System for securely entering particular information and method thereof
First Claim
1. A system for securely entering particular information, comprising:
- a mobile device and a background server,wherein the mobile device comprises a processor, and the processor is configured to implement switching between a non-secure execution environment and a secure execution environment;
wherein the processor is virtualized into a first processor and a second processor, the first processor is configured to execute a business function application in the non-secure execution environment, and the second processor is configured to execute a particular information entering application and encrypt entered particular information in the secure execution environment;
wherein the particular information entering application is associated with the business function application; and
wherein implementing the switching between the non-secure execution environment and the secure execution environment comprises;
triggering, in a case that a particular information entering is required by the business function application executed by the first processor, the second processor to perform the particular information entering, and returning, to the first processor, an encryption result obtained by encrypting the entered particular information by the second processor;
wherein the background server is configured to authenticate the encryption result from the first processor;
wherein the background server is further configured to generate key seed information, the key seed information is for generating a key for encrypting the entered particular information, and the first processor is further configured to acquire, in the non-secure execution environment, the key seed information from the background server; and
wherein implementing the switching between the non-secure execution environment and the secure execution environment comprises;
in response to the particular information entering being required by the business function application executed by the first processor, triggering the second processor through the key seed information, to perform the particular information entering, and wherein encrypting the entered particular information in the secure execution environment comprises encrypting the entered particular information by using the key generated from the key seed information.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for securely entering particular information includes a mobile device and a background server. The mobile device includes a first area which is a non-secure environment, a second area which is a secure environment and a switching module implementing switchings between the first and second areas. At least one first application module for executing a business function application is provided in the first area. A second application module for executing a particular information entering application and an encryption module for encrypting entered particular information are provided in the second area. If a particular information entering is required by the first application module, the switching module triggers the second application module to perform the particular information entering, and returns, to the first application module, an encryption result obtained by encrypting the entered particular information. The background server includes an authentication module for authenticating the encryption result.
-
Citations
7 Claims
-
1. A system for securely entering particular information, comprising:
-
a mobile device and a background server, wherein the mobile device comprises a processor, and the processor is configured to implement switching between a non-secure execution environment and a secure execution environment; wherein the processor is virtualized into a first processor and a second processor, the first processor is configured to execute a business function application in the non-secure execution environment, and the second processor is configured to execute a particular information entering application and encrypt entered particular information in the secure execution environment; wherein the particular information entering application is associated with the business function application; and wherein implementing the switching between the non-secure execution environment and the secure execution environment comprises;
triggering, in a case that a particular information entering is required by the business function application executed by the first processor, the second processor to perform the particular information entering, and returning, to the first processor, an encryption result obtained by encrypting the entered particular information by the second processor;wherein the background server is configured to authenticate the encryption result from the first processor; wherein the background server is further configured to generate key seed information, the key seed information is for generating a key for encrypting the entered particular information, and the first processor is further configured to acquire, in the non-secure execution environment, the key seed information from the background server; and wherein implementing the switching between the non-secure execution environment and the secure execution environment comprises;
in response to the particular information entering being required by the business function application executed by the first processor, triggering the second processor through the key seed information, to perform the particular information entering, and wherein encrypting the entered particular information in the secure execution environment comprises encrypting the entered particular information by using the key generated from the key seed information. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for securely entering particular information, comprising:
-
triggering, in a case that a particular information entering is required by a business function application, a particular information entering application associated with the business function application to get into a state of entering particular information, wherein an environment in which the business function application is run is a non-secure execution environment of a mobile device, and an environment in which the particular information entering application is run is a secure execution environment of the mobile device; receiving particular information entered by a user through the particular information entering application in the secure execution environment; and encrypting the entered particular information in the secure execution environment, and returning an encryption result to the business function application run in the non-secure execution environment; wherein the business function application in the non-secure execution environment sends a request message for acquiring key seed information to a background server connected to the mobile device, to receive first key seed information, wherein the request message comprises a unique identifier of a user, the first key seed information is generated by the background server by using a one-way function based on the unique identifier of the user and first particular information, and the first particular information is obtained through an inquiry performed by the background server based on the unique identifier of the user; wherein the unique identifier of the user and the first key seed information are acquired in the secure execution environment; and wherein the encrypting the entered particular information in the secure execution environment comprises; generating second key seed information by using a one-way function based on the unique identifier of the user and entered second particular information in the secure execution environment, generating a first key by using a blending function based on the first key seed information and the second key seed information, and encrypting the second key seed information by using the first key, to form a ciphertext as an encryption result. - View Dependent Claims (7)
-
Specification