CN106951771B - Mobile terminal using method of android operating system - Google Patents
Mobile terminal using method of android operating system Download PDFInfo
- Publication number
- CN106951771B CN106951771B CN201710161152.3A CN201710161152A CN106951771B CN 106951771 B CN106951771 B CN 106951771B CN 201710161152 A CN201710161152 A CN 201710161152A CN 106951771 B CN106951771 B CN 106951771B
- Authority
- CN
- China
- Prior art keywords
- mobile terminal
- operating system
- processing unit
- storage unit
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Telephone Function (AREA)
Abstract
The invention belongs to the technical field of communication equipment, and particularly relates to a mobile terminal using method of an android operating system, wherein the method comprises the steps of electrifying the mobile terminal, and judging whether a mapping relation is established between a processing unit and a storage unit or not in a state that a TEE system environment runs; and starting the operating system and forming an android file system matched with the running state to start the mobile terminal in the state that the mapping relation is not established between the processing unit and the storage unit. And starting the mobile terminal and entering a common environment to operate in a state that a mapping relation is not established between the processing unit and the storage unit. That is, in the maintenance process, when the CPU of the mobile terminal has a fault, the mobile terminal can be turned on without simultaneously replacing the EMCC. Otherwise, when the EMCC of the mobile terminal breaks down, the mobile terminal can be started without simultaneously replacing the CPU, so that the maintenance cost of the mobile terminal is greatly reduced, and the resource utilization rate is improved.
Description
Technical Field
The invention belongs to the technical field of communication equipment, and particularly relates to a mobile terminal using method of an android operating system.
Background
The TEE (Trusted Execution Environment) Environment is a secure area on the main processor of a mobile device (including a smart phone, a tablet computer, a set-top box, a smart television, and the like), and aims to ensure the security, confidentiality, and integrity of codes and data loaded inside the TEE Environment. The TEE provides an isolated execution environment, and the security features provided include: isolated execution, integrity of trusted applications, confidentiality of trusted data, secure storage, and the like. Overall, the execution space provided by the TEE provides a higher level of security than common mobile operating systems (e.g., IoS, Android, etc.); more functions than the Secure Element SE (e.g. smart card, SIM card, etc.).
The EMMC Memory is an embedded Memory designed for a smart phone, and an RPMB (redundant Protected Memory Block reset Protected Memory) area is arranged on the EMMC, and the area is a write-once area, i.e. erasing is prohibited after data is written once (unless a manufacturer is required to erase the RPMB area completely), and the area occupies a smaller space and is only used for storing confidential information which is relatively important to a mobile terminal, such as a secret key.
The method comprises the steps that a TEE safety encryption mechanism is loaded in an existing mobile terminal, the TEE and a mobile operation system exist in parallel, namely, a one-to-one correspondence relationship (also called as CPU binding EMMC) exists between a mobile terminal CPU and the EMMC, when the mobile terminal is powered on and started, an RPMB key is read in an RPMB storage area in the EMMC, data for unlocking the mobile terminal are read in the RPMB storage area under the condition that the RPMB key is verified successfully, and the mobile terminal is unlocked and started, however, after the CPU of the mobile terminal is replaced, the replaced CPU and the EMMC do not have the one-to-one correspondence relationship, namely the replaced CPU cannot obtain corresponding unlocking data in the RPMB storage area, and further cannot start the mobile terminal. Similarly, after the EMMC in the mobile terminal is replaced, the CPU cannot read the corresponding RPMB key from the replaced RPMB storage area, and thus cannot turn on the mobile terminal. In short, once the CPU or the EMMC of the mobile terminal having the binding relationship fails, the CPU and the EMMC need to be replaced at the same time for continuous use, otherwise the mobile terminal cannot be unlocked and powered on, which greatly increases the maintenance cost of the mobile terminal and also causes resource waste (i.e., the components without the failure also need to be replaced and discarded).
Disclosure of Invention
The invention provides a mobile terminal using method of an android operating system, which reduces the maintenance cost of the mobile terminal and improves the resource utilization rate, in particular,
a method for using a mobile terminal of an android operating system comprises
The mobile terminal is powered on and in a state of running in a TEE system environment, whether a mapping relation is established between the processing unit and the storage unit is judged;
and starting the operating system and forming an android file system matched with the running state to start the mobile terminal in the state that the mapping relation is not established between the processing unit and the storage unit.
Preferably, the method for using the mobile terminal of the android operating system further includes:
after the mobile terminal is started, receiving an operation command of a user and judging whether the operation command needs to be encrypted;
and reading operation file data matched with the operation command in an android operating system through a TEE command in a state that the operation command needs to be encrypted, and forming operation encryption data matched with the operation command and managed by the TEE system according to the operation file data.
Preferably, the method for using the mobile terminal of the android operating system, before starting the operating system and forming an android file system matched with a running state to open the mobile terminal in a state where a mapping relationship is not established between the processing unit and the storage unit, further includes:
and under the condition that a mapping relation is established between the processing unit and the storage unit, reading a key matched with the processing unit from the storage unit according to the mapping relation, and starting the mobile terminal to run an operating system according to the key.
Preferably, the method for using a mobile terminal of the android operating system, where in a state where a mapping relationship is established between the processing unit and the storage unit, a key matched with the processing unit is read from the storage unit according to the mapping relationship, and the mobile terminal is turned on according to the key to run the operating system, specifically includes:
reading a key matched with the processing unit from the storage unit according to the mapping relation in a state that the mapping relation is established between the processing unit and the storage unit;
verifying the key;
and under the condition that the key is successfully verified, unlocking and reading unlocking data matched with the operating system, and starting the operating system according to the unlocking data.
Preferably, the method for using the mobile terminal of the android operating system further includes,
and under the condition that the key is not successfully verified, the operating system maintains the current working state.
Preferably, in the method for using a mobile terminal of the android operating system, the processing unit is mainly formed by a CPU of the mobile terminal.
Preferably, in the method for using the mobile terminal of the android operating system, the storage unit is an EMMC memory.
Preferably, in the method for using a mobile terminal of the android operating system, the key is an RPMB key.
Compared with the prior art, the invention has the beneficial effects that:
in the invention, the mobile terminal is started and enters a TEE safe environment to operate in a state that a mapping relation is established between the processing unit and the storage unit, and the mobile terminal is started and enters a common environment to operate in a state that the mapping relation is not established between the processing unit and the storage unit. That is, in the maintenance process, when the CPU of the mobile terminal has a fault, the mobile terminal can be turned on without simultaneously replacing the EMCC. Otherwise, when the EMCC of the mobile terminal breaks down, the mobile terminal can be started without simultaneously replacing the CPU, so that the maintenance cost of the mobile terminal is greatly reduced, and the resource utilization rate is improved.
Drawings
Fig. 1 is a schematic flowchart of a method for using a mobile terminal of an android operating system in an embodiment of the present invention;
fig. 2 is a schematic flow chart of a method for using a mobile terminal of an android operating system in an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
In the prior art, in the use process of a mobile terminal loaded with a TEE security encryption mechanism, corresponding unlocking data needs to be read through an RPMB KEY, that is, the mobile terminal immediately operates a TEE environment in a power-on state. However, when the user uses the mobile terminal for the first time or starts up the mobile terminal, the security problem cannot be immediately involved, and actually, the user can only involve the security problem after starting up the mobile terminal and running a program which needs to be encrypted. In particular, the amount of the solvent to be used,
as shown in FIG. 1, a method for using a mobile terminal of an android operating system includes
Step S110, the mobile terminal is powered on and in a state of running in a TEE system environment, whether a mapping relation is established between the processing unit and the storage unit is judged; whether the processing unit and the storage unit are mapped is equivalent to whether the processing unit and the storage unit are successfully bound. Further, the processing unit is mainly formed by a CPU of the mobile terminal. The memory unit is an EMMC memory, and the EMMC memory comprises an ERMB memory area.
Step S120, reading a key matched with the processing unit from the storage unit according to the mapping relation in a state that the mapping relation is established between the processing unit and the storage unit, and starting the mobile terminal to run an operating system according to the key; specifically, the method comprises the following steps:
step S1201, reading a key matched with the processing unit from the storage unit according to the mapping relation in a state that the mapping relation is established between the processing unit and the storage unit; the key is RPMB key;
step S1202, verifying the key;
and step S1203, in a state that the key is successfully verified, unlocking and reading unlocking data matched with the operating system, and starting the operating system according to the unlocking data. The method comprises the steps that in the state that RPMB key is verified successfully, unlocking data matched with an operating system are read in an RPMB storage area in an EMCC memory, the operating system executes unlocking operation according to the unlocking data, the mobile terminal is started after the unlocking operation is completed, the mobile terminal enters an operating environment after being started, and at the moment, the mobile terminal operates in a TEE safety environment.
Step S1204, in a state that the key is not successfully verified, the operating system maintains a current working state. Namely, under the state that the RPMB key is not successfully verified, the mobile terminal does not change the current display state and is continuously in the power-on interface until a new RPMB key which is possibly successfully verified is obtained.
It should be noted that: at this time, even if the user inputs the correct power-on unlocking password, the mobile terminal still cannot be started, because the RPMB key is not successfully verified, the verification unit in the operating system does not enter the working state and cannot acquire the standard power-on unlocking password, and even if the user inputs the correct power-on unlocking password, because the verification unit does not enter the working state, the power-on unlocking password input by the user cannot be verified, and further the starting operation cannot be realized.
Step S130, starting the operating system and forming an android file system matched with the running state to start the mobile terminal in the state that the mapping relation is not established between the processing unit and the storage unit. And under the condition that the mapping relation is not established between the processing unit and the storage unit, the mobile terminal is started by utilizing an android file system formed by an operating system, the mobile terminal is not operated in a TEE (trusted execution environment) security environment at the moment, but the mobile terminal can be in a working stage at the moment, and a user can use the mobile terminal to be in operation with a lower secret level.
The working principle of the invention is as follows:
the method comprises the following steps that firstly, whether a mapping relation is established between a processing unit and a storage unit is judged under the state that a mobile terminal is powered on and runs in a TEE system environment; and in the state that the key is successfully verified, unlocking and reading unlocking data matched with the operating system, starting the operating system according to the unlocking data to enable the mobile terminal to operate in a TEE environment, and in the state that a mapping relation is not established between the processing unit and the storage unit, starting the operating system and forming an android file system matched with the operating state to start the mobile terminal, so that the mobile terminal operates in a common environment.
In the invention, the mobile terminal is started and enters a TEE safe environment to operate in a state that a mapping relation is established between the processing unit and the storage unit, and the mobile terminal is started and enters a common environment to operate in a state that the mapping relation is not established between the processing unit and the storage unit. That is, in the maintenance process, when the CPU of the mobile terminal has a fault, the mobile terminal can be turned on without simultaneously replacing the EMCC. Otherwise, when the EMCC of the mobile terminal breaks down, the mobile terminal can be started without simultaneously replacing the CPU, so that the maintenance cost of the mobile terminal is greatly reduced, and the resource utilization rate is improved.
Example two
With the popularization of the intelligent mobile terminal, some running programs with higher confidentiality levels, such as electronic payment, are generally required to be processed in the intelligent mobile terminal. Although the mobile terminal using method of the android operating system provided by the embodiment can be started, the running environment of the mobile terminal is relatively insecure, and a user cannot use the mobile terminal to process operations with higher confidentiality level. Based on this, as shown in fig. 2, the invention further provides a method for using the mobile terminal of the android operating system. Specifically, the method comprises the following steps:
step S210, the mobile terminal is powered on and in the state of TEE system environment operation, whether a mapping relation is established between the processing unit and the storage unit is judged;
step S220, under the condition that a mapping relation is established between the processing unit and the storage unit, reading a key matched with the processing unit from the storage unit according to the mapping relation, and starting the mobile terminal to run an operating system according to the key;
and step S230, starting the operating system and forming an android file system matched with the running state to start the mobile terminal in the state that the mapping relation is not established between the processing unit and the storage unit.
Step S240, after the mobile terminal is started, receiving an operation command of a user and judging whether the operation command needs to be encrypted;
and S250, reading operation file data matched with the operation command in an android operating system through a TEE command in a state that the operation command needs to be encrypted, and forming operation encryption data matched with the operation command and managed by the TEE system according to the operation file data.
In this embodiment, when an operation command input by a user needs to be encrypted, operation file data matched with the operation command is read in an android operating system through a TEE command, and operation encryption data matched with the operation command and managed by the TEE system is formed according to the operation file data. At this time, the mobile terminal is in a TEE environment when processing the operation command.
In this embodiment, not all the applications only work in the TEE environment, but when the user needs to perform the encryption operation, an operation encryption data matched with the operation command and managed by the TEE system is formed according to the operation file data, and the data is stored in the KEY master in the TEE environment, the operation encryption data is managed by the KEY master, and when the user runs the application matched with the operation encryption data, the application works in the TEE environment. In short, the operation encrypted data is temporarily formed when the application requires the encryption processing.
By adopting the embodiment, the use safety of the user is ensured by temporarily generating the operation encryption data, the maintenance cost of the mobile terminal is greatly reduced on the basis of not reducing the use safety performance of the mobile terminal, and the resource utilization rate is improved.
It should be noted that the mobile terminal using method of the android operating system provided by the present invention may also be used in other operating systems, and is not limited to the android operating system.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (4)
1. A mobile terminal using method of an android operating system is characterized by comprising the following steps:
the mobile terminal is powered on and in a state of running in a TEE system environment, whether a mapping relation is established between the processing unit and the storage unit is judged;
starting the operating system and forming an android file system matched with the running state to start the mobile terminal in the state that the mapping relation is not established between the processing unit and the storage unit;
after the mobile terminal is started, receiving an operation command of a user and judging whether the operation command needs to be encrypted;
reading operation file data matched with the operation command in an android operating system through a TEE command in a state that the operation command needs to be encrypted, and forming operation encryption data matched with the operation command and managed by the TEE system according to the operation file data;
before starting the mobile terminal by starting the operating system and forming an android file system matched with the running state in a state that a mapping relation is not established between the processing unit and the storage unit, the method further comprises:
under the condition that a mapping relation is established between the processing unit and the storage unit, reading a key matched with the processing unit from the storage unit according to the mapping relation, and starting the mobile terminal to run an operating system according to the key;
in the state where a mapping relationship is established between the processing unit and the storage unit, reading a key matched with the processing unit from the storage unit according to the mapping relationship, and starting the mobile terminal to run an operating system according to the key, the method specifically includes:
reading a key matched with the processing unit from the storage unit according to the mapping relation in a state that the mapping relation is established between the processing unit and the storage unit;
verifying the key;
under the condition that the key is successfully verified, unlocking and reading unlocking data matched with the operating system, and starting the operating system according to the unlocking data;
under the condition that the key is not successfully verified, the operating system maintains the current working state and is continuously in a starting interface until a new key which is successfully verified is obtained;
the starting-up interface is an interface which can not be started up even if a user inputs a correct starting-up unlocking password.
2. The method for using the mobile terminal of the android operating system of claim 1, wherein the processing unit is mainly formed by a CPU of the mobile terminal.
3. The method for using the mobile terminal of the android operating system of claim 1, wherein the storage unit is an EMMC memory.
4. The method for using the mobile terminal of the android operating system of claim 1, wherein the key is an RPMB key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710161152.3A CN106951771B (en) | 2017-03-17 | 2017-03-17 | Mobile terminal using method of android operating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710161152.3A CN106951771B (en) | 2017-03-17 | 2017-03-17 | Mobile terminal using method of android operating system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106951771A CN106951771A (en) | 2017-07-14 |
| CN106951771B true CN106951771B (en) | 2020-11-17 |
Family
ID=59473256
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710161152.3A Active CN106951771B (en) | 2017-03-17 | 2017-03-17 | Mobile terminal using method of android operating system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106951771B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107422993B (en) * | 2017-07-31 | 2020-06-02 | 北京小米移动软件有限公司 | Processing device and system of embedded memory |
| CN109492370B (en) * | 2017-09-11 | 2022-06-28 | 华为技术有限公司 | Terminal starting method, terminal and signature device |
| CN113535243A (en) * | 2020-04-22 | 2021-10-22 | 宇龙计算机通信科技(深圳)有限公司 | Terminal starting method and device, terminal and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101630353A (en) * | 2008-06-30 | 2010-01-20 | 英特尔公司 | System and method to secure boot uefi firmware and uefi-aware operating systems on a mobile internet device (mid) |
| CN105787353A (en) * | 2014-12-17 | 2016-07-20 | 联芯科技有限公司 | Credible application management system and loading method for credible applications |
| CN106384042A (en) * | 2016-09-13 | 2017-02-08 | 北京豆荚科技有限公司 | Electronic device and security system |
-
2017
- 2017-03-17 CN CN201710161152.3A patent/CN106951771B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101630353A (en) * | 2008-06-30 | 2010-01-20 | 英特尔公司 | System and method to secure boot uefi firmware and uefi-aware operating systems on a mobile internet device (mid) |
| CN105787353A (en) * | 2014-12-17 | 2016-07-20 | 联芯科技有限公司 | Credible application management system and loading method for credible applications |
| CN106384042A (en) * | 2016-09-13 | 2017-02-08 | 北京豆荚科技有限公司 | Electronic device and security system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106951771A (en) | 2017-07-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8955056B2 (en) | Terminal and method for assigning permission to application | |
| JP6585072B2 (en) | Safe reading of data into non-volatile memory or secure elements | |
| US9817972B2 (en) | Electronic assembly comprising a disabling module | |
| CN106951771B (en) | Mobile terminal using method of android operating system | |
| CN110598384B (en) | Information protection method, information protection device and mobile terminal | |
| WO2014167721A1 (en) | Data erasing device, data erasing method, program, and storage medium | |
| CN103049694A (en) | Core safety architecture implementation method of intelligent financial transaction terminal | |
| CN107273150B (en) | Preloading firmware downloading and writing method and device | |
| CN109977039A (en) | HD encryption method for storing cipher key, device, equipment and readable storage medium storing program for executing | |
| EP3895939A1 (en) | Electronic control device and security verification method for electronic control device | |
| US9450751B2 (en) | Smart card, electronic device, and portable electronic device | |
| US11308238B2 (en) | Server and method for identifying integrity of application | |
| CN101150459B (en) | Method and system for improving safety of information safety device | |
| CN104361280A (en) | Method for carrying out credible certification on USB storage device through SMI interrupt | |
| CN113704773B (en) | Relay protection safety chip operating system and communication method thereof | |
| CN110851881B (en) | Security detection method and device for terminal equipment, electronic equipment and storage medium | |
| CN112307481B (en) | System trusted starting method, electronic equipment and computer readable storage medium | |
| CN110543769B (en) | Trusted starting method based on encrypted TF card | |
| US20090235365A1 (en) | Data access system | |
| US20090187898A1 (en) | Method for securely updating an autorun program and portable electronic entity executing it | |
| CN108990046B (en) | Connection method of mobile network | |
| CN110781472A (en) | Fingerprint data storage and verification method, terminal and storage medium | |
| JP2006338311A (en) | Computer system for processing device loaded with multiple applications, device and computer program | |
| US20090235328A1 (en) | Data accessing system | |
| CN104134025A (en) | Mobile terminal locking method and device based on SIM cards and mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200330 Address after: 750021 No.2 Shuangyong street, Xixia District, Yinchuan City, Ningxia Hui Autonomous Region Applicant after: Zhao Chengzhi Address before: 200233, Shanghai, Jinshan District Jinshan Industrial Zone, Ting Wei highway 65584, room 1309 Applicant before: SHANGHAI WIND TECHNOLOGIES Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20201023 Address after: 343000 Yidu home furnishing Expo City 32-305, No.68 Ji'an Avenue, Beixin District, Ji'an City, Jiangxi Province Applicant after: Ji'an Senbo Wood Industry Co.,Ltd. Address before: 750021 No.2 Shuangyong street, Xixia District, Yinchuan City, Ningxia Hui Autonomous Region Applicant before: Zhao Chengzhi |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |