Abstract: A capability enabling method and apparatus. A secure element (SE) establishes, with a trusted execution environment (TEE), a session for communication. The SE sends, to the TEE, an obtaining instruction to obtain a security certificate of the TEE. After receiving the obtaining instruction, the TEE generates the security certificate based on attribute information of the TEE, and sends the generated security certificate to the SE. After the SE receives the security certificate, the SE determines, based on the security certificate and a preset security policy, that the TEE is in a secure state. After the SE determines that the TEE is in the secure state, the SE enables a first capability for a third-party service in the SE based on a second capability of the TEE.

Abstract: An emulated card selection method is implemented on a mobile device having a near field communication (NEC) NFC function. A first emulated card and a second emulated card are configured on the mobile device, When detecting an NFC radio frequency field, the mobile device detects whether there is fingerprint input. The mobile device selects the first emulated card if there is the fingerprint input. The mobile device selects the second emulated card if there is no fingerprint input. The mobile device performs NEC interaction with the NFC card reader based on the selected first emulated card or second emulated card. The mobile device can automatically select an emulated card in different emulated cards based on a card swiping status when a user uses an NEC emulated card.

Abstract: This application provides a vehicle control method. The method Can include a mobile terminal that establishes a short-range communication connection to a vehicle. The mobile terminal reads vehicle information from a passive NFC apparatus in the vehicle. The mobile terminal generates control information based on the vehicle information. The mobile terminal sends the control information to the vehicle by using the short-range communication connection. The passive NFC apparatus is, for example, an NFC tag, and the mobile terminal is, for example, a mobile phone. In a process of controlling the vehicle, the mobile phone may be in a screen-off state throughout the process, and the user does not need to perform an operation in an interface of the mobile phone, thereby enhancing the user's experience.

Abstract: Embodiments of this application relate to an access token management method. The method includes: obtaining, by a server, an access token and login information of an authorized account corresponding to the access token in a terminal, where the access token is a credential used for accessing a protected resource in the server, and the authorized account is an account that logs in to a resource authorization application on the terminal when the resource authorization application authorizes the access token; and when the login information indicates that the authorized account is in a non-login state, performing, by the server, invalidation processing on the access token.

Abstract: An interaction method includes receiving a service request from a client application (CA) installed on a terminal and that runs in a rich execution environment (REE), determining a trusted user interface (TUI) identifier, sending a TUI call instruction carrying the TUI identifier to a trusted execution environment (TEE) to instruct to draw an image based on the TUI template or the TUI function component to call a TUI to display the drawn image, receiving response information from the TEE, and executing a corresponding service procedure based on the response information.

Abstract: A method includes sending, by a trusted application (TA) entity, a certificate of the TA entity and a private key signature of the TA entity to a target security domain (SD). The certificate and the private key signature enable the target SD to perform trust verification via a server, obtaining, by the TA entity, a first key of the target SD when the trust verification of the TA entity succeeds, and establishing, by the TA entity, a trust relationship with the target SD.

Abstract: A method includes receiving, by a first Bluetooth device, an identity resolving key (IRK) from a server, and generating a resolvable private address based on the IRK. The method further includes sending, by the first Bluetooth device, a broadcast message. The broadcast message includes the resolvable private address. The resolvable private address is successfully verified by a second Bluetooth device pre-configured with the IRK.

Abstract: A method for authenticating an identity of a digital key, a terminal, and a medium, where before a second terminal enters a preset operating state from a non-preset operating state, identity authentication is first performed on a user using an identity authentication system of the second terminal, and obtained identity authentication information is stored in a secure element of the second terminal. Then, when a digital key in the second terminal is to be used, the identity authentication information stored in the secure element of the second terminal is sent to a first terminal, and the first terminal may perform verification based on the identity authentication information to determine whether the user using the digital key in the second terminal is an authorized holder of the second terminal.

Abstract: In this application, a terminal transaction method and a terminal are provided and used to resolve a problem existing in the prior art that an NFC application does not match a type of a POS, and there is relatively poor user experience. The method includes: establishing, by a terminal, a near field communication NFC radio frequency connection to a point of sale POS, and starting up a first transaction; and selecting, by the terminal, a first NFC application corresponding to the POS, and performing the first transaction when a use condition of the first NFC application is already satisfied.

Abstract: An interaction method and an apparatus are provided. The method is applied to an SE disposed in a terminal.

Abstract: A capability enabling method and apparatus are provided, to resolve a prior-art problem that security of executing a service by using a TEE +SE security architecture cannot be ensured. In this application, an SE establishes, with a TEE, a session used for communication. The SE sends, to the TEE by using the session, an obtaining instruction used to obtain a security certificate of the TEE. The TEE receives, by using the session, the obtaining instruction from the SE. After receiving the obtaining instruction, the TEE generates the security certificate based on attribute information of the TEE, and sends the generated security certificate to the SE by using the session. After the SE receives, by using the session, the security certificate sent by the TEE, the SE determines, based on the security certificate and a preset security policy, that the TEE is in a secure state.

Abstract: An emulated card selection method is implemented on a mobile device having a near field communication (NFC) NFC function. A first emulated card and a second emulated card are configured on the mobile device. When detecting an NFC radio frequency field, the mobile device detects whether there is fingerprint input. The mobile device selects the first emulated card if there is the fingerprint input. The mobile device selects the second emulated card if there is no fingerprint input. The mobile device performs NFC interaction with the NFC card reader based on the selected first emulated card or second emulated card. The mobile device can automatically select an emulated card in different emulated cards based on a card swiping status when a user uses an NFC emulated card.

Abstract: A method applicable to a multi-subscriber identity module (SIM) call management process includes parsing, by a managed device, an incoming call to obtain call information, determining a communications circuit corresponding to a called identifier, and when the managed device has performed an incoming call shielding setting on the communications circuit in response to a remote management instruction sent by an entitlement server (ES), skipping responding, by the managed device, to an incoming call event, or receiving, by the server, a remote management instruction from the ES, and deleting or freezing routing information corresponding to an identifier in response to the remote management instruction such that a communications circuit corresponding to the identifier in the managed device is unable to respond to an incoming call event.

Abstract: Embodiments of this application relate to an access token management method, The method includes: obtaining, by a server, an access token and login information of an authorized account corresponding to the access token in a terminal, where the access token is a credential used for accessing a protected resource in the server, and the authorized account is an account that logs in to a resource authorization application on the terminal when the resource authorization application authorizes the access token; and when the login information indicates that the authorized account is in a non-login state, performing, by the server, invalidation processing on the access token.

Abstract: In this application, a terminal transaction method and a terminal are provided and used to resolve a problem existing in the prior art that an NFC application does not match a type of a POS, and there is relatively poor user experience. The method includes: establishing, by a terminal, a near field communication NFC radio frequency connection to a point of sale POS, and starting up a first transaction; and selecting, by the terminal, a first NFC application corresponding to the POS, and performing the first transaction when a use condition of the first NFC application is already satisfied.

Abstract: A method includes sending, by a trusted application (TA) entity, a certificate of the TA entity and a private key signature of the TA entity to a target security domain (SD). The certificate and the private key signature enable the target SD to perform trust verification via a server, obtaining, by the TA entity, a first key of the target SD when the trust verification of the TA entity succeeds, and establishing, by the TA entity, a trust relationship with the target SD.

Abstract: A method applicable to a multi-subscriber identity module (SIM) call management process includes parsing, by a managed device, an incoming call to obtain call information, determining a communications circuit corresponding to a called identifier, and when the managed device has performed an incoming call shielding setting on the communications circuit in response to a remote management instruction sent by an entitlement server (ES), skipping responding, by the managed device, to an incoming call event, or receiving, by the server, a remote management instruction from the ES, and deleting or freezing routing information corresponding to an identifier in response to the remote management instruction such that a communications circuit corresponding to the identifier in the managed device is unable to respond to an incoming call event.

Abstract: The method includes: determining, by a payment device, a target password-free limit of a payment account that is used to perform a current transaction, where the target password-free limit is a password-free limit that is in a plurality of password-free limits and that is corresponding to a target verification method of a verification device, and there is a correspondence between the plurality of password-free limits and a plurality of verification methods; and after the verification performed by the verification device on an identity of an owner of the payment account by using the target verification method succeeds, setting, by the payment device, a payment status of the payment device to a password-free payment state for the target password-free limit based on the target password-free limit.

Abstract: A transaction method includes sending, by a payment device, personal identification number (PIN)-less request information to a check device a PIN-less identifier, where the PIN-less identifier indicates that a card for a transaction has a PIN-less capability, the PIN-less identifier is associated with the check device and corresponds to the card, receiving, by the payment device, PIN-less answer information from the check device in response to the PIN-less request information, where the PIN-less answer information includes the PIN-less identifier, modifying, by the payment device, a cardholder verification method (CVM) list of the card based on the PIN-less answer information, generating, by the payment device, an authorization request cryptogram (ARQC), and sending, by the payment device, the ARQC to a point of sale (PoS) machine.