Mobile terminal using method of android operating system
Technical Field
The invention belongs to the technical field of communication equipment, and particularly relates to a mobile terminal using method of an android operating system.
Background
The TEE (Trusted Execution Environment) Environment is a secure area on the main processor of a mobile device (including a smart phone, a tablet computer, a set-top box, a smart television, and the like), and aims to ensure the security, confidentiality, and integrity of codes and data loaded inside the TEE Environment. The TEE provides an isolated execution environment, and the security features provided include: isolated execution, integrity of trusted applications, confidentiality of trusted data, secure storage, and the like. Overall, the execution space provided by the TEE provides a higher level of security than common mobile operating systems (e.g., IoS, Android, etc.); more functions than the Secure Element SE (e.g. smart card, SIM card, etc.).
The EMMC Memory is an embedded Memory designed for a smart phone, and an RPMB (redundant Protected Memory Block reset Protected Memory) area is arranged on the EMMC, and the area is a write-once area, i.e. erasing is prohibited after data is written once (unless a manufacturer is required to erase the RPMB area completely), and the area occupies a smaller space and is only used for storing confidential information which is relatively important to a mobile terminal, such as a secret key.
The method comprises the steps that a TEE safety encryption mechanism is loaded in an existing mobile terminal, the TEE and a mobile operation system exist in parallel, namely, a one-to-one correspondence relationship (also called as CPU binding EMMC) exists between a mobile terminal CPU and the EMMC, when the mobile terminal is powered on and started, an RPMB key is read in an RPMB storage area in the EMMC, data for unlocking the mobile terminal are read in the RPMB storage area under the condition that the RPMB key is verified successfully, and the mobile terminal is unlocked and started, however, after the CPU of the mobile terminal is replaced, the replaced CPU and the EMMC do not have the one-to-one correspondence relationship, namely the replaced CPU cannot obtain corresponding unlocking data in the RPMB storage area, and further cannot start the mobile terminal. Similarly, after the EMMC in the mobile terminal is replaced, the CPU cannot read the corresponding RPMB key from the replaced RPMB storage area, and thus cannot turn on the mobile terminal. In short, once the CPU or the EMMC of the mobile terminal having the binding relationship fails, the CPU and the EMMC need to be replaced at the same time for continuous use, otherwise the mobile terminal cannot be unlocked and powered on, which greatly increases the maintenance cost of the mobile terminal and also causes resource waste (i.e., the components without the failure also need to be replaced and discarded).
Disclosure of Invention
The invention provides a mobile terminal using method of an android operating system, which reduces the maintenance cost of the mobile terminal and improves the resource utilization rate, in particular,
a method for using a mobile terminal of an android operating system comprises
The mobile terminal is powered on and in a state of running in a TEE system environment, whether a mapping relation is established between the processing unit and the storage unit is judged;
and starting the operating system and forming an android file system matched with the running state to start the mobile terminal in the state that the mapping relation is not established between the processing unit and the storage unit.
Preferably, the method for using the mobile terminal of the android operating system further includes:
after the mobile terminal is started, receiving an operation command of a user and judging whether the operation command needs to be encrypted;
and reading operation file data matched with the operation command in an android operating system through a TEE command in a state that the operation command needs to be encrypted, and forming operation encryption data matched with the operation command and managed by the TEE system according to the operation file data.
Preferably, the method for using the mobile terminal of the android operating system, before starting the operating system and forming an android file system matched with a running state to open the mobile terminal in a state where a mapping relationship is not established between the processing unit and the storage unit, further includes:
and under the condition that a mapping relation is established between the processing unit and the storage unit, reading a key matched with the processing unit from the storage unit according to the mapping relation, and starting the mobile terminal to run an operating system according to the key.
Preferably, the method for using a mobile terminal of the android operating system, where in a state where a mapping relationship is established between the processing unit and the storage unit, a key matched with the processing unit is read from the storage unit according to the mapping relationship, and the mobile terminal is turned on according to the key to run the operating system, specifically includes:
reading a key matched with the processing unit from the storage unit according to the mapping relation in a state that the mapping relation is established between the processing unit and the storage unit;
verifying the key;
and under the condition that the key is successfully verified, unlocking and reading unlocking data matched with the operating system, and starting the operating system according to the unlocking data.
Preferably, the method for using the mobile terminal of the android operating system further includes,
and under the condition that the key is not successfully verified, the operating system maintains the current working state.
Preferably, in the method for using a mobile terminal of the android operating system, the processing unit is mainly formed by a CPU of the mobile terminal.
Preferably, in the method for using the mobile terminal of the android operating system, the storage unit is an EMMC memory.
Preferably, in the method for using a mobile terminal of the android operating system, the key is an RPMB key.
Compared with the prior art, the invention has the beneficial effects that:
in the invention, the mobile terminal is started and enters a TEE safe environment to operate in a state that a mapping relation is established between the processing unit and the storage unit, and the mobile terminal is started and enters a common environment to operate in a state that the mapping relation is not established between the processing unit and the storage unit. That is, in the maintenance process, when the CPU of the mobile terminal has a fault, the mobile terminal can be turned on without simultaneously replacing the EMCC. Otherwise, when the EMCC of the mobile terminal breaks down, the mobile terminal can be started without simultaneously replacing the CPU, so that the maintenance cost of the mobile terminal is greatly reduced, and the resource utilization rate is improved.
Drawings
Fig. 1 is a schematic flowchart of a method for using a mobile terminal of an android operating system in an embodiment of the present invention;
fig. 2 is a schematic flow chart of a method for using a mobile terminal of an android operating system in an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
In the prior art, in the use process of a mobile terminal loaded with a TEE security encryption mechanism, corresponding unlocking data needs to be read through an RPMB KEY, that is, the mobile terminal immediately operates a TEE environment in a power-on state. However, when the user uses the mobile terminal for the first time or starts up the mobile terminal, the security problem cannot be immediately involved, and actually, the user can only involve the security problem after starting up the mobile terminal and running a program which needs to be encrypted. In particular, the amount of the solvent to be used,
as shown in FIG. 1, a method for using a mobile terminal of an android operating system includes
Step S110, the mobile terminal is powered on and in a state of running in a TEE system environment, whether a mapping relation is established between the processing unit and the storage unit is judged; whether the processing unit and the storage unit are mapped is equivalent to whether the processing unit and the storage unit are successfully bound. Further, the processing unit is mainly formed by a CPU of the mobile terminal. The memory unit is an EMMC memory, and the EMMC memory comprises an ERMB memory area.
Step S120, reading a key matched with the processing unit from the storage unit according to the mapping relation in a state that the mapping relation is established between the processing unit and the storage unit, and starting the mobile terminal to run an operating system according to the key; specifically, the method comprises the following steps:
step S1201, reading a key matched with the processing unit from the storage unit according to the mapping relation in a state that the mapping relation is established between the processing unit and the storage unit; the key is RPMB key;
step S1202, verifying the key;
and step S1203, in a state that the key is successfully verified, unlocking and reading unlocking data matched with the operating system, and starting the operating system according to the unlocking data. The method comprises the steps that in the state that RPMB key is verified successfully, unlocking data matched with an operating system are read in an RPMB storage area in an EMCC memory, the operating system executes unlocking operation according to the unlocking data, the mobile terminal is started after the unlocking operation is completed, the mobile terminal enters an operating environment after being started, and at the moment, the mobile terminal operates in a TEE safety environment.
Step S1204, in a state that the key is not successfully verified, the operating system maintains a current working state. Namely, under the state that the RPMB key is not successfully verified, the mobile terminal does not change the current display state and is continuously in the power-on interface until a new RPMB key which is possibly successfully verified is obtained.
It should be noted that: at this time, even if the user inputs the correct power-on unlocking password, the mobile terminal still cannot be started, because the RPMB key is not successfully verified, the verification unit in the operating system does not enter the working state and cannot acquire the standard power-on unlocking password, and even if the user inputs the correct power-on unlocking password, because the verification unit does not enter the working state, the power-on unlocking password input by the user cannot be verified, and further the starting operation cannot be realized.
Step S130, starting the operating system and forming an android file system matched with the running state to start the mobile terminal in the state that the mapping relation is not established between the processing unit and the storage unit. And under the condition that the mapping relation is not established between the processing unit and the storage unit, the mobile terminal is started by utilizing an android file system formed by an operating system, the mobile terminal is not operated in a TEE (trusted execution environment) security environment at the moment, but the mobile terminal can be in a working stage at the moment, and a user can use the mobile terminal to be in operation with a lower secret level.
The working principle of the invention is as follows:
the method comprises the following steps that firstly, whether a mapping relation is established between a processing unit and a storage unit is judged under the state that a mobile terminal is powered on and runs in a TEE system environment; and in the state that the key is successfully verified, unlocking and reading unlocking data matched with the operating system, starting the operating system according to the unlocking data to enable the mobile terminal to operate in a TEE environment, and in the state that a mapping relation is not established between the processing unit and the storage unit, starting the operating system and forming an android file system matched with the operating state to start the mobile terminal, so that the mobile terminal operates in a common environment.
In the invention, the mobile terminal is started and enters a TEE safe environment to operate in a state that a mapping relation is established between the processing unit and the storage unit, and the mobile terminal is started and enters a common environment to operate in a state that the mapping relation is not established between the processing unit and the storage unit. That is, in the maintenance process, when the CPU of the mobile terminal has a fault, the mobile terminal can be turned on without simultaneously replacing the EMCC. Otherwise, when the EMCC of the mobile terminal breaks down, the mobile terminal can be started without simultaneously replacing the CPU, so that the maintenance cost of the mobile terminal is greatly reduced, and the resource utilization rate is improved.
Example two
With the popularization of the intelligent mobile terminal, some running programs with higher confidentiality levels, such as electronic payment, are generally required to be processed in the intelligent mobile terminal. Although the mobile terminal using method of the android operating system provided by the embodiment can be started, the running environment of the mobile terminal is relatively insecure, and a user cannot use the mobile terminal to process operations with higher confidentiality level. Based on this, as shown in fig. 2, the invention further provides a method for using the mobile terminal of the android operating system. Specifically, the method comprises the following steps:
step S210, the mobile terminal is powered on and in the state of TEE system environment operation, whether a mapping relation is established between the processing unit and the storage unit is judged;
step S220, under the condition that a mapping relation is established between the processing unit and the storage unit, reading a key matched with the processing unit from the storage unit according to the mapping relation, and starting the mobile terminal to run an operating system according to the key;
and step S230, starting the operating system and forming an android file system matched with the running state to start the mobile terminal in the state that the mapping relation is not established between the processing unit and the storage unit.
Step S240, after the mobile terminal is started, receiving an operation command of a user and judging whether the operation command needs to be encrypted;
and S250, reading operation file data matched with the operation command in an android operating system through a TEE command in a state that the operation command needs to be encrypted, and forming operation encryption data matched with the operation command and managed by the TEE system according to the operation file data.
In this embodiment, when an operation command input by a user needs to be encrypted, operation file data matched with the operation command is read in an android operating system through a TEE command, and operation encryption data matched with the operation command and managed by the TEE system is formed according to the operation file data. At this time, the mobile terminal is in a TEE environment when processing the operation command.
In this embodiment, not all the applications only work in the TEE environment, but when the user needs to perform the encryption operation, an operation encryption data matched with the operation command and managed by the TEE system is formed according to the operation file data, and the data is stored in the KEY master in the TEE environment, the operation encryption data is managed by the KEY master, and when the user runs the application matched with the operation encryption data, the application works in the TEE environment. In short, the operation encrypted data is temporarily formed when the application requires the encryption processing.
By adopting the embodiment, the use safety of the user is ensured by temporarily generating the operation encryption data, the maintenance cost of the mobile terminal is greatly reduced on the basis of not reducing the use safety performance of the mobile terminal, and the resource utilization rate is improved.
It should be noted that the mobile terminal using method of the android operating system provided by the present invention may also be used in other operating systems, and is not limited to the android operating system.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.