WO2016161968A1 - Equipment for security information interaction - Google Patents

Equipment for security information interaction Download PDF

Info

Publication number
WO2016161968A1
WO2016161968A1 PCT/CN2016/078826 CN2016078826W WO2016161968A1 WO 2016161968 A1 WO2016161968 A1 WO 2016161968A1 CN 2016078826 W CN2016078826 W CN 2016078826W WO 2016161968 A1 WO2016161968 A1 WO 2016161968A1
Authority
WO
WIPO (PCT)
Prior art keywords
trusted application
application
trusted
system management
information interaction
Prior art date
Application number
PCT/CN2016/078826
Other languages
French (fr)
Chinese (zh)
Inventor
李定洲
郭伟
周钰
Original Assignee
***股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ***股份有限公司 filed Critical ***股份有限公司
Publication of WO2016161968A1 publication Critical patent/WO2016161968A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks

Definitions

  • the present invention relates to an apparatus for information interaction, and more particularly to an apparatus for security information interaction.
  • the first system management device provides an operating environment for a conventional application
  • the second system management device is a security application. Provides an operating environment in secure mode to perform security information interaction processes.
  • the above prior art solutions have the following problems: since the security application is usually provided by the client application (which runs on the first system management device (for example, a conventional multimedia operating system), provides an operation interface for the user) and the trusted application. (It runs on the second system management device (for example, a secure operating system based on a trusted execution environment) to perform security operations), so it is usually deployed in a packaged manner by embedding the trusted application in the client application.
  • the second system management device for example, a secure operating system based on a trusted execution environment
  • the present invention proposes an apparatus for security information interaction that is convenient, fast, low cost, and has a good compatibility and maintainability application management mechanism.
  • An apparatus for security information interaction comprising a first system management apparatus and a second system management apparatus, wherein the first system management apparatus provides an operating environment for a client application
  • the second system management device provides an operating environment in a secure mode for the trusted application associated with the client application to perform a security information interaction process, and wherein the client application is triggered when it is installed The installation of the trusted application with which it is associated.
  • the first system management apparatus further includes a client application installer capable of downloading and installing the required client from the client application server based on the user instruction.
  • An application, and the client application installer triggers an installation operation of a trusted application associated therewith after the client application installation is completed.
  • the client application installer triggers an installation operation of the trusted application associated with the client application after the installation of the client application is completed in the following manner: (1) from the installed Detecting and obtaining the associated trusted application configuration information in the client application, and then transmitting the associated trusted application configuration information to the second system management device to trigger an installation operation of the related trusted application, wherein the The associated trusted application configuration information is pre-set in the client application, which includes download address information of the trusted application associated with the client application and an identifier of the trusted application; (2) calling the A data communication interface between the first system management device and the second system management device sends a trusted application installation request to the second system management device to trigger an installation operation of the related trusted application, wherein the trusted The application installation request contains a globally unique identifier of the trusted application associated with the client application.
  • the second system management apparatus includes a trusted application management unit, and the trusted application management unit is based on the received associated trusted application configuration from the client application installer.
  • the installation operation of the related trusted application is performed by the information or the trusted application installation request.
  • the trusted application management unit parses the associated trusted application configuration information to obtain a target trusted application to be installed.
  • the address information and the identifier are downloaded, and a connection is established with the trusted application server indicated by the download address information to find, download, and install the target trusted application based on the identifier.
  • the trusted application management unit After receiving the trusted application installation request, Determining, by the trusted application management unit, the trusted application installation request to obtain an identifier of the target trusted application to be installed, and then detecting, based on the identifier, whether the target trusted application is installed and running in the first And on the second system management device, and if the target trusted application is not installed, establishing a connection with a preset trusted application server and searching, downloading, and installing the target trusted application based on the identifier.
  • the predetermined trusted application server is pre-configured by a trusted application manager with a specified IP address.
  • the trusted application management unit is capable of independently managing, updating, and maintaining the installed trusted application.
  • the resources used by the second system management device are isolated from resources used by the first system management device.
  • the device for security information interaction disclosed by the invention has the following advantages: the installation operation of the trusted application is convenient and fast, the cost is low, and the management mechanism of the trusted application has good compatibility and maintainability.
  • FIG. 1 is a schematic structural diagram of an apparatus for security information interaction according to an embodiment of the present invention.
  • the apparatus for security information interaction disclosed by the present invention includes a first system management apparatus 1 and a second system management apparatus 2.
  • the first system management device 1 (for example, a conventional multimedia operating system) provides an operating environment for the client application.
  • the second system management apparatus 2 provides a running environment in a secure mode for performing a trusted application associated with the client application (ie, an application requiring high security, such as a payment application in a financial field) to execute Security information interaction process. Wherein the installation of the trusted application associated therewith is triggered when the client application is installed.
  • the first system management apparatus 1 further includes a client application installer 3 capable of retrieving from a client based on a user instruction
  • the end application server downloads and installs the required client application, and the client application installer 3 triggers the installation operation of the trusted application associated therewith after the client application installation is completed.
  • the client application installer 3 triggers the trusted application associated with the client application after the installation of the client application is completed in one of the following manners.
  • the installation operation is: (1) detecting and acquiring the associated trusted application configuration information from the installed client application, and then transmitting the associated trusted application configuration information to the second system management device 2 to trigger the relevant An installation operation of a letter application, wherein the associated trusted application configuration information is pre-set in the client application (eg, an application design or management personnel) that includes a trusted application associated with the client application Downloading address information and an identifier (ID) of the trusted application; (2) invoking a data communication interface (API) between the first system management device 1 and the second system management device 2 to the second
  • the system management device 2 sends a trusted application installation request to trigger an installation operation of the associated trusted application, wherein the trusted application installation request includes a globally unique application of the trusted application associated with the client application An identifier (ID).
  • the second system management apparatus 2 includes a trusted application management unit 4, and the trusted application management unit 4 is based on the received from the The client application installer 3 associates the trusted application configuration information or the trusted application installation request to perform the installation operation of the related trusted application.
  • the trusted application management unit 4 parses the associated trusted application configuration information to Obtaining download address information and an identifier of the target trusted application to be installed, and then establishing a connection with the trusted application server indicated by the download address information to find, download, and install the target trusted application based on the identifier .
  • the trusted application management unit 4 parses the trusted application installation request to obtain An identifier of the installed target trusted application, and then detecting, based on the identifier, whether the target trusted application is installed and running on the second system management device 2, and if the target is trusted If the application is not installed, a connection is established with a predetermined trusted application server and the target trusted application is searched for, downloaded and installed based on the identifier.
  • the pre-set trusted application server is pre-configured by a trusted application manager with a specified IP address.
  • the trusted application management unit 4 is capable of independently managing, updating, and maintaining the installed trusted application.
  • the resource used by the second system management device 2 and the resource used by the first system management device 1 (through a hardware mechanism or a software mechanism) Way) is isolated.
  • the device for security information interaction disclosed in the present invention has the following advantages: the installation operation of the trusted application is convenient and fast, the cost is low, and the management mechanism of the trusted application has good compatibility and maintainability. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Stored Programmes (AREA)

Abstract

Provided is an equipment for security information interaction. The equipment for security information interaction comprises a first system management device and a second system management device, wherein the first system management device provides an operating environment for a client application, the second system management device provides an operating environment under a secure mode for a trustworthy application associated with the client application, so as to execute a security information interaction process, and wherein when the client application is installed, the installation of the trustworthy application associated with the client application is triggered. The equipment for security information interaction disclosed by the present invention is convenient and efficient, has low cost and has a good compatible and maintainable application management mechanism. (FIG. 1)

Description

用于安全性信息交互的设备Device for security information interaction 技术领域Technical field
本发明涉及用于信息交互的设备,更具体地,涉及用于安全性信息交互的设备。The present invention relates to an apparatus for information interaction, and more particularly to an apparatus for security information interaction.
背景技术Background technique
目前,随着计算机和网络应用的日益广泛以及不同领域的业务种类的日益丰富,用于安全性信息交互(即对安全性要求较高的信息交互,例如金融领域中的交易处理过程)的设备(尤其是基于移动终端的安全性信息交互设备)变得越来越重要。At present, with the increasing popularity of computers and network applications and the growing variety of services in different fields, devices for security information interaction (ie, information interaction with high security requirements, such as transaction processing in the financial field) (especially based on mobile terminal security information interaction devices) is becoming more and more important.
在现有的技术方案中,为了提高信息交互设备的安全性,典型地在其中采用两个***管理装置,第一***管理装置为常规的应用提供运行环境,第二***管理装置为安全性应用提供安全模式下的运行环境,以执行安全性信息交互过程。In the prior art solution, in order to improve the security of the information interaction device, two system management devices are typically employed therein, the first system management device provides an operating environment for a conventional application, and the second system management device is a security application. Provides an operating environment in secure mode to perform security information interaction processes.
然而,上述现有的技术方案存在如下问题:由于安全性应用通常由客户端应用(其运行于第一***管理装置(例如常规的多媒体操作***)上,为用户提供操作接口)和可信应用(其运行于第二***管理装置(例如基于可信执行环境的安全操作***)上,以执行安全操作)组成,故通常采用将可信应用嵌入客户端应用内以打包的方式发布,然而,该方式需要改变常规的应用发布模式以及应用发布平台,并且无法实现安全环境下的可信应用的独立安装和升级。However, the above prior art solutions have the following problems: since the security application is usually provided by the client application (which runs on the first system management device (for example, a conventional multimedia operating system), provides an operation interface for the user) and the trusted application. (It runs on the second system management device (for example, a secure operating system based on a trusted execution environment) to perform security operations), so it is usually deployed in a packaged manner by embedding the trusted application in the client application. However, This approach requires changes to the regular application publishing model as well as the application publishing platform, and the independent installation and upgrade of trusted applications in a secure environment cannot be achieved.
因此,存在如下需求:提供方便快捷、成本较低并且具有良好的兼容性的和可维护性的应用管理机制的用于安全性信息交互的设备。Therefore, there is a need for a device for security information interaction that is convenient, low cost, and has a good compatibility and maintainable application management mechanism.
发明内容Summary of the invention
为了解决上述现有技术方案所存在的问题,本发明提出了方便快捷、成本较低并且具有良好的兼容性的和可维护性的应用管理机制的用于安全性信息交互的设备。 In order to solve the problems of the above prior art solutions, the present invention proposes an apparatus for security information interaction that is convenient, fast, low cost, and has a good compatibility and maintainability application management mechanism.
本发明的目的是通过以下技术方案实现的:The object of the invention is achieved by the following technical solutions:
一种用于安全性信息交互的设备,所述用于安全性信息交互的设备包括第一***管理装置和第二***管理装置,其中,所述第一***管理装置为客户端应用提供运行环境,所述第二***管理装置为与所述客户端应用相关联的可信应用提供安全模式下的运行环境,以执行安全性信息交互过程,并且其中,当所述客户端应用被安装时触发与其相关联的所述可信应用的安装。An apparatus for security information interaction, the apparatus for security information interaction comprising a first system management apparatus and a second system management apparatus, wherein the first system management apparatus provides an operating environment for a client application The second system management device provides an operating environment in a secure mode for the trusted application associated with the client application to perform a security information interaction process, and wherein the client application is triggered when it is installed The installation of the trusted application with which it is associated.
在上面所公开的方案中,优选地,所述第一***管理装置进一步包括客户端应用安装器,所述客户端应用安装器能够基于用户指令从客户端应用服务器下载并安装所需的客户端应用,并且所述客户端应用安装器在所述客户端应用安装完成后触发与其相关联的可信应用的安装操作。In the solution disclosed above, preferably, the first system management apparatus further includes a client application installer capable of downloading and installing the required client from the client application server based on the user instruction. An application, and the client application installer triggers an installation operation of a trusted application associated therewith after the client application installation is completed.
在上面所公开的方案中,优选地,所述客户端应用安装器在所述客户端应用安装完成后以如下方式之一触发与其相关联的可信应用的安装操作:(1)从已安装的客户端应用中检测并获取关联可信应用配置信息,随之将所述关联可信应用配置信息传递到所述第二***管理装置以触发相关的可信应用的安装操作,其中,所述关联可信应用配置信息被预先设定在所述客户端应用中,其包含与该客户端应用相关联的可信应用的下载地址信息以及该可信应用的标识符;(2)调用所述第一***管理装置和所述第二***管理装置之间的数据通信接口向所述第二***管理装置发送可信应用安装请求以触发相关的可信应用的安装操作,其中,所述可信应用安装请求包含与该客户端应用相关联的可信应用的全局唯一标识符。In the solution disclosed above, preferably, the client application installer triggers an installation operation of the trusted application associated with the client application after the installation of the client application is completed in the following manner: (1) from the installed Detecting and obtaining the associated trusted application configuration information in the client application, and then transmitting the associated trusted application configuration information to the second system management device to trigger an installation operation of the related trusted application, wherein the The associated trusted application configuration information is pre-set in the client application, which includes download address information of the trusted application associated with the client application and an identifier of the trusted application; (2) calling the A data communication interface between the first system management device and the second system management device sends a trusted application installation request to the second system management device to trigger an installation operation of the related trusted application, wherein the trusted The application installation request contains a globally unique identifier of the trusted application associated with the client application.
在上面所公开的方案中,优选地,所述第二***管理装置包括可信应用管理单元,所述可信应用管理单元基于接收到的来自所述客户端应用安装器的关联可信应用配置信息或者可信应用安装请求而执行相关的可信应用的安装操作。In the solution disclosed above, preferably, the second system management apparatus includes a trusted application management unit, and the trusted application management unit is based on the received associated trusted application configuration from the client application installer. The installation operation of the related trusted application is performed by the information or the trusted application installation request.
在上面所公开的方案中,优选地,当接收到所述关联可信应用配置信息后,所述可信应用管理单元解析所述关联可信应用配置信息以获取待安装的目标可信应用的下载地址信息和标识符,并随之与所述下载地址信息指示的可信应用服务器建立连接以基于所述标识符查找、下载并安装所述目标可信应用。In the solution disclosed above, preferably, after receiving the associated trusted application configuration information, the trusted application management unit parses the associated trusted application configuration information to obtain a target trusted application to be installed. The address information and the identifier are downloaded, and a connection is established with the trusted application server indicated by the download address information to find, download, and install the target trusted application based on the identifier.
在上面所公开的方案中,优选地,当接收到所述可信应用安装请求后,所 述可信应用管理单元解析所述可信应用安装请求以获取待安装的目标可信应用的标识符,随之基于所述标识符检测所述目标可信应用是否已安装并运行在所述第二***管理装置上,并且如果所述目标可信应用没有被安装,则与预先设定的可信应用服务器建立连接并基于所述标识符查找、下载并安装所述目标可信应用。In the solution disclosed above, preferably, after receiving the trusted application installation request, Determining, by the trusted application management unit, the trusted application installation request to obtain an identifier of the target trusted application to be installed, and then detecting, based on the identifier, whether the target trusted application is installed and running in the first And on the second system management device, and if the target trusted application is not installed, establishing a connection with a preset trusted application server and searching, downloading, and installing the target trusted application based on the identifier.
在上面所公开的方案中,优选地,所述预先设定的可信应用服务器由可信应用管理者预先配置,其具有指定的IP地址。In the solution disclosed above, preferably, the predetermined trusted application server is pre-configured by a trusted application manager with a specified IP address.
在上面所公开的方案中,优选地,所述可信应用管理单元能够独立地管理、更新和维护已安装的可信应用。In the solution disclosed above, preferably, the trusted application management unit is capable of independently managing, updating, and maintaining the installed trusted application.
在上面所公开的方案中,优选地,所述第二***管理装置使用的资源与所述第一***管理装置使用的资源相隔离。In the solution disclosed above, preferably, the resources used by the second system management device are isolated from resources used by the first system management device.
本发明所公开的用于安全性信息交互的设备具有下列优点:可信应用的安装操作方便快捷,成本较低,并且可信应用的管理机制具有良好的兼容性和可维护性。The device for security information interaction disclosed by the invention has the following advantages: the installation operation of the trusted application is convenient and fast, the cost is low, and the management mechanism of the trusted application has good compatibility and maintainability.
附图说明DRAWINGS
结合附图,本发明的技术特征以及优点将会被本领域技术人员更好地理解,其中:The technical features and advantages of the present invention will be better understood by those skilled in the art, in which:
图1是根据本发明的实施例的用于安全性信息交互的设备的示意性结构图。1 is a schematic structural diagram of an apparatus for security information interaction according to an embodiment of the present invention.
具体实施方式detailed description
图1是根据本发明的实施例的用于安全性信息交互的设备的示意性结构图。如图1所示,本发明所公开的用于安全性信息交互的设备包括第一***管理装置1和第二***管理装置2。其中,所述第一***管理装置1(例如常规的多媒体操作***)为客户端应用提供运行环境。所述第二***管理装置2为与所述客户端应用相关联的可信应用(即对安全性要求较高的应用,例如金融领域中的支付应用)提供安全模式下的运行环境,以执行安全性信息交互过程。其中,当所述客户端应用被安装时触发与其相关联的所述可信应用的安装。 1 is a schematic structural diagram of an apparatus for security information interaction according to an embodiment of the present invention. As shown in FIG. 1, the apparatus for security information interaction disclosed by the present invention includes a first system management apparatus 1 and a second system management apparatus 2. The first system management device 1 (for example, a conventional multimedia operating system) provides an operating environment for the client application. The second system management apparatus 2 provides a running environment in a secure mode for performing a trusted application associated with the client application (ie, an application requiring high security, such as a payment application in a financial field) to execute Security information interaction process. Wherein the installation of the trusted application associated therewith is triggered when the client application is installed.
优选地,在本发明所公开的用于安全性信息交互的设备中,所述第一***管理装置1进一步包括客户端应用安装器3,所述客户端应用安装器3能够基于用户指令从客户端应用服务器下载并安装所需的客户端应用,并且所述客户端应用安装器3在所述客户端应用安装完成后触发与其相关联的可信应用的安装操作。Preferably, in the apparatus for security information interaction disclosed by the present invention, the first system management apparatus 1 further includes a client application installer 3 capable of retrieving from a client based on a user instruction The end application server downloads and installs the required client application, and the client application installer 3 triggers the installation operation of the trusted application associated therewith after the client application installation is completed.
优选地,在本发明所公开的用于安全性信息交互的设备中,所述客户端应用安装器3在所述客户端应用安装完成后以如下方式之一触发与其相关联的可信应用的安装操作:(1)从已安装的客户端应用中检测并获取关联可信应用配置信息,随之将所述关联可信应用配置信息传递到所述第二***管理装置2以触发相关的可信应用的安装操作,其中,所述关联可信应用配置信息被(例如应用设计或管理人员)预先设定在所述客户端应用中,其包含与该客户端应用相关联的可信应用的下载地址信息以及该可信应用的标识符(ID);(2)调用所述第一***管理装置1和所述第二***管理装置2之间的数据通信接口(API)向所述第二***管理装置2发送可信应用安装请求以触发相关的可信应用的安装操作,其中,所述可信应用安装请求包含与该客户端应用相关联的可信应用的全局唯一标识符(ID)。Preferably, in the device for security information interaction disclosed by the present invention, the client application installer 3 triggers the trusted application associated with the client application after the installation of the client application is completed in one of the following manners. The installation operation is: (1) detecting and acquiring the associated trusted application configuration information from the installed client application, and then transmitting the associated trusted application configuration information to the second system management device 2 to trigger the relevant An installation operation of a letter application, wherein the associated trusted application configuration information is pre-set in the client application (eg, an application design or management personnel) that includes a trusted application associated with the client application Downloading address information and an identifier (ID) of the trusted application; (2) invoking a data communication interface (API) between the first system management device 1 and the second system management device 2 to the second The system management device 2 sends a trusted application installation request to trigger an installation operation of the associated trusted application, wherein the trusted application installation request includes a globally unique application of the trusted application associated with the client application An identifier (ID).
优选地,在本发明所公开的用于安全性信息交互的设备中,所述第二***管理装置2包括可信应用管理单元4,所述可信应用管理单元4基于接收到的来自所述客户端应用安装器3的关联可信应用配置信息或者可信应用安装请求而执行相关的可信应用的安装操作。Preferably, in the apparatus for security information interaction disclosed by the present invention, the second system management apparatus 2 includes a trusted application management unit 4, and the trusted application management unit 4 is based on the received from the The client application installer 3 associates the trusted application configuration information or the trusted application installation request to perform the installation operation of the related trusted application.
优选地,在本发明所公开的用于安全性信息交互的设备中,当接收到所述关联可信应用配置信息后,所述可信应用管理单元4解析所述关联可信应用配置信息以获取待安装的目标可信应用的下载地址信息和标识符,并随之与所述下载地址信息指示的可信应用服务器建立连接以基于所述标识符查找、下载并安装所述目标可信应用。Preferably, in the device for security information interaction disclosed in the present disclosure, after receiving the associated trusted application configuration information, the trusted application management unit 4 parses the associated trusted application configuration information to Obtaining download address information and an identifier of the target trusted application to be installed, and then establishing a connection with the trusted application server indicated by the download address information to find, download, and install the target trusted application based on the identifier .
优选地,在本发明所公开的用于安全性信息交互的设备中,当接收到所述可信应用安装请求后,所述可信应用管理单元4解析所述可信应用安装请求以获取待安装的目标可信应用的标识符,随之基于所述标识符检测所述目标可信应用是否已安装并运行在所述第二***管理装置2上,并且如果所述目标可信 应用没有被安装,则与预先设定的可信应用服务器建立连接并基于所述标识符查找、下载并安装所述目标可信应用。Preferably, in the device for security information interaction disclosed in the present disclosure, after receiving the trusted application installation request, the trusted application management unit 4 parses the trusted application installation request to obtain An identifier of the installed target trusted application, and then detecting, based on the identifier, whether the target trusted application is installed and running on the second system management device 2, and if the target is trusted If the application is not installed, a connection is established with a predetermined trusted application server and the target trusted application is searched for, downloaded and installed based on the identifier.
优选地,在本发明所公开的用于安全性信息交互的设备中,所述预先设定的可信应用服务器由可信应用管理者预先配置,其具有指定的IP地址。Preferably, in the device for security information interaction disclosed in the present invention, the pre-set trusted application server is pre-configured by a trusted application manager with a specified IP address.
优选地,在本发明所公开的用于安全性信息交互的设备中,所述可信应用管理单元4能够独立地管理、更新和维护已安装的可信应用。Preferably, in the device for security information interaction disclosed by the present invention, the trusted application management unit 4 is capable of independently managing, updating, and maintaining the installed trusted application.
优选地,在本发明所公开的用于安全性信息交互的设备中,所述第二***管理装置2使用的资源与所述第一***管理装置1使用的资源(通过硬件机制或软件机制的方式)相隔离。Preferably, in the device for security information interaction disclosed by the present invention, the resource used by the second system management device 2 and the resource used by the first system management device 1 (through a hardware mechanism or a software mechanism) Way) is isolated.
由上可见,本发明所公开的用于安全性信息交互的设备具有下列优点:可信应用的安装操作方便快捷,成本较低,并且可信应用的管理机制具有良好的兼容性和可维护性。It can be seen from the above that the device for security information interaction disclosed in the present invention has the following advantages: the installation operation of the trusted application is convenient and fast, the cost is low, and the management mechanism of the trusted application has good compatibility and maintainability. .
尽管本发明是通过上述的优选实施方式进行描述的,但是其实现形式并不局限于上述的实施方式。应该认识到:在不脱离本发明主旨和范围的情况下,本领域技术人员可以对本发明做出不同的变化和修改。 Although the invention has been described in terms of the preferred embodiments described above, the implementation forms are not limited to the embodiments described above. It will be appreciated that various changes and modifications can be made in the present invention without departing from the spirit and scope of the invention.

Claims (9)

  1. 一种用于安全性信息交互的设备,所述用于安全性信息交互的设备包括第一***管理装置和第二***管理装置,其中,所述第一***管理装置为客户端应用提供运行环境,所述第二***管理装置为与所述客户端应用相关联的可信应用提供安全模式下的运行环境,以执行安全性信息交互过程,并且其中,当所述客户端应用被安装时触发与其相关联的所述可信应用的安装。An apparatus for security information interaction, the apparatus for security information interaction comprising a first system management apparatus and a second system management apparatus, wherein the first system management apparatus provides an operating environment for a client application The second system management device provides an operating environment in a secure mode for the trusted application associated with the client application to perform a security information interaction process, and wherein the client application is triggered when it is installed The installation of the trusted application with which it is associated.
  2. 根据权利要求1所述的用于安全性信息交互的设备,其特征在于,所述第一***管理装置进一步包括客户端应用安装器,所述客户端应用安装器能够基于用户指令从客户端应用服务器下载并安装所需的客户端应用,并且所述客户端应用安装器在所述客户端应用安装完成后触发与其相关联的可信应用的安装操作。The device for security information interaction according to claim 1, wherein the first system management device further comprises a client application installer, the client application installer being capable of applying from a client application based on a user instruction. The server downloads and installs the required client application, and the client application installer triggers the installation operation of the associated trusted application after the client application installation is completed.
  3. 根据权利要求2所述的用于安全性信息交互的设备,其特征在于,所述客户端应用安装器在所述客户端应用安装完成后以如下方式之一触发与其相关联的可信应用的安装操作:(1)从已安装的客户端应用中检测并获取关联可信应用配置信息,随之将所述关联可信应用配置信息传递到所述第二***管理装置以触发相关的可信应用的安装操作,其中,所述关联可信应用配置信息被预先设定在所述客户端应用中,其包含与该客户端应用相关联的可信应用的下载地址信息以及该可信应用的标识符;(2)调用所述第一***管理装置和所述第二***管理装置之间的数据通信接口向所述第二***管理装置发送可信应用安装请求以触发相关的可信应用的安装操作,其中,所述可信应用安装请求包含与该客户端应用相关联的可信应用的全局唯一标识符。The device for security information interaction according to claim 2, wherein the client application installer triggers a trusted application associated with one of the following manners after the client application installation is completed Installation operation: (1) detecting and acquiring associated trusted application configuration information from the installed client application, and then transmitting the associated trusted application configuration information to the second system management device to trigger related trusted An installation operation of the application, wherein the associated trusted application configuration information is pre-set in the client application, and includes download address information of the trusted application associated with the client application and the trusted application An identifier; (2) invoking a data communication interface between the first system management device and the second system management device to send a trusted application installation request to the second system management device to trigger an associated trusted application An installation operation, wherein the trusted application installation request includes a globally unique identifier of a trusted application associated with the client application.
  4. 根据权利要求3所述的用于安全性信息交互的设备,其特征在于,所述第二***管理装置包括可信应用管理单元,所述可信应用管理单元基于接收到的来自所述客户端应用安装器的关联可信应用配置信息或者可信应用安装请求而执行相关的可信应用的安装操作。The device for security information interaction according to claim 3, wherein the second system management device comprises a trusted application management unit, and the trusted application management unit is based on the received from the client The installation operation of the related trusted application is performed by the associated trusted application configuration information or the trusted application installation request of the installer.
  5. 根据权利要求4所述的用于安全性信息交互的设备,其特征在于,当接收到所述关联可信应用配置信息后,所述可信应用管理单元解析所述关联可信应用配置信息以获取待安装的目标可信应用的下载地址信息和标识符,并随之 与所述下载地址信息指示的可信应用服务器建立连接以基于所述标识符查找、下载并安装所述目标可信应用。The device for security information interaction according to claim 4, wherein, after receiving the associated trusted application configuration information, the trusted application management unit parses the associated trusted application configuration information to Obtain the download address information and identifier of the target trusted application to be installed, and then follow Establishing a connection with the trusted application server indicated by the download address information to find, download, and install the target trusted application based on the identifier.
  6. 根据权利要求5所述的用于安全性信息交互的设备,其特征在于,当接收到所述可信应用安装请求后,所述可信应用管理单元解析所述可信应用安装请求以获取待安装的目标可信应用的标识符,随之基于所述标识符检测所述目标可信应用是否已安装并运行在所述第二***管理装置上,并且如果所述目标可信应用没有被安装,则与预先设定的可信应用服务器建立连接并基于所述标识符查找、下载并安装所述目标可信应用。The device for security information interaction according to claim 5, wherein, after receiving the trusted application installation request, the trusted application management unit parses the trusted application installation request to obtain An identifier of the installed target trusted application, and then detecting, based on the identifier, whether the target trusted application is installed and running on the second system management device, and if the target trusted application is not installed And establishing a connection with a preset trusted application server and searching, downloading, and installing the target trusted application based on the identifier.
  7. 根据权利要求6所述的用于安全性信息交互的设备,其特征在于,所述预先设定的可信应用服务器由可信应用管理者预先配置,其具有指定的IP地址。The device for security information interaction according to claim 6, wherein the pre-set trusted application server is pre-configured by a trusted application manager with a specified IP address.
  8. 根据权利要求7所述的用于安全性信息交互的设备,其特征在于,所述可信应用管理单元能够独立地管理、更新和维护已安装的可信应用。The device for security information interaction according to claim 7, wherein the trusted application management unit is capable of independently managing, updating, and maintaining the installed trusted application.
  9. 根据权利要求8所述的用于安全性信息交互的设备,其特征在于,所述第二***管理装置使用的资源与所述第一***管理装置使用的资源相隔离。 The apparatus for security information interaction according to claim 8, wherein resources used by said second system management apparatus are isolated from resources used by said first system management apparatus.
PCT/CN2016/078826 2015-04-10 2016-04-08 Equipment for security information interaction WO2016161968A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510167277.8A CN105591791B (en) 2015-04-10 2015-04-10 Equipment for safety information interaction
CN201510167277.8 2015-04-10

Publications (1)

Publication Number Publication Date
WO2016161968A1 true WO2016161968A1 (en) 2016-10-13

Family

ID=55931050

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/078826 WO2016161968A1 (en) 2015-04-10 2016-04-08 Equipment for security information interaction

Country Status (3)

Country Link
CN (1) CN105591791B (en)
TW (1) TWI662491B (en)
WO (1) WO2016161968A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107682159B (en) * 2017-10-12 2021-02-02 北京握奇智能科技有限公司 Trusted application management method and trusted application management system of intelligent terminal
CN109145628B (en) * 2018-09-06 2020-08-25 江苏恒宝智能***技术有限公司 Data acquisition method and system based on trusted execution environment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101937351A (en) * 2010-09-15 2011-01-05 深圳市任子行网络技术股份有限公司 Method and system for automatically installing application software
CN103152385A (en) * 2013-01-29 2013-06-12 王玉娇 Triggering, achieving and executing method of relevant application and relevant equipment
CN103491080A (en) * 2013-09-12 2014-01-01 深圳市文鼎创数据科技有限公司 Information safety protecting method and system
CN103890756A (en) * 2011-08-24 2014-06-25 诺基亚通信公司 Application program control
CN103942678A (en) * 2014-04-01 2014-07-23 武汉天喻信息产业股份有限公司 Mobile payment system and method based on trusted execution environment
CN104020938A (en) * 2013-03-01 2014-09-03 联想(北京)有限公司 Information processing method and electronic device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040168089A1 (en) * 2003-02-19 2004-08-26 Hyun-Sook Lee Security method for operator access control of network management system
TW200743029A (en) * 2006-05-12 2007-11-16 Kye Systems Corp Hardware device driver automatic installation method and system thereof

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101937351A (en) * 2010-09-15 2011-01-05 深圳市任子行网络技术股份有限公司 Method and system for automatically installing application software
CN103890756A (en) * 2011-08-24 2014-06-25 诺基亚通信公司 Application program control
CN103152385A (en) * 2013-01-29 2013-06-12 王玉娇 Triggering, achieving and executing method of relevant application and relevant equipment
CN104020938A (en) * 2013-03-01 2014-09-03 联想(北京)有限公司 Information processing method and electronic device
CN103491080A (en) * 2013-09-12 2014-01-01 深圳市文鼎创数据科技有限公司 Information safety protecting method and system
CN103942678A (en) * 2014-04-01 2014-07-23 武汉天喻信息产业股份有限公司 Mobile payment system and method based on trusted execution environment

Also Published As

Publication number Publication date
CN105591791A (en) 2016-05-18
TW201702950A (en) 2017-01-16
TWI662491B (en) 2019-06-11
CN105591791B (en) 2019-06-18

Similar Documents

Publication Publication Date Title
US10678585B2 (en) Methods and apparatus to automatically configure monitoring of a virtual machine
US10127057B2 (en) Method and apparatus for dynamically implementing application function
US8578376B2 (en) Automatically and securely configuring and updating virtual machines
US10320940B1 (en) Managing generic data
CN107992308B (en) Plug-in management method for android terminal application program
US20150074659A1 (en) Methods and Apparatus to Perform Web-Based Installations and/or Upgrade Architectures for Enterprise Software
US10891122B2 (en) Rolling upgrade of a distributed application
CN106911729B (en) Remote installation method of operating system suitable for domestic processor
US20130326502A1 (en) Installing applications remotely
WO2017071207A1 (en) Application installation method, corresponding apparatus, and application installation system
TW201814509A (en) Method and device for implementing communication of web page and local application and electronic equipment
US10581823B2 (en) Web client plugin manager in vCenter managed object browser
US20160241535A1 (en) Terminal authentication and registration system, method for authenticating and registering terminal, and storage medium
CN104113430A (en) Cloud computing data center automatic deployment software framework design
US20180121224A1 (en) Isolating a redirected smart card reader to a remote session
US11782748B2 (en) Cloud shell extension framework
US10798097B2 (en) Intelligent redirection of authentication devices
US11263297B2 (en) Dynamic insertion of variablized secrets in a pipeline integration system
WO2016161968A1 (en) Equipment for security information interaction
WO2016095796A1 (en) Secure operating system update method used in reliable execution environment
CN109981546B (en) Method and device for acquiring remote call relation between application modules
US8615751B2 (en) Seeding product information
US11526373B2 (en) Agentless personal network firewall in virtualized datacenters
CN111711713B (en) Data access method, computer device and storage medium
CN112579247A (en) Method and device for determining task state

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16776143

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205N DATED 25.01.2018)

122 Ep: pct application non-entry in european phase

Ref document number: 16776143

Country of ref document: EP

Kind code of ref document: A1