Abstract: This specification discloses model running methods, apparatuses, computer-readable storage media and systems. In an example method, an original model is split to obtain a basic model and a trusted execution environment (TEE) model; and data of the basic model and data of the TEE model are delivered to a terminal device, so that a rich execution environment (REE) in the terminal device runs the data of the basic model, and a TEE in the terminal device runs the data of the TEE model.

Abstract: Example methods, apparatuses, and computer-readable media for offline transaction processing are disclosed.

Abstract: Embodiments of this application provide methods and apparatuses for offline payment authorization. In an implementation, a method comprising: obtaining wallet account information, a current account balance, and current credit information of a target electronic wallet account in response to determining that a current state of the target electronic wallet account satisfies a predetermined certificate delivery condition, determining an offline payment limit based on the current account balance and the current credit information, signing summary information by using a private key of a server to obtain an electronic wallet signature, generating a user certificate based on the summary information and the electronic wallet signature, and sending the user certificate to a terminal device associated with the target electronic wallet account for an offline account corresponding to the target electronic wallet account to make offline payment within the offline payment limit based on the user certificate.

Abstract: A resource transfer method includes obtaining, by using a target application, a resource transfer request triggered by a target user, where the resource transfer request includes verification information used to perform resource transfer processing and identity feature information of the target user. By using the target application, verifying the verification information, and invoking, if the verification succeeds by using the target application, a local device management rule, and determining, by using the local device management rule, whether the identity feature information of the target user matches identity feature information of a pre-registered user. If the identity feature information of the target user matches the identity feature information of the pre-registered user, sending the resource transfer request to a first server corresponding to the target application to trigger, based on the resource transfer request, the first server to perform resource transfer processing.

Abstract: Embodiments of this specification provide account opening methods, systems, and apparatuses. An example method is performed by a terminal device that includes a trusted execution environment (TEE) and an encryption hardware-based secure element. When it is detected that a current user initiates an account opening request, the terminal device obtains a user public key of the current user in the TEE, and signs a user public key by using a predetermined manufacturer private key, to obtain a user certificate; signs, in the secure element by using a user private key corresponding to the user public key, opening information; generates an opening request in the TEE based on at least the user certificate and signed opening information; and, in the TEE, generates an opening request packet based on the opening request, and sends the opening request packet to a server that opens an account based on the opening request packet.

Abstract: Embodiments of this specification provide a payment service implementation method and apparatus. According to the method in the embodiments, when a payment service is performed, anonymous processing needs to be performed on original payment account information. First, a random number is used to perform transform processing on the original payment account information, so that information encrypted each time by using a public key is different. Then, the public key and an encryption algorithm obtained in advance are used to encrypt payment account information obtained after the transform processing, so as to obtain anonymous payment account information, thereby completing an anonymous processing process. After anonymous processing is completed, the obtained anonymous payment account information may be used to perform a payment operation.

Abstract: This disclosure relates to a method and a system for recognizing a disguised device. A client of an application is installed on the device for interacting with the application, and the method includes: in response to an interaction with an application installed on a device, receiving environment information and a device ID associated with the device, determining whether the device ID exists in a pre-stored association table of a unique environment identifier and a device ID, and in response to determining that the device ID does not exist in the association table, calculating a unique environment identifier associated with the device based on the environment information, searching the association table for a device ID associated with the unique environment identifier, and determining, based on a quantity of different identified device IDs associated with the unique environment identifier, whether the device is disguised.

Abstract: Some embodiments of this specification provide data processing methods, apparatuses, and devices. One method includes: receiving encrypted debugging information and an encrypted first key from a client device, determining the device key corresponding to the client device, obtaining the debugging information based on the device key, the encrypted debugging information, and the encrypted first key, and performing abnormality detection on the trusted execution environment of the client device based on the debugging information to determine an abnormality detection result for the trusted execution environment.

Abstract: Data processing includes acquiring service data of a target service by using a trusted application in a trusted execution environment (TEE), generating a service session key corresponding to the target service, and transferring the service data and the service session key to a secure element and encrypted based on the service session key to obtain service ciphertext information, and encrypting the service session key based on a target service key to obtain a service session key ciphertext. A key identifier of the target service key, the service ciphertext information, and the service session key ciphertext are sent to a server device to determine the target service key, which is used to decrypt the service session key ciphertext to obtain the service session key, which is used to decrypt the service ciphertext information to obtain the service data of the target service to perform target service processing.