Security level determining method and device

[0018] In order to make the objectives, technical solutions and advantages of the present invention clearer, the embodiments of the present invention will be described in further detail below in conjunction with the accompanying drawings.

[0019] Before explaining the embodiments of the present invention in detail, the application scenarios of the embodiments of the present invention will be introduced. Because some services completed on the device need to be secured, such as payment services, currently, some security logic in the application is used to reduce the risk of the business to ensure the security of the business. For example, in the application The security logic that can only pay a certain amount per day can be set in the program. That is, at present, the business provider basically controls the risks on its own, and when the device where the application is located has certain risks, the security of the device cannot be known through the application, and the risk is high, and the business provider itself The cost of controlling risks is relatively high. Therefore, the embodiment of the present invention provides a method for determining the security level of a device. Based on the method provided by the implementation of the present invention, the security level of the device can be determined, so that for devices that cannot meet the security requirements, The service provider can refuse to provide the corresponding service on the device, which improves the controllability of the service risk.

[0020] figure 1 It is a flowchart of a method for determining a security level provided by an embodiment of the present invention. See figure 1 , The method includes:

[0021] Step 101: During the security verification process of the service, obtain multiple attribute information of the target device, the target device is the device currently executing the service, and the multiple attribute information is information that affects the security of the target device.

[0022] Step 102: Determine the security level of the multiple attribute information.

[0023] Step 103: Determine the security level of the target device based on the security levels of the multiple attribute information.

[0024] In the embodiment of the present invention, in the process of verifying the security of the business, multiple attribute information that affects the security of the target device can be obtained, and the security level of the multiple attribute information can be determined, thereby based on the security level of the multiple attribute information , To determine the security level of the device, avoid the inability to control the business risk due to the inability to know the security of the device, improve the controllability of the business risk, and reduce the cost of controlling the business risk.

[0025] Optionally, the plurality of attribute information includes at least one of the following parameters: key storage location and key digest storage location.

[0026] Optionally, the key stored in the key storage location is ATTK (AttestationKey, device authentication key). Among them, the ATTK is used to verify the legitimacy of the device, and the ATTK is a necessary key for generating ASK (AppSecureKey, application security key), and one device has and only one ATTK.

[0027] Optionally, determining the security level of the multiple attribute information includes:

[0028] When the multiple attribute information includes a key storage location and a key digest storage location, determine whether the key storage location and the key digest storage location are trusted locations;

[0029] If the key storage location and the key digest storage location are both trusted locations, the security levels of the key storage location and the key digest storage location are both set to the first level.

[0030] Optionally, determining whether the key storage location and the key digest storage location are trusted locations includes:

[0031] Judging whether the key storage location is located in the first designated storage location, and judging whether the key digest storage location is located in the second designated storage location;

[0032] If the key storage location is located in the first designated storage location, determining that the key storage location is a trusted location;

[0033] If the key digest storage location is located in the second designated storage location, it is determined that the key digest storage location is a trusted location.

[0034] Optionally, the multiple attribute information further includes a key transmission mode.

[0035] Optionally, after the security level of the key storage location and the key digest storage location are both set to the first level, it further includes:

[0036] Determine the security level of the key transmission method.

[0037] Optionally, determining the security level of the key transmission mode includes:

[0038] Based on the key transmission mode, obtain the corresponding security level from the correspondence between the stored transmission mode and the security level;

[0039] Determine the obtained security level as the security level of the key transmission method.

[0040] Optionally, determining the security level of the key transmission mode includes:

[0041] Send a security level acquisition request to the application server, and the security level acquisition request carries the key transmission mode;

[0042] When the security level obtaining response sent by the application server is received, the security level carried in the security level obtaining response is determined as the security level of the key transmission mode.

[0043] All the above-mentioned optional technical solutions can be combined in any combination to form an optional embodiment of the present invention, which is not repeated in the embodiment of the present invention.

[0044] figure 2 It is a flowchart of a method for determining a security level provided by an embodiment of the present invention. See figure 2 , The method includes:

[0045] Step 201: During the security verification process of the service, obtain multiple attribute information of the target device, the target device is the device currently executing the service, and the multiple attribute information is information that affects the security of the target device.

[0046] In order to determine the security of the target device to improve the controllability of business risks, during the security verification process of the target device, multiple attribute information of the target device can be obtained.

[0047] Wherein, the multiple attribute information includes at least one of the following parameters: key storage location, key digest storage location. Since both the key storage location and the key digest storage location can affect the security of the target device, preferably the plurality of attribute information may include the key storage location and the key digest storage location. The transmission method of transmitting the ATTK of the device to the key server also affects the security of the device. Therefore, the multiple attribute information may also include a key transmission method. Of course, the multiple attribute information may also include other parameters, which are not specifically limited in the embodiment of the present invention.

[0048] In addition, in the embodiment of the present invention, the multiple attribute information includes a key storage location and a key digest storage location, and the multiple attribute information includes a key transmission mode, a key digest storage location, and a key transmission mode as An example is taken to illustrate the method for determining the security level. In practical applications, when the multiple attribute information includes other parameters, the method for determining the security level is the same as or similar to the method provided in the embodiment of the present invention, which is not described in detail in the embodiment of the present invention.

[0049] It should be noted that the key stored in the key storage location is ATTK, which is used to verify the legitimacy of the target device, and ATTK is a necessary key to generate ASK, and a device has and only one ATTK, the key The key digest stored in the digest storage location is the key digest of ATTK, and the key digest of ATTK is obtained by processing ATTK based on the specified algorithm, and the key digest of the ATTK is used to verify the authenticity of the ATTK. The key transmission method is the method of transmitting the public key in ATTK to the key server.

[0050] The specified algorithm may be set in advance, for example, the specified algorithm may be an RSA algorithm, which is not specifically limited in the embodiment of the present invention.

[0051] In addition, the key storage location and the key digest storage location are the storage locations in the target device, so the target device can be directly obtained. For the key transmission method, when the target device leaves the factory, if the key transmission method Built in the target device, the target device can also obtain the key transmission mode from the built-in location of the key transmission mode. If the key transmission method is not built into the target device, the target device needs to send a transmission method acquisition request to the application server. The transmission method acquisition request carries the target device identifier. When the application server receives the transmission method acquisition request , The key transmission mode of the target device can be obtained based on the target device identifier, and then the key transmission mode of the target device is sent to the target device.

[0052] It should be noted that the application server may store the key transmission mode of multiple devices. Therefore, in order to distinguish the key transmission mode of each device, the application server can store the correspondence between the device identifier and the key transmission mode relationship. Furthermore, when the application server obtains the key transmission mode of the target device based on the target device identifier, the application server can obtain the corresponding secret from the stored correspondence between the device identifier and the key transmission mode based on the target device identifier. Key transmission mode, and the obtained key transmission method determines the key transmission mode of the target device.

[0053] The target device identifier is used to uniquely identify the target device, and the target device identifier may be the IMEI (International Mobile Equipment Identity, mobile equipment international identity code) of the target device, a factory serial number, etc., which are not specifically limited in the embodiment of the present invention.

[0054] The services involved in the embodiments of the present invention are services that need to ensure security, such as payment services. Of course, in practical applications, the services involved in the embodiments of the present invention may also include some services that need to verify the security of the device. The implementation of the present invention The example does not specifically limit this.

[0055] Step 202: When the plurality of attribute information includes the key storage location and the key digest storage location, determine whether the key storage location and the key digest storage location are trusted locations.

[0056] Specifically, it is determined whether the key storage location is located in the first designated storage location, and whether the key digest storage location is located in the second designated storage location, and if the key storage location is located in the first designated storage location, it is determined that the key storage location is Trusted location, otherwise, it is determined that the key storage location is not a trusted location. If the key digest storage location is in the second designated storage location, then the key digest storage location is determined to be a trusted location; otherwise, it is determined that the key digest storage location is not trusted position.

[0057] It should be noted that the first designated storage location and the second designated storage location are credible storage locations, and the first designated storage location and the second designated storage location can be set in advance. For example, the first designated storage location can be RPMB (ReplayProtectedMemoryBlock) in the eMMC (Embedded MultiMediaCard) of the target device. RPMB is a special storage area in eMMC. A password is required to access this area. The second designated storage location can be It is eFuse (electronic fuse, electronic fuse) or RPMB. The eFuse area is a programmable hardware area in the CPU chip of the target device. Data can be dynamically written during the program running, and the data in this area has fusing characteristics. The written data cannot be changed, and the embodiment of the present invention does not specifically limit the first designated storage location and the second designated storage location.

[0058] Step 203: If the key storage location and the key digest storage location are both trusted locations, set the security level of both the key storage location and the key digest storage location to the first level.

[0059] Further, if the key storage location is not a trusted location, the security level of the key storage location is set to the second level. Similarly, if the key digest storage location is not a trusted location, the security level of the key digest storage location is set to the second level.

[0060] It should be noted that the first level of security is greater than the second level of security, and the first level is used to indicate that the security level is particularly high and there is no danger, and the second security level is used to indicate that the security level is relatively low and easy to exist Certainly dangerous.

[0061] Furthermore, when the multiple attribute information also includes the key transmission mode, after the security level of the key storage location and the key digest storage location are both set to the first level, the security level of the key transmission mode can also be determined .

[0062] It should be noted that in this embodiment of the present invention, the target device can directly determine the security level of the key transmission mode. Of course, the target device can also determine the security level of the key transmission mode through the application server. The implementation of the present invention The example does not specifically limit this.

[0063] When the target device directly determines the security level of the key transmission mode, the target device can obtain the corresponding security level from the stored correspondence between the transmission mode and the security level based on the key transmission mode, and obtain The security level of is determined as the security level of the key transmission method.

[0064] When the target device determines the security level of the key transmission method through the application server, the target device may also send a level acquisition request to the application server. The level acquisition request carries the key transmission method. When the application server receives the level When obtaining the request, based on the key transmission mode, obtain the corresponding security level from the stored correspondence between the key transmission mode and the security level, and determine the obtained security level as the security level of the key transmission mode , Send a level acquisition response to the target device, and the level acquisition response carries the security level. When the target device receives the level acquisition response sent by the application server, the security level carried in the level acquisition response is determined as the security level of the key transmission mode of the target device.

[0065] Based on the description of step 201 above, the key transmission method of the target device can be stored in the application server, and the above description also mentions that the security level of the key transmission method can be determined by the application server. Therefore, in order to reduce the target device The number of interactions with the application server improves the efficiency of determining the security level of the target device. The target device can directly send a query request to the application server. The query request carries the target device identifier. When the application server receives the query request, Based on the target device identification, the corresponding key transmission method can be obtained from the corresponding relationship between the stored device identification and the key transmission method, and based on the obtained key transmission method, the stored key transmission method and security level In the correspondence relationship between, the corresponding security level is obtained, and the obtained security level is sent to the target device.

[0066] It should be noted that when the target device determines the security level of the key transmission method, the target device needs to store the corresponding relationship between the key transmission method and the security level. The corresponding relationship needs to occupy a certain storage space, but does not need to be related to the application. Server interaction can not only reduce the burden on the application server, but also improve efficiency. When the application server determines the security level of the key transmission method, the target device does not need to store the corresponding relationship between the key transmission method and the security level, which saves storage space, but the target device needs to interact with the application server, which reduces efficiency . Therefore, in practical applications, different methods can be used for different needs, which are not specifically limited in the embodiment of the present invention.

[0067] In addition, the corresponding relationship between the key transmission mode stored in the target device and the security level can be obtained in advance from the application server, of course, it can also be built into the target device before the target device leaves the factory. The present invention does not do this. Specific restrictions.

[0068] Furthermore, the correspondence between the key transmission mode and the security level can be that after determining the transmission mode for uploading the public key in ATTK to the key server, the corresponding security level is set for each transmission mode, and then each transmission mode The security level corresponding to each transmission method is stored.

[0069] For example, there are two key transmission methods, namely transmission method 1 and transmission method 2. Transmission method 1 is after the private key of ATTK is built in the device, before the device leaves the factory, the device manufacturer passes the ATTK public key through trusted The channel is transmitted to the key server in batches; transmission mode 2 is that before the device leaves the factory, the public key in ATTK is not transmitted, but after the device leaves the factory, the device will automatically transmit to the key server at the specified time, for example, the specified time can be The device is connected to the network for the first time. Since the security level of transmission mode 2 is the highest, the security level of transmission mode 1 can be set to the first level, which is stored in the correspondence between the key transmission mode and the security level as shown in Table 1 below. However, transmission mode 2 has many factors that affect the security level. For example, the time when the device accesses the network for the first time is uncertain, and the security of the network is also unknown. Therefore, the security level of transmission mode 2 will be relatively low. Set the transmission The security level of mode 2 is the second level, which is stored in the correspondence between the key transmission mode and the security level as shown in Table 1 below.

[0070] Table 1

[0071] Key transmission method

[0072] It should be noted that the embodiment of the present invention only takes the correspondence between the key transmission mode and the security level shown in Table 1 as an example for description, and the foregoing Table 1 does not limit the embodiment of the present invention.

[0073] Step 204: Determine the security level of the target device based on the security levels of the multiple attribute information.

[0074] Specifically, the target device may determine whether there is a second security level in the security levels of the multiple attribute information, and when the second security level exists in the security levels of the multiple attribute information, determine the security level of the target device as The second security level, otherwise, the security level of the target device is determined as the first security level. That is, when the multiple attribute information includes the key storage location and the key digest storage location, the target device can determine whether there is a second security in the security levels of the key storage location and the key digest storage location. Level, when there is a second security level, determine the security level of the target device as the second security level, otherwise, determine the security level of the target device as the first security level. When the multiple attribute information includes key storage location, key digest storage location, and key transmission mode, the target device can determine the security of the key storage location, key digest storage location, and key transmission mode. Whether there is a second security level in the levels, when the second security level exists, the security level of the target device is determined as the second security level; otherwise, the security level of the target device is determined as the first security level.

[0075] Optionally, the target device may also perform weighting processing on the security levels of the multiple attribute information, and determine the result of the weighting processing as the security level of the target device.

[0076] The operation of weighting the security levels of the multiple attribute information by the target device may be: the target device can obtain the weights of the multiple attribute information, and the weights of the multiple attribute information may be compared with the weights of the multiple attribute information. The security level is multiplied to obtain multiple values, and the multiple values ​​are added to obtain the security level of the target device. That is, when the multiple attribute information includes the key storage location and the key digest storage location, the target device can obtain the first weight and the second weight, the first weight is the weight of the key storage location, and the second weight Is the weight of the key digest storage location, multiply the security level of the key storage location with the first weight to obtain the first value, and multiply the security level of the key digest storage location with the second weight to obtain the second Value, and add the first value and the second value to get the security level of the target device. When the multiple attribute information includes the key storage location, the key digest storage location, and the key transmission mode, the target device can obtain the first weight, the second weight, and the third weight, and the third weight is the key transmission mode The security level of the key storage location is multiplied by the first weight to obtain the first value, and the security level of the key digest storage location is multiplied by the second weight to obtain the second value, and the key is transmitted The security level of the method is multiplied by the third weight to obtain the third value, and the first value, the second value, and the third value are added to obtain the security level of the target device.

[0077] It should be noted that the target device can not only determine the security level of the target device according to the above-mentioned method, of course, the target device can also determine the security level of the target device through other methods, and this embodiment of the present invention will not do this one by one. Enumerate.

[0078] In the embodiment of the present invention, in the process of verifying the security of the business, multiple attribute information that affects the security of the target device can be obtained, and the security level of the multiple attribute information can be determined, thereby based on the security level of the multiple attribute information , To determine the security level of the device, avoid the inability to control the business risk due to the inability to know the security of the device, improve the controllability of the business risk, and reduce the cost of controlling the business risk.

[0079] image 3 It is a schematic structural diagram of a security level determining device provided by an embodiment of the present invention, see image 3 The device includes:

[0080] The obtaining module 301 is used to obtain multiple attribute information of the target device during the security verification process of the service, the target device is the device currently executing the service, and the multiple attribute information is information that affects the security of the target device;

[0081] The first determining module 302 is configured to determine the security level of the multiple attribute information;

[0082] The second determining module 303 is configured to determine the security level of the target device based on the security levels of the multiple attribute information.

[0083] Optionally, the plurality of attribute information includes at least one of the following parameters: key storage location and key digest storage location.

[0084] Optionally, the key stored in the key storage location is the device authentication key ATTK.

[0085] Optionally, the first determining module 302 includes:

[0086] A judging unit, for judging whether the key storage location and the key digest storage location are trusted locations when the multiple attribute information includes a key storage location and a key digest storage location;

[0087] The setting unit is configured to set the security level of both the key storage location and the key digest storage location to the first level if the key storage location and the key digest storage location are both trusted locations.

[0088] Optionally, the judging unit includes:

[0089] A judging subunit for judging whether the key storage location is located in the first designated storage location, and judging whether the key digest storage location is located in the second designated storage location;

[0090] The first determining subunit is configured to determine that the key storage location is a trusted location if the key storage location is located at the first designated storage location;

[0091] The second determining subunit is configured to determine that the key digest storage location is a trusted location if the key digest storage location is located in the second designated storage location.

[0092] Optionally, the multiple attribute information further includes a key transmission mode.

[0093] Optionally, the first determining module 302 further includes:

[0094] The determining unit is used to determine the security level of the key transmission mode.

[0095] Optionally, the determining unit includes:

[0096] The obtaining subunit is used to obtain the corresponding security level from the stored correspondence between the transmission mode and the security level based on the key transmission mode;

[0097] The third determining subunit is used to determine the acquired security level as the security level of the key transmission mode.

[0098] Optionally, the determining unit includes:

[0099] The sending subunit is used to send a security level acquisition request to the application server, and the security level acquisition request carries the key transmission mode;

[0100] The fourth determining subunit is configured to determine the security level carried in the security level obtaining response as the security level of the key transmission mode when the security level obtaining response sent by the application server is received.

[0101] In the embodiment of the present invention, in the process of verifying the security of the business, multiple attribute information that affects the security of the target device can be obtained, and the security level of the multiple attribute information can be determined, thereby based on the security level of the multiple attribute information , To determine the security level of the device, avoid the inability to control the business risk due to the inability to know the security of the device, improve the controllability of the business risk, and reduce the cost of controlling the business risk.

[0102] It should be noted that when the security level determination device provided in the above embodiment determines the security level, only the division of the above functional modules is used as an example for illustration. In actual applications, the above functions can be allocated by different functional modules as needed. , Divide the internal structure of the device into different functional modules to complete all or part of the functions described above. In addition, the security level determining device provided in the foregoing embodiment and the security level determining method embodiment belong to the same concept, and the specific implementation process is detailed in the method embodiment, and will not be repeated here.

[0103] Figure 4 It is a schematic diagram of a terminal structure provided by an embodiment of the present invention. The first user client in the above embodiment may be installed in the terminal. See Figure 4 The terminal 400 may include a communication unit 410, a memory 420 including one or more computer-readable storage media, an input unit 430, a display unit 440, a sensor 450, an audio circuit 460, a WIFI (Wireless Fidelity, wireless fidelity) module 470, It includes a processor 480 with one or more processing cores, a power supply 490 and other components. Those skilled in the art can understand, Figure 4 The terminal structure shown in does not constitute a limitation on the terminal, and may include more or fewer components than shown in the figure, or a combination of certain components, or a different component arrangement. among them:

[0104] The communication unit 410 may be used for receiving and sending signals during information transmission or communication. The communication unit 410 may be an RF (Radio Frequency) circuit, a router, a modem, or other network communication equipment. In particular, when the communication unit 410 is an RF circuit, after receiving the downlink information of the base station, it is processed by one or more processors 480; in addition, the data related to the uplink is sent to the base station. Generally, the RF circuit as a communication unit includes, but is not limited to, an antenna, at least one amplifier, a tuner, one or more oscillators, a subscriber identity module (SIM) card, a transceiver, a coupler, and an LNA (LowNoise Amplifier, low noise amplifier). ), duplexer, etc. In addition, the communication unit 410 may also communicate with the network and other devices through wireless communication. The wireless communication can use any communication standard or protocol, including but not limited to GSM (Global System of Mobile communication, Global System for Mobile Communications), GPRS (General Packet Radio Service, General Packet Radio Service), CDMA (Code Division Multiple Access, Code Division Multiple Access), WCDMA (Wideband Code Division Multiple Access) , Wideband Code Division Multiple Access), LTE (LongTermEvolution, Long Term Evolution), email, SMS (ShortMessagingService, short message service), etc. The memory 420 may be used to store software programs and modules, and the processor 480 executes various functional applications and data processing by running the software programs and modules stored in the memory 420. The memory 420 may mainly include a program storage area and a data storage area. The program storage area may store an operating system, an application program required by at least one function (such as a sound playback function, an image playback function, etc.), etc.; The data (such as audio data, phone book, etc.) created by the use of the terminal 400, etc. In addition, the memory 420 may include a high-speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, a flash memory device, or other volatile solid-state storage devices. Correspondingly, the memory 420 may further include a memory controller to provide the processor 480 and the input unit 430 to access the memory 420.

[0105] The input unit 430 may be used to receive inputted digital or character information, and generate keyboard, mouse, joystick, optical or trackball signal input related to user settings and function control. Preferably, the input unit 430 may include a touch-sensitive surface 431 and other input devices 432. The touch-sensitive surface 431, also called a touch screen or a touchpad, can collect user touch operations on or near it (for example, the user uses any suitable objects or accessories such as fingers, stylus, etc.) on or on the touch-sensitive surface 431. Operation near the touch-sensitive surface 431), and drive the corresponding connection device according to the preset program. Optionally, the touch-sensitive surface 431 may include two parts: a touch detection device and a touch controller. Among them, the touch detection device detects the user's touch position, and detects the signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts it into contact coordinates, and then sends it To the processor 480, and can receive commands sent by the processor 480 and execute them. In addition, the touch-sensitive surface 431 can be implemented in multiple types such as resistive, capacitive, infrared, and surface acoustic wave. In addition to the touch-sensitive surface 431, the input unit 430 may also include other input devices 432. Preferably, the other input device 432 may include, but is not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackball, mouse, and joystick.

[0106] The display unit 440 may be used to display information input by the user or information provided to the user and various graphical user interfaces of the terminal 400. These graphical user interfaces may be composed of graphics, text, icons, videos, and any combination thereof. The display unit 440 may include a display panel 441. Optionally, the display panel 441 may be configured in the form of LCD (Liquid Crystal Display), OLED (Organic Light-Emitting Diode, organic light emitting diode), etc. Further, the touch-sensitive surface 431 may cover the display panel 441. When the touch-sensitive surface 431 detects a touch operation on or near it, it is transmitted to the processor 480 to determine the type of the touch event, and then the processor 480 responds to the touch event. The type provides corresponding visual output on the display panel 441. Although in Figure 4 In the above, the touch-sensitive surface 431 and the display panel 441 are used as two independent components to realize the input and input functions. However, in some embodiments, the touch-sensitive surface 431 and the display panel 441 may be integrated to realize the input and output functions.

[0107] The terminal 400 may also include at least one sensor 450, such as a light sensor, a motion sensor, and other sensors. The light sensor may include an ambient light sensor and a proximity sensor. The ambient light sensor can adjust the brightness of the display panel 441 according to the brightness of the ambient light, and the proximity sensor can turn off the display panel 441 and/or the backlight when the terminal 400 is moved to the ear . As a kind of motion sensor, the gravity acceleration sensor can detect the magnitude of acceleration in various directions (usually three-axis), and can detect the magnitude and direction of gravity when it is stationary. It can be used to identify mobile phone posture applications (such as horizontal and vertical screen switching, related Games, magnetometer posture calibration), vibration recognition related functions (such as pedometer, percussion), etc.; as for other sensors such as gyroscopes, barometers, hygrometers, thermometers, infrared sensors, etc., which can also be configured in the terminal 400, here are not Repeat it again.

[0108] The audio circuit 460, the speaker 461, and the microphone 462 may provide an audio interface between the user and the terminal 400. The audio circuit 460 can transmit the electric signal converted from the received audio data to the speaker 461, and the speaker 461 converts it into a sound signal for output; on the other hand, the microphone 462 converts the collected sound signal into an electric signal, which is then output by the audio circuit 460. After being received, it is converted into audio data, and then processed by the audio data output processor 480, and sent to, for example, another terminal via the communication unit 410, or the audio data is output to the memory 420 for further processing. The audio circuit 460 may also include an earplug jack to provide communication between a peripheral earphone and the terminal 400.

[0109] In order to realize wireless communication, a wireless communication unit 470 may be configured on the terminal, and the wireless communication unit 470 may be a WIFI module. WIFI is a short-distance wireless transmission technology. Through the wireless communication unit 470, the terminal 400 can help users send and receive e-mails, browse web pages, and access streaming media. It provides users with wireless broadband Internet access. Although the wireless communication unit 470 is shown in the figure, it is understandable that it is not a necessary component of the terminal 400 and can be omitted as needed without changing the essence of the invention.

[0110] The processor 480 is the control center of the terminal 400, which uses various interfaces and lines to connect various parts of the entire mobile phone, and by running or executing software programs and/or modules stored in the memory 420, and calling data stored in the memory 420, Perform various functions of the terminal 400 and process data, so as to monitor the mobile phone as a whole. Optionally, the processor 480 may include one or more processing cores; preferably, the processor 480 may integrate an application processor and a modem processor, where the application processor mainly processes the operating system, user interface, and application programs, etc. , The modem processor mainly deals with wireless communication. It can be understood that the foregoing modem processor may not be integrated into the processor 480.

[0111] The terminal 400 also includes a power source 490 (such as a battery) for supplying power to various components. Preferably, the power source can be logically connected to the processor 480 through a power management system, so that functions such as charging, discharging, and power management are realized through the power management system. The power supply 460 may also include one or more DC or AC power supplies, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and any other components.

[0112] Although not shown, the terminal 400 may also include a camera, a Bluetooth module, etc., which will not be repeated here.

[0113] In this embodiment, the terminal further includes one or more programs. The one or more programs are stored in the memory and are configured to be executed by one or more processors. The one or more programs include The instructions for performing the following security level determination method provided by the embodiment of the present invention include:

[0114] During the security verification process of the service, obtain multiple attribute information of the target device, the target device is the device currently executing the service, and the multiple attribute information is information that affects the security of the target device;

[0115] Determine the security level of the multiple attribute information;

[0116] Based on the security levels of the multiple attribute information, the security level of the target device is determined.

[0117] Optionally, the plurality of attribute information includes at least one of the following parameters: key storage location and key digest storage location.

[0118] Optionally, the key stored in the key storage location is the device authentication key ATTK.

[0119] Optionally, determining the security level of the multiple attribute information includes:

[0120] When the multiple attribute information includes a key storage location and a key digest storage location, determine whether the key storage location and the key digest storage location are trusted locations;

[0121] If the key storage location and the key digest storage location are both trusted locations, the security levels of the key storage location and the key digest storage location are both set to the first level.

[0122] Optionally, determining whether the key storage location and the key digest storage location are trusted locations includes:

[0123] Judging whether the key storage location is located in the first designated storage location, and judging whether the key digest storage location is located in the second designated storage location;

[0124] If the key storage location is located in the first designated storage location, determining that the key storage location is a trusted location;

[0125] If the key digest storage location is located in the second designated storage location, it is determined that the key digest storage location is a trusted location.

[0126] Optionally, the multiple attribute information further includes a key transmission mode.

[0127] Optionally, after the security level of the key storage location and the key digest storage location are both set to the first level, it further includes:

[0128] Determine the security level of the key transmission method.

[0129] Optionally, determining the security level of the key transmission mode includes:

[0130] Based on the key transmission mode, obtain the corresponding security level from the correspondence between the stored transmission mode and the security level;

[0131] Determine the obtained security level as the security level of the key transmission method.

[0132] Optionally, determining the security level of the key transmission mode includes:

[0133] Send a security level acquisition request to the application server, and the security level acquisition request carries the key transmission mode;

[0134] When the security level obtaining response sent by the application server is received, the security level carried in the security level obtaining response is determined as the security level of the key transmission mode.

[0135] In the embodiment of the present invention, in the process of verifying the security of the business, multiple attribute information that affects the security of the target device can be obtained, and the security level of the multiple attribute information can be determined, thereby based on the security level of the multiple attribute information , To determine the security level of the device, avoid the inability to control the business risk due to the inability to know the security of the device, improve the controllability of the business risk, and reduce the cost of controlling the business risk.

[0136] Those of ordinary skill in the art can understand that all or part of the steps in the foregoing embodiments can be implemented by hardware, or by a program instructing related hardware to be completed. The program can be stored in a computer-readable storage medium. The storage medium mentioned can be a read-only memory, a magnetic disk or an optical disk, etc.

[0137] The above descriptions are only preferred embodiments of the present invention and are not intended to limit the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention shall be included in the protection of the present invention. Within range.