CN103996117A - Safety mobile phone - Google Patents
Safety mobile phone Download PDFInfo
- Publication number
- CN103996117A CN103996117A CN201410231601.3A CN201410231601A CN103996117A CN 103996117 A CN103996117 A CN 103996117A CN 201410231601 A CN201410231601 A CN 201410231601A CN 103996117 A CN103996117 A CN 103996117A
- Authority
- CN
- China
- Prior art keywords
- information
- module
- touch screen
- viewing area
- mobile phone
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/84—Protecting input, output or interconnection devices output devices, e.g. displays or monitors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Accounting & Taxation (AREA)
- Telephone Function (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
Abstract
The invention provides a safety mobile phone. The safety mobile phone comprises a mobile phone processing module, an information processing module, a security module and a display assembly. The display assembly comprises a first display area and a second displayer area. The first display area and the second displayer area conduct display independently. The mobile phone processing module is used for sending first information to the safety module and/or receiving second information sent by the safety module. The safety module is used for receiving the first information sent by the mobile phone processing module and/or outputting the second information to the mobile phone processing module, and the safety module is further used for outputting third information to the information processing module. The information processing module is used for receiving the third information output by the safety module, verifying the third information, caching the third information after the third information passes verification, converting the cached information into fourth information, and sending the fourth information to the second display area. The second display area is used for displaying the fourth information. In this way, the safety of storage of data of the mobile phone, the safety of payment transaction and use convenience are improved.
Description
Technical field
The present invention relates to a kind of electronic technology field, relate in particular to a kind of safe mobile phone.
Background technology
At present, mobile terminal device (such as smart mobile phone, panel computer (PAD), intelligent watch, intelligent glasses etc.) has been widely used in daily life.And mobile terminal device may be controlled by wooden horse supervisor, cause the problems such as the leakage of user profile.
How a kind of safety mobile terminal is provided, to ensure the information security in mobile terminal device, and ensures that mobile terminal device and the mutual safety of other facility informations become problem demanding prompt solution.
Summary of the invention
The present invention is intended to one of address the above problem.
Fundamental purpose of the present invention is to provide a kind of safe mobile phone.
For achieving the above object, technical scheme of the present invention is specifically achieved in that
One aspect of the present invention provides a kind of safe mobile phone, comprising: handset processes module, message processing module, security module and display module; Described display module comprises: the first viewing area and the second viewing area; Described the first viewing area and described the second viewing area independently show; Described handset processes module connects described the first viewing area, and connects described security module; Described security module connects described the second viewing area by described message processing module; Described handset processes module, for the first information being sent to described security module, and/or receives the second information that described security module sends; Described security module, the described first information sending for receiving described handset processes module, and/or export described the second information to described handset processes module; Described security module, also for exporting the 3rd information to described message processing module; Described message processing module, for receiving described the 3rd information of described security module output, carries out verification to described the 3rd information, pass through laggard row cache in verification, and the information of buffer memory is changed, obtain the 4th information, described the 4th information is sent to described the second viewing area; Described the second viewing area, for showing described the 4th information.
In addition, described safe mobile phone also comprises: touch screen assembly; Described touch screen assembly comprises: the first touch screen district and the second touch screen district; Described the first touch screen district and described the second touch screen district independence output information; Described the first touch screen district covers on described the first viewing area and is corresponding with described the first viewing area, and described the second touch screen district covers on described the second viewing area and be corresponding with described the second viewing area; Described handset processes module connects described the first touch screen district; Described security module connects described the second touch screen district by described message processing module; Described the second touch screen district, also for exporting the 5th information to described message processing module; Described message processing module, also, for receiving described the 5th information of described the second touch screen district output, carries out verification to described the 5th information, pass through laggard row cache in verification, and the information of buffer memory is changed, obtain the 6th information, described the 6th information is sent to described security module; Described security module, also for the treatment of described the 6th information.
In addition, described the second viewing area is arranged on the top of described the first viewing area, and described the second touch screen district is arranged on the top in described the first touch screen district; Or described the second viewing area is arranged on the below of described the first viewing area, described the second touch screen district is arranged on the below in described the first touch screen district; Or described the second viewing area is arranged on the left of described the first viewing area, described the second touch screen district is arranged on the left in described the first touch screen district; Or described the second viewing area is arranged on the right-hand of described the first viewing area, described the second touch screen district is arranged on the right-hand of described the first touch screen district.
In addition, described safe mobile phone also comprises: Fumction display district and function touch screen district; Described the second viewing area is arranged between described the first viewing area and described Fumction display district, and described the second touch screen district is arranged between described the first touch screen district and described function touch screen district.
In addition, described safe mobile phone also comprises: function key viewing area and function key touch screen district; Described the second viewing area is arranged on described function key viewing area surrounding, and described the second touch screen district is arranged on described function key touch screen district surrounding.
In addition, described security module, the information to be encrypted also sending for receiving described handset processes module, and be sent to described handset processes module after described information to be encrypted is encrypted; And/or described security module, the enciphered message also sending for receiving described handset processes module, and be sent to described handset processes module after described enciphered message is decrypted.
In addition, described security module, also, for receiving the signing messages for the treatment of of described handset processes module transmission, confirmation of receipt instruction is sent to described handset processes module described in receiving after signing messages is signed; And/or described security module, the sign test information for the treatment of also sending for receiving described handset processes module to treating that sign test information verifies described in receiving, and is notified described handset processes module after being verified.
In addition, described security module, the information to be verified also sending for receiving described handset processes module, and described information to be verified is carried out to verification, and verification by after notify described handset processes module.
In addition, described security module, also for obtaining addressee information, the legitimacy of described addressee information is carried out to verification, after addressee information described in verification is legal, if mail need to be keep secret sends, at least mail cleartext information is encrypted to calculating, obtain mail cipher-text information, be sent to described handset processes module to mail cipher-text information described in major general and carry out outgoing.
In addition, described security module, also shows described mail cleartext information for controlling described the second viewing area.
In addition, described security module, also for before being sent to described handset processes module to mail cipher-text information described in major general, receiving mail and really sends instructions.
As seen from the above technical solution provided by the invention, based on the safe mobile phone of the embodiment of the present invention, integrated security module on safe mobile phone, realize the function of intelligent cipher equipment, and because being subject to the control of security module, the second viewing area independently shows the information that it is to be shown, therefore, use security module to carry out in the process of Transaction Information processing user, the second viewing area can demonstrate the information such as the Transaction Information of security module processing, thus, having realized safe mobile phone shows the safety of information, can realize the security function that completes intelligent cipher equipment (KEY) on mobile phone, security and the property easy to use of the storage of cell phone apparatus data and payment transaction are improved.
In addition, owing to the information of security module output being processed by message processing module, can ensure that the second viewing area can correctly show the information of security module output.
Brief description of the drawings
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain other accompanying drawings according to these accompanying drawings.
The structural representation of the safe mobile phone that Fig. 1 provides for the embodiment of the present invention;
The another structural representation of the safe mobile phone that Fig. 2 provides for the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiment.Based on embodiments of the invention, those of ordinary skill in the art, not making the every other embodiment obtaining under creative work prerequisite, belong to protection scope of the present invention.
In description of the invention, it will be appreciated that, term " " center ", " longitudinally ", " laterally ", " on ", D score, " front ", " afterwards ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", orientation or the position relationship of instructions such as " outward " are based on orientation shown in the drawings or position relationship, only the present invention for convenience of description and simplified characterization, instead of device or the element of instruction or hint indication must have specific orientation, with specific orientation structure and operation, therefore can not be interpreted as limitation of the present invention.In addition, term " first ", " second " be only for describing object, and can not be interpreted as instruction or hint relative importance or quantity or position.
In description of the invention, it should be noted that, unless otherwise clearly defined and limited, term " installation ", " being connected ", " connection " should be interpreted broadly, and for example, can be to be fixedly connected with, and can be also to removably connect, or connect integratedly; Can be mechanical connection, can be also electrical connection; Can be to be directly connected, also can indirectly be connected by intermediary, can be the connection of two element internals.For the ordinary skill in the art, can concrete condition understand above-mentioned term concrete meaning in the present invention.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
The present invention is actual can be applied on mobile terminal device, this mobile terminal device can be smart mobile phone, in the present invention, mobile phone and intelligent cipher equipment (are possessed to electronic signature functionality, encryption and decryption functions, the equipment of the functions such as verification, for example: KEY equipment etc.) unite two into one, an integrated security module in mobile phone, this security module can be that (safety chip can be the process chip with secure storage section to safety chip, the data of this secure storage section storage can not be replicated, can not be exported), security module can be carried out key generation, data encrypting and deciphering, the safe operations such as verification calculating.
The present invention utilizes the display module of mobile phone to complete the demonstration of security module operation, thereby makes mobile phone of the present invention realize the security function of display type KEY " finding is signed ".
In the present invention, mobile phone display module (be that mobile phone screen is that handset processes module and security module share, but independently controlling respectively by handset processes module and security module), for showing data.
Mobile phone of the present invention has and only has a display screen, is coated with a touch-screen on display screen, and display screen can at least be divided into two viewing areas, and meanwhile, touch-screen is also divided into and two Liang Ge touch screen districts that viewing area is corresponding.Two viewing areas are respectively: the first viewing area being shown by handset processes module controls, and the second viewing area being shown by security module control, two viewing areas independently show respectively, do not interfere with each other.In the situation that security module control the second viewing area shows, the second viewing area independently shows the information that security module need to show.Security module is used for carrying out the operations such as information encryption, signature, verification calculating, or the information that in information interactive process, security module need to be shown shows, or user is directly sent to security module by input message (expressly) need to input important information time and is encrypted etc.
In the present invention; security module and handset processes module (being the master chip of mobile phone) are separate; security module can possess cryptography processing units; utilize this cryptography processing units; can be encrypted the sensitive data of storing in mobile phone; encryption key for data encryption is stored in to secure storage section, thus protection cell-phone internal information safety.
The present invention can also complete the secure download to security application (APP) according to functions such as the key generation of security module, storage, calculating, checkings, realize the security update of security module working procedure, to the safe storage of data in mobile phone, Secure execution mobile payment (remote payment or near field pay), mail encryption and decryption, the functions such as safe storage cloud data.
Fig. 1 has shown the structural representation of the safe mobile phone of the embodiment of the present invention, and referring to Fig. 1, safe mobile phone of the present invention, comprising: handset processes module 10, message processing module 20, security module 30 and display module 40;
Display module 40 comprises: the first viewing area 401 and the second viewing area 402; The first viewing area 401 and the second viewing area 402 independently show; Concrete, display module 40 comprises display screen and display driver etc., wherein display module 40 can comprise a display screen, this display screen can be divided at least two viewing areas, so that the information of one of them viewing area for showing that handset processes module 10 needs show, another viewing area is for showing the information of security module 30 needs demonstrations, with ensure the demonstration of handset processes module 10 and security module 30 do not interfere with each other, separate, thereby ensured the security that security module 30 shows; Certainly, the display driver corresponding with display screen can be that a driver module drives two viewing areas to show, also can drive respectively two viewing areas to show by two driver modules.In addition, display module 40 also can comprise two display screens, a display screen is as the first viewing area, an other display screen is as the second viewing area, the display driver corresponding with two display screens can be that a driver module drives two display screens to show, also can drive respectively two display screens to show by two driver modules, so that wherein a display screen is for showing the information of handset processes module 10 needs demonstrations, the information of another display screen for showing that security module 30 needs show, do not interfere with each other with the demonstration that ensures handset processes module 10 and security module 30, separate, thereby ensure the security that security module 30 shows.
In addition, display module 40 can also comprise display processing unit, this display processing unit can be arranged in display driver, also can be set to separately a module, the demonstration information that this display processing unit can send for receive handset processes module 10 by first interface, and will show information distribution to the first viewing area 401, receive by the second interface the demonstration information that security module 30 sends, and will show information distribution to the second viewing area 402.Concrete, this display processing unit can distribute by the coordinate information in demonstration information, with ensure the demonstration of handset processes module 10 and security module 30 do not interfere with each other, separate, thereby ensured the security that security module 30 shows.
Handset processes module 10 connects the first viewing area 401, and connects security module 30; Concrete, handset processes module 10 is carried out the normal Presentation Function of mobile phone by the first viewing area 401, for example: picture, video, play the Presentation Functions such as phone; Meanwhile, handset processes module 10 can also send pending information to security module 30, also can receive security module 30 information after treatment.
Security module 30 connects the second viewing area 402 by message processing module 20; Concrete, the information that security module 30 is exported is sent to the second viewing area 402 after can processing by message processing module 20 and shows, thereby the information format that message processing module 20 information format after treatment and the second viewing area 402 can be shown matches, to ensure that the information that security module 30 is exported can normally be shown by the second viewing area 402.
Handset processes module 10, for the first information being sent to security module 30, and/or receives the second information that security module 30 sends; Concrete, the first information can be the information that needs security module 30 to carry out safe handling, for example: Transaction Information to be signed, file to be encrypted etc.; The first information can be also to need security module 30 to carry out the information that safety shows, for example: the cleartext information of secure e-mail etc.
Security module 30, the first information sending for receiving handset processes module 10, and/or output the second information is to handset processes module 10; Concrete, the information that the second information can be carried out after safe handling for security module 30, for example: signing messages, enciphered message etc.
Security module 30, also for exporting the 3rd information to message processing module 20; Concrete, if security module 30 needs the second viewing area 402 to carry out information demonstration, security module 30 is also sent to message processing module 20 by information to be shown, for example: the key message in cleartext information, the Transaction Information of secure e-mail etc.
Message processing module 20, the 3rd information of exporting for receiving security module 30, carries out verification to the 3rd information, passes through laggard row cache, and the information of buffer memory is changed in verification, obtains the 4th information, and the 4th information is sent to the second viewing area 402; Concrete, in the time that security module 30 needs the second viewing area 402 to show, message processing module 20 receives the information to be displayed that security module 30 is exported, so that the information to be displayed that message processing module 20 is exported security module 30 is processed, thereby the information format that message processing module 20 information format after treatment and the second viewing area 402 can be shown matches, to ensure that the second viewing area 402 can normally show the information to be displayed that security module 30 is exported.For example: the information that security module 30 is exported is serial information, and parallel information can only be processed in the second viewing area 402, therefore the serial information that, needs message processing module 20 to export security module 30 is processed rear formation the second manageable parallel information in viewing area 402.
In addition, the information to be displayed that message processing module 20 can be exported security module 30 carries out the verification of information correctness, and pass through laggard row cache in verification, the information of buffer memory is converted to the second manageable information in viewing area 402, to ensure the second correct information to be displayed that shows that security module 30 is exported in viewing area 402.For example: message processing module 20 is converted to parallel signal for the serial signal that security module 30 is exported.Due in procedure for displaying, the asynchronous serial information transfer rate that security module 30 is exported is slower, in order to ensure the correctness of communication, need to carry out checking treatment to serial information, serial information after checking treatment is errorless carries out, after buffer memory, this serial information is converted to parallel information, so that the second viewing area 402 shows.
In addition, message processing module 20 can be carried out its function for independent module or chip, and certainly, message processing module 20 can be integrated into a module with security module 30, or message processing module 20 also can be integrated into a module with display module 40, to save cost.As long as can realize the function of message processing module 20, this module is integrated or the partial function of some modules all should belong to protection scope of the present invention.
The second viewing area 402, for showing the 4th information.Concrete, the second viewing area 402 receives after the information to be displayed after treatment that message processing module 20 sends, and information to be displayed is shown, has ensured the function of security module " finding is signed ".
In addition, the demonstration information being sent by handset processes module 10, can directly enter the first viewing area 401 and show, normally uses thereby do not affect mobile phone.
Based on the safe mobile phone of the embodiment of the present invention, integrated security module on safe mobile phone, realize the function of intelligent cipher equipment, and because being subject to the control of security module, the second viewing area independently shows the information that it is to be shown, therefore, use security module to carry out in the process of Transaction Information processing user, the second viewing area can demonstrate the information such as the Transaction Information of security module processing, thus, having realized safe mobile phone shows the safety of information, can realize the security function that completes intelligent cipher equipment (KEY) on mobile phone, security and the property easy to use of the storage of cell phone apparatus data and payment transaction are improved.
In addition, owing to the information of security module output being processed by message processing module, can ensure that the second viewing area can correctly show the information of security module output.
Further, safe mobile phone of the present invention also comprises: touch screen assembly 50; So that safe mobile phone of the present invention can carry out input information by touch screen.
Touch screen assembly 50 comprises: the first touch screen district 501 and the second touch screen district 502; The first touch screen district 501 and the second independent output information in touch screen district 502; The first touch screen district 501 covers on the first viewing area 401 and is corresponding with the first viewing area 401, and the second touch screen district 502 covers on the second viewing area 402 and be corresponding with the second viewing area 402; Concrete, touch screen assembly 50 comprises touch screen and driving etc., wherein touch screen assembly 50 can comprise a touch screen, this touch screen can be divided at least Liang Ge touch screen district, so that one of them touch screen district is used for to handset processes module 10 input messages, another touch screen district is for to security module 30 input messages, with not the interfereing with each other of the information that ensures to input to handset processes module 10 and security module 30, separate, thereby ensured the security of security module 30 input messages; Certainly, the driving corresponding with touch screen can be that a driver module drives Liang Ge touch screen district to carry out input information, also can drive respectively Liang Ge touch screen district to carry out input information by two driver modules.Certainly, in the present invention, in touch screen assembly 50, can also not comprise the second touch screen district 502, only comprise the first touch screen district 501, only complete the normal function of safe mobile phone by the first touch screen district 501.In addition, touch screen assembly 50 also can comprise two touch screens, a touch screen is as the first touch screen district, an other touch screen is as the second touch screen district, it can be that a driver module drives two touch screens to carry out input information that the touch screen corresponding with two touch screens drives, also can drive respectively two touch screens to carry out input information by two driver modules, so that wherein a touch screen is used for to handset processes module 10 input messages, another touch screen is used for to security module 30 input messages, do not interfere with each other with the input that ensures handset processes module 10 and security module 30, separate, thereby ensure the security that security module 30 is inputted.
In addition, touch screen assembly 50 can also comprise touch screen processing unit, this touch screen processing unit can be arranged in touch screen driving, also can be set to separately a module, this touch screen processing unit can for by first interface to handset processes module 10 input messages, by the second interface to security module 30 input messages.Concrete, this touch screen processing unit can carry out information transmission by the coordinate information in touch screen information, with ensure the input of handset processes module 10 and security module 30 do not interfere with each other, separate, thereby ensured the security that security module 30 is inputted.
Handset processes module 10 connects the first touch screen district 501; Concrete, handset processes module 10 is carried out the normal input function of mobile phone by the first touch screen district 501, for example: the function such as slide switch, note input that plays phone.
Security module 30 connects the second touch screen district 502 by message processing module 20; Concrete, the information that the second touch screen district 502 inputs to security module 30 is sent to security module 30 after can processing by message processing module 20, match thereby make message processing module 20 carry out to information the information format that information format after treatment and security module 30 can process, to ensure that security module 30 carries out normal information processing.
The second touch screen district 502, also for exporting the 5th information to message processing module 20; Concrete, the second touch screen district 502 also inputs pending information to message processing module 20, so that message processing module 20 is sent to security module 30 after pending information is processed, so that the pending information of security module 30 normal process.
Message processing module 20, the 5th information of also exporting for receiving the second touch screen district 502, carries out verification to the 5th information, passes through laggard row cache, and the information of buffer memory is changed in verification, obtains the 6th information, and the 6th information is sent to security module 30; Concrete, need to input pending information to security module 30 in the second touch screen district 502 time, message processing module 20 receives the pending information that the second touch screen district 502 exports, so that the pending information that message processing module 20 is exported the second touch screen district 502 is processed, thereby the information format that message processing module 20 information format after treatment and security module 30 can be processed matches, with the pending information that ensures that security module 30 can normal process the second touch screen district 502 be exported.For example: the information that the second touch screen district 502 exports is parallel information, and security module 30 can be processed serial information, therefore the parallel information that, needs message processing module 20 to export the second touch screen district 502 is processed the manageable serial information of rear formation security module 30.
In addition, the pending information that message processing module 20 can be exported the second touch screen district 502 is carried out the verification of information correctness, and pass through laggard row cache in verification, the information of buffer memory is converted to the manageable information of security module 30, with the pending information that ensures that security module 30 correct processing the second touch screen districts 502 export.For example: message processing module 20 is converted to serial signal for the parallel signal that the second touch screen district 502 is exported.Due in touch screen Information Inputting Process, the parallel information transmission speed that the second touch screen district 502 exports is very fast, in order to ensure the correctness of communication, need to carry out checking treatment to parallel information, parallel information after checking treatment is errorless carries out, after buffer memory, this parallel information is converted to serial information, so that security module 30 is processed.
In addition, message processing module 20 can be carried out its function for independent module or chip, and certainly, message processing module 20 can also be integrated into a module with touch screen assembly 50, to save cost.As long as can realize the function of message processing module 20, this module is integrated or the partial function of some modules all should belong to protection scope of the present invention.
Security module 30, also for the treatment of the 6th information.Concrete, security module 30 receives after the after treatment pending information that message processing module 20 sends, and pending information is processed, and has ensured the normal security function of carrying out security module 30 of security module 30.
In addition, above-mentioned pending information can also be the confirmation in process of exchange, to use as the confirmation button of two generation key (with the key of display screen and confirmation button), make safe mobile phone of the present invention in process of exchange, ensure the security of transaction.Can realize thus the security function that completes two generation intelligent cipher equipment (two generation KEY) on mobile phone, improve security and the property easy to use of the storage of cell phone apparatus data and payment transaction.
In addition, owing to the information of the second touch screen district output being processed by message processing module, can ensure that security module can correctly process the information of the second touch screen district input.
Above message processing module 20, can comprise several function subelements such as verification, buffer memory, conversion.
Wherein, syndrome unit, carries out verification to the information receiving, with the correctness of the information that ensures to receive.Syndrome unit can adopt signal checking (for example detection parities), or the verification mode such as algorithm verification (such as CRC check).
Buffer memory subelement, carries out buffer memory by information after treatment.This buffer memory subelement can comprise the parts such as buffer circuit, circuit shift register, latch register and realize data buffer storage; The existence form of this buffer memory subelement can be buffer, may be also register etc.
Conversion subelement can be the information format of coupling by the information processing of buffer memory.
Certainly, above-mentioned three subelements can be used as separate unit and present, and also can utilize string a conversion chip of integrated above function or coordinate other circuit to realize.
In addition, the second viewing area 402 is arranged on the top of the first viewing area 401, and the second touch screen district 502 is arranged on the top in the first touch screen district 501; Or the second viewing area 402 is arranged on the below of the first viewing area 401, the second touch screen district 502 is arranged on the below in the first touch screen district 501; Or the second viewing area 402 is arranged on the left of the first viewing area 401, the second touch screen district 502 is arranged on the left in the first touch screen district 501; Or the second viewing area 402 is arranged on the right-hand of the first viewing area 401, the second touch screen district 502 is arranged on the right-hand of the first touch screen district 501.Thus, do not affect the normal demonstration of safe mobile phone.
In addition, safe mobile phone of the present invention can also comprise: Fumction display district and function touch screen district; For example: some mobile phone comprises functional areas, that is: the region at function button places such as confirming, cancel, return, on this kind of mobile phone, the second viewing area 402 of the present invention is arranged between the first viewing area 401 and Fumction display district, and the second touch screen district 502 is arranged between the first touch screen district 501 and function touch screen district.Ensureing thus does not affect under the prerequisite of normal function in Fumction display district and function touch screen district, improves aesthetic property and the utilization factor of display screen.
In addition, safe mobile phone of the present invention also can comprise: function key viewing area and function key touch screen district; For example: some mobile phone comprises functional areas, that is: function buttons such as confirming, cancel, return, on this kind of mobile phone, the second viewing area 402 of the present invention is arranged on function key viewing area surrounding, and the second touch screen district 502 is arranged on function key touch screen district surrounding.Ensure to utilize to greatest extent thus the space of existing mobile phone display screen, improve the utilization factor of display screen.
The application scenarios that below provides a kind of safe mobile phone split screen to show, but the present invention is not limited thereto:
In the present invention, the display screen of safe mobile phone is carried out to subregion and (whole display screen scope is at least divided into two parts, thereby corresponding all dot matrix coordinates are also divided into two parts according to the region of dividing, for example: the first viewing area and the second viewing area), the I/O interface pin of the display driver of safe mobile phone is divided into two parts, be connected with the corresponding I/O interface pin of safety chip (security module) and master chip (handset processes module) respectively, driver module can comprise graphics processing unit and indicative control unit, wherein, graphics processing unit is resolved the data of receive two chips, and the image information of sending to two chips is distributed the coordinate address of the dot matrix of the display screen area that this chip is corresponding, the data after resolving and demonstration address are issued indicative control unit by graphics processing unit, indicative control unit shows according to the demonstration data-driven display screen receiving.Wherein, graphics processing unit can be used as two parts that separate with indicative control unit, also can be by two as a whole realizations of mesh merging.
Optionally, the touch screen of safe mobile phone can also be carried out to the subregion identical with display screen and (whole touch screen scope is at least divided into two parts, thereby corresponding all dot matrix coordinates are also divided into two parts according to the region of dividing, for example: the first touch screen district and the second touch screen district), the I/O interface pin that the touch screen of safe mobile phone drives is divided into two parts, be connected with the corresponding I/O interface pin of safety chip (security module) and master chip (handset processes module) respectively, touch screen drives can comprise processing unit and driver element, wherein, driver element receives the information of touch screen output, and the information of output is sent to processing unit, processing unit is resolved the information of receiving, and transmit the information (can comprise the coordinate address of the dot matrix in touch screen region etc.) from touch screen to two chips, chip receives after the information from touch screen, the information receiving is processed.
Certainly, the present invention is not limited to touch screen and carries out identical subregion with display screen, and touch screen not being carried out to subregion also should be in protection scope of the present invention.
Concrete, the application scenarios that below provides a kind of safe mobile phone to realize display screen split screen, but the present invention is not limited thereto:
Referring to Fig. 2, safe mobile phone of the present invention can comprise master chip, safety chip, display screen, driver module etc.Wherein mobile phone master chip is connected with different I/O pin of driver module respectively with safety chip, has formed the separation in physical connection.Driver module is connected with display screen.Wherein, in driver module, can comprise graphics processing unit and indicative control unit, the demonstration data that driver module sends two chips that receive from I/O are sent into graphics processing unit, and for example: I/O1 connects master chip, I/O2 connects safety chip.Graphics processing unit is resolved respectively the data that receive, and the demonstration address of the data that I/O1 pin is received is assigned to region 1 (the first viewing area); The demonstration address of the data that I/O2 pin is received is assigned to region 2 (the second viewing area), and by the demonstration Packet Generation that comprises view data and corresponding demonstration address coordinate to indicative control unit, by indicative control unit according to showing that address coordinate and corresponding view data drive the display screen of corresponding region to show.
Wherein, the I/O interface of driver module is divided into two classes in physical form, and pin corresponding to a class is connected with the corresponding I/O pin of presentation control function of master chip, and the pin of another kind of correspondence is connected with the corresponding I/O pin of safety chip presentation control function.
Graphics processing unit, receives the data of being transmitted by I/O, and the data message receiving is resolved, and will be assigned with the address coordinate of different demonstrations by two class data of different I/O interface input, and displaing coordinate is divided into two viewing areas.Graphics processing unit is given the displaing coordinate of two corresponding two viewing areas of class input data allocations, and the view data receiving is processed, and coordinates the demonstration address coordinate distributing to form and shows packet, will show that Packet Generation is to indicative control unit.
Graphics processing unit can be according to carrying out different processing after the data of different pin interface, can be divided into three subelements from function: wherein the first subelement and the second subelement are the General Porcess Unit of being responsible for processing main chip data, can comprise: the first subelement of controlling the first viewing area, control second subelement in Fumction display district, and the 3rd subelement is the secure processing units of being responsible for processing safety chip data processing; Wherein:
The first subelement: the demonstration data that master chip can be sent are presented at the first viewing area according to above principle.
The second subelement: the data (pilot lamp etc.) of the functional areas that master chip can be sent are presented at Fumction display district.In order to improve the security that shows data, the second subelement makes master chip can only control the demonstration in Fumction display district, and cannot be in data such as Fumction display district display texts.
The 3rd subelement: the demonstration data that safety chip can be sent are presented at Er Nei viewing area, viewing area according to above principle.
Indicative control unit, indicative control unit, according to the information of the control display screen dot array in the demonstration packet receiving, is controlled display screen and is shown.
By safe mobile phone of the present invention, can on a display screen, show the content of mobile phone master chip and the content of safety chip simultaneously, and in the physical connection of hardware, two classes be shown to data separate, improve security.
In addition, in order to ensure the security of safe mobile phone information, the present invention can be encrypted important information by security module 30,, in order to obtain the plaintext of confidential information, can also be decrypted confidential information by security module 30 meanwhile.
Concrete, security module 30, the information to be encrypted also sending for receiving handset processes module 10, and treat after enciphered message is encrypted and be sent to handset processes module 10; And/or security module 30, the enciphered message also sending for receiving handset processes module 10, and be sent to handset processes module 10 after enciphered message is decrypted.
Based on safe mobile phone of the present invention; can utilize the security module 30 in safe mobile phone to be encrypted the important information in mobile phone; and the cipher-text information after encrypting is sent to handset processes module 10 and stores; simultaneously; security module 30 is also stored in encryption key in the secure storage areas (information in this secure storage areas can not be replicated and derive) of security module 30, thereby can protect the safety of cell-phone internal information.
Meanwhile, based on safe mobile phone of the present invention, can utilize security module 30 in mobile phone to mobile phone storage or receive cipher-text information from outside and be decrypted, be sent to handset processes module 10 after obtaining cleartext information, thereby ensure the safety of cellphone information.
Below provide a kind of application scenarios of safe mobile phone information enciphering/deciphering, but the present invention is not limited to this:
After safe mobile phone has obtained data by certain form, (wherein, data can be the note that receives by network, picture, data, document etc.; Or taken the photo, the video etc. that obtain by mobile phone camera; Or user is by the manually data of input of mobile phone touch screen; Or the data that safe mobile phone obtains from the external world by certain I/O form, such as network transmission, camera, the input of mobile phone peripheral hardware etc.), as above-mentioned data carried out to safe storage, before storage, to pass through the encryption of safety chip (security module), then the ciphertext after encrypting is sent in the storage unit in mobile phone master chip (handset processes module) and stored, and encryption key is stored in the storage unit of safety chip, to ensure the safety of encryption key.
Adopting said method, in the time that the storage unit in mobile phone master chip and mobile phone master chip is subject to virus and trojan horse program attack, because data are stored in master chip with ciphertext form, even if data are revealed, because not having decruption key, illegal acquisition data person also cannot obtain data expressly; And for the key storage of decrypting ciphertext information at safety chip, the security performance of safety chip guarantees that decruption key can not be read out or derive, thereby utilizes safe mobile phone to protect data security.
In addition,, in order to ensure the safe operations such as safe mobile phone can pay, the present invention can also sign to Transaction Information by security module 30, and signature or the certificate etc. of external unit are carried out to verification operation.
Concrete, security module 30, also for receiving the signing messages for the treatment of that handset processes module 10 sends, confirmation of receipt instruction is sent to handset processes module 10 to what receive after signing messages is signed; And/or security module 30, the sign test information for the treatment of also sending for receiving handset processes module 10, verifies the sign test information for the treatment of receiving, and after being verified, notifies handset processes module 10.
Based on safe mobile phone of the present invention, because the signing messages for the treatment of mobile phone processing module 10 being sent by security module 30 is signed, and the sign test information for the treatment of that mobile phone processing module 10 is sent verifies, thereby ensure legal source and the non repudiation of data.
Below provide a kind of safe mobile phone that utilizes to realize the application scenarios to the remote download of application program of mobile phone installation, but the present invention is not limited thereto:
Under the prerequisite based on safe mobile phone, application program in mobile phone application shop all can be carried out safety assessment to each application program through the unit of test and appraisal reliably, after assessment is passed through, test and appraisal unit can use its private key application data bag to sign, the terminal devices such as safe mobile phone can store the root certificate of test and appraisal unit, so that application programs is verified.
Download after the application program after safety assessment that application shop provides at the master chip (handset processes module) of safe mobile phone, before installing, utilize the root certificate application programs of the test and appraisal unit of storage in safety chip (security module) to carry out signature check, to complete the legitimacy verification of application programs, ensure the legal source of application program, improve the security that application program is used.Now:
Master chip can send to safety chip the instruction of verification Application program security, and the signature value of the application data bag of download is sent to safety chip;
The primary processor of safety chip is received the instruction of external unit (master chip) by I/O interface, instruction is responded, signature value will be sent to cryptography processing units, by cryptography processing units, signature value is carried out to verification, and check results is returned to master chip by I/O interface, by master chip, information is shown on the second viewing area, to user is pointed out, user can determine whether continue to install according to information, and master chip is proceeded corresponding operating (continue to install or abandon installing) according to user's selection.
In addition,, in order to carry out the verification of information integrity, the information to be verified that security module can also send mobile phone processing module is carried out verification.Concrete, security module 30, the information to be verified also sending for receiving handset processes module 10, and treat check information and carry out verification, and in verification by rear notice handset processes module 10.
Above safe mobile phone by security module 30 to information be encrypted/decipher/signature/sign test/verification all can combination in any, to adopt different combinations to realize security functions at different levels according to different demands for security.
The application scenarios that below provides a kind of safe mobile phone by security module, remote application to be upgraded, but the present invention does not limit to so:
Increase after the account of certain bank when holding the user of safe mobile phone, because the application flow of the transaction business of each bank is not identical, now just need user to download and install corresponding Mobile banking's application software and program, so that the application to account management is upgraded, these application programs need to be arranged in safety chip (security module), to ensure the Secure execution of application program, now, can utilize safe mobile phone of the present invention, by network down load application program from background system server, and the operations such as renewal are installed, now, application data wraps in network transmission process to be transmitted with ciphertext form, the application data bag that downloads to safe mobile phone is ciphertext, therefore, safe mobile phone is received after ciphertext, utilize safety chip to carry out legitimacy verification (sign test operation) to application, data deciphering, data integrity verifying, the operations such as data layout verification, guaranteeing application security is arranged in safety chip.
Concrete application scenarios is as follows:
(1) the Bank application installation data bag receiving is sent to safety chip by safe mobile phone master chip (handset processes module);
(2) safety chip receives after Bank application installation data bag, obtain key ciphertext and information ciphertext, private key decruption key ciphertext for safety chip, obtain session key expressly, utilize session key decryption information ciphertext, acquired information expressly, information is expressly carried out to digest calculations, utilize the PKI of bank to be decrypted to the signature receiving, digest value after deciphering and the summary result obtaining by calculating are contrasted, if unanimously data integrity verifying passes through, carry out (3); Otherwise finish to install the miscue information of returning;
(3) safety chip utilizes decruption key to untie cipher-text information, and the data layout of the plaintext after verification deciphering if correctly carry out (4), otherwise finishes to install the miscue information of returning;
(4) safety chip is installed this application program.
Thus, the remote download of utilizing safe mobile phone to realize Secure Application is upgraded, and the security application that remote update is arranged on safety chip becomes possibility, not only ensures security but also met convenience.
Below provide the application scenarios of a kind of safe mobile phone data upload/download to cloud terminal by security module, but the present invention does not limit to so:
Based on safe mobile phone of the present invention, user can realize cloud termination function, completes data encryption, and data are sent to high in the clouds by network carry out safe storage, when using, needs can be downloaded to safe mobile phone from high in the clouds, then to data deciphering acquired information expressly.
Concrete, can realize referring to following steps the data upload/download function of cloud terminal:
First, can be according to the security level different pairs of data according to carrying out classification: for the data that upload to high in the clouds according to the importance of data to data staging, to data are stored according to different forms according to the difference of the level of security of data:
Is common: expressly
Is important: expressly+MAC
Secret: ciphertext
Secondly data manipulation authority that, can be open different according to user's access rights.For example: other equipment (there is no safety chip) that have access code can operate common message, can read important information, but can not change operation, also cannot read or downloading machine confidential information; And the safe mobile phone equipment that has access code can be opened all operations were authority.
Below the flow process of purview certification is illustrated to illustrate:
(1) safe mobile phone is connected to cloud server by network;
(2) cloud server is verified the authority of safe mobile phone, returns to a response of safe mobile phone (random number), and sends purview certification request to safe mobile phone, and purview certification request comprises the signature value of login password, response etc.;
(3) master chip of safe mobile phone (handset processes module) receives after purview certification request, and master chip sends signature calculation instruction to safety chip (security module), and random number is delivered to safety chip;
(4) cryptography processing units of safety chip carries out signature calculation to random number, and result of calculation is returned to master chip;
(5) purview certification request response message (: login password, signature etc.) is issued cloud server by safe mobile phone for example;
(6) cloud server is verified the purview certification request response message receiving, and after being verified the corresponding authority of open this safe mobile phone, the operations such as response safe mobile phone uploading under corresponding authority, download.
Below the flow process of data upload is illustrated to illustrate:
Safe mobile phone can carry out according to the different disposal of its significance level respective degrees for the data of wanting to upload, for example, can upload with forms such as plaintext, expressly+MAC or ciphertexts.Wherein the calculating of MAC value and data encryption computing need the safety chip of safe mobile phone to process.Concrete processing mode can be to generate MAC key and encryption key by the cryptography processing units of safety chip, and by key storage among the storage unit of safety chip, and clear data is carried out to computing, MAC value after treatment and cipher-text information are delivered to master chip, master chip forms corresponding form (expressly, expressly+MAC, or the form such as ciphertext), data are sent to high in the clouds by network.
The flow process of below data being downloaded is illustrated to illustrate:
Safe mobile phone sends data download request to cloud server, cloud server is judged the authority of this safe mobile phone, judge whether this safe mobile phone possesses the download permission of these rank data, if possess authority by data distributing to safe mobile phone, safe mobile phone utilizes the cryptography processing units of safety chip for example to process, after (: verification MAC, data deciphering, sign test etc.) the data that receive, and cleartext information is sent to master chip.
Based on safe mobile phone of the present invention, can be in conjunction with the method such as data staging, authority classification, utilize the correlation function of safe mobile phone to complete the concrete data processing operations such as data encryption, verification, signature.
In addition, in order to ensure the security of the mail treatment on safe mobile phone, in safe mobile phone of the present invention, security module 30, also for obtaining addressee information, the legitimacy of addressee information is carried out to verification, after verification addressee information is legal, if mail need to be keep secret sends, at least mail cleartext information is encrypted to calculating, obtain mail cipher-text information, be sent to handset processes module 10 to major general's mail cipher-text information and carry out outgoing.In addition, security module 30, also shows mail cleartext information for controlling the second viewing area 402.In addition, security module 30, also for before being sent to handset processes module 10 to major general's mail cipher-text information, receiving mail and really sends instructions.
Concrete, security module can be obtained addressee information by handset processes module, also can directly obtain addressee information from mail server, security module is to the addressee information getting, and verifies whether this addressee information possesses certificate, to the legitimacy of addressee information is carried out to verification, if comprise certificate in addressee information, security module is carried out verification to the certificate in addressee information, if verification is passed through, illustrate that addressee information is legal, the security module result that also high-ranking officers test addressee information is presented at display module, and (can be sent to handset processes module shows in the first viewing area, also can directly control the second viewing area shows) on, and inquire whether user uses ciphertext to send mail, if user confirms to use ciphertext to send mail, security module utilization adopts the private key of security module to sign to mail, adopt the random session key generating that mail is encrypted and is calculated and/or verification calculating, and utilize the PKI obtaining from addressee information to be encrypted session key, obtain mail cipher-text information, the security sending with this certified mail, integrality, non repudiation, certainly, security module can also be signed to mail cipher-text information, to improve mail transmission security, also can only be encrypted operation or only mail is carried out signature operation or only mail carried out to verification operation or mail is encrypted with signature operation or to mail and is encrypted with verification operation or to mail and signs and verification operation mail, wherein, mail can be sent to security module for mobile phone security module, can be also security module is obtained from touch screen.
Thus, safe mobile phone need to use ciphertext to carry out mail while sending, can be first by security module to mail be encrypted, the operation such as verification, signature so that security, integrality, non repudiation that certified mail sends.
In addition, before sending mail cipher-text information, also need user to confirm the cleartext information of mail, now, security module control the second viewing area shows mail cleartext information, so that user confirms cleartext information.Or handset processes module is directly presented at the first viewing area so that user confirms by the cleartext information of mail.
Before mail cipher-text information is sent to handset processes module by security module, security module also receives mail and really sends instructions; Concrete, the cleartext information or the first viewing area that show mail in the second viewing area show after the cleartext information of mail, if user confirms that the cleartext information of mail is errorless, user presses acknowledgement key in the second touch screen district, after security module receives this mail and really sends instructions, mail cipher-text information is sent to handset processes module.
Certainly, if do not comprise certificate in addressee information, security module can also be presented at addressee information on display module, and inquire whether user uses plaintext to send mail, and plaintext is presented on display module, expressly send mail if user confirms to use, security module, not to being expressly encrypted, only notifies handset processes module expressly to send mail; Certainly, the in the situation that of not comprising certificate in addressee information, security module also can be to expressly signing and/or completeness check is sent to handset processes module after calculating, the information after handset processes module is calculated signature and/or verification and expressly carry out outgoing.
In addition, safe mobile phone is receiving after ciphertext mail, and security module is also decrypted ciphertext mail, to obtain mail expressly, carries out safe demonstration thereby control the second viewing area; Or security module is sent to handset processes module after ciphertext mail is decrypted, so that mail demonstration is expressly carried out in handset processes module controls the first viewing area.
Based on safe mobile phone of the present invention, can utilize security module in mobile phone to realize the transmission-receiving function of secure e-mail, the security that improves mail transmission/reception.
The application scenarios that below provides a kind of safe mobile phone to realize secure e-mail transmitting-receiving, but the present invention is not limited thereto:
(1) safety chip control display screen, user selects addressee by touch screen, or handset processes module is selected, after addressee, addressee information is sent to safety chip;
(2) safety chip obtains addressee's information, and whether checking possesses certificate, if do not possess certificate, safety chip is presented at addressee's authentication scenario on display screen, and whether inquiry user continues expressly to send mail; If possess certificate, obtain the PKI in its certificate;
(3) cryptography processing units of safety chip expressly carries out digest calculations to e-mail messages;
(4) safety chip uses private key to sign to summary, generates signature value;
(5) safety chip expressly links together e-mail messages with signature value, generates a packet, carries out alternatively ZIP squeeze operation;
(6) the random session key generation of safety chip, utilizes session key packet, forms packet ciphertext;
(7) safety chip utilizes the PKI in the certificate of addressee information to be encrypted session key, generates key ciphertext;
(8) safety chip is by packet ciphertext and the packing of key ciphertext;
(9) this step is optional step: safety chip is expressly presented at addressee information, e-mail messages on the second viewing area, confirms to user, waits for that user presses the acknowledgement key arranging in the second touch screen district.If user presses acknowledgement key, carry out (10), if otherwise user presses cancel key, finishes to send;
(10) safety chip, by the Packet Generation after packing to master chip, is completed the transmission of mail by master chip.
The reception of secure e-mail:
(1) take over party's safe mobile phone receives after ciphertext mail, and master chip sends mail decryption instructions to safety chip;
(2) private key decruption key ciphertext for safety chip, obtains session key expressly;
(3) safety chip utilizes session key decrypted data packet ciphertext;
(4) e-mail messages obtaining after deciphering is expressly carried out digest calculations by safety chip;
(5) safety chip utilizes sender's PKI decrypted signature value;
(6) result of safety chip contrast decrypted signature value and the result of calculating the acquisition of making a summary, if consistent, prove that mail is from sender, and safety chip is verified prompting and e-mail messages plaintext to master chip transmission; If inconsistent, prove that mail is tampered, send miscue information to master chip.
Thus, utilize safe mobile phone of the present invention send mail and receive mail, improved the security that mail transmits in network.
Any process of otherwise describing in process flow diagram or at this or method are described and can be understood to, represent to comprise that one or more is for realizing module, fragment or the part of code of executable instruction of step of specific logical function or process, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by contrary order, carry out function, this should be understood by embodiments of the invention person of ordinary skill in the field.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple steps or method can realize with being stored in software or the firmware carried out in storer and by suitable instruction execution system.For example, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: there is the discrete logic for data-signal being realized to the logic gates of logic function, there is the special IC of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is can carry out the hardware that instruction is relevant by program to complete, described program can be stored in a kind of computer-readable recording medium, this program, in the time carrying out, comprises step of embodiment of the method one or a combination set of.
In addition, the each functional unit in each embodiment of the present invention can be integrated in a processing module, can be also that the independent physics of unit exists, and also can be integrated in a module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and also can adopt the form of software function module to realize.If described integrated module realizes and during as production marketing independently or use, also can be stored in a computer read/write memory medium using the form of software function module.
The above-mentioned storage medium of mentioning can be ROM (read-only memory), disk or CD etc.
In the description of this instructions, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or example in conjunction with specific features, structure, material or the feature of this embodiment or example description.In this manual, the schematic statement of above-mentioned term is not necessarily referred to identical embodiment or example.And specific features, structure, material or the feature of description can be with suitable mode combination in any one or more embodiment or example.
Although illustrated and described embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, those of ordinary skill in the art can change above-described embodiment within the scope of the invention in the situation that not departing from principle of the present invention and aim, amendment, replacement and modification.Scope of the present invention is by claims and be equal to and limit.
Claims (11)
1. a safe mobile phone, is characterized in that, comprising: handset processes module, message processing module, security module and display module;
Described display module comprises: the first viewing area and the second viewing area; Described the first viewing area and described the second viewing area independently show;
Described handset processes module connects described the first viewing area, and connects described security module;
Described security module connects described the second viewing area by described message processing module;
Described handset processes module, for the first information being sent to described security module, and/or receives the second information that described security module sends;
Described security module, the described first information sending for receiving described handset processes module, and/or export described the second information to described handset processes module;
Described security module, also for exporting the 3rd information to described message processing module;
Described message processing module, for receiving described the 3rd information of described security module output, carries out verification to described the 3rd information, pass through laggard row cache in verification, and the information of buffer memory is changed, obtain the 4th information, described the 4th information is sent to described the second viewing area;
Described the second viewing area, for showing described the 4th information.
2. safe mobile phone according to claim 1, is characterized in that, described safe mobile phone also comprises: touch screen assembly;
Described touch screen assembly comprises: the first touch screen district and the second touch screen district; Described the first touch screen district and described the second touch screen district independence output information; Described the first touch screen district covers on described the first viewing area and is corresponding with described the first viewing area, and described the second touch screen district covers on described the second viewing area and be corresponding with described the second viewing area;
Described handset processes module connects described the first touch screen district;
Described security module connects described the second touch screen district by described message processing module;
Described the second touch screen district, also for exporting the 5th information to described message processing module;
Described message processing module, also, for receiving described the 5th information of described the second touch screen district output, carries out verification to described the 5th information, pass through laggard row cache in verification, and the information of buffer memory is changed, obtain the 6th information, described the 6th information is sent to described security module;
Described security module, also for the treatment of described the 6th information.
3. safe mobile phone according to claim 2, is characterized in that,
Described the second viewing area is arranged on the top of described the first viewing area, and described the second touch screen district is arranged on the top in described the first touch screen district; Or
Described the second viewing area is arranged on the below of described the first viewing area, and described the second touch screen district is arranged on the below in described the first touch screen district; Or
Described the second viewing area is arranged on the left of described the first viewing area, and described the second touch screen district is arranged on the left in described the first touch screen district; Or
Described the second viewing area is arranged on the right-hand of described the first viewing area, and described the second touch screen district is arranged on the right-hand of described the first touch screen district.
4. safe mobile phone according to claim 2, is characterized in that, described safe mobile phone also comprises: Fumction display district and function touch screen district;
Described the second viewing area is arranged between described the first viewing area and described Fumction display district, and described the second touch screen district is arranged between described the first touch screen district and described function touch screen district.
5. safe mobile phone according to claim 2, is characterized in that, described safe mobile phone also comprises: function key viewing area and function key touch screen district;
Described the second viewing area is arranged on described function key viewing area surrounding, and described the second touch screen district is arranged on described function key touch screen district surrounding.
6. according to the safe mobile phone described in claim 1 to 5 any one, it is characterized in that,
Described security module, the information to be encrypted also sending for receiving described handset processes module, and be sent to described handset processes module after described information to be encrypted is encrypted; And/or
Described security module, the enciphered message also sending for receiving described handset processes module, and be sent to described handset processes module after described enciphered message is decrypted.
7. according to the safe mobile phone described in claim 1 to 6 any one, it is characterized in that,
Described security module, also, for receiving the signing messages for the treatment of of described handset processes module transmission, confirmation of receipt instruction is sent to described handset processes module described in receiving after signing messages is signed; And/or
Described security module, the sign test information for the treatment of also sending for receiving described handset processes module to treating that sign test information verifies described in receiving, and is notified described handset processes module after being verified.
8. according to the safe mobile phone described in claim 1 to 7 any one, it is characterized in that,
Described security module, the information to be verified also sending for receiving described handset processes module, and described information to be verified is carried out to verification, and verification by after notify described handset processes module.
9. according to the safe mobile phone described in claim 1 to 8 any one, it is characterized in that,
Described security module, also for obtaining addressee information, the legitimacy of described addressee information is carried out to verification, after addressee information described in verification is legal, if mail need to be keep secret sends, at least mail cleartext information is encrypted to calculating, obtains mail cipher-text information, be sent to described handset processes module to mail cipher-text information described in major general and carry out outgoing.
10. safe mobile phone according to claim 9, is characterized in that,
Described security module, also shows described mail cleartext information for controlling described the second viewing area.
11. safe mobile phones according to claim 10, is characterized in that,
Described security module, also for before being sent to described handset processes module to mail cipher-text information described in major general, receiving mail and really sends instructions.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410231601.3A CN103996117B (en) | 2014-05-28 | 2014-05-28 | Safe mobile phone |
| HK15100292.8A HK1199970A1 (en) | 2014-05-28 | 2015-01-12 | Safe mobile phone |
| PCT/CN2015/071265 WO2015180502A1 (en) | 2014-05-28 | 2015-01-21 | Secure mobile phone |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410231601.3A CN103996117B (en) | 2014-05-28 | 2014-05-28 | Safe mobile phone |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103996117A true CN103996117A (en) | 2014-08-20 |
| CN103996117B CN103996117B (en) | 2017-09-19 |
Family
ID=51310275
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410231601.3A Active CN103996117B (en) | 2014-05-28 | 2014-05-28 | Safe mobile phone |
Country Status (3)
| Country | Link |
|---|---|
| CN (1) | CN103996117B (en) |
| HK (1) | HK1199970A1 (en) |
| WO (1) | WO2015180502A1 (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015180502A1 (en) * | 2014-05-28 | 2015-12-03 | 天地融科技股份有限公司 | Secure mobile phone |
| WO2015180581A1 (en) * | 2014-05-28 | 2015-12-03 | 天地融科技股份有限公司 | Information processing method and device |
| CN105893837A (en) * | 2016-03-31 | 2016-08-24 | 北京智能果技术有限公司 | Application program installation method, security encryption chip and terminal |
| CN106251152A (en) * | 2016-08-12 | 2016-12-21 | 四川长虹通信科技有限公司 | A kind of mobile banking management system based on cloud service and method of commerce |
| CN107798537A (en) * | 2016-09-06 | 2018-03-13 | 苹果公司 | The data verification carried out via the independent processor of equipment |
| WO2018141168A1 (en) * | 2017-02-06 | 2018-08-09 | 中兴通讯股份有限公司 | Display drive circuit, mobile terminal and display drive method |
| CN109428860A (en) * | 2017-08-28 | 2019-03-05 | 天地融科技股份有限公司 | A kind of method and apparatus of safety display data |
| CN109426737A (en) * | 2017-08-28 | 2019-03-05 | 天地融科技股份有限公司 | A kind of safety display method, device and security terminal |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| SG11202001789TA (en) * | 2017-08-28 | 2020-03-30 | Tendyron Corp | Security display method and device, and security terminal |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101374042A (en) * | 2007-08-21 | 2009-02-25 | 联想(北京)有限公司 | Auxiliary display system, apparatus and method |
| CN101681411A (en) * | 2007-03-16 | 2010-03-24 | 德国捷德有限公司 | Be used to generate the method and the corresponding intrument of transaction data through confirming |
| CN101707652A (en) * | 2009-10-20 | 2010-05-12 | 李东声 | Mobile phone capable of realizing digital certificate application |
| CN102118745A (en) * | 2011-01-14 | 2011-07-06 | 中国工商银行股份有限公司 | Method and device for secure encryption for mobile payment data, and mobile phone |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201167365Y (en) * | 2008-03-11 | 2008-12-17 | 宇龙计算机通信科技(深圳)有限公司 | Mobile terminal |
| CN101572678B (en) * | 2008-04-30 | 2012-09-19 | 北京明朝万达科技有限公司 | Mail attachment transparent privacy control method |
| CN102044040A (en) * | 2009-10-26 | 2011-05-04 | ***通信集团公司 | Online banking transaction method and device as well as mobile terminal |
| CN202008672U (en) * | 2011-04-19 | 2011-10-12 | 谭丽芬 | E-commerce transaction safety terminal |
| DE102011018431A1 (en) * | 2011-04-21 | 2012-10-25 | Giesecke & Devrient Gmbh | Method for displaying information on a display device of a terminal |
| CN103699859B (en) * | 2013-12-03 | 2017-01-04 | 天地融科技股份有限公司 | Method for information display and device |
| CN103996117B (en) * | 2014-05-28 | 2017-09-19 | 天地融科技股份有限公司 | Safe mobile phone |
-
2014
- 2014-05-28 CN CN201410231601.3A patent/CN103996117B/en active Active
-
2015
- 2015-01-12 HK HK15100292.8A patent/HK1199970A1/en unknown
- 2015-01-21 WO PCT/CN2015/071265 patent/WO2015180502A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101681411A (en) * | 2007-03-16 | 2010-03-24 | 德国捷德有限公司 | Be used to generate the method and the corresponding intrument of transaction data through confirming |
| CN101374042A (en) * | 2007-08-21 | 2009-02-25 | 联想(北京)有限公司 | Auxiliary display system, apparatus and method |
| CN101707652A (en) * | 2009-10-20 | 2010-05-12 | 李东声 | Mobile phone capable of realizing digital certificate application |
| CN102118745A (en) * | 2011-01-14 | 2011-07-06 | 中国工商银行股份有限公司 | Method and device for secure encryption for mobile payment data, and mobile phone |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015180581A1 (en) * | 2014-05-28 | 2015-12-03 | 天地融科技股份有限公司 | Information processing method and device |
| WO2015180502A1 (en) * | 2014-05-28 | 2015-12-03 | 天地融科技股份有限公司 | Secure mobile phone |
| CN105893837B (en) * | 2016-03-31 | 2019-04-30 | 北京智能果技术有限公司 | Application program installation method, security encryption chip and terminal |
| CN105893837A (en) * | 2016-03-31 | 2016-08-24 | 北京智能果技术有限公司 | Application program installation method, security encryption chip and terminal |
| CN106251152A (en) * | 2016-08-12 | 2016-12-21 | 四川长虹通信科技有限公司 | A kind of mobile banking management system based on cloud service and method of commerce |
| CN107798537A (en) * | 2016-09-06 | 2018-03-13 | 苹果公司 | The data verification carried out via the independent processor of equipment |
| US11025644B2 (en) | 2016-09-06 | 2021-06-01 | Apple Inc. | Data verification via independent processors of a device |
| CN107798537B (en) * | 2016-09-06 | 2021-09-24 | 苹果公司 | Data validation via independent processors of devices |
| CN113706157A (en) * | 2016-09-06 | 2021-11-26 | 苹果公司 | Data validation via independent processors of devices |
| CN113706157B (en) * | 2016-09-06 | 2022-11-08 | 苹果公司 | Data validation via independent processors of devices |
| WO2018141168A1 (en) * | 2017-02-06 | 2018-08-09 | 中兴通讯股份有限公司 | Display drive circuit, mobile terminal and display drive method |
| CN109428860A (en) * | 2017-08-28 | 2019-03-05 | 天地融科技股份有限公司 | A kind of method and apparatus of safety display data |
| CN109426737A (en) * | 2017-08-28 | 2019-03-05 | 天地融科技股份有限公司 | A kind of safety display method, device and security terminal |
| WO2019042023A1 (en) * | 2017-08-28 | 2019-03-07 | 天地融科技股份有限公司 | Method and device for securely displaying data |
| US11438308B2 (en) | 2017-08-28 | 2022-09-06 | Tendyron Corporation | Method and device for securely displaying data |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2015180502A1 (en) | 2015-12-03 |
| HK1199970A1 (en) | 2015-07-24 |
| CN103996117B (en) | 2017-09-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10380361B2 (en) | Secure transaction method from a non-secure terminal | |
| CN103996117A (en) | Safety mobile phone | |
| WO2021022701A1 (en) | Information transmission method and apparatus, client terminal, server, and storage medium | |
| CN103714637B (en) | A kind of transmission security key sending method and system, operating terminal | |
| CN103986837A (en) | Information processing method and device | |
| TW201914254A (en) | Method, apparatus and system for data encryption and decryption | |
| CN103136664B (en) | There is smart card transaction system and the method for electronic signature functionality | |
| CN107465689A (en) | The key management system and method for virtual credible platform module under cloud environment | |
| CN103679062A (en) | Intelligent electric meter main control chip and security encryption method | |
| CN103051451A (en) | Encryption authentication of security service execution environment | |
| CN103929307A (en) | Password input method, intelligent secret key device and client device | |
| CN103873440A (en) | Application program upgrading method and system | |
| CN104639516A (en) | Method, equipment and system for authenticating identities | |
| CN104243451A (en) | Information interaction method and system and smart key equipment | |
| CN103036681B (en) | A kind of password safety keyboard device and system | |
| CN111464297B (en) | Transaction processing method, device, electronic equipment and medium based on block chain | |
| CN101335754B (en) | Method for information verification using remote server | |
| CN103269271A (en) | Method and system for back-upping private key in electronic signature token | |
| CN107104795B (en) | Method, framework and system for injecting RSA key pair and certificate | |
| CN103220148A (en) | Method and system for electronic signature token to respond operation request, and electronic signature token | |
| CN104917807A (en) | Resource transfer method, apparatus and system | |
| CN103326862A (en) | Electronically signing method and system | |
| JP5827724B2 (en) | Method and apparatus for entering data | |
| CN112636916A (en) | Data processing method, data processing device, storage medium and electronic equipment | |
| JP2018117185A (en) | Information processing apparatus, information processing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1199970 Country of ref document: HK |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: GR Ref document number: 1199970 Country of ref document: HK |