Application specific certificate management
US-2019312722-A1 · Oct 10, 2019 · US
Key transfer method and system based on shared security application, storage medium, and device thereof
US11101985B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11101985-B2 |
| Application number | US-202117158719-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 26, 2021 |
| Priority date | Oct 12, 2018 |
| Publication date | Aug 24, 2021 |
| Grant date | Aug 24, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
One embodiment provides a key transfer system and method based on a shared security application. During operation, an application executing on a terminal device receives an application key comprising at least a service key from a management server of the application and forwards the application key to a management server of a shared security application residing in a secure element in the terminal device, thereby facilitating the management server of the shared security application to deliver the application key to the shared security application. The application invokes the application key stored in the shared security application to perform services associated with the application. The application key is isolated from other application keys associated with other applications stored in the shared security application.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer executed method, comprising: receiving, by an application executing on a terminal device, an application key comprising at least a service key from a management server of the application; forwarding the application key to a management server of a shared security application residing in a secure element in the terminal device, thereby facilitating the management server of the shared security application to deliver the application key to the shared security application; and invoking, by the application, the application key stored in the shared security application to perform services associated with the application, wherein the application key is isolated from other application keys associated with other applications stored in the shared security application. 2. The method according to claim 1 , wherein the application key further comprises a communication security protection key, and wherein the method further comprises: encrypting, by the application, service data associated with the services using the communication security protection key; and sending the encrypted service data to the shared security application. 3. The method according to claim 2 , further comprising: decrypting, by the shared security application, the encrypted service data; processing, by the shared security application, the service data using the service key; encrypting, by the shared security application, the processed service data using the communication security protection key; and returning, by the shared security application, the encrypted processed service data to the application. 4. The method according to claim 1 , wherein receiving the application key from the management server of the application comprises receiving the application key that is encrypted by the management server of the application using a public key of the management server of the shared security application, and wherein the public key of the management server of the shared security application is distributed to the management server of the application by the management server of the shared security application. 5. The method according to claim 4 , wherein forwarding the application key comprises: invoking, by the application, a corresponding interface provided by a shared security application proxy on the terminal device external of the secure element; sending, by the application via the corresponding interface and the security application proxy, the encrypted application key to the management server of the shared security application; performing, by the management server of the shared security application, decryption using a private key corresponding to the public key to obtain the application key; and delivering, by the management server of the shared security application, the application key to the shared security application in the secure element. 6. The method according to claim 5 , wherein the shared security application proxy is executed in a rich execution environment or a trusted execution environment of the terminal device. 7. The method according to claim 5 , wherein the public key and the private key of the management server of the shared security application form an asymmetric key pair, and wherein an encryption or decryption operation based on the asymmetric key pair comprises one of the following operations: Rivest-Shamir-Adleman (RSA), Elgamal, knapsack, Rabin, Diffie-Hellman (D-H), and elliptic-curve cryptography (ECC). 8. The method according to claim 1 , wherein the application is executed in a rich execution environment or a trusted execution environment of the terminal device. 9. A computer system, comprising: a processer; a storage device coupled to the processor and storing instructions, which when executed by the processor cause the processor to perform a method, the method comprising: receiving, by an application executing on a terminal device, an application key comprising at least a service key from a management server of the application; forwarding the application key to a management server of a shared security application residing in a secure element in the terminal device, thereby facilitating the management server of the shared security application to deliver the application key to the shared security application; and invoking, by the application, the application key stored in the shared security application to perform services associated with the application, wherein the application key is isolated from other application keys associated with other applications stored in the shared security application. 10. The computer system according to claim 9 , wherein the application key further comprises a communication security protection key, and wherein the method further comprises: encrypting, by the application, service data associated with the services using the communication security protection key; and sending the encrypted service data to the shared security application. 11. The computer system according to claim 10 , wherein the method further comprises: decrypting, by the shared security application, the encrypted service data; processing, by the shared security application, the service data using the service key; encrypting, by the shared security application, the processed service data using the communication security protection key; and returning, by the shared security application, the encrypted processed service data to the application. 12. The computer system according to claim 9 , wherein receiving the application key from the management server of the application comprises receiving the application key that is encrypted by the management server of the application using a public key of the management server of the shared security application, and wherein the public key of the management server of the shared security application is distributed to the management server of the application by the management server of the shared security application. 13. The computer system according to claim 12 , wherein forwarding the application key comprises: invoking, by the application, a corresponding interface provided by a shared security application proxy on the terminal device external of the secure element; sending, by the application via the corresponding interface and the security application proxy, the encrypted application key to the management server of the shared security application; performing, by the management server of the shared security application, decryption using a private key corresponding to the public key to obtain the application key; and delivering, by the management server of the shared security application, the application key to the shared security application in the secure element. 14. The computer system according to claim 13 , wherein the shared security application proxy is executed in a rich execution environment or a trusted execution environment of the terminal device. 15. The computer system according to claim 13 , wherein the public key and the private key of the management server of the shared security application form an asymmetric key pair, and wherein an encryption or decryption operation based on the asymmetric key pair comprises one of the following operations: Rivest-Shamir-Adleman (RSA), Elgamal, knapsack, Rabin, Diffie-Hellman (D-H), and elliptic-curve cryptography (ECC). 16. The computer system according to claim 9 , wherein the application is executed in a rich execution environment or a trusted execution environment of the terminal device. 17. A non-transitory computer-readable storage mediu
Assignees
Inventors
Classifications
Key distribution or pre-distribution; Key agreement · CPC title
Key management, e.g. using generic bootstrapping architecture [GBA] · CPC title
- H04L9/083Primary
involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] · CPC title
using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates · CPC title
- H04L9/0819Primary
Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) (network architectures or network communication protocols for key distribution in a packet data network H04L63/062) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11101985B2 cover?
- One embodiment provides a key transfer system and method based on a shared security application. During operation, an application executing on a terminal device receives an application key comprising at least a service key from a management server of the application and forwards the application key to a management server of a shared security application residing in a secure element in the termi…
- Who is the assignee on this patent?
- Advanced New Technologies Co Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L9/083. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 24 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).