CN107679858B - Mobile terminal and mobile payment method - Google Patents

Mobile terminal and mobile payment method Download PDF

Info

Publication number
CN107679858B
CN107679858B CN201710998316.8A CN201710998316A CN107679858B CN 107679858 B CN107679858 B CN 107679858B CN 201710998316 A CN201710998316 A CN 201710998316A CN 107679858 B CN107679858 B CN 107679858B
Authority
CN
China
Prior art keywords
application
file
management module
command
payment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710998316.8A
Other languages
Chinese (zh)
Other versions
CN107679858A (en
Inventor
范楠迪
周晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hengbao Co Ltd
Original Assignee
Hengbao Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hengbao Co Ltd filed Critical Hengbao Co Ltd
Priority to CN201710998316.8A priority Critical patent/CN107679858B/en
Publication of CN107679858A publication Critical patent/CN107679858A/en
Application granted granted Critical
Publication of CN107679858B publication Critical patent/CN107679858B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The application provides a mobile terminal, which supports an open system environment and a trusted execution environment which are isolated from each other, wherein a wallet payment application is operated in the trusted execution environment and comprises a communication management module, a file management module, a security management module and a command management module; the communication management module interacts with the open system environment through an APDU command-response pair; the command management module is connected with the communication management module and used for receiving the APDU command and returning the processing result of the APDU command; the safety management module and the file management module are connected with the command management module and are respectively used for managing safety authentication data and file data. When equipment in the application system is prevented from being transformed, the TEE environment isolates the equipment from open system data, and the security level of wallet payment application is improved.

Description

mobile terminal and mobile payment method
Technical Field
The application relates to the technical field of trusted execution environments, in particular to a mobile terminal and a mobile payment method.
Background
In the existing small payment fields of public transport, subway, supermarket and the like, a large amount of cards are used for card swiping consumption. And during payment, the payment system of the POS machine sends an APDU command to the operating system of the card, and the operating system processes the APDU command and then returns the processing result to the POS machine to finish the payment.
With the advance of mobile payment technology, the carrier of micropayment application is not limited to a card, and the payment application based on electronic equipment such as a mobile phone and a bracelet is gradually mature, but because the carrier of electronic equipment payment is no longer a physically isolated card, a new requirement is also put forward on safety.
based on the payment application of electronic equipment carriers such as mobile phones and the like, if the payment application is based on an open operating system, various risks such as mobile phone viruses, fishing, trojans and the like exist in the payment process, and in order to ensure safety, the payment application can be online in real time and keys can be updated, but the existing card payment is carried out in an offline state, so that the existing equipment systems such as buses and subways need to be modified, and the research and development and equipment replacement costs are high.
Disclosure of Invention
The application aims to provide the mobile terminal and the mobile payment method, so that the operation and maintenance cost is reduced, the expense management mode is simplified, and joint operation and large-area popularization and application are facilitated.
in order to achieve the above object, the present application provides a mobile terminal, where the mobile terminal supports an open system environment and a trusted execution environment that are isolated from each other, and a wallet payment application is run in the trusted execution environment, where the wallet payment application includes a communication management module, a file management module, a security management module, and a command management module; the communication management module interacts with the open system environment through an APDU command-response pair; the command management module is connected with the communication management module and used for receiving the APDU command and returning the processing result of the APDU command; the safety management module and the file management module are connected with the command management module and are respectively used for managing safety authentication data and file data.
as above, the file management module includes at least one application file, each application file corresponds to an application function of the mobile terminal, and different application files are isolated from each other; each application function has a unique application identifier, and the file name of an application file is the application identifier of the corresponding application function.
As above, wherein each application file includes at least one secondary file, different secondary files have respective offsets in the application file.
As above, wherein each secondary file has a file identification corresponding to its data source type.
As above, wherein, the command management module supports the APDU command set, the APDU command set includes the personalization command and the application command, and the application command includes the load command, the consumption command and the composite consumption command.
as above, the security management module includes a security attribute setting sub-module, a security status management sub-module, a cryptographic algorithm sub-module, a security authentication sub-module, and a transmission data protection sub-module.
The application also provides a mobile payment method, which is suitable for a mobile terminal, wherein the mobile terminal supports an open system environment and a trusted execution environment which are isolated from each other, and a wallet payment application is operated in the trusted execution environment, and the mobile payment method comprises the following steps: the trusted execution environment receives an APDU command from a payment application client of the open system environment; performing identity verification on the payment application client; and if the identity authentication is passed, calling a file in the wallet payment application, processing the APDU command, and returning a processing result to the payment application client.
The above, wherein the wallet payment application comprises at least one application file, each application file corresponding to an application function of the mobile terminal, each application file having a unique application identifier as a file name; wherein the APDU command comprises an application identifier of an application function needing to be opened; the wallet payment application invokes the corresponding application file according to the application identifier.
As above, wherein the processing the APDU command includes: the trusted execution environment copies the called application file to a cache of the trusted execution environment; processing the APDU command by using the application file in the cache; and before returning the processing result to the payment application client, writing the updated data in the processing process into a corresponding application file in the wallet payment application.
The above, wherein each application file comprises at least one secondary file, different secondary files having respective offsets in the application file; before the processing result is returned to the payment application client, the minimum updating offset of the secondary file in the application file is calculated, and the updated data in the processing process is written into the corresponding secondary file.
The beneficial effect that this application realized is as follows:
(1) the wallet payment application is fully compatible with file management requirements, safety protection requirements and command interface requirements of a card in the existing application system, operates in a trusted execution environment, avoids equipment (POS, gates and the like) in the application system from being transformed, and simultaneously, a TEE environment isolates the equipment from open system data, so that the safety level of the wallet payment application is improved.
(2) according to the application file security management method and device, the application identifiers of the application files are called, the situation that the unnecessary application files are opened is avoided, natural isolation is formed between the application files, and the safety of the application files is guaranteed.
(3) The method and the device copy the called application file to the cache of the trusted execution environment to process the APDU command, and improve the reading and writing speed of the file.
(4) According to the application, the application file is updated by adopting the minimum updating offset, so that the data processing speed is increased.
Drawings
in order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art according to the drawings.
fig. 1 is a block diagram of a mobile terminal according to an embodiment of the present application;
FIG. 2 is a block diagram of a wallet payment application according to an embodiment of the present application;
FIG. 3 is a block diagram of an application file according to an embodiment of the present application;
Fig. 4 is a flowchart of a mobile payment method provided in an embodiment of the present application;
fig. 5 is a schematic processing diagram of an APDU command according to an embodiment of the present application;
Fig. 6 is a flowchart of an initial phase and an activation phase of a wallet payment application provided by an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application are clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Example one
the present application provides a mobile terminal (such as a mobile phone, a bracelet, etc.), as shown in fig. 1, the mobile terminal supports an open system Environment 200 and a Trusted Execution Environment (TEE) 100 that are isolated from each other. The TEE is an independent security area on a main processor of the mobile terminal, is a security operating system coexisting with the existing mobile Operating System (OS), and provides security functions for a mobile OS environment through software and hardware isolation.
and a wallet payment application (TA) is run in the trusted execution environment, and programs and data of the wallet payment application TA are downloaded into the TEE environment and isolated from the open operating system. As shown in fig. 1, the wallet payment application TA includes a communication management module 110, a file management module 140, a security management module 130, and a command management module 120. The command management module 120 is connected to the communication management module 110, and the security management module 130 and the document management module 140 are connected to the command management module 120.
The communication management module 110 interacts with a payment application client CA (e.g. a payment application function such as POS, gate, card reader, etc.) in an open system environment through APDU command-response in the trusted execution environment TEE, and the mobile terminal and the open system environment serve as a transmission channel between the terminal and the wallet payment application TA. The APDU command-response pair includes a command APDU and a response APDU. After receiving the APDU command, the communication management module 110 checks the command format, and dispatches the command to the command management module 120 after the format is qualified. After the command is processed, the communication management module 110 returns a response to the payment application client CA.
according to its usage scenario, the command management module supports the APDU command set, which includes both personalized commands and application commands. Personalization commands include commands to create files, write keys, update files, update records, read files, read records, external authentication, and the like. The application commands comprise transaction commands such as earmark, consumption, composite consumption and the like.
An example of a command set for a wallet payment application TA is the following table:
The wallet payment application TA implements various command functions through the command management module 120. According to the usage scenario, the command functions are divided into two categories: personalization function, application function. Personalization functions including installing, deleting applications, creating files, loading keys for personalizing the initial data source of the payment application into the wallet payment application TA; the application functions comprise application selection, data updating, data reading, loading, consumption, composite consumption and the like, and are used for recharging, consumption and the like in a payment scene.
the file management module 140 is provided with at least one application file, each application file corresponds to an application function of the mobile terminal, and different application files are isolated from each other. Each application function has a unique Application Identifier (AID), and thus uses the application identifier as a filename of its application file. Due to the uniqueness of the application identifier, the wallet payment application TA then indexes, by file name, the application file to be accessed.
The wallet payment application TA creates an application file for each application, divides an area in the application file for its secondary file, and manages each secondary file in the application file in an offset manner. Fig. 2 shows a structure diagram of a wallet payment application, which includes application files of a plurality of applications such as a city cartoon application, a subway application, and the like. Fig. 3 shows the structure of an application file of "city traffic".
Preferably, each secondary file has a File Identification (FID) corresponding to its data source type. Data source types such as key files, basic information files, wallet files, etc. The wallet payment application TA invokes the corresponding secondary file indexed by the file identification.
In an actual use scene, different application files in the wallet payment application TA are divided according to areas, the data sources of the application files are isolated through the isolation of the areas, and a firewall mechanism among the applications is guaranteed.
The security management module provides security protection for the data source of the wallet payment application. The safety management module comprises a safety attribute setting submodule, a safety state management submodule, a cryptographic algorithm submodule, a safety authentication submodule and a transmission data protection submodule. All security mechanisms of the wallet payment application TA are mandatory, and once set, the security mechanisms cannot be bypassed, so that the updating and reading of data sources of the wallet payment application TA are effectively protected.
and the security attribute setting submodule is used for setting security levels for the secondary files and protecting the access of the data source. The data source stored in the wallet payment application can not be changed at will, the security attribute of each area, the updating file needs encryption protection or link layer protection added with MAC, or external authentication is needed before the updating file is updated, and the updating can be carried out after the authentication is passed.
The key management submodule is used for managing keys, and the encryption protection of a link layer is needed when the keys are written. The key cannot be read after being written to the wallet payment application.
The safety state management submodule is used for maintaining the safety state of each secondary file, and the corresponding safety state can be obtained only after the safety certification is passed, so that the access authority of the secondary file data source is opened. The wallet payment application TA sets 16 security level states for the secondary file.
The cryptographic operation sub-module is used for generating a process key according to a transaction flow (combination of transaction commands) required by an application specification when the amount of money in the wallet file is updated, calculating MAC (media access control) of a link layer through the process key, and updating the stored balance after verification is passed.
The safety certification submodule encrypts the random number by using the secret key, and verifies whether the payment application client side grasps the same secret key through an encryption result so as to identify the identity.
The transmission data protection submodule can encrypt the interactive data or perform MAC protection on a link layer through key operation.
In the embodiment, the wallet payment application is fully compatible with the file management requirement, the security protection requirement and the command interface requirement of the card in the existing application system, and runs in a trusted execution environment, so that the equipment (POS, a gate and the like) in the application system is prevented from being transformed, and meanwhile, the TEE environment isolates the equipment from the open system data, and the security level of the wallet payment application is improved.
Example two
The application provides a mobile payment method suitable for the mobile terminal. The trusted execution environment TEE runs a wallet payment application (TA), and programs and data of the TA are downloaded to the trusted execution environment TEE and are isolated from an operating system of an open system environment, so that risks brought by the open operating system are effectively avoided.
After the wallet payment application TA is downloaded to the mobile terminal, the function of the wallet payment application TA can be activated only after the application TA passes the security authentication in the initial stage. As shown in fig. 6, in the initial stage, the wallet payment application TA only supports related commands of security authentication, establishes an initialization secure channel after selecting the main security domain, and enters the activation stage after the security authentication is passed. All commands are supported during the activation phase, such as security authentication related commands, installation and deletion of application files, application personalization commands, application transaction commands, and the like.
In the initial stage and the activation stage, the wallet payment application TA provides complete security policies such as security attribute setting, security state management, cryptographic algorithm, security authentication, transmission data protection and the like.
as shown in fig. 4, when the mobile terminal is used for mobile payment, the method includes the following steps:
s410: the communication management module of the wallet payment application receives an APDU command from a payment application client CA in an open system environment and checks the format of the APDU command; if the format is qualified, the APDU command is dispatched to a command management module.
S420: the command management module calls the security management module to perform identity authentication on the payment application client CA;
S430: and if the identity authentication is passed, the command management module calls the application file in the file management module, processes the APDU command and returns the processing result to the payment application client CA.
As an embodiment, the file management module 140 is provided with at least one application file, each application file corresponds to an application function of the mobile terminal, and different application files are isolated from each other. Each application function has a unique Application Identifier (AID), and thus uses the application identifier as a filename of its application file.
in this embodiment, in S410, the Application Identifier (AID) of the application function that needs to be opened is included in the APDU command. In S430, if the identity authentication passes, the command management module invokes the application file corresponding to the application identifier in the APDU command in the file management module. In this way, the payment application client CA can interact with only one of the application files in each transaction, so that the payment application client CA is naturally isolated from the other application files, and the security of the other application files is ensured.
On this basis, the wallet payment application TA has stored therein an application function registry in which application identifiers of available application functions are stored. In S420, the security management module matches the application identifier in the APDU command with the application identifier in the application function registry, and if there is a matching application identifier, the authentication is passed.
In the payment process, the trusted execution environment TEE has slow speed of opening, reading and writing access to the file, and the wallet payment application TA can frequently operate on data in the file, so that the payment speed is slow, and the performance of the whole system is poor.
To optimize performance, preferably, as shown in fig. 5, the application file of the invoked wallet payment application TA is copied to a cache (e.g. RAM) of the trusted execution environment TEE during the payment process, the APDU command is processed in the cache, and the updated data source is written back to the application file before the processing result is returned to the payment application client CA. In this embodiment, as shown in FIG. 3, data is rewritten at all the data sources of the secondary files.
The operation improves the processing speed by utilizing the characteristic of abundant cache resources of the TEE environment, moves the data into the cache, uses the data in the cache when processing the command, reduces the times of reading and writing the application file and optimizes the performance.
preferably, the wallet payment application TA creates an application file for each application, each secondary file in the application file divides an area in the application file, different secondary files have respective offsets in the application file, and the wallet payment application TA manages the respective secondary files in the application file in the manner of the offsets.
In the APDU command processing process shown in fig. 5, before the processing result is returned to the payment application client CA, the minimum update offset of the secondary file in the application file is calculated, and the updated data source is written back to the application file. For example, as shown in fig. 3, each secondary file corresponds to an offset, the Key file (2), the wallet file (6), and the transaction record file (9) are called when the APDU command is processed, and if the minimum update offset is 1 to 9, data is rewritten in the master directory entry (1) to the transaction record file (9), and the release information file (10) does not need to be updated.
in the embodiment, the application file is updated according to the minimum update offset, unnecessary parts do not need to be updated, and the data processing speed is improved.
The beneficial effect that this application realized is as follows:
(1) the wallet payment application is fully compatible with file management requirements, safety protection requirements and command interface requirements of a card in the existing application system, operates in a trusted execution environment, avoids equipment (POS, gates and the like) in the application system from being transformed, and simultaneously, a TEE environment isolates the equipment from open system data, so that the safety level of the wallet payment application is improved.
(2) According to the application file security management method and device, the application identifiers of the application files are called, the situation that the unnecessary application files are opened is avoided, natural isolation is formed between the application files, and the safety of the application files is guaranteed.
(3) The method and the device copy the called application file to the cache of the trusted execution environment to process the APDU command, and improve the reading and writing speed of the file.
(4) According to the application, the application file is updated by adopting the minimum updating offset, so that the data processing speed is increased.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application. It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (6)

1. a mobile terminal supports an open system environment and a trusted execution environment which are isolated from each other, and is characterized in that a wallet payment application is operated in the trusted execution environment and comprises a communication management module, a file management module, a security management module and a command management module;
the communication management module interacts with the open system environment through an APDU command-response pair;
The command management module is connected with the communication management module and used for receiving the APDU command and returning the processing result of the APDU command;
The security management module and the file management module are connected with the command management module and are respectively used for managing security authentication data and file data;
The file management module comprises at least one application file, each application file corresponds to one application function of the mobile terminal, and different application files are isolated from each other; each application function has a unique application identifier, and the file name of the application file is the application identifier of the corresponding application function; each of the application files comprises at least one secondary file, and different secondary files have respective offsets in the application files; each secondary file has a file identifier corresponding to the type of the data source of the secondary file;
The safety management module comprises a safety attribute setting submodule, a key management submodule, a safety state management submodule, a cryptographic algorithm submodule, a safety authentication submodule and a transmission data protection submodule; all security mechanisms of the wallet payment application are enforced and cannot be bypassed once set;
The security attribute setting submodule is used for setting security levels for the secondary files and protecting the access of a data source; the data source stored in the wallet payment application can not be changed at will, the updated file needs encryption protection or link layer protection added with MAC, or external authentication is needed before the file is updated, and the updated file can be updated after the authentication is passed;
The key management submodule is used for managing keys, and link layer encryption protection is needed when the keys are written; the key cannot be read after being written to the wallet payment application;
The safety state management submodule is used for maintaining the safety state of each secondary file, and the corresponding safety state can be obtained only after the safety certification is passed, so that the access authority of the data source of the secondary file is opened;
The cryptographic algorithm submodule is used for generating a process key according to a transaction flow required by an application specification when the amount of money in the wallet file is updated, calculating the MAC (media access control) of a link layer through the process key, and updating the stored balance after verification is passed;
The safety certification submodule encrypts the random number by using the secret key and verifies whether the payment application client side grasps the same secret key through an encryption result so as to identify the identity;
The transmission data protection submodule encrypts the interactive data or performs MAC protection on a link layer through key operation.
2. The mobile terminal of claim 1, wherein the command management module supports an APDU command set, the APDU command set including a personalization command and an application command, the application command including a load command, a consume command, and a compound consume command.
3. A mobile payment method applied to a mobile terminal according to any one of claims 1-2, the mobile terminal supporting an open system environment and a trusted execution environment which are isolated from each other, wherein the trusted execution environment runs a wallet payment application, the mobile payment method comprising:
Receiving an APDU command from a payment application client of the open system environment;
Performing identity verification on the payment application client;
If the identity authentication is passed, calling a file in the wallet payment application, processing the APDU command, and returning a processing result to the payment application client;
The method also comprises the steps of generating a process key according to the transaction flow required by the application specification when the amount in the wallet file is updated, calculating the MAC of the link layer through the process key, and updating the stored amount after the verification is passed.
4. The mobile payment method of claim 3, wherein the wallet payment application comprises at least one application file, each of the application files corresponding to one application function of the mobile terminal, each of the application files having a unique application identifier as a file name;
wherein the APDU command comprises an application identifier of an application function needing to be opened;
And the wallet payment application calls a corresponding application file according to the application identifier.
5. the mobile payment method of claim 4, wherein processing the APDU command comprises:
The trusted execution environment copies the called application file to a cache of the trusted execution environment;
Processing the APDU command by using the application file in the cache; and is
And before returning the processing result to the payment application client, writing the updated data in the processing process into a corresponding application file in the wallet payment application.
6. A mobile payment method as claimed in claim 4, wherein each said application file comprises at least one secondary file, different said secondary files having respective offsets in said application file;
Before the processing result is returned to the payment application client, the minimum updating offset of the secondary file in the application file is calculated, and the updated data in the processing process is written into the corresponding secondary file.
CN201710998316.8A 2017-10-24 2017-10-24 Mobile terminal and mobile payment method Active CN107679858B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710998316.8A CN107679858B (en) 2017-10-24 2017-10-24 Mobile terminal and mobile payment method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710998316.8A CN107679858B (en) 2017-10-24 2017-10-24 Mobile terminal and mobile payment method

Publications (2)

Publication Number Publication Date
CN107679858A CN107679858A (en) 2018-02-09
CN107679858B true CN107679858B (en) 2019-12-10

Family

ID=61140408

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710998316.8A Active CN107679858B (en) 2017-10-24 2017-10-24 Mobile terminal and mobile payment method

Country Status (1)

Country Link
CN (1) CN107679858B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109145628B (en) * 2018-09-06 2020-08-25 江苏恒宝智能系统技术有限公司 Data acquisition method and system based on trusted execution environment

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1920889B (en) * 2006-06-22 2010-05-12 北京飞天诚信科技有限公司 Smart card multi-service control method
CN101246615B (en) * 2008-03-07 2010-11-10 北京握奇数据系统有限公司 System for remotely managing electronic wallet state
KR20140003840A (en) * 2012-06-29 2014-01-10 주식회사 케이티 Method and system for financial transaction
GB2530345A (en) * 2014-09-22 2016-03-23 Mastercard International Inc Payment systems and methods for managing payment card use
CN105590201B (en) * 2015-04-23 2019-05-10 中国银联股份有限公司 Mobile payment device and mobile payment system
CN104899506B (en) * 2015-05-08 2018-01-12 深圳市雪球科技有限公司 Security system implementation method based on virtual secure element in credible performing environment
FR3048538B1 (en) * 2016-03-03 2018-11-09 Ingenico Group DATA EXECUTION AND PROCESSING METHOD, DEVICE AND CORRESPONDING COMPUTER PROGRAM
CN105843653B (en) * 2016-04-12 2017-11-24 恒宝股份有限公司 A kind of safety applications collocation method and device
CN106254323A (en) * 2016-07-27 2016-12-21 恒宝股份有限公司 The exchange method of a kind of TA and SE, TA, SE and TSM platform

Also Published As

Publication number Publication date
CN107679858A (en) 2018-02-09

Similar Documents

Publication Publication Date Title
CN109214197B (en) Method, device and storage medium for processing private data based on blockchain
CN105391840B (en) Automatically create destination application
CN113271211B (en) Digital identity verification system, method, electronic device and storage medium
KR101608510B1 (en) System and method for key management for issuer security domain using global platform specifications
CN105900104B (en) Applet migration in safety element
US8196131B1 (en) Payment application lifecycle management in a contactless smart card
EP3867849B1 (en) Secure digital wallet processing system
US20150248668A1 (en) Secure mobile device transactions
RU2573211C2 (en) Execution method and universal electronic card and smart card system
JP2013065340A (en) Resource sharing protected by security between applications in independent execution environments in retrievable token such as smart card
CN113282959A (en) Service data processing method and device and electronic equipment
CN111160803A (en) Business process safety and management method and system based on block chain
CN115455403A (en) An application cipher machine architecture and system
CN107679858B (en) Mobile terminal and mobile payment method
CN105681263A (en) Smart card key remote application method and application system
EP4246873B1 (en) Method and system for changing key in security module
CN113127535B (en) Data processing method and device based on block chain and electronic equipment
CN116801250A (en) SIM card-based digital identity authentication method and system
EP1540442A2 (en) Software protection
CN115835164B (en) Mobile terminal, trusted service system and trusted application management method based on trusted execution environment
US20250045421A1 (en) Apparatus and Method for Operating System Agnostic Data Encryption
Shepherd et al. Isolated hardware execution platforms
CN119167416A (en) A secure cross-platform file system and method for mobile storage devices
TWM680648U (en) Access control systems and devices that utilize blockchain and secure access modules
Umar et al. Ecosystems of Trusted Execution Environment on smartphones-a potentially bumpy road

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant