CN115689553A - Payment method and device and terminal equipment - Google Patents

Payment method and device and terminal equipment Download PDF

Info

Publication number
CN115689553A
CN115689553A CN202110852182.5A CN202110852182A CN115689553A CN 115689553 A CN115689553 A CN 115689553A CN 202110852182 A CN202110852182 A CN 202110852182A CN 115689553 A CN115689553 A CN 115689553A
Authority
CN
China
Prior art keywords
payment
key
terminal equipment
message
tui
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110852182.5A
Other languages
Chinese (zh)
Inventor
田建亮
韩鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN202110852182.5A priority Critical patent/CN115689553A/en
Priority to PCT/CN2022/106187 priority patent/WO2023005705A1/en
Publication of CN115689553A publication Critical patent/CN115689553A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0484Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
    • G06F3/04847Interaction techniques to control parameter settings, e.g. interaction with sliders or dials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Business, Economics & Management (AREA)
  • Software Systems (AREA)
  • Human Computer Interaction (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

The embodiment of the application discloses a payment method, a payment device and terminal equipment, wherein the payment method is applied to the terminal equipment; the payment method comprises the following steps: under the condition that the terminal equipment displays a credible user interface TUI, the terminal equipment acquires a key event, the key event indicates that an entity key on the terminal equipment is pressed according to a target method, and the TUI is used for payment; in response to the key event, the terminal device continues to complete the payment, so that the user can complete the payment on the TUI by pressing the entity key, thereby ensuring the security of the payment of the user.

Description

Payment method and device and terminal equipment
Technical Field
The embodiment of the application relates to the technical field of computers, in particular to a payment method, a payment device and terminal equipment.
Background
As the size of mobile payment is continuously expanding, the security problem of mobile payment is also a focus of attention.
In order to ensure the security of mobile payment, a Trusted User Interface (TUI) is introduced into mobile payment so that a User can complete payment on the TUI.
However, at present, an untrusted user interface similar to the TUI appears, which causes the user to pay on the untrusted user interface, and the security of the payment cannot be guaranteed.
Disclosure of Invention
The embodiment of the application provides a payment method and a computer system, and the method enables a user to pay on a credible user interface TUI so as to ensure the payment safety of the user.
A first aspect of an embodiment of the present application provides a payment method, which is applied to a terminal device and includes: under the condition that the terminal device displays a credible user interface TUI, the terminal device acquires a key event, the key event indicates that an entity key on the terminal device is pressed according to a target method, and the TUI is used for payment; a TUI may be understood as a user interface displayed by the trusted execution environment TEE, based on which the user interface may be considered trusted; the embodiment of the application does not specifically limit the types of the target modes and the types of the entity keys, and the entity keys can be volume keys, POWER keys and the like; and responding to the key event, and the terminal equipment continues to complete payment.
Under the condition that the terminal equipment displays a credible user interface TUI, the terminal equipment acquires the key event and continuously completes payment in response to the key event, so that a user can complete payment on the TUI by pressing an entity key; and under the condition that the terminal equipment displays an untrusted user interface or a fake trusted user interface, even if the user presses an entity key, the TEE cannot acquire a key event, so that the payment cannot be continuously completed. Therefore, the method and the device can improve the safety of user payment.
In addition, because the entity key has a certain function, when the terminal device displays an untrusted user interface or a forged trusted user interface, the user presses the entity key, and only the function of the entity key can be realized, so that the user can identify whether the user interface is trusted or untrusted according to the reaction of the terminal device after pressing the entity key.
In one implementation, the physical key is a power key.
Because the key event of the power key belongs to the system event, the key event of the power key can be obtained only by the authorization of TEE, and the event is difficult to obtain by a common application program, so that an attacker is difficult to make a forged response on an untrusted user interface according to the key event of the power key; therefore, when the entity key is the power key, the payment method of the embodiment of the application has better safety and higher safety level.
As an achievable way, the target method is: pressing the entity key for a period of time, wherein the period of time is greater than or equal to a first duration; the target method is long pressing of the physical key.
The target method of long-time pressing of the entity key is simple, convenient and beneficial to implementation.
As an achievable way, the target method is: and pressing the entity key for multiple times, wherein the number of times of pressing the entity key is more than or equal to the target number of times.
The implementation mode provides another target method for pressing the entity key, is simple, convenient and beneficial to implementation, and can prevent the terminal equipment from being powered off due to long-time pressing of the entity key.
In a practical way, the time interval between two adjacent pressing entity keys is less than the second time length.
Because the time interval between two adjacent times of pressing the entity key is less than the second duration, the terminal equipment can be prevented from mistakenly identifying multiple times of key pressing operations with longer time intervals as key events, and the accuracy of the obtained key events is improved.
As an implementable manner, the rich execution environment REE and the trusted execution environment TEE are deployed on the terminal device, and the acquiring, by the terminal device, the key event includes: the terminal equipment acquires a key event through the REE; in response to the key event, the terminal device continuing to complete the payment comprises: and responding to the key event, and continuously completing payment by the terminal equipment through cooperation of the REE and the TEE.
In the realizable mode, the key event is acquired through the REE, and the payment is continuously completed through the cooperation of the REE and the TEE so as to ensure the safety of the payment.
As an implementable mode, the REE is deployed with a monitoring module and a kernel, and the TEE is deployed with a trusted application program (TA) and a processing module; the method for the terminal equipment to monitor the key event through the REE comprises the following steps: the terminal equipment acquires a key event through a monitoring module; responding to the key event, the step that the terminal equipment continuously completes payment through the cooperation of the REE and the TEE comprises the following steps: in response to the key event, the terminal device sends a first message to the kernel through the monitoring module, and specifically, the first message may be sent to the kernel through the secure channel, so as to prevent the first message from being intercepted by other malicious applications, where the first message is used to instruct the kernel to notify the processing module to send a second message to the TA, and the second message is used to instruct the TA to control the TUI to complete the payment.
In the realizable mode, the key event is acquired through the monitoring module in the REE, and the first message is sent to the kernel in response to the key event, so that the kernel informs the processing module to send a second message to the TA, and the second message is used for indicating the TA to control the TUI to complete the payment, thereby ensuring the safety of the payment.
As an implementable manner, the payment method further comprises: the terminal equipment receives a first message from the monitoring module through the inner core; in response to the first message, the terminal device sends a third message to the processing module through the kernel, specifically, the kernel may send the third message to the processing module through a Mailbox channel, where the Mailbox is a way of data transmission, and the third message is used to instruct the processing module to send the second message to the TA.
In the realizable manner, the terminal device receives the first message from the monitoring module through the kernel, and sends a third message to the processing module through the kernel in response to the first message, so that the processing module sends a second message to the TA, and the second message is used for instructing the TA to control the TUI to complete the payment, thereby ensuring the security of the payment.
As an implementable manner, before the terminal device obtains the key event through the monitoring module, the payment method further includes: the method comprises the steps that terminal equipment receives a first calling request from a TA through a kernel; and starting the monitoring module by the terminal equipment through the inner core based on the first calling request.
Before the monitoring module is started through the kernel, the monitoring module is always in a non-working state, so that resources consumed by the monitoring module can be reduced; and when the monitoring module is in a non-working state, the entity key can play the function of the entity key, so that the influence on the use of the function of the entity key is avoided.
As an implementation manner, after the terminal device sends a third message to the processing module through the kernel in response to the first message, the payment method further includes: terminal equipment receives an exit request from TA through a kernel; and based on the received quit request, the terminal equipment controls the monitoring module to stop running through the kernel.
The kernel controls the monitoring module to stop running, so that resources consumed by the monitoring module can be reduced; and when the monitoring module is in a non-working state, the entity key can play the function of the entity key, so that the influence on the use of the function of the entity key is avoided.
As an implementable manner, the payment method further comprises: the terminal equipment receives a third message from the kernel through the processing module; in response to the third message, the terminal device sends a second message to the TA through the processing module.
And receiving a third message from the kernel through the processing module, and sending a second message to the TA in response to the third message, wherein the second message is used for instructing the TA to control the TUI to complete the payment, so that the payment safety is ensured.
As an implementable manner, the payment method further comprises: the terminal equipment receives a second message from the processing module through the TA; in response to the second message, the terminal device continues to complete payment by controlling the TUI through the TA, and there are various methods for controlling the TUI.
In response to the second message, the terminal device controls the TUI to continuously complete the payment through the TA, so that the payment safety can be ensured.
As an implementable manner, the terminal device continuing to complete the payment by the TA control TUI in response to the second message comprises: in response to the second message, the terminal device controls the TUI to display prompt information through the TA, wherein the prompt information is used for prompting the user that the TUI is safe so that the user can complete payment on the TUI; the content of the prompt message may be various, and this is not specifically limited in the embodiment of the present application; for example, the content of the hint information may be: the interface is safe; the content of the prompt message may also be: please enter a password.
The TUI is controlled by the TA to display a prompt whereby the prompt is for prompting the user that the TUI is safe to inform the user that the TUI is safe so that the user completes payment on the safe TUI.
As an implementable manner, the terminal device continuing to complete the payment by the TA control TUI in response to the second message comprises: the terminal equipment determines the second message as a message for confirming payment by the user through the TA, wherein the message for confirming payment by the user can be understood as a message of a confirmation button clicked after the user inputs a payment password; based on the message confirming payment, the terminal device controls the TUI to jump through the TA to complete the payment, and the interface after the jump can be the interface of the CA.
The second message is determined as a message for confirming payment by the user through the TA, and the TUI is controlled to jump to complete payment based on the message for confirming payment, so that the user does not need to click a button for confirming payment in the TUI, and the method is convenient and quick; in addition, the user does not need to check prompt information for prompting TUI safety on the TUI interface, and the payment process is simple and quick.
As an implementable manner, before the terminal device receives the second message from the processing module through the TA, the payment method further includes: the terminal equipment sends a first call request to the kernel through the TA, and the first call request is used for indicating the kernel to start the monitoring module.
The terminal equipment sends a first call request to the kernel through the TA to indicate the kernel to start the monitoring module, so that the monitoring module is always in a non-working state before starting, and resources consumed by the monitoring module can be reduced; and when the monitoring module is in a non-working state, the entity key can play the function of the entity key, so that the influence on the use of the function of the entity key is avoided.
As an implementable manner, after the terminal device continues to complete the payment through the TA control TUI in response to the second message, the payment method further comprises: and the terminal equipment sends an exit request to the kernel through the TA, wherein the exit request is used for indicating the kernel to control the monitoring module to stop running.
The TA sends an exit request to the kernel to indicate the kernel to control the monitoring module to stop running, so that resources consumed by the monitoring module can be reduced; and when the monitoring module is in a non-working state, the entity key can play the function of the entity key, so that the influence on the use of the function of the entity key is avoided.
A second aspect of the embodiments of the present application provides a payment apparatus, where the payment apparatus is applied to a terminal device, and the payment apparatus includes: the terminal equipment comprises an acquisition unit, a payment unit and a processing unit, wherein the acquisition unit is used for acquiring a key event under the condition that the terminal equipment displays a credible user interface TUI, the key event indicates that an entity key on the terminal equipment is pressed according to a target method, and the TUI is used for payment; and the payment unit is used for responding to the key event and continuing to finish payment.
In one implementation, the physical key is a power key.
As an achievable way, the target method is: the entity key is pressed for a period of time, and the period of time is greater than or equal to a first duration.
As an achievable way, the target method is: and pressing the entity key for multiple times, wherein the number of times of pressing the entity key is more than or equal to the target number of times.
In a practical mode, the time interval between two adjacent pressing entity keys is less than the second time length.
As an implementation manner, a rich execution environment REE and a trusted execution environment TEE are deployed on the terminal device, and the obtaining unit is used for obtaining the key event through the REE; and the payment unit is used for responding to the key event, and the terminal equipment continuously completes payment through the cooperation of the REE and the TEE.
As an implementable manner, the REE is deployed with a monitoring module and a kernel, and the TEE is deployed with a trusted application program TA and a processing module; the acquisition unit is used for acquiring the key event through the monitoring module; and the payment unit is used for responding to the key event and sending a first message to the kernel through the monitoring module, wherein the first message is used for instructing the kernel to inform the processing module to send a second message to the TA, and the second message is used for instructing the TA to control the TUI so as to complete payment.
As an implementable manner, the payment unit is used for receiving a first message from the monitoring module through the kernel; and responding to the first message, and sending a third message to the processing module through the kernel, wherein the third message is used for instructing the processing module to send a second message to the TA.
As an implementable manner, the payment apparatus further comprises: the management unit is used for receiving a first calling request from the TA through the kernel; and starting the monitoring module through the kernel based on the first calling request.
As an implementable manner, the management unit is further configured to receive, by the kernel, an exit request from the TA; and based on the received quit request, controlling the monitoring module to stop running through the kernel.
As an implementable manner, the payment unit is configured to receive, by the processing module, a third message from the kernel; the second message is sent to the TA by the processing module in response to the third message.
As an implementable manner, the payment unit is configured to receive the second message from the processing module through the TA; in response to the second message, the payment is continued through the TA control TUI.
As an implementable manner, the payment unit is configured to control the TUI to display a prompt message for prompting the user that the TUI is safe, by the TA, in response to the second message, so that the user completes the payment on the TUI.
As an implementable manner, the payment unit is used for determining the second message as a message for confirming payment by the user through the TA; based on the message confirming payment, the TUI jumps are controlled by the TA to complete the payment.
As an implementation manner, the management unit is further configured to send a first call request to the kernel through the TA, where the first call request is used to instruct the kernel to start the snoop module.
As an implementable manner, the management unit is further configured to send an exit request to the kernel through the TA, where the exit request is used to instruct the kernel to control the snoop module to stop running.
For specific implementation, related description, and technical effects of the above modules, please refer to the description of the first aspect of the embodiment of the present application.
A third aspect of embodiments of the present application provides a terminal device, where the terminal device includes a memory and a processor, the memory is used for storing computer readable instructions (or referred to as a computer program), and the processor is used for reading the computer readable instructions to implement the method according to any one of the foregoing first aspect and various possible implementation manners.
A fourth aspect of embodiments of the present application provides a computer program product containing instructions that, when run on a computer, cause the computer to perform a method as described in any one of the preceding aspects and any one of the various possible implementations.
A fifth aspect of embodiments of the present application provides a computer-readable storage medium, which includes instructions that, when executed on a computer, cause the computer to perform the method according to any one of the above first aspect and various possible implementations.
A sixth aspect of embodiments of the present application provides a chip, which includes one or more processors. Part or all of the processor is configured to read and execute the computer program stored in the memory to perform the method in any possible implementation manner of the first aspect.
Optionally, the chip may include a memory, and the memory and the processor may be connected to the memory through a circuit or a wire. Further optionally, the chip further comprises a communication interface, and the processor is connected to the communication interface. The communication interface is used for receiving data and/or information needing to be processed, the processor acquires the data and/or information from the communication interface, processes the data and/or information, and outputs a processing result through the communication interface. The communication interface may be an input output interface.
In some implementations, some of the one or more processors may also implement some of the steps of the above method by means of dedicated hardware, for example, a process involving a neural network model may be implemented by a dedicated neural network processor or a graphics processor.
The method provided by the embodiment of the application can be realized by one chip or a plurality of chips in cooperation.
Drawings
Fig. 1 is a schematic structural diagram of a terminal device in an embodiment of the present application;
FIG. 2 is a schematic view of a scenario of mobile phone shield account transfer payment in an embodiment of the present application;
FIG. 3 is a block diagram illustrating an architecture of a computer system according to an embodiment of the present application;
fig. 4 (a) is a schematic diagram of an embodiment of a payment method provided in an embodiment of the present application;
fig. 4 (b) is a schematic diagram of another embodiment of the payment method provided in the embodiment of the present application;
fig. 5 is a schematic diagram of a first embodiment of a TUI provided by an embodiment of the present application;
fig. 6 is a schematic diagram of a second embodiment of the TUI provided by an embodiment of the present application;
fig. 7 is a schematic view of an embodiment of a payment device provided in an embodiment of the present application;
fig. 8 is a schematic structural diagram of a computer system provided in this embodiment.
Detailed Description
The embodiment of the application provides a payment method and a computer system, and the method enables a user to pay on a credible user interface TUI so as to ensure the payment safety of the user.
Embodiments of the present application will now be described with reference to the accompanying drawings, and it is to be understood that the described embodiments are merely illustrative of some, but not all, embodiments of the present application. As can be known to those skilled in the art, with the development of technology and the emergence of new scenarios, the technical solution provided in the embodiments of the present application is also applicable to similar technical problems.
The terms "first," "second," and the like in the description and claims of this application and in the foregoing drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be implemented in other sequences than those illustrated or described herein. Moreover, the terms "comprises," "comprising," and any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or modules is not necessarily limited to those steps or modules explicitly listed, but may include other steps or modules not expressly listed or inherent to such process, method, article, or apparatus. The naming or numbering of the steps appearing in the present application does not mean that the steps in the method flow must be executed in the chronological/logical order indicated by the naming or numbering, and the named or numbered flow steps may be changed in execution order according to the technical purpose to be achieved, as long as the same or similar technical effects are achieved.
In addition, in the description of the present invention, "a plurality" means two or more unless otherwise specified. The term "and/or" or the character "/" in this application is only one kind of association describing the associated object, and means that there may be three kinds of relationships, for example, a and/or B, or a/B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone.
The embodiment of the present application may be applied to the terminal device shown in fig. 1, and in the embodiment of the present application, the terminal device mainly refers to a mobile terminal such as a mobile phone and a tablet computer.
The terminal equipment comprises a hardware module and a computer system, wherein the hardware module mainly comprises a display module and a Touch Panel (TP), the display module is used for displaying a Trusted User Interface (TUI), and the touch panel is used for collecting information such as an account number and a password input by a User and displaying the information on the TUI through the display module.
The terminal device is provided with a computer system, the computer system is provided with a Rich Execution Environment (REE) and a Trusted Execution Environment (TEE), the REE runs a Client Application (CA), a service program and a secure zone driver (TZ driver) with low security requirement; the TEE runs a Trusted Application (TA) which needs to guarantee the security of the TEE, a TUI display module and a Driver interface (Driver interface), and provides a secure execution environment for an authorized trusted application TA. The communication between the CA and the TA is via the communication mechanism provided, just as the client and the server do.
Wherein, CA and service program belong to a part of REE side user layer; CA mainly refers to application programs of banks and other financial institutions for payment of users; the service program is used to pass the CA's commands and information to the TZ driver.
The TZ driver belongs to a part of the kernel of the REE side, and is used for configuring the hardware module to the TEE side and for transmitting the command and information of the CA sent by the service program to the TEE side, and the secure zone TZ refers to a specific zone in the ARM security system.
The TA and TUI display modules both belong to a part of the TEE side kernel layer; the TA is used for providing a safety function for the VA and controlling the TUI module to draw the TUI; the TUI module is used for drawing TUI under the control of TA; a Driver interface (Driver interface) belongs to a part of the core of the REE, and is used for driving the hardware module.
The following is a description of the operation of the terminal device.
Referring to fig. 2, fig. 2 shows a scenario of transferring payment by using a mobile phone shield, wherein the mobile phone shield is used for supporting a financial institution to realize reliable financial transaction by using a hardware-level security platform capability and meeting the trusted environment standard of a mobile payment terminal in a central bank.
In particular, the left image of fig. 2 shows an interface for CA (banking application) transfer payment, on which the function of the mobile phone shield is invoked when the user operates to transfer money; that is, the CA transmits the command to start the TUI to the TZ driver through the service program, then the TZ driver transmits the command to the TA, and finally the TA controls the TUI display (as shown in the right image of fig. 2).
After displaying the TUI, the user may enter a password in the TUI to complete the payment.
However, an attacker can forge a non-trusted user interface similar to the TUI on the REE side, thereby spoofing a password entered by the user in the non-trusted user interface.
To this end, the embodiments of the present application provide a payment method, which enables a user to pay on a trusted user interface TUI by using an entity key on a terminal device; specifically, in the case where the terminal device displays a trusted user interface TUI, the terminal device obtains a key event, and in response to the key event, the terminal device continues to complete payment.
The terminal equipment acquires the key event only under the condition that the terminal equipment displays the TUI; under the condition that the terminal equipment displays an untrusted user interface, the terminal equipment does not acquire a key event, so that even if a user presses an entity key, payment cannot be carried out on the untrusted user interface; moreover, the entity key on the terminal device has a corresponding function, so that the entity key does not have the payment function under a normal condition (which can be understood as a condition that the TUI is not displayed); for example, if an attacker forges an untrusted user interface similar to the TUI on the REE side, and the user presses the physical key at this time, the key pressing event punished by the physical key is not used for payment by the terminal device, but is only used for realizing the function of the physical key itself.
Therefore, the embodiment of the application can enable the user to pay on the TUI, thereby ensuring the payment security of the user and preventing the payment password of the user from being stolen.
In order to implement the method, in the embodiment of the present application, three modules are added to the system framework shown in fig. 1, where the three modules are a monitoring module, a conversion module, and a processing module, respectively; the monitoring module runs on a user layer at the REE side and belongs to the REE side and is used for monitoring an event of pressing an entity key; the conversion module runs on an REE side and belongs to a kernel of the REE side, and is used for transmitting a message to the processing module under the condition of monitoring an event for pressing an entity key; the processing module runs on the user layer of the REE side and is used for receiving the message transmitted by the conversion module, processing the message and transmitting the processing result to the TA, so that the TA controls the TUI to complete the payment.
It should be noted that any one of the three modules may be an independent module, or may be disposed inside other modules.
After the three modules are added, the structure of the computer system in the embodiment of the present application is as shown in fig. 3, where the REE side and the TEE side each include an application layer, a framework layer, a kernel layer, and a hardware layer.
On the REE side, the application layer comprises a CA (application program such as a bank), the framework layer comprises a service program and a monitoring module, the kernel layer comprises a TZ driver, a conversion module is deployed in the TZ driver, and the hardware layer comprises a hardware module.
On the TEE side, the application layer includes a TA (corresponding to an application program of a bank), the framework layer includes a TUI display module, a processing module is disposed in the TUI display module, the kernel layer includes a driving interface for controlling hardware, and the hardware layer includes hardware.
The following specifically describes the payment method provided in the embodiment of the present application.
An embodiment of the present application provides an embodiment of a payment method, and as shown in fig. 4 (a), the embodiment is applied to a terminal device, and includes:
and step 10, under the condition that the terminal equipment displays the credible user interface TUI, the terminal equipment acquires the key event.
Wherein the key event indicates that an entity key on the terminal device is pressed according to the target method, the TUI is used for payment.
The terminal device acquires the key event, which may also be understood as the terminal device monitoring the key event and monitoring the key event.
The trusted user interface TUI may be understood as a user interface established by the TEE, which is considered trusted since it is established by the TEE.
The type of the entity key is not specifically limited in the embodiments of the present application, for example, the entity key may be a POWER key, and may also be other entity keys such as a volume key.
Taking the power key as an example, the power key itself has functions of controlling turning off and on of the screen, and the power key also has a function of controlling payment in case of displaying the TUI.
Because the key event of the power key belongs to the system event, the key event of the power key can be obtained only by the authorization of TEE, and the event is difficult to obtain by a common application program, so that an attacker is difficult to make a forged response on an untrusted user interface according to the key event of the power key; therefore, when the entity key is the power key, the payment method of the embodiment of the application has better safety and higher safety level.
The target method is various, and this is not particularly limited in the embodiments of the present application.
As an achievable way, the target method is: the entity key is pressed for a period of time, and the period of time is greater than or equal to a first duration.
The first time period may be set according to actual needs, for example, the first time period may be 1s or 2s.
It can be understood that if the power key is pressed for too long, the terminal device is powered off; therefore, when the physical key is a power key, the time for pressing the physical key should not be too long.
As an achievable way, the target method is: and pressing the entity key for multiple times, wherein the number of times of pressing the entity key is greater than or equal to the target number of times.
The target times can be adjusted according to actual needs, and the embodiment of the application is not particularly limited to this; for example, the target number of times may be 2 or 3 times.
In a practical way, the time interval between two adjacent pressing entity keys is less than the second time length.
The second time period may be adjusted according to actual needs, which is not specifically limited in this embodiment of the present application, and for example, the second time period may be 0.5s,0.6s.
And 20, responding to the key event, and continuously completing the payment by the terminal equipment.
The process of the terminal device to continue completing payment in the embodiment of the present application is not specifically limited, and is described below by using a specific example.
Under the condition that the terminal equipment displays a credible user interface TUI, the terminal equipment acquires a key event and continuously completes payment in response to the key event, so that a user can complete payment on the TUI by pressing a physical key; under the condition that the terminal equipment displays the untrusted user interface, the terminal equipment does not acquire the key event, so that the user cannot pay in the untrusted user interface even if pressing the entity key; therefore, the user can pay on the TUI by the embodiment of the application, so that the payment safety of the user is ensured.
In addition, because the entity key has a certain function, when the terminal device displays an untrusted user interface, the user presses the entity key, and only the function of the entity key can be realized, so that the user can identify whether the user interface is authentic or untrusted according to the reaction of the terminal device after pressing the entity key.
The payment method of the embodiment of the present application is described above from the perspective of interaction between a user and a terminal device, and the internal operations performed by the terminal device to implement steps 10 and 20 are described below.
Taking the computer system shown in fig. 3 as an example, the computer system is deployed in a terminal device, and specifically includes a rich execution environment REE and a trusted execution environment TEE.
The step 10 comprises: and the terminal equipment acquires the key event through the REE.
Step 20 comprises: and responding to the key event, and continuously completing payment by the terminal equipment through cooperation of the REE and the TEE.
Specifically, as shown in fig. 3, the REE is deployed with a monitoring module and a kernel, and the TEE is deployed with a trusted application TA and a processing module;
the step 10 comprises: the terminal equipment acquires the key event through the monitoring module.
Step 20 comprises: and responding to the key event, the terminal equipment sends a first message to the kernel through the monitoring module, wherein the first message is used for instructing the kernel to inform the processing module to send a second message to the TA, and the second message is used for instructing the TA to control the TUI to continuously complete the payment.
The first message may be understood as a message for notifying the kernel that the key event has been monitored, and the content of the first message is not specifically limited in the embodiment of the present application; the content of the second message is not specifically limited in the embodiment of the present application.
In particular, the listening module may send the first message to the kernel through the secure channel, having prevented the first message from being intercepted by other applications.
For ease of understanding, the following description will be made in more detail on the basis of the computer system shown in fig. 3, and the payment method provided by the embodiment of the present application is described below.
As shown in fig. 3, the embodiment of the present application provides another embodiment of a payment method, where the embodiment is applied to a computer system in a terminal device, a rich execution environment REE and a trusted execution environment TEE are deployed on the computer system, the REE is deployed with a CA, a listening module and a kernel, the TEE is deployed with a trusted application TA and a processing module, and a conversion module is deployed in the kernel of the REE.
It should be noted that, with reference to the related descriptions of fig. 1 and fig. 3, the terminal device in the embodiment of the present application can be understood.
Based on the above terminal device, as shown in fig. 4 (b), this embodiment includes:
in step 101, the ta sends a first call request to the kernel, where the first call request is used to instruct the kernel to start the snoop module.
Based on the foregoing description, before step 101, the CA starts, and then loads the TA by calling a standard function interface; after loading the TA, the TA performs step 101.
Accordingly, the kernel receives a first call request from the TA.
It should be noted that the foregoing conversion module is a part of the kernel, and therefore, the kernel is taken as an example for description in the embodiment of the present application; in particular, a first call request may be received by a translation module in a kernel.
Step 102, based on the first call request, the kernel starts a monitoring module.
After the monitoring module is started, the monitoring module enters a monitoring state to monitor the key events in the following text.
It should be noted that, when the conversion module is deployed in the kernel as an independent module, the kernel also starts the conversion module based on the first call request.
The conversion module is used for converting the message from the monitoring module and sending the converted module to the processing module at the TEE side.
And 103, monitoring the key event by the monitoring module under the condition that the terminal equipment displays the credible user interface TUI.
It should be noted that, since the physical key itself has a certain function, in order not to affect the use of the physical key at ordinary times, the monitoring module monitors the key event only when the terminal device displays the TUI.
Based on this, the TA also controls the TUI to be displayed on the terminal device before step 103.
Step 104, based on the key event, the monitoring module sends a first message to the kernel.
Accordingly, the kernel receives a first message from the snoop module.
Step 105, in response to the first message, the kernel sends a third message to the processing module.
Wherein the third message is used to instruct the processing module to send a second message to the TA, the second message being used to instruct the TA to control the TUI to complete the payment.
The content of the third message is not specifically limited in the embodiment of the present application.
Accordingly, the processing module receives a third message from the core.
In response to the third message, the processing module sends a second message to the TA, step 106.
Accordingly, the TA receives a second message from the processing module.
In response to the second message, the TA controls the TUI to continue to complete the payment, step 107.
It should be noted that there are various methods for controlling the TUI by the TA, and the embodiment of the present application is not limited to this specifically, which is described in detail below.
As one way of accomplishing this, step 107 comprises:
in response to the second message, the TA controls the TUI to display a prompt message for prompting the user that the TUI is safe for the user to operate on to complete the payment.
The prompt may be displayed at a certain corner of the TUI, or in the form of a pop-up window.
The content of the prompt message may be various, and this is not specifically limited in the embodiment of the present application; for example, the content of the hint information may be: the interface is safe; the content of the prompt message may be: please enter the password.
The implementation mode application scenario can be as follows: as shown in fig. 5, the TA controls the terminal device to display the TUI, but the user has not yet input the payment password at this time; after displaying the prompt (interface secure), the user may confirm that the current TUI is secure and then enter a payment password to complete the payment.
It should be noted that the application scenario is a scenario in which a user needs to input a payment password, and the embodiment of the present application may also be applied to a scenario in which a password is not paid; specifically, in the scenario of secret-free payment, the user does not need to input a payment password, and after the prompt information (interface security) is displayed, the user can directly click and confirm to complete the payment.
As another way of accomplishing this, step 107 comprises:
the TA determines the second message as a message for confirming payment by the user;
the TA controls the TUI jump to complete the payment based on the message confirming the payment.
The implementation mode application scenario can be as follows: as shown in fig. 6, when the user has entered the payment password but has not clicked the button for confirming payment in the TUI, the TA may determine the second message as a message for confirming payment by the user (i.e., equivalent to clicking the confirmation button in fig. 6), without the user having clicked the button for confirming payment in the TUI; the TA may then control the TUI jump to complete the payment, e.g., may control the TUI jump to the CA interface.
It should be noted that the application scenario is a scenario in which a user needs to input a payment password, and the embodiment of the present application may also be applied to a scenario in which a password is not paid; specifically, in the scenario of password-free payment, the user does not need to input a payment password, and as long as the TA receives the second message, the TA will use the second message as a message for confirming payment by the user, and control the TUI to jump.
And step 108, the TA sends an exit request to the kernel, wherein the exit request is used for indicating the kernel to control the monitoring module to stop running.
Accordingly, the kernel receives an exit request from the TA.
And step 109, based on the received quit request, the kernel controls the monitoring module to stop running.
It can be understood that after the payment is completed, there is no need to monitor the key pressing event, and the physical key itself has the corresponding function, so as not to affect the use of the function of the physical key itself, the TA can control the monitoring module to stop running through the exit request.
After the listening module stops running, the TA may also send an end message to the CA to end the entire payment process.
As shown in fig. 7, an embodiment of the present application further provides a first embodiment of a computer system, where the payment apparatus is applied to a terminal device, and the computer system includes:
an obtaining unit 201, configured to obtain a key event indicating that an entity key on a terminal device is pressed according to a target method, in a case where the terminal device displays a trusted user interface TUI for payment;
and a payment unit 202 for continuing to complete payment in response to the key event.
In one implementation, the physical key is a power key.
As an achievable way, the target method is: the entity key is pressed for a period of time, and the period of time is greater than or equal to a first duration.
As an achievable way, the target method is: and pressing the entity key for multiple times, wherein the number of times of pressing the entity key is greater than or equal to the target number of times.
In a practical way, the time interval between two adjacent pressing entity keys is less than the second time length.
As an implementation manner, a rich execution environment REE and a trusted execution environment TEE are deployed on the terminal device, and the obtaining unit 201 is configured to obtain a key event through the REE; and the payment unit 202 is used for responding to the key event, and the terminal equipment continuously completes payment through the cooperation of the REE and the TEE.
As an implementable mode, the REE is deployed with a monitoring module and a kernel, and the TEE is deployed with a trusted application program (TA) and a processing module; an obtaining unit 201, configured to obtain a key event through a monitoring module; the payment unit 202 is configured to send, in response to the key event, a first message to the kernel through the monitoring module, where the first message is used to instruct the kernel to notify the processing module to send a second message to the TA, and the second message is used to instruct the TA to control the TUI to complete payment.
As an implementable manner, the payment unit 202 is configured to receive, through the kernel, a first message from the listening module; and responding to the first message, and sending a third message to the processing module through the kernel, wherein the third message is used for instructing the processing module to send a second message to the TA.
As an implementable manner, the payment apparatus further comprises: the management unit 203 is configured to receive a first call request from the TA through the kernel; and starting the monitoring module through the kernel based on the first calling request.
As an implementable manner, the management unit 203 is further configured to receive, by the kernel, an exit request from the TA; and controlling the monitoring module to stop running through the kernel based on the received quit request.
As an implementable manner, the payment unit 202 is configured to receive, by the processing module, a third message from the kernel; in response to the third message, a second message is sent to the TA by the processing module.
As an implementable manner, the payment unit 202 is configured to receive a second message from the processing module through the TA; in response to the second message, the payment is continued through the TA control TUI.
As an implementable manner, the payment unit 202 is configured to control the TUI to display a prompt message for prompting the user that the TUI is safe, in response to the second message, so that the user completes the payment on the TUI.
As an implementable manner, the payment unit 202 is configured to determine the second message as a message confirming payment by the user through the TA; based on the message confirming payment, the TUI jumps are controlled by the TA to complete the payment.
As an implementation manner, the management unit 203 is further configured to send a first call request to the kernel through the TA, where the first call request is used to instruct the kernel to start the snoop module.
As an implementable manner, the management unit 203 is further configured to send an exit request to the kernel through the TA, where the exit request is used to instruct the kernel to control the snoop module to stop running.
For the specific implementation, related descriptions, and technical effects of each module in the computer system, please refer to the description of the method portion in the embodiment of the present application.
The present application also provides a non-transitory computer-readable storage medium containing computer instructions that, when executed by a computer, can implement the payment method in the above embodiments.
Fig. 8 is a schematic structural diagram of a computer system according to this embodiment. The computer system may be a terminal device (alternatively referred to as a smart terminal) or a server. As shown, the computer system includes a communication module 810, a sensor 820, a user input module 830, an output module 840, a processor 850, an audio-visual input module 860, a memory 870, and a power supply 880.
The communications module 810 may include at least one module that enables communications between the computer system and a communications system or other computer system. For example, the communication module 810 may include one or more of a wired network interface, a broadcast receiving module, a mobile communication module, a wireless internet module, a local area communication module, and a location (or position) information module, etc. The various modules are implemented in various ways in the prior art, and are not described in the application.
The sensors 820 may sense a current state of the system, such as an open/closed state, a position, whether there is contact with a user, a direction, and acceleration/deceleration, and the sensors 820 may generate sensing signals for controlling the operation of the system.
The user input module 830 is used for receiving input digital information, character information, or contact touch operation/non-contact gesture, and receiving signal input related to user setting and function control of the system, and the like. The user input module 830 includes a touch panel and/or other input devices.
The output module 840 includes a display panel for displaying information input by a user, information provided to the user, various menu interfaces of a system, and the like. Alternatively, the display panel may be configured in the form of a Liquid Crystal Display (LCD), an organic light-emitting diode (OLED), or the like. In other embodiments, the touch panel can be overlaid on the display panel to form a touch display screen. In addition, the output module 840 may further include an audio output module, an alarm, a haptic module, and the like.
And an audio and video input module 860 for inputting an audio signal or a video signal. The audio video input module 860 may include a camera and a microphone.
The power supply 880 may receive external power and internal power under the control of the processor 850 and provide power required for the operation of the various components of the system.
Processor 850 includes one or more processors, for example, processor 850 may include a central processor and a graphics processor. The central processing unit has a plurality of cores in the present application, and belongs to a multi-core processor. The multiple cores may be integrated on the same chip or may be independent chips.
The memory 870 stores computer programs including an operating system 872 and application programs 871, among others. Typical operating systems are those for desktop or notebook computers, such as Windows from microsoft corporation, macOS from apple corporation, and the like, and for mobile terminals, such as the android based system developed by *** corporation. The method provided by the foregoing embodiment may be implemented by software, which may be considered as a specific implementation of the operating system 872. The memory 870 may be one or more of the following types: flash (flash) memory, hard disk type memory, micro multimedia card type memory, card type memory (e.g., SD or XD memory), random Access Memory (RAM), static Random Access Memory (SRAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), programmable Read Only Memory (PROM), rollback Protected Memory Block (RPMB), magnetic memory, magnetic disk, or optical disk. In other embodiments, the memory 870 may also be a network storage device on the internet, and the system may perform operations such as updating or reading the memory 870 on the internet.
The processor 850 is operable to read the computer programs in the memory 870 and then execute the computer program defined methods, such as the processor 850 reading the operating system 872 to run the operating system and implement various functions of the operating system on the system or reading the one or more application programs 871 to run applications on the system.
The memory 870 also stores other data 873 in addition to computer programs.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

Claims (11)

1. A payment method is applied to a terminal device and comprises the following steps:
under the condition that the terminal equipment displays a credible user interface TUI, the terminal equipment acquires a key event, wherein the key event indicates that an entity key on the terminal equipment is pressed according to a target method, and the TUI is used for payment;
and responding to the key event, and the terminal equipment continues to finish the payment.
2. A payment method as recited in claim 1, wherein the physical key is a power key.
3. A payment method as claimed in claim 1 or 2, wherein the target method is: and pressing the entity key for a period of time which is greater than or equal to a first duration.
4. A payment method as claimed in claim 1 or 2, wherein the target method is: and pressing the entity key for multiple times, wherein the number of times of pressing the entity key is more than or equal to the target number of times.
5. A payment method as claimed in claim 4, wherein the time interval between two adjacent presses of the physical key is less than a second duration.
6. A payment method as claimed in any one of claims 1 to 5, wherein the terminal device is deployed with a rich execution environment REE and a trusted execution environment TEE,
the step of the terminal device acquiring the key event comprises the following steps: the terminal equipment acquires the key event through the REE;
the responding to the key event, the terminal equipment continuing to complete the payment comprises the following steps: and responding to the key event, and the terminal equipment continuously completes the payment through the cooperation of the REE and the TEE.
7. The payment method of claim 6 wherein the REE is deployed with a listening module and a kernel, the TEE is deployed with a trusted application TA and a processing module;
the step that the terminal device monitors the key event through the REE comprises the following steps: the terminal equipment acquires the key event through the monitoring module;
the response to the key event, the terminal equipment continuously completing the payment through the cooperation of the REE and the TEE comprises the following steps: and responding to the key event, the terminal equipment sends a first message to the kernel through the monitoring module, the first message is used for indicating the kernel to inform the processing module to send a second message to the TA, and the second message is used for indicating the TA to control the TUI to continuously complete the payment.
8. A payment device, which is applied to a terminal device, includes:
the terminal equipment comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is deployed in a Trusted Execution Environment (TEE) and is used for acquiring a key event under the condition that the terminal equipment displays a Trusted User Interface (TUI), the key event indicates that an entity key on the terminal equipment is pressed down according to a target method, and the TUI is used for payment;
and the payment unit is used for responding to the key event and continuously completing the payment.
9. A terminal device comprising a memory and a processor, wherein the memory is configured to store computer readable instructions; the processor is configured to read the computer readable instructions and implement the method of any one of claims 1-7.
10. A computer storage medium having computer readable instructions stored thereon which, when executed by a processor, implement the method of any one of claims 1-7.
11. A computer program product comprising computer readable instructions which, when executed by a processor, implement the method of any one of claims 1 to 7.
CN202110852182.5A 2021-07-27 2021-07-27 Payment method and device and terminal equipment Pending CN115689553A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202110852182.5A CN115689553A (en) 2021-07-27 2021-07-27 Payment method and device and terminal equipment
PCT/CN2022/106187 WO2023005705A1 (en) 2021-07-27 2022-07-18 Payment method, apparatus and terminal device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110852182.5A CN115689553A (en) 2021-07-27 2021-07-27 Payment method and device and terminal equipment

Publications (1)

Publication Number Publication Date
CN115689553A true CN115689553A (en) 2023-02-03

Family

ID=85059342

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110852182.5A Pending CN115689553A (en) 2021-07-27 2021-07-27 Payment method and device and terminal equipment

Country Status (2)

Country Link
CN (1) CN115689553A (en)
WO (1) WO2023005705A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112862497A (en) * 2021-02-01 2021-05-28 ***股份有限公司 Information processing method and device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110059500A (en) * 2015-11-30 2019-07-26 华为技术有限公司 User interface switching method and terminal
CN106896996B (en) * 2015-12-21 2020-05-05 阿里巴巴集团控股有限公司 Information image display method and device
CN106293461B (en) * 2016-08-04 2018-02-27 腾讯科技(深圳)有限公司 Button processing method and terminal and server in a kind of interactive application
CN107632758A (en) * 2017-08-09 2018-01-26 珠海市魅族科技有限公司 A kind of quick payment method, apparatus, computer installation and computer-readable recording medium
CN112862497A (en) * 2021-02-01 2021-05-28 ***股份有限公司 Information processing method and device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112862497A (en) * 2021-02-01 2021-05-28 ***股份有限公司 Information processing method and device

Also Published As

Publication number Publication date
WO2023005705A1 (en) 2023-02-02

Similar Documents

Publication Publication Date Title
US11874903B2 (en) User interface switching method and terminal
EP3611606B1 (en) Notification processing method and electronic device
JP6997343B2 (en) How to quickly open an application or application function, and a terminal
US10719689B2 (en) Electronic device and fingerprint recognition method
US11232339B2 (en) Handheld electronic device capable of magnetic field communication and payment method using the same
EP3614250A1 (en) Data processing method and electronic device
CN104978180B (en) Unprocessed event prompting method and device and mobile terminal
US20160301530A1 (en) Sensitive operation verification method, apparatus, and system
CN105160217A (en) Application control method for intelligent watch and intelligent watch
CN112306325B (en) Interaction control method and device
CN111866885A (en) Verification information sharing method and device and electronic equipment
CN111859357A (en) Login method and device and electronic equipment
CN112764563A (en) Multi-screen control method, device and system, electronic equipment and storage medium
CN113726943A (en) Control method and electronic device
CN107562356B (en) Fingerprint identification positioning method and device, storage medium and electronic equipment
CN103812996A (en) Information prompting method and apparatus, and terminal
CN111656347A (en) Project display method and terminal
WO2023005705A1 (en) Payment method, apparatus and terminal device
CN112422735B (en) Information prompting method and device
CN107819938A (en) Footmark collocation method, device, mobile terminal and server
CN111913773A (en) NFC card control method, NFC card control device and electronic equipment
CN115577724A (en) Card reading method and device, electronic equipment and readable storage medium
CN106778297B (en) Application program running method and device and mobile terminal
CN115086935A (en) Information acquisition method and device and electronic equipment
CN113965640A (en) Message processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination