CN114765778A - User identification module card, information processing method and terminal - Google Patents

User identification module card, information processing method and terminal Download PDF

Info

Publication number
CN114765778A
CN114765778A CN202110001487.5A CN202110001487A CN114765778A CN 114765778 A CN114765778 A CN 114765778A CN 202110001487 A CN202110001487 A CN 202110001487A CN 114765778 A CN114765778 A CN 114765778A
Authority
CN
China
Prior art keywords
instruction
interface
application
terminal
user identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110001487.5A
Other languages
Chinese (zh)
Inventor
任晓明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Communications Ltd Research Institute filed Critical China Mobile Communications Group Co Ltd
Priority to CN202110001487.5A priority Critical patent/CN114765778A/en
Publication of CN114765778A publication Critical patent/CN114765778A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the invention provides a user identification module card, an information processing method and a terminal, wherein the user identification module card comprises the following components: a first interface for communicating with a baseband chip of a terminal, the first interface for providing a physical transmission channel between a subscriber identity module application of the subscriber identity module card and the baseband chip; and the second interface is used for providing a physical transmission channel between the SIM card extended security application and the application of the terminal. The scheme of the invention can improve the safety of the safe application access of the expansion of the subscriber identification module card and greatly reduce the safety risk of the subscriber identification module card access; and the restriction of the traditional subscriber identity module card access mode on the capability of the subscriber identity module card can be avoided.

Description

User identification module card, information processing method and terminal
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a subscriber identity module card, an information processing method, and a terminal.
Background
In various mobile communication terminals based on cellular networks, a Subscriber Identity Module (SIM) card is required for implementing authentication on the internet, and the SIM card itself is an Integrated Circuit (IC) card, and its functions are not limited to the internet itself, but also can expand security capabilities, including encryption, decryption, Identity authentication, etc. The function of the subscriber identity module card for implementing the cellular network access authentication is generally referred to as a subscriber identity module card (or SIM application), and other extended applications on the subscriber identity module card are generally referred to as a subscriber identity module card extended security application (or SIM extended security application). These functions (or applications) require the sim card to open an access interface to the terminal.
The current access interface of the subscriber identity module card is a low-speed interface (ISO7816), which is not suitable for transmission of large data and scenes requiring high-speed calculation, such as: transaction of DCEP digital currency wallet;
the existing access interface of the subscriber identity module card is designed for sending a network-on authentication instruction for a baseband chip, and requests for accessing the subscriber identity module card on a terminal are all used as agents to access the subscriber identity module card through the baseband chip, so that the efficiency is too low, and the access interface is restricted by the baseband chip (other functions applied to the baseband chip are irrelevant) and does not conform to the requirements of the development of the subscriber identity module card any more.
Aiming at the requirement of peripheral safety access, the peripheral safety access can be realized by a terminal Trusted Execution Environment (TEE) at present, the TEE is an independent safety Environment on the terminal, an Application in the Environment is called as Trusted Application (TA), the TA can access peripheral equipment (SE, a camera, a screen and the like) in a safety mode, namely the peripheral equipment is switched into a safety mode through basic safety capacity provided by a terminal chip, and in the mode, Rich OS (operating system), namely the OS Environment where common applications are located, cannot access the peripheral equipment, so that the peripheral equipment is safely accessed.
Disclosure of Invention
The invention provides a user identification module card, an information processing method and a terminal. The secure use of the subscriber identity module card can be achieved.
To solve the above technical problem, an embodiment of the present invention provides the following solutions:
a subscriber identification module card comprising:
a first interface for communicating with a baseband chip of a terminal, the first interface for providing a physical transmission channel between a subscriber identity module application of the subscriber identity module card and the baseband chip;
a second interface for communicative connection with an application of a terminal, the second interface for providing a physical transport channel between an extended secure application of the subscriber identity module card and a trusted application of a terminal Trusted Execution Environment (TEE).
Optionally, the second interface is in communication connection with an application in a secure environment of the terminal through a secure bus. Optionally, the secure bus includes: serial peripheral interface SPI or bidirectional two-wire synchronous serial I2C bus.
Optionally, the second interface is configured to transmit data of the subscriber identity module card access and/or operation in addition to the network access authentication.
Optionally, the method further includes: the instruction management module is used for receiving a first instruction transmitted by the first interface and/or receiving a second instruction transmitted by the second interface; and processing the first instruction and/or the second instruction.
Optionally, processing the first instruction and the second instruction includes: performing concurrent processing on the first instruction and the second instruction; or performing distribution processing on the first instruction and the second instruction.
Optionally, performing concurrent processing on the first instruction and the second instruction, includes: after receiving the previous instruction and returning an execution result to the terminal, receiving the next instruction; when the previous instruction is the first instruction, the next instruction is a second instruction; and when the previous instruction is the second instruction, the next instruction is the first instruction.
Optionally, the distributing the first instruction and the second instruction includes: when the first instruction is determined to come from the first interface, the first instruction is sent to a user identification module application for processing; and when the second instruction is determined to come from the second interface, sending the second instruction to the extended security application for processing.
The embodiment of the invention also provides an information processing method, which comprises the following steps: receiving a first instruction transmitted by the first interface and/or receiving a second instruction transmitted by the second interface; and processing the first instruction and/or the second instruction.
Optionally, processing the first instruction and the second instruction includes: performing concurrent processing on the first instruction and the second instruction; or performing distribution processing on the first instruction and the second instruction.
Optionally, performing concurrent processing on the first instruction and the second instruction, includes:
after receiving the previous instruction and returning an execution result to the terminal, receiving the next instruction; when the previous instruction is the first instruction, the next instruction is a second instruction; and when the previous instruction is the second instruction, the next instruction is the first instruction.
Optionally, the distributing the first instruction and the second instruction includes:
when the first instruction is determined to come from the first interface, sending the first instruction to a user identification module application for processing;
and when the second instruction is determined to come from the second interface, sending the second instruction to the extended security application for processing.
An embodiment of the present invention further provides a terminal, including:
the base band chip is in communication connection with a user identification module card through a first interface; the first interface is used for providing a transmission channel between the application of the terminal and the subscriber identity module application of the subscriber identity module card;
a terminal Trusted Execution Environment (TEE) in communication with the SIM card through a second interface; the second interface is used for providing a transmission channel between the application of the terminal and the extended security application of the SIM card.
Optionally, the second interface is connected to a secure bus of an application of the terminal.
Optionally, the application of the terminal sends a first instruction for accessing the application of the subscriber identity module card to an instruction management module of the subscriber identity module card through a first interface via a baseband chip; and/or
And the application of the terminal carries out a second instruction of accessing to the extended security application of the user identification module card through the TEE.
The embodiment of the invention also provides an information processing method, which comprises the following steps:
the application of the terminal sends a first instruction for accessing the user identification module application of the user identification module card to an instruction management module of the user identification module card through a baseband chip via a first interface; and/or
And the application of the terminal carries out a second instruction for accessing to the extended security application of the user identification module card through the TEE.
An embodiment of the present invention also provides an information processing apparatus, including:
the transceiver module is used for receiving a first instruction transmitted by the first interface and/or receiving a second instruction transmitted by the second interface;
and the processing module is used for processing the first instruction and/or the second instruction.
An embodiment of the present invention also provides an information processing apparatus, including:
the application module is used for sending a first instruction for accessing the user identification module application of the user identification module card to an instruction management module of the user identification module card through a first interface through a baseband chip; and/or a second instruction for accessing the extended security application of the SIM card through the TEE.
Embodiments of the present invention also provide a computer-readable storage medium including instructions that, when executed on a computer, cause the computer to perform a method.
The scheme of the invention at least comprises the following beneficial effects:
according to the scheme, the user identification module card is divided into two application domains through the design of the dual interfaces of the user identification module card and the terminal architecture, so that on one hand, the traditional access mode is kept, and the current application mode is compatible; meanwhile, the security of the access of the extended security application is improved by accessing the SIM card and the extended security application through the TEE, and the security risk of the access of the SIM card is greatly reduced; the restriction of the traditional SIM card access mode on the SIM card capability can be avoided.
Drawings
Fig. 1 is a schematic view of a communication structure between a SIM card and a terminal according to the present invention;
FIG. 2 is a schematic diagram of a method for implementing an instruction management module of an SIM card according to the present invention;
fig. 3 is a schematic view of the interaction between the SIM card and the terminal according to the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
As shown in fig. 1, an embodiment of the present invention provides a subscriber identity module card (i.e., SIM card), including:
a first interface for communicating with a baseband chip of a terminal, the first interface for providing a physical transmission channel between a subscriber identity module application of the subscriber identity module card and the baseband chip;
and the second interface is used for providing a physical transmission channel between the extended security application of the SIM card and the application of the terminal.
The first interface can be ISO7816, and is used for providing a baseband chip to access the user identification module card, and simultaneously providing an AP to indirectly access the user identification module card through the baseband chip; the second interface is an extended high-speed interface (such as SPI or I2C) and is also a secure interface, namely, the interface is required to be connected to the AP through a secure bus and is used for providing the AP with an interface specially used for accessing the SIM card extended application. Physically, the second interface needs to be connected to a high-speed data bus, such as: SPI or I2C to provide a physical channel for the AP to access the subscriber identity module card.
In a specific implementation manner of the present invention, the second interface may be based on a terminal security architecture, that is, a terminal security architecture model based on TEE (trusted execution environment), and TrustZone of ARM is an example of such an architecture, which is provided based on a terminal AP chip, and divides a terminal into a management mechanism of a secure environment and a management mechanism of a non-secure environment, and through the management mechanism, some devices, such as: fingerprint devices, managed as secure devices, require access and use through secure environments such as: TEE, while other devices may still be accessed in the normal manner.
In an embodiment of the present invention, a second interface of the subscriber identity module card is managed as a secure device (the first interface still exists as a common device), the second interface is communicatively connected to an application in a secure environment of the terminal through a secure bus, and the second interface is used for transmitting data of access and/or operation of the subscriber identity module card except for log-on authentication. This means that the access of the second interface of the sim card needs to be completed by the terminal switching to the TEE secure environment, but the second interface cannot be accessed in the normal OS environment (e.g. Android environment). Therefore, the access to the second interface under the unauthorized condition can be avoided, and the access security of the second interface is ensured.
In the embodiment of the invention, the SIM card is a common device and a safety device because the SIM card has two interfaces. The first interface is a slow interface and is specially used for finishing the operation related to the authentication of the network, and a baseband chip, the first interface and the SIM application form a Phone domain; the second interface is a high-speed interface and can be used for completing various user identification module card accesses and operations except for network login authentication, and the terminal, the second interface and other user identification module card applications form a security application domain.
In an embodiment of the invention, the secure bus comprises: serial peripheral interface SPI or bidirectional two-wire synchronous serial I2C bus.
In an embodiment of the present invention, the sim card further includes an instruction management module, configured to receive a first instruction transmitted by the first interface, and/or receive a second instruction transmitted by the second interface; and processing the first instruction and/or the second instruction.
Wherein processing the first instruction and the second instruction comprises: performing concurrent processing on the first instruction and the second instruction; or performing distribution processing on the first instruction and the second instruction.
Performing concurrent processing on the first instruction and the second instruction, including: after receiving the previous instruction and returning an execution result to the terminal, receiving the next instruction; when the previous instruction is the first instruction, the next instruction is a second instruction; and when the previous instruction is the second instruction, the next instruction is the first instruction.
And the distributing processing is carried out on the first instruction and the second instruction, and the distributing processing comprises the following steps: when the first instruction is determined to come from the first interface, the first instruction is sent to a user identification module application for processing; and when the second instruction is determined to come from the second interface, sending the second instruction to the extended security application for processing.
The two interfaces of the SIM card are identical in logical capability, but different in authority and application fields, different in security requirements, and different in security fields (as described above, the two interfaces are managed as two different devices), and the SIM card needs to perform unified management on the instructions from the two interfaces, and specifically, the instruction management module of the SIM card can perform management and control, so as to implement management on the instructions from the two interfaces. The architecture of the module is shown in fig. 2, and is specifically described as follows:
and (3) instruction concurrent processing: because novel SIM card has dual interfaces, AP can visit the SIM card through two interfaces respectively, and the SIM card needs to do concurrent processing, just that just needs just can send next instruction after the execution result has been returned to the preceding instruction, just so has different processing methods, for example: waiting, instructing the previous instruction to finish execution, and sending a new instruction, or directly returning to the exception (BUSY).
Instruction source identification and dispatch:
instruction source identification: to ensure that instructions from different sources are handed over to different instruction processing units for processing, for example: the access of the AP to the SIM card through the baseband should be limited to the basic access function of the SIM card required in the current standard, i.e. working within the Phone domain; the access of the AP to the secure interface is to extend the access function of the secure application in addition to the above access, i.e. to work within the secure application domain, and the processing requirements of the instructions from the source of the instructions are completely different. The instruction management module needs to implement filtering and recognition of accesses from both interfaces.
And (3) instruction distribution: the source of the instruction is identified and needs to be sent to the corresponding target application, SIM application or extended security application according to different sources.
The embodiment of the invention further provides an information processing method, which comprises the following steps:
receiving a first instruction transmitted by the first interface and/or receiving a second instruction transmitted by the second interface; and processing the first instruction and/or the second instruction.
Wherein processing the first instruction and the second instruction comprises: performing concurrent processing on the first instruction and the second instruction; or performing distribution processing on the first instruction and the second instruction.
Performing concurrent processing on the first instruction and the second instruction, including:
after receiving the previous instruction and returning an execution result to the terminal, receiving the next instruction; when the previous instruction is the first instruction, the next instruction is a second instruction; and when the previous instruction is the second instruction, the next instruction is the first instruction.
The distribution processing is carried out on the first instruction and the second instruction, and comprises the following steps:
when the first instruction is determined to come from the first interface, the first instruction is sent to a user identification module application for processing; and when the second instruction is determined to come from the second interface, sending the second instruction to the extended security application for processing.
The above-mentioned flow of the method shown in fig. 2 is also applicable to this embodiment, and the same technical effect can be achieved, and this embodiment can implement dual application domains, implement mutual isolation (security) by the instruction management module, and greatly reduce the security risk of SIM card access by the independence of access (without mutual influence); the restriction of the traditional SIM card access mode on the SIM card capability can be avoided.
An embodiment of the present invention further provides a terminal, including:
the base band chip is in communication connection with a user identification module card through a first interface; the first interface is used for providing a transmission channel between the application of the terminal and the subscriber identity module application of the subscriber identity module card;
the terminal Trusted Execution Environment (TEE) is in communication connection with the second interface of the user identification module card through the second interface; the second interface is used for providing a transmission channel between the application of the terminal and the extended security application of the SIM card.
Wherein the second interface is connected with a secure bus of an application of the terminal.
The application of the terminal sends a first instruction for accessing the user identification module application of the user identification module card to an instruction management module of the user identification module card through a baseband chip via a first interface; and/or a second instruction for accessing the application of the terminal to the extended security application of the SIM card through the TEE.
The SIM card is two devices for the AP (application), one is a conventional SIM card and the other is a secure SIM card. The AP can access the SIM card through two interfaces, where interface 1 (i.e. the first interface) is, as described above, a conventional function of accessing the SIM card through a baseband chip, i.e. operating in a Phone domain, and interface 2 (i.e. the second interface) is connected to a secure bus of the AP, i.e. the AP accesses interface 2 as a secure device and can only access the SIM card through the TEE, thereby ensuring the security of the SIM card access.
The baseband chip and the interface 1 are both modules and interfaces under the traditional architecture, and original functions are continued in the novel SIM card.
As shown in fig. 3, the above embodiment of the present invention is implemented as follows:
the network-logging authentication and SIM card traditional function application comprises the following steps:
the access of the functions of traditional network access authentication, STK (SIM card application toolkit) function, SIM card message recording and the like is the same as the original access, namely, the AP interacts with the SIM card through the baseband chip through the original interface.
If the APP attempts to access the extended security application within the SIM card through a conventional interface, the instruction management module will deny access because the access range is crossed.
SIM card extended access to secure applications:
for the extended security application in the SIM card, the AP needs to access the extended security application of the SIM card through an SIM card API (the SIM card API is an application programming interface provided for the APP in the mobile phone OS), the API initiates access to the extended security application of the SIM card through the TEE, an instruction management module in the SIM card filters and verifies the access authority and range and sends an instruction to the extended security application, and after the extended security application is processed, a response is returned to the TEE, the SIM card API and the APP;
if the APP tries to access the SIM application in the SIM card through the interface 2, the instruction management module refuses the access because the access scope is crossed;
because the SIM card interface 2 is connected with the safety bus of the AP, the AP side common application can not access the SIM card to expand the safety application, thereby achieving the purpose of safe use of the SIM card.
An embodiment of the present invention further provides an information processing method, where the method includes:
the application of the terminal sends a first instruction for accessing the application of the user identification module card to an instruction management module of the user identification module card through a first interface through a baseband chip; and/or
And the application of the terminal carries out a second instruction for accessing to the extended security application of the user identification module card through the TEE.
The method is a method corresponding to the terminal, and all implementation manners in the embodiment are applicable to the embodiment of the method, so that the same technical effect can be achieved.
An embodiment of the present invention further provides an information processing apparatus, where the apparatus includes:
the transceiver module is used for receiving a first instruction transmitted by the first interface and/or receiving a second instruction transmitted by the second interface;
and the processing module is used for processing the first instruction and/or the second instruction.
Optionally, processing the first instruction and the second instruction includes:
performing concurrent processing on the first instruction and the second instruction; or
And distributing the first instruction and the second instruction.
Optionally, performing concurrent processing on the first instruction and the second instruction includes:
after receiving the previous instruction and returning an execution result to the terminal, receiving the next instruction; when the previous instruction is the first instruction, the next instruction is a second instruction; and when the previous instruction is the second instruction, the next instruction is the first instruction.
Optionally, the distributing the first instruction and the second instruction includes:
when the first instruction is determined to come from the first interface, sending the first instruction to a user identification module application for processing;
and when the second instruction is determined to come from the second interface, sending the second instruction to the extended security application for processing.
It should be noted that the apparatus is an apparatus corresponding to the method on the SIM card side, and all implementation manners in the method embodiments are applicable to the embodiment of the apparatus, and the same technical effects can be achieved.
An embodiment of the present invention further provides an information processing apparatus, where the apparatus includes:
the application module is used for sending a first instruction for accessing the user identification module application of the user identification module card to an instruction management module of the user identification module card through a first interface; and/or a second instruction for accessing an extended security application of the SIM card through the TEE.
It should be noted that this apparatus is an apparatus corresponding to the above terminal-side method, and all the implementations in the above method embodiments are applicable to this apparatus embodiment, and the same technical effects can be achieved.
Embodiments of the present invention further provide a computer-readable storage medium including instructions that, when executed on a computer, cause the computer to perform a method.
According to the scheme, the user identification module card is divided into two application domains through the design of the dual interfaces of the user identification module card and the terminal architecture, so that on one hand, the traditional access mode is kept, and the current application mode is compatible; meanwhile, the safety of the access of the expanded safety application is improved, and the safety risk of the access of the user identification module card is greatly reduced; the restriction of the traditional SIM card access mode on the SIM card capability can be avoided.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It can be clearly understood by those skilled in the art that, for convenience and simplicity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one type of logical functional division, and other divisions may be realized in practice, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention or a part thereof which substantially contributes to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.
Furthermore, it is to be noted that in the device and method of the invention, it is obvious that the individual components or steps can be decomposed and/or recombined. These decompositions and/or recombinations are to be regarded as equivalents of the present invention. Also, the steps of performing the series of processes described above may naturally be performed chronologically in the order described, but need not necessarily be performed chronologically, and some steps may be performed in parallel or independently of each other. It will be understood by those skilled in the art that all or any of the steps or elements of the method and apparatus of the present invention may be implemented in any computing device (including processors, storage media, etc.) or network of computing devices, in hardware, firmware, software, or any combination thereof, which can be implemented by those skilled in the art using their basic programming skills after reading the description of the present invention.
Thus, the objects of the invention may also be achieved by running a program or a set of programs on any computing device. The computing device may be a general purpose device as is well known. The object of the invention is thus also achieved solely by providing a program product containing program code for implementing the method or device. That is, such a program product also constitutes the present invention, and a storage medium storing such a program product also constitutes the present invention. It is to be understood that such storage media can be any known storage media or any storage media developed in the future. It is further noted that in the apparatus and method of the present invention, it is apparent that each component or step can be decomposed and/or recombined. These decompositions and/or recombinations are to be considered as equivalents of the present invention. Also, the steps of executing the series of processes described above may naturally be executed chronologically in the order described, but need not necessarily be executed chronologically. Some steps may be performed in parallel or independently of each other.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (19)

1. A subscriber identity module card, comprising:
a first interface for communicating with a baseband chip of a terminal, the first interface for providing a physical transmission channel between a subscriber identity module application of the subscriber identity module card and the baseband chip;
and the second interface is used for providing a physical transmission channel between the SIM card extended security application and the application of the terminal.
2. The subscriber identity module card of claim 1,
and the second interface is in communication connection with the application of the terminal in the safe environment through a safe bus.
3. The subscriber identity module card of claim 2, wherein the secure bus comprises: serial peripheral interface SPI or bidirectional two-wire synchronous serial I2C bus.
4. The sim card of claim 2, wherein the second interface is configured to transmit data for sim card access and/or operations other than authentication.
5. The subscriber identity module card according to any one of claims 1 to 4, further comprising:
the instruction management module is used for receiving a first instruction transmitted by the first interface and/or receiving a second instruction transmitted by the second interface; and processing the first instruction and/or the second instruction.
6. The SIM card of claim 5, wherein processing the first and second instructions comprises:
performing concurrent processing on the first instruction and the second instruction; or
And performing distribution processing on the first instruction and the second instruction.
7. The sim card of claim 6, wherein the concurrent processing of the first and second instructions comprises:
after receiving the previous instruction and returning an execution result to the terminal, receiving the next instruction; when the previous instruction is the first instruction, the next instruction is a second instruction; and when the previous instruction is the second instruction, the next instruction is the first instruction.
8. The sim card according to claim 6, wherein the distribution processing of the first and second instructions comprises:
when the first instruction is determined to come from the first interface, sending the first instruction to a user identification module application for processing;
and when the second instruction is determined to come from the second interface, sending the second instruction to the extended security application for processing.
9. An information processing method applied to the subscriber identity module card according to any one of claims 1 to 8, the method comprising:
receiving a first instruction transmitted by the first interface and/or receiving a second instruction transmitted by the second interface;
and processing the first instruction and/or the second instruction.
10. The information processing method according to claim 9, wherein processing the first instruction and the second instruction includes:
performing concurrent processing on the first instruction and the second instruction; or alternatively
And distributing the first instruction and the second instruction.
11. The information processing method according to claim 10, wherein concurrently processing the first instruction and the second instruction includes:
after receiving the previous instruction and returning an execution result to the terminal, receiving the next instruction; when the previous instruction is the first instruction, the next instruction is a second instruction; and when the previous instruction is the second instruction, the next instruction is the first instruction.
12. The information processing method according to claim 10, wherein performing distribution processing on the first instruction and the second instruction includes:
when the first instruction is determined to come from the first interface, sending the first instruction to a user identification module application for processing;
and when the second instruction is determined to come from the second interface, sending the second instruction to the extended security application for processing.
13. A terminal, comprising:
the baseband chip is connected with the subscriber identity module card through a second interface; the second interface is used for providing a transmission channel between a baseband chip and a user identification module application of the user identification module card;
the terminal trusted execution environment is connected with the user identification module card through a second interface; the second interface is used for providing a transmission channel between a trusted application in the terminal trusted execution environment and an extended security application of the user identification module card.
14. A terminal as claimed in claim 13, characterised in that the second interface is connected to a secure bus of an application of the terminal.
15. The terminal of claim 13,
the application of the terminal sends a first instruction for accessing the application of the user identification module card to an instruction management module of the user identification module card through a first interface through a baseband chip; and/or
And the application of the terminal sends a second instruction for accessing the extended security application of the user identification module card to the trusted application in the trusted execution environment of the terminal through an Application Programming Interface (API).
16. An information processing method applied to the terminal according to any one of claims 13 to 15, the method comprising:
the application of the terminal sends a first instruction for accessing the application of the user identification module card to an instruction management module of the user identification module card through a first interface through a baseband chip; and/or
And the application of the terminal carries out a second instruction for accessing to the extended security application of the user identification module card through the TEE.
17. An information processing apparatus, applied to the subscriber identity module card according to any one of claims 1 to 8, comprising:
the transceiver module is used for receiving a first instruction transmitted by the first interface and/or receiving a second instruction transmitted by the second interface;
and the processing module is used for processing the first instruction and/or the second instruction.
18. An information processing apparatus, applied to a terminal according to any one of claims 13 to 15, the apparatus comprising:
the application module is used for sending a first instruction for accessing the user identification module application of the user identification module card to an instruction management module of the user identification module card through a first interface through a baseband chip; and/or a second instruction to access, via the TEE, an extended security application of the subscriber identity module card via a second interface.
19. A computer-readable storage medium comprising instructions which, when executed on a computer, cause the computer to perform the method of any of claims 9 to 12 or the method of claim 16.
CN202110001487.5A 2021-01-04 2021-01-04 User identification module card, information processing method and terminal Pending CN114765778A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110001487.5A CN114765778A (en) 2021-01-04 2021-01-04 User identification module card, information processing method and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110001487.5A CN114765778A (en) 2021-01-04 2021-01-04 User identification module card, information processing method and terminal

Publications (1)

Publication Number Publication Date
CN114765778A true CN114765778A (en) 2022-07-19

Family

ID=82362841

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110001487.5A Pending CN114765778A (en) 2021-01-04 2021-01-04 User identification module card, information processing method and terminal

Country Status (1)

Country Link
CN (1) CN114765778A (en)

Similar Documents

Publication Publication Date Title
US11962616B2 (en) Protection against rerouting a communication channel of a telecommunication device having an NFC circuit and a secure data circuit
US11743721B2 (en) Protection of a communication channel between a security module and an NFC circuit
RU2611241C2 (en) Method of routing in mobile terminal, emulating contactless payment card
EP3116161B1 (en) Security unit management method and terminal
KR101363981B1 (en) Use, provision, customization and billing of services for mobile users through distinct electronic apparatuses
US9225687B2 (en) Access control mechanism for a secure element coupled to an NFC circuit
US11126753B2 (en) Secure processor chip and terminal device
CN107533621A (en) Mobile payment device and method
CN103455349B (en) Application program accesses the method and apparatus of smart card
US20130059568A1 (en) Protection of a security module in a telecommunication device coupled to an nfc circuit
CN102033828B (en) Method and system for accessing external card
CN111404706A (en) Application downloading method, secure element, client device and service management device
US12019717B2 (en) Method for the secure interaction of a user with a mobile terminal and a further entity
US11768943B2 (en) Secure element and method for starting an application by a low-level operating system
CN114765778A (en) User identification module card, information processing method and terminal
CN110636491A (en) Service-oriented trusted execution module and communication method
KR101662947B1 (en) Method for Providing Session Security by using Secure Operating System
CN106534047A (en) Information transmitting method and apparatus based on Trust application
US12022294B2 (en) Access control for Near Field Communication functions
US11809898B2 (en) Process implemented in an integrated circuit module, corresponding integrated circuit module, system comprising such a module and corresponding computer program
CN117060976B (en) Satellite communication method, satellite communication system, electronic device, storage medium, and program product
US20230367867A1 (en) Router
CN114386111A (en) Chip circuit and access control method
CN117061426A (en) Router

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination