CN114386111B - Chip circuit and access control method - Google Patents
Chip circuit and access control methodInfo
- Publication number
- CN114386111B CN114386111B CN202011122418.1A CN202011122418A CN114386111B CN 114386111 B CN114386111 B CN 114386111B CN 202011122418 A CN202011122418 A CN 202011122418A CN 114386111 B CN114386111 B CN 114386111B
- Authority
- CN
- China
- Prior art keywords
- chip
- application
- interface
- user identification
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Telephone Function (AREA)
Abstract
本发明提供一种芯片电路及访问控制方法,涉及通信技术领域,所述芯片电路包括:基带芯片、应用芯片和用户识别卡,其中:所述基带芯片的第一端与所述应用芯片的第一端连接,以形成所述基带芯片与所述应用芯片之间的第一接口;所述基带芯片的第二端与所述应用芯片的第二端连接,以形成所述基带芯片与所述应用芯片之间的第二接口;所述基带芯片的第三端与所述用户识别卡连接。本发明实施例中所述基带芯片与所述应用芯片之间包括第一接口和第二接口,从而应用芯片能够通过第一接口和第二接口分别访问用户识别卡的普通卡应用和安全卡应用,能够避免导致访问阻塞,从而能够提高访问控制效果。
The present invention provides a chip circuit and access control method, relating to the field of communications technology. The chip circuit includes: a baseband chip, an application chip, and a user identification card, wherein: a first end of the baseband chip is connected to a first end of the application chip to form a first interface between the baseband chip and the application chip; a second end of the baseband chip is connected to a second end of the application chip to form a second interface between the baseband chip and the application chip; and a third end of the baseband chip is connected to the user identification card. In an embodiment of the present invention, a first interface and a second interface are provided between the baseband chip and the application chip, so that the application chip can access the user identification card's ordinary card application and security card application through the first interface and the second interface, respectively, thereby avoiding access blockage and improving access control effectiveness.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a chip circuit and an access control method.
Background
In the prior art, a terminal generally includes an application chip, a baseband chip and a subscriber identity module card, and the application chip accesses the subscriber identity module card through the baseband chip. The user identification card can bear a common card application and a security card application, the common card application can be accessed without authorization of a trusted application, and the security card application can be accessed without authorization of the trusted application. Typically, the security card application is an application involving identity security information such as an identity card or a bank card. When the application chip accesses the security card application of the user identification card, the communication interface of the application chip and the baseband chip needs to work in a security mode, so that the application chip cannot access the common card application of the user identification card when accessing the security card application of the user identification card. It can be seen that the existing access control schemes may cause access blocking and the access control effect is poor.
Disclosure of Invention
The embodiment of the invention provides a chip circuit and an access control method, which are used for solving the problems that an application chip cannot access a common card application of a user identification card when accessing a security card application of the user identification card in the existing access control scheme, so that access is blocked and the access control effect is poor.
In order to solve the technical problems, the invention is realized as follows:
In a first aspect, an embodiment of the present invention provides a chip circuit, including a baseband chip, an application chip, and a subscriber identity module card, where:
the first end of the baseband chip is connected with the first end of the application chip to form a first interface between the baseband chip and the application chip;
the second end of the baseband chip is connected with the second end of the application chip to form a second interface between the baseband chip and the application chip;
and the third end of the baseband chip is connected with the user identification card.
Optionally, in the case that the application chip runs the first running environment and the second running environment simultaneously:
The application chip is used for sending a first user identification card access request to the baseband chip through the first interface under the first running environment, and the baseband chip is used for accessing the user identification card based on the first user identification card access request;
The application chip is used for sending a second user identification card access request to the baseband chip through the second interface under the second operation environment, and the baseband chip is used for accessing the user identification card based on the second user identification card access request.
Optionally, the application chip runs a trusted application, and the application chip is configured to send a second user identification card access request to the baseband chip through the second interface under the second running environment based on the trusted application.
Optionally, in a case that the application chip runs the first running environment:
The application chip is used for sending a third user identification card access request to the baseband chip through the first interface under the first running environment, and the baseband chip is used for accessing the user identification card based on the third user identification card access request;
Or alternatively
The application chip is used for sending a fourth user identification card access request to the baseband chip through the second interface under the first operation environment, and the baseband chip is used for accessing the user identification card based on the fourth user identification card access request.
Optionally, the first operating environment is a rich operating environment, and/or the second operating environment is a trusted operating environment.
In a second aspect, an embodiment of the present invention provides an access control method, where the method includes:
executing user identification card access of a first running environment through a first interface;
executing user identification card access of a second running environment through a second interface;
The first operation environment and the second operation environment are two operation environments for the application chip to operate simultaneously, and the first interface and the second interface are two interfaces between the application chip and the baseband chip.
Optionally, the executing the user identification card access of the first running environment through the first interface includes:
the application chip sends a first user identification card access request to the baseband chip through a first interface under a first running environment;
The baseband chip accesses the subscriber identity card based on the first subscriber identity card access request.
Optionally, the executing the user identification card access of the second running environment through the second interface includes:
the application chip sends a second user identification card access request to the baseband chip through a second interface under a second operation environment;
the baseband chip accesses the subscriber identity card based on the second subscriber identity card access request.
Optionally, the application chip runs a trusted application, and the application chip sends a second user identification card access request to the baseband chip through a second interface in a second running environment, including:
and the application chip sends a second user identification card access request to the baseband chip through the second interface under the second running environment based on the trusted application program.
Optionally, the first operating environment is a rich operating environment, and/or the second operating environment is a trusted operating environment.
In the embodiment of the invention, the first end of the baseband chip is connected with the first end of the application chip to form a first interface between the baseband chip and the application chip, and the second end of the baseband chip is connected with the second end of the application chip to form a second interface between the baseband chip and the application chip, so that the first interface and the second interface are included between the baseband chip and the application chip, and the application chip can access the common card application and the security card application of the user identification card through the first interface and the second interface respectively, thereby avoiding access blockage and improving the access control effect.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments of the present invention will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort to a person of ordinary skill in the art.
Fig. 1 is a schematic structural diagram of a chip circuit according to an embodiment of the present invention;
FIG. 2 is one of the flowcharts of an access control method provided in an embodiment of the present invention;
FIG. 3 is a second flowchart of an access control method according to an embodiment of the present invention;
FIG. 4 is a third flowchart of an access control method according to an embodiment of the present invention;
fig. 5 is a flowchart of an access control method according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The embodiment of the invention provides a chip circuit and an access control method, which are used for solving the problems that an application chip cannot access a common card application of a user identification card when accessing a security card application of the user identification card in the existing access control scheme, so that access is blocked and the access control effect is poor.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a chip circuit according to an embodiment of the present invention, and as shown in fig. 1, the chip circuit includes a baseband chip 11, an application chip 12, and a subscriber identity module card 13, where:
the first end of the baseband chip 11 is connected with the first end of the application chip 12 to form a first interface 14 between the baseband chip 11 and the application chip 12;
a second end of the baseband chip 11 is connected to a second end of the application chip 12 to form a second interface 15 between the baseband chip 11 and the application chip 12;
The third end of the baseband chip 11 is connected to the subscriber identity card 13.
Wherein the first interface 14 and the second interface 15 may be physical interfaces. The first interface 14 may be used for a normal card application of the application chip 12 to access the subscriber identity card 13, the second interface 15 may be used for a secure card application of the application chip 12 to access the subscriber identity card 13, the subscriber identity card 13 may be a subscriber identity module (Subscriber Identity Module, SIM) card, or the second interface 15 may be used for a normal card application of the application chip 12 to access the subscriber identity card 13, the first interface 14 may be used for a secure card application of the application chip 12 to access the subscriber identity card 13. This embodiment is not limited thereto. By providing the first interface 14 and the second interface 15, a dual interface architecture of the baseband chip 11 can be realized.
Taking the case that the first interface 14 is used for the application chip 12 to access the normal card application of the subscriber identity card 13, and the second interface 15 is used for the application chip 12 to access the security card application of the subscriber identity card 13, the second interface 15 may be used as redundancy of the first interface 14, and the application chip 12 may access the normal card application of the subscriber identity card 13 through the second interface 15, in the case that the application chip 12 does not access the security card application of the subscriber identity card 13.
It should be noted that, an Application program (APP) may be running on the Application chip 12, the APP may access the secure card Application of the user identification card 13 through the second interface 15, specifically, the APP may access the secure card Application of the user identification card 13 through the second interface 15 under the trusted execution environment (Trust Execution Environment, TEE), or the APP may access the secure card Application of the user identification card 13 through the second interface 15 under the rich execution environment (Rich Execution Environment, REE).
Taking the secure card application where APP can access the subscriber identity card under REE through the second interface as shown in fig. 2, the method may comprise the following steps:
Step 101, the APP may send a SIM card security access request to a SIM card software development kit (Software Development Kit, SDK);
102, after receiving a SIM card security access request, a SIM card SDK sends the SIM card security access request to an SIM authorized TA;
step 103, after receiving the SIM card security request, the SIM authorization TA generates an SIM card security instruction request carrying an authorization code;
104, the SIM authorization TA sends the SIM card security instruction request carrying the authorization code to the second interface;
step 105, the second interface sends the received SIM card security instruction request to the SIM card application;
When the SIM authorization TA and the security card application of the SIM card are initialized, a shared secret key can be preset through a security scheme, communication data between the SIM authorization TA and the security card application of the SIM card are encrypted through the shared secret key, so that a security channel can be established, and the security of data of the second interface is ensured.
Step 106, after the SIM card security instruction request is received, the security card application of the SIM card checks the authorization code and carries out security operation;
Step 107, after the verification is successful, the security card application of the SIM card sends a security instruction response of the SIM card to the second interface;
Step 108, the second interface sends a SIM card security instruction response to the SIM authorization TA;
step 109, after receiving the SIM card security instruction response, the SIM authorization TA sends the SIM card security response to the SIM card SDK;
step 110, after receiving the SIM card security response, the SIM card SDK sends the SIM card security access response to the APP.
It should be noted that the SIM card SDK may be an agent accessing the SIM card, for example, the SIM card SDK may be an agent accessing the SIM card under the REEs. The SIM authorization TA may be a trusted application in the TEE for implementing authorization capabilities of the secure card application for the user to access the SIM card.
Through the chip circuit in the embodiment of the invention, the application chip can access the common card application and the security card application of the user identification card through the first interface and the second interface respectively, thereby avoiding access blocking and improving the access control effect.
Optionally, in the case that the application chip runs the first running environment and the second running environment simultaneously:
The application chip is used for sending a first user identification card access request to the baseband chip through the first interface under the first running environment, and the baseband chip is used for accessing the user identification card based on the first user identification card access request;
The application chip is used for sending a second user identification card access request to the baseband chip through the second interface under the second operation environment, and the baseband chip is used for accessing the user identification card based on the second user identification card access request.
The first interface can be used for a common card application of the application chip for accessing the user identification card, and the second interface can be used for a security card application of the application chip for accessing the user identification card. The first operating environment may be an operating environment of a normal card application for accessing the subscriber identity card, and the second operating environment may be an operating environment of a security card application for accessing the subscriber identity card.
Taking the first operating environment as REE and the second operating environment as TEE as examples, the application program under REE can access the common card application of the user identification card through the first interface, and meanwhile, the second interface can operate in a security mode to realize that the trusted application under TEE accesses the security card application of the user identification card. The access of the REE side and the access of the TEE side can be respectively realized through a first interface and a second interface without mutual interference.
In practical application, the user identification card is used as a basic security medium on the electronic equipment, can be used for bearing high security application, and needs to be accessed simultaneously in a first operation environment and a second operation environment under certain application scenes. Taking the first operating environment as REE and the second operating environment as TEE as examples, the user identification card needs to be accessed under REE and TEE under certain application scenes. In the related art, since there is only one interface between the application chip and the baseband chip, when the application chip accesses the subscriber identity module card under the TEE, the application chip will switch to the Secure state through mode conversion, and in the Secure state, the application chip cannot access the subscriber identity module card under the REE. The application chip loads an Operating System (OS) in the TEE, and the OS in the TEE invokes a corresponding trusted application (Trusted Application, TA) to interact with the subscriber identity module card. After the user identification card is accessed under the TEE, the application chip can switch the access authority of the baseband chip to the REE through mode conversion, and reload the OS in the REE. Therefore, when the application chip runs under the TEE, the user identification card cannot be normally accessed under the REE, and the TEE blocks the REE from accessing the user identification card.
In the embodiment of the invention, the application chip can access the user identification card under the TEE through the first interface and the second interface, and simultaneously the application chip can access the user identification card under the REE, so that the concurrent access to the user identification card is realized. The baseband chip can also comprise a SIM card concurrent access control module, and when the SIM card is accessed simultaneously under the TEE and the REE, the concurrent access control of the SIM card can be realized through the SIM card concurrent access control module.
Thus, through the first interface and the second interface, the application chip can access the user identification card in parallel under the first running environment and the second running environment, so that the user identification card can be prevented from being accessed only under the first running environment or the user identification card can be prevented from being accessed only under the second running environment, and access blocking is avoided.
Optionally, the application chip runs a trusted application, and the application chip is configured to send a second user identification card access request to the baseband chip through the second interface under the second running environment based on the trusted application.
The application chip can be run with an APP, and the APP can access a security card application of the user identification card through a second interface based on the trusted application program (Trusted Application, TA).
As illustrated in fig. 3, the access control method of the security card application accessing the user identification card through the second interface may include the steps of:
step 201, the APP may send a TA request to the SIM card SDK;
step 202, after receiving a TA request, the SIM card SDK sends a TA security request to a trusted application program;
step 203, after receiving the TA security request, the trusted application program sends a SIM card authorization request to a SIM authorization TA;
Step 204, after receiving the SIM card authorization request, the SIM authorization TA generates an authorization code;
Step 205, the SIM authorization TA sends a SIM authorization response corresponding to the SIM authorization request to the TA, where the SIM authorization response carries an authorization code;
step 206, the TA sends a SIM card security instruction request carrying an authorization code to the second interface;
Step 207, after receiving the SIM card security instruction request, the second interface sends the SIM card security instruction request to the SIM card application;
step 208, after receiving the SIM card security instruction request, the SIM card security card application verifies the authorization code and performs security operation;
step 209, after the verification is successful, the security card application of the SIM card sends a security instruction response of the SIM card to the second interface;
step 210, the second interface sends a SIM card security instruction response to the TA;
In addition, after receiving the SIM card security instruction response, the TA sends a verification request to the SIM authorization TA and receives a verification response of the SIM authorization TA to the verification request.
Step 211, after the TA passes the verification, performing TA security operation, and generating a TA security operation result.
212, The TA sends a TA safety response to the SIM card SDK, wherein the TA safety response carries a TA safety operation result;
Step 213, the SIM card SDK sends a TA response to the APP.
It should be noted that the SIM card SDK may be an agent accessing the SIM card, for example, the SIM card SDK may be an agent accessing the SIM card under the REEs.
In this embodiment, the application chip sends a second subscriber identity card access request to the baseband chip through the second interface under the second operating environment based on the trusted application, where the baseband chip is configured to access the subscriber identity card based on the second subscriber identity card access request. In this way, the dual interface architecture of the baseband chip can provide an additional interface for the trusted application to access the subscriber identity card, thereby implementing a secure card application that accesses the subscriber identity card in a secure mode.
Optionally, in a case that the application chip runs the first running environment:
The application chip is used for sending a third user identification card access request to the baseband chip through the first interface under the first running environment, and the baseband chip is used for accessing the user identification card based on the third user identification card access request;
Or alternatively
The application chip is used for sending a fourth user identification card access request to the baseband chip through the second interface under the first operation environment, and the baseband chip is used for accessing the user identification card based on the fourth user identification card access request.
The application chip can be operated with an APP, and the APP can access the common card application of the user identification card through the first interface or the second interface.
As an example, as shown in fig. 4, the access control method of a general card application accessing a user identification card through a first interface or a second interface may include the steps of:
step 301, the APP may send a SIM card access request to the SIM card SDK;
step 302, after receiving the SIM card access request, the SIM card SDK sends the SIM card access request to the first interface or the second interface;
step 303, the first interface or the second interface sends the SIM card access request to the common card application of the SIM card;
Step 304, the common card application of the SIM card responds to the SIM card access request, and obtains an encrypted SIM card access response through shared key operation with the APP service platform;
step 305, the normal card application of the SIM card sends the SIM card access response to the first interface or the second interface;
step 307, the first interface or the second interface sends the SIM card access response to the SIM card SDK;
Step 308, after receiving the SIM card access response, the SIM card SDK sends the SIM card access response to the APP.
The common card application of the SIM card and the APP service platform can share a secret key through a security flow, the SIM card access response is information encrypted through the shared secret key, and the security of the first interface and the second interface data is ensured. After receiving the SIM card access response, the APP can use the SIM card access response for login verification of the APP service platform, and after verification is successful, the APP service platform can be logged in.
In this embodiment, the second interface may be used as redundancy of the first interface, and the application chip may access the normal card application of the subscriber identity card through the second interface, and in case that the first interface is busy or fails, the application chip may access the normal card application of the subscriber identity card through the second interface, so as to improve the reliability of the baseband chip.
Optionally, the first operating environment is a rich operating environment, and/or the second operating environment is a trusted operating environment.
Wherein the trusted execution environment is a running environment logically corresponding to the rich execution environment. By providing an isolated trusted execution environment in the secure area of the processor of the electronic device, the security, confidentiality and integrity of various sensitive data loaded into the trusted execution environment can be ensured, so that services such as secure encryption and decryption, secure storage, trusted identity authentication and the like can be provided. The application chip can send a first user identification card access request to the baseband chip through the first interface under REE, the baseband chip can access the user identification card based on the first user identification card access request, the application chip can send a second user identification card access request to the baseband chip through the second interface under TEE, and the baseband chip can access the user identification card based on the second user identification card access request.
The application chip can access the security card application of the SIM card under the TEE without affecting the common card application of the SIM card under the REE, and the application chip can realize the capability of simultaneously accessing the application of the SIM card under the TEE and the REE without state switching.
Referring to fig. 5, fig. 5 is a flowchart of an access control method according to an embodiment of the present invention, as shown in fig. 5, the method includes the following steps:
step 401, executing user identification card access of a first running environment through a first interface;
step 402, executing user identification card access of a second running environment through a second interface;
The first operation environment and the second operation environment are two operation environments for the application chip to operate simultaneously, and the first interface and the second interface are two interfaces between the application chip and the baseband chip.
Wherein the first interface and the second interface may be physical interfaces. The first interface may be used for an application chip to access a normal card application of the user identification card, the second interface may be used for an application chip to access a security card application of the user identification card, the first operating environment may be an operating environment of a normal card application for accessing the user identification card, the second operating environment may be an operating environment of a security card application for accessing the user identification card, or the second interface may be used for an application chip to access a normal card application of the user identification card, the first interface may be used for an application chip to access a security card application of the user identification card, the second operating environment may be an operating environment of a normal card application for accessing the user identification card, and the first operating environment may be an operating environment of a security card application for accessing the user identification card. This embodiment is not limited thereto. By setting the first interface and the second interface, a dual-interface architecture of the baseband chip can be realized.
In the embodiment of the invention, the user identification card access of the first running environment is executed through the first interface, and the user identification card access of the second running environment is executed through the second interface, so that the first interface and the second interface are included between the baseband chip and the application chip, and the application chip can respectively access the common card application and the security card application of the user identification card through the first interface and the second interface, thereby avoiding access blocking and improving the access control effect.
Optionally, the executing the user identification card access of the first running environment through the first interface includes:
the application chip sends a first user identification card access request to the baseband chip through a first interface under a first running environment;
The baseband chip accesses the subscriber identity card based on the first subscriber identity card access request.
Optionally, the executing the user identification card access of the second running environment through the second interface includes:
the application chip sends a second user identification card access request to the baseband chip through a second interface under a second operation environment;
the baseband chip accesses the subscriber identity card based on the second subscriber identity card access request.
Optionally, the application chip runs a trusted application, and the application chip sends a second user identification card access request to the baseband chip through a second interface in a second running environment, including:
and the application chip sends a second user identification card access request to the baseband chip through the second interface under the second running environment based on the trusted application program.
Optionally, the first operating environment is a rich operating environment, and/or the second operating environment is a trusted operating environment.
It should be noted that, the access control method in the embodiment of the present invention may be applied to the chip circuit described in the above embodiment, and the same technical effects may be achieved, so that repetition is avoided and no further description is provided herein.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The embodiments of the present invention have been described above with reference to the accompanying drawings, but the present invention is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those having ordinary skill in the art without departing from the spirit of the present invention and the scope of the claims, which are to be protected by the present invention.
Claims (9)
1. The chip circuit is characterized by comprising a baseband chip, an application chip and a user identification card, wherein:
the first end of the baseband chip is connected with the first end of the application chip to form a first interface between the baseband chip and the application chip;
the second end of the baseband chip is connected with the second end of the application chip to form a second interface between the baseband chip and the application chip;
the third end of the baseband chip is connected with the user identification card;
under the condition that the application chip runs the first running environment and the second running environment simultaneously:
The application chip is used for sending a first user identification card access request to the baseband chip through the first interface under the first running environment, and the baseband chip is used for accessing the user identification card based on the first user identification card access request;
The application chip is used for sending a second user identification card access request to the baseband chip through the second interface under the second operation environment, and the baseband chip is used for accessing the user identification card based on the second user identification card access request.
2. The chip circuit of claim 1, wherein the application chip runs a trusted application, and wherein the application chip is configured to send a second subscriber identity card access request to the baseband chip through the second interface in the second operating environment based on the trusted application.
3. The chip circuit of claim 1, wherein, in the case where the application chip runs a first running environment:
The application chip is used for sending a third user identification card access request to the baseband chip through the first interface under the first running environment, and the baseband chip is used for accessing the user identification card based on the third user identification card access request;
Or alternatively
The application chip is used for sending a fourth user identification card access request to the baseband chip through the second interface under the first operation environment, and the baseband chip is used for accessing the user identification card based on the fourth user identification card access request.
4. Chip circuit according to claim 1 or 2, wherein the first operating environment is a rich operating environment and/or the second operating environment is a trusted operating environment.
5. An access control method, the method comprising:
executing user identification card access of a first running environment through a first interface;
executing user identification card access of a second running environment through a second interface;
The first operation environment and the second operation environment are two operation environments for the application chip to operate simultaneously, and the first interface and the second interface are two interfaces between the application chip and the baseband chip;
the first end of the baseband chip is connected with the first end of the application chip to form the first interface between the baseband chip and the application chip;
the second end of the baseband chip is connected with the second end of the application chip to form the second interface between the baseband chip and the application chip.
6. The access control method according to claim 5, wherein the performing the user identification card access of the first execution environment through the first interface includes:
the application chip sends a first user identification card access request to the baseband chip through a first interface under a first running environment;
The baseband chip accesses the subscriber identity card based on the first subscriber identity card access request.
7. The access control method according to claim 5, wherein the performing the user identification card access of the second execution environment through the second interface includes:
the application chip sends a second user identification card access request to the baseband chip through a second interface under a second operation environment;
the baseband chip accesses the subscriber identity card based on the second subscriber identity card access request.
8. The access control method according to claim 7, wherein the application chip runs a trusted application, and the application chip sends a second user identification card access request to the baseband chip through a second interface in a second running environment, including:
and the application chip sends a second user identification card access request to the baseband chip through the second interface under the second running environment based on the trusted application program.
9. The access control method according to any one of claims 5 to 8, wherein the first execution environment is a rich execution environment and/or the second execution environment is a trusted execution environment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011122418.1A CN114386111B (en) | 2020-10-20 | 2020-10-20 | Chip circuit and access control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011122418.1A CN114386111B (en) | 2020-10-20 | 2020-10-20 | Chip circuit and access control method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114386111A CN114386111A (en) | 2022-04-22 |
| CN114386111B true CN114386111B (en) | 2025-08-22 |
Family
ID=81193319
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011122418.1A Active CN114386111B (en) | 2020-10-20 | 2020-10-20 | Chip circuit and access control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114386111B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109831775A (en) * | 2019-02-02 | 2019-05-31 | 华为技术有限公司 | A kind of processor, baseband chip and SIM card information transmission method |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9380448B2 (en) * | 2010-02-09 | 2016-06-28 | Mediatek Inc. | Methods for accessing subscriber identity cards via a dedicated interface and systems containing subscriber identity cards each with a dedicated interface |
| US9094999B2 (en) * | 2012-04-02 | 2015-07-28 | Intel Deutschland Gmbh | Radio communication device and method for operating a radio communication device |
| CN104284456B (en) * | 2013-07-03 | 2018-11-02 | 中国移动通信集团广东有限公司 | A kind of multi-module mobile terminal |
| CN110350934B (en) * | 2019-07-19 | 2021-10-08 | 深圳市沃特沃德信息有限公司 | Multi-card terminal, communication method thereof and computer equipment |
-
2020
- 2020-10-20 CN CN202011122418.1A patent/CN114386111B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109831775A (en) * | 2019-02-02 | 2019-05-31 | 华为技术有限公司 | A kind of processor, baseband chip and SIM card information transmission method |
Non-Patent Citations (1)
| Title |
|---|
| 一种3G智能手机中双CPU通信方案设计;黄俊伟等;《电视技术》;20120417;第36卷(第8期);第47-49页、第78页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114386111A (en) | 2022-04-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105447406B (en) | A kind of method and apparatus for accessing memory space | |
| EP1801721B1 (en) | Computer implemented method for securely acquiring a binding key for a token device and a secured memory device and system for securely binding a token device and a secured memory device | |
| EP2937805B1 (en) | Proximity authentication system | |
| CN100428820C (en) | Subscriber identification module and method capable of realizing mobile terminal area locking | |
| KR101025803B1 (en) | Resource control method and system through mobile terminal, related network and computer program product thereof | |
| KR20190028824A (en) | Methods and apparatus for user authentication and human intent verification in mobile devices | |
| CN104794388B (en) | application program access protection method and application program access protection device | |
| JP2013065340A (en) | Resource sharing protected by security between applications in independent execution environments in retrievable token such as smart card | |
| CN113807856B (en) | Resource transfer method, device and equipment | |
| KR102244465B1 (en) | Electronic assembly comprising a disabling module | |
| JP2013242644A (en) | Virtual computer system, control method, and program | |
| CN117972787B (en) | Large model knowledge base access control method and system based on JWT | |
| CN105279423A (en) | Password management method and password management device | |
| CN108335105A (en) | Data processing method and relevant device | |
| CN105282117A (en) | Access control method and device | |
| CN101938563B (en) | Protection method, system and mobile terminal of SIM card information | |
| CN114386111B (en) | Chip circuit and access control method | |
| KR101206735B1 (en) | Apparatus for protecting information associated with security of mobile terminal and method thereof | |
| CN105848148A (en) | WIFI connection method, terminal and router | |
| JP2009260688A (en) | Security system and method thereof for remote terminal device in wireless wide-area communication network | |
| CN110851881B (en) | Security detection method and device for terminal equipment, electronic equipment and storage medium | |
| JP2004206258A (en) | Multiple authentication system, computer program, and multiple authentication method | |
| CN113010908B (en) | Safe storage method suitable for large-capacity SIM card | |
| CN107862209B (en) | File encryption and decryption method, mobile terminal and device with storage function | |
| CN103235917A (en) | Application protection method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |