阅读说明：本技术 一种配置客户端的方法及装置、终端设备 (Method and device for configuring client and terminal equipment ) 是由 杨宁 于 2019-08-28 设计创作，主要内容包括：本申请实施例提供一种配置客户端的方法及装置、终端设备,该方法包括：客户端向第一配置设备发送所述客户端的目标资源的目标属性,所述目标属性用于表示所述客户端的设备角色；其中,所述客户端具有至少一个第一安全资源；所述客户端的设备角色为移动设备的情况下,所述客户端接收所述第一配置设备发送的第一创建信令,基于所述第一创建信令在所述客户端上创建第二安全资源,所述第二安全资源与所述至少一个第一安全资源属于同一资源类型；所述客户端接收所述第一配置设备发送的第一配置信令,基于所述第一配置信令配置所述第二安全资源。(The embodiment of the application provides a method and a device for configuring a client and a terminal device, wherein the method comprises the following steps: a client sends a target attribute of a target resource of the client to a first configuration device, wherein the target attribute is used for representing a device role of the client; wherein the client has at least one first secure resource; under the condition that the device role of the client is a mobile device, the client receives a first creation signaling sent by the first configuration device, and creates a second security resource on the client based on the first creation signaling, wherein the second security resource and the at least one first security resource belong to the same resource type; and the client receives a first configuration signaling sent by the first configuration device, and configures the second security resource based on the first configuration signaling.)

A method of configuring a client, the method comprising:

a client sends a target attribute of a target resource of the client to a first configuration device, wherein the target attribute is used for representing a device role of the client; wherein the client has at least one first secure resource;

under the condition that the device role of the client is a mobile device, the client receives a first creation signaling sent by the first configuration device, and creates a second security resource on the client based on the first creation signaling, wherein the second security resource and the at least one first security resource belong to the same resource type;

and the client receives a first configuration signaling sent by the first configuration device, and configures the second security resource based on the first configuration signaling.

The method of claim 1, wherein,

a first portion of attributes of the second secure resource is determined based on one of the at least one first secure resource;

a second partial attribute of the second secure resource is determined based on the first configuration signaling.

The method of claim 1 or 2,

the value of the target attribute of the target resource supports a first value, and the first value is used for indicating that the role of the device is a mobile device; alternatively, the first and second electrodes may be,

and the value of the target attribute of the target resource supports a second value, and the second value is used for representing that the role of the equipment is fixed equipment.

The method of claim 3, wherein the method further comprises:

the client checks the target attribute of the target resource of the client;

if the value of the target attribute is the first value, the client side keeps the existing resource configuration after entering a configuration mode; alternatively, the first and second electrodes may be,

and under the condition that the value of the target attribute is the second value, deleting the existing resource configuration after the client enters a configuration mode.

The method of any of claims 1 to 4, wherein the client sending, to a first configuration device, a target attribute of a target resource of the client, comprises:

the client receives a first request message sent by the first configuration device, wherein the first request message is used for requesting a target attribute of a target resource of the client;

the client sends a first response message to the first configuration device, wherein the first response message is used for informing the first configuration device of the target attribute of the target resource of the client.

The method according to any one of claims 1 to 5, wherein, in a case that the device role of the client is a mobile device, the receiving, by the client, the first creation signaling sent by the first configuration device includes:

under the condition that the device role of the client is a mobile device, the client receives a second request message sent by the first configuration device, wherein the second request message is used for requesting resource content of the client;

the client sends resource content of the client to the first configuration device, wherein the resource content comprises an identifier of the at least one first security resource and a resource type;

and the client receives a first creation signaling sent by the first configuration device, wherein the first creation signaling is used for creating the second security resource.

The method of any of claims 1-6, wherein the at least one first secure resource and the second secure resource are both of a first resource type, the first resource type being a master-related resource.

The method of claim 7, wherein the client receives first configuration signaling sent by the first configuration device, and configures the second security resource based on the first configuration signaling, comprising:

the client receives a first configuration signaling sent by the first configuration device, wherein the first configuration signaling carries a first device identifier of the first configuration device;

and the client configures a first attribute and a second attribute of the second secure resource based on the first configuration signaling, wherein the first attribute is used for representing an equipment owner identifier, the second attribute is used for representing a resource owner identifier, the value of the first attribute is the first equipment identifier, and the value of the second attribute is the first equipment identifier.

The method of claim 8, wherein the method further comprises:

the client receives a second configuration signaling sent by the first configuration device, and configures a third attribute of the second secure resource based on the second configuration signaling, wherein the third attribute is used for indicating whether to create a device owner, the value of the third attribute is a third value, and the third value is used for indicating that the device owner has been created;

and the client sets the third attribute of the at least one first security resource as the third value.

The method of any of claims 1-6, wherein the at least one first secure resource and the second secure resource both belong to a second resource type, the second resource type being a credential related resource.

The method of claim 10, wherein the client receives first configuration signaling sent by the first configuration device, and configures the second security resource based on the first configuration signaling, comprising:

the client receives a first configuration signaling sent by the first configuration device, wherein the first configuration signaling carries a first device identifier and a credential content of the first configuration device;

and the client configures a fourth attribute and a fifth attribute of the second secure resource based on the first configuration signaling, wherein the fourth attribute is used for representing a resource owner identifier, the fifth attribute is used for representing voucher content, and a value of the fourth attribute is the first equipment identifier.

A method of configuring a client, the method comprising:

a client sends a target attribute of a target resource of the client to a first configuration device, wherein the target attribute is used for representing a device role of the client; wherein the client has at least one first secure resource;

under the condition that the device role of the client is a mobile device, the client receives a trigger signaling sent by the first configuration device, wherein the trigger signaling is used for triggering the client to start device leading configuration;

the client creates a second secure resource on the client, wherein the second secure resource and the at least one first secure resource belong to the same resource type;

and the client acquires configuration parameters from the first configuration equipment and configures the second security resource based on the configuration parameters.

The method of claim 12, wherein,

a first portion of attributes of the second secure resource is determined based on one of the at least one first secure resource;

a second portion of attributes of the second secure resource is determined based on the configuration parameters.

The method of claim 12 or 13,

the value of the target attribute of the target resource supports a first value, and the first value is used for indicating that the role of the device is a mobile device; alternatively, the first and second electrodes may be,

and the value of the target attribute of the target resource supports a second value, and the second value is used for representing that the role of the equipment is fixed equipment.

The method of claim 14, wherein the method further comprises:

the client checks the target attribute of the target resource of the client;

if the value of the target attribute is the first value, the client side keeps the existing resource configuration after entering a configuration mode; alternatively, the first and second electrodes may be,

and under the condition that the value of the target attribute is the second value, deleting the existing resource configuration after the client enters a configuration mode.

The method of any of claims 12 to 15, wherein the client sending target attributes of a target resource of the client to a first configuration device comprises:

the client receives a first request message sent by the first configuration device, wherein the first request message is used for requesting a target attribute of a target resource of the client;

the client sends a first response message to the first configuration device, wherein the first response message is used for informing the first configuration device of the target attribute of the target resource of the client.

The method of any of claims 12 to 16, wherein the at least one first secure resource and the second secure resource are both of a first resource type, the first resource type being a master-related resource.

The method of claim 17, wherein the client obtaining configuration parameters from the first configuration device, configuring the second secure resource based on the configuration parameters, comprises:

the client acquires a first device identifier of the first configuration device from the first configuration device, and configures a first attribute and a second attribute of the second secure resource based on the first device identifier, wherein the first attribute is used for representing a device owner identifier, the second attribute is used for representing a resource owner identifier, a value of the first attribute is the first device identifier, and a value of the second attribute is the first device identifier.

The method of claim 18, wherein the method further comprises:

the client configures a third attribute of the second secure resource, wherein the third attribute is used for indicating whether an equipment owner is created or not, the value of the third attribute is a third value, and the third value is used for indicating that the equipment owner is created;

and the client sets the third attribute of the at least one first security resource as the third value.

The method of any of claims 12 to 16, wherein the at least one first secure resource and the second secure resource both belong to a second resource type, the second resource type being a credential related resource.

The method of claim 20, wherein the client obtaining configuration parameters from the first configuration device, configuring the second secure resource based on the configuration parameters, comprises:

the client acquires a first device identifier and credential content of the first configuration device from the first configuration device;

and the client configures a fourth attribute and a fifth attribute of the second secure resource based on the first equipment identifier and the voucher content, wherein the fourth attribute is used for representing a resource owner identifier, the fifth attribute is used for representing voucher content, and the value of the fourth attribute is the first equipment identifier.

A method of configuring a client, the method comprising:

a first configuration device receives a target attribute of a target resource sent by a client, wherein the target attribute is used for representing a device role of the client; wherein the client has at least one first secure resource;

when the device role of the client is a mobile device, the first configuration device sends a first creation signaling to the client, where the first creation signaling is used to indicate that a second secure resource is created on the client, and the second secure resource and the at least one first secure resource belong to the same resource type;

and the first configuration equipment sends a first configuration signaling to the client, wherein the first configuration signaling is used for configuring the second security resource.

The method of claim 22, wherein,

a first portion of attributes of the second secure resource is determined based on one of the at least one first secure resource;

a second partial attribute of the second secure resource is determined based on the first configuration signaling.

The method of claim 22 or 23,

the value of the target attribute of the target resource supports a first value, and the first value is used for indicating that the role of the device is a mobile device; alternatively, the first and second electrodes may be,

and the value of the target attribute of the target resource supports a second value, and the second value is used for representing that the role of the equipment is fixed equipment.

The method of any of claims 22 to 24, wherein the first configuration device receiving a target attribute of a target resource sent by a client comprises:

the first configuration equipment sends a first request message to the client, wherein the first request message is used for requesting a target attribute of a target resource of the client;

the first configuration device receives a first response message sent by the client, wherein the first response message is used for notifying the first configuration device of the target property of the target resource of the client.

The method according to any one of claims 22 to 25, wherein, in a case where the device role of the client is a mobile device, the first configuration device sends a first create signaling to the client, including:

when the device role of the client is a mobile device, the first configuration device sends a second request message to the client, wherein the second request message is used for requesting resource content of the client;

the first configuration device receives resource content of the client sent by the client, wherein the resource content comprises an identifier of the at least one first security resource and a resource type;

and the first configuration equipment sends a first creation signaling to the client, wherein the first creation signaling is used for creating the second security resource.

The method of any of claims 22 to 26, wherein the at least one first secure resource and the second secure resource are both of a first resource type, the first resource type being a master-related resource.

The method of claim 27, wherein the first configuration signaling carries a first device identity of the first configuration device;

the first configuration signaling is used for configuring a first attribute and a second attribute of the second secure resource, where the first attribute is used to represent an equipment owner identifier, the second attribute is used to represent a resource owner identifier, a value of the first attribute is the first equipment identifier, and a value of the second attribute is the first equipment identifier.

The method of claim 28, wherein the method further comprises:

the first configuration device sends a second configuration signaling to the client, where the second configuration signaling is used to configure a third attribute of the second secure resource, where the third attribute is used to indicate whether to create an owner, a value of the third attribute is a third value, and the third value is used to indicate that the owner of the device has been created.

The method of any of claims 22 to 26, wherein the at least one first secure resource and the second secure resource both belong to a second resource type, the second resource type being a credential related resource.

The method of claim 30, wherein the first configuration signaling carries a first device identification and credential content of the first configuration device;

the first configuration signaling is used for configuring a fourth attribute and a fifth attribute of the second secure resource, where the fourth attribute is used for representing a resource owner identifier, the fifth attribute is used for representing a credential content, and a value of the fourth attribute is the first device identifier.

A method of configuring a client, the method comprising:

a first configuration device receives a target attribute of a target resource of a client sent by the client, wherein the target attribute is used for representing a device role of the client; wherein the client has at least one first secure resource;

when the device role of the client is a mobile device, the first configuration device sends a trigger signaling to the client, wherein the trigger signaling is used for triggering the client to create a second secure resource on the client, and the second secure resource and the at least one first secure resource belong to the same resource type;

and the first configuration equipment sends configuration parameters to the client, wherein the configuration parameters are used for the client to configure the second security resource.

The method of claim 32, wherein,

a first portion of attributes of the second secure resource is determined based on one of the at least one first secure resource;

a second portion of attributes of the second secure resource is determined based on the configuration parameters.

The method of claim 32 or 33,

the value of the target attribute of the target resource supports a first value, and the first value is used for indicating that the role of the device is a mobile device; alternatively, the first and second electrodes may be,

and the value of the target attribute of the target resource supports a second value, and the second value is used for representing that the role of the equipment is fixed equipment.

The method of any of claims 32 to 34, wherein the first configuration device receiving a target attribute of a target resource sent by a client comprises:

the first configuration equipment sends a first request message to the client, wherein the first request message is used for requesting a target attribute of a target resource of the client;

the first configuration device receives a first response message sent by the client, wherein the first response message is used for notifying the first configuration device of the target property of the target resource of the client.

The method of any of claims 32 to 35, wherein the at least one first secure resource and the second secure resource are both of a first resource type, the first resource type being a master-related resource.

The method of claim 36, wherein the configuration parameter comprises a first device identification of the first configuration device;

the first device identifier is used for configuring a first attribute and a second attribute of the second secure resource, wherein the first attribute is used for representing a device owner identifier, the second attribute is used for representing a resource owner identifier, the value of the first attribute is the first device identifier, and the value of the second attribute is the first device identifier.

The method of any of claims 32 to 35, wherein the at least one first secure resource and the second secure resource both belong to a second resource type, the second resource type being a credential related resource.

The method of claim 38, wherein the configuration parameters include a first device identification and credential content of the first configuration device;

the first device identifier and the voucher content are used for configuring a fourth attribute and a fifth attribute of the second secure resource, wherein the fourth attribute is used for representing a resource owner identifier, the fifth attribute is used for representing voucher content, and a value of the fourth attribute is the first device identifier.

An apparatus to configure a client, the apparatus comprising:

a sending unit, configured to send, to a first configuration device, a target attribute of a target resource of the client, where the target attribute is used to represent a device role of the client; wherein the client has at least one first secure resource;

a receiving unit, configured to receive a first creation signaling sent by the first configuration device when a device role of the client is a mobile device, and create a second secure resource on the client based on the first creation signaling, where the second secure resource and the at least one first secure resource belong to a same resource type; and receiving a first configuration signaling sent by the first configuration equipment, and configuring the second security resource based on the first configuration signaling.

The apparatus of claim 40, wherein,

a first portion of attributes of the second secure resource is determined based on one of the at least one first secure resource;

a second partial attribute of the second secure resource is determined based on the first configuration signaling.

The apparatus of claim 40 or 41,

the value of the target attribute of the target resource supports a first value, and the first value is used for indicating that the role of the device is a mobile device; alternatively, the first and second electrodes may be,

and the value of the target attribute of the target resource supports a second value, and the second value is used for representing that the role of the equipment is fixed equipment.

The apparatus of claim 42, wherein the apparatus further comprises:

a processing unit for checking a target attribute of a target resource of the client; if the value of the target attribute is the first value, the client side keeps the existing resource configuration after entering a configuration mode; or, in the case that the value of the target attribute is the second value, deleting the existing resource configuration after the client enters the configuration mode.

The apparatus according to any one of claims 40 to 43, wherein the receiving unit is configured to receive a first request message sent by the first configuration device, where the first request message is used to request a target attribute of a target resource of the client;

the sending unit is configured to send a first response message to the first configuration device, where the first response message is used to notify the first configuration device of a target attribute of a target resource of the client.

The apparatus according to any one of claims 40 to 44, wherein the receiving unit is configured to receive, if the device role of the client is a mobile device, a second request message sent by the first configuration device, where the second request message is used to request resource content of the client;

the sending unit is configured to send, to the first configuration device, resource content of the client, where the resource content includes an identifier of the at least one first secure resource and a resource type;

the receiving unit is configured to receive a first creation signaling sent by the first configuration device, where the first creation signaling is used to create the second security resource.

The apparatus of any of claims 40-45, wherein the at least one first secure resource and the second secure resource are each of a first resource type, the first resource type being a master-related resource.

The apparatus of claim 46, wherein the receiving unit is configured to receive a first configuration signaling sent by the first configuration device, where the first configuration signaling carries a first device identifier of the first configuration device; configuring a first attribute and a second attribute of the second secure resource based on the first configuration signaling, wherein the first attribute is used for representing an equipment owner identifier, the second attribute is used for representing an equipment owner identifier, a value of the first attribute is the first equipment identifier, and a value of the second attribute is the first equipment identifier.

The apparatus of claim 47, wherein the receiving unit is configured to receive a second configuration signaling sent by the first configuration device, and configure a third attribute of the second secure resource based on the second configuration signaling, where the third attribute is used to indicate whether a device owner is created, a value of the third attribute is a third value, and the third value is used to indicate that the device owner has been created; and setting a third attribute of the at least one first secure resource to the third value.

The apparatus of any of claims 40-45, wherein the at least one first secure resource and the second secure resource are both of a second resource type, the second resource type being a credential-related resource.

The apparatus of claim 49, wherein the receiving unit is configured to receive a first configuration signaling sent by the first configuration device, where the first configuration signaling carries a first device identifier and credential content of the first configuration device; and configuring a fourth attribute and a fifth attribute of the second secure resource based on the first configuration signaling, wherein the fourth attribute is used for representing a resource owner identifier, the fifth attribute is used for representing a voucher content, and a value of the fourth attribute is the first device identifier.

An apparatus to configure a client, the apparatus comprising:

a sending unit, configured to send, to a first configuration device, a target attribute of a target resource of the client, where the target attribute is used to represent a device role of the client; wherein the client has at least one first secure resource;

a receiving unit, configured to receive a trigger signaling sent by the first configuration device when a device role of the client is a mobile device, where the trigger signaling is used to trigger the client to start a device master configuration;

a creating unit, configured to create a second secure resource on the client, where the second secure resource and the at least one first secure resource belong to a same resource type;

an obtaining unit, configured to obtain a configuration parameter from the first configuration device, and configure the second security resource based on the configuration parameter.

The apparatus of claim 51, wherein,

a first portion of attributes of the second secure resource is determined based on one of the at least one first secure resource;

a second portion of attributes of the second secure resource is determined based on the configuration parameters.

The apparatus of claim 51 or 52,

the value of the target attribute of the target resource supports a first value, and the first value is used for indicating that the role of the device is a mobile device; alternatively, the first and second electrodes may be,

and the value of the target attribute of the target resource supports a second value, and the second value is used for representing that the role of the equipment is fixed equipment.

The apparatus of claim 53, wherein the apparatus further comprises:

a processing unit for checking a target attribute of a target resource of the client; if the value of the target attribute is the first value, the client side keeps the existing resource configuration after entering a configuration mode; or, in the case that the value of the target attribute is the second value, deleting the existing resource configuration after the client enters the configuration mode.

The apparatus according to any one of claims 51 to 54, wherein the receiving unit is configured to receive a first request message sent by the first configuration device, where the first request message is used to request a target attribute of a target resource of the client;

the sending unit is configured to send a first response message to the first configuration device, where the first response message is used to notify the first configuration device of a target attribute of a target resource of the client.

The apparatus of any one of claims 51 to 55, wherein the at least one first secure resource and the second secure resource are both of a first resource type, the first resource type being a master-related resource.

The apparatus of claim 56, wherein the obtaining unit is configured to obtain a first device identifier of the first configuration device from the first configuration device, and configure a first attribute and a second attribute of the second secure resource based on the first device identifier, where the first attribute is used to represent a device owner identifier, the second attribute is used to represent a resource owner identifier, a value of the first attribute is the first device identifier, and a value of the second attribute is the first device identifier.

The apparatus of claim 57, wherein the apparatus further comprises:

a configuration unit, configured to configure a third attribute of the second secure resource, where the third attribute is used to indicate whether to create an owner of the device, a value of the third attribute is a third value, and the third value is used to indicate that the owner of the device has been created; and setting a third attribute of the at least one first secure resource to the third value.

The apparatus of any of claims 51-55, wherein the at least one first secure resource and the second secure resource are both of a second resource type, the second resource type being a credential-related resource.

The apparatus according to claim 59, wherein the obtaining unit is configured to obtain, from the first configuration device, a first device identity and credential content of the first configuration device; configuring a fourth attribute and a fifth attribute of the second secure resource based on the first device identifier and the voucher content, wherein the fourth attribute is used for representing a resource owner identifier, the fifth attribute is used for representing voucher content, and a value of the fourth attribute is the first device identifier.

An apparatus to configure a client, the apparatus comprising:

the system comprises a receiving unit, a processing unit and a processing unit, wherein the receiving unit is used for receiving a target attribute of a target resource sent by a client, and the target attribute is used for representing the device role of the client; wherein the client has at least one first secure resource;

a sending unit, configured to send a first creation signaling to the client when a device role of the client is a mobile device, where the first creation signaling is used to indicate that a second secure resource is created on the client, and the second secure resource and the at least one first secure resource belong to a same resource type; and sending a first configuration signaling to the client, wherein the first configuration signaling is used for configuring the second security resource.

The apparatus of claim 61, wherein,

a first portion of attributes of the second secure resource is determined based on one of the at least one first secure resource;

a second partial attribute of the second secure resource is determined based on the first configuration signaling.

The apparatus of claim 61 or 62,

the value of the target attribute of the target resource supports a first value, and the first value is used for indicating that the role of the device is a mobile device; alternatively, the first and second electrodes may be,

and the value of the target attribute of the target resource supports a second value, and the second value is used for representing that the role of the equipment is fixed equipment.

The apparatus according to any one of claims 61 to 63, wherein the sending unit is configured to send a first request message to the client, the first request message being configured to request a target attribute of a target resource of the client;

the receiving unit is configured to receive a first response message sent by the client, where the first response message is used to notify the first configuration device of a target attribute of a target resource of the client.

The apparatus according to any one of claims 61 to 64, wherein the sending unit is configured to send a second request message to the client when the device role of the client is a mobile device, where the second request message is used to request resource content of the client;

the receiving unit is configured to receive resource content of the client sent by the client, where the resource content includes an identifier of the at least one first secure resource and a resource type;

the sending unit is configured to send a first creation signaling to the client, where the first creation signaling is used to create the second secure resource.

The apparatus of any one of claims 61 to 65, wherein the at least one first secure resource and the second secure resource are both of a first resource type, the first resource type being a master-related resource.

The apparatus of claim 66, wherein the first configuration signaling carries a first device identification of the first configuration device;

the first configuration signaling is used for configuring a first attribute and a second attribute of the second secure resource, where the first attribute is used to represent an equipment owner identifier, the second attribute is used to represent a resource owner identifier, a value of the first attribute is the first equipment identifier, and a value of the second attribute is the first equipment identifier.

The apparatus of claim 67, wherein the sending unit is configured to send a second configuration signaling to the client, where the second configuration signaling is used to configure a third attribute of the second secure resource, where the third attribute is used to indicate whether to create a device owner, and a value of the third attribute is a third value, and the third value is used to indicate that the device owner has been created.

The apparatus of any one of claims 61-65, wherein the at least one first secure resource and the second secure resource are both of a second resource type, the second resource type being a credential-related resource.

The apparatus of claim 69, wherein the first configuration signaling carries a first device identification and credential content for the first configuration device;

the first configuration signaling is used for configuring a fourth attribute and a fifth attribute of the second secure resource, where the fourth attribute is used for representing a resource owner identifier, the fifth attribute is used for representing a credential content, and a value of the fourth attribute is the first device identifier.

An apparatus to configure a client, the apparatus comprising:

the system comprises a receiving unit, a processing unit and a processing unit, wherein the receiving unit is used for receiving a target attribute of a target resource of a client, which is sent by the client, and the target attribute is used for representing the device role of the client; wherein the client has at least one first secure resource;

a sending unit, configured to send a trigger signaling to the client when a device role of the client is a mobile device, where the trigger signaling is used to trigger the client to create a second secure resource on the client, and the second secure resource and the at least one first secure resource belong to a same resource type; and sending configuration parameters to the client, wherein the configuration parameters are used for the client to configure the second security resource.

The apparatus of claim 71, wherein,

a first portion of attributes of the second secure resource is determined based on one of the at least one first secure resource;

a second portion of attributes of the second secure resource is determined based on the configuration parameters.

The apparatus of claim 71 or 72,

the value of the target attribute of the target resource supports a first value, and the first value is used for indicating that the role of the device is a mobile device; alternatively, the first and second electrodes may be,

and the value of the target attribute of the target resource supports a second value, and the second value is used for representing that the role of the equipment is fixed equipment.

The apparatus according to any one of claims 71 to 73, wherein the sending unit is configured to send a first request message to the client, the first request message being configured to request a target attribute of a target resource of the client;

the receiving unit is configured to receive a first response message sent by the client, where the first response message is used to notify the first configuration device of a target attribute of a target resource of the client.

The apparatus of any one of claims 71 to 74, wherein the at least one first secure resource and the second secure resource are both of a first resource type, the first resource type being a master-related resource.

The apparatus of claim 75, wherein the configuration parameter comprises a first device identification of the first configuration device;

the first device identifier is used for configuring a first attribute and a second attribute of the second secure resource, wherein the first attribute is used for representing a device owner identifier, the second attribute is used for representing a resource owner identifier, the value of the first attribute is the first device identifier, and the value of the second attribute is the first device identifier.

The apparatus of any one of claims 71 to 74, wherein the at least one first secure resource and the second secure resource both belong to a second resource type, the second resource type being a credential-related resource.

The apparatus of claim 77, wherein the configuration parameters include a first device identification and credential content of the first configuration device;

the first device identifier and the voucher content are used for configuring a fourth attribute and a fifth attribute of the second secure resource, wherein the fourth attribute is used for representing a resource owner identifier, the fifth attribute is used for representing voucher content, and a value of the fourth attribute is the first device identifier.

A terminal device, comprising: a processor and a memory for storing a computer program, the processor being configured to invoke and execute the computer program stored in the memory, to perform the method of any of claims 1 to 21, or to perform the method of any of claims 22 to 39.

A chip, comprising: a processor for calling and running a computer program from a memory so that a device on which the chip is installed performs the method of any of claims 1 to 21, or the method of any of claims 22 to 39.

A computer readable storage medium storing a computer program for causing a computer to perform the method of any of claims 1 to 21 or the method of any of claims 22 to 39.

A computer program product comprising computer program instructions to cause a computer to perform the method of any of claims 1 to 21, or the method of any of claims 22 to 39.

A computer program for causing a computer to perform the method of any one of claims 1 to 21 or the method of any one of claims 22 to 39.