System for securely entering particular information and method thereof

US 9,891,823 B2
Filed: 10/29/2014
Issued: 02/13/2018
Est. Priority Date: 09/19/2014
Status: Active Grant

First Claim

Patent Images

1. A system for securely entering particular information, comprising:

a mobile device and a background server,wherein the mobile device comprises a processor, and the processor is configured to implement switching between a non-secure execution environment and a secure execution environment;

wherein the processor is virtualized into a first processor and a second processor, the first processor is configured to execute a business function application in the non-secure execution environment, and the second processor is configured to execute a particular information entering application and encrypt entered particular information in the secure execution environment;

wherein the particular information entering application is associated with the business function application; and

wherein implementing the switching between the non-secure execution environment and the secure execution environment comprises;

triggering, in a case that a particular information entering is required by the business function application executed by the first processor, the second processor to perform the particular information entering, and returning, to the first processor, an encryption result obtained by encrypting the entered particular information by the second processor;

wherein the background server is configured to authenticate the encryption result from the first processor;

wherein the background server is further configured to generate key seed information, the key seed information is for generating a key for encrypting the entered particular information, and the first processor is further configured to acquire, in the non-secure execution environment, the key seed information from the background server; and

wherein implementing the switching between the non-secure execution environment and the secure execution environment comprises;

in response to the particular information entering being required by the business function application executed by the first processor, triggering the second processor through the key seed information, to perform the particular information entering, and wherein encrypting the entered particular information in the secure execution environment comprises encrypting the entered particular information by using the key generated from the key seed information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for securely entering particular information includes a mobile device and a background server. The mobile device includes a first area which is a non-secure environment, a second area which is a secure environment and a switching module implementing switchings between the first and second areas. At least one first application module for executing a business function application is provided in the first area. A second application module for executing a particular information entering application and an encryption module for encrypting entered particular information are provided in the second area. If a particular information entering is required by the first application module, the switching module triggers the second application module to perform the particular information entering, and returns, to the first application module, an encryption result obtained by encrypting the entered particular information. The background server includes an authentication module for authenticating the encryption result.

Citations

7 Claims

1. A system for securely entering particular information, comprising:
- a mobile device and a background server,wherein the mobile device comprises a processor, and the processor is configured to implement switching between a non-secure execution environment and a secure execution environment;
  
  wherein the processor is virtualized into a first processor and a second processor, the first processor is configured to execute a business function application in the non-secure execution environment, and the second processor is configured to execute a particular information entering application and encrypt entered particular information in the secure execution environment;
  
  wherein the particular information entering application is associated with the business function application; and
  
  wherein implementing the switching between the non-secure execution environment and the secure execution environment comprises;
  
  triggering, in a case that a particular information entering is required by the business function application executed by the first processor, the second processor to perform the particular information entering, and returning, to the first processor, an encryption result obtained by encrypting the entered particular information by the second processor;
  
  wherein the background server is configured to authenticate the encryption result from the first processor;
  
  wherein the background server is further configured to generate key seed information, the key seed information is for generating a key for encrypting the entered particular information, and the first processor is further configured to acquire, in the non-secure execution environment, the key seed information from the background server; and
  
  wherein implementing the switching between the non-secure execution environment and the secure execution environment comprises;
  
  in response to the particular information entering being required by the business function application executed by the first processor, triggering the second processor through the key seed information, to perform the particular information entering, and wherein encrypting the entered particular information in the secure execution environment comprises encrypting the entered particular information by using the key generated from the key seed information.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system according to claim 1, wherein generating the key seed information comprises:
    - receiving a request message requesting for a key seed, wherein the request message is sent by the first processor of the mobile device and comprises a unique identifier of a user of the business function application;
      
      inquiring, based on the unique identifier of the user, to acquire first particular information corresponding to the user; and
      
      generating the key seed information by using a one-way function based on the unique identifier of the user and the first particular information and returning the key seed information to the first processor, wherein the key seed information is first key seed information.
  - 3. The system according to claim 2, wherein the generating the key seed information further comprises generating a first random number;
    - and the generating the key seed information by using a one-way function based on the unique identifier of the user and the first particular information comprises;
      
      generating the first key seed information by using a one-way function based on the unique identifier of the user, the first particular information and the first random number.
  - 4. The system according to claim 1, whereinthe encrypting the entered particular information by using the key generated from the key seed information comprises receiving a unique identifier of a user and first key seed information from the non-secure execution environment, generating second key seed information by using a one-way function based on the unique identifier of the user and second particular information entered by the user;
    - generating a first key by using a blending function based on the first key seed information and the second key seed information;
      
      encrypting the second key seed information by using the first key, to form a ciphertext; and
      
      wherein authenticating the encryption result from the first processor comprises generating a second key by using a blending function based on the first key seed information and the second key seed information;
      
      decrypting the ciphertext by using the second key; and
      
      determining whether a decryption result is same as the second key seed information, wherein an authentication is passed in a case that the decryption result is same as the second key seed information.
  - 5. The system according to claim 4, wherein the encrypting the entered particular information by using the key generated from the key seed information further comprises generating a second random number;
    - and the generating second key seed information by using a one-way function based on the unique identifier of the user and second particular information entered by the user comprises generating the second key seed information by using a one-way function based on the unique identifier of the user, the second particular information entered by the user and the second random number.

6. A method for securely entering particular information, comprising:
- triggering, in a case that a particular information entering is required by a business function application, a particular information entering application associated with the business function application to get into a state of entering particular information, wherein an environment in which the business function application is run is a non-secure execution environment of a mobile device, and an environment in which the particular information entering application is run is a secure execution environment of the mobile device;
  
  receiving particular information entered by a user through the particular information entering application in the secure execution environment; and
  
  encrypting the entered particular information in the secure execution environment, and returning an encryption result to the business function application run in the non-secure execution environment;
  
  wherein the business function application in the non-secure execution environment sends a request message for acquiring key seed information to a background server connected to the mobile device, to receive first key seed information, wherein the request message comprises a unique identifier of a user, the first key seed information is generated by the background server by using a one-way function based on the unique identifier of the user and first particular information, and the first particular information is obtained through an inquiry performed by the background server based on the unique identifier of the user;
  
  wherein the unique identifier of the user and the first key seed information are acquired in the secure execution environment; and
  
  wherein the encrypting the entered particular information in the secure execution environment comprises;
  
  generating second key seed information by using a one-way function based on the unique identifier of the user and entered second particular information in the secure execution environment, generating a first key by using a blending function based on the first key seed information and the second key seed information, and encrypting the second key seed information by using the first key, to form a ciphertext as an encryption result.
- View Dependent Claims (7)
- - 7. The method according to claim 6, wherein a first random number is generated by the background server, and the first key seed information is generated by the background server by using a one-way function based on the unique identifier of the user, the first random number and the first particular information;
    - anda second random number is randomly generated in the secure execution environment, and the generating the second key seed information by using the one-way function based on the unique identifier of the user and the entered second particular information in the secure execution environment comprises;
      
      generating the second key seed information by using a one-way function based on the unique identifier of the user, the entered second particular information and the second random number in the secure execution environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Neusoft Corporation
Original Assignee
Neusoft Corporation
Inventors
Feng, Xishun, Zhang, Zhijian, Li, Jun, Wang, Jun, Meng, Qingyang, Liu, Fuyang
Primary Examiner(s)
Do, Khang

Application Number

US14/527,755
Publication Number

US 20160088471A1
Time in Patent Office

1,203 Days
Field of Search
US Class Current
CPC Class Codes

G06F 3/04886   by partitioning the display...

G06Q 2220/00   Business processing using c...

H04L 9/0866   involving user or device id...

H04L 9/088   Usage controlling of secret...

H04L 9/3226   using a predetermined code,...

System for securely entering particular information and method thereof

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

System for securely entering particular information and method thereof

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links