阅读说明：本技术 数据管理方法、智能卡及计算机可读存储介质 (Data management method, smart card and computer readable storage medium ) 是由 钱京 何碧波 崔可 于 2021-07-27 设计创作，主要内容包括：本申请提供一种数据管理方法、智能卡及计算机可读存储介质,方法包括：智能卡的安全管理应用获取目标程序的用户关键数据；所述目标程序为安装在所述智能卡中的程序；存储所述用户关键数据。这样,当目标程序升级时,原版本的目标程序被删除,新版本的目标程序被安装后,由于用户关键数据位于安全管理应用中,从而不会丢失,仍旧可以被升级后的目标程序正常调用,从而可以有效避免智能卡中目标程序升级后用户关键数据会丢失或需要恢复的问题。此外,由于目标程序和安全管理应用都位于智能卡内,因此数据交互均在智能卡内完成,不会存在数据传输安全问题。(The application provides a data management method, a smart card and a computer readable storage medium, wherein the method comprises the following steps: the safety management application of the intelligent card acquires user key data of a target program; the target program is a program installed in the smart card; storing the user critical data. Therefore, when the target program is upgraded, the target program of the original version is deleted, and after the target program of the new version is installed, the user key data is located in the safety management application, so that the user key data cannot be lost, and the target program can still be normally called by the upgraded target program, so that the problem that the user key data is lost or needs to be restored after the target program in the smart card is upgraded can be effectively solved. In addition, because the target program and the security management application are both located in the smart card, data interaction is completed in the smart card, and the data transmission security problem cannot exist.)

1. A data management method is applied to a security management application of a smart card, and comprises the following steps:

acquiring user key data of a target program; the target program is a program installed in the smart card;

storing the user critical data.

2. The data management method of claim 1, wherein the method further comprises:

acquiring a unique identifier of the target program;

correspondingly, the storing the user key data comprises:

and storing the user key data and the unique identification in an associated manner.

3. The data management method of claim 2, wherein the unique identifier comprises an application identifier of the target program and a custom parameter of the target program.

4. The data management method of claim 2, further comprising:

acquiring type identification of the key data of the target program user; the type identification is an identification which is obtained by the target program when the user key data is obtained and is used for identifying the type of the user key data;

correspondingly, the associating and storing the user key data and the unique identifier comprises:

and storing the user key data, the type identification and the unique identification in an associated manner.

5. The data management method of any of claims 2-4, wherein the method further comprises:

when a data request of the target program is acquired, identifying whether a unique identifier in the data request is an existing unique identifier in the security management application;

and if so, sending the user key data associated with the unique identifier to the target program.

6. The data management method of any of claims 2-4, wherein the method further comprises:

when a data destruction request for the target program is acquired, identifying whether a unique identifier in the data destruction request is an existing unique identifier in the security management application;

if yes, destroying the user key data associated with the unique identification.

7. A data management method is applied to a target program of a smart card, and comprises the following steps:

when user key data are acquired, sending the user key data to a corresponding safety management application so as to store the user key data in the safety management application; wherein the content of the first and second substances,

the security management application is an application installed in the smart card.

8. The data management method of claim 7, wherein the method further comprises:

and sending a unique identifier of the user to the security management application so as to store the user key data and the unique identifier in the security management application in an associated manner.

9. The data management method of claim 8, wherein the method further comprises:

when the user key data is obtained, obtaining a type identifier of the user key data; the type identification is used for identifying the type of the user key data;

and sending the type identification to the security management application so as to store the user key data, the type identification and the unique identification in the security management application association.

10. A method for data management according to any of claims 7-9, wherein the method further comprises:

when a preset task is executed, calling a data reading interface of the safety management application, and reading required user key data from the safety management application through the data reading interface; the preset tasks are tasks needing to use key data of the user;

and executing the preset task according to the user key data.

Technical Field

The present application relates to the field of smart card technologies, and in particular, to a data management method, a smart card, and a computer-readable storage medium.

Background

Smart card based applications or systems are small programs running on a smart card chip with limited memory space and computing power, which contain user critical data (including key data such as keys, accounts, amounts, etc.) and service program code, which are attributed to the application itself and are not accessible to other applications or systems.

With the popularization of smart cards, for most of the current smart cards (especially java cards (such as eSIM (Embedded Subscriber Identity Module) cards, financial cards, etc.) which support downloading and installing applications or systems after card issuance), the smart cards are required to have the capability of supporting application or system upgrade. At present, the conventional upgrading mode is to download a new version of an application or system after deleting the original application or system, thereby realizing upgrading.

However, when an application or system in the smart card is deleted, both the user critical data and the service program code are deleted together, and new user critical data needs to be re-established or personalized when a new version of the application or system is reinstalled. Therefore, after the application or system is upgraded in the existing upgrading mode, the original key data of the user is lost or needs to be recovered, and the user experience is seriously influenced.

Disclosure of Invention

An object of an embodiment of the present application is to provide a data management method, a smart card, and a computer-readable storage medium, so as to solve the problem in the prior art that critical user data is lost or needs to be recovered after an application or a system in the smart card is upgraded.

The embodiment of the application provides a data management method, which is applied to security management application of a smart card, and the method comprises the following steps: acquiring user key data of a target program; the target program is a program installed in the smart card; storing the user critical data.

In the implementation process, the security management application is pre-installed in the smart card, so that the user key data of the target program in the smart card is received and stored through the security management application. Therefore, when the target program is upgraded, the target program of the original version is deleted, and after the target program of the new version is installed, the user key data is located in the safety management application, so that the user key data cannot be lost, and the target program can still be normally called by the upgraded target program, so that the problem that the user key data is lost or needs to be restored after the target program in the smart card is upgraded can be effectively solved. In addition, because the target program and the security management application are both located in the smart card, data interaction is completed in the smart card, and the data transmission security problem cannot exist.

Further, the method further comprises: acquiring a unique identifier of the target program; correspondingly, the storing the user key data comprises: and storing the user key data and the unique identification in an associated manner.

It will be appreciated that in practice there may be more than one object within the smart card. In order to facilitate the realization of the distinguishing management of different target programs, the user key data and the unique identifier are stored in the realization process in a correlated manner, so that when the target program needs to acquire the corresponding user key data, only the user key data of the target program can be acquired through the limitation of the unique identifier, thereby realizing the isolation of the user key data among different target programs and improving the safety of the data in the intelligent card.

Further, the unique identifier comprises an application identifier of the target program and a custom parameter of the target program.

It should be appreciated that while in theory the application identification of a target program is unique, it may already uniquely identify a target program. However, in the actual application process, since the application identifier of the target program may be exposed to the outside, there may be a risk of being acquired by a malicious application. In the implementation process, the application identifier and the user-defined parameter of the target program are used as the unique identifier together, so that the security of the unique identifier is improved, and the risk that the unique identifier is acquired by a malicious application is reduced.

Further, the method further comprises: acquiring type identification of the key data of the target program user; the type identification is used for identifying the type of the user key data when the target program acquires the user key data; correspondingly, the associating and storing the user key data and the unique identifier comprises: and storing the user key data, the type identification and the unique identification in an associated manner.

In practical applications, the user critical data may be of many types, such as may be of the type of key, account, amount, etc. In the actual application process, the target program may only need to participate in part of the user critical data when executing a certain task. In the implementation process, the user key data, the type identifier and the unique identifier are stored in an associated manner, so that the user key data is classified and stored in a finer granularity, and a part of the user key data can be acquired according to the type identifier when the target program acquires the user key data.

Further, the method further comprises: when a data request of the target program is acquired, identifying whether a unique identifier in the data request is an existing unique identifier in the security management application; and if so, sending the user key data associated with the unique identifier to the target program.

In the implementation process, effective judgment on whether the target program has the corresponding user key data access request permission can be achieved through the unique identifier, and the user key data of the target program can be returned to the target program. Therefore, on one hand, data isolation among different target programs is realized, and data security is ensured; on the other hand, the target program can normally acquire the user key data of the target program, so that the corresponding task can be normally executed, and the normal operation of the target program is ensured.

Further, the method further comprises: when a data destruction request for the target program is acquired, identifying whether a unique identifier in the data destruction request is an existing unique identifier in the security management application; if yes, destroying the user key data associated with the unique identification.

In the implementation process, independent destruction control of user key data of different target programs is realized by identifying whether the unique identifier in the data destruction request is the unique identifier existing in the security management application.

The embodiment of the application also provides a data management method, which is applied to a target program of the smart card, and the method comprises the following steps: when user key data are acquired, sending the user key data to a corresponding safety management application so as to store the user key data in the safety management application; wherein the security management application is an application installed in the smart card.

In the implementation process, the user key data of the target program is stored through the security management application, so that when the target program is upgraded, the target program of the original version is deleted, and after the target program of the new version is installed, the user key data is located in the security management application, so that the target program cannot be lost, and still can be normally called by the upgraded target program, and therefore the problem that the user key data can be lost or needs to be restored after the target program in the smart card is upgraded can be effectively solved. In addition, because the target program and the security management application are both located in the smart card, data interaction is completed in the smart card, and the data transmission security problem cannot exist.

Further, the method further comprises: and sending a unique identifier of the user to the security management application so as to store the user key data and the unique identifier in the security management application in an associated manner.

Further, the method further comprises: when the user key data is obtained, obtaining a type identifier of the user key data; the type identification is used for identifying the type of the user key data; and sending the type identification to the security management application so as to store the user key data, the type identification and the unique identification in the security management application association.

Further, the method further comprises: when a preset task is executed, calling a data reading interface of the safety management application, and reading required user key data from the safety management application through the data reading interface; the preset tasks are tasks needing to use key data of the user; and executing the preset task according to the user key data.

In the implementation process, the target program can quickly call the required key user data from the security management application by calling the data reading interface of the security management application, so that the normal operation of the target program can be ensured.

The embodiment of the application also provides an intelligent card which is provided with a target program and a safety management application corresponding to the target program; the target program is used for sending the user key data to the safety management application corresponding to the target program when the user key data are obtained; the security management application is used for storing the user key data.

The smart card can save the key data of the user of the target program through the safety management application. Therefore, when the target program is upgraded, the target program of the original version is deleted, and after the target program of the new version is installed, the user key data is located in the safety management application, so that the user key data cannot be lost, and can still be normally called by the upgraded target program, so that the problem that the user key data is lost or needs to be restored after the target program in the smart card is upgraded can be effectively solved. In addition, because the target program and the security management application are both located in the smart card, data interaction is completed in the smart card, and the data transmission security problem cannot exist.

Further, the target program is multiple; and the target programs correspond to the same safety management application.

In the implementation process, a plurality of target programs are managed by one safety management application, so that precious storage resources in the smart card can be effectively saved, and meanwhile, the management logic is convenient to simplify.

Further, a type identifier is stored in the target program in a constant data form; the type identification is used for identifying the type of the key data of the user.

In the actual application process, the constant data is not usually deleted when the program is upgraded. Therefore, the type identifier is stored in the target program in a constant data form, and the situation that the type identifier is lost when the target program is deleted can be effectively avoided.

Also provided in an embodiment of the present application is a readable storage medium storing one or more programs, the one or more programs being executable by one or more processors to implement any of the above-described data management methods.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.

Fig. 1 is a schematic diagram of an application corresponding situation in a smart card according to an embodiment of the present application;

FIG. 2 is a diagram illustrating an application mapping scenario in another smart card according to an embodiment of the present application;

fig. 3 is a schematic flowchart of a data management method according to an embodiment of the present application;

fig. 4 is a schematic view of an interaction flow between a managed application and a security management application according to an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.

The first embodiment is as follows:

in order to solve the problem that key data of a user is lost or needs to be recovered after an application or a system is upgraded in a smart card in the prior art, the embodiment of the application provides the smart card. As shown in fig. 1 or fig. 2, an object program and a security management application corresponding to the object program are installed in the smart card in the embodiment of the present application. Wherein:

the target program is used for sending the user key data to the safety management application corresponding to the target program when the obtained user key data are obtained;

and the safety management application is used for storing the key data of the user.

It should be noted that in the embodiment of the present application, the target program may be an application or a system in a smart card.

It should also be noted that, in this embodiment of the present application, the user key data acquired by the target program may be data generated by the target program itself in the running process of the target program, or data input from the outside by the user, which is not limited in this embodiment of the present application.

It should also be noted that in the embodiment of the present application, only one security management application, for example, as shown in fig. 1, may be installed, so that all the applications or user critical data of the system in the smart card except the security management application are managed correspondingly by one security management application.

In addition, in the embodiment of the present application, a plurality of security management applications may also be installed, for example, as shown in fig. 2, so that each security management application may correspondingly manage user critical data of one or more different applications or systems in the smart card except for the security management application.

It should be noted that the smart card described in the embodiments of the present application may be a generic term referring to a card embedded with a microelectronic chip having data processing capability and having certain data storage capability. Which may be a SIM card, eSIM card, financial card, etc.

It should be noted that, based on the above smart card, an embodiment of the present application further provides a data management method applied to the above smart card. As shown in fig. 3, fig. 3 is a schematic flowchart of a data management method provided in this embodiment, and includes:

s301: and when the target program acquires the user key data, sending the user key data to the corresponding safety management application.

It should be noted that the user key data may be generated during the running of the target program (for example, for the amount data, new amount data may be generated along with the running of the application and the settlement of the transaction), or may be generated when the target program is personalized (for example, data such as a key of the target program). In the embodiment of the application, when the target program acquires the user key data, the user key data can be sent to the corresponding safety management application.

It should be noted that personalization is to be understood as the conversion of a smart card from a factory state to a usable state. At this time, the smart card initializes the applications and systems, thereby generating various basic data that can satisfy the use of the smart card.

It should be noted that, in the embodiment of the present application, since the target program and the security management application are installed programs in the smart card, they are physically multiplexed storage resources and computing resources within the smart card. Therefore, in order to send the user key data to the corresponding security management application, the direct data interaction between the target program and the security management application can be realized in a mode of configuring an object and an interface on a software layer.

For example, the target program may request a data management object mData from the security management application, and the target program may call a data writing interface of the security management application through the mData, so as to write the user key data in the security management application, thereby sending the user key data to the corresponding security management application.

It should be understood that the above is only one example that may be employed in the embodiments of the present application. In the actual application process, the user key data may also be sent to the corresponding security management application in a conventional message middleware or a manner of reading the user key data from the security management application to the target program, which is not limited in the embodiment of the present application.

S302: the security management application stores the user critical data.

In the embodiment of the application, after the security management application acquires the user key data, the user key data can be stored in the storage area of the security management application, so that the security management application is separated from the target program.

It should be noted that if the target program writes the user key data in the security management application by calling the data writing interface of the security management application, the data writing interface is directly communicated with the storage area of the security management application, so that the user key data is stored in the security management application after the user key data is written.

It should be understood that, in the embodiment of the present application, although the user critical data is stored in the security management application, the target program may obtain the user critical data of the target program from the security management application, so as to ensure that the target program operates normally.

In order to ensure that each target program does not erroneously acquire user key data of other target programs when acquiring user key data of the target program. In the embodiment of the application, the security management application can acquire the unique identifier of the target program and store the key data of the user and the unique identifier in association.

In this embodiment, the unique identifier of the target program may be transferred to the security management application by the target program when requesting a data management object mData from the security management application, and written into the security management application. The data writing interface of the security management application can also be called by the mData, and the unique identifier is written into the security management application when the user key data is written for the first time.

For example, the target program may initially request a data management object mData from the security management application and pass a unique identification to the security management application when mData is requested. And then when the user key data is written in, the target program can call a data writing interface of the security management application through the mData so as to search the unique identifier corresponding to the target program in the security management application, and then the user key data is written in the unique identifier, so that the user key data and the unique identifier of the target program are associated and stored in the security management application. If the unique identifier of the target program is not found in the security management application, the unique identifier of the target program can be created in the security management application, and the user key data can be written in the unique identifier.

In addition, in the embodiment of the present application, the unique identifier of the target program may also be given to the security management application through a conventional message middleware, or by reading from the target program by the security management application. At this time, the security management application stores the user key data in the unique identification association.

It should be understood that, in the embodiment of the present application, the unique identifier of the target program may be an AID (application identifier) of the target program. However, in order to further improve data security, in the embodiment of the present application, the unique identifier of the target program may also include an application identifier of the target program and a custom parameter of the target program. It should be noted that the custom parameter may be fixed parameter data existing in the target program, and the specific parameter type is not limited in the embodiment of the present application.

In the embodiment of the present application, a task (hereinafter referred to as a preset task) that requires the use of the user key data may be set in advance. When the target program runs, when the preset task needs to be executed, or before the preset task needs to be executed, the user key data needed by the preset task can be acquired from the safety management application, so that the preset task is executed according to the user key data, and the task execution requirement is met.

In this embodiment of the application, the target program may read the required user critical data from the security management application through the data reading interface by calling the data reading interface of the security management application.

Illustratively, the target program may call a data reading interface of the security management application through the mData, search the user key data under the unique identifier corresponding to the target program from the security management application, and read the user key data.

In addition, in the embodiment of the present application, the target program may also send a data request to the security management application, so that the security management application returns, according to the unique identifier in the data request, the user key data associated with the unique identifier to the target program.

Illustratively, the target program may send a data request to the security management application by way of messaging middleware or the like. When the security management application acquires the data request of the target program, the unique identifier in the data request is identified to be the unique identifier existing in the security management application. And if so, sending the user key data associated with the unique identifier to the target program. If not, an error prompt message can be returned at the moment.

It is also worth noting that in practical applications, the user critical data may be of many types, such as keys, accounts, amounts, etc. In the actual application process, the target program may only need to participate in part of the user critical data when executing a certain task.

Therefore, in the embodiment of the application, when the target program acquires the user key data, the type identifier of the user key data may also be acquired. And further sending the type identification to the safety management application so as to store the user key data, the type identification and the unique identification in the safety management application in an associated manner.

It should be noted that, in the embodiment of the present application, the type identifier is an identifier for identifying a type of the user key data.

In the embodiment of the present application, the type identifier may be in the form of a data name, a random number, or the like, as long as it can uniquely identify a type of user key data.

It should be noted that the type identifier of the user key data may be generated and maintained by the target program itself, or may be preset by an engineer or the like.

It should be understood that, similar to the sending manner of the unique identifier, the type identifier may also be directly written through a data writing interface for the target program to call the security management application, or sent through message middleware, and the like, which is not limited in the embodiment of the present application.

It should also be understood that, when the user key data, the type identifier and the unique identifier are stored in association in the security management application, when the target program acquires the user key data, a part of the user key data may be acquired according to the category identifier.

Illustratively, the target program may call a data reading interface of the security management application through mData, search user key data under the unique identifier corresponding to the target program from the security management application, and then read the user key data corresponding to the identifier of the required type from the user key data under the unique identifier according to the type of the user key data required by the preset task.

As another example, the target program may send a data request to the security management application by way of messaging middleware or the like. The type identifier and the unique identifier of the target program may be included in the data request. When the security management application acquires the data request of the target program, the unique identifier in the data request is identified to be the unique identifier existing in the security management application. If yes, extracting user key data corresponding to the type identifier from the user key data associated with the unique identifier, and sending the user key data to the target program. If not, an error prompt message can be returned at the moment.

It should be noted that, in the embodiment of the present application, in order to prevent the type identifier from being lost after the target program is upgraded, the type identifier may be saved in the form of constant data in the target program. In this way, the application program keeps constant data or sequentially increases when the version is upgraded in the actual application development process. Therefore, the effect of reserving the type identifier after upgrading can be achieved.

It should also be noted that, in the embodiment of the present application, the unique identifier of the target program may also be stored in the target program in the form of constant data. Therefore, under some special conditions, when the unique identifiers of the target program after being upgraded and the target program before being upgraded are changed, all user key data of the target program can be downloaded to the target program through the original unique identifier stored in a constant data form, and then the user key data is stored in the security management application by associating the latest unique identifier. Alternatively, the original unique identifier and the latest unique identifier may be sent to the security management application, so that the original unique identifier is replaced with the latest unique identifier in the security management application.

In addition, in the embodiment of the application, the security management application can also provide data destruction service, so that precious storage resources in the smart card are saved.

For example, when acquiring a data destruction request for a target program, a security management application may identify whether a unique identifier in the data destruction request is an existing unique identifier in the security management application; if yes, the key data of the user associated with the unique identification can be destroyed.

For example, when a user uninstalls an application, the user may be prompted as to whether the user data in the application needs to be deleted. If the user selects to delete the user data, a data destruction request for the unloaded application can be generated at this time, and data destruction is performed.

In this embodiment of the application, when acquiring a data destruction request for a target program, the security management application may specifically mark the user key data associated with the unique identifier, so as to call a destruction program at a set time to delete all the specifically marked user key data.

In addition, the security management application may directly call the destruction program to delete the user key data when acquiring the data destruction request for the target program.

According to the smart card and the data management method provided by the embodiment of the application, the security management application is pre-installed in the smart card, so that the key user data of the target program in the smart card is received and stored through the security management application. Therefore, when the target program is upgraded, the target program of the original version is deleted, and after the target program of the new version is installed, the user key data is located in the safety management application, so that the user key data cannot be lost, and the target program can still be normally called by the upgraded target program, so that the problem that the user key data is lost or needs to be restored after the target program in the smart card is upgraded can be effectively solved. In addition, because the target program and the security management application are both located in the smart card, data interaction is completed in the smart card, and the data transmission security problem cannot exist. In addition, because the target program and the security management application are both located in the smart card, and because firewall limitation exists between the applications in the smart card, data in the security management application cannot be randomly accessed by other applications, the data security is high, and the data can not be encrypted when data interaction is carried out.

Example two:

the present embodiment is based on the first embodiment, and further illustrates the smart card shown in fig. 1 as an example.

Referring to FIG. 4:

step 1, the managed application applies for a data management object mData from the security management application through a shared interface.

And 2, the safety management application returns the data management object mData according to the AID and the user-defined parameters of the managed application in the application.

It should be understood that the data management object mData is an object applied by the managed application to the security management application through the shared interface, and the data context of the data management object mData is the security management application, and the data applied by the object belongs to the security management application, and the managed application can only access the data through the object call interface.

And because the data management object mData of each managed application is generated according to the AID and the custom parameter of the managed application, each managed application corresponds to a different data management object mData respectively.

And 3, the managed application creates a data object through the mData calling interface and initializes the type identifier sID of the data object.

And 4, returning an initialization result by the managed application.

It should be noted that the interfaces available for calling include interfaces for creating, writing, reading, querying, and destroying data.

In the embodiment of the present application, the type identifier sID of the data object may be input into each interface. The type identifier sID is assigned and managed by the managed application, is held in the form of a constant data table, and is configured to be unchangeable.

And 5, writing the user key data into the managed application through the mData calling data writing interface.

And 6, returning a writing result by the safety management application.

In step 5, the managed application may first query, through the mData, whether a data object corresponding to the sID of the user key data to be written has been created by calling a bootean check (short sID) interface. If it has, flow 12 is entered. If not, the flow proceeds to the flow 11 and then to the flow 12. The toolean check represents a data query interface, and the toolean check (short sID) represents whether a data object corresponding to the sID in the parentheses exists in the query.

In the flow 11, the managed application calls the bootean buildment (short sID, …) interface through mData to create a data object corresponding to the sID. The bootean buildElement represents a data creation interface, and the bootean buildElement (short sID, …) represents a data object corresponding to the sID in the creation bracket.

In the flow 12, the managed application calls a bootean write element (short sID, …) interface via mData, and writes the user key data in the data object corresponding to the sID. The bootean buildElement represents a data writing interface, and the bootean buildElement (short sID, …) represents data written from the data writing interface corresponding to the sID in the parenthesis.

It should be noted that when the managed application needs to read the data content, the process of writing the user critical data is similar:

the managed application can firstly call a bootean check (short sID) interface through mData to inquire whether a data object corresponding to the sID of the user key data to be read is created.

If the data object is created, the managed application calls a bootean ready element (short sID, …) interface through the mData, and reads the user key data in the data object corresponding to the sID into the baBuffer object managed by the managed application. The bootean readElement represents a data reading interface, and the bootean readElement (short sID, …) represents data read from the data reading interface corresponding to the sID in the parenthesis.

If not, a read failure is returned.

It should also be noted that when the managed application needs to destroy the data content, similar to the process of reading user critical data:

firstly, a bolus check (short sID) interface can be called by mData to inquire whether a data object corresponding to the sID of the user key data to be destroyed is created.

If the data object is created, calling a bootean delete (short sID) interface through the mData to destroy the user key data in the data object corresponding to the sID. Wherein, the bootean delete represents the data destruction interface, and the bootean delete (short sID) represents the data destruction interface corresponding to the sID in the parentheses to destroy the data.

If not, returning that the destroyed object does not exist.

According to the scheme, the data services such as creation, query, writing, reading and destruction of data are provided for other applications by establishing the security management application, so that the user key data of other applications and the application do not have a context relationship. When the application needs to be upgraded, after the old application is deleted, the new application is downloaded and installed again, and under the condition that the AID and the type identifier of the application are not changed, the newly installed application still can access the user key data in the security management application, so that the user key data (such as the data of a key, an account and the like) which cannot be leaked by the application per se cannot be lost due to the fact that the application is deleted, and upgrading management of the application is facilitated.

Example three:

the present embodiment provides a computer-readable storage medium, such as a floppy disk, an optical disk, a hard disk, a flash Memory, a usb (Secure Digital Memory Card), an MMC (Multimedia Card), etc., in which one or more programs implementing the above steps are stored, and the one or more programs can be executed by one or more processors to implement the data management method in the first embodiment and/or the second embodiment. And will not be described in detail herein.

In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.

In addition, units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

Furthermore, the functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.

In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.

In this context, a plurality means two or more.

The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.