CN108306892A - A kind of request responding method and system based on TrustZone - Google Patents
A kind of request responding method and system based on TrustZone Download PDFInfo
- Publication number
- CN108306892A CN108306892A CN201810172815.6A CN201810172815A CN108306892A CN 108306892 A CN108306892 A CN 108306892A CN 201810172815 A CN201810172815 A CN 201810172815A CN 108306892 A CN108306892 A CN 108306892A
- Authority
- CN
- China
- Prior art keywords
- signature
- request
- trustzone
- registration form
- response system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/01—Input arrangements or combined input and output arrangements for interaction between user and computer
- G06F3/03—Arrangements for converting the position or the displacement of a member into a coded form
- G06F3/041—Digitisers, e.g. for touch screens or touch pads, characterised by the transducing means
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Physics & Mathematics (AREA)
- Human Computer Interaction (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of request responding method and system based on TrustZone, are to be combined together the method for TrustZone technologies and signature verification, and when receiving the first connection request of requesting party's transmission, signature verification request is sent to the requesting party;The verification signature of requesting party's response is received, and judges whether the verification signature is consistent with the prestoring signature that is stored in the safety zones TrustZone;If so, receiving the connection request, connected to be established with the requesting party.The present invention is especially suitable for the network equipments such as router or smart home, are required by the method for signature verification to judge whether requesting party meets access, compared to single password authentification, the difficulty being cracked greatly increases;In addition combined with the technical characterstic of TrustZone, the signature that will prestore is stored in the safety zone of TrustZone, even more greatly improves the safety of whole system.
Description
Technical field
The invention belongs to technical field of network security more particularly to a kind of request responding method based on TrustZone and
System.
Background technology
With the development of the communication technology, information exchange means are increasingly diversified, and Internet era has been stepped into the whole world.Routing
The network equipments such as device or smart home are widely used in each place such as family, factory, office building, hospital, school.It is same with this
When, network security is increasingly becoming general public's positive regard and the topic of discussion.Whether network directly influences safely network
Normal operation, notably will also lead to the loss of privacy of user, property etc..
However, in the prior art, the network equipments such as router or smart home used at present fail correctly to set mostly
Protection of Network Security mechanism is set, safety is poor, because itself is again as the important node in network, leads to this kind of network equipment
It is easy to start malicious attack by network attack person.Attacker cracked by Network Sniffing, exhaustion or the modes such as social engineering i.e.
The access pin of router or smart home device can be obtained, then logining equipment using the password carries out corresponding destruction row
For.
TrustZone technologies are the safety methods in the system scope that ARM companies propose, by closely collecting with processor
At, and be extended in whole system by specific bus and specific TrustZone systems IP.The method can be effective
The peripheral hardwares such as secure memory, cryptographic block, keyboard and display screen are protected on ground, so that it is guaranteed that they are from software attacks.Existing routing
The networks knot equipment such as device or smart home is equipped with the arm processor for supporting TrustZone technologies mostly, makes full use of
The security advantages of TrustZone undoubtedly will greatly enhance the safety of total system, be brought for individual subscriber privacy and property
More strong protection.
Invention content
Based on this, the present invention provides a kind of request responding method and system based on TrustZone, by TrustZone
Technology and the method for signature verification are combined together, to improve the safety of the network equipments such as router or smart home.
A kind of request responding method based on TrustZone according to the ... of the embodiment of the present invention is applied to router or intelligence
The network equipments such as household, including:
When asking response system to receive the first connection request of requesting party's transmission, sends signature to the requesting party and test
Card request;Receive the verification signature of requesting party's response, and judge verification signature whether be stored in request response and be
The signature that prestores in the safety zones system TrustZone is consistent;If consistent, receive the connection request, so as to the requesting party
Establish connection.
In a kind of above-mentioned request responding method based on TrustZone, it is described judge the verification signature whether with
It is stored in after the consistent step of signature that prestores in the safety zones request response system TrustZone, further includes:
If verification signature and the signature that prestores being stored in the safety zones request response system TrustZone are inconsistent,
It then returns to authentication error and is prompted to the requesting party, and return to the step of execution sends signature verification request to the requesting party.
In a kind of above-mentioned request responding method based on TrustZone, it is described judge the verification signature whether with
It is stored in after the consistent step of signature that prestores in the safety zones request response system TrustZone, further includes:
The contact address of administrator is obtained in registration form, and sends abnormal connection prompt, institute to the contact address
Registration form is stated to be stored in the router or the memory of intelligent home network equipment.
It is described to obtain administrator's in registration form in a kind of above-mentioned request responding method based on TrustZone
The step of contact address includes:
Step 1:The management weight of each user is obtained in the registration form, and will be managed the highest user of weight and be made
For the administrator;
Step 2:The pre-stored address that the management highest user of weight is obtained in the registration form, using as described
Contact address.
In a kind of above-mentioned request responding method based on TrustZone, further include:
When asking response system to receive data input request, recalls information recording program;
When asking response system to enter signature typing subprogram, obtains and the user for storing the touch screen induction is defeated
The interaction signature entered;
When asking response system to enter address typing subprogram, the user input of the touch screen induction is obtained
Interaction address, and be deposited into the interactive address as the contact address of the user in the registration form;
When asked response system enters weight typing subprogram, the user for obtaining the touch screen induction is defeated
The weight proportion entered, and be deposited into the weight proportion as the management weight of the user in the registration form.
In a kind of above-mentioned request responding method based on TrustZone, further include:
When asking response system to receive factory reset request, sends out data and delete prompting, to prompt user to be
Record data in signature and the registration form of prestoring described in no deletion;Signature and the note of prestoring is not deleted when receiving
Record data instruction when, by it is described prestore signature and the registration form backup upload onto the server, start factory reset journey
Sequence, when the router or intelligent home network equipment complete factory reset and restart, from the server
Prestore signature and the registration form described in download;When receiving the instruction of prestore described in deletion signature and the record data,
All record data in signature and the registration form of prestoring described in deletion.
A kind of request response system based on TrustZone is applied to the network equipments such as router or smart home, special
Sign is, including:
Sending module is verified, for when receiving the first connection request of requesting party's transmission, being sent to the requesting party
Signature verification request;Signature judgment module, the verification for receiving requesting party's response are signed, and judge the verification signature
It is whether consistent with the prestoring signature that is stored in the safety zones TrustZone;Ask respond module, for determining the verification
When signature is consistent with the signature that prestores, receives the connection request, connected to be established with the requesting party.
In a kind of above-mentioned request response system based on TrustZone, the request response system further includes:
Miscue module, for when determining the verification signature and the signature that prestores is inconsistent, returning to verification
The requesting party is given in miscue, and the verification sending module sends the signature verification request to the requesting party again.
Further include:The contact address of administrator is obtained in registration form, and sends abnormal connection to the contact address
Prompt, the registration form are stored in the memory of the network equipments such as the router or smart home, wherein from registration form
The step of contact address of acquisition administrator includes in the middle:
Step 1:The management weight of each user is obtained in the registration form, and will be managed the highest user of weight and be made
For the administrator;
Step 2:The pre-stored address that the management highest user of weight is obtained in the registration form, using as described
Contact address.
In a kind of above-mentioned request response system based on TrustZone, the networks such as the router or smart home are set
Standby includes a touch screen for being used for human-computer interaction, and carries out data input by data input module, when request response system connects
When receiving data input request, recalls information recording module;
When asking response system to enter signature typing subprogram, obtains and the user for storing the touch screen induction is defeated
The interaction signature entered;
When asking response system to enter address typing subprogram, the user input of the touch screen induction is obtained
Interaction address, and be deposited into the interactive address as the contact address of the user in the registration form;
When asking response system to enter weight typing subprogram, the user input of the touch screen induction is obtained
Weight proportion, and be deposited into the registration form, weigh using the weight proportion as the management weight of the user
Weight is the capacity of water to asking response system configuration change.
Further include resetting module in a kind of above-mentioned request response system based on TrustZone:When request response system
When receiving factory reset request, resetting module is called:Prompting is deleted for sending out data, to prompt the user whether to delete
Record data in prestore signature and the registration form;Signature and the record data of prestoring are not deleted when receiving
Instruction when, by it is described prestore signature and the registration form backup upload onto the server, start factory reset program, work as institute
When stating router or the completion factory reset of intelligent home network equipment and restarting, from the server described in download
Prestore signature and the registration form;When receiving the instruction of prestore described in deletion signature and the record data, described in deletion
All record data in signature and the registration form of prestoring.
Therefore, the request responding method and system based on TrustZone, are judged by the method for signature verification
Whether requesting party, which meets access, requires, and compared to single password authentification, the difficulty being cracked greatly increases;In addition combined with
The technical characterstic of TrustZone, the signature that will prestore are stored in the safety zone of TrustZone, are even more greatly improved entire
The safety of system.
Description of the drawings
Fig. 1 is the flow chart of the request responding method in first embodiment of the invention.
Fig. 2 is the flow chart of the request responding method in second embodiment of the invention.
Fig. 3 is the specific implementation flow chart of step B5 in Fig. 2.
Fig. 4 is the flow chart of the interactive information typing in second embodiment of the invention.
Fig. 5 is the flow chart of the factory reset in second embodiment of the invention.
Fig. 6 is the structural schematic diagram of the request response system in third embodiment of the invention.
Specific implementation mode
To facilitate the understanding of the present invention, below with reference to relevant drawings to invention is more fully described.In attached drawing
Give several embodiments of the present invention.But the present invention can realize in many different forms, however it is not limited to this paper institutes
The embodiment of description.On the contrary, purpose of providing these embodiments is make it is more thorough and comprehensive to the disclosure.
In attached drawing, main element symbol description:
Detailed description below will be further illustrated the present invention in conjunction with above-mentioned attached drawing.
Referring to Fig. 1, showing the request responding method in first embodiment of the invention, it is applied to router or intelligent family
The network equipments such as residence, including step A1 to step A3.
Step A1:When receiving the first connection request of requesting party's transmission, sends signature verification to the requesting party and ask
It asks.
It should be understood that when requesting party's (such as mobile phone, tablet) found in wireless network list corresponding router or
The SSID of smart home, and when requiring to be connected to the router or smart home by way of inputting password, the request in addition
Side will send connection request to the network equipments such as the router or smart home, if the requesting party was before this from being not connected with or connected
Relationship (the SSID access pins of such as router or smart home are changed) changes, and connection request at this time is as first
Connection request.
In addition, when requesting party receives signature verification request, signature verification program, and automatic spring signature circle will be executed
Face (the signature interface in such as POS machine) is signed so that user inputs, and after user inputs signature, requesting party interacts user defeated
The verification signature entered is sent to the network equipments such as the router or smart home.
Step A2:Receive the verification signature of requesting party's response, and judge the verification sign whether be stored in
The signature that prestores in the safety zones TrustZone is consistent.
It should be pointed out that when inputting signature, signature background is typically white background, and the signature inputted will project to
In background of signing, to form the signature picture of white gravoply, with black engraved characters, therefore above-mentioned verification signature and the signature that prestores is with the shape of picture
Formula is stored in the safety zone of TrustZone.
Wherein, described to judge whether the verification signature is consistent with the prestoring signature that is stored in the safety zones TrustZone
The step of can follow the steps below specific implementation:First according to the difference of pixel value, interception verification is signed and is stored in
The signature to prestore on signature in the safety zones TrustZone, and matched in character library, to respectively obtain in verification signature
Character/number and prestore signature in character/number, then judge the two it is whether identical.
Wherein, when determining the verification signature and the signature that prestores is consistent, then the step A3 is executed, judgement is worked as
When to verification signature and the inconsistent signature that prestores, requesting party's authentication error is represented, there is presently no qualification connections should
The network equipments such as router or smart home.
Step A3:Receive the connection request, is connected with being established with the requesting party.
To sum up, the request responding method based on TrustZone in the above embodiment of the present invention, when receiving requesting party
When the connection request sent for the first time, the address of the requesting party is obtained in the connection request, and to the communication
Address sends signature verification, to prompt the requesting party to input signature, while when receiving the signature of requesting party's input,
Judge whether the signature is stored in the safety zone of TrustZone, only when being stored with the signature in the safety zone of TrustZone
And just agree to that the requesting party accesses connection when signing consistent.Therefore, the request responding method based on TrustZone and it is
System is required to judge whether requesting party meets access by the method for signature verification, compared to single password authentification, is broken
The difficulty of solution greatly increases;In addition combined with the technical characterstic of TrustZone, the signature that prestores is stored in the safety of TrustZone
In area, the safety of whole system is even more greatly improved.
Referring to Fig. 2, showing the request responding method based on TrustZone in second embodiment of the invention, apply
In the network equipments such as router or smart home, the network equipments such as the router or smart home include one for human-computer interaction
Touch screen, the request responding method includes step B1 to step B5.
Step B1:When receiving the first connection request of requesting party's transmission, sends signature verification to the requesting party and ask
It asks.
Step B2:Receive the verification signature of requesting party's response, and judge the verification sign whether be stored in
The signature that prestores in the safety zones TrustZone is consistent.
Wherein, when determining the verification signature and the signature that prestores is consistent, then the step B3 is executed, judgement is worked as
When not consistent with the signature that prestores to verification signature, then the step B4 is executed.
Step B3:Receive the connection request, is connected to be established with the requesting party.
It should be pointed out that when the network equipments such as router or smart home receive the first connection request of the requesting party
Afterwards, the follow-up requesting party will connect the network equipments such as the router or smart home automatically.
Step B4:It returns to authentication error and is prompted to the requesting party, and it is described to address transmission to return to execution
The step of signature verification.
It should be understood that when determining the verification signature and the signature that prestores is inconsistent, requesting party's input is represented
Signature it is incorrect, requesting party will obtain error prompting at this time, and will pop up again signature interface, so that user inputs label again
Name, to carry out signature verification again.
Step B5:The contact address of administrator is obtained in registration form, and sends abnormal connection to the contact address
Prompt, the registration form are stored in the memory of the network equipments such as the router or smart home.
Wherein, the contact address can be that cell-phone number, mailbox, QQ number, WeChat ID etc. at least one of be worked as, and these
Address and the above-mentioned signature that prestores can be preset, and specifically default step can be according to the flow of following interactive information typings
Step executes.
Fig. 3 is please referred to, the specific implementation flow chart of step B5, including step B5.1 to step B5.2 are shown.
Step B5.1:The management weight of each user is obtained in the registration form, and will manage the highest use of weight
Family is as the administrator.
Step B5.2:Obtained in the registration form it is described management the highest user of weight pre-stored address, using as
The contact address.
Fig. 4 is please referred to, the tool of the typing interactive information in the network equipments such as the router or smart home is shown
Body flow chart, including step C1 to step C4.
Step C1:When receiving data input request, recalls information recording program.
In the specific implementation, setting information typing it can start icon on the network equipments such as router or smart home,
And it includes being opened on the touch screen when user clicks the data input by the touch screen that the data input, which is started icon,
When cardon mark, the network equipments such as the router or smart home will receive data input request, and call automatically and execute this
Data input program.
Step C2:When entering signature typing subprogram, obtains and store the input by user of the touch screen induction
Interaction signature.
Step C3:When entering address typing subprogram, the friendship input by user of the touch screen induction is obtained
Mutual address, and be deposited into the interactive address as the contact address of the user in the registration form.
Step C4:When entering weight typing subprogram, the power input by user of the touch screen induction is obtained
Weight ratio, and be deposited into the weight proportion as the management weight of the user in the registration form.
It may be noted that when, when system often enters a data input subprogram, will all provide corresponding input prompt
And input interface.
Fig. 5 is please referred to, the detailed process of the network equipments factory reset such as the router or smart home is shown
Figure, including step D1 to step D4.
Step D1:When receiving factory reset request, sends out data and delete prompting, to prompt the user whether to delete
Record data in prestore signature and the registration form.
Step D2:When receiving the instruction for not deleting prestore signature and the record data, by the label that prestore
Name and registration form backup are uploaded onto the server.
Step D3:Start factory reset program.
Step D4:When the network equipments such as the router or smart home complete factory reset and restart,
Prestore signature and the registration form described in being downloaded from the server.
It should be pointed out that in order to further increase the safety of the network equipments such as router or smart home, Ke Yi
Judge verification signature whether be stored in the consistent step of signature that prestores of the safety zones TrustZone, figure can be passed through
Comparative analysis technology further judges that the character/number in verification signature is on font with the character/number in the signature that prestores
It is no identical.
Another aspect of the present invention also provides a kind of request response system based on TrustZone, please refers to Fig. 6, show
Request response system in third embodiment of the invention, the request response system are applied to the networks such as router or smart home
In equipment, the request response system includes:
Sending module M1 is verified, for when receiving the first connection request of requesting party's transmission, being sent out to the requesting party
Send signature verification request;
Sign judgment module M2, and the verification for receiving requesting party's response is signed, and judges that the verification signature is
It is no consistent with the signature that prestores that is being stored in the safety zones TrustZone;
Ask respond module M3, for determine verification signature it is consistent with the signature that prestores when, described in receiving
Connection request connects to be established with the requesting party.
Further, the request response system further includes:
Miscue module M4, for when determining the verification signature and the signature that prestores is inconsistent, return to be tested
Miscue is demonstrate,proved to the requesting party, and the verification sending module sends the signature verification to the requesting party again and asks
It asks.
Further, the request response system further includes:
Abnormal prompt module M5, the contact address for obtaining administrator in registration form, and to the contact address
Abnormal connection prompt is sent, the registration form is stored in the memory of the network equipments such as the router or smart home.
Further, the abnormal prompt module M5 includes:
First acquisition unit M51, the management weight for obtaining each user in the registration form, and by administrative power
The highest user of weight is as the administrator;
Second acquisition unit M52 obtains the pre-stored address of the management highest user of weight in the registration form,
Using as the contact address.
Further, the network equipments such as the router or smart home include a touch screen for being used for human-computer interaction, institute
Stating request response system further includes:
Routine call module M6, for when receive data input request when, recalls information recording program;
Sign acquisition module M7, when entering signature typing subprogram, obtains and store the use of the touch screen induction
The interaction signature of family input;
Address acquisition module M8 obtains the user of the touch screen induction when entering address typing subprogram
The interaction address of input, and the interactive address is deposited into the registration form as the contact address of the user and is worked as
In;
Weight Acquisition module M9 obtains the user of the touch screen induction when entering weight typing subprogram
The weight proportion of input, and the weight proportion is deposited into the registration form as the management weight of the user and is worked as
In.
Further, the request response system further includes:
Reminding module M10 is deleted, for when receiving factory reset request, sending out data and deleting prompting, to carry
Show whether user deletes the record data in prestore signature and the registration form;
Data uploading module M11, for when receiving the instruction for not deleting prestore signature and the record data,
By it is described prestore signature and the registration form backup upload onto the server;
Program starting module M12, for starting factory reset program;
Data download module M13, for completing factory reset when network equipments such as the router or smart homes
And when restarting, prestore from the server described in download signature and the registration form.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example
Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not
Centainly refer to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be any
One or more embodiments or example in can be combined in any suitable manner.
Several embodiments of the invention above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously
Cannot the limitation to the scope of the claims of the present invention therefore be interpreted as.It should be pointed out that for those of ordinary skill in the art
For, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to the guarantor of the present invention
Protect range.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.
Claims (10)
1. a kind of request responding method based on TrustZone, which is characterized in that including:
When asking response system to receive the first connection request of requesting party's transmission, sends signature verification to the requesting party and ask
It asks;Receive the verification signature of requesting party's response, and judge the verification sign whether be stored in request response system
The signature that prestores in the safety zones TrustZone is consistent;If consistent, receive the connection request, to be built with the requesting party
Vertical connection.
2. a kind of request responding method based on TrustZone according to claim 1, which is characterized in that sentence described
The disconnected verification signature whether be stored in the safety zones request response system TrustZone prestoring the consistent step of signature it
Afterwards, further include:
If verification signature and the signature that prestores being stored in the safety zones request response system TrustZone are inconsistent, return
It returns authentication error and is prompted to the requesting party, and return to the step of execution sends signature verification request to the requesting party.
3. a kind of request responding method based on TrustZone according to claim 1, which is characterized in that sentence described
The disconnected verification signature whether be stored in the safety zones request response system TrustZone prestoring the consistent step of signature it
Afterwards, further include:
The contact address of administrator is obtained in registration form, and sends abnormal connection prompt to the contact address, it is described to step on
Note table is stored in the router or the memory of intelligent home network equipment.
4. a kind of request responding method based on TrustZone according to claim 3, which is characterized in that described from stepping on
The step of contact address of acquisition administrator, includes in note table:
Step 1:The management weight of each user is obtained in the registration form, and will manage the highest user of weight as institute
State administrator;
Step 2:The pre-stored address that the management highest user of weight is obtained in the registration form, using as the contact
Address.
5. a kind of request responding method based on TrustZone according to claim 4, which is characterized in that further include:
When asking response system to receive data input request, recalls information recording program;
When asking response system to enter signature typing subprogram, obtains and store the input by user of the touch screen induction
Interaction signature;
When asking response system to enter address typing subprogram, the friendship input by user of the touch screen induction is obtained
Mutual address, and be deposited into the interactive address as the contact address of the user in the registration form;
When asked response system enters weight typing subprogram, the described input by user of the touch screen induction is obtained
Weight proportion, and be deposited into the weight proportion as the management weight of the user in the registration form.
6. a kind of request responding method based on TrustZone according to claim 4, which is characterized in that further include:
When asking response system to receive factory reset request, sends out data and delete prompting, to prompt the user whether to delete
Except the record data in prestore signature and the registration form;Signature and the record number of prestoring is not deleted when receiving
According to instruction when, by it is described prestore signature and the registration form backup upload onto the server, start factory reset program, when
When the router or intelligent home network equipment are completed factory reset and restarted, institute is downloaded from the server
State prestore signature and the registration form;When receiving the instruction of prestore described in deletion signature and the record data, institute is deleted
State all record data in prestoring signature and the registration form.
7. a kind of request response system based on TrustZone is applied to the network equipments such as router or smart home, feature
It is, including:
Sending module is verified, for when receiving the first connection request of requesting party's transmission, sending and signing to the requesting party
Checking request;Signature judgment module, the verification for receiving requesting party's response are signed, and whether judge the verification signature
Signature is prestored with being stored in the safety zones TrustZone unanimously;Ask respond module, for determining the verification signature
When consistent with the signature that prestores, receive the connection request, connected to be established with the requesting party.
8. a kind of request response system based on TrustZone according to claim 7, which is characterized in that the request
Response system further includes:
Miscue module, for when determining the verification signature and the signature that prestores is inconsistent, returning to authentication error
It is prompted to the requesting party, and the verification sending module sends the signature verification request to the requesting party again;
Further include:The contact address of administrator is obtained in registration form, and sends abnormal connection prompt to the contact address,
The registration form is stored in the memory of the network equipments such as the router or smart home, wherein in registration form
Obtain administrator contact address the step of include:
Step 1:The management weight of each user is obtained in the registration form, and will manage the highest user of weight as institute
State administrator;
Step 2:The pre-stored address that the management highest user of weight is obtained in the registration form, using as the contact
Address.
9. a kind of request response system based on TrustZone according to claim 8, which is characterized in that the routing
The network equipments such as device or smart home include a touch screen for being used for human-computer interaction, and are recorded into row information by data input module
Enter, when asking response system to receive data input request, recalls information recording module;
When asking response system to enter signature typing subprogram, obtains and store the input by user of the touch screen induction
Interaction signature;
When asking response system to enter address typing subprogram, the friendship input by user of the touch screen induction is obtained
Mutual address, and be deposited into the interactive address as the contact address of the user in the registration form;
When asking response system to enter weight typing subprogram, the power input by user of the touch screen induction is obtained
Weight ratio, and be deposited into the weight proportion as the management weight of the user in the registration form, weight is
To asking the capacity of water of response system configuration change.
10. a kind of request response system based on TrustZone according to claim 8, which is characterized in that further include weight
Set module:When asking response system to receive factory reset request, resetting module is called:It is carried for sending out data deletion
Wake up, with prompt the user whether delete described in prestore signature and the registration form in record data;When receive do not delete it is described
Prestore signature and it is described record data instruction when, by it is described prestore signature and the registration form backup upload onto the server, open
Dynamic factory reset program when the router or the completion factory reset of intelligent home network equipment and restarts
When, prestore from the server described in download signature and the registration form;When receive delete described in prestore signature and it is described
When recording the instruction of data, all record data in prestore described in deletion signature and the registration form.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810172815.6A CN108306892B (en) | 2018-03-01 | 2018-03-01 | TrustZone-based request response method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810172815.6A CN108306892B (en) | 2018-03-01 | 2018-03-01 | TrustZone-based request response method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108306892A true CN108306892A (en) | 2018-07-20 |
CN108306892B CN108306892B (en) | 2020-12-18 |
Family
ID=62849092
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810172815.6A Active CN108306892B (en) | 2018-03-01 | 2018-03-01 | TrustZone-based request response method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108306892B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115277781A (en) * | 2022-07-29 | 2022-11-01 | 京东方科技集团股份有限公司 | Proxy connection method and related equipment |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1831865A (en) * | 2006-04-24 | 2006-09-13 | 北京易恒信认证科技有限公司 | Electronic bank safety authorization system and method based on CPK |
CN102238193A (en) * | 2011-08-09 | 2011-11-09 | 深圳市德卡科技有限公司 | Data authentication method and system using same |
US20140004825A1 (en) * | 2012-06-29 | 2014-01-02 | Gyan Prakash | Mobile platform software update with secure authentication |
WO2017118437A1 (en) * | 2016-01-08 | 2017-07-13 | 腾讯科技(深圳)有限公司 | Service processing method, device, and system |
CN107247899A (en) * | 2017-05-22 | 2017-10-13 | 珠海格力电器股份有限公司 | A kind of role-security control method, device and safety chip based on security engine |
-
2018
- 2018-03-01 CN CN201810172815.6A patent/CN108306892B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1831865A (en) * | 2006-04-24 | 2006-09-13 | 北京易恒信认证科技有限公司 | Electronic bank safety authorization system and method based on CPK |
CN102238193A (en) * | 2011-08-09 | 2011-11-09 | 深圳市德卡科技有限公司 | Data authentication method and system using same |
US20140004825A1 (en) * | 2012-06-29 | 2014-01-02 | Gyan Prakash | Mobile platform software update with secure authentication |
WO2017118437A1 (en) * | 2016-01-08 | 2017-07-13 | 腾讯科技(深圳)有限公司 | Service processing method, device, and system |
CN107247899A (en) * | 2017-05-22 | 2017-10-13 | 珠海格力电器股份有限公司 | A kind of role-security control method, device and safety chip based on security engine |
Non-Patent Citations (2)
Title |
---|
CHEN CHEN ; FEI XIAO: "Designing and implementing Embedded Security Terminal under the Trustzone Technology of Trusted Computing", 《2010 INTERNATIONAL CONFERENCE ON COMPUTER AND COMMUNICATION TECHNOLOGIES IN AGRICULTURE ENGINEERING》 * |
杨波,冯登国,秦宇,张英骏: "基于TrustZone的可信移动终端云服务安全接入方案", 《软件学报》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115277781A (en) * | 2022-07-29 | 2022-11-01 | 京东方科技集团股份有限公司 | Proxy connection method and related equipment |
Also Published As
Publication number | Publication date |
---|---|
CN108306892B (en) | 2020-12-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7770002B2 (en) | Multi-factor authentication | |
CN100568212C (en) | Shielding system and partition method | |
CN108989346B (en) | Third-party valid identity escrow agile authentication access method based on account hiding | |
CN110719203B (en) | Operation control method, device and equipment of intelligent household equipment and storage medium | |
CN105207780B (en) | A kind of certification user method and device | |
CN103336924A (en) | Starting lock for mobile terminal application program | |
CN105450405B (en) | A kind of setting of password and authentication method and system | |
CN106372487A (en) | Method and system for enhancing trust of server operating system | |
CN103188241A (en) | User account management method based on mobile intelligent terminal number | |
CN111433770A (en) | User-selected key authentication | |
CN108335105A (en) | Data processing method and relevant device | |
CN110278092A (en) | Router long-range control method and system based on MQTT agreement | |
CN109981677A (en) | A kind of credit management method and device | |
KR101087698B1 (en) | Method for authenticating security of smart-phone | |
CN110278182A (en) | Information processing system, information processing unit, information processing method and recording medium | |
CN111405550B (en) | WhatsApp key file extraction method and WhatsApp key file extraction equipment | |
CN108306892A (en) | A kind of request responding method and system based on TrustZone | |
JP6325654B2 (en) | Network service providing apparatus, network service providing method, and program | |
CN109218318A (en) | A kind of things-internet gateway login detecting method based on equipment knowledge | |
CN111343193B (en) | Cloud network port security protection method and device, electronic equipment and storage medium | |
WO2020073750A1 (en) | Terminal attack defense method, apparatus, terminal, and cloud server | |
JP5243360B2 (en) | Thin client connection management system and thin client connection management method | |
CN106203081A (en) | A kind of safety protecting method and device | |
KR20040000713A (en) | User authentication apparatus and method using internet domain information | |
CN110430211A (en) | A kind of virtualization cloud desktop system and operating method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |