CN104077533A - Sensitive data operating method and device - Google Patents
Sensitive data operating method and device Download PDFInfo
- Publication number
- CN104077533A CN104077533A CN201410342484.8A CN201410342484A CN104077533A CN 104077533 A CN104077533 A CN 104077533A CN 201410342484 A CN201410342484 A CN 201410342484A CN 104077533 A CN104077533 A CN 104077533A
- Authority
- CN
- China
- Prior art keywords
- sensitive data
- middleware
- credible
- under
- application program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
Abstract
The invention discloses a sensitive data operating method and device. The method includes the steps of responding to an application program to run in an open operation system, calling universal middleware under the open operation system and controlling the universal middleware to execute an operation triggered by the application program; responding to the application program to trigger a sensitive data operation under the open operation system, switching the application program from the open operation system to a trusted operation system for running, calling trusted middleware under the trusted operation system, and controlling the trusted middleware to execute the sensitive data operation; in the execution process of the sensitive data operation, controlling the trusted middleware to read the sensitive data from a safety component for use and/or controlling the trusted middleware to write the sensitive data into the safety component. By means of the method, safety of the sensitive data in the middleware operation stage can be guaranteed, the speed of the middleware for having access to the sensitive data is higher, and processing efficiency of the middleware to the sensitive data is improved.
Description
Technical field
The present invention relates to data processing technique, particularly relate to a kind of method and apparatus that operates sensitive data.
Background technology
At present, many application programs all can relate to the processing of sensitive data.For example, Net silver client needs the sensitive data such as key, PIN code to process in operational process.In order to ensure the security of sensitive data, existing Net silver client, adopt a kind of external safety element that can be connected with user terminal (as Net silver shield, U shield), be stored in external safety element as the key of sensitive data, when Net silver client is in the time that needs operate with key, need to be gone to take out key from external safety element by middleware, then complete by middleware the operation that uses key.Wherein, safety element has encryption/decryption logic circuit in (Secure Element is called for short SE), can prevent outside malice parsing attack, protects the safety of its data of storing.
For existing sensitive data mode of operation, although being stored in, sensitive data in SE, can ensure that sensitive data do not resolved by outside malice in the time of storage, but because the middleware for sensitive data is operated moves under open platform, so, in the process that middleware operates sensitive data take out sensitive data from SE after, sensitive data is actually under open platform, so just make malicious user to crack mode and greatly to have increased the chance that obtains sensitive data by the attack under open platform, thereby be difficult to ensure the safety of sensitive data.
Summary of the invention
Technical matters to be solved by this invention is, a kind of method and apparatus that operates sensitive data is provided, is exposed under open platform and causes being difficult to ensure the problem of sensitive data safety to solve according to sensitive data in the process at middleware, sensitive data being operated in prior art.
For solving the problems of the technologies described above, the invention provides a kind of method that operates sensitive data, the method comprises:
A method for sensitive data operation, comprising:
Move under open operation system in response to application program, call the universal middleware under described open operation system, and control described universal middleware and carry out the operation of described application triggers;
Under described open operation system, trigger sensitive data operation in response to described application program, described application program is switched to trusted operating system and is moved from described open operation system, and call the credible middleware under trusted operating system, control described credible middleware and carry out described sensitive data operation;
In the implementation of described sensitive data operation, control described credible middleware and from safety element, read sensitive data, and/or, control described credible middleware and write sensitive data in described safety element.
In described universal middleware, have sensitive data operation agent interface, described sensitive data operation agent interface is used for responding described application program, triggers sensitive data operation under described open operation system;
The described sensitive data that triggers under described open operation system in response to described application program operates, and described application program is switched to trusted operating system and is moved from described open operation system, comprising:
In operational process in described application program under described open operation system, monitor the operation of described universal middleware;
Move described sensitive data operation agent interface in response to described universal middleware, call safety monitor, and control described safety monitor the running environment of described application program is switched to trusted operating system from described open operation system.
After the described credible middleware calling under trusted operating system, also comprise:
Control between described credible middleware and described safety element and set up escape way, to carry out the mutual of sensitive data by described escape way between described credible middleware and described safety element.
Described method also comprises:
In the implementation of described sensitive data operation, control described credible middleware output information is encrypted, and the output information after encrypting is left in open memory; Wherein, described open memory for store under described open operation system and described trusted operating system under the information that produces.
Described open operation system and described trusted operating system are disposed in credible execution environment TEE chip, and described safety element is SE chip.
An equipment for sensitive data operation, comprising:
The first calling module, for moving under open operation system in response to application program, calls the universal middleware under described open operation system;
The first control module, carries out the operation of described application triggers for controlling described universal middleware;
Handover module, for trigger sensitive data operation under described open operation system in response to described application program, is switched to described application program trusted operating system and moves from described open operation system;
The second calling module, for calling the credible middleware under trusted operating system;
The second control module, carries out described sensitive data operation for controlling described credible middleware;
Module for reading and writing, for the implementation in described sensitive data operation, controls described credible middleware and from safety element, reads sensitive data use, and/or, control described credible middleware and write sensitive data in described safety element.
In described universal middleware, have sensitive data operation agent interface, described sensitive data operation agent interface is used for responding described application program and under described open operation system, triggers sensitive data operation;
Described handover module comprises:
Monitoring submodule, for the operational process under described open operation system in described application program, monitors the operation of described universal middleware;
Call submodule, for move described sensitive data operation agent interface in response to described universal middleware, call safety monitor;
Control submodule, for controlling described safety monitor, the running environment of described application program is switched to trusted operating system from described open operation system.
Described equipment also comprises:
The 3rd control module, after calling the credible middleware under trusted operating system, set up escape way in response to controlling between described credible middleware and described safety element, to carry out the mutual of sensitive data by described escape way between described credible middleware and described safety element.
Described equipment also comprises:
The 4th control module, for the implementation in described sensitive data operation, controls described credible middleware output information is encrypted;
Storage module, for leaving the output information after encrypting in open memory; Wherein, described open memory for store under described open operation system and described trusted operating system under the information that produces.
Described open operation system and described trusted operating system are disposed in credible execution environment TEE chip, and described safety element is SE chip.
Compared with prior art, the present invention has the following advantages:
The technical scheme providing according to the embodiment of the present invention, in the time that application program is moved under open operation system, can call the universal middleware under open operation system, and control universal middleware executive utility trigger operation, and operate when application program triggers sensitive data under described open operation system, application program can be switched to trusted operating system and move from open operation system, and call the credible middleware under trusted operating system, control credible middleware and carry out this sensitive data operation, in the implementation of sensitive data operation, can control credible middleware and from safety element, read sensitive data use, and/or, control credible middleware and write sensitive data in safety element.Therefore, because application program is switched under trusted operating system and moves in the time triggering sensitive data operation, and sensitive data operation is specifically called, and credible middleware under trusted operating system carries out, so, in the process that middleware operates sensitive data take out sensitive data from SE after, can make sensitive data under credible platform, thereby avoid malicious user to crack mode by the attack under open platform and remove to obtain sensitive data, ensure the safety of sensitive data in the middleware operational phase.In addition, in the process that middleware operates sensitive data take out sensitive data from SE after, because sensitive data is actually in security context storage and operation, therefore can make sensitive data in safety zone with the storage of plaintext form without encrypting again storage, thereby make credible middleware faster to the access speed of sensitive data, improve the processing speed of sensitive data operation.
Brief description of the drawings
In order to be illustrated more clearly in the embodiment of the present application or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, the accompanying drawing the following describes is only some embodiment that record in the application, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the framework schematic diagram of an exemplary application scene in embodiment of the present invention;
Fig. 2 is the process flow diagram of the embodiment of the method 1 of sensitive data operation in the present invention;
Fig. 3 is the schematic diagram of system architecture one embodiment in the embodiment of the present invention;
Fig. 4 is the process flow diagram of the embodiment of the method 2 of sensitive data operation in the present invention;
Fig. 5 is the structural drawing of the apparatus embodiments 1 of sensitive data operation in the present invention;
Fig. 6 is the structural drawing of handover module 503 1 embodiments in the embodiment of the present invention;
Fig. 7 is the structural drawing of the apparatus embodiments 2 of sensitive data operation in the present invention;
Fig. 8 is the structural drawing of the apparatus embodiments 3 of sensitive data operation in the present invention.
Embodiment
In order to make those skilled in the art person understand better the application's scheme, below in conjunction with the accompanying drawing in the embodiment of the present application, technical scheme in the embodiment of the present application is clearly and completely described, obviously, described embodiment is only some embodiments of the present application, instead of whole embodiment.Based on the embodiment in the application, those of ordinary skill in the art are not making the every other embodiment obtaining under creative work prerequisite, all belong to the scope of the application's protection.
Inventor finds through research, for the application program that relates to sensitive data, it is normally stored in sensitive data in external safety element in order to ensure the safety of sensitive data, need to call middleware during with sensitive data sensitive data is operated at needs.And in existing equipment, be all to provide an open operation system for all application programs, all application programs are all moved under open operation system, the operation of all application triggers is all also that the middleware calling under open operation system is carried out, therefore, for the application program that relates to sensitive data, when calling middleware sensitive data being operated, sensitive data is in fact under open platform, so just make malicious user easily obtain sensitive data by open platform, thereby be difficult to ensure the safety of sensitive data.In addition, although middleware can be by encrypting, add the modes such as shell under open platform, but the algorithm of encryption technology, encryption technology is the operating mechanism based on open platform and is disclosed, this is not only still difficult to be avoided the attack of malicious user under open platform to crack, but also makes to need in to the process of sensitive data operation at middleware the sensitive data that access encrypted and the inefficiency that causes sensitive data to operate.
Based on above-mentioned research, basic thought of the present invention is: open operation system and trusted operating system are provided in same equipment, wherein, trusted operating system is taken over device hardware and can be formed credible execution environment (Trusted Excutive Enviroment is called for short TEE); For the application program that relates to sensitive data, in the time that application program triggers sensitive data operation under development and operation system, be switched under trusted operating system and move, and the credible middleware calling under trusted operating system is carried out sensitive data operation, in the implementation of sensitive data operation, control credible middleware and from safety element, read sensitive data use, and/or, control credible middleware and write sensitive data in safety element.Therefore, in the process that middleware operates sensitive data take out sensitive data from SE after, can make sensitive data in trusted context, thereby avoid malicious user to crack mode by the attack under open platform and remove to obtain sensitive data, ensure the safety of sensitive data in the middleware operational phase.In addition, in the process that middleware operates sensitive data take out sensitive data from SE after, because being actually, sensitive data is stored in safety zone, therefore can make sensitive data in region with the storage of plaintext form without encrypting again storage, thereby make credible middleware faster to the access speed of sensitive data, improve the processing speed of sensitive data operation.
Based on above-mentioned basic thought, an Application Scenarios-Example of embodiment of the present invention, can be applied in system as shown in Figure 1.Wherein, this system can comprise universal middleware 104 and the safety element 105 under credible middleware 103, the open operation system 102 under trusted operating system 101, open operation system 102, trusted operating system 101.
In Application Scenarios-Example framework based on shown in Fig. 1, application program is in the time of 102 times operations of open operation system, can call the universal middleware 104 under open operation system 102, and control universal middleware 104 executive utilities trigger operation, and operate when application program triggers sensitive data for 102 times in described open operation system, application program can be switched to 101 operations of trusted operating system from open operation system 102, and call the credible middleware 103 under trusted operating system 101, control credible middleware 103 and carry out this sensitive data operation, in the implementation of sensitive data operation, can control credible middleware 103 and read sensitive data from safety element 105, and/or, control credible middleware 103 and write sensitive data in safety element 105.
It should be noted that above-mentioned exemplary application scene is only to illustrate for the ease of understanding spirit of the present invention and principle, embodiments of the present invention are unrestricted in this regard.On the contrary, embodiments of the present invention can be applied to applicable any scene.
After having introduced main thought of the present invention, below in conjunction with accompanying drawing, describe various non-limiting embodiment of the present invention in detail.
Referring to Fig. 2, show the process flow diagram of the embodiment of the method 1 of sensitive data operation in the present invention.In the present embodiment, for example specifically can comprise the steps:
S201, move under open operation system in response to application program, call the universal middleware under described open operation system, and control described universal middleware and carry out described application triggers operation.
When specific implementation, on same equipment, can provide open operation system and trusted operating system two kinds of operating systems.For the application program that relates to sensitive data, in the time that application triggers does not relate to the nonsensitive data operation of sensitive data, under open operation system, run application, nonsensitive data operation is to be carried out by the universal middleware under open operation system; In the time that application triggers relates to the sensitive data operation of sensitive data, under trusted operating system, run application, sensitive data operation is to be carried out by the credible middleware under trusted operating system.
For example, for this application program example of Net silver client, its sensitive data mainly includes key, PIN code, configuration information etc.Wherein, the sensitive data operation that relates to key mainly contains encryption, deciphering, key agreement, signature, sign test etc., the sensitive data operation that relates to PIN code mainly contains checking PIN code, upgrades PIN code, unlocking PIN code etc., and the sensitive data operation that relates to configuration information mainly contains encryption configuration information, checking configuration information etc.In the time that Net silver client triggers the nonsensitive data operation that does not relate to any sensitive datas such as key, PIN code, configuration information, under open operation system, move Net silver client, carry out nonsensitive data by universal middleware to operate; In the time that Net silver client triggers any sensitive data operation that relates to sensitive data such as signature, encryption, checking PIN code, under trusted operating system, move Net silver client, carry out sensitive data by credible middleware and operate.
S202, under described open operation system, trigger sensitive data operation in response to described application program, described application program is switched to trusted operating system and is moved from described open operation system, and call the credible middleware under trusted operating system, control described credible middleware and carry out described sensitive data operation.
Wherein, trusted operating system is taken over device hardware and can be provided credible execution environment for the operation of the credible middleware for carrying out sensitive data operation.Credible execution environment is the safety zone being present in the primary processor of the equipment such as smart mobile phone, panel computer.Credible middleware moves in credible execution environment, and the sensitive data that can make credible middleware call in the implementation of sensitive data operation is stored, processes in a trusted context, thereby is protected and avoids maliciously being obtained.
It should be noted that, in the prior art, for the application program that relates to sensitive data, there is performance and safe contradiction: on the one hand, the Chip Operating System (Chip Operating System is called for short COS) that can provide security mechanism to ensure for storing the safety element of sensitive data, safe running environment can be provided, but its performance is lower, operation system function is also fairly simple, therefore, sensitive data operation cannot be carried out completely in safety element; On the other hand, for relying on the powerful resource such as the hardware device such as central processing unit, storer and open operation system that powerful performance and abundant function can be provided to the middleware of sensitive data operation, also therefore sensitive data operation is mainly to be carried out by middleware, but existing middleware operates in again under open operation system, this just makes the safety of sensitive data be difficult to ensure.And in the present embodiment, due to open operation system and trusted operating system being provided on equipment simultaneously, sensitive data operation can be carried out by credible middleware in credible execution environment, make on the one hand sensitive data operation do as one likes can powerfully carry out with middleware feature richness, can make on the other hand sensitive data can in a trusted context, be stored, process in the implementation of sensitive data operation, to ensure security.
In some embodiments of the present embodiment, in order to ensure that application triggers operating process has user's experience of integrality and continuity, can in the universal middleware under open operation system, a sensitive data operation agent interface be set, in the time that application triggers sensitive data operates, universal middleware runs to this sensitive data operation agent interface, this sensitive data operation agent interface triggers and application program is switched under trusted operating system and calls credible middleware and carry out this sensitive data operation, wherein the switching of operating system can be to realize by a safety monitor, so just can make sensitive data operation to trigger by the universal middleware under open operation system, integrality and the continuity of universal middleware treatment scheme are kept.Particularly, for example can make to have sensitive data operation agent interface in the described universal middleware under open operation system, described sensitive data operation agent interface can trigger sensitive data operation for responding described application program under described open operation system; Correspondingly, the sensitive data operation monitoring that application programs triggers and the switching of operating system, for example, can comprise: in the operational process in described application program under described open operation system, monitor the operation of described universal middleware; Move described sensitive data operation agent interface in response to monitoring described universal middleware, call safety monitor, and control described safety monitor the running environment of described application program is switched to trusted operating system from described open operation system.
S203, in the implementation of described sensitive data operation, control described credible middleware and from safety element, read sensitive data and use, and/or, control described credible middleware and write sensitive data in described safety element.
Wherein, in the implementation of sensitive data operation, need to use sensitive data, for example, encrypt, decipher, the sensitive data action need such as signature, sign test uses key.And sensitive data is stored in safety element.Therefore,, in the implementation of sensitive data operation, credible middleware need to read sensitive data use in safety element, or credible middleware need to be written to sensitive data in safety element, so that safety element storage or operation.
Be understandable that, in some embodiments of the present embodiment, while considering credible middleware to safety element read-write sensitive data, be actually and between two operating systems, carry out the mutual of sensitive data, and in the process that sensitive data transmits between two systems, also may be subjected to malicious attack.While safety element being read and write to sensitive data for fear of credible middleware, sensitive data is subject to malicious attack, can make to transmit sensitive data by escape way between credible middleware and safety element.Particularly, in the present embodiment, after the described credible middleware calling under trusted operating system, for example can also comprise: control between described credible middleware and described safety element and set up escape way, to carry out the mutual of sensitive data by described escape way between described credible middleware and described safety element.Wherein, the foundation of escape way, can be that the mode by carrying out key agreement between credible middleware and safety element realizes.
In other embodiments of the present embodiment, consider in the implementation of sensitive data operation and have a large amount of output information, these output informations have certain security requirement, but the secure storage areas cost providing in safety element is high, capacity is little and dumb, therefore, a large amount of output informations of sensitive data operation should not be stored in the secure storage areas that safety element provides.And because the implementation of sensitive data operation completes under trusted operating system, output information is safety under trusted operating system, therefore, output information can first be encrypted and be saved in the open memory of common mode again under trusted operating system, so also can ensure the safety of output information.Particularly, the present embodiment for example can also comprise: in the implementation of described sensitive data operation, control described credible middleware output information is encrypted, and the output information after encrypting is left in open memory; Wherein, described open memory for store under described open operation system and described trusted operating system under the information that produces.
It should be noted that, in some embodiments of the present embodiment, the open operation providing on same equipment and trusted operating system can be to be specifically disposed in credible execution environment TEE chip, and safety element can be specifically SE chips simultaneously.Wherein, SE chip can be to be configured in same equipment with TEE chip simultaneously, as SE chip and TEE chip are built in the mobile device such as mobile phone, panel computer simultaneously, or, SE chip can be also an external device with respect to TEE chip place equipment, as the Net silver shield of built-in SE chip can be connected to the mobile device such as mobile phone, panel computer of built-in TEE chip.
Specifically, referring to Fig. 3, in the hardware subsystem middleware layer of TEE chip, there is the trusted operating system and the credible middleware that are provided by TEE licensed software, and, open operation system and universal middleware also there is.In universal middleware, can there is a sensitive data operation agent interface of being monitored by safety monitor.Running environment is switched to trusted operating system from open operation system when safety monitor monitors when universal middleware runs to sensitive data operation agent interface, calls credible middleware and complete sensitive data operation.Credible middleware can have a sensitive data memory interface API, between the Chip Operating System (COS layer) for credible middleware and SE chip, carries out data interaction, completes SE chip read-write sensitive data.
By the technical scheme of the present embodiment, in the process that middleware operates sensitive data take out sensitive data from SE after, can make sensitive data under credible platform, thereby avoid malicious user to crack mode by the attack under open platform and remove to obtain sensitive data, ensure the safety of sensitive data in the middleware operational phase.In addition, in the process that middleware operates sensitive data take out sensitive data from SE after, because being actually, sensitive data is stored in safety zone, therefore can make sensitive data in safety zone with the storage of plaintext form without encrypting again storage, thereby make credible middleware faster to the access speed of sensitive data, improve the processing speed of sensitive data operation.
In order to make those skilled in the art have more deep understanding to the application of embodiment of the present invention, below taking an application scenarios as example, introduce a kind of application example of method embodiment of sensitive data operation.Under this application scenarios, the application program that relates to sensitive data is Net silver client, and sensitive data operation is specially key data operation.
Referring to Fig. 4, show the process flow diagram of the embodiment of the method 2 of sensitive data operation in the present invention.In the present embodiment, for example can comprise the steps:
S401, under open operation system, start Net silver client.
S402, be Net silver client call universal middleware operation.
S403, when Net silver client triggers key data when operation, universal middleware runs to cipher key operation proxy interface, to call cipher key operation by cipher key operation proxy interface.
Wherein, key data operation mainly can comprise password encryption operation, password to decipher operation, signature operation, sign test operation etc.
S404, by safety monitor, the running environment of Net silver client is switched to trusted operating system, so as to set up and trusted operating system under credible middleware between communication.
S405, the key data calling in credible middleware operate.
S406, carry out in the process of key data operation at credible middleware, control between credible middleware and SE and carry out key agreement, to set up escape way.
S407, control credible middleware and read key data or write key data to SE from SE.
S408, practical operation SE hardware memory.
By the technical scheme of the present embodiment, in the process that Net silver middleware operates key data take out key data from SE after, can make key data under credible platform, thereby avoid malicious user to crack mode and go to obtain the key data of user's Net silver by the attack under open platform, ensure the safety of key data in the middleware operational phase.In addition, in the process that middleware operates key data take out key data from SE after, because being actually, key data is stored in safe buffer zone, therefore can make key data in safety buffer zone with the storage of plaintext form without encrypting again storage, thereby make credible middleware faster to the access speed of key data, improve the processing speed of key data operation.
After having introduced method exemplary in the present invention, next to exemplary embodiment of the invention, be introduced for the equipment of sensitive data operation.
Referring to Fig. 5, show the structural drawing of the apparatus embodiments 1 of sensitive data operation in the present invention.In the present embodiment, described equipment for example specifically can comprise:
The first calling module 501, for moving under open operation system in response to application program, calls the universal middleware under described open operation system;
The first control module 502, carries out the operation of described application triggers for controlling described universal middleware;
Handover module 503, for trigger sensitive data operation under described open operation system in response to described application program, is switched to described application program trusted operating system and moves from described open operation system;
The second calling module 504, for calling the credible middleware under trusted operating system;
The second control module 505, carries out described sensitive data operation for controlling described credible middleware;
Module for reading and writing 506, for the implementation in described sensitive data operation, controls described credible middleware and from safety element, reads sensitive data use, and/or, control described credible middleware and write sensitive data in described safety element.
Optionally, in some embodiments of the present embodiment, in described universal middleware, for example can have sensitive data operation agent interface, described sensitive data operation agent interface for example can trigger sensitive data operation for responding described application program under described open operation system; Correspondingly, referring to Fig. 6, described handover module 503 for example specifically can comprise:
Monitoring submodule 601, for the operational process under described open operation system in described application program, monitors the operation of described universal middleware;
Call submodule 602, for running to described sensitive data operation agent interface in response to monitoring described universal middleware, call safety monitor;
Control submodule 603, for controlling described safety monitor, the running environment of described application program is switched to trusted operating system from described open operation system.
Optionally, in other embodiments of the present embodiment, described open operation system and described trusted operating system for example can be disposed in credible execution environment TEE chip, and described safety element can be for example SE chip.
Referring to Fig. 7, show the structural drawing of the apparatus embodiments 2 of sensitive data operation in the present invention.In the present embodiment, except all structures shown in Fig. 5, described equipment for example can also comprise:
The 3rd control module 701, after calling the credible middleware under trusted operating system, set up escape way in response to controlling between described credible middleware and described safety element, to carry out the mutual of sensitive data by described escape way between described credible middleware and described safety element
Referring to Fig. 8, show the structural drawing of the apparatus embodiments 3 of sensitive data operation in the present invention.In the present embodiment, except all structures shown in Fig. 5, described equipment for example can also comprise:
The 4th control module 801, for the implementation in described sensitive data operation, controls described credible middleware output information is encrypted;
Storage module 802, for leaving the output information after encrypting in open memory; Wherein, described open memory for store under described open operation system and described trusted operating system under the information that produces.
By the technical scheme of the present embodiment, in the process that middleware operates sensitive data take out sensitive data from SE after, can make sensitive data under credible platform, thereby avoid malicious user to crack mode by the attack under open platform and remove to obtain sensitive data, ensure the safety of sensitive data in the middleware operational phase.In addition, in the process that middleware operates sensitive data take out sensitive data from SE after, because being actually, sensitive data is stored in safe buffer zone, therefore can make sensitive data in safety buffer zone with the storage of plaintext form without encrypting again storage, thereby make credible middleware faster to the access speed of sensitive data, improve the processing speed of sensitive data operation.
It should be noted that, in this article, relational terms such as the first and second grades is only used for an entity or operation to separate with another entity or operational zone, and not necessarily requires or imply and between these entities or operation, have the relation of any this reality or sequentially.Term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thereby the process, method, article or the equipment that make to comprise a series of key elements not only comprise those key elements, but also comprise other key elements of clearly not listing, or be also included as the intrinsic key element of this process, method, article or equipment.The in the situation that of more restrictions not, the key element being limited by statement " comprising ... ", and be not precluded within process, method, article or the equipment that comprises described key element and also have other identical element.
For apparatus embodiments, because it corresponds essentially to embodiment of the method, so relevant part is referring to the part explanation of embodiment of the method.Apparatus embodiments described above is only schematic, the wherein said unit as separating component explanation can or can not be also physically to separate, the parts that show as unit can be or can not be also physical locations, can be positioned at a place, or also can be distributed in multiple network element.Can select according to the actual needs some or all of module wherein to realize the object of the present embodiment scheme.Those of ordinary skill in the art, in the situation that not paying creative work, are appreciated that and implement.
The above is only the application's embodiment; it should be pointed out that for those skilled in the art, do not departing under the prerequisite of the application's principle; can also make some improvements and modifications, these improvements and modifications also should be considered as the application's protection domain.
Claims (10)
1. a method for sensitive data operation, is characterized in that, comprising:
Move under open operation system in response to application program, call the universal middleware under described open operation system, and control described universal middleware and carry out the operation of described application triggers;
Under described open operation system, trigger sensitive data operation in response to described application program, described application program is switched to trusted operating system and is moved from described open operation system, and call the credible middleware under trusted operating system, control described credible middleware and carry out described sensitive data operation;
In the implementation of described sensitive data operation, control described credible middleware and from safety element, read sensitive data, and/or, control described credible middleware and write sensitive data in described safety element.
2. according to described method claimed in claim 1, it is characterized in that, in described universal middleware, have sensitive data operation agent interface, described sensitive data operation agent interface is used for responding described application program, triggers sensitive data operation under described open operation system;
The described sensitive data that triggers under described open operation system in response to described application program operates, and described application program is switched to trusted operating system and is moved from described open operation system, comprising:
In operational process in described application program under described open operation system, monitor the operation of described universal middleware;
Move described sensitive data operation agent interface in response to described universal middleware, call safety monitor, and control described safety monitor the running environment of described application program is switched to trusted operating system from described open operation system.
3. method according to claim 1, is characterized in that, described in call the credible middleware under trusted operating system after, also comprise:
Control between described credible middleware and described safety element and set up escape way, to carry out the mutual of sensitive data by described escape way between described credible middleware and described safety element.
4. method according to claim 1, is characterized in that, also comprises:
In the implementation of described sensitive data operation, control described credible middleware output information is encrypted, and the output information after encrypting is left in open memory; Wherein, described open memory for store under described open operation system and described trusted operating system under the information that produces.
5. method according to claim 1, is characterized in that, described open operation system and described trusted operating system are disposed in credible execution environment TEE chip, and described safety element is SE chip.
6. an equipment for sensitive data operation, is characterized in that, comprising:
The first calling module, for moving under open operation system in response to application program, calls the universal middleware under described open operation system;
The first control module, carries out the operation of described application triggers for controlling described universal middleware;
Handover module, for trigger sensitive data operation under described open operation system in response to described application program, is switched to described application program trusted operating system and moves from described open operation system;
The second calling module, for calling the credible middleware under trusted operating system;
The second control module, carries out described sensitive data operation for controlling described credible middleware;
Module for reading and writing, for the implementation in described sensitive data operation, controls described credible middleware and from safety element, reads sensitive data use, and/or, control described credible middleware and write sensitive data in described safety element.
7. according to described equipment claimed in claim 6, it is characterized in that, in described universal middleware, have sensitive data operation agent interface, described sensitive data operation agent interface is used for responding described application program and under described open operation system, triggers sensitive data operation;
Described handover module comprises:
Monitoring submodule, for the operational process under described open operation system in described application program, monitors the operation of described universal middleware;
Call submodule, for move described sensitive data operation agent interface in response to described universal middleware, call safety monitor;
Control submodule, for controlling described safety monitor, the running environment of described application program is switched to trusted operating system from described open operation system.
8. equipment according to claim 6, is characterized in that, also comprises:
The 3rd control module, after calling the credible middleware under trusted operating system, set up escape way in response to controlling between described credible middleware and described safety element, to carry out the mutual of sensitive data by described escape way between described credible middleware and described safety element.
9. equipment according to claim 6, is characterized in that, also comprises:
The 4th control module, for the implementation in described sensitive data operation, controls described credible middleware output information is encrypted;
Storage module, for leaving the output information after encrypting in open memory; Wherein, described open memory for store under described open operation system and described trusted operating system under the information that produces.
10. equipment according to claim 6, is characterized in that, described open operation system and described trusted operating system are disposed in credible execution environment TEE chip, and described safety element is SE chip.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410342484.8A CN104077533B (en) | 2014-07-17 | 2014-07-17 | A kind of method and apparatus for operating sensitive data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410342484.8A CN104077533B (en) | 2014-07-17 | 2014-07-17 | A kind of method and apparatus for operating sensitive data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104077533A true CN104077533A (en) | 2014-10-01 |
| CN104077533B CN104077533B (en) | 2017-09-15 |
Family
ID=51598783
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410342484.8A Expired - Fee Related CN104077533B (en) | 2014-07-17 | 2014-07-17 | A kind of method and apparatus for operating sensitive data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104077533B (en) |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104462958A (en) * | 2014-11-06 | 2015-03-25 | 东莞宇龙通信科技有限公司 | Intersystem switching method and device of terminal |
| CN104899506A (en) * | 2015-05-08 | 2015-09-09 | 深圳市雪球科技有限公司 | Security system implementation method based on virtual security element in trusted execution environment |
| CN105512576A (en) * | 2015-12-14 | 2016-04-20 | 联想(北京)有限公司 | Method for secure storage of data and electronic equipment |
| CN105592019A (en) * | 2014-11-05 | 2016-05-18 | 中国银联股份有限公司 | Method for bidirectional access to application between dual execution environments |
| WO2016101384A1 (en) * | 2014-12-24 | 2016-06-30 | 宇龙计算机通信科技(深圳)有限公司 | Dual-system switch based data security processing method and apparatus |
| WO2016119288A1 (en) * | 2015-01-30 | 2016-08-04 | 宇龙计算机通信科技(深圳)有限公司 | Data acquisition method, data acquisition device and terminal |
| CN106027563A (en) * | 2016-07-08 | 2016-10-12 | 上海瀚银信息技术有限公司 | Sensitive data encryption and decryption device and method, and transaction system |
| CN106529228A (en) * | 2015-09-02 | 2017-03-22 | 北京壹人壹本信息科技有限公司 | Method and device for safe operations of personal information |
| CN106548084A (en) * | 2015-09-02 | 2017-03-29 | 北京壹人壹本信息科技有限公司 | File security means of defence and device |
| CN106940776A (en) * | 2016-01-04 | 2017-07-11 | 中国移动通信集团公司 | A kind of sensitive data operating method and mobile terminal |
| CN107004098A (en) * | 2015-05-28 | 2017-08-01 | 宇龙计算机通信科技(深圳)有限公司 | A kind of system switching method, device and terminal |
| CN107315970A (en) * | 2016-04-26 | 2017-11-03 | 展讯通信(上海)有限公司 | The exchange method and device of a kind of sensitive data |
| CN107409122A (en) * | 2015-02-09 | 2017-11-28 | 捷德移动安全有限责任公司 | Method for safe operation element |
| CN108228157A (en) * | 2017-12-29 | 2018-06-29 | 北京握奇智能科技有限公司 | TEE system interfaces packaging method, device and mobile terminal |
| CN108933660A (en) * | 2017-05-26 | 2018-12-04 | 展讯通信(上海)有限公司 | Digital content protective system based on HDCP |
| CN109960903A (en) * | 2017-12-26 | 2019-07-02 | 中移(杭州)信息技术有限公司 | A kind of method, apparatus, electronic equipment and storage medium that application is reinforced |
| CN110023941A (en) * | 2016-12-29 | 2019-07-16 | 华为技术有限公司 | A kind of system on chip and method for realizing secure operating system switching |
| CN111159782A (en) * | 2019-12-03 | 2020-05-15 | 支付宝(杭州)信息技术有限公司 | Safety task processing method and electronic equipment |
| CN111177701A (en) * | 2019-12-11 | 2020-05-19 | 北京握奇智能科技有限公司 | Method and equipment for realizing cryptographic function service based on trusted execution environment and security chip |
| WO2020098377A1 (en) * | 2018-11-16 | 2020-05-22 | 阿里巴巴集团控股有限公司 | Remote attestation method and apparatus for trusted application program, and electronic device |
| CN112997179A (en) * | 2018-10-31 | 2021-06-18 | 华为技术有限公司 | Equipment and method for implementing data policy |
| CN113298526A (en) * | 2021-07-22 | 2021-08-24 | 支付宝(杭州)信息技术有限公司 | Offline bill generation method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102763098A (en) * | 2009-12-14 | 2012-10-31 | 思杰系统有限公司 | Methods and systems for communicating between trusted and non-trusted virtual machines |
| US20130007470A1 (en) * | 2011-06-30 | 2013-01-03 | Oracle International Corporation | Secure hosted execution architecture |
| CN103514414A (en) * | 2012-06-26 | 2014-01-15 | 上海盛轩网络科技有限公司 | Encryption method and encryption system based on ARM TrustZone |
| CN103745155A (en) * | 2014-01-03 | 2014-04-23 | 东信和平科技股份有限公司 | Credible Key and safe operation method thereof |
-
2014
- 2014-07-17 CN CN201410342484.8A patent/CN104077533B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102763098A (en) * | 2009-12-14 | 2012-10-31 | 思杰系统有限公司 | Methods and systems for communicating between trusted and non-trusted virtual machines |
| US20130007470A1 (en) * | 2011-06-30 | 2013-01-03 | Oracle International Corporation | Secure hosted execution architecture |
| CN103514414A (en) * | 2012-06-26 | 2014-01-15 | 上海盛轩网络科技有限公司 | Encryption method and encryption system based on ARM TrustZone |
| CN103745155A (en) * | 2014-01-03 | 2014-04-23 | 东信和平科技股份有限公司 | Credible Key and safe operation method thereof |
Non-Patent Citations (1)
| Title |
|---|
| 王熙友: "ARM TrustZone安全隔离技术研究与应用", 《中国优秀硕士学位论文全文数据库 信息科技辑 2014年第01期》 * |
Cited By (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105592019A (en) * | 2014-11-05 | 2016-05-18 | 中国银联股份有限公司 | Method for bidirectional access to application between dual execution environments |
| CN105592019B (en) * | 2014-11-05 | 2018-12-25 | 中国银联股份有限公司 | The method that two-way access is applied between dual execution environment |
| CN104462958A (en) * | 2014-11-06 | 2015-03-25 | 东莞宇龙通信科技有限公司 | Intersystem switching method and device of terminal |
| CN104462958B (en) * | 2014-11-06 | 2018-01-09 | 东莞宇龙通信科技有限公司 | The inter-system switching method and device of a kind of terminal |
| WO2016101384A1 (en) * | 2014-12-24 | 2016-06-30 | 宇龙计算机通信科技(深圳)有限公司 | Dual-system switch based data security processing method and apparatus |
| EP3240254A4 (en) * | 2014-12-24 | 2018-08-15 | Yulong Computer Telecommunication Scientific (Shenzhen) Co., Ltd. | Dual-system switch based data security processing method and apparatus |
| WO2016119288A1 (en) * | 2015-01-30 | 2016-08-04 | 宇龙计算机通信科技(深圳)有限公司 | Data acquisition method, data acquisition device and terminal |
| CN107409122A (en) * | 2015-02-09 | 2017-11-28 | 捷德移动安全有限责任公司 | Method for safe operation element |
| CN107409122B (en) * | 2015-02-09 | 2020-08-11 | 捷德移动安全有限责任公司 | Method for operating a security element |
| CN104899506A (en) * | 2015-05-08 | 2015-09-09 | 深圳市雪球科技有限公司 | Security system implementation method based on virtual security element in trusted execution environment |
| CN104899506B (en) * | 2015-05-08 | 2018-01-12 | 深圳市雪球科技有限公司 | Security system implementation method based on virtual secure element in credible performing environment |
| CN107004098A (en) * | 2015-05-28 | 2017-08-01 | 宇龙计算机通信科技(深圳)有限公司 | A kind of system switching method, device and terminal |
| CN106548084A (en) * | 2015-09-02 | 2017-03-29 | 北京壹人壹本信息科技有限公司 | File security means of defence and device |
| CN106529228A (en) * | 2015-09-02 | 2017-03-22 | 北京壹人壹本信息科技有限公司 | Method and device for safe operations of personal information |
| CN105512576A (en) * | 2015-12-14 | 2016-04-20 | 联想(北京)有限公司 | Method for secure storage of data and electronic equipment |
| CN106940776A (en) * | 2016-01-04 | 2017-07-11 | 中国移动通信集团公司 | A kind of sensitive data operating method and mobile terminal |
| CN107315970B (en) * | 2016-04-26 | 2020-03-20 | 展讯通信(上海)有限公司 | Sensitive data interaction method and device |
| CN107315970A (en) * | 2016-04-26 | 2017-11-03 | 展讯通信(上海)有限公司 | The exchange method and device of a kind of sensitive data |
| CN106027563A (en) * | 2016-07-08 | 2016-10-12 | 上海瀚银信息技术有限公司 | Sensitive data encryption and decryption device and method, and transaction system |
| US10853519B2 (en) | 2016-12-29 | 2020-12-01 | Huawei Technologies Co., Ltd. | System on chip and method for implementing secure operating system switching |
| CN110023941A (en) * | 2016-12-29 | 2019-07-16 | 华为技术有限公司 | A kind of system on chip and method for realizing secure operating system switching |
| CN110023941B (en) * | 2016-12-29 | 2021-04-09 | 华为技术有限公司 | System on chip and method for realizing switching of safety operation system |
| CN108933660A (en) * | 2017-05-26 | 2018-12-04 | 展讯通信(上海)有限公司 | Digital content protective system based on HDCP |
| CN109960903A (en) * | 2017-12-26 | 2019-07-02 | 中移(杭州)信息技术有限公司 | A kind of method, apparatus, electronic equipment and storage medium that application is reinforced |
| CN108228157A (en) * | 2017-12-29 | 2018-06-29 | 北京握奇智能科技有限公司 | TEE system interfaces packaging method, device and mobile terminal |
| CN112997179A (en) * | 2018-10-31 | 2021-06-18 | 华为技术有限公司 | Equipment and method for implementing data policy |
| CN112997179B (en) * | 2018-10-31 | 2024-04-12 | 华为云计算技术有限公司 | Apparatus and method for enforcing data policies |
| WO2020098377A1 (en) * | 2018-11-16 | 2020-05-22 | 阿里巴巴集团控股有限公司 | Remote attestation method and apparatus for trusted application program, and electronic device |
| CN111159782A (en) * | 2019-12-03 | 2020-05-15 | 支付宝(杭州)信息技术有限公司 | Safety task processing method and electronic equipment |
| CN111159782B (en) * | 2019-12-03 | 2021-05-18 | 支付宝(杭州)信息技术有限公司 | Safety task processing method and electronic equipment |
| CN111177701A (en) * | 2019-12-11 | 2020-05-19 | 北京握奇智能科技有限公司 | Method and equipment for realizing cryptographic function service based on trusted execution environment and security chip |
| CN113298526A (en) * | 2021-07-22 | 2021-08-24 | 支付宝(杭州)信息技术有限公司 | Offline bill generation method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104077533B (en) | 2017-09-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104077533A (en) | Sensitive data operating method and device | |
| CN110162981B (en) | Data processing method and device | |
| EP2795829B1 (en) | Cryptographic system and methodology for securing software cryptography | |
| US11061710B2 (en) | Virtual machine exit support by a virtual machine function | |
| US20160314299A1 (en) | Mobile Device with Improved Security | |
| CN108429719B (en) | Key protection method and device | |
| KR102224553B1 (en) | Key storage method, key management method and device | |
| EP3092838B1 (en) | Secure voice and data method and system | |
| KR101489152B1 (en) | Apparatus and method for preventing screen capture | |
| CN102324006B (en) | Processor program safety protection device and method | |
| CN108985096B (en) | Security enhancement and security operation method and device for Android SQLite database | |
| US10719456B2 (en) | Method and apparatus for accessing private data in physical memory of electronic device | |
| CN105095784A (en) | Terminal data writing and reading methods and devices | |
| CN113114681B (en) | Test message processing method, device, computer system and readable storage medium | |
| CN106326782A (en) | Information processing method and electronic device | |
| EP2674892A1 (en) | A method, a device and a computer program support for execution of encrypted computer code | |
| KR20160019780A (en) | System on chip, electronic apparatus including system on chip and operation method of system on chip | |
| CN110932853B (en) | Key management device and key management method based on trusted module | |
| CN107315960B (en) | Control method and system of trusted platform module | |
| CN106886718A (en) | A kind of terminal safety protection method, terminal based on credible micro- domain | |
| Hong et al. | MobiGemini: sensitive-based data and resource protection framework for mobile device | |
| CN113849819B (en) | Method, device, computer equipment and storage medium for processing command line instruction | |
| CN117171733A (en) | Data use method, device, electronic equipment and storage medium | |
| Henson et al. | Attack mitigation through memory encryption of security enhanced commodity processors | |
| CN104615551A (en) | Information processing method and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170915 Termination date: 20210717 |