Nothing Special   »   [go: up one dir, main page]

CN116305093B - Method for operating applet and electronic device - Google Patents

Method for operating applet and electronic device Download PDF

Info

Publication number
CN116305093B
CN116305093B CN202310072380.9A CN202310072380A CN116305093B CN 116305093 B CN116305093 B CN 116305093B CN 202310072380 A CN202310072380 A CN 202310072380A CN 116305093 B CN116305093 B CN 116305093B
Authority
CN
China
Prior art keywords
security domain
applet
application program
application
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310072380.9A
Other languages
Chinese (zh)
Other versions
CN116305093A (en
Inventor
韩业飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Honor Device Co Ltd
Original Assignee
Honor Device Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Honor Device Co Ltd filed Critical Honor Device Co Ltd
Priority to CN202310072380.9A priority Critical patent/CN116305093B/en
Publication of CN116305093A publication Critical patent/CN116305093A/en
Application granted granted Critical
Publication of CN116305093B publication Critical patent/CN116305093B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Telephone Function (AREA)

Abstract

The embodiment of the application provides an operation method of an applet and electronic equipment, which relate to the technical field of terminals, wherein an embedded security module is arranged in the terminal equipment, and the method comprises the following steps: in response to an operation of an applet in the application, sending verification information to the server, the verification information including application information; if the server checks the checking information, the terminal equipment receives a script file sent by the server; the execution script file operates an auxiliary security domain in the embedded security module, the auxiliary security domain being used to install the applet. In the scheme provided by the application, when the application program needs to operate the eSE of the terminal equipment and then operate the Applet, the terminal equipment sends the verification information comprising the application program information to the server, so that the server verifies the authority of the application program, and in this way, only the application program passing the verification can operate the eSE, so that the safety performance of the eSE is improved.

Description

Method for operating applet and electronic device
The present application is a divisional application, the application number of the original application is 202111376151.3, the original application date is 2021, 11 and 19, and the whole content of the original application is incorporated by reference.
Technical Field
The present application relates to the field of terminal technologies, and in particular, to an applet operating method and an electronic device.
Background
At present, a plurality of terminal devices with mobile payment function exist, and embedded security modules (embedded secure element, eSE) are arranged in the terminal devices and are mainly responsible for the work of data security storage, data encryption and the like of the terminal devices, so that the security performance of the eSE is higher.
An auxiliary security domain (supplementary security domain, SSD) is provided in the eSE, and an Applet (Applet) with a payment function can be provided in the SSD. By setting the Applet in the SSD of the eSE, the security performance of the Applet can be improved.
However, if any application can operate an Applet in the eSE, the security performance of the eSE is reduced.
Disclosure of Invention
The embodiment of the application provides an operation method of an applet and electronic equipment, which improves the safety performance of eSE.
In a first aspect, an embodiment of the present application provides a method for operating an applet, which is applied to a terminal device, where an embedded security module is disposed in the terminal device, and the method includes:
In response to an operation of an applet in the application, sending verification information to the server, the verification information including application information;
if the server checks the checking information, the terminal equipment receives a script file sent by the server;
executing the script file operates an auxiliary security domain in the embedded security module, the auxiliary security domain being used to install the applet.
In the operating method of the Applet provided by the application, the application program needs to operate the eSE of the terminal equipment, and when the Applet is operated, the terminal equipment sends the verification information comprising the application program information to the server, so that the server verifies the authority of the application program, if the verification is passed, the terminal equipment can operate the eSE based on the function of the application program, otherwise, the terminal equipment does not operate the eSE. In this way, only verified applications are enabled to operate the eSE to increase the security performance of the eSE.
In one possible implementation, if the operation is an installation operation, the method further includes:
if the applet is successfully installed in the auxiliary security domain, displaying an interface of successful applet installation;
And if the creation of the auxiliary security domain in the embedded security module fails or the installation of the applet in the auxiliary security domain fails, displaying an interface of the applet installation failure.
In the embodiment, the user can know the installation result of the applet, and the user experience is improved.
In one possible implementation, if the operation is a delete operation, the method further includes:
if the auxiliary security domain is successfully deleted, displaying an interface of successful deletion of the applet;
and if the auxiliary security domain is successfully deleted, displaying an interface of the deletion failure of the applet.
In the embodiment, the user can know the deleting result of the applet, and the user experience is improved.
In one possible implementation, the terminal device is provided with a frame; the response to the operation of the applet in the application program sends verification information to the server, including:
the application program receives the operation of the applet program and sends a security domain operation request to the framework;
The framework acquires a security domain identifier and a private key of the application program, wherein the security domain identifier corresponds to the applet program;
the framework generates signature data according to the private key and sends the verification information to the server, wherein the verification information comprises the application program information and first time information, and the application program information comprises the signature data and the security domain identification.
In this embodiment, the server is a background server of the terminal device, and the verification information may be sent to the server through a frame set in the terminal device, so that the server may verify the authority of the application program based on the verification information.
In one possible implementation, the verification information is verified by:
The server checks the signature data by using the public key of the application program, determines that the security domain identifier in the application program information corresponds to the application program, and the time interval between the second time information and the first time information acquired by the server is smaller than a preset interval.
In this embodiment, the signature data needs to be checked, and the security domain identifier corresponding to the applet needs to be checked, so that the identity of the application program that needs to operate the eSE needs to be fully verified; it is also necessary to determine whether the time information in the check information meets the requirement, so that the problem of repeatedly issuing the script file in a short time can be avoided.
In one possible implementation, the terminal device is provided with a frame; when the operation is an installation operation, the script file is a security domain installation script;
the executing the script file operates an auxiliary security domain in the embedded security module, comprising:
The framework executes the security domain installation script to create the auxiliary security domain in the embedded security module;
The method further comprises the steps of: the application installs the applet in the auxiliary security domain.
In this embodiment, if the authority of the application program passes the verification, the SSD is created in the eSE by the frame of the terminal device, and the SSD is created by the frame, so that the application program is prevented from directly creating the SSD in the eSE, and the security of the eSE can be further improved. After the creation is successful, the Applet is installed in the created SSD by the application, thereby enabling the application with the operating eSE rights to install the Applet in the SSD.
In one possible implementation, after the framework executes the security domain installation script to create the auxiliary security domain in the embedded security module, the framework further includes:
The embedded security module sends a security domain creation result to the framework, and the framework forwards the security domain creation result to the application program;
The application installing the applet in the auxiliary security domain comprises:
and if the security domain creation result represents that the security domain creation is successful, the application program installs the applet in the created auxiliary security domain.
In the implementation mode, the FWK creates the SSD in the eSE, and the application program installs the Applet in the SSD after the SSD is successfully created, so that the application program is prevented from directly creating the SSD in the eSE, and the application program only operates the SSD created for the application program, thereby further improving the safety of the eSE.
In one possible implementation, the adding, by the application, the applet in the created auxiliary security domain includes:
The application downloads the applet and adds the applet in the auxiliary security domain.
In one possible implementation, the terminal device is provided with a frame; when the operation is a deletion operation, the script file is a security domain deletion script;
the executing the script file operates an auxiliary security domain in the embedded security module, comprising:
the framework executes the security domain deletion script to delete the auxiliary security domain in the embedded security module, wherein the applet is installed in the auxiliary security domain.
In this embodiment, the FWK deletes the SSD in the eSE, so as to avoid the application program from directly deleting the SSD in the eSE, and the SSD is provided with the Applet, and after the SSD is deleted, the Applet in the SSD is deleted, so that the Applet in the eSE can be deleted in a safer manner.
In a second aspect, an embodiment of the present application provides a method for operating an applet, including:
The terminal equipment receives an operation instruction of an applet in the application program and sends verification information to a server;
The server checks the check information, and if the check is passed, a script file is sent to the terminal equipment;
The terminal equipment executes the script file to operate an auxiliary security domain in the embedded security module, wherein the auxiliary security domain is used for installing the applet; the terminal equipment is internally provided with the operation embedded type safety module.
In a possible implementation manner, the verification information includes application program information and first time information, and the application program information includes signature data and a security domain identifier.
In one possible implementation, if the operation is an installation operation, the script file is a security domain installation script.
In one possible implementation, if the operation is an installation operation, the script file is a security domain deletion script.
In a third aspect, an embodiment of the present application provides an operating device for an applet, where the device may be a terminal device, and may also be a chip or a chip system in the terminal device. Wherein an embedded security module is arranged in the terminal device, and the device may comprise a frame. The operating device of the applet is further provided with a display unit for performing the step of displaying.
Illustratively, the framework is configured to send verification information to the server in response to an operation of an applet in the application, the verification information including application information; the framework is also used for receiving a script file sent by the server if the server checks the check information; the framework is to execute the script file to operate an auxiliary security domain in the embedded security module, the auxiliary security domain to install the applet.
In a possible implementation, the operation is an installation operation, and the display unit is further configured to:
if the applet is successfully installed in the auxiliary security domain, displaying an interface of successful applet installation;
And if the creation of the auxiliary security domain in the embedded security module fails or the installation of the applet in the auxiliary security domain fails, displaying an interface of the applet installation failure.
In a possible implementation, the operation is a delete operation, and the display unit is further configured to:
if the auxiliary security domain is successfully deleted, displaying an interface of successful deletion of the applet;
and if the auxiliary security domain is successfully deleted, displaying an interface of the deletion failure of the applet.
In a possible implementation manner, the device is further provided with an application program:
the application program receives the operation of the applet program and sends a security domain operation request to the framework;
The framework acquires a security domain identifier and a private key of the application program, wherein the security domain identifier corresponds to the applet program;
the framework generates signature data according to the private key and sends the verification information to the server, wherein the verification information comprises the application program information and first time information, and the application program information comprises the signature data and the security domain identification.
In one possible implementation, the verification information is verified by:
The server checks the signature data by using the public key of the application program, determines that the security domain identifier in the application program information corresponds to the application program, and the time interval between the second time information and the first time information acquired by the server is smaller than a preset interval.
In one possible implementation, when the operation is an installation operation, the script file is a security domain installation script;
The frame is specifically for: executing the security domain installation script to create the auxiliary security domain in the embedded security module;
the application is specifically configured to install the applet in the auxiliary security domain.
In one possible implementation, after the framework executes the security domain installation script to create the auxiliary security domain in the embedded security module, the embedded security module sends a security domain creation result to the framework, which forwards the security domain creation result to the application;
the application program is specifically configured to install the applet in the created auxiliary security domain if the security domain creation result indicates that the security domain creation is successful.
In one possible implementation, the application program is specifically configured to:
The application downloads the applet and adds the applet in the auxiliary security domain.
In one possible implementation manner, when the operation is a delete operation, the script file is a security domain delete script;
The frame is specifically for:
executing the security domain deletion script deletes the auxiliary security domain in the embedded security module, wherein the applet is installed in the auxiliary security domain.
In a fourth aspect, an embodiment of the present application provides an electronic device, including: means for performing the first aspect or any of the possible implementations of the first aspect, or means for performing the second aspect or any of the possible implementations of the second aspect.
In a fifth aspect, an embodiment of the present application provides an electronic device, including: a processor, a display screen, and interface circuitry for communicating with other devices; the display screen is used for executing the step of displaying; the processor is configured to execute code instructions to implement the first aspect or any of the possible implementations of the first aspect or to implement the second aspect or any of the possible implementations of the second aspect.
In a sixth aspect, embodiments of the present application provide a computer readable storage medium storing instructions that, when executed, implement any one of the first aspect or any of the possible implementations of the first aspect, or implement any one of the second aspect or any of the possible implementations of the second aspect.
Drawings
Fig. 1 is a schematic structural diagram of a terminal device 100 according to an embodiment of the present application;
Fig. 2 is a schematic software structure of a terminal device 100 according to an embodiment of the present application;
fig. 3 is a block diagram of a terminal device according to an exemplary embodiment of the present disclosure;
FIG. 4 is a schematic illustration of an interface shown in an exemplary embodiment of the present disclosure;
FIG. 5 is a schematic diagram of an interface showing the success of an Applet installation in an exemplary embodiment of the present disclosure;
FIG. 6 is an interface diagram illustrating an Applet installation failure in accordance with an exemplary embodiment of the present disclosure;
FIG. 7 is a device interaction diagram illustrating a first exemplary embodiment of the present disclosure;
FIG. 8 is a device interaction diagram illustrating a second exemplary embodiment of the present disclosure;
fig. 9 is a schematic hardware structure of an operating device of an applet according to an embodiment of the application.
Detailed Description
In order to clearly describe the technical solution of the embodiments of the present application, in the embodiments of the present application, the words "first", "second", etc. are used to distinguish the same item or similar items having substantially the same function and effect. For example, the interface of the first target function and the interface of the second target function are for distinguishing different response interfaces, and the order of the different response interfaces is not limited. It will be appreciated by those of skill in the art that the words "first," "second," and the like do not limit the amount and order of execution, and that the words "first," "second," and the like do not necessarily differ.
In the present application, the words "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "for example" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
The electronic device includes a terminal device, which may also be referred to as a terminal (terminal), a User Equipment (UE), a Mobile Station (MS), a Mobile Terminal (MT), or the like. The terminal device may be a mobile phone, a smart television, a wearable device, a tablet (Pad), a computer with wireless transceiving function, a Virtual Reality (VR) terminal device, an augmented reality (augmented reality, AR) terminal device, a wireless terminal in industrial control (industrial control), a wireless terminal in unmanned driving (self-driving), a wireless terminal in teleoperation (remote medical surgery), a wireless terminal in smart grid (SMART GRID), a wireless terminal in transportation security (transportation safety), a wireless terminal in smart city (SMART CITY), a wireless terminal in smart home (smart home), or the like. The embodiment of the application does not limit the specific technology and the specific equipment form adopted by the terminal equipment.
In order to better understand the embodiments of the present application, the following describes the structure of the terminal device according to the embodiments of the present application:
Fig. 1 shows a schematic structure of a terminal device 100. The terminal device 100 may include a processor 110, an external memory interface 120, an internal memory 121, a universal serial bus (universal serial bus, USB) interface 130, a charge management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2, a mobile communication module 150, a wireless communication module 160, an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, a sensor module 180, keys 190, a motor 191, an indicator 192, a camera 193, a display 194, and a subscriber identity module (subscriberidentification module, SIM) card interface 195, etc. The sensor module 180 may include a pressure sensor 180A, a gyro sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, an ambient light sensor 180L, a bone conduction sensor 180M, and the like.
It is to be understood that the structure illustrated in the embodiment of the present application does not constitute a specific limitation on the terminal device 100. In other embodiments of the application, terminal device 100 may include more or less components than illustrated, or certain components may be combined, or certain components may be split, or different arrangements of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
The processor 110 may include one or more processing units, such as: the processor 110 may include an application processor (application processor, AP), a modem processor, a graphics processor (graphics processingunit, GPU), an image signal processor (IMAGE SIGNAL processor, ISP), a controller, a video codec, a digital signal processor (DIGITAL SIGNAL processor, DSP), a baseband processor, and/or a neural-Network Processor (NPU), etc. Wherein the different processing units may be separate devices or may be integrated in one or more processors.
The controller can generate operation control signals according to the instruction operation codes and the time sequence signals to finish the control of instruction fetching and instruction execution.
A memory may also be provided in the processor 110 for storing instructions and data. In some embodiments, the memory in the processor 110 is a cache memory. The memory may hold instructions or data that the processor 110 has just used or recycled. If the processor 110 needs to reuse the instruction or data, it may be called from memory. Repeated accesses are avoided and the latency of the processor 110 is reduced, thereby improving the efficiency of the system.
In some embodiments, the processor 110 may include one or more interfaces. The interfaces may include an integrated circuit (inter-INTEGRATED CIRCUIT, I2C) interface, an integrated circuit built-in audio (inter-INTEGRATED CIRCUITSOUND, I2S) interface, a pulse code modulation (pulse code modulation, PCM) interface, a universal asynchronous receiver transmitter (universal asynchronous receiver/transmitter, UART) interface, a mobile industry processor interface (mobile industry processor interface, MIPI), a general-purposeinput/output (GPIO) interface, a subscriber identity module (subscriber identity module, SIM) interface, and/or a universal serial bus (universal serial bus, USB) interface, among others.
The I2C interface is a bi-directional synchronous serial bus comprising a serial data line (SERIAL DATA LINE, SDA) and a serial clock line (derail clock line, SCL). In some embodiments, the processor 110 may contain multiple sets of I2C buses. The processor 110 may be coupled to the touch sensor 180K, charger, flash, camera 193, etc., respectively, through different I2C bus interfaces. For example: the processor 110 may be coupled to the touch sensor 180K through an I2C interface, so that the processor 110 and the touch sensor 180K communicate through an I2C bus interface to implement a touch function of the terminal device 100.
The I2S interface may be used for audio communication. In some embodiments, the processor 110 may contain multiple sets of I2S buses. The processor 110 may be coupled to the audio module 170 via an I2S bus to enable communication between the processor 110 and the audio module 170. In some embodiments, the audio module 170 may transmit an audio signal to the wireless communication module 160 through the I2S interface, to implement a function of answering a call through the bluetooth headset.
PCM interfaces may also be used for audio communication to sample, quantize and encode analog signals. In some embodiments, the audio module 170 and the wireless communication module 160 may be coupled through a PCM bus interface. In some embodiments, the audio module 170 may also transmit audio signals to the wireless communication module 160 through the PCM interface to implement a function of answering a call through the bluetooth headset. Both the I2S interface and the PCM interface may be used for audio communication.
The UART interface is a universal serial data bus for asynchronous communications. The bus may be a bi-directional communication bus. It converts the data to be transmitted between serial communication and parallel communication. In some embodiments, a UART interface is typically used to connect the processor 110 with the wireless communication module 160. For example: the processor 110 communicates with a bluetooth module in the wireless communication module 160 through a UART interface to implement a bluetooth function. In some embodiments, the audio module 170 may transmit an audio signal to the wireless communication module 160 through a UART interface, to implement a function of playing music through a bluetooth headset.
The MIPI interface may be used to connect the processor 110 to peripheral devices such as a display 194, a camera 193, and the like. The MIPI interfaces include camera serial interfaces (CAMERA SERIAL INTERFACE, CSI), display serial interfaces (DISPLAYSERIAL INTERFACE, DSI), and the like. In some embodiments, processor 110 and camera 193 communicate through a CSI interface to implement the photographing function of terminal device 100. The processor 110 and the display 194 communicate via a DSI interface to implement the display function of the terminal device 100.
The GPIO interface may be configured by software. The GPIO interface may be configured as a control signal or as a data signal. In some embodiments, a GPIO interface may be used to connect the processor 110 with the camera 193, the display 194, the wireless communication module 160, the audio module 170, the sensor module 180, and the like. The GPIO interface may also be configured as an I2C interface, an I2S interface, a UART interface, an MIPI interface, etc.
The USB interface 130 is an interface conforming to the USB standard specification, and may specifically be a Mini USB interface, a Micro USB interface, a USB Type C interface, or the like. The USB interface 130 may be used to connect a charger to charge the terminal device 100, or may be used to transfer data between the terminal device 100 and a peripheral device. And can also be used for connecting with a headset, and playing audio through the headset. The interface may also be used to connect other electronic devices, such as AR devices, etc.
It should be understood that the interfacing relationship between the modules illustrated in the embodiment of the present application is illustrated schematically, and does not constitute a structural limitation of the terminal device 100. In other embodiments of the present application, the terminal device 100 may also use different interfacing manners, or a combination of multiple interfacing manners in the foregoing embodiments.
The charge management module 140 is configured to receive a charge input from a charger. The charger can be a wireless charger or a wired charger. In some wired charging embodiments, the charge management module 140 may receive a charging input of a wired charger through the USB interface 130. In some wireless charging embodiments, the charge management module 140 may receive wireless charging input through a wireless charging coil of the terminal device 100. The charging management module 140 may also supply power to the terminal device through the power management module 141 while charging the battery 142.
The power management module 141 is used for connecting the battery 142, and the charge management module 140 and the processor 110. The power management module 141 receives input from the battery 142 and/or the charge management module 140 to power the processor 110, the internal memory 121, the display 194, the camera 193, the wireless communication module 160, and the like. The power management module 141 may also be configured to monitor battery capacity, battery cycle number, battery health (leakage, impedance) and other parameters. In other embodiments, the power management module 141 may also be provided in the processor 110. In other embodiments, the power management module 141 and the charge management module 140 may be disposed in the same device.
The wireless communication function of the terminal device 100 can be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, a modem processor, a baseband processor, and the like.
The antennas 1 and 2 are used for transmitting and receiving electromagnetic wave signals. The antennas in the terminal device 100 may be used to cover single or multiple communication bands. Different antennas may also be multiplexed to improve the utilization of the antennas. For example: the antenna 1 may be multiplexed into a diversity antenna of a wireless local area network. In other embodiments, the antenna may be used in conjunction with a tuning switch.
The mobile communication module 150 may provide a solution including 2G/3G/4G/5G wireless communication applied to the terminal device 100. The mobile communication module 150 may include at least one filter, switch, power amplifier, low noise amplifier (low noise amplifier, LNA), etc. The mobile communication module 150 may receive electromagnetic waves from the antenna 1, perform processes such as filtering, amplifying, and the like on the received electromagnetic waves, and transmit the processed electromagnetic waves to the modem processor for demodulation. The mobile communication module 150 can amplify the signal modulated by the modem processor, and convert the signal into electromagnetic waves through the antenna 1 to radiate. In some embodiments, at least some of the functional modules of the mobile communication module 150 may be disposed in the processor 110. In some embodiments, at least some of the functional modules of the mobile communication module 150 may be provided in the same device as at least some of the modules of the processor 110.
The modem processor may include a modulator and a demodulator. The modulator is used for modulating the low-frequency baseband signal to be transmitted into a medium-high frequency signal. The demodulator is used for demodulating the received electromagnetic wave signal into a low-frequency baseband signal. The demodulator then transmits the demodulated low frequency baseband signal to the baseband processor for processing. The low frequency baseband signal is processed by the baseband processor and then transferred to the application processor. The application processor outputs sound signals through an audio device (not limited to the speaker 170A, the receiver 170B, etc.), or displays images or video through the display screen 194. In some embodiments, the modem processor may be a stand-alone device. In other embodiments, the modem processor may be provided in the same device as the mobile communication module 150 or other functional module, independent of the processor 110.
The wireless communication module 160 may provide solutions for wireless communication including wireless local area network (wirelesslocal area networks, WLAN) (e.g., wireless fidelity (WIRELESS FIDELITY, wi-Fi) network), bluetooth (BT), global navigation satellite system (global navigation SATELLITE SYSTEM, GNSS), frequency modulation (frequency modulation, FM), near field communication (NEAR FIELD communication, NFC), infrared (IR), etc., applied on the terminal device 100. The wireless communication module 160 may be one or more devices that integrate at least one communication processing module. The wireless communication module 160 receives electromagnetic waves via the antenna 2, modulates the electromagnetic wave signals, filters the electromagnetic wave signals, and transmits the processed signals to the processor 110. The wireless communication module 160 may also receive a signal to be transmitted from the processor 110, frequency modulate it, amplify it, and convert it to electromagnetic waves for radiation via the antenna 2.
In some embodiments, antenna 1 and mobile communication module 150 of terminal device 100 are coupled, and antenna 2 and wireless communication module 160 are coupled, such that terminal device 100 may communicate with a network and other devices via wireless communication techniques. The wireless communication techniques can include a global system for mobile communications (global system for mobile communications, GSM), general packet radio service (GENERAL PACKET radio service, GPRS), code division multiple access (codedivision multiple access, CDMA), wideband code division multiple access (wideband code division multipleaccess, WCDMA), time division code division multiple access (time-division code division multiple access, TD-SCDMA), long term evolution (long term evolution, LTE), BT, GNSS, WLAN, NFC, FM, and/or IR techniques, among others. The GNSS may include a global satellite positioning system (global positioning system, GPS), a global navigation satellite system (global navigation SATELLITE SYSTEM, GLONASS), a beidou satellite navigation system (beidounavigation SATELLITE SYSTEM, BDS), a quasi zenith satellite system (quasi-zenith satellitesystem, QZSS) and/or a satellite based augmentation system (SATELLITE BASED AUGMENTATION SYSTEMS, SBAS).
The terminal device 100 implements display functions through a GPU, a display screen 194, an application processor, and the like. The GPU is a microprocessor for image processing, and is connected to the display 194 and the application processor. The GPU is used to perform mathematical and geometric calculations for graphics rendering. Processor 110 may include one or more GPUs that execute program instructions to generate or change display information.
The display screen 194 is used to display images, videos, and the like. The display 194 includes a display panel. The display panel may employ a Liquid Crystal Display (LCD) screen (liquid CRYSTAL DISPLAY), an organic light-emitting diode (OLED), an active-matrix organic light-emitting diode (AMOLED) or an active-34 diode, a flexible light-emitting diode (FLED), miniled, microLed, micro-oLed, a quantum dot light-emitting diode (quantum dot lightemitting diodes, QLED), or the like. In some embodiments, the terminal device 100 may include 1 or N display screens 194, N being a positive integer greater than 1.
The terminal device 100 may implement a photographing function through an ISP, a camera 193, a video codec, a GPU, a display screen 194, an application processor, and the like.
The ISP is used to process data fed back by the camera 193. For example, when photographing, the shutter is opened, light is transmitted to the camera photosensitive element through the lens, the optical signal is converted into an electrical signal, and the camera photosensitive element transmits the electrical signal to the ISP for processing, so that the electrical signal is converted into an image visible to naked eyes. ISP can also optimize the noise, brightness and skin color of the image. The ISP can also optimize parameters such as exposure, color temperature and the like of a shooting scene. In some embodiments, the ISP may be provided in the camera 193.
The camera 193 is used to capture still images or video. The object generates an optical image through the lens and projects the optical image onto the photosensitive element. The photosensitive element may be a charge coupled device (charge coupled device, CCD) or a Complementary Metal Oxide Semiconductor (CMOS) phototransistor. The photosensitive element converts the optical signal into an electrical signal, which is then transferred to the ISP to be converted into a digital image signal. The ISP outputs the digital image signal to the DSP for processing. The DSP converts the digital image signal into an image signal in a standard RGB, YUV, or the like format. In some embodiments, the terminal device 100 may include 1 or N cameras 193, N being a positive integer greater than 1.
The digital signal processor is used for processing digital signals, and can process other digital signals besides digital image signals. For example, when the terminal device 100 selects a frequency bin, the digital signal processor is used to fourier transform the frequency bin energy, or the like.
Video codecs are used to compress or decompress digital video. The terminal device 100 may support one or more video codecs. In this way, the terminal device 100 can play or record video in various encoding formats, for example: dynamic picture experts group (moving picture experts group, MPEG) 1, MPEG2, MPEG3, MPEG4, etc.
The NPU is a neural-network (NN) computing processor, and can rapidly process input information by referencing a biological neural network structure, for example, referencing a transmission mode between human brain neurons, and can also continuously perform self-learning. Applications such as intelligent awareness of the terminal device 100 may be implemented by the NPU, for example: image recognition, face recognition, speech recognition, text understanding, etc.
The external memory interface 120 may be used to connect an external memory card, such as a Micro SD card, to realize expansion of the memory capability of the terminal device 100. The external memory card communicates with the processor 110 through an external memory interface 120 to implement data storage functions. For example, files such as music, video, etc. are stored in an external memory card.
The internal memory 121 may be used to store computer-executable program code that includes instructions. The internal memory 121 may include a storage program area and a storage data area. The storage program area may store an application program (such as a sound playing function, an image playing function, etc.) required for at least one function of the operating system, etc. The storage data area may store data (such as audio data, phonebook, etc.) created during use of the terminal device 100, and the like. In addition, the internal memory 121 may include a high-speed random access memory, and may further include a nonvolatile memory such as at least one magnetic disk storage device, a flash memory device, a universal flash memory (universal flash storage, UFS), and the like. The processor 110 performs various functional applications of the terminal device 100 and data processing by executing instructions stored in the internal memory 121 and/or instructions stored in a memory provided in the processor.
The terminal device 100 may implement audio functions through an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, an application processor, and the like. Such as music playing, recording, etc.
The audio module 170 is used to convert digital audio information into an analog audio signal output and also to convert an analog audio input into a digital audio signal. The audio module 170 may also be used to encode and decode audio signals. In some embodiments, the audio module 170 may be disposed in the processor 110, or a portion of the functional modules of the audio module 170 may be disposed in the processor 110.
The speaker 170A, also referred to as a "horn," is used to convert audio electrical signals into sound signals. The terminal device 100 can listen to music or to handsfree talk through the speaker 170A.
A receiver 170B, also referred to as a "earpiece", is used to convert the audio electrical signal into a sound signal. When the terminal device 100 receives a call or voice message, it is possible to receive voice by approaching the receiver 170B to the human ear.
Microphone 170C, also referred to as a "microphone" or "microphone", is used to convert sound signals into electrical signals. When making a call or transmitting voice information, the user can sound near the microphone 170C through the mouth, inputting a sound signal to the microphone 170C. The terminal device 100 may be provided with at least one microphone 170C. In other embodiments, the terminal device 100 may be provided with two microphones 170C, and may implement a noise reduction function in addition to collecting sound signals. In other embodiments, the terminal device 100 may be further provided with three, four or more microphones 170C to collect sound signals, reduce noise, identify the source of sound, implement directional recording functions, etc.
The earphone interface 170D is used to connect a wired earphone. The headset interface 170D may be a USB interface 130 or a 3.5mm open mobile electronic device platform (open mobile terminal platform, OMTP) standard interface, a american cellular telecommunications industry association (cellular telecommunications industry association of the USA, CTIA) standard interface.
The pressure sensor 180A is used to sense a pressure signal, and may convert the pressure signal into an electrical signal. In some embodiments, the pressure sensor 180A may be disposed on the display screen 194. The pressure sensor 180A is of various types, such as a resistive pressure sensor, an inductive pressure sensor, a capacitive pressure sensor, and the like. The capacitive pressure sensor may be a capacitive pressure sensor comprising at least two parallel plates with conductive material. The capacitance between the electrodes changes when a force is applied to the pressure sensor 180A. The terminal device 100 determines the intensity of the pressure according to the change of the capacitance. When a touch operation is applied to the display 194, the terminal device 100 detects the intensity of the touch operation according to the pressure sensor 180A. The terminal device 100 may also calculate the position of the touch from the detection signal of the pressure sensor 180A. In some embodiments, touch operations that act on the same touch location, but at different touch operation strengths, may correspond to different operation instructions.
The gyro sensor 180B may be used to determine a motion gesture of the terminal device 100. In some embodiments, the angular velocity of the terminal device 100 about three axes (i.e., x, y, and z axes) may be determined by the gyro sensor 180B. The gyro sensor 180B may be used for photographing anti-shake. Illustratively, when the shutter is pressed, the gyro sensor 180B detects the angle of the shake of the terminal device 100, calculates the distance to be compensated by the lens module according to the angle, and allows the lens to counteract the shake of the terminal device 100 by the reverse motion, thereby realizing anti-shake. The gyro sensor 180B may also be used for navigating, somatosensory game scenes.
The air pressure sensor 180C is used to measure air pressure. In some embodiments, the terminal device 100 calculates altitude from barometric pressure values measured by the barometric pressure sensor 180C, aiding in positioning and navigation.
The magnetic sensor 180D includes a hall sensor. The terminal device 100 can detect the opening and closing of the flip cover using the magnetic sensor 180D. In some embodiments, when the terminal device 100 is a folder, the terminal device 100 may detect opening and closing of the folder according to the magnetic sensor 180D. And then according to the detected opening and closing state of the leather sheath or the opening and closing state of the flip, the characteristics of automatic unlocking of the flip and the like are set.
The acceleration sensor 180E can detect the magnitude of acceleration of the terminal device 100 in various directions (typically three axes). The magnitude and direction of gravity may be detected when the terminal device 100 is stationary. The method can also be used for identifying the gesture of the terminal equipment, and is applied to application programs such as horizontal and vertical screen switching, pedometers and the like.
A distance sensor 180F for measuring a distance. The terminal device 100 may measure the distance by infrared or laser. In some embodiments, the terminal device 100 may range using the distance sensor 180F to achieve fast focusing.
The proximity light sensor 180G may include, for example, a Light Emitting Diode (LED) and a light detector, such as a photodiode. The light emitting diode may be an infrared light emitting diode. The terminal device 100 emits infrared light outward through the light emitting diode. The terminal device 100 detects infrared reflected light from a nearby object using a photodiode. When sufficient reflected light is detected, it can be determined that there is an object in the vicinity of the terminal device 100. When insufficient reflected light is detected, the terminal device 100 may determine that there is no object in the vicinity of the terminal device 100. The terminal device 100 can detect that the user holds the terminal device 100 close to the ear to talk by using the proximity light sensor 180G, so as to automatically extinguish the screen for the purpose of saving power. The proximity light sensor 180G may also be used in holster mode, pocket mode to automatically unlock and lock the screen.
The ambient light sensor 180L is used to sense ambient light level. The terminal device 100 may adaptively adjust the brightness of the display 194 based on the perceived ambient light level. The ambient light sensor 180L may also be used to automatically adjust white balance when taking a photograph. The ambient light sensor 180L may also cooperate with the proximity light sensor 180G to detect whether the terminal device 100 is in a pocket to prevent false touches.
The fingerprint sensor 180H is used to collect a fingerprint. The terminal device 100 can utilize the collected fingerprint characteristics to realize fingerprint unlocking, access an application lock, fingerprint photographing, fingerprint incoming call answering and the like.
The temperature sensor 180J is for detecting temperature. In some embodiments, the terminal device 100 performs a temperature processing strategy using the temperature detected by the temperature sensor 180J. For example, when the temperature reported by the temperature sensor 180J exceeds a threshold, the terminal device 100 performs a reduction in the performance of a processor located near the temperature sensor 180J in order to reduce power consumption to implement thermal protection. In other embodiments, when the temperature is below another threshold, the terminal device 100 heats the battery 142 to avoid the low temperature causing the terminal device 100 to shut down abnormally. In other embodiments, when the temperature is below a further threshold, the terminal device 100 performs boosting of the output voltage of the battery 142 to avoid abnormal shutdown caused by low temperatures.
The touch sensor 180K, also referred to as a "touch device". The touch sensor 180K may be disposed on the display screen 194, and the touch sensor 180K and the display screen 194 form a touch screen, which is also called a "touch screen". The touch sensor 180K is for detecting a touch operation acting thereon or thereabout. The touch sensor may communicate the detected touch operation to the application processor to determine the touch event type. Visual output related to touch operations may be provided through the display 194. In other embodiments, the touch sensor 180K may also be disposed on the surface of the terminal device 100 at a different location than the display 194.
The bone conduction sensor 180M may acquire a vibration signal. In some embodiments, bone conduction sensor 180M may acquire a vibration signal of a human vocal tract vibrating bone pieces. The bone conduction sensor 180M may also contact the pulse of the human body to receive the blood pressure pulsation signal. In some embodiments, bone conduction sensor 180M may also be provided in a headset, in combination with an osteoinductive headset. The audio module 170 may parse out a voice signal based on the vibration signal of the vocal part vibration bone piece obtained by the bone conduction sensor 180M, and implement a voice function. The application processor can analyze heart rate information based on the blood pressure beat signals acquired by the bone conduction sensor 180M, so that a heart rate detection function is realized.
The keys 190 include a power-on key, a volume key, etc. The keys 190 may be mechanical keys. Or may be a touch key. The terminal device 100 may receive key inputs, generating key signal inputs related to user settings and function controls of the terminal device 100.
The motor 191 may generate a vibration cue. The motor 191 may be used for incoming call vibration alerting as well as for touch vibration feedback. For example, touch operations acting on different applications (e.g., photographing, audio playing, etc.) may correspond to different vibration feedback effects. The motor 191 may also correspond to different vibration feedback effects by touching different areas of the display screen 194. Different application scenarios (such as time reminding, receiving information, alarm clock, game, etc.) can also correspond to different vibration feedback effects. The touch vibration feedback effect may also support customization.
The indicator 192 may be an indicator light, may be used to indicate a state of charge, a change in charge, a message indicating a missed call, a notification, etc.
The SIM card interface 195 is used to connect a SIM card. The SIM card may be contacted and separated from the terminal apparatus 100 by being inserted into the SIM card interface 195 or by being withdrawn from the SIM card interface 195. The terminal device 100 may support 1 or N SIM card interfaces, N being a positive integer greater than 1. The SIM card interface 195 may support Nano SIM cards, micro SIM cards, and the like. The same SIM card interface 195 may be used to insert multiple cards simultaneously. The types of the plurality of cards may be the same or different. The SIM card interface 195 may also be compatible with different types of SIM cards. The SIM card interface 195 may also be compatible with external memory cards. The terminal device 100 interacts with the network through the SIM card to realize functions such as call and data communication. In some embodiments, the terminal device 100 employs esims, namely: an embedded SIM card. The eSIM card can be embedded in the terminal device 100 and cannot be separated from the terminal device 100.
The software system of the terminal device 100 may employ a layered architecture, an event driven architecture, a micro-core architecture, a micro-service architecture, or a cloud architecture, etc. In the embodiment of the application, taking an Android system with a layered architecture as an example, a software structure of the terminal device 100 is illustrated.
Fig. 2 is a software configuration block diagram of the terminal device 100 of the embodiment of the present application.
The layered architecture divides the software into several layers, each with distinct roles and branches. The layers communicate with each other through a software interface. In some embodiments, the Android system is divided into four layers, from top to bottom, an application layer, an application framework layer, an Zhuoyun rows (Android runtime) and system libraries, and a kernel layer, respectively.
The application layer may include a series of application packages.
As shown in fig. 2, the application package may include camera, calendar, phone, map, phone, music, settings, mailbox, video, social, etc. applications.
The application framework layer provides an application programming interface (application programming interface, API) and programming framework for the application of the application layer. The application framework layer includes a number of predefined functions.
As shown in FIG. 2, the application framework layer may include a window manager, a content provider, a resource manager, a view system, a notification manager, and the like.
The window manager is used for managing window programs. The window manager may obtain the display screen size, determine if there is a status bar, lock the screen, touch the screen, drag the screen, intercept the screen, etc.
The content provider is used to store and retrieve data and make such data accessible to applications. The data may include video, images, audio, calls made and received, browsing history and bookmarks, phonebooks, etc.
The view system includes visual controls, such as controls to display text, controls to display pictures, and the like. The view system may be used to build applications. The display interface may be composed of one or more views. For example, a display interface including a text message notification icon may include a view displaying text and a view displaying a picture.
The resource manager provides various resources for the application program, such as localization strings, icons, pictures, layout files, video files, and the like.
The notification manager allows the application to display notification information in a status bar, can be used to communicate notification type messages, can automatically disappear after a short dwell, and does not require user interaction. Such as notification manager is used to inform that the download is complete, message alerts, etc. The notification manager may also be a notification in the form of a chart or scroll bar text that appears on the system top status bar, such as a notification of a background running application, or a notification that appears on the screen in the form of a dialog window. For example, a text message is prompted in a status bar, a prompt tone is emitted, the terminal equipment vibrates, and an indicator light blinks.
Android runtime include core libraries and virtual machines. Android runtime is responsible for scheduling and management of the android system.
The core library consists of two parts: one part is a function which needs to be called by java language, and the other part is a core library of android.
The application layer and the application framework layer run in a virtual machine. The virtual machine executes java files of the application program layer and the application program framework layer as binary files. The virtual machine is used for executing the functions of object life cycle management, stack management, thread management, security and exception management, garbage collection and the like.
The system library may include a plurality of functional modules. For example: surface manager (surface manager), media Libraries (Media Libraries), three-dimensional graphics processing Libraries (e.g., openGL ES), 2D graphics engines (e.g., SGL), etc.
The surface manager is used to manage the display subsystem and provides a fusion of 2D and 3D layers for multiple applications.
Media libraries support a variety of commonly used audio, video format playback and recording, still image files, and the like. The media library may support a variety of audio and video encoding formats, such as MPEG4, h.264, MP3, AAC, AMR, JPG, PNG, etc.
The three-dimensional graphic processing library is used for realizing three-dimensional graphic drawing, image rendering, synthesis, layer processing and the like.
The 2D graphics engine is a drawing engine for 2D drawing.
The kernel layer is a layer between hardware and software. The inner core layer at least comprises a display driver, a camera driver, an audio driver and a sensor driver.
The following describes in detail an operation procedure of the split screen setting of the application function and a display procedure of the split screen function interface in the application program provided by the embodiment of the application with reference to the accompanying drawings. It should be noted that "at … …" in the embodiment of the present application may be an instant when a certain situation occurs, or may be a period of time after a certain situation occurs, which is not particularly limited in the embodiment of the present application.
At present, many terminal devices with transaction payment function are provided with embedded security modules (embedded secure element, eSE), which is a security module and is mainly responsible for the work of data security storage, data encryption and the like of the terminal devices, and the security performance of the eSE is higher. Auxiliary security domains (supplementary security domain, SSDs) may be provided in the eSE, and an Applet (Applet) may be installed in each SSD. The terminal device can pay through the Applet to realize the mobile payment function.
When the Applet of the bank card is added in the terminal equipment, the SSD creation interface can be called by a wallet App in the terminal equipment, so that the SSD is created in an eSE of the terminal equipment, and then the Applet of the bank card is added in the created SSD.
However, if an arbitrary application program can operate SSD in the eSE, the security of the eSE of the terminal device is lowered. In order to solve the technical problems, in the solution provided by the present disclosure, when an application program operates an SSD in an eSE, a server is required to check the application program, and after the verification is passed, the application program can operate the SSD of the eSE, thereby improving the security performance of the eSE of the terminal device.
Fig. 3 is a block diagram of a terminal device according to an exemplary embodiment of the present disclosure.
As shown in fig. 3, an application, FWK (Framework), and eSE can be set in the terminal device. The application can operate the eSE through the functions provided by the FWK, thereby creating or deleting the SSD therein.
The FWK may provide an SSD creation interface that the application may call to create the SSD in the eSE. FWK can provide SSD deletion interface, application program can call the interface, and then delete SSD in eSE
FIG. 4 is a schematic diagram of an interface shown in an exemplary embodiment of the present disclosure.
An application may be provided in the terminal device, which application has a payment function, for example, a digital rmb wallet. The user can operate the terminal device to run an application program having a payment function. The application can create an SSD in the eSE of the terminal device and can also install an Applet in the SSD.
The user can operate the application in the terminal device so that the application displays an interface as shown in fig. 4, thereby operating therein so that the application installs an Applet in the terminal device.
As shown in fig. 4 (a), an interface for installing an Applet is provided in the application, and the user may click a key for opening an offline wallet, thereby transmitting an instruction for installing the Applet to the application.
After receiving the instruction for installing the Applet, the application program can call an SSD creation interface provided by the FWK, thereby creating an SSD in the eSE, and then installing the Applet in the created SSD.
In order to improve the security of the eSE, when the application program calls the SSD creation interface, the FWK may further send a verification request to the server, and the server may verify information in the verification request based on the request, where the information may specifically be information of the application program, so that the server may verify the authority of the application program. If the verification is passed, the FWK can create an SSD in the eSE, and further enable the application to install an Applet in the SSD. If the verification is not passed, the FWK cannot create an SSD in the eSE, and further the application cannot install an Applet in the SSD.
The terminal device may display an interface as shown in fig. 4 (b) in waiting for a server feedback message, and creating an SSD, installing an Applet.
FIG. 5 is a schematic diagram of an interface showing the success of Applet installation in an exemplary embodiment of the present disclosure.
After the Applet is installed successfully, the terminal device may display an interface schematic diagram as shown in fig. 5, and the Applet is schematically illustrated in fig. 5 as an offline wallet. The method can display a plurality of information such as the name, the card number, the balance and the like of the offline wallet. A message that the offline wallet is successfully opened may also be displayed.
The interface of the off-line wallet is also provided with a turn-in button and a turn-out button, and a user can click the turn-in button or the turn-out button, so that a certain amount of digital RMB is turned into the off-line wallet or turned out from the off-line wallet.
FIG. 6 is an interface diagram illustrating Applet installation failure in accordance with an exemplary embodiment of the present disclosure.
In a case where there may be a case where installation of the Applet fails, for example, if the server feeds back a message that the verification fails, the FWK cannot create the SSD, in which case the application may display an interface as shown in fig. 6, prompting the user that the offline wallet creation fails.
Fig. 7 is a device interaction diagram illustrating a first exemplary embodiment of the present disclosure.
As shown in fig. 7, the user may operate the application of the terminal device, click a button to install an Applet, for example, may click a button to "create an offline wallet" in the application, and further, for example, may click a button to "open card" in the application.
After receiving the instruction to install the Applet, the application may send an SSD creation request to the FWK of the terminal device. The FWK can provide an SSD creation interface that can be invoked by an application after receiving an instruction to install an Applet, such that the FWK creates an SSD in the eSE for the application.
In order to avoid that any application program can create an SSD in the eSE through the FWK, the FWK can also send a verification request to the server, wherein the verification request can carry information of the application program, so that the server can verify the authority of the application program.
In an alternative embodiment, before the FWK sends the verification request to the server, it may also be determined whether the application is in the white list, and if so, the FWK of the terminal device may send the verification request to the server. If not, the FWK of the terminal equipment refuses the SSD creating request of the application program, and the information of the offline wallet creating failure can be displayed in the application program interface.
The private key of the application program can be set in the terminal equipment, and the public key of the application program is set in the server. So that the rights of the application can be verified in accordance with the asymmetric encryption.
The FWK may obtain a private key of the application and use the private key to generate signature data. For example, information of an application may be obtained and signed with a private key of the application to obtain signature data. For example, an application identifier, a security domain identifier corresponding to an installed Applet, and a timestamp may be spliced to obtain a character string, and then the character string is signed by using a private key to obtain signature data. For another example, an identifier of the application may be obtained, and the identifier may be signed with a private key of the application to obtain signature data.
And may be set in an encryption algorithm corresponding to the application program, for example, signature data may be generated based on sm2 (an encryption algorithm) algorithm.
A security domain identifier may be set for each Applet, for example, when creating an SSD for the first Applet, the identifier of the SSD is the first SSD AID, and the security domain identifier of the first Applet is the first SSD AID.
Further, the same application may correspond to multiple security domain identities. For example, if N applets can be installed by one application, N security domain identifiers corresponding to the application are set in the server. One security domain identification corresponds to one Applet.
In practical application, different application programs may also correspond to the same security domain identifier, for example, a first Applet may be installed through application program a, and the first Applet may also be installed through application program B, where application program a may correspond to the security domain identifier of the first Applet, and application program B may also correspond to the security domain identifier of the first Applet.
After the FWK generates the signature data, a verification request may be sent to the server, where the verification request may include the signature data. The server can acquire the public key of the application program, further verify the signature data, and if the verification is passed, the server can send passing information to the FWK, so that the FWK creates SSD for the application program.
Specifically, the verification request may further include content such as an application program identifier, a security domain identifier, a timestamp, and the like. For example, if the application a sends a create SSD request to the FWK, the FWK obtains the private key of the application a and generates signature data. And then the identification of the application program A, the security domain identification corresponding to the Applet which needs to be installed currently, the timestamp and the signature data are sent to a server.
After receiving the verification request, the server can acquire the application program identifier in the verification request, and then acquire the public key according to the application program identifier. The server side may store public keys corresponding to applications, e.g., application a and application B have the right to create an SSD in the eSE, and the server may store public keys corresponding to applications a and B.
Further, the server may verify the signature data included in the verification request by using the obtained public key, and if the signature data is successfully decrypted by using the public key, it may be determined that the signature data is generated by using the private key of the application program, and further it is determined that the verification of the signature data is passed, for example, an encryption algorithm may be preset, and the signature data may be decrypted based on the preset encryption algorithm, where the preset encryption algorithm may be, for example, sm2 algorithm.
In another embodiment, the server also stores an encryption algorithm corresponding to the application program. In this embodiment, after receiving the verification request, the server may further obtain an encryption algorithm according to the application identifier, and further decrypt the signature data using the public key of the application based on the encryption algorithm, thereby verifying the signature data.
For example, the encryption algorithm corresponding to the application program a is sm2, and the encryption algorithm corresponding to the application program B is RSA2048. If the application program identifier included in the verification request is the identifier of the program a, the encryption algorithm acquired by the server is sm2.
In an alternative embodiment, the server may store a plurality of encryption algorithms corresponding to the same application. The encryption algorithm may be specifically selected according to the region where the terminal device is located. For example, the server may determine the region where the terminal device is located according to the IP address when the terminal device sends the verification information, and then select the region according to a plurality of encryption algorithms corresponding to the terminal device. For example, the encryption algorithms corresponding to the application program a are sm2 and RSA2048, where the sm2 algorithm may be selected when the area where the terminal device is located is a first area, and the RSA2048 algorithm may be selected when the area where the terminal device is located is a second area.
The embodiment is particularly suitable for a scene that all terminal equipment in multiple regions can send verification information to a server, for example, a first terminal in a first region can send the verification information to the server, and when the first terminal generates signature data, an encryption algorithm corresponding to the first region is used; the second terminal located in the second area may also send the verification information to the server, and when the second terminal generates the signature data, an encryption algorithm corresponding to the second area is used. In this scenario, the server may select an encryption algorithm corresponding to the region according to the region where the terminal device is located.
The first area may refer to a region where the first type of country is located, and the second area may refer to a region where the second type of country is located.
The above embodiments are exemplified by two areas, but of course, encryption algorithms corresponding to more areas may be set, and the processing procedure is the same as that of the encryption algorithm corresponding to the two areas, which is not described again.
In an alternative embodiment, if the server checks the signature data successfully, the server may send information that the verification passes to the FWK of the terminal device. In this embodiment, the verification request sent by the FWK to the server includes signature data and an application identifier.
In practical application, the server can also store the security domain identification corresponding to the application program. The server can obtain the security domain identification corresponding to the application program according to the application program identification in the verification request. And then the acquired security domain identification can be compared with the security domain identification in the verification request, and if the comparison is consistent, the verification of the security domain identification can be determined to pass.
In an alternative implementation manner, if the verification of the signature data by the server is successful and the verification of the security domain identifier by the server is also passed, the server may send information that the verification passes to the FWK of the terminal device. In this embodiment, the verification request sent by the FWK to the server includes signature data and an application identifier, and further includes a security domain identifier.
The verification request sent by the FWK to the server may further include a time stamp, when the server verifies, the server may acquire the current time and compare the current time with the time stamp, and if the time interval between the current time and the time stamp is smaller than the preset interval, it is determined that the time verification passes. In this embodiment, the server can be prevented from repeatedly transmitting the verification-passed information to the FWK.
In an alternative implementation manner, if the server checks the signature data successfully, and the server checks the security domain identifier, and checks the time, the server may send information of the passing of the check to the FWK of the terminal device. In this embodiment, the verification request sent by the FWK to the server includes signature data and an application program identifier, and also includes a security domain identifier and a timestamp.
Specifically, the application identifier may be an application package name.
If the server passes the verification of the verification request, information of passing the verification can be sent to the FWK, and the information can comprise a security domain installation script. After the verification of the verification request by the server is passed, the security domain installation script can be obtained and sent to the FWK of the terminal device.
Further, the server may obtain the corresponding security domain installation script according to the security domain identifier in the verification request. And the corresponding security domain installation script can be obtained according to the Applet which is required to be installed currently.
When actually applied, after the FWK receives the security domain installation script, the security domain installation script may be executed, thereby creating an SSD in the eSE. The eSE can send creation results, such as the result of SSD creation success, to the FWK, and for example, the result of SSD creation failure. The FWK may also forward SSD creation results to the application.
In an alternative implementation manner, the terminal device and the application program may agree in advance on a generation manner of the initial key, and when creating the SSD in the eSE of the terminal device, the terminal device may also generate the initial key for the SSD according to the agreed manner.
If creating the SSD in the eSE is successful, the eSE can send the result of the SSD creation success to the FWK, which can forward the result of the SSD creation success to the application. If the application program receives the result of successful SSD creation, the application program can generate an initial secret key according to a preset mode, and then the SSD created by the initial secret key operation can be utilized.
The application program can modify the secret key of the SSD by using the initial secret key, so that the created SSD is safer, and the safety of the SSD is further improved. The application may operate the SSD based on the modified key.
The application may also install an Applet in the SSD. The application program may specifically download an Applet and then add it to the created SSD. If the Applet is successfully installed in the SSD, the eSE can also send a message to the application that the Applet was successfully installed.
After the Applet is successfully installed in the SSD, the application may also send a card add request to the FWK to add a card corresponding to the Applet in the FWK. After the FWK receives the card addition request, the card may be added in the hardware wallet and the addition result is transmitted to the application program. For example, the card adds a successful message.
Fig. 8 is a device interaction diagram illustrating a second exemplary embodiment of the present disclosure.
As shown in fig. 8, the user may operate the application of the terminal device, click a button to delete an Applet, for example, may click a button to delete an offline wallet in the application, and further, for example, may click a button to delete a card in the application.
After receiving the instruction for deleting the Applet, the application program may send an SSD delete request to the FWK of the terminal device. The FWK can provide an SSD deletion interface, and after receiving an instruction to delete the Applet, the application program can call the SSD deletion interface, so that the FWK can delete the SSD in the eSE.
In order to avoid that any application program can delete SSD in eSE through FWK, FWK can also send verification request to server, and the verification request can carry information of application program, so that server verifies authority of the application program.
In an alternative embodiment, before the FWK sends the verification request to the server, it may also be determined whether the application is in the white list, and if so, the FWK of the terminal device may send the verification request to the server. If not, the FWK of the terminal equipment refuses the SSD deleting request of the application program, and the information of the offline wallet deleting failure can be displayed in the application program interface.
The private key of the application program can be set in the terminal equipment, and the public key of the application program is set in the server. So that the rights of the application can be verified in accordance with the asymmetric encryption.
The FWK may obtain a private key of the application and use the private key to generate signature data. For example, information of an application may be obtained and signed with a private key of the application to obtain signature data. For example, the application identifier, the security domain identifier corresponding to the deleted Applet, and the timestamp may be spliced to obtain a character string, and then the character string is signed by using the private key to obtain signature data. For another example, an identifier of the application may be obtained, and the identifier may be signed with a private key of the application to obtain signature data.
And may be set in an encryption algorithm corresponding to the application program, for example, signature data may be generated based on sm2 (an encryption algorithm) algorithm.
A security domain identifier may be set for each Applet, for example, a security domain identifier corresponding to the first Apple is a first SSD AID.
Further, the same application may correspond to multiple security domain identities. For example, if N applets can be installed by one application, N security domain identifiers corresponding to the application are set in the server. One security domain identification corresponds to one Applet.
In practical application, different application programs may also correspond to the same security domain identifier, for example, the application program a may delete the first Applet, and the application program B may also delete the first Applet, so that the application program a may correspond to the security domain identifier of the first Applet, and the application program B may also correspond to the security domain identifier of the first Applet.
After the FWK generates the signature data, a verification request may be sent to the server, where the verification request may include the signature data. The server can acquire the public key of the application program, further verify the signature data, and if the verification is passed, the server can send the passing information to the FWK, so that the FWK deletes the corresponding SSD in the eSE.
Specifically, the verification request may further include content such as an application program identifier, a security domain identifier, a timestamp, and the like. For example, if the application a sends a delete SSD request to the FWK, the FWK obtains the private key of the application a and generates signature data. And then the identification of the application program A, the security domain identification corresponding to the Applet needing to be deleted currently, the timestamp and the signature data are sent to a server.
After receiving the verification request, the server can acquire the application program identifier in the verification request, and then acquire the public key according to the application program identifier. The server side may store public keys corresponding to applications, for example, application a and application B have authority to delete SSD in eSE, and the server may store public keys corresponding to applications a and B.
Further, the server may verify the signature data included in the verification request by using the obtained public key, and if the signature data is successfully decrypted by using the public key, it may be determined that the signature data is generated by using the private key of the application program, and further it is determined that the verification of the signature data is passed, for example, an encryption algorithm may be preset, and the signature data may be decrypted based on the preset encryption algorithm, where the preset encryption algorithm may be, for example, sm2 algorithm.
In another embodiment, the server also stores an encryption algorithm corresponding to the application program. In this embodiment, after receiving the verification request, the server may further obtain an encryption algorithm according to the application identifier, and further decrypt the signature data using the public key of the application based on the encryption algorithm, thereby verifying the signature data.
For example, the encryption algorithm corresponding to the application program a is sm2, and the encryption algorithm corresponding to the application program B is RSA2048. If the application program identifier included in the verification request is the identifier of the program a, the encryption algorithm acquired by the server is sm2.
In an alternative embodiment, if the server checks the signature data successfully, the server may send information that the verification passes to the FWK of the terminal device. In this embodiment, the verification request sent by the FWK to the server includes signature data and an application identifier.
In practical application, the server can also store the security domain identification corresponding to the application program. The server can obtain the security domain identification corresponding to the application program according to the application program identification in the verification request. And then the acquired security domain identification can be compared with the security domain identification in the verification request, and if the comparison is consistent, the verification of the security domain identification can be determined to pass.
In an alternative implementation manner, if the verification of the signature data by the server is successful and the verification of the security domain identifier by the server is also passed, the server may send information that the verification passes to the FWK of the terminal device. In this embodiment, the verification request sent by the FWK to the server includes signature data and an application identifier, and further includes a security domain identifier.
The verification request sent by the FWK to the server may further include a time stamp, when the server verifies, the server may acquire the current time and compare the current time with the time stamp, and if the time interval between the current time and the time stamp is smaller than the preset interval, it is determined that the time verification passes. In this embodiment, the server can be prevented from repeatedly transmitting the verification-passed information to the FWK.
In an alternative implementation manner, if the server checks the signature data successfully, and the server checks the security domain identifier, and checks the time, the server may send information of the passing of the check to the FWK of the terminal device. In this embodiment, the verification request sent by the FWK to the server includes signature data and an application program identifier, and also includes a security domain identifier and a timestamp.
Specifically, the application identifier may be an application package name.
If the server passes the verification of the verification request, information of passing the verification can be sent to the FWK, and the information can comprise a security domain deleting script. After the verification of the verification request by the server is passed, the security domain deletion script can be obtained and sent to the FWK of the terminal device.
Further, the server may obtain the corresponding security domain deletion script according to the security domain identifier in the verification request. And acquiring a corresponding security domain deleting script according to the Applet which is required to be deleted currently.
In actual application, after the FWK receives the security domain deletion script, the security domain deletion script may be executed, so as to delete the SSD in the eSE. The eSE can send a deletion result, such as a result of SSD deletion success, to the FWK, and for example, a result of SSD deletion failure. The FWK may also forward SSD delete results to the application.
After the SSD is successfully deleted, the application program may also send a card deletion request to the FWK, thereby deleting the card corresponding to the Applet in the FWK. After the FWK receives the card deletion request, the card may be deleted in the hardware wallet and the deletion result is sent to the application. For example, the card deletes a successful message.
In an optional embodiment provided by the present disclosure, there is further provided an operation method of an applet, which is applied to a terminal device, where an embedded security module is provided in the terminal device, and the method includes:
In response to an operation of an applet in the application, sending verification information to the server, the verification information including application information;
if the server checks the checking information, the terminal equipment receives a script file sent by the server;
executing the script file operates an auxiliary security domain in the embedded security module, the auxiliary security domain being used to install the applet.
The user may operate an application, an applet of the application, for example, an applet may be added to the terminal device, or an applet may be deleted.
The terminal device receives the operation for operating the applet, and may generate verification information of the applet and send the verification information to the server. For example, the verification information may be generated using the private key of the application.
After the server receives the verification information, the verification information can be verified, and if the verification is passed, the server confirms that the application program in the terminal equipment has operation authority, so that the script file can be fed back to the terminal equipment. For example, if the operation of the user is an operation of adding an applet, the server may transmit a script file creating an SSD to the terminal device, and if the operation of the user is an operation of deleting an applet, the server may transmit a script file deleting an SSD to the terminal device.
After the terminal device receives the script file, the corresponding script file can be executed, so as to operate the SSD in the eSE. For example, an SSD may be created in the eSE, and for another example, the SSD may be deleted in the eSE.
In this way, when the application program operates the eSE of the terminal device, the terminal device sends the verification information to the server, so that after the verification of the application program is passed, the terminal device operates the eSE again, and the safety of the eSE is improved.
In an alternative embodiment provided by the present disclosure, there is also provided a method for operating an applet, including:
The terminal equipment receives an operation instruction of an applet in the application program and sends verification information to a server;
The server checks the check information, and if the check is passed, a script file is sent to the terminal equipment;
The terminal equipment executes the script file to operate an auxiliary security domain in the embedded security module, wherein the auxiliary security domain is used for installing the applet; the terminal equipment is internally provided with the operation embedded type safety module.
In this way, when the application program operates the eSE of the terminal device, the terminal device sends the verification information to the server, so that after the verification of the application program is passed, the terminal device operates the eSE again, and the safety of the eSE is improved.
In a possible implementation manner, the computer-executed instructions in the embodiment of the present application may also be referred to as application program code, which is not limited in particular by the embodiment of the present application.
Optionally, fig. 9 includes a schematic diagram of a hardware structure of an operating device of the applet provided by the memory 901, including the memory 901, the processor 902, the interface circuit 903 and the display 904, and the interface circuit 903 may also include a transmitter and/or a receiver. Alternatively, the processor 902 may include one or more CPUs, and may be other general purpose processors, digital signal processors (DIGITAL SIGNAL processor, DSP), application Specific Integrated Circuits (ASIC), and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present application may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in a processor for execution.
The embodiment of the application also provides a computer readable storage medium. The methods described in the above embodiments may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. If implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer readable media can include computer storage media and communication media and can include any medium that can transfer a computer program from one place to another. The storage media may be any target media that is accessible by a computer.
In one possible implementation, the computer readable medium may include RAM, ROM, a compact disk-read only memory (CD-ROM) or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium targeted for carrying or storing the desired program code in the form of instructions or data structures and accessible by a computer. Also, any connection is properly termed a computer-readable medium. For example, if the software is transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, digital subscriber line (Digital Subscriber Line, DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. Disk and disc, as used herein, includes optical disc, laser disc, optical disc, digital versatile disc (DIGITAL VERSATILE DISC, DVD), floppy disk and blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processing unit of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processing unit of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing detailed description of the invention has been presented for purposes of illustration and description, and it should be understood that the foregoing is by way of illustration and description only, and is not intended to limit the scope of the invention.

Claims (14)

1. An operating method of an applet applied to a terminal device, wherein an embedded security module and a framework are provided in the terminal device, the method comprising:
Transmitting verification information to a server in response to an operation in an application program, wherein the verification information comprises application program information;
if the server checks the checking information, the terminal equipment receives a script file sent by the server;
When the operation is an installation operation, the script file is a security domain installation script, and the framework executes the security domain installation script to create an auxiliary security domain in the embedded security module; the auxiliary security domain is used for installing the applet;
When the operation is a deletion operation, the script file is a security domain deletion script; the framework executes the security domain deleting script to delete the auxiliary security domain in the embedded security module, wherein the auxiliary security domain is provided with the applet;
the response to the operation in the application program sends verification information to the server, including:
The application program receives the operation of the applet in the application program and sends a security domain operation request to the framework;
The framework acquires a security domain identifier and a private key of the application program, wherein the security domain identifier corresponds to the applet program;
the framework generates signature data according to the private key and sends the verification information to the server, wherein the verification information comprises the application program information and first time information, and the application program information comprises the signature data and the security domain identification.
2. The method of claim 1, wherein if the operation is a mounting operation, the method further comprises:
if the applet is successfully installed in the auxiliary security domain, displaying an interface of successful applet installation;
And if the creation of the auxiliary security domain in the embedded security module fails or the installation of the applet in the auxiliary security domain fails, displaying an interface of the applet installation failure.
3. The method of claim 1, wherein if the operation is a delete operation, the method further comprises:
if the auxiliary security domain is successfully deleted, displaying an interface of successful deletion of the applet;
And if the deletion of the auxiliary security domain fails, displaying an interface of the deletion failure of the applet.
4. The method of claim 1, wherein the verification information verifies if the following conditions are met:
The server checks the signature data by using the public key of the application program, determines that the security domain identifier in the application program information corresponds to the application program, and the time interval between the second time information and the first time information acquired by the server is smaller than a preset interval.
5. The method of claim 4, wherein the server has stored therein a plurality of encryption algorithms corresponding to the application program;
And the server verifies the signature data by using the public key of the application program based on a target encryption algorithm, wherein the target encryption algorithm is determined in a plurality of encryption algorithms according to the regional information of the terminal equipment.
6. A method according to any one of claim 1 to 3, wherein,
The method further comprises the steps of: the application installs the applet in the auxiliary security domain.
7. The method of claim 6, wherein the framework executing the security domain installation script after creating the auxiliary security domain in the embedded security module further comprises:
The embedded security module sends a security domain creation result to the framework, and the framework forwards the security domain creation result to the application program;
The application installing the applet in the auxiliary security domain comprises:
and if the security domain creation result represents that the security domain creation is successful, the application program installs the applet in the created auxiliary security domain.
8. The method of claim 7, wherein the application installs the applet in the created auxiliary security domain, comprising:
The application downloads the applet and adds the applet in the auxiliary security domain.
9. A method of operating an applet, comprising:
the terminal equipment receives an operation instruction in the application program and sends verification information to the server;
The server checks the check information, and if the check is passed, a script file is sent to the terminal equipment;
the terminal equipment executes the script file to operate an auxiliary security domain in the embedded security module, wherein the auxiliary security domain is used for installing the applet; the terminal equipment is internally provided with the operation embedded type safety module;
The terminal equipment is internally provided with a frame; when the operation is an installation operation, the script file is a security domain installation script;
The terminal device executing the script file operates an auxiliary security domain in the embedded security module, including:
The framework executes the security domain installation script to create the auxiliary security domain in the embedded security module;
When the operation is a deletion operation, the script file is a security domain deletion script;
The terminal device executing the script file operates an auxiliary security domain in the embedded security module, including:
the framework executes the security domain deleting script to delete the auxiliary security domain in the embedded security module, wherein the auxiliary security domain is provided with the applet;
The terminal equipment receives an operation instruction in an application program and sends verification information to a server, and the method comprises the following steps: the application program receives the operation of the small application program in the application program and sends a security domain operation request to the framework; the framework acquires a security domain identifier and a private key of the application program, wherein the security domain identifier corresponds to the applet program; the framework generates signature data according to the private key and sends the verification information to the server, wherein the verification information comprises the application program information and first time information, and the application program information comprises the signature data and the security domain identification.
10. The method of claim 9, wherein the verification information includes application information and first time information, and the application information includes signature data and a security domain identifier.
11. An electronic device, comprising: for performing the method of any one of claims 1-10.
12. An electronic device, comprising: a processor for invoking a program in memory to perform the steps of processing in the method of any of claims 1-10, and a display for performing the steps of displaying in the method of any of claims 1-10.
13. An electronic device, comprising: a processor for communicating with other devices, a display for performing the steps of the process of any of claims 1-10, and an interface circuit for performing the steps of the process of any of claims 1-10.
14. A computer readable storage medium storing instructions that, when executed, cause a computer to perform the method of any one of claims 1-10.
CN202310072380.9A 2021-11-19 2021-11-19 Method for operating applet and electronic device Active CN116305093B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310072380.9A CN116305093B (en) 2021-11-19 2021-11-19 Method for operating applet and electronic device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202310072380.9A CN116305093B (en) 2021-11-19 2021-11-19 Method for operating applet and electronic device
CN202111376151.3A CN115017498B (en) 2021-11-19 2021-11-19 Method for operating applet and electronic device

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN202111376151.3A Division CN115017498B (en) 2021-11-19 2021-11-19 Method for operating applet and electronic device

Publications (2)

Publication Number Publication Date
CN116305093A CN116305093A (en) 2023-06-23
CN116305093B true CN116305093B (en) 2024-06-18

Family

ID=83064409

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202310072380.9A Active CN116305093B (en) 2021-11-19 2021-11-19 Method for operating applet and electronic device
CN202111376151.3A Active CN115017498B (en) 2021-11-19 2021-11-19 Method for operating applet and electronic device

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN202111376151.3A Active CN115017498B (en) 2021-11-19 2021-11-19 Method for operating applet and electronic device

Country Status (1)

Country Link
CN (2) CN116305093B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116305093B (en) * 2021-11-19 2024-06-18 荣耀终端有限公司 Method for operating applet and electronic device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115017498B (en) * 2021-11-19 2023-02-28 荣耀终端有限公司 Method for operating applet and electronic device

Family Cites Families (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102333296A (en) * 2011-05-24 2012-01-25 中国联合网络通信集团有限公司 NFC (near field communication) flight service platform as well as method and system for providing flight service
CN102236568A (en) * 2011-07-13 2011-11-09 中国联合网络通信集团有限公司 Method, device and system for downloading Java card application
WO2014186559A2 (en) * 2013-05-15 2014-11-20 Jerome Svigals Advanced data security solutions
US8806603B2 (en) * 2012-04-11 2014-08-12 Jerome Svigals Dual device system for secure transactions
JP5910297B2 (en) * 2012-01-17 2016-04-27 ソニー株式会社 Information processing apparatus, IC chip, information processing method, program, and information processing system
CN102831468A (en) * 2012-08-06 2012-12-19 中国移动通信集团江苏有限公司 Intelligent card chip of mobile terminal as well as initialization and use method thereof
EP2698756B1 (en) * 2012-08-13 2016-01-06 Nxp B.V. Local Trusted Service Manager
FR3002398B1 (en) * 2013-02-18 2015-04-03 Oberthur Technologies METHOD OF CREATING A PROFILE IN A SECURITY DOMAIN OF A SECURE ELEMENT
FR3003421B1 (en) * 2013-03-12 2015-04-03 Oberthur Technologies SYSTEM AND METHOD FOR EMERGENCY CALL
DE102013013179A1 (en) * 2013-08-07 2015-02-12 Giesecke & Devrient Gmbh Method for operating a security element
JP6265732B2 (en) * 2013-12-25 2018-01-24 キヤノン株式会社 Management device, control method and program for management device
US9483249B2 (en) * 2014-01-06 2016-11-01 Apple Inc. On-board applet migration
CN104008351B (en) * 2014-05-06 2017-03-15 武汉天喻信息产业股份有限公司 Window application completeness check system, method and device
US9934014B2 (en) * 2014-08-22 2018-04-03 Apple Inc. Automatic purposed-application creation
KR20160058375A (en) * 2014-11-14 2016-05-25 삼성전자주식회사 A Protected Communication with an Embedded Secure Element
US10044510B2 (en) * 2015-02-17 2018-08-07 Samsung Electronics Co., Ltd Storing and using data with secure circuitry
CN105991602A (en) * 2015-02-26 2016-10-05 北京神州泰岳信息安全技术有限公司 Data access method and data access system
US20160253666A1 (en) * 2015-02-27 2016-09-01 Samsung Electronics Co., Ltd. Method and device for controlling payment function
CN105187447B (en) * 2015-09-30 2018-06-08 成都汇合乾元科技有限公司 A kind of terminal security login method
KR102651522B1 (en) * 2016-01-13 2024-03-28 삼성전자주식회사 Payment processing method and electronic device supporting the same
CN107480518A (en) * 2016-06-07 2017-12-15 华为终端(东莞)有限公司 A kind of white list updating method and device
CN106228090B (en) * 2016-07-28 2019-02-05 飞天诚信科技股份有限公司 A kind of how main security domain Java smart card and its implementation
CN106658474B (en) * 2016-10-31 2019-11-19 上海路随通信科技有限公司 SIM card data security protection method is realized using embedded-type security element
CN106685931B (en) * 2016-12-07 2020-01-14 深圳市久和久科技有限公司 Smart card application management method and system, terminal and smart card
EP3555828A4 (en) * 2016-12-19 2020-05-27 Xard Group Pty Ltd Digital transaction apparatus, system, and method with a virtual companion card
CN107257328A (en) * 2017-05-26 2017-10-17 深圳市金立通信设备有限公司 A kind of safety of payment dispositions method, system, terminal and proof of identity method
CN110209339B (en) * 2018-02-28 2022-04-29 华为终端有限公司 Management method of storage space, secure element and terminal
CN111191213B (en) * 2018-11-14 2023-11-10 华为终端有限公司 Method for deleting security service and electronic equipment
CN111199039B (en) * 2018-11-20 2023-02-28 成都鼎桥通信技术有限公司 Application security verification method and device and terminal equipment
CN111404706B (en) * 2019-01-02 2023-05-09 中国移动通信有限公司研究院 Application downloading method, secure element, client device and service management device
CN110532441A (en) * 2019-08-23 2019-12-03 广州医科大学 A kind of electronic component wisdom management method and its system
CN111144878B (en) * 2019-12-16 2024-04-19 无锡融卡科技有限公司 Instruction generation method and instruction generation device
CN112698846B (en) * 2020-12-30 2024-04-09 麒麟软件有限公司 Method and system for automatically installing patches in Linux system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115017498B (en) * 2021-11-19 2023-02-28 荣耀终端有限公司 Method for operating applet and electronic device

Also Published As

Publication number Publication date
CN116305093A (en) 2023-06-23
CN115017498B (en) 2023-02-28
CN115017498A (en) 2022-09-06

Similar Documents

Publication Publication Date Title
CN111191213B (en) Method for deleting security service and electronic equipment
CN114040242B (en) Screen projection method, electronic equipment and storage medium
CN113254409B (en) File sharing method, system and related equipment
CN114553814B (en) Method and device for processing push message
US12032938B2 (en) Plug-in installation method, apparatus, and storage medium
CN114817939A (en) Authority control method and electronic equipment
CN114827098B (en) Method, device, electronic equipment and readable storage medium for taking photo
CN115914461B (en) Position relation identification method and electronic equipment
CN116305093B (en) Method for operating applet and electronic device
CN116095224B (en) Notification display method and terminal device
CN116321106A (en) Method and device for updating system data of user identity recognition module card
CN116486500B (en) Mail sending method and electronic equipment
CN114691248B (en) Method, device, equipment and readable storage medium for displaying virtual reality interface
CN114828098B (en) Data transmission method and electronic equipment
CN113645595B (en) Equipment interaction method and device
CN117425227A (en) Method and device for establishing session based on WiFi direct connection
CN116527266A (en) Data aggregation method and related equipment
CN116029716A (en) Remote payment method, electronic equipment and system
CN116414500A (en) Recording method, acquisition method and terminal equipment for operation guide information of electronic equipment
CN115016666B (en) Touch processing method, terminal equipment and storage medium
CN115460445B (en) Screen projection method of electronic equipment and electronic equipment
CN117390604B (en) Local authentication method and electronic equipment
CN114117458A (en) Key using method and related product
CN117251223A (en) Cloud function plug-in configuration and scheduling method, system and electronic equipment
CN118233891A (en) Device authentication method and device and electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant