Shulou(Shulou.com)05/31 Report--

Today, the editor will show you how to answer HCE security questions. The knowledge points in the article are introduced in great detail. Friends who feel helpful can browse the content of the article with the editor, hoping to help more friends who want to solve this problem find the answer to the problem. Follow the editor to learn more about "how to answer HCE security problems".

In recent projects, I am often asked: is HCE secure?

My answer is: relatively safe.

Hearing my answer, many people may begin to say, so-and-so bank is on the HCE app, why is it not safe?

In fact, there are two scenarios for HCE applications: online mode and offline mode.

Online mode:

The relevant keys and operations are completed in the background, even if there are security problems, it also belongs to the category of network security. However, the problem of large-scale key disclosure will not occur. At present, the HCE applications launched by banks are all online mode.

Offline mode:

Relevant keys, sensitive data, amount and other information will be stored inside the phone. This is troublesome, because Android phones are easily root, and all the data will be read and copied.

Pure HCE security solution:

Transaction key: protected by the session key, the session key will be changed each time, and the transaction key will be re-encrypted.

Sensitive data and amount: protected by session key, encrypting all zeros with data plaintext to generate a check value; when verifying sensitive data and amount, decrypt it first, and then compare the check value.

Security levels: algorithm hiding

Disadvantages: unable to achieve anti-replication.

HCE+TEE 's security solution:

The HCE application realizes the simulation industry application.

TEE stores keys, sensitive data, amounts, and so on.

Security level: kernel security

Cons: the TEE adaptation rate is low and the phone needs to be restarted.

Thank you for your reading. The above is the whole content of "how to answer HCE Security questions". Friends who learn to learn to do it quickly. I believe that the editor will certainly bring you better quality articles. Thank you for your support to the website!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.