公开(公告)号：US20200242274A1

公开(公告)日：2020-07-30

申请号：US16849318

申请日：2020-04-15

Applicant: Huawei Technologies Co., Ltd.

Inventor： Shilin Pan

IPC: G06F21/74 ,  H04L9/14 ,  H04L9/32 ,  G06F12/1009

Abstract: The present application provides a secure element comprising a processor and a memory integrated into a semiconductor chip; the memory is configured to provide a storage space for the processor to load and run a secure program, the secure program includes an image of a secure operating system, and the image of the secure operating system includes a system image resident segment and a system image dynamic loading segment. The processor is configured to: divide the system image dynamic loading segment into a plurality of pages, where each of the plurality of pages includes some content of the system image dynamic loading segment; perform security processing on each of the plurality of pages; and migrate each security-processed page to an external storage of the secure element.

公开(公告)号：US20190050844A1

公开(公告)日：2019-02-14

申请号：US16159095

申请日：2018-10-12

Applicant: Huawei Technologies Co., Ltd.

Inventor： Shilin Pan

IPC: G06Q20/32

Abstract: An apparatus for controlling running of multiple security software applications, including: a secure element and at least one central processing unit coupled to the secure element, where the secure element includes a processor and a first random access memory; the processor is configured to: run secure operating system software and at least one security software application based on the secure operating system software; when it is required to run a second security software application, suspend running of a first security software application in the at least one security software application, control migrating first temporary data generated during running of the first security software application from the first random access memory to a storage device disposed outside the secure element, and based on the secure operating system software, run the second security software application.

公开(公告)号：US09575780B2

公开(公告)日：2017-02-21

申请号：US14341337

申请日：2014-07-25

Applicant: Huawei Technologies Co., Ltd.

Inventor： Kai Liu ,  Shilin Pan ,  Miaofang Xia

IPC: G06F9/45 ,  G06F9/445 ,  G06F9/44 ,  H04M1/725

CPC classification number: G06F9/44547 ,  G06F8/54 ,  G06F8/71 ,  G06F9/454 ,  H04M1/72519

Abstract: The present invention relates to a method and an apparatus for generating an executable file of a multi-instance service. The method includes: performing compilation for a source file corresponding to a multi-instance service, to obtain a first-class object file, where the multi-instance service includes N instances, and N is a natural number greater than or equal to 2; performing an object copy of the first-class object file N−1 times, to obtain N−1 new first-class object files; and performing linking to the first-class object file and the N−1 new first-class object files, to generate an executable file. In the present invention, an executable file is generated by performing mirroring and linking processing for an object file obtained by compilation, thereby reducing a development cost and a maintenance cost of software source code.

Abstract translation: 本发明涉及一种用于生成多实例服务的可执行文件的方法和装置。 该方法包括：对与多实例服务相对应的源文件执行编译，以获得第一类对象文件，其中多实例服务包含N个实例，N为大于或等于2的自然数; 执行第一类对象文件的对象副本N-1次，以获得N-1个新的一级对象文件; 并执行与第一类对象文件和N-1个新的第一类对象文件的链接，以生成可执行文件。 在本发明中，通过对通过编译获得的目标文件执行镜像和链接处理来生成可执行文件，从而降低了软件源代码的开发成本和维护成本。

公开(公告)号：US12223043B2

公开(公告)日：2025-02-11

申请号：US17902220

申请日：2022-09-02

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Shilin Pan

IPC: G06F21/52 ,  G06F21/55 ,  G06F21/56 ,  G06F21/57 ,  G06F21/62

Abstract: An electronic apparatus and a security protection method are disclosed. The electronic apparatus includes a security protection apparatus and a first processor. Security isolation exists between the security protection apparatus and the first processor. The first processor is configured to operate when driven by software, and the software includes an operating system and/or an application. The security protection apparatus is configured to: perform security detection on the software, and when detecting that the software is tampered with, perform a security protection operation on the electronic apparatus. In this way, the electronic apparatus may be monitored in real time during an operating process of the electronic apparatus, to avoid theft or modification of important data such as key data and improve security.

公开(公告)号：US11455430B2

公开(公告)日：2022-09-27

申请号：US16849318

申请日：2020-04-15

Applicant: Huawei Technologies Co., Ltd.

Inventor： Shilin Pan

IPC: G06F21/74 ,  G06F12/1009 ,  H04L9/14 ,  H04L9/32

Abstract: The present application provides a secure element comprising a processor and a memory integrated into a semiconductor chip; the memory is configured to provide a storage space for the processor to load and run a secure program, the secure program includes an image of a secure operating system, and the image of the secure operating system includes a system image resident segment and a system image dynamic loading segment. The processor is configured to: divide the system image dynamic loading segment into a plurality of pages, where each of the plurality of pages includes some content of the system image dynamic loading segment; perform security processing on each of the plurality of pages; and migrate each security-processed page to an external storage of the secure element.

公开(公告)号：US11429950B2

公开(公告)日：2022-08-30

申请号：US15388813

申请日：2016-12-22

Applicant: Huawei Technologies Co., Ltd.

Inventor： Shilin Pan

IPC: G06Q20/32 ,  G06F21/57 ,  H04W4/80 ,  G06Q20/38 ,  G06Q20/40 ,  H04L9/32 ,  H04W12/08 ,  H04W12/45

Abstract: A mobile payment apparatus includes a communication unit configured to exchange payment information with a communication peer end using a radio link, a memory configured to store mobile payment software, a SE, including a first storage module and a processor, and at least one CPU configured to execute general operating system software. The processor is configured to load the mobile payment software from the memory to the first storage module and exchange the payment information with the communication unit under action of the mobile payment software. The first storage module is configured to provide memory space for executing the mobile payment software for the processor. The SE and the at least one CPU are located in a first semiconductor chip.

公开(公告)号：US20210091945A1

公开(公告)日：2021-03-25

申请号：US17114052

申请日：2020-12-07

Applicant: Huawei Technologies Co., Ltd.

Inventor： Shilin Pan

IPC: H04L9/08 ,  G06F21/60 ,  H04L9/06

Abstract: A key processing method includes receiving, in a trusted execution environment, an initial key from a file encryption system in a normal execution environment, decrypting, in the trusted execution environment, the initial key to obtain a file key, storing, in the trusted execution environment, the file key in a key register of a storage controller, where the file encryption system in the normal execution environment is forbidden to access the key register, obtaining, in the trusted execution environment, a key index of the file key in the key register, where the key index indicates a storage location of the file key in the key register, and sending, in the trusted execution environment, the key index to the file encryption system.

公开(公告)号：US10853519B2

公开(公告)日：2020-12-01

申请号：US16453915

申请日：2019-06-26

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Shilin Pan

IPC: G06F21/62 ,  G06F7/58 ,  G06F21/71

Abstract: A system on chip is integrated in a first semiconductor chip, and includes a secure element and at least one central processing unit that is coupled to the secure element. Security isolation exists between the secure element and the at least one central processing unit. The at least one central processing unit is configured to communicate with the secure element. The secure element includes a secure processor and a first memory that is coupled to the secure processor. The secure processor can suspend running first secure operating system software and further start second secure operating system software, to implement switching between multiple pieces of secure operating system software. Running data of running secure operating system software is stored in the first memory, and running data of secure operating system software that is not run is stored in a second memory outside the system on chip.

公开(公告)号：US09720678B2

公开(公告)日：2017-08-01

申请号：US14261151

申请日：2014-04-24

Applicant: Huawei Technologies Co., Ltd.

Inventor： Shilin Pan ,  Yonghong Wang

IPC: G06F9/445 ,  H04L29/08

CPC classification number: G06F8/65 ,  H04L67/34

Abstract: Embodiments of the present invention disclose a network switching method, a version upgrade method, and a terminal device, which relate to the field of communications technologies. A terminal receives a user instruction that instructs the terminal to access a network of a target operator. If an operator of a network currently accessed by the terminal is different from the target operator, a preset file is read to obtain image information corresponding to the target operator. A target image file corresponding to the target operator is obtained according to the image information and version switching is performed according to the target image file. The preset file includes image information that corresponds to all image files of operators stored in the terminal in one-to-one correspondence.

公开(公告)号：US20170103378A1

公开(公告)日：2017-04-13

申请号：US15388813

申请日：2016-12-22

Applicant: Huawei Technologies Co., Ltd.

Inventor： Shilin Pan

IPC: G06Q20/32 ,  G06Q20/40 ,  G06Q20/38 ,  H04L9/32

CPC classification number: G06Q20/3226 ,  G06F21/57 ,  G06Q20/3227 ,  G06Q20/3229 ,  G06Q20/3278 ,  G06Q20/3829 ,  G06Q20/401 ,  H04L9/3236 ,  H04L2209/56 ,  H04L2209/80 ,  H04W4/80 ,  H04W12/00405 ,  H04W12/08

Abstract: A mobile payment apparatus includes a communication unit configured to exchange payment information with a communication peer end using a radio link, a memory configured to store mobile payment software, a SE, including a first storage module and a processor, and at least one CPU configured to execute general operating system software. The processor is configured to load the mobile payment software from the memory to the first storage module and exchange the payment information with the communication unit under action of the mobile payment software. The first storage module is configured to provide memory space for executing the mobile payment software for the processor. The SE and the at least one CPU are located in a first semiconductor chip.