (e.g., user data) of the data stored in the secure element 210.
  • some data e.g., installation data and/or execution data
  • certain data e.g., user data
  • Embodiments of the present disclosure may retain some of the user data stored in the secure element 210 and remove certain user data (e.g., data associated with a payment applet, or digital key).
  • certain user data e.g., data associated with a payment applet, or digital key.
  • Embodiments of the present disclosure can shorten the restart time of the electronic device 200 by using data remaining in the security element 210 after factory reset.
  • FIG. 3 is a diagram for explaining the configuration of an electronic device that stores user data of a security element according to an embodiment.
  • the processor 212 of the security element 210 includes an operating system (OS) (e.g., eSE OS) 302 and a factory reset application that processes a reset command. FRA) (304). Although not shown, processor 212 may execute one or more applets installed on secure element 210 (eg, a first applet and a second applet).
  • the memory 214 of the security element 210 is one of a supplementary security domain (SSD) (e.g., SSD1) 314, a data storage area 318, or an optional database (DB) 312. It can contain at least one.
  • SSD supplementary security domain
  • DB optional database
  • the auxiliary security area 314 may include installation data and execution data of one or more applets (eg, a first applet and a second applet) installed in the security element 210.
  • the installation data may include an installation file, for example an executable load file (ELF).
  • the executable data may include, for example, an executable file.
  • the auxiliary security area 314 may store execution data of the first applet (eg, APP1) and execution data of the second applet (eg, APP2).
  • the secondary security area 314 may include installation data of a first applet (eg, ELF1) and installation data of a second applet (eg, ELF2).
  • the secondary secure area 314 is a storage area (e.g., for storing related data (e.g., execution data (APP2) and installation data (ELF2)) of at least one specified applet (e.g., a second applet)).
  • related data e.g., execution data (APP2) and installation data (ELF2)
  • ELF2 installation data
  • the secondary secure area 314 may include SSD2) (316).
  • the data storage area 318 is data related to one or more applets (e.g., a first applet and a second applet) installed in the security element 210 (e.g., data generated by the execution of each applet and/or or user data associated with each applet).
  • the data storage area 318 may store first user data (DATA1) related to the first applet and user data (DATA2) related to the second applet.
  • the operating system 302 may use the FRA 304 and the option DB 312 to remove designated user data (e.g., user data within the designated area) within the data storage area 318.
  • FRA 304 may be configured to manage factory reset of secure element 210 .
  • the FRA 304 may receive a reset command indicating a factory reset from the application processor 202, process the factory reset based on the reset command, and send the factory reset processing result to the application processor 202. You can report.
  • Option DB 312 removes related data (e.g., installation data, execution data, and/or user data) for each of the applets installed in the security element 210 when processing a factory reset in the security element 210.
  • Related data e.g., installation data, execution data, and/or user data
  • the reset type may include at least one of a first option, a second option, a third option, or a fourth option.
  • the first option may mean retaining all associated data, including the applet's installation data, execution data and/or user data.
  • the second option may mean removing all user data except the applet's installation data and/or execution data.
  • the third option may mean removing some of the user data of the applet (for example, user data specified by the applet).
  • a fourth option may mean removing all associated data, including the applet's installation data, execution data and/or user data.
  • the processor 212 For an applet (e.g., the first applet) set to the first option, the processor 212 maintains the installation data (ELF1), execution data (APP1), and user data (DATA1) of the first applet upon factory reset. You can.
  • ELF1 installation data
  • APP1 execution data
  • DATA1 user data
  • the processor 212 For an applet (e.g., a second applet) set to the second option, the processor 212 stores user data (DATA2) generated by the second applet while executing the second applet in a designated area in the data storage area 318. It can be stored in a storage area (for example, the second data area 408), and the user data (DATA2) from the second data area 408 can be removed based on a factory reset.
  • the data (APP2) is not removed and can be maintained after factory reset.
  • the processor 212 may initialize the life cycle state of the installation data (ELF2) and execution data (APP2) of the second applet upon factory reset.
  • the processor 212 stores the user data (DATA2) generated by the second applet while executing the second applet in the designated data storage area 318. It may be stored in a storage area (for example, general data area 404).
  • the second applet may include a function (eg, initialization function) to delete its user data based on a factory reset.
  • the processor 212 may execute the second applet based on a factory reset and remove the user data (DATA2) of the second applet.
  • Installation data (ELF1), execution data (APP1), and user data (DATA1) associated with an applet (e.g., the first applet) that is not set to the second or third option, and installation data (DATA1) associated with the second applet ( ELF2) and executable data (APP2) are not removed and can be retained after factory reset.
  • the processor 212 may initialize the life cycle state of the installation data (ELF2) and execution data (APP2) of the second applet upon factory reset.
  • the processor 212 For an applet set to the fourth option (e.g., a third applet: not shown), the processor 212 provides installation data (ELF3), execution data (APP3), and user data of the third applet in response to a factory reset. (DATA3) can be removed altogether.
  • ELF3 installation data
  • APP3 execution data
  • DATA3 user data of the third applet in response to a factory reset.
  • the option DB 312 may store a reset type for each applet (eg, a first applet, a second applet, or a third applet) installed in the security element 210.
  • the reset type indicating the data removal method for factory reset is input to the security element 210 (e.g., FRA 304) through an installation command provided from the application processor 202 during installation of each applet. It can be.
  • the installation command may include information (e.g., an option tag in installation parameters) indicating the type of reset specified by the developer of each applet or required by the service provider server.
  • the FRA 304 may receive information indicating a change in the reset type from the application processor 202 after the applet is installed. The FRA 304 may store the changed reset type in the option DB 312 through the operating system 302.
  • the FRA 304 When a reset command instructing a factory reset is received from the application processor 202 to the security element 210 (e.g., the FRA 304), the FRA 304 receives the command from the option DB 312 via the operating system 302.
  • the reset type of each applet can be read.
  • the operating system 302 may process (e.g., remove) related data (e.g., at least one of installation data, execution data, or user data) of each applet according to the option indicated by the reset type.
  • Table 1 below shows an example of reset types stored in the option DB 312.
  • the option DB 312 may store an applet ID (AID) and reset type fields that identify each applet.
  • the reset type field may be set to 'Data Clear' or 'All Clear'.
  • the reset type is 'Data Clear', which means removing user data except installation data and/or execution data (e.g., a second option or a third option), and the processor 212 may remove user data excluding installation data and/or execution data of the applet upon factory reset.
  • the option DB 312 provides a command (for example, a command) instructing an initialization function of the second applet upon factory reset for an applet (e.g., a second applet) set to 'Data Clear'.
  • ⁇ B4, 00, 01 ⁇ may be further included.
  • the initialization function according to the command may include removing user data from the data storage area 318 by the second applet. In one embodiment, the initialization function according to the command may include selecting at least some user data to be removed by the second applet and removing the selected user data from the data storage area 318.
  • the command may be defined in advance by the owner of the second applet.
  • the processor 212 may notify the second applet to perform an initialization function based on the command upon factory reset, and the second applet may directly remove its user data (for example, at least some user data). You can.
  • the option DB 312 stores the applet's associated data (e.g., installation data, execution data, and/or An "Associated" field indicating whether to remove all user data may be further included. If the "Associated" field is set to YES (e.g., 'O'), the processor 212 may remove all associated data, including installation data, execution data, and user data, of the applet upon factory reset.
  • applet's associated data e.g., installation data, execution data, and/or An "Associated" field indicating whether to remove all user data may be further included. If the "Associated" field is set to YES (e.g., 'O'), the processor 212 may remove all associated data, including installation data, execution data, and user data, of the applet upon factory reset.
  • FIG. 4 is a diagram illustrating a data storage area of a security element according to an embodiment.
  • the memory 214 of the security element 210 may include a data storage area 318, and the data storage area 318 includes a system area 402 and a normal data area ( 404), a first data area 406, a second data area 408, a package area 410, and a free area 412.
  • the first data area 406 may be configured to store user data (e.g., user data (DATA1) associated with the first applet) that is designated to be retained after a factory reset.
  • the second data area 408 may be configured to store user data (e.g., user data (DATA2) associated with the second applet) that is designated to be removed upon factory reset.
  • the second data area 406 is an applet (e.g., a second data area) set to 'All Clear' (e.g., the fourth option) or 'Data Clear' (e.g., the second or third option). Applet) user data can be saved.
  • an applet (e.g., a second applet including an initialization function) set to 'Data Clear' (e.g., a third option) and specified by a command stored in the option DB 312 may store its user data. Can be stored in the general data area 404 or the second data area 408.
  • the processor 212 may use the first data area 406 and the second data area 408 in the same manner.
  • the processor 212 maintains data (eg, user data of at least one applet) stored in the first data area 406 and stores the data in the second data area 408.
  • Stored data e.g. user data of at least one applet
  • the processor 212 may store the user data of the applet set to 'Data Clear' in the second data area 408 based on the reset type stored in the option DB 312.
  • the processor 212 removes the installation data and/or execution data of the applet set to 'All Clear' from the auxiliary security area 314 based on the reset type stored in the option DB 312, and removes the applet's installation data and/or execution data from the secondary security area 314.
  • User data may be removed from the second data area 408 of the data storage area 318.
  • the processor 212 may dynamically adjust the sizes of the first data area 406 and the second data area 408.
  • the processor 212 can control the first data area 406 and the second data area 408 so that incorrect data does not occupy space, and unnecessary empty space is created in the second data area 408 due to the removed data. To prevent this from being wasted, the sizes of each of the first data area 406 and the second data area 408 can be adjusted.
  • Figure 5 is a diagram for explaining the operation of a security element that removes user data according to an embodiment.
  • the security element 210 may receive a reset command indicating a factory reset from the application processor 202 of the electronic device 200.
  • the application processor 202 includes a software module (e.g., an eSE factory reset privileged module) capable of processing a factory reset of the security element 210, and the software module The reset command can be transmitted to the security element 210.
  • the secure element 210 may transmit the reset command to the operating system 302.
  • the operating system 302 may obtain an option indicating the reset type of each applet from the option DB 312.
  • the operating system 302 may remove data from the data storage area 318 based on the obtained option.
  • the operating system 302 For an applet (e.g. a second applet) set to the second option (e.g. 'Data Clear'), the operating system 302 stores installation data (ELF2) and execution data (APP2) in the secondary secure area 314.
  • User data e.g, DATA2 stored in the second data area 408 of the data storage area 318 can be removed without proceeding with data removal. Since the installation data (ELF2) and execution data (APP2) of the second applet are maintained after factory reset, the security element 210 can install the second applet without the need to reinstall the installation data (ELF2) and execution data (APP2). You can use it right away.
  • the operating system 302 may confirm that the user data (eg, DATA2) has been removed from the data storage area 318. In one embodiment, a data removal result may be received from the data storage area 318. In operation 510, the operating system 302 may transmit a response indicating the result of data removal from the data storage area 318 to the FRA 304. In operation 512, the FRA 304 may transmit the response to the application processor 202.
  • the user data eg, DATA2
  • a data removal result may be received from the data storage area 318.
  • the operating system 302 may transmit a response indicating the result of data removal from the data storage area 318 to the FRA 304.
  • the FRA 304 may transmit the response to the application processor 202.
  • FIG. 6 is a diagram illustrating the operation of a security element that removes user data through an applet according to an embodiment.
  • the security element 210 may receive a reset command indicating a factory reset from the application processor 202 of the electronic device 200.
  • the secure element 210 e.g., FRA 304
  • the operating system 302 may obtain an option indicating the reset type of each applet from the option DB 312.
  • the operating system 302 may not directly proceed with data removal for an applet (e.g., a second applet) set to the third option (e.g., 'Data Clear' + initialization function).
  • the operating system 302 may request the FRA 304 to direct the initialization function of the second applet.
  • the FRA 304 may transmit a reset notification to request an initialization function to the second applet using a data removal application programming interface (API).
  • API application programming interface
  • the second applet may directly remove user data that requires initialization among user data in the data storage area 318 based on the data removal API.
  • the second applet supports an initialization function, and FRA 304 may call the initialization function of the second applet to remove user data specified by the second applet.
  • the second applet may distinguish between user data to keep and user data to remove, and may remove the user data in response to a reset notification from FRA 304.
  • the operating system 302 can confirm that the user data (eg, DATA2) is stored in the data storage area 318 directly from the data storage area 318 or through the second applet. In operation 612, the operating system 302 may transmit a response indicating the result of data removal from the data storage area 318 to the FRA 304. In operation 614, FRA 304 may transmit the response to the application processor 202.
  • the user data eg, DATA2
  • the operating system 302 may transmit a response indicating the result of data removal from the data storage area 318 to the FRA 304.
  • FRA 304 may transmit the response to the application processor 202.
  • Figure 7 is a flowchart for explaining the operation of a security element according to an embodiment. Depending on the embodiments, at least one of the operations described below may be omitted, modified, or the order may be changed. At least one of the operations described below may be executed by the processor 212 of the secure element 210.
  • the security element 210 may receive an applet installation command.
  • the installation command may include installation data (eg, ELF) of the applet and may be received from the application processor 202.
  • secure element 210 e.g., processor 212
  • secure element 210 e.g., processor 212
  • memory 214 e.g., auxiliary secure area 314.
  • the security element 210 e.g., processor 212
  • Execution data e.g., executable file
  • operation 715 may be executed before operation 710.
  • the security element 210 identifies the reset type of the applet based on the installation parameters included in the installation command and sets the reset type to memory 214 (e.g., option It can be stored in DB (312)).
  • the installation command may include an installation parameter having an option tag indicating the reset type of the applet, and the option tag may indicate the reset type of the applet as the first option, second option, and third option described above. , or can be specified as any of the fourth options.
  • the security element 210 selects a data removal option (e.g., a second option) for which the reset type of the applet is specified, based on the reset type stored in the option DB 312. You can judge whether it is If the specified data removal option is yes in operation 725, then in operation 750 the security element 210 (e.g., processor 212) removes the user created by the applet while executing the applet. Data may be stored in a designated storage area (eg, second data area 408) within the memory 214.
  • a data removal option e.g., a second option
  • the security element 210 removes the data generated by the applet while executing the applet.
  • User data may be stored in another designated storage area (eg, first data area 406) within the memory 214.
  • the secure element 210 may receive a reset command instructing a factory reset.
  • the reset command may be received from the application processor 202.
  • the security element 210 e.g., processor 212 identifies from the options DB 312 that the reset type of the applet is set to the data removal option (e.g., the second option). You can.
  • the security element 210 e.g., processor 212 maintains installation data and/or execution data of the applet (e.g., a second applet) specified with a data removal option based on the reset command, and , user data can be removed from the memory 214.
  • secure element 210 e.g., processor 212) may clear second data area 408. Installation data and/or execution data of the second applet may remain in the memory 214 even after factory reset.
  • FIG. 8 is a flowchart illustrating the operation of a security element that removes user data through an applet according to an embodiment.
  • at least one of the operations described below may be omitted, modified, or the order may be changed.
  • At least one of the operations described below may be executed by the processor 212 of the secure element 210.
  • the security element 210 may receive an applet installation command.
  • the installation command may include installation data (eg, ELF) of the applet and may be received from the application processor 202.
  • secure element 210 e.g., processor 212
  • secure element 210 e.g., processor 212
  • memory 214 e.g., auxiliary secure area 314.
  • the security element 210 e.g., processor 212
  • Execution data e.g., executable file
  • of the applet may be stored in memory 214 (e.g., auxiliary security area 314).
  • the security element 210 identifies the reset type of the applet based on installation parameters included in the installation command and sets the reset type to memory 214 (e.g., option It can be stored in DB (312)).
  • the installation command may include an installation parameter having an option tag indicating the reset type of the applet, and the option tag may indicate the reset type of the applet as the first option, second option, and third option described above. , or can be specified as any of the fourth options.
  • the security element 210 selects a data removal option (e.g., a third option) for which the reset type of the applet is specified, based on the reset type stored in the option DB 312. You can judge whether it is If the specified data removal option is yes in operation 825, then in operation 850 the security element 210 (e.g., processor 212) determines that the user created by the applet during execution of the applet Data may be stored in a designated storage area (for example, the second data area 408 or the general data area 404) within the memory 214.
  • a data removal option e.g., a third option
  • the security element 210 removes the data generated by the applet while executing the applet.
  • User data may be stored in another designated storage area (for example, the first data area 406 or the general data area 404) within the memory 214.
  • the secure element 210 may receive a reset command instructing a factory reset.
  • the reset command may be received from the application processor 202.
  • the security element 210 e.g., processor 212 sets the reset type of the applet to a data removal option with a reset function (e.g., a third option) from the option DB 312. It can be identified that it exists.
  • the security element 210 maintains installation data and/or execution data of the applet (e.g., a second applet) specified with a data removal option based on the reset command, and , at least some user data of the second applet may be removed from the memory 214.
  • the secure element 210 e.g., processor 212 may execute a second applet and remove at least some user data stored in data storage area 408 through the second applet. Installation data and/or execution data of the second applet may remain in the memory 214 even after factory reset.
  • the secure element 210 (e.g., processor 212) checks from the options DB 312 the reset types of one or more applets installed on the secure element 210 and maintains all of them. It may be determined whether there is at least one applet (eg, a first applet) having a reset type of option (eg, a first option). If there is a first applet with a reset type of the Keep All option, the security element 210 (e.g., processor 212) retrieves the first applet's associated data (e.g., installation data, etc.) based on the reset command. execution data and user data) may not be removed.
  • the first applet's associated data e.g., installation data, etc.
  • the security element 210 (e.g., processor 212) sets the reset type of the keep all option for the first applet if no options are stored in the options DB 312 for the first applet. It can be judged by having it. Related data of the first applet may remain in memory 214 even after factory reset.
  • the secure element 210 (e.g., processor 212) checks from the options DB 312 the reset types of one or more applets installed on the secure element 210 and removes them all. It may be determined whether there is at least one applet (eg, a third applet) having a reset type of option (eg, a fourth option). If there is a third applet with a reset type of Remove All option, the security element 210 (e.g., processor 212) retrieves the third applet's related data (e.g., installation data, etc.) based on the reset command. Execution data and user data) may be removed from the memory 214.
  • the third applet's related data e.g., installation data, etc.
  • FIG. 9 shows a sequence diagram illustrating a procedure for removing user data of a secure element according to an embodiment.
  • at least one of the operations described below may be omitted, modified, or the order may be changed.
  • At least one of the operations described below may be executed by the processor 212 of the secure element 210.
  • the server 314 (e.g., a service provider server) sends the installation command to install the applet on the secure element 210 through the application processor 202 of the electronic device 200. It may be transmitted to the application processor 202, including installation parameters indicating the reset type. In one embodiment, the application processor 202 may install the applet on the secure element 210 using a local script containing an installation command, in which case operation 902 may be omitted.
  • the application processor 202 may transmit an applet installation command by the server 314 or a local script to the operating system 302 of the security element 210.
  • the installation command may include an installation package, and the installation package may include installation data and installation parameters for the applet.
  • the installation parameters may include an option tag specifying a reset type that indicates how to remove the applet's associated data.
  • the operating system 302 may inquire with the FRA 304 whether to store the reset type according to the installation parameter, and in operation 908, upon a request from the FRA 304, the operating system 302 may request an option (e.g. For example, one of the first option, second option, third option, or fourth option) may be stored in the option DB 312.
  • the option DB 312 may store the option along with the AID of the applet.
  • the operating system 302 receives a reset type change command specifying the reset type of the applet from the application processor 202, and stores the changed option of the reset type in the option DB 312. It can be saved in .
  • the operating system 302 may install the applet based on installation data in the installation package, and may store the installation data and execution data of the applet in the auxiliary security area 314. Although not shown, the operating system 302 may allocate storage space (for example, the second data area 408) for the applet within the data storage area 318 according to the reset type option.
  • the operating system 302 may store user data generated by the applet in the data storage area 318 (eg, the second data area 408).
  • the operating system 302 identifies the reset type of the applet stored in the option DB 312, and stores user data in a data storage area (for example, a second option) based on identifying the reset type as a designated data removal option (e.g., a second option). 318) (for example, the second data area 408).
  • the operating system 302 stores user data generated by an applet set to the specified data retention option (e.g., the first option) based on the option DB 312 in the data storage area 318 (e.g., For example, it can be stored in the first data area 408).
  • the application processor 202 may receive a reset request for a factory reset through a user input or from a server (eg, server 314).
  • the application processor 202 may transmit a reset command for factory reset to the FRA 304 of the secure element 212.
  • FRA 304 may transmit the reset command to operating system 302.
  • the operating system 302 may request a reset type from the option DB 312 in response to the reset command.
  • the operating system 302 may receive a reset type for each applet installed in the security element 210 from the option DB 312.
  • the operating system 302 stores data to remove user data in the data storage area 318 based on the received reset type indicating a data removal option (e.g., a second option or a third option).
  • a request can be made to area 318.
  • the operating system 302 may request to clear the second data area 408 of the data storage area 318 based on the reset type.
  • the second data area 408 of the data storage area 318 may be cleared.
  • the operating system 302 may receive a result of data removal in the data storage area 318.
  • the option DB 312 may be initialized after factory reset.
  • the operating system 302 may transmit the data removal processing result to the application processor 202.
  • the operating system 302 may perform a factory reset and transmit the processing results, including data removal, to the application processor 202.
  • the application processor 202 may report the processing result to the server 314.
  • Figure 10 shows a signal flow diagram illustrating a procedure for removing data from a secure element according to one embodiment.
  • at least one of the operations described below may be omitted, modified, or the order may be changed.
  • At least one of the operations described below may be executed by the processor 212 of the secure element 210.
  • the server 314 executes the installation command to install an applet on the secure element 210 through the application processor 202 of the electronic device 200. It may be transmitted to the application processor 202, including installation parameters indicating the reset type. In one embodiment, the application processor 202 may install the applet on the secure element 210 using a local script, in which case operation 1002 may be omitted.
  • the application processor 202 may transmit an applet installation command by the server 314 or a local script to the operating system 302 of the security element 210.
  • the installation command may include an installation package, and the installation package may include installation data and installation parameters for the applet.
  • the installation parameters may include an option tag specifying a reset type that indicates how to remove the applet's associated data.
  • the operating system 302 may inquire with the FRA 304 whether to store the reset type according to the installation parameter, and in operation 1008, upon a request from the FRA 304, the operating system 302 may request an option (e.g. For example, one of the first option, second option, third option, or fourth option) may be stored in the option DB 312.
  • the option DB 312 may store the option along with the AID of the applet.
  • the operating system 302 receives a reset type change command specifying the reset type of the applet from the application processor 202 and stores the reset type option in the option DB 312. You can save it.
  • the operating system 302 may install the applet based on installation data in the installation package, and may store the installation data and execution data of the applet in the auxiliary security area 314. Although not shown, the operating system 302 may allocate storage space (for example, the second data area 408) for the applet within the data storage area 318 according to the reset type option.
  • the operating system 302 may store user data generated by the applet in the data storage area 318 (eg, the second data area 408).
  • the operating system 302 identifies the reset type of the applet stored in the option DB 312, and stores user data in a data storage area (for example, a second option) based on identifying the reset type as a designated data removal option (e.g., a second option). 318) (for example, the second data area 408).
  • the operating system 302 stores user data generated by an applet set to the specified data retention option (e.g., the first option) based on the option DB 312 in the data storage area 318 (e.g., For example, it can be stored in the first data area 408).
  • the application processor 202 may receive a reset request for a factory reset through a user input or from a server (eg, server 314).
  • the application processor 202 may transmit a reset command for factory reset to the FRA 304 of the secure element 212.
  • FRA 304 may transmit the reset command to operating system 302.
  • the operating system 302 may request a reset type from the option DB 312 in response to the reset command.
  • the operating system 302 may receive a reset type for each applet installed in the security element 210 from the option DB 312.
  • the eSE operating system 302 instructs the data storage area 318 to remove the relevant data of the applet based on the received reset type indicating a remove all option (e.g., the fourth option). You can request it.
  • the operating system 302 may request to clear the second data area 408 of the data storage area 318.
  • the second data area 408 of the data storage area 318 may be cleared.
  • operating system 302 may request removal of associated data (e.g., installation data and/or execution data) of that applet from secondary secure area 314.
  • the associated data of the applet in the secondary secure area 314 may be removed.
  • the operating system 302 may receive a result of data removal in the data storage area 318 and the auxiliary security area 314.
  • the option DB 312 may be initialized after factory reset.
  • the operating system 302 may transmit the data removal processing result to the application processor 202.
  • the operating system 302 may perform a factory reset and transmit the processing results, including data removal, to the application processor 202.
  • the application processor 202 may report the processing result to the server 314.
  • Figure 11 shows a signal flow diagram illustrating a procedure for removing user data of a secure element through an applet according to one embodiment.
  • at least one of the operations described below may be omitted, modified, or the order may be changed.
  • At least one of the operations described below may be executed by the processor 212 of the secure element 210.
  • the server 314 (e.g., a service provider server) sends the installation command to install an applet on the secure element 210 through the application processor 202 of the electronic device 200. It may be transmitted to the application processor 202, including installation parameters indicating the reset type. In one embodiment, the application processor 202 may install the applet in the secure element 210 according to a local script, in which case operation 1102 may be omitted.
  • the application processor 202 may transmit an applet installation command by the server 314 or a local script to the operating system 302 of the security element 210.
  • the installation command may include an installation package, and the installation package may include installation data and installation parameters for the applet.
  • the installation parameters may include an option tag specifying a reset type that indicates how to remove the applet's associated data.
  • the operating system 302 may inquire with the FRA 304 whether to store the reset type according to the installation parameter, and in operation 1108, at the request of the FRA 304, an option (e.g. For example, one of the first option, second option, third option, or fourth option) may be stored in the option DB 312.
  • the option DB 312 may store the option along with the AID of the applet.
  • the operating system 302 receives a reset type change command specifying the reset type of the applet from the application processor 202 and stores the reset type option in the option DB 312. You can save it.
  • the operating system 302 may install the applet based on installation data in the installation package, and may store the installation data and execution data of the applet in the auxiliary security area 314. Although not shown, the operating system 302 may allocate storage space (for example, the second data area 408) for the applet within the data storage area 318 according to the reset type option.
  • the operating system 302 may store user data generated by the applet in the data storage area 318 (eg, the second data area 408).
  • the operating system 302 identifies the reset type of the applet stored in the option DB 312, and stores user data in a data storage area (for example, a second option) based on identifying the reset type as a designated data removal option (e.g., a second option). 318) (for example, the second data area 408).
  • the operating system 302 stores user data generated by an applet set to the specified data retention option (e.g., the first option) based on the option DB 312 in the data storage area 318 (e.g., For example, it can be stored in the first data area 408).
  • the application processor 202 may receive a reset request for factory reset through a user input or from a server (eg, server 314).
  • the application processor 202 may transmit a reset command for factory reset to the FRA 304 of the security element 212.
  • the FRA 304 may transmit the reset command to the operating system 302.
  • the operating system 302 may request a reset type from the option DB 312 in response to the reset command.
  • the operating system 302 may receive a reset type for each applet installed in the security element 210 from the option DB 312.
  • the operating system 302 determines that the received reset type indicates a data removal option (e.g., a third option) that includes an initialization function of the applet 1100 (e.g., Applet A (APP A)). Based on this, a reset notification request to execute the initialization function of applet A (1100) can be transmitted to the FRA (304). In operation 1022b, FRA 304 may transmit a reset notification to applet A 1100 to request execution of an initialization function.
  • a data removal option e.g., a third option
  • an initialization function of applet 1100 e.g., Applet A (APP A)
  • FRA 304 may transmit a reset notification to applet A 1100 to request execution of an initialization function.
  • applet A 1100 may execute a reset function and request removal of associated user data in data storage area 318.
  • applet A (1100) can distinguish between user data to be retained and user data to be removed after factory reset by the initialization function, and to remove the corresponding user data in response to the reset notification in the data storage area 318. ) can be requested.
  • at least some user data specified by applet A 1100 within the data storage area 318 may be removed.
  • at least some user data distinguished by the initialization function of Applet A (1100) may be removed.
  • applet A 1100 may receive a data removal result from the data storage area 318. In operation 1128b, applet A 1100 may transmit the data removal result to the operating system 302.
  • the operating system 302 may transmit the data removal processing result to the application processor 202.
  • the operating system 302 may perform a factory reset and transmit the processing results, including data removal, to the application processor 202.
  • the application processor 202 may report the processing result to the server 314.
  • Figure 12 shows a signal flow diagram explaining a procedure for changing the reset type according to one embodiment.
  • at least one of the operations described below may be omitted, modified, or the order may be changed.
  • At least one of the operations described below may be executed by the processor 212 of the secure element 210.
  • the server 314 may receive a reset type change command to change the reset type of the applet.
  • the reset type change command may include a changed option of the applet (eg, any one of the first option, second option, third option, or fourth option).
  • the reset type change command may include installation parameters for the applet, and the installation parameters may include an option tag specifying changed options of the applet.
  • the operating system 302 may inquire with the FRA 304 whether to change the reset type according to the installation parameter, and in operation 1208, the option set to the reset type is requested by the FRA 304. It can be saved back to the option DB (312) along with the applet's AID.
  • the FRA 304 may request data movement to the operating system 302 according to the changed option.
  • the reset type of the applet may be changed from a data removal option (e.g., a second option or a third option) to a maintenance option (e.g., a first option) by the option tag of the installation parameter, FRA 304 may request operating system 302 to move the applet's associated user data stored in data storage area 318.
  • the operating system 302 may instruct the data storage area 318 to move the user data of the applet according to the changed option, and in operation 1214, the user data in the data storage area 318 may be moved. It can be saved.
  • the applet's user data may move from the second data area 408 to the first data area 306. Accordingly, upon factory reset, the user data of the applet can be maintained.
  • the operating system 302 may receive the data movement result of the data storage area 318.
  • the operating system 302 may update a file allocation table (FAT) according to the data movement results to record the location to which the user data has been moved.
  • FAT file allocation table
  • the operating system 302 may transmit the data movement processing result to the application processor 202.
  • the application processor 202 may report the processing result of the reset type change to the server 314.
  • Embodiments of the present disclosure can remove designated data (for example, at least some user data of a designated applet) while maintaining important data stored in the security element even after a factory reset.
  • designated data for example, at least some user data of a designated applet
  • Embodiments of the present disclosure can reduce the time waste and inconvenience of reinstalling and reconfiguring all installation data and execution data of applets after a factory reset and improve the reusability of security elements.
  • Embodiments of the present disclosure can remove designated data through remote factory reset in situations such as device loss.
  • Embodiments of the present disclosure provide various options for the removal method of user data and can use a removal method according to the desired service.
  • Embodiments of the present disclosure may remove specified user data instead of removing all user data upon factory reset.
  • Embodiments of the present disclosure can selectively remove user data of each applet installed in the security element through an initialization function by factory reset.
  • Embodiments of the present disclosure can easily perform selective data removal by separately storing user data to be removed and user data to be retained.
  • the electronic device 200 may include an application processor 202 and a security element 210 including the processor 212 and memory 214.
  • the processor may be configured to receive a first installation command including installation data of the first applet from the application processor.
  • the processor may be configured to install the first applet based on the first installation command.
  • the processor may be configured to store the installation data and execution data of the first applet in the memory.
  • the processor may be configured to store first user data associated with the first applet in the memory.
  • the processor may be configured to receive a reset command for the secure element from the application processor.
  • the processor may be configured to maintain the installation data and/or the execution data and remove the first user data in response to the reset command.
  • the processor stores the first user data in a first data area 408 in the memory and clears the first data area before the secure element is reset in response to the reset command. It can be configured.
  • the first data area may be allocated by the processor to store user data of at least one applet for which a data removal option is set among one or more applets installed in the security element.
  • the installation data and/or the execution data may be maintained in the memory after the security element is reset by the reset command.
  • the processor may be configured to obtain a reset option indicating a reset type of the first applet from the first installation command and store the reset option in the memory.
  • the reset option may direct the secure element to retain the installation data and the execution data of the first applet and to retain the first user data when the secure element is reset.
  • the memory may include an option database (DB), and the option DB may store a reset option indicating a reset type of each applet installed in the security element.
  • DB option database
  • the reset type includes: a first reset option indicating that the secure element retains associated data including installation data, execution data, and/or user data of each applet after the secure element is reset; a second reset option indicating removing user data excluding data and/or executable data, a third reset option indicating removing some specified user data among the user data of each applet, or installation data and executable data of each applet; and/or a fourth reset option indicating removing associated data including user data.
  • the processor receives a second installation command including installation data of a second applet from the application processor, installs the second applet based on the second installation command, and installs the installation data and the second applet.
  • Store execution data of a second applet in the memory store second user data related to the second applet in a second data area 406 in the memory, and in response to the reset command, store the execution data of the second applet in the memory. It may be configured to maintain installation data, execution data, and the second user data in the second data area.
  • the second data area may be allocated by the processor to store user data of at least one applet for which a data removal option is not set among one or more applets installed in the security element.
  • a method of operating the electronic device 200 including the security element 210 may include an operation 705 of receiving a first installation command including installation data of the first applet.
  • the method may include an operation 715 of installing the first applet based on the first installation command.
  • the method may include an operation 710 of storing the installation data and execution data of the first applet in memory 214.
  • the method may include an operation 750 of storing first user data related to the first applet in the memory.
  • the method may include an operation 735 of receiving a reset command for the secure element.
  • the method may include an operation 745 of maintaining the installation data and the execution data and removing the first user data in response to the reset command.
  • the first user data may be stored in a first data area 408 in the memory, and the first data area may be cleared before the security element is reset in response to the reset command. .
  • the first data area may be allocated to store user data of at least one applet for which a data removal option is set among one or more applets installed in the security element.
  • the installation data and the execution data may be maintained in the memory after the security element is reset by the reset command.
  • the method may further include obtaining a reset option indicating the reset type of the first applet from the first installation command (720) and storing the reset option in the memory.
  • the reset option may direct the secure element to retain the installation data and the execution data of the first applet and to retain the first user data when the secure element is reset.
  • the memory may include an option database (DB), and the option DB may store a reset option indicating a reset type of each applet installed in the security element.
  • DB option database
  • the reset type includes: a first reset option indicating that the secure element retains associated data including installation data, execution data, and/or user data of each applet after the secure element is reset; a second reset option indicating removing user data excluding data and/or executable data, a third reset option indicating removing some specified user data among the user data of each applet, or installation data and executable data of each applet; and/or a fourth reset option indicating removing associated data including user data.
  • the method includes receiving a second installation command including installation data of a second applet, installing the second applet based on the second installation command, the installation data and the An operation of storing execution data of a second applet in the memory, an operation of storing second user data related to the second applet in a second data area 406 in the memory, and in response to the reset command, It may include maintaining installation data and execution data of the second applet and the second user data in the second data area.
  • the second data area may be allocated to store user data of at least one applet for which a data removal option is not set among one or more applets installed in the security element.
  • Electronic devices may be of various types.
  • Electronic devices may include, for example, portable communication devices (e.g., smartphones), computer devices, portable multimedia devices, portable medical devices, cameras, wearable devices, or home appliances.
  • Electronic devices according to embodiments of this document are not limited to the above-described devices.
  • first, second, or first or second may be used simply to distinguish one component from another, and to refer to that component in other respects (e.g., importance or order) is not limited.
  • One (e.g., first) component is said to be “coupled” or “connected” to another (e.g., second) component, with or without the terms “functionally” or “communicatively.”
  • any of the components can be connected to the other components directly (e.g. wired), wirelessly, or through a third component.
  • module used in various embodiments of this document may include a unit implemented in hardware, software, or firmware, and is interchangeable with terms such as logic, logic block, component, or circuit, for example. It can be used as A module may be an integrated part or a minimum unit of the parts or a part thereof that performs one or more functions. For example, according to one embodiment, the module may be implemented in the form of an application-specific integrated circuit (ASIC).
  • ASIC application-specific integrated circuit
  • Various embodiments of the present document are one or more instructions stored in a storage medium (e.g., built-in memory 136 or external memory 138) that can be read by a machine (e.g., electronic device 101). It may be implemented as software (e.g., program 140) including these.
  • a processor e.g., processor 120
  • the one or more instructions may include code generated by a compiler or code that can be executed by an interpreter.
  • a storage medium that can be read by a device may be provided in the form of a non-transitory storage medium.
  • 'non-transitory' only means that the storage medium is a tangible device and does not contain signals (e.g. electromagnetic waves), and this term refers to cases where data is semi-permanently stored in the storage medium. There is no distinction between temporary storage cases.
  • Computer program products are commodities and can be traded between sellers and buyers.
  • the computer program product may be distributed in the form of a machine-readable storage medium (e.g. compact disc read only memory (CD-ROM)), or through an application store (e.g. Play Store TM ) or on two user devices (e.g. It can be distributed (e.g. downloaded or uploaded) directly between smart phones) or online.
  • a machine-readable storage medium e.g. compact disc read only memory (CD-ROM)
  • an application store e.g. Play Store TM
  • two user devices e.g. It can be distributed (e.g. downloaded or uploaded) directly between smart phones) or online.
  • at least a portion of the computer program product may be at least temporarily stored or temporarily created in a machine-readable storage medium, such as the memory of a manufacturer's server, an application store's server, or a relay server.
  • each component (e.g., module or program) of the above-described components may include a single or plural entity, and some of the plurality of entities may be separately placed in other components. there is.
  • one or more of the components or operations described above may be omitted, or one or more other components or operations may be added.
  • multiple components eg, modules or programs
  • the integrated component may perform one or more functions of each component of the plurality of components in the same or similar manner as those performed by the corresponding component of the plurality of components prior to the integration. .
  • operations performed by a module, program, or other component may be executed sequentially, in parallel, iteratively, or heuristically, or one or more of the operations may be executed in a different order, or omitted. Alternatively, one or more other operations may be added.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Stored Programmes (AREA)

Abstract

Est divulgué un dispositif électronique comprenant un processeur d'application, et un élément sécurisé (SE) qui comprend un processeur et une mémoire. Le processeur peut être configuré pour : recevoir une instruction d'installation comprenant des données d'installation pour un applet en provenance du processeur d'application ; installer l'applet sur la base de l'instruction d'installation ; stocker, dans la mémoire, les données d'installation et les données d'exécution de l'applet ; stocker des données d'utilisateur relatives à l'applet dans la mémoire ; recevoir une instruction de réinitialisation pour l'élément sécurisé en provenance du processeur d'application ; et en réponse à l'instruction de réinitialisation, maintenir les données d'installation et/ou les données d'exécution et supprimer les données d'utilisateur.
PCT/KR2023/013918 2022-09-30 2023-09-15 Dispositif électronique comprenant un élément sécurisé et son procédé de fonctionnement WO2024071769A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR20220125502 2022-09-30
KR10-2022-0125502 2022-09-30
KR1020220145022A KR20240045934A (ko) 2022-09-30 2022-11-03 보안 엘리먼트를 포함하는 전자 장치 및 그 동작 방법
KR10-2022-0145022 2022-11-03

Publications (1)

Publication Number Publication Date
WO2024071769A1 true WO2024071769A1 (fr) 2024-04-04

Family

ID=90478397

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2023/013918 WO2024071769A1 (fr) 2022-09-30 2023-09-15 Dispositif électronique comprenant un élément sécurisé et son procédé de fonctionnement

Country Status (1)

Country Link
WO (1) WO2024071769A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20170089887A (ko) * 2014-12-22 2017-08-04 제말토 에스에이 보안 엘리먼트를 공장 상태로 복원하는 방법
US20170255936A1 (en) * 2012-09-25 2017-09-07 Google Inc. Securing Personal Identification Numbers For Mobile Payment Applications By Combining With Random Components
US20180089434A1 (en) * 2016-09-23 2018-03-29 Apple Inc. Preserving trust data during operating system updates of a secure element of an electronic device
US10521596B1 (en) * 2014-09-26 2019-12-31 Apple Inc. Secure public key acceleration
KR20210042953A (ko) * 2018-11-14 2021-04-20 후아웨이 테크놀러지 컴퍼니 리미티드 보안 서비스 삭제 방법 및 전자 장치

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170255936A1 (en) * 2012-09-25 2017-09-07 Google Inc. Securing Personal Identification Numbers For Mobile Payment Applications By Combining With Random Components
US10521596B1 (en) * 2014-09-26 2019-12-31 Apple Inc. Secure public key acceleration
KR20170089887A (ko) * 2014-12-22 2017-08-04 제말토 에스에이 보안 엘리먼트를 공장 상태로 복원하는 방법
US20180089434A1 (en) * 2016-09-23 2018-03-29 Apple Inc. Preserving trust data during operating system updates of a secure element of an electronic device
KR20210042953A (ko) * 2018-11-14 2021-04-20 후아웨이 테크놀러지 컴퍼니 리미티드 보안 서비스 삭제 방법 및 전자 장치

Similar Documents

Publication Publication Date Title
WO2022177343A1 (fr) Dispositif électronique de configuration de géorepérage et son procédé de fonctionnement
WO2024071769A1 (fr) Dispositif électronique comprenant un élément sécurisé et son procédé de fonctionnement
WO2022154264A1 (fr) Dispositif électronique et procédé de fonctionnement d'un dispositif électronique
WO2021075905A1 (fr) Procédé d'optimisation d'application et dispositif électronique le prenant en charge
WO2021177640A1 (fr) Procédé de commande d'application de dispositif électronique externe, et dispositif électronique prenant en charge ce dernier
WO2020246853A1 (fr) Dispositif externe comprenant au moins une antenne, et dispositif électronique et procédé d'amélioration de performance d'antenne l'utilisant
WO2024076123A1 (fr) Procédé de mise à jour d'une application et dispositif électronique associé
WO2024071927A1 (fr) Dispositif électronique et procédé de protection de données l'utilisant
WO2024063516A1 (fr) Dispositif et procédé de fourniture de logiciel de personnalisation
WO2022203184A1 (fr) Dispositif électronique pour fonction de partage et son procédé de fonctionnement
WO2024039233A1 (fr) Dispositif électronique et procédé d'exécution d'un mode d'amélioration de confidentialité dans un dispositif électronique
WO2024029717A1 (fr) Dispositif et procédé de gestion de processus
WO2024025112A1 (fr) Dispositif électronique de gestion de données et procédé de gestion de données
WO2024010177A1 (fr) Dispositif électronique pour la mise à jour d'un applet d'un circuit de sécurité et son procédé de fonctionnement
WO2022154163A1 (fr) Dispositif électronique et procédé de gestion de la mémoire d'un dispositif électronique
WO2023249236A1 (fr) Dispositif électronique comprenant un capteur et son procédé de fonctionnement
WO2024025069A1 (fr) Dispositif électronique de résolution de limitation de réception de signal due à une erreur de connexion sans fil avec un réseau, et procédé d'utilisation de celui-ci
WO2024019258A1 (fr) Dispositif électronique et procédé de commande de signal transmis à un dispositif électronique externe
WO2023234753A1 (fr) Dispositif électronique et procédé de commande de batterie
WO2022154385A1 (fr) Dispositif électronique et son procédé de fonctionnement
WO2024117650A1 (fr) Dispositif électronique et procédé de gestion d'informations de cookie de dispositif électronique
WO2022191378A1 (fr) Dispositif électronique pour fournir un service et son procédé de fonctionnement
WO2022191455A1 (fr) Dispositif électronique pour effectuer une rédaction de fichier et son procédé de fonctionnement
WO2023003150A1 (fr) Dispositif électronique pour réaliser une sauvegarde sur un élément sécurisé, et procédé de sauvegarde
WO2024076008A1 (fr) Dispositif électronique, procédé et support de stockage lisible par ordinateur non transitoire pour partager un fichier

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23872888

Country of ref document: EP

Kind code of ref document: A1