Method and apparatus for managing applications in a security device

Abstract

Disclosed are a method of managing an application in a secure device, and a device, the method comprising: a content management agent acquiring attribute information of an application already installed on a secure device, and according to the attribute information of the application, confirming storage of an encrypted executable load file corresponding to the attribute information of the application; the content management agent sending a first instruction to the secure device to instruct the secure device to uninstall the application, wherein the first instruction includes the attribute information of the application; and the content management device receiving a first response sent by the secure device, wherein the first response includes the identification information of the user data packet of the application. By uninstalling an application installed on the secure device, the issue of insufficient available storage space for a user of the secure device is solved while further guaranteeing security of user data by storing the user data on the secure device; and the ELF of an uninstalled application is stored on the content management agent, guaranteeing that the uninstalled application can be locally re-installed from a terminal.

Description

Technical field [0001] The embodiments of the present application relate to the field of information processing technology, and in particular, to a management method and device applied to a security device. Background technique [0002] The secure element (SE) is a key factor in the realization of mobile payment services. It provides a tamper resistant (tamper resistant) operating and storage environment and cryptographic computing functions, which can be used to install and run payment card applications and save User confidential data, such as keys, certificates, etc., can also be used to save access rules for SE or device sensitive application programming interface (device sensitive application programming interface). SE can be packaged into a universal integrated circuit card (universal intergrated circuit card, UICC) and then installed in the terminal, or it can be packaged as an embedded secure element (eSE), and then soldered to the motherboard of the terminal, no matter wh...

AI Technical Summary

Problems solved by technology

According to the existing global platform card specification (globalplatform card specification, GPCS), for card applications, installed in SE, need to be associated with a security domain (security domain, SD) in order to use the secure channel (secure channel) service provided by the security domain , this requirement brings additional space occupation; while the SE that supports the storage management feature installs the card application, it must use the reserved memory (reserved memory) parameter to reserve storage resources for the card application, and use the storage quota (memory quota) The parameter specifies an expandable storage space for the card application. This resource reservation management method causes the card application to occupy additional space, and the utilization rate of the SE space is not high, which aggravates the tension of the SE space.

Images