The trusted execution environment (TEE) technology can provide a trusted execution environment/operating system that are protected in hardware isolation for smart terminals such as mobile phones or the like. Security-related applications on the smart terminal, i.e., TEE application, can be executed on TEE so as to ensure the security.
Near field communication (NFC) is a short-range wireless communication technology, which is based on radio frequency identification (RFID) technology and uses magnetic filed induction to realize a short-range communication between smart terminals.
Typically, the NFC function is realized in a rich execution environment (REE) such as Android, IOS or the like for the applications in REE. When the TEE applications require that the NFC function be realized, the following technical solutions exist.
The NFC function of TEE applications is realized through service proxy in the REE, as shown in FIG. 1. This solution takes advantage of the ability of connecting REE and NFC device in the smart terminal so as to set the NFC service proxy in the REE to provide NFC ability for TEE applications. Herein, the NFC apparatus can be a NFC controller, which is for example a NFC chip disposed in the smart terminal. The NFC service proxy in REE shown in FIG. 1 and a NFC client disposed in the TEE realize the NFC function of TEE applications based on a predetermined protocol. Specifically, the NFC service proxy receives a message from the TEE application via the NFC client, and invokes a NFC protocol stack to operate the NFC device to execute specific NFC functions, such as functions of card simulating, card reader, etc. Since data interaction between TEE applications and NFC devices has to go through insecure REE, it is difficult for the TEE applications to be executed safely. For example, for transaction applications in TEE, payment information transmitted via REE may be stole.
In other solutions, by setting NFC drive in TEE and realizing NFC protocol stack, the NFC ability is provided to TEE applications, as shown in FIG. 2. In order to make NFC functions of REE applications be compatible, this solution requires that a NFC virtual drive be additionally provided in the REE so as to dock with an actual NFC drive in the TEE. Since the NFC drive in the TEE is required to coordinate communications among NFC protocol stack, NFC virtual drive and NFC device, the complexity of TEE will be inevitably be increased. On the other hand, since REE core does not contain NFC virtual drive, changing the original NFC drive of REE core into NFC virtual drive will also increase the complexity of REE; in particular, with the addition of new NFC devices and the update of NEE core, an independent maintenance is required for the NFC virtual drive.