CN108306892A - A kind of request responding method and system based on TrustZone - Google Patents

A kind of request responding method and system based on TrustZone Download PDF

Info

Publication number
CN108306892A
CN108306892A CN201810172815.6A CN201810172815A CN108306892A CN 108306892 A CN108306892 A CN 108306892A CN 201810172815 A CN201810172815 A CN 201810172815A CN 108306892 A CN108306892 A CN 108306892A
Authority
CN
China
Prior art keywords
signature
request
trustzone
registration form
response system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810172815.6A
Other languages
Chinese (zh)
Other versions
CN108306892B (en
Inventor
杜瑞颖
张进
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University WHU
Original Assignee
Wuhan University WHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University WHU filed Critical Wuhan University WHU
Priority to CN201810172815.6A priority Critical patent/CN108306892B/en
Publication of CN108306892A publication Critical patent/CN108306892A/en
Application granted granted Critical
Publication of CN108306892B publication Critical patent/CN108306892B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/03Arrangements for converting the position or the displacement of a member into a coded form
    • G06F3/041Digitisers, e.g. for touch screens or touch pads, characterised by the transducing means
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of request responding method and system based on TrustZone, are to be combined together the method for TrustZone technologies and signature verification, and when receiving the first connection request of requesting party's transmission, signature verification request is sent to the requesting party;The verification signature of requesting party's response is received, and judges whether the verification signature is consistent with the prestoring signature that is stored in the safety zones TrustZone;If so, receiving the connection request, connected to be established with the requesting party.The present invention is especially suitable for the network equipments such as router or smart home, are required by the method for signature verification to judge whether requesting party meets access, compared to single password authentification, the difficulty being cracked greatly increases;In addition combined with the technical characterstic of TrustZone, the signature that will prestore is stored in the safety zone of TrustZone, even more greatly improves the safety of whole system.

Description

A kind of request responding method and system based on TrustZone
Technical field
The invention belongs to technical field of network security more particularly to a kind of request responding method based on TrustZone and System.
Background technology
With the development of the communication technology, information exchange means are increasingly diversified, and Internet era has been stepped into the whole world.Routing The network equipments such as device or smart home are widely used in each place such as family, factory, office building, hospital, school.It is same with this When, network security is increasingly becoming general public's positive regard and the topic of discussion.Whether network directly influences safely network Normal operation, notably will also lead to the loss of privacy of user, property etc..
However, in the prior art, the network equipments such as router or smart home used at present fail correctly to set mostly Protection of Network Security mechanism is set, safety is poor, because itself is again as the important node in network, leads to this kind of network equipment It is easy to start malicious attack by network attack person.Attacker cracked by Network Sniffing, exhaustion or the modes such as social engineering i.e. The access pin of router or smart home device can be obtained, then logining equipment using the password carries out corresponding destruction row For.
TrustZone technologies are the safety methods in the system scope that ARM companies propose, by closely collecting with processor At, and be extended in whole system by specific bus and specific TrustZone systems IP.The method can be effective The peripheral hardwares such as secure memory, cryptographic block, keyboard and display screen are protected on ground, so that it is guaranteed that they are from software attacks.Existing routing The networks knot equipment such as device or smart home is equipped with the arm processor for supporting TrustZone technologies mostly, makes full use of The security advantages of TrustZone undoubtedly will greatly enhance the safety of total system, be brought for individual subscriber privacy and property More strong protection.
Invention content
Based on this, the present invention provides a kind of request responding method and system based on TrustZone, by TrustZone Technology and the method for signature verification are combined together, to improve the safety of the network equipments such as router or smart home.
A kind of request responding method based on TrustZone according to the ... of the embodiment of the present invention is applied to router or intelligence The network equipments such as household, including:
When asking response system to receive the first connection request of requesting party's transmission, sends signature to the requesting party and test Card request;Receive the verification signature of requesting party's response, and judge verification signature whether be stored in request response and be The signature that prestores in the safety zones system TrustZone is consistent;If consistent, receive the connection request, so as to the requesting party Establish connection.
In a kind of above-mentioned request responding method based on TrustZone, it is described judge the verification signature whether with It is stored in after the consistent step of signature that prestores in the safety zones request response system TrustZone, further includes:
If verification signature and the signature that prestores being stored in the safety zones request response system TrustZone are inconsistent, It then returns to authentication error and is prompted to the requesting party, and return to the step of execution sends signature verification request to the requesting party.
In a kind of above-mentioned request responding method based on TrustZone, it is described judge the verification signature whether with It is stored in after the consistent step of signature that prestores in the safety zones request response system TrustZone, further includes:
The contact address of administrator is obtained in registration form, and sends abnormal connection prompt, institute to the contact address Registration form is stated to be stored in the router or the memory of intelligent home network equipment.
It is described to obtain administrator's in registration form in a kind of above-mentioned request responding method based on TrustZone The step of contact address includes:
Step 1:The management weight of each user is obtained in the registration form, and will be managed the highest user of weight and be made For the administrator;
Step 2:The pre-stored address that the management highest user of weight is obtained in the registration form, using as described Contact address.
In a kind of above-mentioned request responding method based on TrustZone, further include:
When asking response system to receive data input request, recalls information recording program;
When asking response system to enter signature typing subprogram, obtains and the user for storing the touch screen induction is defeated The interaction signature entered;
When asking response system to enter address typing subprogram, the user input of the touch screen induction is obtained Interaction address, and be deposited into the interactive address as the contact address of the user in the registration form;
When asked response system enters weight typing subprogram, the user for obtaining the touch screen induction is defeated The weight proportion entered, and be deposited into the weight proportion as the management weight of the user in the registration form.
In a kind of above-mentioned request responding method based on TrustZone, further include:
When asking response system to receive factory reset request, sends out data and delete prompting, to prompt user to be Record data in signature and the registration form of prestoring described in no deletion;Signature and the note of prestoring is not deleted when receiving Record data instruction when, by it is described prestore signature and the registration form backup upload onto the server, start factory reset journey Sequence, when the router or intelligent home network equipment complete factory reset and restart, from the server Prestore signature and the registration form described in download;When receiving the instruction of prestore described in deletion signature and the record data, All record data in signature and the registration form of prestoring described in deletion.
A kind of request response system based on TrustZone is applied to the network equipments such as router or smart home, special Sign is, including:
Sending module is verified, for when receiving the first connection request of requesting party's transmission, being sent to the requesting party Signature verification request;Signature judgment module, the verification for receiving requesting party's response are signed, and judge the verification signature It is whether consistent with the prestoring signature that is stored in the safety zones TrustZone;Ask respond module, for determining the verification When signature is consistent with the signature that prestores, receives the connection request, connected to be established with the requesting party.
In a kind of above-mentioned request response system based on TrustZone, the request response system further includes:
Miscue module, for when determining the verification signature and the signature that prestores is inconsistent, returning to verification The requesting party is given in miscue, and the verification sending module sends the signature verification request to the requesting party again.
Further include:The contact address of administrator is obtained in registration form, and sends abnormal connection to the contact address Prompt, the registration form are stored in the memory of the network equipments such as the router or smart home, wherein from registration form The step of contact address of acquisition administrator includes in the middle:
Step 1:The management weight of each user is obtained in the registration form, and will be managed the highest user of weight and be made For the administrator;
Step 2:The pre-stored address that the management highest user of weight is obtained in the registration form, using as described Contact address.
In a kind of above-mentioned request response system based on TrustZone, the networks such as the router or smart home are set Standby includes a touch screen for being used for human-computer interaction, and carries out data input by data input module, when request response system connects When receiving data input request, recalls information recording module;
When asking response system to enter signature typing subprogram, obtains and the user for storing the touch screen induction is defeated The interaction signature entered;
When asking response system to enter address typing subprogram, the user input of the touch screen induction is obtained Interaction address, and be deposited into the interactive address as the contact address of the user in the registration form;
When asking response system to enter weight typing subprogram, the user input of the touch screen induction is obtained Weight proportion, and be deposited into the registration form, weigh using the weight proportion as the management weight of the user Weight is the capacity of water to asking response system configuration change.
Further include resetting module in a kind of above-mentioned request response system based on TrustZone:When request response system When receiving factory reset request, resetting module is called:Prompting is deleted for sending out data, to prompt the user whether to delete Record data in prestore signature and the registration form;Signature and the record data of prestoring are not deleted when receiving Instruction when, by it is described prestore signature and the registration form backup upload onto the server, start factory reset program, work as institute When stating router or the completion factory reset of intelligent home network equipment and restarting, from the server described in download Prestore signature and the registration form;When receiving the instruction of prestore described in deletion signature and the record data, described in deletion All record data in signature and the registration form of prestoring.
Therefore, the request responding method and system based on TrustZone, are judged by the method for signature verification Whether requesting party, which meets access, requires, and compared to single password authentification, the difficulty being cracked greatly increases;In addition combined with The technical characterstic of TrustZone, the signature that will prestore are stored in the safety zone of TrustZone, are even more greatly improved entire The safety of system.
Description of the drawings
Fig. 1 is the flow chart of the request responding method in first embodiment of the invention.
Fig. 2 is the flow chart of the request responding method in second embodiment of the invention.
Fig. 3 is the specific implementation flow chart of step B5 in Fig. 2.
Fig. 4 is the flow chart of the interactive information typing in second embodiment of the invention.
Fig. 5 is the flow chart of the factory reset in second embodiment of the invention.
Fig. 6 is the structural schematic diagram of the request response system in third embodiment of the invention.
Specific implementation mode
To facilitate the understanding of the present invention, below with reference to relevant drawings to invention is more fully described.In attached drawing Give several embodiments of the present invention.But the present invention can realize in many different forms, however it is not limited to this paper institutes The embodiment of description.On the contrary, purpose of providing these embodiments is make it is more thorough and comprehensive to the disclosure.
In attached drawing, main element symbol description:
Detailed description below will be further illustrated the present invention in conjunction with above-mentioned attached drawing.
Referring to Fig. 1, showing the request responding method in first embodiment of the invention, it is applied to router or intelligent family The network equipments such as residence, including step A1 to step A3.
Step A1:When receiving the first connection request of requesting party's transmission, sends signature verification to the requesting party and ask It asks.
It should be understood that when requesting party's (such as mobile phone, tablet) found in wireless network list corresponding router or The SSID of smart home, and when requiring to be connected to the router or smart home by way of inputting password, the request in addition Side will send connection request to the network equipments such as the router or smart home, if the requesting party was before this from being not connected with or connected Relationship (the SSID access pins of such as router or smart home are changed) changes, and connection request at this time is as first Connection request.
In addition, when requesting party receives signature verification request, signature verification program, and automatic spring signature circle will be executed Face (the signature interface in such as POS machine) is signed so that user inputs, and after user inputs signature, requesting party interacts user defeated The verification signature entered is sent to the network equipments such as the router or smart home.
Step A2:Receive the verification signature of requesting party's response, and judge the verification sign whether be stored in The signature that prestores in the safety zones TrustZone is consistent.
It should be pointed out that when inputting signature, signature background is typically white background, and the signature inputted will project to In background of signing, to form the signature picture of white gravoply, with black engraved characters, therefore above-mentioned verification signature and the signature that prestores is with the shape of picture Formula is stored in the safety zone of TrustZone.
Wherein, described to judge whether the verification signature is consistent with the prestoring signature that is stored in the safety zones TrustZone The step of can follow the steps below specific implementation:First according to the difference of pixel value, interception verification is signed and is stored in The signature to prestore on signature in the safety zones TrustZone, and matched in character library, to respectively obtain in verification signature Character/number and prestore signature in character/number, then judge the two it is whether identical.
Wherein, when determining the verification signature and the signature that prestores is consistent, then the step A3 is executed, judgement is worked as When to verification signature and the inconsistent signature that prestores, requesting party's authentication error is represented, there is presently no qualification connections should The network equipments such as router or smart home.
Step A3:Receive the connection request, is connected with being established with the requesting party.
To sum up, the request responding method based on TrustZone in the above embodiment of the present invention, when receiving requesting party When the connection request sent for the first time, the address of the requesting party is obtained in the connection request, and to the communication Address sends signature verification, to prompt the requesting party to input signature, while when receiving the signature of requesting party's input, Judge whether the signature is stored in the safety zone of TrustZone, only when being stored with the signature in the safety zone of TrustZone And just agree to that the requesting party accesses connection when signing consistent.Therefore, the request responding method based on TrustZone and it is System is required to judge whether requesting party meets access by the method for signature verification, compared to single password authentification, is broken The difficulty of solution greatly increases;In addition combined with the technical characterstic of TrustZone, the signature that prestores is stored in the safety of TrustZone In area, the safety of whole system is even more greatly improved.
Referring to Fig. 2, showing the request responding method based on TrustZone in second embodiment of the invention, apply In the network equipments such as router or smart home, the network equipments such as the router or smart home include one for human-computer interaction Touch screen, the request responding method includes step B1 to step B5.
Step B1:When receiving the first connection request of requesting party's transmission, sends signature verification to the requesting party and ask It asks.
Step B2:Receive the verification signature of requesting party's response, and judge the verification sign whether be stored in The signature that prestores in the safety zones TrustZone is consistent.
Wherein, when determining the verification signature and the signature that prestores is consistent, then the step B3 is executed, judgement is worked as When not consistent with the signature that prestores to verification signature, then the step B4 is executed.
Step B3:Receive the connection request, is connected to be established with the requesting party.
It should be pointed out that when the network equipments such as router or smart home receive the first connection request of the requesting party Afterwards, the follow-up requesting party will connect the network equipments such as the router or smart home automatically.
Step B4:It returns to authentication error and is prompted to the requesting party, and it is described to address transmission to return to execution The step of signature verification.
It should be understood that when determining the verification signature and the signature that prestores is inconsistent, requesting party's input is represented Signature it is incorrect, requesting party will obtain error prompting at this time, and will pop up again signature interface, so that user inputs label again Name, to carry out signature verification again.
Step B5:The contact address of administrator is obtained in registration form, and sends abnormal connection to the contact address Prompt, the registration form are stored in the memory of the network equipments such as the router or smart home.
Wherein, the contact address can be that cell-phone number, mailbox, QQ number, WeChat ID etc. at least one of be worked as, and these Address and the above-mentioned signature that prestores can be preset, and specifically default step can be according to the flow of following interactive information typings Step executes.
Fig. 3 is please referred to, the specific implementation flow chart of step B5, including step B5.1 to step B5.2 are shown.
Step B5.1:The management weight of each user is obtained in the registration form, and will manage the highest use of weight Family is as the administrator.
Step B5.2:Obtained in the registration form it is described management the highest user of weight pre-stored address, using as The contact address.
Fig. 4 is please referred to, the tool of the typing interactive information in the network equipments such as the router or smart home is shown Body flow chart, including step C1 to step C4.
Step C1:When receiving data input request, recalls information recording program.
In the specific implementation, setting information typing it can start icon on the network equipments such as router or smart home, And it includes being opened on the touch screen when user clicks the data input by the touch screen that the data input, which is started icon, When cardon mark, the network equipments such as the router or smart home will receive data input request, and call automatically and execute this Data input program.
Step C2:When entering signature typing subprogram, obtains and store the input by user of the touch screen induction Interaction signature.
Step C3:When entering address typing subprogram, the friendship input by user of the touch screen induction is obtained Mutual address, and be deposited into the interactive address as the contact address of the user in the registration form.
Step C4:When entering weight typing subprogram, the power input by user of the touch screen induction is obtained Weight ratio, and be deposited into the weight proportion as the management weight of the user in the registration form.
It may be noted that when, when system often enters a data input subprogram, will all provide corresponding input prompt And input interface.
Fig. 5 is please referred to, the detailed process of the network equipments factory reset such as the router or smart home is shown Figure, including step D1 to step D4.
Step D1:When receiving factory reset request, sends out data and delete prompting, to prompt the user whether to delete Record data in prestore signature and the registration form.
Step D2:When receiving the instruction for not deleting prestore signature and the record data, by the label that prestore Name and registration form backup are uploaded onto the server.
Step D3:Start factory reset program.
Step D4:When the network equipments such as the router or smart home complete factory reset and restart, Prestore signature and the registration form described in being downloaded from the server.
It should be pointed out that in order to further increase the safety of the network equipments such as router or smart home, Ke Yi Judge verification signature whether be stored in the consistent step of signature that prestores of the safety zones TrustZone, figure can be passed through Comparative analysis technology further judges that the character/number in verification signature is on font with the character/number in the signature that prestores It is no identical.
Another aspect of the present invention also provides a kind of request response system based on TrustZone, please refers to Fig. 6, show Request response system in third embodiment of the invention, the request response system are applied to the networks such as router or smart home In equipment, the request response system includes:
Sending module M1 is verified, for when receiving the first connection request of requesting party's transmission, being sent out to the requesting party Send signature verification request;
Sign judgment module M2, and the verification for receiving requesting party's response is signed, and judges that the verification signature is It is no consistent with the signature that prestores that is being stored in the safety zones TrustZone;
Ask respond module M3, for determine verification signature it is consistent with the signature that prestores when, described in receiving Connection request connects to be established with the requesting party.
Further, the request response system further includes:
Miscue module M4, for when determining the verification signature and the signature that prestores is inconsistent, return to be tested Miscue is demonstrate,proved to the requesting party, and the verification sending module sends the signature verification to the requesting party again and asks It asks.
Further, the request response system further includes:
Abnormal prompt module M5, the contact address for obtaining administrator in registration form, and to the contact address Abnormal connection prompt is sent, the registration form is stored in the memory of the network equipments such as the router or smart home.
Further, the abnormal prompt module M5 includes:
First acquisition unit M51, the management weight for obtaining each user in the registration form, and by administrative power The highest user of weight is as the administrator;
Second acquisition unit M52 obtains the pre-stored address of the management highest user of weight in the registration form, Using as the contact address.
Further, the network equipments such as the router or smart home include a touch screen for being used for human-computer interaction, institute Stating request response system further includes:
Routine call module M6, for when receive data input request when, recalls information recording program;
Sign acquisition module M7, when entering signature typing subprogram, obtains and store the use of the touch screen induction The interaction signature of family input;
Address acquisition module M8 obtains the user of the touch screen induction when entering address typing subprogram The interaction address of input, and the interactive address is deposited into the registration form as the contact address of the user and is worked as In;
Weight Acquisition module M9 obtains the user of the touch screen induction when entering weight typing subprogram The weight proportion of input, and the weight proportion is deposited into the registration form as the management weight of the user and is worked as In.
Further, the request response system further includes:
Reminding module M10 is deleted, for when receiving factory reset request, sending out data and deleting prompting, to carry Show whether user deletes the record data in prestore signature and the registration form;
Data uploading module M11, for when receiving the instruction for not deleting prestore signature and the record data, By it is described prestore signature and the registration form backup upload onto the server;
Program starting module M12, for starting factory reset program;
Data download module M13, for completing factory reset when network equipments such as the router or smart homes And when restarting, prestore from the server described in download signature and the registration form.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not Centainly refer to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be any One or more embodiments or example in can be combined in any suitable manner.
Several embodiments of the invention above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously Cannot the limitation to the scope of the claims of the present invention therefore be interpreted as.It should be pointed out that for those of ordinary skill in the art For, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to the guarantor of the present invention Protect range.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.

Claims (10)

1. a kind of request responding method based on TrustZone, which is characterized in that including:
When asking response system to receive the first connection request of requesting party's transmission, sends signature verification to the requesting party and ask It asks;Receive the verification signature of requesting party's response, and judge the verification sign whether be stored in request response system The signature that prestores in the safety zones TrustZone is consistent;If consistent, receive the connection request, to be built with the requesting party Vertical connection.
2. a kind of request responding method based on TrustZone according to claim 1, which is characterized in that sentence described The disconnected verification signature whether be stored in the safety zones request response system TrustZone prestoring the consistent step of signature it Afterwards, further include:
If verification signature and the signature that prestores being stored in the safety zones request response system TrustZone are inconsistent, return It returns authentication error and is prompted to the requesting party, and return to the step of execution sends signature verification request to the requesting party.
3. a kind of request responding method based on TrustZone according to claim 1, which is characterized in that sentence described The disconnected verification signature whether be stored in the safety zones request response system TrustZone prestoring the consistent step of signature it Afterwards, further include:
The contact address of administrator is obtained in registration form, and sends abnormal connection prompt to the contact address, it is described to step on Note table is stored in the router or the memory of intelligent home network equipment.
4. a kind of request responding method based on TrustZone according to claim 3, which is characterized in that described from stepping on The step of contact address of acquisition administrator, includes in note table:
Step 1:The management weight of each user is obtained in the registration form, and will manage the highest user of weight as institute State administrator;
Step 2:The pre-stored address that the management highest user of weight is obtained in the registration form, using as the contact Address.
5. a kind of request responding method based on TrustZone according to claim 4, which is characterized in that further include:
When asking response system to receive data input request, recalls information recording program;
When asking response system to enter signature typing subprogram, obtains and store the input by user of the touch screen induction Interaction signature;
When asking response system to enter address typing subprogram, the friendship input by user of the touch screen induction is obtained Mutual address, and be deposited into the interactive address as the contact address of the user in the registration form;
When asked response system enters weight typing subprogram, the described input by user of the touch screen induction is obtained Weight proportion, and be deposited into the weight proportion as the management weight of the user in the registration form.
6. a kind of request responding method based on TrustZone according to claim 4, which is characterized in that further include:
When asking response system to receive factory reset request, sends out data and delete prompting, to prompt the user whether to delete Except the record data in prestore signature and the registration form;Signature and the record number of prestoring is not deleted when receiving According to instruction when, by it is described prestore signature and the registration form backup upload onto the server, start factory reset program, when When the router or intelligent home network equipment are completed factory reset and restarted, institute is downloaded from the server State prestore signature and the registration form;When receiving the instruction of prestore described in deletion signature and the record data, institute is deleted State all record data in prestoring signature and the registration form.
7. a kind of request response system based on TrustZone is applied to the network equipments such as router or smart home, feature It is, including:
Sending module is verified, for when receiving the first connection request of requesting party's transmission, sending and signing to the requesting party Checking request;Signature judgment module, the verification for receiving requesting party's response are signed, and whether judge the verification signature Signature is prestored with being stored in the safety zones TrustZone unanimously;Ask respond module, for determining the verification signature When consistent with the signature that prestores, receive the connection request, connected to be established with the requesting party.
8. a kind of request response system based on TrustZone according to claim 7, which is characterized in that the request Response system further includes:
Miscue module, for when determining the verification signature and the signature that prestores is inconsistent, returning to authentication error It is prompted to the requesting party, and the verification sending module sends the signature verification request to the requesting party again;
Further include:The contact address of administrator is obtained in registration form, and sends abnormal connection prompt to the contact address, The registration form is stored in the memory of the network equipments such as the router or smart home, wherein in registration form Obtain administrator contact address the step of include:
Step 1:The management weight of each user is obtained in the registration form, and will manage the highest user of weight as institute State administrator;
Step 2:The pre-stored address that the management highest user of weight is obtained in the registration form, using as the contact Address.
9. a kind of request response system based on TrustZone according to claim 8, which is characterized in that the routing The network equipments such as device or smart home include a touch screen for being used for human-computer interaction, and are recorded into row information by data input module Enter, when asking response system to receive data input request, recalls information recording module;
When asking response system to enter signature typing subprogram, obtains and store the input by user of the touch screen induction Interaction signature;
When asking response system to enter address typing subprogram, the friendship input by user of the touch screen induction is obtained Mutual address, and be deposited into the interactive address as the contact address of the user in the registration form;
When asking response system to enter weight typing subprogram, the power input by user of the touch screen induction is obtained Weight ratio, and be deposited into the weight proportion as the management weight of the user in the registration form, weight is To asking the capacity of water of response system configuration change.
10. a kind of request response system based on TrustZone according to claim 8, which is characterized in that further include weight Set module:When asking response system to receive factory reset request, resetting module is called:It is carried for sending out data deletion Wake up, with prompt the user whether delete described in prestore signature and the registration form in record data;When receive do not delete it is described Prestore signature and it is described record data instruction when, by it is described prestore signature and the registration form backup upload onto the server, open Dynamic factory reset program when the router or the completion factory reset of intelligent home network equipment and restarts When, prestore from the server described in download signature and the registration form;When receive delete described in prestore signature and it is described When recording the instruction of data, all record data in prestore described in deletion signature and the registration form.
CN201810172815.6A 2018-03-01 2018-03-01 TrustZone-based request response method and system Active CN108306892B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810172815.6A CN108306892B (en) 2018-03-01 2018-03-01 TrustZone-based request response method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810172815.6A CN108306892B (en) 2018-03-01 2018-03-01 TrustZone-based request response method and system

Publications (2)

Publication Number Publication Date
CN108306892A true CN108306892A (en) 2018-07-20
CN108306892B CN108306892B (en) 2020-12-18

Family

ID=62849092

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810172815.6A Active CN108306892B (en) 2018-03-01 2018-03-01 TrustZone-based request response method and system

Country Status (1)

Country Link
CN (1) CN108306892B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115277781A (en) * 2022-07-29 2022-11-01 京东方科技集团股份有限公司 Proxy connection method and related equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1831865A (en) * 2006-04-24 2006-09-13 北京易恒信认证科技有限公司 Electronic bank safety authorization system and method based on CPK
CN102238193A (en) * 2011-08-09 2011-11-09 深圳市德卡科技有限公司 Data authentication method and system using same
US20140004825A1 (en) * 2012-06-29 2014-01-02 Gyan Prakash Mobile platform software update with secure authentication
WO2017118437A1 (en) * 2016-01-08 2017-07-13 腾讯科技(深圳)有限公司 Service processing method, device, and system
CN107247899A (en) * 2017-05-22 2017-10-13 珠海格力电器股份有限公司 A kind of role-security control method, device and safety chip based on security engine

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1831865A (en) * 2006-04-24 2006-09-13 北京易恒信认证科技有限公司 Electronic bank safety authorization system and method based on CPK
CN102238193A (en) * 2011-08-09 2011-11-09 深圳市德卡科技有限公司 Data authentication method and system using same
US20140004825A1 (en) * 2012-06-29 2014-01-02 Gyan Prakash Mobile platform software update with secure authentication
WO2017118437A1 (en) * 2016-01-08 2017-07-13 腾讯科技(深圳)有限公司 Service processing method, device, and system
CN107247899A (en) * 2017-05-22 2017-10-13 珠海格力电器股份有限公司 A kind of role-security control method, device and safety chip based on security engine

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
CHEN CHEN ; FEI XIAO: "Designing and implementing Embedded Security Terminal under the Trustzone Technology of Trusted Computing", 《2010 INTERNATIONAL CONFERENCE ON COMPUTER AND COMMUNICATION TECHNOLOGIES IN AGRICULTURE ENGINEERING》 *
杨波,冯登国,秦宇,张英骏: "基于TrustZone的可信移动终端云服务安全接入方案", 《软件学报》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115277781A (en) * 2022-07-29 2022-11-01 京东方科技集团股份有限公司 Proxy connection method and related equipment

Also Published As

Publication number Publication date
CN108306892B (en) 2020-12-18

Similar Documents

Publication Publication Date Title
US7770002B2 (en) Multi-factor authentication
CN100568212C (en) Shielding system and partition method
CN108989346B (en) Third-party valid identity escrow agile authentication access method based on account hiding
CN110719203B (en) Operation control method, device and equipment of intelligent household equipment and storage medium
CN105207780B (en) A kind of certification user method and device
CN103336924A (en) Starting lock for mobile terminal application program
CN105450405B (en) A kind of setting of password and authentication method and system
CN106372487A (en) Method and system for enhancing trust of server operating system
CN103188241A (en) User account management method based on mobile intelligent terminal number
CN111433770A (en) User-selected key authentication
CN108335105A (en) Data processing method and relevant device
CN110278092A (en) Router long-range control method and system based on MQTT agreement
CN109981677A (en) A kind of credit management method and device
KR101087698B1 (en) Method for authenticating security of smart-phone
CN110278182A (en) Information processing system, information processing unit, information processing method and recording medium
CN111405550B (en) WhatsApp key file extraction method and WhatsApp key file extraction equipment
CN108306892A (en) A kind of request responding method and system based on TrustZone
JP6325654B2 (en) Network service providing apparatus, network service providing method, and program
CN109218318A (en) A kind of things-internet gateway login detecting method based on equipment knowledge
CN111343193B (en) Cloud network port security protection method and device, electronic equipment and storage medium
WO2020073750A1 (en) Terminal attack defense method, apparatus, terminal, and cloud server
JP5243360B2 (en) Thin client connection management system and thin client connection management method
CN106203081A (en) A kind of safety protecting method and device
KR20040000713A (en) User authentication apparatus and method using internet domain information
CN110430211A (en) A kind of virtualization cloud desktop system and operating method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant