CN115017498A - Operation method and electronic device of applet - Google Patents

Abstract

The embodiment of the application provides an operation method of an applet and electronic equipment, which relate to the technical field of terminals, wherein an embedded security module is arranged in the terminal equipment and comprises the following steps: responding to the operation of the small application program in the application program, and sending verification information to the server, wherein the verification information comprises application program information; if the server passes the verification of the verification information, the terminal equipment receives a script file sent by the server; executing the script file to operate an auxiliary security domain in the embedded security module, the auxiliary security domain being used to install the applet. According to the scheme, the application program needs to operate the eSE of the terminal equipment, and when the Applet is operated, the terminal equipment sends the verification information comprising the application program information to the server, so that the authority of the application program is verified by the server.

Description

Operation method and electronic device of applet

technical field

The present application relates to the field of terminal technologies, and in particular, to a method for operating a small application and an electronic device.

Background technique

At present, there are many terminal devices with mobile payment functions. These terminal devices are provided with an embedded secure element (eSE), which is mainly responsible for data security storage and data encryption of the terminal device. The security performance of eSE is high.

A supplementary security domain (SSD) is set in the eSE, and an applet with a payment function can be set in the SSD. By setting the Applet in the SSD of the eSE, the security performance of the Applet can be improved.

However, if any application can operate Applet in eSE, the security performance of eSE will be reduced.

SUMMARY OF THE INVENTION

The embodiments of the present application provide an operation method and an electronic device for an applet, which improve the security performance of the eSE.

In a first aspect, an embodiment of the present application provides a method for operating an applet, which is applied to a terminal device, wherein an embedded security module is set in the terminal device, and the method includes:

In response to the operation of the applet in the application program, send verification information to the server, where the verification information includes application program information;

If the verification of the verification information is passed by the server, the terminal device receives the script file sent by the server;

Executing the script file operates an auxiliary security domain in the embedded security module, where the auxiliary security domain is used to install the applet.

In the operation method of the applet provided by the present application, the application needs to operate the eSE of the terminal device, and then when the Applet is operated, the terminal device sends the verification information including the application information to the server, so that the server will check the authority of the application. Verification, if the verification is passed, the terminal device can operate the eSE based on the function of the application, otherwise, the terminal device does not operate the eSE. In this way, only applications that pass the verification can operate the eSE, so as to improve the security performance of the eSE.

In a possible implementation manner, if the operation is an installation operation, the method further includes:

If the applet is successfully installed in the auxiliary security domain, an interface indicating that the applet is installed successfully is displayed;

If the creation of the auxiliary security domain in the embedded security module fails, or the installation of the applet in the auxiliary security domain fails, an interface for installation failure of the applet is displayed.

In this implementation manner, the user can be made aware of the installation result of the applet, and the user experience can be improved.

In a possible implementation manner, if the operation is a deletion operation, the method further includes:

If the deletion of the auxiliary security domain is successful, an interface that the applet is deleted successfully is displayed;

If the deletion of the auxiliary security domain is successful, an interface of failure to delete the applet is displayed.

In this implementation manner, the user can be informed of the deletion result of the applet, and the user experience can be improved.

In a possible implementation manner, the terminal device is provided with a frame; the response to the operation of the applet in the application program, sending verification information to the server, including:

The application receives the operation on the applet, and sends a security domain operation request to the framework;

The framework obtains a security domain identifier and the private key of the application, and the security domain identifier corresponds to the applet;

The framework generates signature data according to the private key, and sends the verification information to the server, where the verification information includes the application information and the first time information, and the application information includes all The signature data and the security domain identifier.

In this embodiment, the set server is the background server of the terminal device, and can send verification information to the server through the framework set in the terminal device, so that the server can verify the authority of the application program based on the verification information.

In a possible implementation manner, the verification information is verified and passed when the following conditions are met:

The server uses the public key of the application to verify the signature data, and the server determines that the security domain identifier in the application information corresponds to the application, and the second data obtained by the server is passed. A time interval between the time information and the first time information is less than a preset interval.

In this implementation, the signature data needs to be verified, and the security domain identifier corresponding to the applet needs to be verified, so as to fully verify the identity of the application that needs to operate the eSE; it is also necessary to determine the verification information. Whether the time information meets the requirements can avoid the problem of repeatedly issuing script files in a short period of time.

In a possible implementation manner, a frame is provided in the terminal device; when the operation is an installation operation, the script file is a security domain installation script;

The executing the script file to operate the auxiliary security domain in the embedded security module includes:

The framework executes the security domain installation script to create the auxiliary security domain in the embedded security module;

The method also includes the application installing the applet in the secondary security domain.

In this embodiment, if the permission verification of the application program is passed, the SSD is created in the eSE through the framework of the terminal device, and the SSD is created by the framework, thereby avoiding the application program directly creating the SSD in the eSE, which can further improve the eSE's performance. safety. After the creation is successful, the application installs the applet in the created SSD, so that the application with the permission to operate the eSE can install the applet in the SSD.

In a possible implementation manner, after the framework executes the security domain installation script to create the auxiliary security domain in the embedded security module, the framework further includes:

The embedded security module sends a security domain creation result to the framework, and the framework forwards the security domain creation result to the application;

The installation of the applet by the application in the secondary security domain includes:

If the security domain creation result indicates that the security domain is successfully created, the application installs the applet in the created auxiliary security domain.

In this implementation, the FWK creates the SSD in the eSE, and after the SSD is successfully created, the application installs the Applet in the SSD, so as to avoid the application from directly creating the SSD in the eSE, and the application only supports the SSD created for it. Perform operations to further improve the security of eSE.

In a possible implementation manner, the application adds the applet in the created auxiliary security domain, including:

The application downloads the applet and adds the applet in the secondary security domain.

In a possible implementation manner, the terminal device is provided with a frame; when the operation is a deletion operation, the script file is a security domain deletion script;

The executing the script file to operate the auxiliary security domain in the embedded security module includes:

The framework executes the security domain deletion script to delete the auxiliary security domain in the embedded security module in which the applet is installed.

In this implementation, the FWK deletes the SSD in the eSE, so as to prevent the application from directly deleting the SSD in the eSE, and an Applet is set in the SSD. When the SSD is deleted, the internal Applet will also be deleted. Therefore, this This method can delete Applet in eSE in a safer way.

In a second aspect, an embodiment of the present application provides a method for operating an applet, including:

The terminal device receives the operation instruction for the applet in the application program, and sends the verification information to the server;

The server verifies the verification information, and if the verification passes, sends a script file to the terminal device;

The terminal device executes the script file to operate an auxiliary security domain in the embedded security module, where the auxiliary security domain is used to install the applet; the terminal device is provided with the operation embedded security module.

In a possible implementation manner, the verification information includes application program information and first time information, and the application program information includes signature data and a security domain identifier.

In a possible implementation manner, if the operation is an installation operation, the script file is a security domain installation script.

In a possible implementation manner, if the operation is an installation operation, the script file is a security domain deletion script.

In a third aspect, an embodiment of the present application provides an apparatus for operating an applet, and the apparatus may be a terminal device, or a chip or a chip system in the terminal device. Wherein, the terminal device is provided with an embedded security module, and the apparatus may include a frame. A display unit is also provided in the operating device of the applet, and the display unit is used for performing the steps of displaying.

Exemplarily, the framework is used to send verification information to the server in response to the operation of the applet in the application program, where the verification information includes application information; the framework is also used for if the server checks the verification information. If the verification information is verified and passed, the script file sent by the server is received; the framework is used to execute the script file to operate an auxiliary security domain in the embedded security module, and the auxiliary security domain is used to install the applet.

In a possible implementation manner, the operation is an installation operation, and the display unit is further configured to:

If the applet is successfully installed in the auxiliary security domain, an interface indicating that the applet is installed successfully is displayed;

If the creation of the auxiliary security domain in the embedded security module fails, or the installation of the applet in the auxiliary security domain fails, an interface for installation failure of the applet is displayed.

In a possible implementation manner, the operation is a deletion operation, and the display unit is further configured to:

If the deletion of the auxiliary security domain is successful, an interface that the applet is deleted successfully is displayed;

If the deletion of the auxiliary security domain is successful, an interface of failure to delete the applet is displayed.

In a possible implementation manner, the device is further provided with an application program:

The application receives the operation on the applet, and sends a security domain operation request to the framework;

The framework obtains a security domain identifier and the private key of the application, and the security domain identifier corresponds to the applet;

The framework generates signature data according to the private key, and sends the verification information to the server, where the verification information includes the application information and the first time information, and the application information includes all The signature data and the security domain identifier.

In a possible implementation manner, the verification information is verified and passed when the following conditions are met:

The server uses the public key of the application to verify the signature data, and the server determines that the security domain identifier in the application information corresponds to the application, and the second data obtained by the server is passed. A time interval between the time information and the first time information is less than a preset interval.

In a possible implementation manner, when the operation is an installation operation, the script file is a security domain installation script;

The framework is specifically used for: executing the security domain installation script to create the auxiliary security domain in the embedded security module;

The application program is specifically used to install the small application program in the auxiliary security domain.

In a possible implementation manner, after the framework executes the security domain installation script to create the auxiliary security domain in the embedded security module, the embedded security module sends a security domain creation result to the framework , the framework forwards the security domain creation result to the application;

The application program is specifically configured to, if the security domain creation result indicates that the security domain is successfully created, the application program installs the applet in the created auxiliary security domain.

In a possible implementation manner, the application program is specifically used for:

The application downloads the applet and adds the applet in the secondary security domain.

In a possible implementation manner, when the operation is a deletion operation, the script file is a security domain deletion script;

The framework is specifically used to:

Executing the security domain deletion script deletes the auxiliary security domain in the embedded security module in which the applet is installed.

In a fourth aspect, an embodiment of the present application provides an electronic device, including: a unit for performing the first aspect or any method in any possible implementation manner of the first aspect, or for performing the second aspect or the second aspect A unit of any method in any possible implementation.

In a fifth aspect, an embodiment of the present application provides an electronic device, including: a processor, a display screen, and an interface circuit, where the interface circuit is used to communicate with other devices; the display screen is used to perform the steps of displaying; the processor is used to run code instructions, To implement the first aspect or any method in any possible implementation manner of the first aspect, or implement any method in the second aspect or any possible implementation manner of the second aspect.

In a sixth aspect, embodiments of the present application provide a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed, any one of the first aspect or any possible implementation manner of the first aspect is implemented. A method, or any method of implementing the second aspect or any possible implementation of the second aspect.

Description of drawings

FIG. 1 is a schematic structural diagram of a terminal device 100 provided by an embodiment of the present application;

FIG. 2 is a schematic diagram of a software structure of a terminal device 100 according to an embodiment of the present application;

FIG. 3 is an architecture diagram of a terminal device according to an exemplary embodiment of the present disclosure;

FIG. 4 is a schematic diagram of an interface shown in an exemplary embodiment of the present disclosure;

FIG. 5 is a schematic diagram of an interface showing a successful installation of an Applet according to an exemplary embodiment of the present disclosure;

FIG. 6 is a schematic diagram of an interface of an Applet installation failure shown in an exemplary embodiment of the present disclosure;

FIG. 7 is a device interaction diagram shown in the first exemplary embodiment of the present disclosure;

FIG. 8 is a device interaction diagram shown in the second exemplary embodiment of the present disclosure;

FIG. 9 is a schematic diagram of a hardware structure of an operating device for an applet provided by an embodiment of the present application.

Detailed ways

In order to clearly describe the technical solutions of the embodiments of the present application, in the embodiments of the present application, words such as "first" and "second" are used to distinguish the same or similar items with basically the same function and effect. For example, the interface of the first target function and the interface of the second target function are used to distinguish different response interfaces, and the sequence of the interfaces is not limited. Those skilled in the art can understand that the words "first", "second" and the like do not limit the quantity and execution order, and the words "first", "second" and the like are not necessarily different.

It should be noted that, in this application, words such as "exemplary" or "for example" are used to represent examples, illustrations or illustrations. Any embodiment or design described in this application as "exemplary" or "such as" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present the related concepts in a specific manner.

An electronic device includes a terminal device, which may also be referred to as a terminal (terminal), user equipment (user equipment, UE), a mobile station (mobile station, MS), a mobile terminal (mobile terminal, MT), and the like. The terminal device may be a mobile phone (mobile phone), a smart TV, a wearable device, a tablet computer (Pad), a computer with a wireless transceiver function, a virtual reality (virtual reality, VR) terminal device, an augmented reality (augmented reality, AR) terminal Equipment, wireless terminal in industrial control, wireless terminal in self-driving, wireless terminal in remote medical surgery, wireless terminal in smart grid, transportation A wireless terminal in transportation safety, a wireless terminal in a smart city, a wireless terminal in a smart home, and so on. The embodiments of the present application do not limit the specific technology and specific device form adopted by the terminal device.

In order to better understand the embodiments of the present application, the structure of the terminal device according to the embodiments of the present application is introduced below:

FIG. 1 shows a schematic structural diagram of a terminal device 100 . The terminal device 100 may include a processor 110, an external memory interface 120, an internal memory 121, a universal serial bus (USB) interface 130, a charging management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2 , mobile communication module 150, wireless communication module 160, audio module 170, speaker 170A, receiver 170B, microphone 170C, headphone jack 170D, sensor module 180, buttons 190, motor 191, indicator 192, camera 193, display screen 194, and A subscriber identification module (SIM) card interface 195 and the like. The sensor module 180 may include a pressure sensor 180A, a gyroscope sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity light sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, and ambient light. Sensor 180L, bone conduction sensor 180M, etc.

It can be understood that the structures illustrated in the embodiments of the present application do not constitute a specific limitation on the terminal device 100 . In other embodiments of the present application, the terminal device 100 may include more or less components than those shown in the drawings, or combine some components, or separate some components, or arrange different components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.

The processor 110 may include one or more processing units, for example, the processor 110 may include an application processor (application processor, AP), a modem processor, a graphics processor (graphics processing unit, GPU), an image signal processor ( image signal processor, ISP), controller, video codec, digital signal processor (digital signal processor, DSP), baseband processor, and/or neural-network processing unit (neural-network processing unit, NPU), etc. Wherein, different processing units may be independent devices, or may be integrated in one or more processors.

The controller can generate an operation control signal according to the instruction operation code and timing signal, and complete the control of fetching and executing instructions.

A memory may also be provided in the processor 110 for storing instructions and data. In some embodiments, the memory in processor 110 is cache memory. This memory may hold instructions or data that have just been used or recycled by the processor 110 . If the processor 110 needs to use the instruction or data again, it can be called from memory. Repeated accesses are avoided and the latency of the processor 110 is reduced, thereby increasing the efficiency of the system.

In some embodiments, the processor 110 may include one or more interfaces. The interface may include an integrated circuit (inter-integrated circuit, I2C) interface, an integrated circuit built-in audio (inter-integrated circuitsound, I2S) interface, a pulse code modulation (pulse code modulation, PCM) interface, a universal asynchronous receiver (universal asynchronous receiver/ transmitter, UART) interface, mobile industry processor interface (MIPI), general-purpose input/output (GPIO) interface, subscriber identity module (SIM) interface, and/or general-purpose Serial bus (universal serial bus, USB) interface and so on.

The I2C interface is a bidirectional synchronous serial bus that includes a serial data line (SDA) and a serial clock line (SCL). In some embodiments, the processor 110 may contain multiple sets of I2C buses. The processor 110 can be respectively coupled to the touch sensor 180K, the charger, the flash, the camera 193 and the like through different I2C bus interfaces. For example, the processor 110 may couple the touch sensor 180K through the I2C interface, so that the processor 110 and the touch sensor 180K communicate with each other through the I2C bus interface, so as to realize the touch function of the terminal device 100 .

The I2S interface can be used for audio communication. In some embodiments, the processor 110 may contain multiple sets of I2S buses. The processor 110 may be coupled with the audio module 170 through an I2S bus to implement communication between the processor 110 and the audio module 170 . In some embodiments, the audio module 170 can transmit audio signals to the wireless communication module 160 through the I2S interface, so as to realize the function of answering calls through a Bluetooth headset.

The PCM interface can also be used for audio communications, sampling, quantizing and encoding analog signals. In some embodiments, the audio module 170 and the wireless communication module 160 may be coupled through a PCM bus interface. In some embodiments, the audio module 170 can also transmit audio signals to the wireless communication module 160 through the PCM interface, so as to realize the function of answering calls through the Bluetooth headset. Both the I2S interface and the PCM interface can be used for audio communication.

The UART interface is a universal serial data bus used for asynchronous communication. The bus may be a bidirectional communication bus. It converts the data to be transmitted between serial communication and parallel communication. In some embodiments, a UART interface is typically used to connect the processor 110 with the wireless communication module 160 . For example, the processor 110 communicates with the Bluetooth module in the wireless communication module 160 through the UART interface to implement the Bluetooth function. In some embodiments, the audio module 170 can transmit audio signals to the wireless communication module 160 through the UART interface, so as to realize the function of playing music through the Bluetooth headset.

The MIPI interface can be used to connect the processor 110 with peripheral devices such as the display screen 194 and the camera 193 . The MIPI interface includes a camera serial interface (camera serial interface, CSI), a display serial interface (displayserial interface, DSI), and the like. In some embodiments, the processor 110 communicates with the camera 193 through the CSI interface, so as to realize the shooting function of the terminal device 100 . The processor 110 communicates with the display screen 194 through the DSI interface to implement the display function of the terminal device 100 .

The GPIO interface can be configured by software. The GPIO interface can be configured as a control signal or as a data signal. In some embodiments, the GPIO interface may be used to connect the processor 110 with the camera 193, the display screen 194, the wireless communication module 160, the audio module 170, the sensor module 180, and the like. The GPIO interface can also be configured as I2C interface, I2S interface, UART interface, MIPI interface, etc.

The USB interface 130 is an interface that conforms to the USB standard specification, and may specifically be a Mini USB interface, a Micro USB interface, a USB Type C interface, and the like. The USB interface 130 can be used to connect a charger to charge the terminal device 100, and can also be used to transmit data between the terminal device 100 and peripheral devices. It can also be used to connect headphones to play audio through the headphones. The interface can also be used to connect other electronic devices, such as AR devices.

It can be understood that the interface connection relationship between the modules illustrated in the embodiments of the present application is a schematic illustration, and does not constitute a structural limitation of the terminal device 100 . In other embodiments of the present application, the terminal device 100 may also adopt different interface connection manners in the foregoing embodiments, or a combination of multiple interface connection manners.

The charging management module 140 is used to receive charging input from the charger. The charger may be a wireless charger or a wired charger. In some wired charging embodiments, the charging management module 140 may receive charging input from the wired charger through the USB interface 130 . In some wireless charging embodiments, the charging management module 140 may receive wireless charging input through the wireless charging coil of the terminal device 100 . While the charging management module 140 charges the battery 142 , it can also supply power to the terminal device through the power management module 141 .

The power management module 141 is used for connecting the battery 142 , the charging management module 140 and the processor 110 . The power management module 141 receives input from the battery 142 and/or the charging management module 140, and supplies power to the processor 110, the internal memory 121, the display screen 194, the camera 193, and the wireless communication module 160. The power management module 141 can also be used to monitor parameters such as battery capacity, battery cycle times, battery health status (leakage, impedance). In some other embodiments, the power management module 141 may also be provided in the processor 110 . In other embodiments, the power management module 141 and the charging management module 140 may also be provided in the same device.

The wireless communication function of the terminal device 100 may be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, the modulation and demodulation processor, the baseband processor, and the like.

Antenna 1 and Antenna 2 are used to transmit and receive electromagnetic wave signals. Antennas in terminal device 100 may be used to cover single or multiple communication frequency bands. Different antennas can also be reused to improve antenna utilization. For example, the antenna 1 can be multiplexed as a diversity antenna of the wireless local area network. In other embodiments, the antenna may be used in conjunction with a tuning switch.

The mobile communication module 150 may provide a wireless communication solution including 2G/3G/4G/5G, etc. applied on the terminal device 100 . The mobile communication module 150 may include at least one filter, switch, power amplifier, low noise amplifier (low noise amplifier, LNA) and the like. The mobile communication module 150 can receive electromagnetic waves from the antenna 1, filter and amplify the received electromagnetic waves, and transmit them to the modulation and demodulation processor for demodulation. The mobile communication module 150 can also amplify the signal modulated by the modulation and demodulation processor, and then turn it into an electromagnetic wave for radiation through the antenna 1 . In some embodiments, at least part of the functional modules of the mobile communication module 150 may be provided in the processor 110 . In some embodiments, at least part of the functional modules of the mobile communication module 150 may be provided in the same device as at least part of the modules of the processor 110 .

The modem processor may include a modulator and a demodulator. Wherein, the modulator is used to modulate the low frequency baseband signal to be sent into a medium and high frequency signal. The demodulator is used to demodulate the received electromagnetic wave signal into a low frequency baseband signal. Then the demodulator transmits the demodulated low-frequency baseband signal to the baseband processor for processing. The low frequency baseband signal is processed by the baseband processor and passed to the application processor. The application processor outputs sound signals through audio devices (not limited to the speaker 170A, the receiver 170B, etc.), or displays images or videos through the display screen 194 . In some embodiments, the modem processor may be a separate device. In other embodiments, the modem processor may be independent of the processor 110, and may be provided in the same device as the mobile communication module 150 or other functional modules.

The wireless communication module 160 can provide wireless local area networks (WLAN) (such as wireless fidelity (Wi-Fi) networks), bluetooth (BT), and global navigation satellite systems applied on the terminal device 100 . (global navigation satellite system, GNSS), frequency modulation (frequency modulation, FM), near field communication technology (near field communication, NFC), infrared technology (infrared, IR) and other wireless communication solutions. The wireless communication module 160 may be one or more devices integrating at least one communication processing module. The wireless communication module 160 receives electromagnetic waves via the antenna 2 , frequency modulates and filters the electromagnetic wave signals, and sends the processed signals to the processor 110 . The wireless communication module 160 can also receive the signal to be sent from the processor 110 , perform frequency modulation on it, amplify it, and convert it into electromagnetic waves for radiation through the antenna 2 .

In some embodiments, the antenna 1 of the terminal device 100 is coupled with the mobile communication module 150, and the antenna 2 is coupled with the wireless communication module 160, so that the terminal device 100 can communicate with the network and other devices through wireless communication technology. Wireless communication technologies may include global system for mobile communications (GSM), general packet radio service (GPRS), code division multiple access (CDMA), broadband code division multiple access wideband code division multiple access (WCDMA), time-division code division multiple access (TD-SCDMA), long term evolution (LTE), BT, GNSS, WLAN, NFC, FM, and/or IR technology, etc. GNSS may include a global positioning system (GPS), a global navigation satellite system (GLONASS), a Beidou satellite navigation system (BDS), a quasi-zenith satellite system (quasi-zenith satellite system, QZSS) and/or satellite based augmentation systems (SBAS).

The terminal device 100 implements a display function through a GPU, a display screen 194, an application processor, and the like. The GPU is a microprocessor for image processing, and is connected to the display screen 194 and the application processor. The GPU is used to perform mathematical and geometric calculations for graphics rendering. Processor 110 may include one or more GPUs that execute program instructions to generate or alter display information.

Display screen 194 is used to display images, videos, and the like. Display screen 194 includes a display panel. The display panel can be a liquid crystal display (LCD), an organic light-emitting diode (OLED), an active-matrix organic light-emitting diode or an active-matrix organic light-emitting diode (active-matrix organic light-emitting diode). , AMOLED), flexible light-emitting diodes (flex light-emitting diodes, FLED), Miniled, MicroLed, Micro-oLed, quantum dot light-emitting diodes (quantum dotlight emitting diodes, QLED) and so on. In some embodiments, the terminal device 100 may include one or N display screens 194 , where N is a positive integer greater than one.

The terminal device 100 can realize the shooting function through the ISP, the camera 193, the video codec, the GPU, the display screen 194 and the application processor.

The ISP is used to process the data fed back by the camera 193 . For example, when taking a photo, the shutter is opened, the light is transmitted to the camera photosensitive element through the lens, the light signal is converted into an electrical signal, and the camera photosensitive element transmits the electrical signal to the ISP for processing, converting it into an image visible to the naked eye. ISP can also perform algorithm optimization on image noise, brightness, and skin tone. ISP can also optimize the exposure, color temperature and other parameters of the shooting scene. In some embodiments, the ISP may be provided in the camera 193 .

Camera 193 is used to capture still images or video. The object is projected through the lens to generate an optical image onto the photosensitive element. The photosensitive element may be a charge coupled device (CCD) or a complementary metal-oxide-semiconductor (CMOS) phototransistor. The photosensitive element converts the optical signal into an electrical signal, and then transmits the electrical signal to the ISP to convert it into a digital image signal. The ISP outputs the digital image signal to the DSP for processing. DSP converts digital image signals into standard RGB, YUV and other formats of image signals. In some embodiments, the terminal device 100 may include 1 or N cameras 193 , where N is a positive integer greater than 1.

A digital signal processor is used to process digital signals, in addition to processing digital image signals, it can also process other digital signals. For example, when the terminal device 100 selects a frequency point, the digital signal processor is used to perform Fourier transform on the frequency point energy, and the like.

Video codecs are used to compress or decompress digital video. The terminal device 100 may support one or more video codecs. In this way, the terminal device 100 can play or record videos in various encoding formats, for example, moving picture experts group (MPEG) 1, MPEG2, MPEG3, MPEG4, and so on.

The NPU is a neural-network (NN) computing processor. By drawing on the structure of biological neural networks, such as the transfer mode between neurons in the human brain, it can quickly process the input information, and can continuously learn by itself. Applications such as intelligent cognition of the terminal device 100 can be implemented through the NPU, such as image recognition, face recognition, speech recognition, text understanding, and the like.

The external memory interface 120 can be used to connect an external memory card, such as a Micro SD card, so as to expand the storage capacity of the terminal device 100 . The external memory card communicates with the processor 110 through the external memory interface 120 to realize the data storage function. For example to save files like music, video etc in external memory card.

Internal memory 121 may be used to store computer executable program code, which includes instructions. The internal memory 121 may include a storage program area and a storage data area. The storage program area can store an operating system, an application program required for at least one function (such as a sound playback function, an image playback function, etc.), and the like. The storage data area may store data (such as audio data, phone book, etc.) created during the use of the terminal device 100 and the like. In addition, the internal memory 121 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, universal flash storage (UFS), and the like. The processor 110 executes various functional applications and data processing of the terminal device 100 by executing instructions stored in the internal memory 121 and/or instructions stored in a memory provided in the processor.

The terminal device 100 may implement audio functions through an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, an application processor, and the like. Such as music playback, recording, etc.

The audio module 170 is used for converting digital audio information into analog audio signal output, and also for converting analog audio input into digital audio signal. Audio module 170 may also be used to encode and decode audio signals. In some embodiments, the audio module 170 may be provided in the processor 110 , or some functional modules of the audio module 170 may be provided in the processor 110 .

Speaker 170A, also referred to as a "speaker", is used to convert audio electrical signals into sound signals. The terminal device 100 can listen to music through the speaker 170A, or listen to a hands-free call.

The receiver 170B, also referred to as "earpiece", is used to convert audio electrical signals into sound signals. When the terminal device 100 answers a call or a voice message, the voice can be answered by placing the receiver 170B close to the human ear.

The microphone 170C, also called "microphone" or "microphone", is used to convert sound signals into electrical signals. When making a call or sending a voice message, the user can make a sound by approaching the microphone 170C through a human mouth, and input the sound signal into the microphone 170C. The terminal device 100 may be provided with at least one microphone 170C. In other embodiments, the terminal device 100 may be provided with two microphones 170C, which may implement a noise reduction function in addition to collecting sound signals. In other embodiments, the terminal device 100 may further be provided with three, four or more microphones 170C to collect sound signals, reduce noise, identify sound sources, and implement directional recording functions.

The earphone jack 170D is used to connect wired earphones. The earphone port 170D may be the USB port 130 or a 3.5mm open mobile terminal platform (OMTP) standard port, a cellular telecommunications industry association of the USA (CTIA) standard port.

The pressure sensor 180A is used to sense pressure signals, and can convert the pressure signals into electrical signals. In some embodiments, the pressure sensor 180A may be provided on the display screen 194 . There are many types of pressure sensors 180A, such as resistive pressure sensors, inductive pressure sensors, capacitive pressure sensors, and the like. The capacitive pressure sensor may be comprised of at least two parallel plates of conductive material. When a force is applied to the pressure sensor 180A, the capacitance between the electrodes changes. The terminal device 100 determines the intensity of the pressure according to the change in capacitance. When a touch operation acts on the display screen 194, the terminal device 100 detects the intensity of the touch operation according to the pressure sensor 180A. The terminal device 100 may also calculate the touched position according to the detection signal of the pressure sensor 180A. In some embodiments, touch operations acting on the same touch position but with different touch operation intensities may correspond to different operation instructions.

The gyro sensor 180B may be used to determine the motion attitude of the terminal device 100 . In some embodiments, the angular velocity of the end device 100 about three axes (ie, the x, y and z axes) may be determined by the gyro sensor 180B. The gyro sensor 180B can be used for image stabilization. Exemplarily, when the shutter is pressed, the gyro sensor 180B detects the shaking angle of the terminal device 100, calculates the distance to be compensated by the lens module according to the angle, and allows the lens to offset the shaking of the terminal device 100 through reverse motion to achieve anti-shake. The gyro sensor 180B can also be used for navigation and somatosensory game scenarios.

The air pressure sensor 180C is used to measure air pressure. In some embodiments, the terminal device 100 calculates the altitude through the air pressure value measured by the air pressure sensor 180C to assist in positioning and navigation.

The magnetic sensor 180D includes a Hall sensor. The terminal device 100 can detect the opening and closing of the flip holster using the magnetic sensor 180D. In some embodiments, when the terminal device 100 is a flip machine, the terminal device 100 can detect the opening and closing of the flip according to the magnetic sensor 180D. Further, according to the detected opening and closing state of the leather case or the opening and closing state of the flip cover, characteristics such as automatic unlocking of the flip cover are set.

The acceleration sensor 180E can detect the magnitude of the acceleration of the terminal device 100 in various directions (generally three axes). The magnitude and direction of gravity can be detected when the terminal device 100 is stationary. It can also be used to identify the posture of terminal devices, and can be used in applications such as horizontal and vertical screen switching, pedometers, etc.

Distance sensor 180F for measuring distance. The terminal device 100 can measure the distance through infrared or laser. In some embodiments, when shooting a scene, the terminal device 100 can use the distance sensor 180F to measure the distance to achieve fast focusing.

Proximity light sensor 180G may include, for example, light emitting diodes (LEDs) and light detectors, such as photodiodes. The light emitting diodes may be infrared light emitting diodes. The terminal device 100 emits infrared light to the outside through the light emitting diode. The terminal device 100 detects infrared reflected light from nearby objects using a photodiode. When sufficient reflected light is detected, it can be determined that there is an object near the terminal device 100 . When insufficient reflected light is detected, the terminal device 100 may determine that there is no object near the terminal device 100 . The terminal device 100 can use the proximity light sensor 180G to detect that the user holds the terminal device 100 close to the ear to talk, so as to automatically turn off the screen to save power. Proximity light sensor 180G can also be used in holster mode, pocket mode automatically unlocks and locks the screen.

The ambient light sensor 180L is used to sense ambient light brightness. The terminal device 100 can adaptively adjust the brightness of the display screen 194 according to the perceived ambient light brightness. The ambient light sensor 180L can also be used to automatically adjust the white balance when taking pictures. The ambient light sensor 180L can also cooperate with the proximity light sensor 180G to detect whether the terminal device 100 is in a pocket, so as to prevent accidental touch.

The fingerprint sensor 180H is used to collect fingerprints. The terminal device 100 can use the collected fingerprint characteristics to realize fingerprint unlocking, accessing application locks, taking photos with fingerprints, answering incoming calls with fingerprints, and the like.

The temperature sensor 180J is used to detect the temperature. In some embodiments, the terminal device 100 uses the temperature detected by the temperature sensor 180J to execute the temperature processing strategy. For example, when the temperature reported by the temperature sensor 180J exceeds a threshold value, the terminal device 100 reduces the performance of the processor located near the temperature sensor 180J, so as to reduce power consumption and implement thermal protection. In other embodiments, when the temperature is lower than another threshold, the terminal device 100 heats the battery 142 to avoid abnormal shutdown of the terminal device 100 caused by the low temperature. In some other embodiments, when the temperature is lower than another threshold, the terminal device 100 boosts the output voltage of the battery 142 to avoid abnormal shutdown caused by low temperature.

Touch sensor 180K, also called "touch device". The touch sensor 180K may be disposed on the display screen 194 , and the touch sensor 180K and the display screen 194 form a touch screen, also called a “touch screen”. The touch sensor 180K is used to detect a touch operation on or near it. The touch sensor can pass the detected touch operation to the application processor to determine the type of touch event. Visual output related to touch operations may be provided through display screen 194 . In other embodiments, the touch sensor 180K may also be disposed on the surface of the terminal device 100 , which is different from the position where the display screen 194 is located.

The bone conduction sensor 180M can acquire vibration signals. In some embodiments, the bone conduction sensor 180M can acquire the vibration signal of the vibrating bone mass of the human voice. The bone conduction sensor 180M can also contact the pulse of the human body and receive the blood pressure beating signal. In some embodiments, the bone conduction sensor 180M can also be disposed in the earphone, combined with the bone conduction earphone. The audio module 170 can analyze the voice signal based on the vibration signal of the voice part vibrating bone mass obtained by the bone conduction sensor 180M, so as to realize the voice function. The application processor can analyze the heart rate information based on the blood pressure beat signal obtained by the bone conduction sensor 180M, and realize the function of heart rate detection.

The keys 190 include a power-on key, a volume key, and the like. Keys 190 may be mechanical keys. It can also be a touch key. The terminal device 100 may receive key input and generate key signal input related to user settings and function control of the terminal device 100 .

Motor 191 can generate vibrating cues. The motor 191 can be used for vibrating alerts for incoming calls, and can also be used for touch vibration feedback. For example, touch operations acting on different applications (such as taking pictures, playing audio, etc.) can correspond to different vibration feedback effects. The motor 191 can also correspond to different vibration feedback effects for touch operations on different areas of the display screen 194 . Different application scenarios (for example: time reminder, receiving information, alarm clock, games, etc.) can also correspond to different vibration feedback effects. The touch vibration feedback effect can also support customization.

The indicator 192 can be an indicator light, which can be used to indicate the charging state, the change of the power, and can also be used to indicate a message, a missed call, a notification, and the like.

The SIM card interface 195 is used to connect a SIM card. The SIM card can be contacted and separated from the terminal device 100 by inserting into the SIM card interface 195 or pulling out from the SIM card interface 195 . The terminal device 100 may support 1 or N SIM card interfaces, where N is a positive integer greater than 1. The SIM card interface 195 can support Nano SIM card, Micro SIM card, SIM card and so on. Multiple cards can be inserted into the same SIM card interface 195 at the same time. Multiple cards can be of the same type or different. The SIM card interface 195 can also be compatible with different types of SIM cards. The SIM card interface 195 is also compatible with external memory cards. The terminal device 100 interacts with the network through the SIM card to realize functions such as calls and data communication. In some embodiments, the terminal device 100 adopts an eSIM, that is, an embedded SIM card. The eSIM card can be embedded in the terminal device 100 and cannot be separated from the terminal device 100 .

The software system of the terminal device 100 may adopt a layered architecture, an event-driven architecture, a microkernel architecture, a microservice architecture, or a cloud architecture, and the like. The embodiments of the present application take an Android system with a layered architecture as an example to exemplarily describe the software structure of the terminal device 100 .

FIG. 2 is a block diagram of a software structure of a terminal device 100 according to an embodiment of the present application.

The layered architecture divides the software into several layers, and each layer has a clear role and division of labor. Layers communicate with each other through software interfaces. In some embodiments, the Android system is divided into four layers, which are, from top to bottom, an application layer, an application framework layer, an Android runtime (Android runtime) and system libraries, and a kernel layer.

The application layer can include a series of application packages.

As shown in Figure 2, the application package can include applications such as camera, calendar, phone, map, phone, music, settings, mailbox, video, social, etc.

The application framework layer provides an application programming interface (application programming interface, API) and a programming framework for the applications of the application layer. The application framework layer includes some predefined functions.

As shown in Figure 2, the application framework layer can include window managers, content providers, resource managers, view systems, notification managers, and so on.

A window manager is used to manage window programs. The window manager can get the size of the display screen, determine whether there is a status bar, lock the screen, touch the screen, drag the screen, take a screenshot, etc.

Content providers are used to store and retrieve data and make these data accessible to applications. Data can include videos, images, audio, calls made and received, browsing history and bookmarks, phone book, etc.

The view system includes visual controls, such as controls for displaying text, controls for displaying pictures, and so on. View systems can be used to build applications. A display interface can consist of one or more views. For example, the display interface including the short message notification icon may include a view for displaying text and a view for displaying pictures.

The resource manager provides various resources for the application, such as localization strings, icons, pictures, layout files, video files and so on.

The notification manager enables applications to display notification information in the status bar, which can be used to convey notification-type messages, and can disappear automatically after a brief pause without user interaction. For example, the notification manager is used to notify download completion, message reminders, etc. The notification manager can also display notifications in the status bar at the top of the system in the form of graphs or scroll bar text, such as notifications of applications running in the background, and notifications on the screen in the form of dialog windows. For example, text information is prompted in the status bar, a prompt sound is issued, the terminal device vibrates, and the indicator light flashes.

The Android runtime includes core libraries and a virtual machine. The Android runtime is responsible for the scheduling and management of the Android system.

The core library consists of two parts: one is the function functions that the java language needs to call, and the other is the core library of Android.

The application layer and the application framework layer run in virtual machines. The virtual machine executes the java files of the application layer and the application framework layer as binary files. The virtual machine is used to perform functions such as object lifecycle management, stack management, thread management, safety and exception management, and garbage collection.

A system library can include multiple functional modules. For example: surface manager (surface manager), media library (Media Libraries), 3D graphics processing library (eg: OpenGL ES), 2D graphics engine (eg: SGL) and so on.

The Surface Manager is used to manage the display subsystem and provides a fusion of 2D and 3D layers for multiple applications.

The media library supports playback and recording of a variety of commonly used audio and video formats, as well as still image files. The media library can support a variety of audio and video encoding formats, such as: MPEG4, H.264, MP3, AAC, AMR, JPG, PNG, etc.

The 3D graphics processing library is used to implement 3D graphics drawing, image rendering, compositing, and layer processing.

2D graphics engine is a drawing engine for 2D drawing.

The kernel layer is the layer between hardware and software. The kernel layer contains at least display drivers, camera drivers, audio drivers, and sensor drivers.

The following describes in detail the operation process of setting the application function split screen in the application program provided by the embodiments of the present application and the display process of the split screen function interface with reference to the accompanying drawings. It should be noted that “at the time of” in the embodiment of the present application may be the moment when a certain situation occurs, or it may be within a period of time after the occurrence of a certain situation, which is not specified in the embodiment of the present application. limited.

At present, many terminal devices with transaction payment function are equipped with an embedded secure element (eSE). eSE is a security module, which is mainly responsible for the secure data storage and data encryption of the terminal device. The security performance of eSE is relatively high. high. A supplementary security domain (SSD) can be set in the eSE, and an applet can be installed in each SSD. The terminal device can make payment through Applet to realize the mobile payment function.

When adding a bank card applet to the terminal device, you can call the SSD creation interface through the wallet app in the terminal device to create an SSD in the eSE of the terminal device, and then add the bank card applet to the created SSD.

However, as the eSE is the hardware with high security in the terminal device, if any application program can operate the SSD in the eSE, the security of the eSE of the terminal device will be reduced. In order to solve the above technical problems, in the solution provided by the present disclosure, when an application program operates the SSD in the eSE, the server needs to verify the application program. After the verification is passed, the application program can operate the SSD of the eSE, thereby improving the performance of the terminal equipment. The security performance of eSE.

FIG. 3 is an architectural diagram of a terminal device according to an exemplary embodiment of the present disclosure.

As shown in FIG. 3, an application program, FWK (Framework, framework) and eSE can be set in the terminal device. Applications can operate eSE through the functions provided by FWK, and then create or delete SSD in it.

FWK can provide an SSD creation interface, and applications can call this interface to create an SSD in eSE. FWK can provide an SSD deletion interface, which can be called by applications to delete SSD in eSE

FIG. 4 is a schematic diagram of an interface shown in an exemplary embodiment of the present disclosure.

An application can be set up in the terminal device, and the application has a payment function, for example, it can be a digital RMB wallet. The user can operate the terminal device to run the application program with payment function. The application can create an SSD in the eSE of the terminal device, and can also install the applet in the SSD.

The user can operate the application program in the terminal device, so that the application program displays the interface as shown in FIG. 4, so as to operate in the application program, and make the application program install the Applet in the terminal device.

As shown in Figure 4(a), an interface for installing Applet is set in the application, and the user can click the button for opening an offline wallet, thereby sending an instruction to install the Applet to the application.

After the application receives the instruction to install the applet, it can call the SSD creation interface provided by the FWK to create the SSD in the eSE, and then install the applet in the created SSD.

In order to improve the security of eSE, when an application calls the SSD to create an interface, the FWK can also send a verification request to the server, and the server verifies the information in the verification request based on the request. Therefore, the server can verify the permissions of the application. If the verification is passed, the FWK can create the SSD in the eSE, and then the application can install the Applet in the SSD. If the verification fails, the FWK cannot create the SSD in the eSE, and the application cannot install the Applet in the SSD.

During the process of waiting for a feedback message from the server, creating an SSD, and installing an Applet, the terminal device can display the interface shown in Figure 4(b).

FIG. 5 is a schematic diagram of an interface showing a successful installation of an Applet according to an exemplary embodiment of the present disclosure.

After the Applet is successfully installed, the terminal device can display a schematic interface diagram as shown in FIG. 5 . In FIG. 5 , the Applet is used as an offline wallet for a schematic illustration. Specifically, it can display the name, card number, balance and other information of the offline wallet. It can also display the message that the offline wallet is successfully opened.

There are also transfer-in and transfer-out buttons on the interface of the offline wallet. Users can click the transfer-in or transfer-out button to transfer a certain amount of digital RMB to the offline wallet, or transfer a certain amount of digital renminbi from the offline wallet. digital yuan.

FIG. 6 is a schematic diagram of an interface of an Applet installation failure shown in an exemplary embodiment of the present disclosure.

In one case, there may also be a failure to install the Applet. For example, if the server reports a verification failure message, the FWK cannot create an SSD. In this case, the application can display the interface shown in Figure 6 to remind the user to go offline. Wallet creation failed.

FIG. 7 is a device interaction diagram shown in the first exemplary embodiment of the present disclosure.

As shown in Figure 7, the user can operate the application program of the terminal device and click the button to install the Applet. For example, he can click the button of "Create Offline Wallet" in the application program, and for example, he can click the "Open Card" button in the application program. button.

After the application receives the instruction to install the Applet, it can send an SSD creation request to the FWK of the terminal device. The FWK can provide an SSD creation interface. After the application receives the instruction to install the Applet, it can call the SSD creation interface, so that the FWK can create an SSD in the eSE for the application.

To prevent any application from being able to create an SSD in the eSE through the FWK, the FWK can also send a verification request to the server. The verification request can carry information about the application, so that the server can verify the permissions of the application.

In an optional implementation manner, before the FWK sends the verification request to the server, it can also be determined whether the application is in the whitelist, and if so, the FWK of the terminal device can send the verification request to the server. If not, the FWK of the terminal device rejects the application's request to create an SSD, and the application program interface can display the information that the offline wallet creation failed.

Wherein, the private key of the application can also be set in the terminal device, and the public key of the application can be set in the server. Thereby, the permission of the application can be verified according to the asymmetric encryption method.

The FWK can obtain the application's private key and use that private key to generate signature data. For example, the information of the application can be obtained, and the information can be signed by using the private key of the application to obtain the signature data. For example, the application identifier, the security domain identifier corresponding to the installed Applet, and the timestamp can be concatenated to obtain a string, and then the private key is used to sign the string to obtain the signature data. For another example, the identifier of the application can be obtained, and the identifier can be signed by using the private key of the application to obtain the signature data.

It can also be set to the encryption algorithm corresponding to the application, for example, the signature data can be generated based on the sm2 (an encryption algorithm) algorithm.

A security domain identifier can be set for each applet. For example, when an SSD is created for the first applet, the identifier of the SSD is the first SSD AID, and the security domain identifier of the first applet is the first SSD AID.

Further, the same application may correspond to multiple security domain identifiers. For example, if N Applets can be installed through one application, then N security domain identifiers corresponding to the application are set in the server. A security domain ID corresponds to an applet.

In actual application, different applications may also correspond to the same security domain identifier. For example, the first applet can be installed through application A, and the first applet can also be installed through application B, then application A can be used with the first applet. corresponding to the security domain identifier of the first applet, and application B may also correspond to the security domain identifier of the first applet.

After the FWK generates the signature data, it can send a verification request to the server, and the verification request can include the signature data. The server can obtain the public key of the application, and then verify the signature data. If the verification is passed, the server can send the pass information to the FWK, so that the FWK can create an SSD for the application.

Specifically, the verification request may also include content such as an application identifier, a security domain identifier, and a timestamp. For example, application A sends a request to create an SSD to FWK, and FWK obtains the private key of application A and generates signature data. Then, the identifier of the application A, the security domain identifier corresponding to the Applet that needs to be installed at present, the timestamp and the signature data are sent to the server.

After the server receives the verification request, it can obtain the application ID in it, and then obtain the public key according to the application ID. The server side can store public keys corresponding to applications. For example, if application A and application B have the right to create SSDs in the eSE, the public keys corresponding to applications A and B can be stored in the server.

Further, the server can use the obtained public key to verify the signature data included in the verification request, and if the signature data is successfully decrypted by using the public key, it can be determined that the signature data is generated using the private key of the application, It is further determined that the verification of the signature data is passed. For example, an encryption algorithm may be preset, and the signature data may be decrypted based on the preset encryption algorithm. The preset encryption algorithm may be, for example, the sm2 algorithm.

In another implementation manner, an encryption algorithm corresponding to the application program is also stored in the server. In this embodiment, after receiving the verification request, the server may also obtain an encryption algorithm according to the application identifier, and then use the public key of the application to decrypt the signature data based on the encryption algorithm, thereby verifying the signature data.

For example, the encryption algorithm corresponding to application A is sm2, and the encryption algorithm corresponding to application B is RSA2048. If the application identifier included in the verification request is the identifier of program A, the encryption algorithm obtained by the server is sm2.

In an optional implementation manner, for the same application, the server may store multiple encryption algorithms corresponding to the application. The encryption algorithm can be selected according to the region where the terminal device is located. For example, the server may determine the region where the terminal device is located according to the IP address of the terminal device when sending the verification information, and then select multiple encryption algorithms corresponding to the terminal device according to the region. For example, the encryption algorithms corresponding to application A are sm2 and RSA2048. When the region where the terminal device is located is the first region, the sm2 algorithm can be selected, and when the region where the terminal device is located is the second region, the RSA2048 algorithm can be selected.

This embodiment is especially suitable for scenarios where terminal devices in multiple regions can send verification information to the server. For example, a first terminal located in the first area can send verification information to the server, and when the first terminal generates signature data, The encryption algorithm corresponding to the first area is used; the second terminal located in the second area can also send verification information to the server, and the second terminal uses the encryption algorithm corresponding to the second area when generating the signature data. In this scenario, the server may select an encryption algorithm corresponding to the region according to the region where the terminal device is located.

The first area may refer to the area where the first type of country is located, and the second area may refer to the area where the second type of country is located.

The above embodiment uses two regions as an example to illustrate, of course, encryption algorithms corresponding to more regions may also be set, and the processing process is the same as that of setting encryption algorithms corresponding to two regions, and will not be repeated.

In an optional implementation manner, if the server verifies the signature data successfully, the server may send the verification information to the FWK of the terminal device. In this embodiment, the verification request sent by the FWK to the server includes the signature data and the application identifier.

In actual application, the server may also store the security domain identifier corresponding to the application. The server can obtain the security domain identifier corresponding to the application according to the application identifier in the verification request. Further, the obtained security domain identifier can be compared with the security domain identifier in the verification request, and if the comparison is consistent, it can be determined that the verification of the security domain identifier has passed.

In an optional implementation manner, if the verification of the signature data by the server is successful, and the verification of the security domain identifier by the server also passes, the server may send the verification information to the FWK of the terminal device. In this embodiment, the verification request sent by the FWK to the server includes the signature data and the application program identifier, and also includes the security domain identifier.

The verification request sent by the FWK to the server may also include a timestamp. When the server performs verification, the current time can be obtained and compared with the timestamp. If the time interval between the two is less than the preset interval, the time verification will be determined. pass. In this embodiment, the server can avoid repeatedly sending the verification information to the FWK.

In an optional embodiment, if the server checks the signature data successfully, and the server checks the security domain identifier, and the time check passes, then the server can send the check to the FWK of the terminal device. Information. In this embodiment, the verification request sent by the FWK to the server includes the signature data and the application program identifier, as well as the security domain identifier and the timestamp.

Specifically, the above-mentioned application identifier may be an application package name.

If the verification of the verification request is passed by the server, the verification information may be sent to the FWK, and the information may include the security domain installation script. After the server passes the verification of the verification request, it can obtain the security domain installation script and send it to the FWK of the terminal device.

Further, the server may obtain the corresponding security domain installation script according to the security domain identifier in the verification request. You can also obtain the corresponding security domain installation script according to the current applet to be installed.

In practical applications, after the FWK receives the security domain installation script, it can execute the security domain installation script to create an SSD in the eSE. The eSE can send the creation result to the FWK, for example, the result of the successful creation of the SSD, or the result of the failure of the creation of the SSD. FWK can also forward SSD creation results to applications.

In an optional implementation manner, the terminal device and the application can pre-agreed on the generation method of the initial key, and when the SSD is created in the eSE of the terminal device, the terminal device can also generate the initial key for the SSD according to the pre-agreed method. .

If the SSD is successfully created in the eSE, the eSE can send the result of the successful creation of the SSD to the FWK, and the FWK can forward the result of the successful creation of the SSD to the application. If the application program receives the result that the SSD is successfully created, the application program can generate an initial key according to a pre-agreed method, and then can operate the created SSD using the initial key.

The application can use the initial key to modify the key of the SSD to make the created SSD more secure, thereby further improving the security of the SSD. Applications can operate the SSD based on the modified key.

Applications can also install Applets in SSDs. The application can download the applet and add it to the created SSD. If the Applet is successfully installed in the SSD, the eSE can also send a message that the installation is successful to the application.

After the applet is successfully installed in the SSD, the application can also send a card add request to the FWK to add the card corresponding to the applet in the FWK. After the FWK receives the card addition request, it can add the card in the hardware wallet and send the addition result to the application. For example, a message that the card was added successfully.

FIG. 8 is a device interaction diagram shown in the second exemplary embodiment of the present disclosure.

As shown in Figure 8, the user can operate the application program of the terminal device and click the button to delete the Applet. For example, he can click the button of "Delete Offline Wallet" in the application program. For another example, he can click the button of "Delete Card" in the application program. button.

After the application receives the instruction to delete the applet, it can send the SSD deletion request to the FWK of the terminal device. The FWK can provide an SSD deletion interface. After the application receives the instruction to delete the applet, it can call the SSD deletion interface, so that the FWK can delete the SSD in the eSE.

In order to prevent any application from being able to delete the SSD in the eSE through the FWK, the FWK can also send a verification request to the server. The verification request can carry the information of the application, so that the server can verify the permissions of the application.

In an optional implementation manner, before the FWK sends the verification request to the server, it can also be determined whether the application is in the whitelist, and if so, the FWK of the terminal device can send the verification request to the server. If not, the FWK of the terminal device rejects the application's request to delete the SSD, and the application program interface can display the information that the offline wallet deletion failed.

Wherein, the private key of the application can also be set in the terminal device, and the public key of the application can be set in the server. Thereby, the permission of the application can be verified according to the asymmetric encryption method.

The FWK can obtain the application's private key and use that private key to generate signature data. For example, the information of the application can be obtained, and the information can be signed by using the private key of the application to obtain the signature data. For example, the application identifier, the security domain identifier corresponding to the deleted applet, and the timestamp can be spliced together to obtain a string, and then the private key is used to sign the string to obtain the signature data. For another example, the identifier of the application can be obtained, and the identifier can be signed by using the private key of the application to obtain the signature data.

It can also be set to the encryption algorithm corresponding to the application, for example, the signature data can be generated based on the sm2 (an encryption algorithm) algorithm.

A security domain identifier may be set for each Applet, for example, the security domain identifier corresponding to the first Apple is the first SSD AID.

Further, the same application may correspond to multiple security domain identifiers. For example, if N Applets can be installed through one application, then N security domain identifiers corresponding to the application are set in the server. A security domain ID corresponds to an applet.

In actual application, different applications may also correspond to the same security domain identifier. For example, the first applet can be deleted through application A, and the first applet can also be deleted through application B, then application A can be used with the first applet. corresponding to the security domain identifier of the first applet, and application B may also correspond to the security domain identifier of the first applet.

After the FWK generates the signature data, it can send a verification request to the server, and the verification request can include the signature data. The server can obtain the public key of the application, and then verify the signature data. If the verification is passed, the server can send the pass information to the FWK, so that the FWK deletes the corresponding SSD in the eSE.

Specifically, the verification request may also include content such as an application identifier, a security domain identifier, and a timestamp. For example, when application A sends a request to FWK to delete the SSD, the FWK obtains the private key of application A and generates signature data. Then, the identifier of the application A, the security domain identifier corresponding to the applet that needs to be deleted, the timestamp and the signature data are sent to the server.

After the server receives the verification request, it can obtain the application ID in it, and then obtain the public key according to the application ID. The server side can store the public key corresponding to the application. For example, if application A and application B have the right to delete the SSD in the eSE, the public key corresponding to application A and B can be stored in the server.

Further, the server can use the obtained public key to verify the signature data included in the verification request, and if the signature data is successfully decrypted using the public key, it can be determined that the signature data is generated using the private key of the application, It is further determined that the verification of the signature data is passed. For example, an encryption algorithm may be preset, and the signature data may be decrypted based on the preset encryption algorithm. The preset encryption algorithm may be, for example, the sm2 algorithm.

In another implementation manner, an encryption algorithm corresponding to the application program is also stored in the server. In this embodiment, after receiving the verification request, the server may also obtain an encryption algorithm according to the application identifier, and then use the public key of the application to decrypt the signature data based on the encryption algorithm, thereby verifying the signature data.

For example, the encryption algorithm corresponding to application A is sm2, and the encryption algorithm corresponding to application B is RSA2048. If the application identifier included in the verification request is the identifier of program A, the encryption algorithm obtained by the server is sm2.

In an optional implementation manner, if the server verifies the signature data successfully, the server may send the verification information to the FWK of the terminal device. In this embodiment, the verification request sent by the FWK to the server includes the signature data and the application identifier.

In actual application, the server may also store the security domain identifier corresponding to the application. The server can obtain the security domain identifier corresponding to the application according to the application identifier in the verification request. Further, the obtained security domain identifier can be compared with the security domain identifier in the verification request, and if the comparison is consistent, it can be determined that the verification of the security domain identifier has passed.

In an optional implementation manner, if the verification of the signature data by the server is successful, and the verification of the security domain identifier by the server also passes, the server may send the verification information to the FWK of the terminal device. In this embodiment, the verification request sent by the FWK to the server includes the signature data and the application program identifier, and also includes the security domain identifier.

The verification request sent by the FWK to the server may also include a timestamp. When the server performs verification, the current time can be obtained and compared with the timestamp. If the time interval between the two is less than the preset interval, the time verification will be determined. pass. In this embodiment, the server can avoid repeatedly sending the verification information to the FWK.

In an optional embodiment, if the server checks the signature data successfully, and the server checks the security domain identifier, and the time check passes, then the server can send the check to the FWK of the terminal device. Information. In this embodiment, the verification request sent by the FWK to the server includes the signature data and the application program identifier, as well as the security domain identifier and the timestamp.

Specifically, the above-mentioned application identifier may be an application package name.

If the verification of the verification request is passed by the server, the verification information may be sent to the FWK, and the information may include a security domain deletion script. After the server passes the verification of the verification request, it can obtain the security domain deletion script and send it to the FWK of the terminal device.

Further, the server may obtain the corresponding security domain deletion script according to the security domain identifier in the verification request. You can also obtain the corresponding security domain deletion script according to the applet that needs to be deleted currently.

In practical applications, after the FWK receives the security domain deletion script, it can execute the security domain deletion script, and then delete the SSD in the eSE. The eSE may send the deletion result to the FWK, for example, the result of the successful deletion of the SSD, or the result of the failure of the deletion of the SSD. FWK can also forward SSD removal results to applications.

After the SSD is successfully removed, the application can also send a card removal request to the FWK, thereby removing the card corresponding to the Applet in the FWK. After the FWK receives the card deletion request, it can delete the card in the hardware wallet and send the deletion result to the application. For example, a message that the card was deleted successfully.

In an optional embodiment provided by the present disclosure, a method for operating an applet is also provided, which is applied to a terminal device, wherein the terminal device is provided with an embedded security module, and the method includes:

In response to the operation of the applet in the application program, send verification information to the server, where the verification information includes application program information;

If the verification of the verification information is passed by the server, the terminal device receives the script file sent by the server;

Executing the script file operates an auxiliary security domain in the embedded security module, where the auxiliary security domain is used to install the applet.

The user can operate the application program and operate the applet program of the application program, for example, the applet program can be added to the terminal device, or the applet program can be deleted.

After receiving the operation for operating the applet, the terminal device can generate verification information of the application, and send the verification information to the server. For example, the verification information can be generated with the application's private key.

After the server receives the verification information, it can verify the verification information. If the verification is passed, the server confirms that the application program in the terminal device has the operation authority, so the script file can be fed back to the terminal device. For example, if the user's operation is to add an applet, the server can send a script file for creating an SSD to the terminal device; if the user's operation is to delete an applet, the server can send a script to delete the SSD to the terminal device document.

After receiving the script file, the terminal device can execute the corresponding script file, and then operate the SSD in the eSE. For example, an SSD can be created in the eSE, and another example, an SSD can be deleted in the eSE.

In this way, when the application program operates the eSE of the terminal device, the terminal device sends verification information to the server, so that after the verification of the application program passes, the terminal device operates the eSE again, thereby improving the security of the eSE.

In an optional embodiment provided by the present disclosure, a method for operating an applet is also provided, including:

The terminal device receives the operation instruction for the applet in the application program, and sends the verification information to the server;

The server verifies the verification information, and if the verification passes, sends a script file to the terminal device;

The terminal device executes the script file to operate an auxiliary security domain in the embedded security module, where the auxiliary security domain is used to install the applet; the terminal device is provided with the operation embedded security module.

In this way, when the application program operates the eSE of the terminal device, the terminal device sends verification information to the server, so that after the verification of the application program passes, the terminal device operates the eSE again, thereby improving the security of the eSE.

In a possible implementation manner, the computer-executed instructions in the embodiments of the present application may also be referred to as application code, which is not specifically limited in the embodiments of the present application.

Optionally, the interface circuit 903 may further include a transmitter and/or a receiver. Optionally, the above-mentioned processor 902 may include one or more CPUs, and may also be other general-purpose processors, digital signal processors (digital signal processors, DSPs), application specific integrated circuits (application specific integrated circuits, ASICs), and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps in combination with the method disclosed in the present application can be directly embodied as executed by a hardware processor, or executed by a combination of hardware and software modules in the processor.

Embodiments of the present application also provide a computer-readable storage medium. The methods described in the above embodiments may be implemented in whole or in part by software, hardware, firmware or any combination thereof. If implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media can include both computer storage media and communication media and also include any medium that can transfer a computer program from one place to another. The storage medium can be any target medium that can be accessed by a computer.

In one possible implementation, the computer-readable medium may include RAM, ROM, compact disc read-only memory (CD-ROM) or other optical disk storage, magnetic disk storage or other magnetic storage devices, or a Any other medium or in the form of instructions or data structures that store the required program code and can be accessed by the computer. Also, any connection is properly termed a computer-readable medium. For example, if you use coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL), or wireless technologies (such as infrared, radio, and microwave) to transmit software from a website, server, or other remote source, coaxial Cable, fiber optic cable, twisted pair, DSL or wireless technologies such as infrared, radio and microwave are included in the definition of medium. Disk and disc, as used herein, includes compact disc, laser disc, optical disc, Digital Versatile Disc (DVD), floppy disk, and Blu-ray disc, where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.

The embodiments of the present application are described with reference to flowcharts and/or block diagrams of methods, apparatuses (systems), and computer program products according to the embodiments of the present application. It will be understood that each flow and/or block in the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processing unit of a general purpose computer, special purpose computer, embedded processor or other programmable data processing device to produce a machine such that the instructions executed by the processing unit of the computer or other programmable data processing device produce Means for implementing the functions specified in a flow or flow of a flowchart and/or a block or blocks of a block diagram.

The above specific embodiments further describe the purpose, technical solutions and beneficial effects of the present invention in detail. It should be understood that the above are only specific embodiments of the present invention, and are not intended to limit the protection scope of the present invention. On the basis of the technical solutions of the present invention, any modifications, equivalent replacements, improvements, etc. made shall be included within the protection scope of the present invention.

Claims (18)

1. A method for operating an applet, applied to a terminal device, wherein an embedded security module is provided in the terminal device, wherein the method comprises: In response to the operation of the applet in the application program, send verification information to the server, where the verification information includes application program information; If the verification of the verification information is passed by the server, the terminal device receives the script file sent by the server; Executing the script file operates an auxiliary security domain in the embedded security module, where the auxiliary security domain is used to install the applet. 2. The method according to claim 1, wherein if the operation is an installation operation, the method further comprises: If the applet is successfully installed in the auxiliary security domain, an interface indicating that the applet is installed successfully is displayed; If the creation of the auxiliary security domain in the embedded security module fails, or the installation of the applet in the auxiliary security domain fails, an interface for installation failure of the applet is displayed. 3. The method according to claim 1, wherein, if the operation is a deletion operation, the method further comprises: If the deletion of the auxiliary security domain is successful, an interface that the applet is deleted successfully is displayed; If the deletion of the auxiliary security domain is successful, an interface of failure to delete the applet is displayed. 4. The method according to any one of claims 1-3, wherein the terminal device is provided with a frame; the response to the operation of the applet in the application program sends verification information to the server, include: The application receives the operation on the applet, and sends a security domain operation request to the framework; The framework obtains a security domain identifier and the private key of the application, and the security domain identifier corresponds to the applet; The framework generates signature data according to the private key, and sends the verification information to the server, where the verification information includes the application information and the first time information, and the application information includes all The signature data and the security domain identifier. 5. The method according to claim 4, wherein the verification information is checked and passed when the following conditions are met: The server uses the public key of the application to verify the signature data, and the server determines that the security domain identifier in the application information corresponds to the application, and the second data obtained by the server is passed. A time interval between the time information and the first time information is less than a preset interval. 6. The method according to claim 5, wherein a plurality of encryption algorithms corresponding to the application are stored in the server; The server uses the public key of the application program to verify the signature data based on the target encryption algorithm, and the target encryption algorithm is that the server performs multiple encryption algorithms according to the geographical information where the terminal device is located. determined in. 7. The method according to any one of claims 1-3, wherein a frame is provided in the terminal device; when the operation is an installation operation, the script file is a security domain installation script; The executing the script file to operate the auxiliary security domain in the embedded security module includes: The framework executes the security domain installation script to create the auxiliary security domain in the embedded security module; The method also includes the application installing the applet in the secondary security domain. 8. The method according to claim 7, wherein after the framework executes the security domain installation script to create the auxiliary security domain in the embedded security module, the method further comprises: The embedded security module sends a security domain creation result to the framework, and the framework forwards the security domain creation result to the application; The installation of the applet by the application in the secondary security domain includes: If the security domain creation result indicates that the security domain is successfully created, the application installs the applet in the created auxiliary security domain. 9. The method according to claim 8, wherein the application adds the applet in the created auxiliary security domain, comprising: The application downloads the applet and adds the applet in the secondary security domain. 10. The method according to any one of claims 1-3, wherein a frame is provided in the terminal device; when the operation is a deletion operation, the script file is a security domain deletion script; The executing the script file to operate the auxiliary security domain in the embedded security module includes: The framework executes the security domain deletion script to delete the auxiliary security domain in the embedded security module in which the applet is installed. 11. A method of operating an applet, comprising: The terminal device receives the operation instruction for the applet in the application program, and sends the verification information to the server; The server verifies the verification information, and if the verification passes, sends a script file to the terminal device; The terminal device executes the script file to operate an auxiliary security domain in the embedded security module, where the auxiliary security domain is used to install the applet; the terminal device is provided with the operation embedded security module. 12 . The method according to claim 11 , wherein the verification information includes application program information and first time information, and the application program information includes signature data and a security domain identifier. 13 . The method according to claim 11 or 12, wherein if the operation is an installation operation, the script file is a security domain installation script. The method according to claim 11 or 12, wherein if the operation is an installation operation, the script file is a security domain deletion script. 15. An electronic device, characterized by comprising: a unit for performing each step of any one of claims 1-14. 16. An electronic device, comprising: a processor and a display screen, wherein the processor is used to call a program in a memory to execute the steps of processing in the method according to any one of claims 1-14, the The display screen is used for performing the steps displayed in the method of any one of claims 1-14. 17. An electronic device, comprising: a processor, a display screen and an interface circuit, the interface circuit is used for communicating with other devices, and the processor is used for executing the method according to any one of claims 1-14 In the steps of processing in the method, the display screen is used to execute the steps displayed in the method according to any one of claims 1-14. 18. A computer-readable storage medium, wherein the computer-readable storage medium stores instructions that, when executed, cause a computer to perform the method according to any one of claims 1-14.

Images