CN111625829A

CN111625829A - Application activation method and device based on trusted execution environment

Info

Publication number: CN111625829A
Application number: CN201910145498.3A
Authority: CN
Inventors: 黄腾; 成亮; 李海东
Original assignee: Alibaba Group Holding Ltd
Current assignee: Alibaba Group Holding Ltd
Priority date: 2019-02-27
Filing date: 2019-02-27
Publication date: 2020-09-04
Also published as: TW202109320A; WO2020173332A1

Abstract

The invention discloses an activation method of a trusted execution environment, wherein the trusted execution environment is deployed in a terminal device, and the method comprises the following steps: sending the terminal equipment identification to a server; receiving activation information returned by the server, wherein the activation information comprises an encrypted trusted identity, a trusted key and an activation code, the trusted identity and the trusted key correspond to a terminal equipment identifier, and the activation code is generated according to the terminal equipment identifier; decrypting the activation information to obtain a trusted identity, a trusted key and an activation code; and encrypting and storing the trusted identity, the trusted key and the activation code into a secure storage space. The invention also discloses an activation verification method of the trusted execution environment, an application activation and activation verification method based on the trusted execution environment and corresponding devices.

Description

Application activation method and device based on trusted execution environment

Technical Field

The invention relates to the technical field of application security, in particular to an application activation method and device based on a trusted execution environment.

Background

After software is released, a way to prevent software from being cracked and stolen is needed to ensure the benefits of software developers themselves. Currently, software is usually protected by means of a registration code, that is, a user downloads and installs a trial version of software first, and then activates the software by applying for the registration code from a server. Then, when the user uses the software, the software reads the registration code file and judges whether the software is available according to the registration code file.

The above software activation scheme has some problems:

1. the registration code file is stored in the equipment without encryption, so that the registration code file can be copied to other equipment in a clear text manner, and software installed on other equipment is illegally cracked. In addition, the contents of the registration code file may be tampered with by the user to illegally extend the number of uses or the validity period of the software.

2. The registration code file is not bound with the equipment, so that the registration code file can be used in different equipment, and software installed on other equipment is illegally cracked.

3. During the process of transmitting the registration code to the device, the content of the registration code file is not encrypted, so that the registration code file is easy to monitor or forge.

Therefore, there is a need to provide a more secure method of software activation.

Disclosure of Invention

To this end, the present invention provides a trusted execution environment based application activation method and apparatus in an effort to solve or at least mitigate the above-identified problems.

According to a first aspect of the present invention, there is provided a method for activating a trusted execution environment, the trusted execution environment being deployed in a terminal device, the method comprising: sending the terminal equipment identification to a server; receiving activation information returned by a server, wherein the activation information comprises an encrypted trusted identity, a trusted key and an activation code, the trusted identity and the trusted key correspond to the terminal equipment identifier, and the activation code is generated according to the terminal equipment identifier; decrypting the activation information to obtain a trusted identity, a trusted key and an activation code; and encrypting and storing the trusted identity, the trusted key and the activation code into a secure storage space.

According to a second aspect of the present invention, there is provided a method for activating a trusted execution environment, the trusted execution environment being deployed in a terminal device, the method comprising: receiving a terminal equipment identifier sent by terminal equipment; generating a trusted identity identifier and a trusted key corresponding to the terminal equipment identifier, and generating an activation code according to the terminal equipment identifier; encrypting the trusted identity, a trusted key and an activation code to generate activation information; sending the activation information to the terminal device so that the terminal device: and decrypting the activation information to obtain a trusted identity, a trusted key and an activation code, and encrypting and storing the trusted identity, the trusted key and the activation code to a secure storage space.

According to a third aspect of the present invention, there is provided a method for verifying activation of a trusted execution environment, the method being performed in a trusted execution environment of a terminal device, the method comprising: acquiring a trusted identity, a trusted key and an activation code of a trusted execution environment, wherein the activation code comprises use authority information and verification information of the trusted execution environment, and the verification information comprises a ciphertext generated by encrypting the trusted identity, the use authority information and a terminal equipment identifier by using the trusted key; acquiring a terminal equipment identifier, and encrypting the trusted identity identifier, the use authority information and the terminal equipment identifier by adopting a trusted key to generate a first ciphertext; and if the first ciphertext is consistent with the verification information and the current use environment of the terminal equipment is matched with the use authority information, the trusted execution environment is activated successfully.

According to a fourth aspect of the present invention, there is provided an application activation method based on a trusted execution environment, where the trusted execution environment is deployed in a terminal device, the method including: sending the credible identity of the terminal equipment to a server: receiving registration information returned by a server, wherein the registration information comprises a registration code encrypted by a trusted key corresponding to the trusted identity, and the registration code is generated according to the trusted identity; decrypting the registration information by adopting a trusted key to obtain a registration code; and encrypting and storing the registration code to a secure storage space.

According to a fifth aspect of the present invention, there is provided an application activation method based on a trusted execution environment, the trusted execution environment being deployed in a terminal device, the method comprising: receiving a trusted identity sent by terminal equipment; generating a registration code according to the credible identity; encrypting the registration code by adopting a trusted key corresponding to the trusted identity to generate registration information; sending the registration information to the terminal device so that the terminal device: decrypting the registration information by adopting a trusted key to obtain a registration code; and encrypting and storing the registration code to a secure storage space.

According to a sixth aspect of the present invention, there is provided an application activation verification method based on a trusted execution environment, which is executed in the trusted execution environment of a terminal device, the method including: acquiring a trusted identity, a trusted key and a registration code of an application to be verified, wherein the registration code comprises use authority information and verification information, and the verification information is a ciphertext generated by encrypting the trusted identity and the use authority information by using the trusted key; encrypting the trusted identity and the use authority information by adopting the trusted key to generate a first ciphertext; and if the first ciphertext is consistent with the verification information, the registration code is sent to an application to be verified, so that the application can determine whether the activation is successful according to the fact that whether the current use environment is matched with the use authority information.

According to a seventh aspect of the present invention, there is provided a terminal device, on which a trusted execution environment is deployed, the trusted execution environment including an activation management application, the activation management application being adapted to execute the activation method of the trusted execution environment, the activation verification method of the trusted execution environment, the application activation method based on the trusted execution environment, and the application activation verification method based on the trusted execution environment as described above.

According to an eighth aspect of the present invention, there is provided a server comprising: at least one processor; and a memory storing program instructions, wherein the program instructions are configured to be adapted to be executed by the at least one processor, the program instructions comprising instructions for performing the trusted execution environment based activation method, the trusted execution environment based application activation method as described above.

According to a ninth aspect of the present invention, there is provided a trusted execution environment based application activation system, comprising: the terminal device as described above; and a server as described above.

The invention provides an application activation scheme based on a trusted execution environment. The trusted execution environment is an independent, trusted environment having an isolated hardware environment and an independent operating system that can be used to store, process, and protect sensitive data. In the technical scheme of the invention, firstly, the trusted execution environment in the terminal equipment is activated, and on the basis that the trusted execution environment is activated, the trusted execution environment can provide trusted application activation and activation verification services for other applications of the terminal equipment, thereby ensuring the safety of other applications. The activation code of the trusted execution environment and the registration code of the application are stored in the secure storage space through the trusted execution environment in an encrypted manner, and data in the secure storage space can only be read by the activation management application in the trusted execution environment, so that the activation code and the registration code of the application cannot be illegally acquired and tampered.

In the process of activating the trusted execution environment, the server generates a trusted identity and a trusted key of the terminal device. Subsequently, the trusted key is applied to an encrypted transmission process of the activation code of the trusted execution environment and the registration code of the application. The trusted key is transmitted only once in the terminal device and the server, that is, the server encrypts and transmits the generated trusted key to the terminal device only in the process of activating the trusted execution environment, and the trusted key is not transmitted any more in the subsequent process of activating the application based on the trusted execution environment. Therefore, the trusted key is only stored in the terminal device and the server, and even if other devices monitor the registration information transmitted between the terminal device and the server, the registration information cannot be decrypted to obtain the registration code because the trusted key cannot be obtained, so that the transmission security of the application registration code is further improved.

The activation code of the trusted execution environment and the registration code of the application are embedded with the trusted identity of the terminal device, so that the uniqueness and the non-replicability of the activation code and the registration code of each terminal device are ensured. If the activation code and the registration code are maliciously tampered, the activation verification of the trusted execution environment and the application of the terminal equipment fails. In addition, even if the activation code and the registration code are copied to other terminal devices, they cannot be used to activate trusted execution environments or applications of other terminal devices.

The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.

Drawings

To the accomplishment of the foregoing and related ends, certain illustrative aspects are described herein in connection with the following description and the annexed drawings, which are indicative of various ways in which the principles disclosed herein may be practiced, and all aspects and equivalents thereof are intended to be within the scope of the claimed subject matter. The above and other objects, features and advantages of the present disclosure will become more apparent from the following detailed description read in conjunction with the accompanying drawings. Throughout this disclosure, like reference numerals generally refer to like parts or elements.

FIG. 1 illustrates a schematic diagram of an activation system 100 for a trusted execution environment, according to one embodiment of the present invention;

FIG. 2 illustrates a schematic diagram of a trusted execution environment based application activation system 200, according to one embodiment of the present invention;

FIG. 3 shows a flow diagram of a method 300 (terminal device side) for activation of a trusted execution environment according to one embodiment of the present invention;

FIG. 4 illustrates a schematic diagram of an activation process of a trusted execution environment, according to one embodiment of the present invention;

FIG. 5 illustrates a flow diagram of a method 500 (server-side) for activation of a trusted execution environment, according to one embodiment of the present invention;

FIG. 6 illustrates a flow diagram of a method 600 for activation verification of a trusted execution environment, according to one embodiment of the present invention;

FIG. 7 illustrates a schematic diagram of an activation verification process for a trusted execution environment, according to one embodiment of the present invention;

FIG. 8 shows a flowchart of a trusted execution environment based application activation method 800 (terminal device side) according to one embodiment of the present invention;

FIG. 9 illustrates a diagram of a trusted execution environment based application activation process, according to one embodiment of the present invention;

FIG. 10 illustrates a flow diagram of a trusted execution environment based application activation method 1000 (service side) according to one embodiment of the invention;

FIG. 11 illustrates a flow diagram of a trusted execution environment based application activation verification method 1100 in accordance with one embodiment of the present invention; and

FIG. 12 illustrates a diagram of a trusted execution environment based application activation verification process, according to one embodiment of the invention.

Detailed Description

Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.

The invention provides an application activation scheme based on a trusted execution environment. In the technical scheme of the invention, firstly, the trusted execution environment in the terminal equipment is activated, and on the basis that the trusted execution environment is activated, the trusted execution environment can provide trusted application activation and activation verification services for other applications of the terminal equipment, thereby ensuring the safety of other applications.

FIG. 1 shows a schematic diagram of an activation system 100 for a trusted execution environment, according to one embodiment of the invention. As shown in fig. 1, the system 100 includes a terminal device 110 and a server 120. It should be noted that although the system 100 shown in fig. 1 only includes one terminal device 110 and one server 120, those skilled in the art will understand that in practice, the system 100 may include any number of terminal devices 110 and servers 120, and the present invention does not limit the number of terminal devices 110 and servers 120 included in the system 100.

The terminal device 110 may be implemented as any device, such as a mobile phone, a tablet computer, a smart wearable device, a smart home appliance, a vehicle machine, an unmanned aerial vehicle, or the like, but is not limited thereto. As shown in fig. 1, a Trusted Execution Environment (TEE) and a Rich Execution Environment (REE) are deployed in the terminal device 110. The trusted execution environment and the rich execution environment have mutually isolated hardware and independent operating systems, and are used for meeting the running requirements of applications with different security levels. The hardware isolation of the trusted execution environment from the rich execution environment can be realized by, but is not limited to, the security extension technology of ARM TrustZone or C-SKY, for example.

The operating system with the rich execution environment can be a general operating system such as an Android operating system, an iOS operating system, an RTOS real-time operating system and the like, and common applications with low requirements on security, such as instant messaging, photographing, weather inquiry and the like, can be run on the operating system. The operating system of the trusted execution environment is usually a closed, relatively simple-functioning, secure operating system on which trusted applications with high security requirements, such as fingerprint recognition, identity authentication, electronic payment, smart locks, etc., run. The trusted application in the trusted execution environment may be invoked by the normal application in the rich execution environment to implement the corresponding functionality. The trusted application may not directly communicate with the outside (e.g., server, other terminal device, user, etc.), but needs to use the normal application in the rich execution environment as a communication relay, i.e., the trusted application in the trusted execution environment communicates with the outside via the normal application in the rich execution environment.

The server 120 may be any device for providing the trusted execution environment online activation service to the terminal device 110, such as a physical server, or a computing instance deployed in a physical server, but is not limited thereto. The server 120 is configured to provide an online activation service of the trusted execution environment to the terminal device 110. Only after the trusted execution environment is activated can the terminal device 110 use the trusted execution environment to process and protect sensitive data.

In an embodiment of the invention, the trusted execution environment comprises an activation management application 112, the activation management application 112 communicating with the server 120 via an interface application 113 deployed in the rich execution environment for activating the trusted execution environment. Specifically, the activation management application 112 reads the terminal device identifier and sends the terminal device identifier to the server 120 via the interface application 113. The server 120 generates the activation code according to the terminal device identifier, generates a trusted identity identifier and a trusted key of the terminal device, and stores the trusted identity identifier and the trusted key in association with the terminal device identifier. The trusted identity is a character string that can represent the uniqueness of the device, is used for uniquely identifying the terminal device 110, and has security attributes of being not tampered, not forged and being globally unique. The trusted key is a string derived by a specific algorithm according to the trusted identity, and is used for encrypting key information related to the terminal device 110. The server 120 encrypts the trusted identity, the trusted key, and the activation code to generate activation information, and sends the activation information to the activation management application 112 via the interface application 113. The activation management application 112 decrypts the activation information to obtain the trusted identity, the trusted key, and the activation code, and then encrypts and stores the trusted identity, the trusted key, and the activation code in the secure storage space 111. The secure storage space 111 is a designated space for storing a file, and the file is encrypted by using a trusted key and then stored in the location. In embodiments of the present invention, the secure storage space 111 is accessible and only accessible by the activation management application 112. After the trusted identity, the trusted key and the activation code are stored in the secure storage space 111 in an encrypted manner, the activation of the trusted execution environment of the terminal device 110 is completed.

A generic application in the rich execution environment may invoke a trusted application in the trusted execution environment. When the trusted application is invoked, the invoked trusted application will further invoke the activation management application 112 to trigger activation verification of the trusted execution environment. The activation management application 112 reads the trusted identity, the trusted key, and the activation code from the secure storage space 111, verifies whether the trusted execution environment is successfully activated according to the trusted identity, the trusted key, and the activation code, and then returns a verification result to the trusted application called by the general application. And if the activation is verified to be successful, the called trusted application executes the calling of the common application and returns the calling result to the common application.

For example, as shown in FIG. 1, the first generic application 114 in the rich execution environment is a shopping application and the first trusted application 115 is an electronic payment application. When the user selects some goods in the first generic application 114 and needs to pay for the purchase, the first generic application 114 calls the first trusted application 115 to implement the electronic payment function. The first trusted application 115 is invoked to trigger the activation management application 112 to perform activation verification of the trusted execution environment. The activation management application 112 reads the trusted identity, the trusted key, and the activation code from the secure storage space 111, verifies whether the trusted execution environment is successfully activated according to the trusted identity, the trusted key, and the activation code, and returns a verification result to the first trusted application. If the activation is verified successfully, the first trusted application 115 executes the call of the first generic application 114 to implement the electronic payment function, and returns the call result (whether the payment is successful or not) to the first generic application 114.

Based on the activation of the trusted execution environment, the trusted execution environment may provide application activation and activation verification services to other applications of the terminal device 110, thereby ensuring the security of the other applications. FIG. 2 illustrates a schematic diagram of a trusted execution environment based application activation system 200, according to one embodiment of the present invention. As shown in fig. 2, the system 200 includes a terminal device 110 and a server 120, wherein a trusted execution environment and a rich execution environment are deployed in the terminal device 110, and a second common application 116 is deployed in the rich execution environment. On the basis that the trusted execution environment of the terminal device 110 has been activated, the second generic application 116 may be activated based on the trusted execution environment.

The server 120 further includes an application server 122 and an authentication server 124. The application server 122 is a server providing method and data call to the second general application 116, and may generate usage right information (e.g., validation time, expiration time, available times, etc.) for activating the second general application 116. The authentication server 124 is configured to verify the identity of the terminal device 110, generate verification information according to the usage right information, encrypt the usage right information and the verification information, and the like.

Specifically, the second generic application 116 triggers the activation management application 112 to verify whether the trusted execution environment is successfully activated, and in the case that the trusted execution environment is successfully activated, sends the trusted identity of the terminal device to the application server 122. The application server 122 sends the trusted identity to the authentication server 124. The authentication server 124 verifies the identity of the terminal device 110 and returns the verification result to the application server 122. In the case that the authentication server 124 passes the verification, the application server 122 generates the usage right information of the second general application 116 and transmits the usage right information to the authentication server 124. The authentication server 124 generates verification information according to the usage right information and the trusted identity, combines the usage right information and the verification information into a registration code, obtains a trusted key corresponding to the trusted identity, encrypts the registration code with the trusted key to generate registration information, and sends the encrypted registration information to the activation management application 112 via the application server 122 and the second common application 116 in sequence. The activation management application 112 obtains the trusted key from the secure storage space 111, decrypts the registration information with the trusted key to obtain a registration code, and encrypts and stores the registration code in the secure storage space 111. After the registration code is stored encrypted to the secure storage space 111, the activation of the second general application 116 is completed.

FIG. 3 illustrates a flow diagram of a method 300 for activation of a trusted execution environment, according to one embodiment of the present invention. The method 300 is performed in a trusted execution environment of a terminal device, such as the terminal device 110 described above, e.g., by an activation management application 112 in the trusted execution environment. As shown in fig. 3, the method 300 begins at step S310.

In step S310, the terminal device identifier is sent to the server.

The terminal device identifier is used for uniquely identifying one terminal device. Since the terminal device identification is unique, it may also be referred to as a device fingerprint. The terminal device identifier may be, for example, information such as a MAC (media access control) address, a CPU serial number, and a hard disk serial number of the terminal device, or a calculation result obtained by processing information such as the MAC address and the CPU serial number of the terminal device, but is not limited thereto. The invention does not limit the specific content of the terminal equipment identifier. According to one embodiment, the terminal device identification is obtained by calling a corresponding data interface, which is typically provided by the manufacturer of the terminal device.

In particular, step S310 is performed by an activation management application in the trusted execution environment. The activation management application 112 may not communicate directly with the server, but rather sends the terminal device identification to the server via the interface application 113 in the rich execution environment.

According to an embodiment, in addition to sending the terminal device identifier to the server, an authentication code may be generated according to the terminal device identifier, the authentication code is sent to the server together, so that the server verifies the authentication code, and after the authentication code passes verification, an activation code is generated according to the terminal device identifier.

According to an embodiment, the authentication code includes a preset key, a first ciphertext and a first mapping value, where the first ciphertext is a ciphertext generated by encrypting the session key and the terminal device identifier with the preset key, and the first mapping value is a value obtained by mapping the session key and the terminal device identifier with a preset mapping function. According to one embodiment, the preset key is one of the configuration information of the activation management application 112, and accordingly, the value of the preset key may be read from the configuration information of the activation management application. The session key is generated by the terminal device, for example, by the activation management application 112. According to one embodiment, when the activation management application 112 communicates with the server, the activation management application 112 generates a Token (Token) for the current communication, the Token including the preset key read from the configuration information and the generated session key. And determining the first ciphertext according to the preset key and the session key in the token, and further generating the authentication code. It will be understood by those skilled in the art that other information, such as the application identification of the activation management application 112, the version number of the activation management application 112, the use of the preset key, the type of the preset key, etc., may be included in the token besides the preset key and the session key, and the specific information included in the token is not limited by the present invention.

In addition, it should be noted that both the encryption algorithm used for generating the first ciphertext and the mapping function used for generating the first mapping value may be set by those skilled in the art, and the present invention is not limited thereto. For example, the encryption algorithm used to generate the first ciphertext may be an AES encryption algorithm, and the mapping function used to generate the first mapping value may be a hash algorithm, but is not limited thereto.

After the authentication code is generated, the authentication code and the terminal equipment identification are sent to the server side together, so that the server side can verify the authentication code, recover the session key from the authentication code, and ensure that the authentication code and the terminal equipment identification are not intercepted or maliciously tampered in the transmission process. According to one embodiment, the server may verify the authentication code according to the following method:

and reading the preset key from the authentication code, and decrypting the first ciphertext in the authentication code by adopting the preset key to obtain the session key and the terminal equipment identifier. And then, calculating a second mapping value of the session key and the terminal equipment identifier by adopting a preset mapping function, and if the second mapping value is consistent with the first mapping value in the authentication code, the authentication code passes the verification.

As will be understood by those skilled in the art, in order to enable the server to verify the authentication code, some algorithm parameters, such as an encryption algorithm used to generate the first ciphertext, a mapping function used to generate the first mapping value, etc., need to be disclosed between the terminal device and the server. The parameters can be agreed by the terminal equipment and the server side in advance before the terminal equipment transmits the terminal equipment identification and the authentication code to the server side; the parameters can also be used as fields of the authentication code and transmitted to the server side along with the authentication code; and the like. The invention does not limit the concrete method for synchronizing the algorithm parameters between the terminal equipment and the server.

Table 1 shows an example of the AuthCode1 as an authentication code during activation of a trusted execution environment:

TABLE 1

In table 1, the Provisioning Key is Provisioning Key1, and the first ciphertext is Provisioning _ Key _ Encrypt (Session Key + Dev _ FP), that is, the first ciphertext is a ciphertext obtained by encrypting the Session Key Provisioning Key1 and the terminal device identifier Dev _ FP. The first mapping value is Hash _ Sha256(Session Key + Dev _ FP), that is, the first mapping value is a Hash value of the Session Key and the terminal device identity Dev _ FP calculated by using the Sha256 algorithm.

Those skilled in the art will appreciate that in practice, the AuthCode1 may include other fields besides the fields listed in table 1, such as the application identification of the activation management application 112, the version number of the activation management application 112, the use of the preset key, the type of the preset key, etc., and the present invention does not limit the number and kinds of the fields included in the authentication code.

After the authentication code AuthCode1 and the terminal device identifier Dev _ FP shown in table 1 are sent to the server, the server will verify the authentication code: first, the Provisioning Key1 is read from the authentication code AuthCode 1. Subsequently, the Provisioning Key1 is used to decrypt the Provisioning _ Key _ Encrypt (Session Key + Dev _ FP) of the first ciphertext to recover the Session Key. And finally, calculating a hash value of the recovered Session Key and the terminal device identifier Dev _ FP by adopting a SHA256 algorithm, wherein if the hash value is consistent with a first mapping value in AuthCode1, the AuthCode1 is verified successfully.

Subsequently, in step S320, activation information returned by the server is received, where the activation information includes the encrypted trusted identity, the trusted key, and the activation code, where the trusted identity and the trusted key correspond to the terminal device identifier, and the activation code is generated according to the terminal device identifier.

The trusted identity and the trusted key are generated by the server. And the server generates a trusted identity and a trusted key, and stores the trusted identity and the trusted key in association with the terminal equipment identity. The credible identity is a character string which can represent the uniqueness of the equipment, is used for uniquely identifying a terminal equipment and has the security attributes of being not falsifiable, not forged and being unique globally. The trusted key is a character string derived through a specific algorithm according to the trusted identity, and is used for encrypting key information related to the terminal equipment corresponding to the trusted identity.

And the activation code is generated according to the terminal equipment identifier and is used for activating the trusted execution environment of the terminal equipment. According to one embodiment, the activation code includes usage rights information and verification information for the trusted execution environment.

The usage rights information of the trusted execution environment is used to mark the usage rights of the trusted execution environment. The usage right information may include, for example, an effective time, an expiration time, the number of available times, and the like, but is not limited thereto. When the usage right information includes the validation time and the expiration time, the terminal device can normally use the trusted execution environment only within the time range from the validation time to the expiration time, and outside the time range from the validation time to the expiration time, the trusted execution environment of the terminal device is in an inactivated state, and the trusted execution environment is unavailable. When the usage right information includes the available times, the terminal device may only call the trusted execution environment within the available times, and if the number of times that the terminal device calls the trusted execution environment reaches the available times, the trusted execution environment is in an inactivated state and is unavailable. Those skilled in the art will understand that the usage right information may be configured, and may include at least one of the validation time, the expiration time, and the number of available times, and may also include other information besides the validation time, the expiration time, and the number of available times, and the present invention does not limit the specific content included in the usage right information.

The verification information is used for verifying the activation code so as to ensure that the activation code is not illegally tampered. According to one embodiment, the verification information includes a ciphertext generated by encrypting the trusted identity, the usage right information and the terminal device identifier with the trusted key. The present invention does not limit the specific encryption algorithm used for generating the verification information, for example, the encryption algorithm used for generating the verification information may be, for example, an HMAC (Hash-based Message Authentication Code) algorithm, but is not limited thereto.

Table 2 shows an example of an activation code, ActiCode:

TABLE 2

In table 2, the usage right information includes a validation time Stime1, a failure time Etime1, and a number of Times of availability Times 1. The check information is HMAC (IDkey, Dev _ FP + ID + Stime1+ Etime1+ Times1), that is, the check information is a message digest generated by encrypting the terminal device identifier Dev _ FP, the trusted identity ID, the validation time Stime1, the expiration time Etime1, and the available Times1 based on HMAC algorithm by using the trusted key IDkey.

Those skilled in the art will understand that, in practice, the activation code ActiCode may include other fields besides the fields listed in table 2, for example, an algorithm used for encrypting the activation code by using the trusted key IDkey, a key check value KCV (key check value) for verifying whether the trusted key IDkey is tampered, an algorithm for generating the key check value KCV, and the like, and the present invention does not limit the number and kinds of the fields included in the activation code.

In step S320, the activation information includes the encrypted trusted identity, the trusted key, and the activation code. According to one embodiment, the activation information may be generated by: encrypting the activation code by adopting a trusted key to generate an activation code ciphertext; and encrypting the trusted identity, the trusted key and the activation code ciphertext by using the session key to generate activation information. The session key is determined in advance by the terminal device and the server, for example, the session key may be agreed in advance by the terminal device and the server before the terminal device transmits the terminal device identifier and the authentication code to the server; for another example, referring to table 1, the Session Key may be hidden in the authentication code AuthCode1 and transmitted to the server; and the like. The invention does not limit the generation of the session key and the transmission method of the session key between the terminal equipment and the server. In addition, the encryption algorithm used for generating the activation code ciphertext and the activation information may be any encryption algorithm, which is not limited in the present invention.

Taking tables 1 and 2 as examples, the generation steps of the activation information are as follows: firstly, the activation code ActiCode is encrypted by using the trusted key IDkey to generate an activation code ciphertext ActiCode'. Subsequently, the Session Key determined from the authentication code AuthCode1 is used to encrypt the trusted identity ID, the trusted Key IDkey and the activation code ciphertext ActiCode' to generate activation information.

After receiving the activation information at step S320, step S330 is performed.

In step S330, the activation information is decrypted to obtain the trusted identity, the trusted key and the activation code.

The process of decrypting the activation information is opposite to the process of generating the activation information by encrypting the service side. According to one embodiment, the activation information is decrypted according to the following steps: firstly, decrypting activation information by adopting a session key to obtain a trusted identity, a trusted key and an activation code ciphertext; and subsequently, decrypting the activation code ciphertext by using the trusted key to obtain the activation code.

Taking table 2 as an example, the decryption process of the activation information is as follows: firstly, a Session Key is adopted to decrypt the activation information to obtain a trusted identity ID, a trusted Key IDkey and an activation code ciphertext ActiCode'. And then, decrypting the ActiCode ciphertext by using the trusted key IDkey to obtain the ActiCode.

After the trusted identity, the trusted key and the activation code are obtained in step S330, step S340 is executed.

In step 340, the trusted identity, the trusted key, and the activation code are stored in the secure storage space in an encrypted manner. The data in the secure storage space can only be read by the activation management application 112 in the trusted execution environment, which ensures that the data therein cannot be illegally obtained and tampered.

According to an embodiment, after the trusted identity, the trusted key, and the activation code are obtained in step S330, the trusted identity, the trusted key, and the activation code are not directly encrypted and stored in the secure storage space, but the activation code is verified according to the terminal device identifier, so as to ensure that the activation information is not illegally tampered during the transmission process between the server and the terminal device. After the activation code passes the verification, the trusted identity, the trusted key and the activation code are encrypted and stored in the secure storage space.

According to one embodiment, the activation code may be verified by: encrypting the trusted identity identification, the use authority information and the terminal equipment identification by adopting a trusted key to generate a second ciphertext; and if the second ciphertext is consistent with the verification information in the activation code, the activation code passes the verification.

Taking table 2 as an example, the verification process of the activation code ActiCode is as follows: the terminal device identification Dev _ FP is obtained (e.g. through a data interface provided by the manufacturer of the terminal device). Based on the HMAC algorithm, the terminal device identification Dev _ FP, the trusted identity identification ID, the validation time Stime1, the expiration time Etime1 and the available Times Times1 are encrypted by adopting the trusted key IDkey to generate a second ciphertext. And if the second ciphertext is consistent with the verification information in the activation code, the activation code passes the verification. Otherwise, the verification fails.

After the trusted identity, the trusted key and the activation code are stored in the secure storage space 111 in an encrypted manner, the activation of the trusted execution environment of the terminal device is completed. The trusted identity, the trusted key, and the activation code in the secure storage space 111 can only be read by the activation management application 112 in the trusted execution environment.

FIG. 4 illustrates a schematic diagram of an activation process of a trusted execution environment, according to one embodiment of the present invention. In fig. 4, the secure storage space 111, the activation management application 112, and the interface application 113 are all located in the terminal device 110, the activation management application 112 is a trusted application in a trusted execution environment, and the interface application 113 is a normal application in a rich execution environment.

In step S401, the user triggers the activation management application 112 to perform activation verification of the trusted execution environment through the interface application 113.

In steps S402 and S403, the activation management application 112 reads the activation code ActiCode of the trusted execution environment from the secure storage space 111, verifies the ActiCode, and sends the verification result to the interface application 113 in step S404. If the security storage space 111 does not store an ActiCode or the activation management application 112 fails to verify the ActiCode, in step S404, the activation management application 112 returns a result that the trusted execution environment is not activated to the interface application 113. Subsequently, step S405 is performed.

In step S405, the interface application 113 triggers the activation management application 112 to activate the trusted execution environment.

In step S406, the activation management application 112 acquires the terminal device identification Dev _ FP through an interface provided by the terminal device vendor, acquires the Provisioning Key1, and generates a Session Key.

In step S407, the activation management application 112 generates the authentication code AuthCode1 according to the terminal device identification Dev _ FP, and as shown in the foregoing table 1, the AuthCode1 includes a Provisioning Key1, a first ciphertext Provisioning _ Key _ Encrypt (Session Key + Dev _ FP), and a first mapping value Hash _ Sha256(Session Key + Dev _ FP).

In step S408, the activation management application 112 transmits the terminal device identification Dev _ FP and the authentication code AuthCode1 to the interface application 113.

In step S409, the interface application 113 sends the terminal device identification Dev _ FP and the authentication code AuthCode1 to the server 120.

In step S410, the server 120 verifies the AuthCode 1: first, the Provisioning Key1 is read from the authentication code AuthCode 1. Subsequently, the Provisioning Key1 is used to decrypt the Provisioning _ Key _ Encrypt (Session Key + Dev _ FP) of the first ciphertext to recover the Session Key. And finally, calculating a hash value of the recovered Session Key and the terminal device identifier Dev _ FP by adopting a SHA256 algorithm, wherein if the hash value is consistent with a first mapping value in AuthCode1, the AuthCode1 is verified successfully. Subsequently, step S411 is performed.

In step S411, the server 120 generates a trusted identity ID and a trusted key IDkey, and stores the trusted identity ID and the trusted key IDkey in association with the terminal device identity Dev _ FP.

In step S412, the server 120 generates an activation code ActiCode according to the terminal device identifier Dev _ FP, and as shown in table 2, the ActiCode includes an effective time Stime1, an expiration time Etime1, Times of availability 1, and check information HMAC (IDkey, Dev _ FP + ID + Stime1+ Etime1+ Times 1). Encrypting the ActiCode by using the trusted key IDkey to generate an ActiCode ciphertext'; and encrypting the trusted identity ID, the trusted Key IDkey and the activation code ciphertext ActiCode' by using the Session Key to generate activation information.

In step S413, the server 120 transmits the activation information to the interface application 113.

In step S414, the interface application 113 transmits the activation information to the activation management application 112.

In step S415, the activation management application 112 decrypts the activation information by using the Session Key to obtain the trusted identity ID, the trusted Key IDkey, and the activation code ciphertext ActiCode'. And then, decrypting the ActiCode ciphertext by using the trusted key IDkey to obtain the ActiCode.

In step S416, the activation management application 112 obtains the terminal device identification Dev _ FP through a data interface provided by the manufacturer of the terminal device. Based on the HMAC algorithm, the terminal device identification Dev _ FP, the trusted identity identification ID, the validation time Stime1, the expiration time Etime1 and the available Times Times1 are encrypted by adopting the trusted key IDkey to generate a second ciphertext. If the second ciphertext is consistent with the check information in the activate code, the activate code is verified, and step S417 is executed.

In steps S417 and S418, the activation management application 112 stores the trusted identity ID, the trusted key IDkey, and the activation code ActiCode in the secure storage space 111 in an encrypted manner, and the trusted execution environment is successfully activated.

In step S419, the activation management application 112 feeds back the result of successful activation of the trusted execution environment to the interface application 113.

FIG. 5 illustrates a flow diagram of a method 500 for activation of a trusted execution environment, according to one embodiment of the present invention. The method 500 is performed in a server (e.g., the server 120 shown in fig. 1), corresponding to the method 300 performed in the terminal device described above. As shown in fig. 5, the method 500 begins at step S510.

In step S510, the terminal device identifier sent by the terminal device is received.

Since the activation management application 112 cannot directly communicate with the server and needs to communicate with the server via the interface application 113 in the rich execution environment, the server receives the terminal device identification from the interface application 113 in step S510.

According to one embodiment, in step S510, in addition to receiving the terminal device identification, an authentication code sent by the terminal device is received, the authentication code being generated according to the terminal device identification. And verifying the authentication code, and after the authentication code passes verification, executing the step S520 to generate the activation code according to the terminal equipment identifier.

According to an embodiment, the authentication code includes a preset key, a first ciphertext and a first mapping value, where the first ciphertext is a ciphertext generated by encrypting the session key and the terminal device identifier with the preset key, and the first mapping value is a value obtained by mapping the session key and the terminal device identifier with a preset mapping function. Accordingly, the server can verify the authentication code according to the following method: and reading the preset key from the authentication code, and decrypting the first ciphertext in the authentication code by adopting the preset key to obtain the session key and the terminal equipment identifier. And then, calculating a second mapping value of the session key and the terminal equipment identifier by adopting a preset mapping function, and if the second mapping value is consistent with the first mapping value in the authentication code, the authentication code passes the verification.

The specific implementation steps of generating and verifying the authentication code may refer to the related description of step S310, and are not described herein again.

Subsequently, in step S520, a trusted identity and a trusted key corresponding to the terminal device identity are generated, and an activation code is generated according to the terminal device identity.

The credible identity is used for uniquely identifying one terminal device and has the security attributes of being not falsifiable, not forged and being unique globally. The trusted key is a key corresponding to the trusted identity, and is used for encrypting the key information. The server side can generate the credible identity and the credible secret key according to any algorithm, and the specific algorithm adopted by the invention for generating the credible identity and the credible secret key is not limited. And after the trusted identity identification and the trusted key are generated, the trusted identity identification and the trusted key are stored in an associated manner.

The usage rights information of the trusted execution environment is used to mark the usage rights of the trusted execution environment. The usage right information may include, for example, an effective time, an expiration time, the number of available times, and the like, but is not limited thereto.

The verification information is used for verifying the activation code so as to ensure that the activation code is not illegally tampered. According to one embodiment, the verification information includes a ciphertext generated by encrypting the trusted identity, the usage right information and the terminal device identifier with the trusted key. The present invention does not limit the specific encryption algorithm used for generating the verification information, for example, the encryption algorithm used for generating the verification information may be, for example, an HMAC algorithm, but is not limited thereto. An example of the activation code ActiCode can refer to the foregoing table 2, and is not described here again.

Subsequently, in step S530, the trusted identity, the trusted key, and the activation code are encrypted to generate activation information.

According to one embodiment, the activation code is encrypted with a trusted key to generate an activation code ciphertext; and encrypting the trusted identity, the trusted key and the activation code ciphertext by using the session key to generate activation information. For the specific generation step of the activation information, reference may be made to the foregoing description of step S320, which is not described herein again.

Subsequently, in step S540, the activation information is transmitted to the terminal device so that the terminal device: and decrypting the activation information to obtain a trusted identity, a trusted key and an activation code, and encrypting and storing the trusted identity, the trusted key and the activation code into a secure storage space.

The specific implementation process of step S540 may refer to the related description of steps S330 and S340, which is not described herein again.

A generic application in the rich execution environment may invoke a trusted application in the trusted execution environment. When the trusted application is invoked, the invoked trusted application will further invoke the activation management application 112 to trigger activation verification of the trusted execution environment.

FIG. 6 illustrates a flow diagram of a method 600 for activation verification of a trusted execution environment, according to one embodiment of the invention. The method 600 is performed in a trusted execution environment of the terminal device, e.g. by an activation management application 112 in the trusted execution environment. As shown in fig. 6, the method 600 begins at step S610.

In step S610, a trusted identity, a trusted key, and an activation code of a trusted execution environment are obtained, where the activation code includes usage right information and verification information of the trusted execution environment, and the verification information includes a ciphertext generated by encrypting the trusted identity, the usage right information, and a terminal device identifier with the trusted key.

According to one embodiment, the activation management application 112 reads the trusted identity ID, the trusted key IDkey, and the activation code ActiCode of the trusted execution environment from the secure storage space 111. The activation code ActiCode further includes usage right information, for example, as shown in table 2, the activation code ActiCode includes three items of usage right information, i.e., validation time Stime1, expiration time Etime1, and Times of availability Times1, and verification information HMAC (IDkey, Dev _ FP + ID + Stime1+ Etime1+ Times 1). The verification information is a message digest generated by encrypting the terminal device identification Dev _ FP, the trusted identity identification ID, the validation time Stime1, the expiration time Etime1 and the available Times Times1 by using the trusted key IDkey based on the HMAC algorithm.

Subsequently, in step S620, the terminal device identifier is obtained, and the trusted identity identifier, the usage right information, and the terminal device identifier are encrypted by using the trusted key, so as to generate a third ciphertext.

According to an embodiment, the terminal device identification Dev _ FP is obtained through a data interface provided by a manufacturer of the terminal device, and based on an HMAC algorithm, the trusted identity ID, the validation time Stime1, the expiration time Etime1, the available Times1, and the terminal device identification Dev _ FP are encrypted by using the trusted key IDkey to generate a third ciphertext.

Subsequently, in step S630, if the third ciphertext is consistent with the verification information, and the current usage environment of the terminal device matches the usage right information, the trusted execution environment is successfully activated.

For example, the usage right information includes effective time, ineffective time, and available times, and accordingly, the current usage environment of the terminal device includes information of time, used times, and the like. And if the current time of the terminal equipment is in the range of the effective time to the invalid time and the used times are less than or equal to the available times, matching the current use environment of the terminal equipment with the use permission information.

FIG. 7 illustrates a schematic diagram of an activation verification process for a trusted execution environment, according to one embodiment of the invention. In fig. 7, the secure storage space 111, the activation management application 112, the first trusted application 115, and the first general application 114 are all located in the terminal device 110, the activation management application 112 and the first trusted application 115 are trusted applications in a trusted execution environment, and the first general application 114 is a general application in a rich execution environment.

In step S701, the first normal application 114 initiates a call request to the first trusted application 115.

In step S702, the first trusted application 115 triggers the activation management application 112 to perform activation verification of the trusted execution environment.

In steps S703 and S704, the activation management application 112 reads the trusted identity ID, the trusted key IDkey, and the activation code ActiCode of the trusted execution environment from the secure storage space 111. As shown in table 2, the ActiCode includes a validation time Stime1, a failure time Etime1, Times available 1, and check information HMAC (IDkey, Dev _ FP + ID + Stime1+ Etime1+ Times 1).

In step S705, the activation management application 112 obtains the terminal device identification Dev _ FP through a data interface provided by the manufacturer of the terminal device. Based on the HMAC algorithm, the trusted identity ID, the validation time Stime1, the expiration time Etime1, the available Times Times1 and the terminal device identifier Dev _ FP are encrypted by adopting the trusted key IDkey to generate a third ciphertext. And if the third ciphertext is consistent with the verification information in the activation code, the activation code passes the verification and the trusted execution environment is activated.

In step S706, the activation management application 112 sends the result that the trusted execution environment has been activated to the first trusted application 115.

In step S707, the first trusted application 115 executes the call requested by the first normal application 114.

In step S708, the first trusted application 115 returns the call result to the first normal application 114.

Based on the activation of the trusted execution environment, the trusted execution environment may provide application activation and activation verification services to other applications of the terminal device 110, thereby ensuring the security of the other applications.

FIG. 8 illustrates a flow diagram of a trusted execution environment based application activation method 800 according to one embodiment of the present invention. The method 800 is performed in a trusted execution environment of the terminal device, e.g., by an activation management application 112 in the trusted execution environment. The method 200 may be used to activate a generic application in a rich execution environment, such as the second generic application 116 shown in FIG. 2. As shown in fig. 8, the method 800 begins at step S810.

In step S810, the trusted identity of the terminal device is sent to the server.

The trusted identity is stored in a secure memory space 111 of the terminal device, which can only be read by certain trusted applications in the trusted execution environment, such as the activation management application 112. After obtaining the trusted identity, the activation management application 112 sends the trusted identity to the server 120 through an application to be activated in the rich execution environment (e.g., the second generic application 116 in fig. 2).

According to one embodiment, before sending the trusted identity to the server, it is required to verify whether the trusted execution environment is successfully activated; and under the condition that the trusted execution environment is successfully activated, sending the trusted identity of the terminal equipment to the server.

In particular, whether the trusted execution environment was successfully activated may be verified according to the steps illustrated in the foregoing method 600. If the trusted execution environment is successfully activated, the trusted execution environment is available, and the application to be activated can be activated based on the trusted execution environment. If the activation of the trusted execution environment fails, the trusted execution environment is not available, and the method 300 needs to be executed to activate the trusted execution environment first, and the method 800 of the present invention can be executed after the trusted execution environment is activated.

According to an embodiment, step S810, in addition to sending the trusted identity to the server, generates an authentication code according to the trusted identity, sends the authentication code and the trusted identity to the server together, so that the server verifies the authentication code, and after the authentication code passes verification, generates a registration code according to the trusted identity.

According to an embodiment, the authentication code includes a preset key, a fourth ciphertext and a third mapping value, where the fourth ciphertext is a ciphertext generated by encrypting the trusted identity with the preset key, and the third mapping value is a value obtained by mapping the trusted identity with a preset mapping function. According to one embodiment, the preset key is one of the configuration information of the activation management application 112, and accordingly, the value of the preset key may be read from the configuration information of the activation management application. According to one embodiment, when the activation management application 112 communicates with the server, the activation management application 112 will generate a Token (Token) for this communication, the Token including the preset key read from the configuration information. And determining the fourth ciphertext according to the preset key in the token, and further generating the authentication code. It will be understood by those skilled in the art that other information, such as the application identification of the activation management application 112, the version number of the activation management application 112, the use of the preset key, the type of the preset key, etc., may be included in the token besides the preset key and the session key, and the specific information included in the token is not limited by the present invention.

In addition, it should be noted that both the encryption algorithm used for generating the fourth ciphertext and the mapping function used for generating the third mapping value may be set by those skilled in the art, and the present invention is not limited thereto. For example, the encryption algorithm used to generate the fourth ciphertext may be an AES encryption algorithm, and the mapping function used to generate the third mapping value may be a hash algorithm, but is not limited thereto.

After the authentication code is generated, the authentication code and the credible identity are sent to the server side together, so that the server side can verify the authentication code, and the authentication code and the credible identity are not tampered in the transmission process. According to one embodiment, the server may verify the authentication code according to the following method:

and reading a preset key from the authentication code, decrypting the fourth ciphertext by using the preset key to obtain a trusted identity, calculating a fourth mapping value of the trusted identity by using a preset mapping function, and if the fourth mapping value is consistent with a third mapping value in the authentication code, passing the authentication code verification.

Table 3 shows an example of the AuthCode2 during application activation based on a trusted execution environment:

TABLE 3

Preset key	The fourth ciphertext	Third mapping value
			Provisioning Key2	Provisioning_Key_Encrypt(ID)	Hash_Sha256(ID)

In table 3, the Provisioning Key is Provisioning Key2, and the fourth ciphertext is Provisioning _ Key _ encrypt (ID), that is, the fourth ciphertext is a ciphertext obtained by encrypting the trusted identity ID with the Provisioning Key 2. The third mapping value is Hash _ Sha256(ID), that is, the third mapping value is a Hash value of the trusted identity ID calculated by using the Sha256 algorithm.

Those skilled in the art will appreciate that in practice, the AuthCode2 may include other fields besides those listed in table 3, such as application identification of the activation management application 112, version number of the activation management application 112, preset key usage, preset key type, etc., and the present invention is not limited to the number and kinds of the fields included in the authentication code.

After the authentication code AuthCode2 shown in table 3 is sent to the server, the server will verify the authentication code: first, the Provisioning Key2 is read from the authentication code AuthCode 2. Subsequently, the rendering Key2 is used to decrypt the fourth ciphertext rendering _ Key _ encrypt (ID) to obtain the trusted identity ID. And finally, calculating a hash value of the trusted identity ID by adopting an SHA256 algorithm, and if the hash value is consistent with a third mapping value in Authcode2, verifying Authcode2 successfully.

Subsequently, in step S820, registration information returned by the server is received, where the registration information includes a registration code encrypted by using a trusted key corresponding to the trusted identity, and the registration code is generated according to the trusted identity.

And the registration code is generated according to the credible identity and is used for activating the application to be activated. According to one embodiment, the registration code includes usage rights information and verification information for the application to be activated.

The usage right information of the application is used to mark the usage right of the application. The usage right information may include, for example, an effective time, an expiration time, the number of available times, and the like, but is not limited thereto. When the usage right information includes the effective time and the invalid time, the user can normally use the application only in the time range from the effective time to the invalid time, and the application is not available outside the time range from the effective time to the invalid time. When the usage right information includes the available times, the user can use the application only within the available times, and if the user uses the application for the available times, the application is not available any more. Those skilled in the art will understand that the usage right information may be configured, and may include at least one of the validation time, the expiration time, and the number of available times, and may also include other information besides the validation time, the expiration time, and the number of available times, and the present invention does not limit the specific content included in the usage right information of the application.

The verification information is used for verifying the registration code so as to ensure that the registration code is not illegally tampered. According to one embodiment, the verification information includes a ciphertext generated by encrypting the trusted identity and the usage right information with a trusted key. The present invention does not limit the specific encryption algorithm used for generating the verification information, for example, the encryption algorithm used for generating the verification information may be, for example, an HMAC (Hash-based Message Authentication Code) algorithm, but is not limited thereto.

Table 4 shows an example of a registration code License:

TABLE 4

In table 4, the usage right information of the application includes the validation time Stime2, the expiration time Etime2, and the number of Times of availability Times 2. The verification information is HMAC (IDkey, ID + Stime2+ Etime2+ Times2), that is, the verification information is a message digest generated by encrypting the trusted identity ID, the validation time Stime2, the expiration time Etime2 and the available Times2 based on the HMAC algorithm by using the trusted key IDkey.

In step S820, the registration information includes a registration code encrypted by using a trusted key corresponding to the trusted identity. Namely, the server side firstly determines a trusted key corresponding to the trusted identity, and then encrypts the registration code by adopting the trusted key to generate registration information.

It should be noted that the process of encrypting the registration code to generate the registration information in method 800 is slightly different from the process of encrypting the activation code to generate the activation information in method 300. In the method 300, the activation code is double encrypted by a trusted key and a session key; in method 800, the registration code is only single encrypted by the trusted key. This is because, in the method 300, the trusted key needs to be sent to the terminal device along with the activation code for the first generation. In order to ensure that the trusted key is not intercepted or tampered, after the activation code is encrypted by the trusted key, the session key is also required to be used for encrypting the trusted key, so that the trusted key is invisible to the outside. In the method 800, the trusted key is not transmitted but only stored in the terminal device and the server, and even if other devices monitor the registration information transmitted between the terminal device and the server, the registration information cannot be decrypted to obtain the registration code because the trusted key cannot be obtained. Therefore, in the method 800, the security of the registration code can be ensured only by performing single encryption on the registration code by using the trusted key, and the secondary encryption by using the session key is not required.

Subsequently, in step S830, the registration information is decrypted by using the trusted key to obtain the registration code.

Subsequently, in step S840, the registration code is stored encrypted to the secure storage space. The data in the secure storage space can only be read by the activation management application 112 in the trusted execution environment, which ensures that the data therein cannot be illegally obtained and tampered.

According to an embodiment, after the registration code is obtained in step S830, the registration code is not directly encrypted and stored in the secure storage space, but the registration code is verified according to the trusted identity, so as to ensure that the registration information is not illegally tampered during the transmission process between the server and the terminal device. And after the verification of the registration code is passed, encrypting and storing the registration code in a secure storage space.

According to one embodiment, the registration code may be verified by: encrypting the trusted identity identification and the use authority information by adopting a trusted key to generate a fifth ciphertext; and if the fifth ciphertext is consistent with the verification information in the registration code, the registration code passes the verification.

Taking table 4 as an example, the verification process of the registration code License is as follows: and acquiring a trusted key IDkey, and encrypting the trusted identity ID, the validation time Stime2, the expiration time Etime2 and the available Times Times2 by adopting the trusted key IDkey based on the HMAC algorithm to generate a fifth ciphertext. And if the fifth ciphertext is consistent with the verification information in the registration code, the registration code passes the verification. Otherwise, the verification fails.

After the registration code of the application to be activated is stored in the secure storage space 111 in an encrypted manner, the activation of the application to be activated is completed. The registration code in the secure storage space 111 can only be read by the activation management application 112 in the trusted execution environment.

FIG. 9 illustrates a diagram of a trusted execution environment based application activation process, according to one embodiment of the present invention. In fig. 9, the secure storage space 111, the activation management application 112, and the second general application 116 are located in the terminal device, the activation management application 112 is a trusted application in a trusted execution environment, and the second general application 116 is an application to be activated in a rich execution environment. The application server 122 and the authentication server 124 are located at the server. The application server 122 is configured to provide method and data calls to the second generic application 116, and generate usage right information (e.g., validation time, expiration time, availability times, etc.) of the second generic application 116. The authentication server 124 is used for verifying the identity of the terminal device 110, encrypting related data, and the like.

In step S901, the second normal application 116 initiates a request to initialize the trusted execution environment to the activation management application 112. The activation management application 112 performs activation verification of the trusted execution environment based on the request. If the activation verification of the trusted execution environment is successful, step S902 is executed.

In steps S902 and S903, the activation management application 112 reads the trusted identity ID and the trusted key IDkey from the secure storage space 111.

In step S904, the activation management application 112 generates the authenticator AuthCode2 according to the trusted identity ID, and as shown in the foregoing table 3, the AuthCode2 includes the Provisioning Key2, the fourth cryptogram Provisioning _ Key _ encrypt (ID), and the third mapping value Hash _ Sha256 (ID).

In step S905, the activation management application 112 transmits the trusted identification ID and the authentication code AuthCode2 to the second normal application 116.

In step S906, the second generic application 116 sends the trusted identity ID and the authentication code AuthCode2 to the application server 122.

In step S907, the application server 122 sends the trusted identity ID and the authentication code AuthCode2 to the authentication server 124.

In step S908, the authentication server 124 verifies the authentication code AuthCode 2: first, the Provisioning Key2 is read from the authentication code AuthCode 2. Subsequently, the rendering Key2 is used to decrypt the fourth ciphertext rendering _ Key _ encrypt (ID) to obtain the trusted identity ID. And finally, calculating a hash value of the trusted identity ID by adopting an SHA256 algorithm, and if the hash value is consistent with a third mapping value in Authcode2, verifying Authcode2 successfully.

In step S909, the authentication server 124 returns the result of successful verification of the authentication code AuthCode2 to the application server 122.

In step S910, the application server 122 generates the usage right information of the second general application 116, see table 4, the usage right information including the validation time Stime2, the expiration time Etime2, and the number of Times of availability Times 2.

In step S911, the application server 122 transmits the generated usage right information to the authentication server 124.

In step S912, the authentication server 124 generates the check information, see table 4, which is HMAC (IDkey, ID + Stime2+ Etime2+ Times 2). Subsequently, the usage right information and the verification information are combined to form a registration code License. And searching a trusted key IDkey corresponding to the trusted identity ID, and encrypting License by adopting the IDkey to generate registration information.

In steps S913 to S915, the authentication server 124 sequentially passes through the application server 122 and the second normal application 116, and sends the registration information to the activation management application 112.

In step S916, the activation management application 112 decrypts the registration information by using the trusted key IDkey to obtain the registration code License. And encrypting the trusted identity ID, the validation time Stime2, the expiration time Etime2 and the available Times Times2 by using the trusted key IDkey to generate a fifth ciphertext. If the fifth ciphertext is consistent with the verification information in License, the registration code passes verification, and step S917 is performed.

In steps S917 and S918, the activation management application 112 stores the License encrypted to the secure storage space 111, and the second general application 116 is successfully activated.

In step S919, the activation management application 112 feeds back the result of successful activation of the second normal application 116 to the second normal application 116.

FIG. 10 illustrates a flow diagram of a trusted execution environment based application activation method 1000, according to one embodiment of the present invention. The method 100 is performed in a server (e.g. the server 120 shown in fig. 2), and is adapted to activate an application to be activated (e.g. the second generic application 116 shown in fig. 2), corresponding to the method 800 performed in the terminal device described above.

According to an embodiment, the server further includes an application server (e.g., the application server 122 shown in fig. 2) and an authentication server (e.g., the authentication server 124 shown in fig. 2), and the application server and the authentication server cooperate in a labor division manner to implement application activation based on the trusted execution environment. The application server can directly communicate with the application to be activated, and is used for providing method and data call for the application to be activated and generating the use authority information (such as effective time, ineffective time, available times and the like) of the application to be activated. The authentication server does not typically communicate directly with the application to be activated, for verifying the identity of the terminal device 110, encrypting related data, etc.

As shown in fig. 10, the method 1000 begins at step S1010.

In step S1010, the trusted identity sent by the terminal device is received.

The trusted identity is stored in a secure memory space 111 of the terminal device, which can only be read by certain trusted applications in the trusted execution environment, such as the activation management application 112. After obtaining the trusted identity, the activation management application 112 sends the trusted identity to the application server through the application to be activated. Correspondingly, the application server receives the credible identity sent by the application to be activated.

According to one embodiment, in step S1010, in addition to receiving the trusted identity, an authentication code sent by the terminal device is accepted, and the authentication code is generated according to the trusted identity. And verifying the authentication code, and after the authentication code passes the verification, executing the step S520 to generate a registration code according to the credible identity.

According to an embodiment, after receiving the trusted identity and the authentication code sent by the second generic application 116, the application server 122 forwards the trusted identity and the authentication code to the authentication server 124, and the authentication code is verified by the authentication server 124. For a specific verification process of the authentication code, reference may be made to the related description of step S810, which is not described herein again.

Subsequently, in step S1020, a registration code is generated according to the trusted identity.

According to one embodiment, the registration code includes usage right information and verification information of the application to be activated, wherein the usage right information is used for marking the usage right of the application, which may include, for example, validation time, expiration time, availability times, and the like, but is not limited thereto. The verification information is used for verifying the registration code so as to ensure that the registration code is not illegally tampered. According to one embodiment, the verification information includes a ciphertext generated by encrypting the trusted identity and the usage right information with a trusted key.

According to one embodiment, the usage rights information in the registration code is generated by the application server 122. After the application server 122 generates the usage right information, the usage right information is sent to the authentication server 124, and the authentication server 124 generates the verification information. The specific generation process of the usage right information and the verification information may refer to the related description of step S820, which is not described herein again.

Subsequently, in step S1030, the registration code is encrypted by using the trusted key corresponding to the trusted identity to generate registration information.

According to one embodiment, step S1030 is performed by the authentication server 124.

Subsequently, in step S1040, the registration information is transmitted to the terminal device so that the terminal device: decrypting the registration information by adopting the trusted key to obtain a registration code; and storing the registration code to the secure storage space in an encrypted manner.

In step S1040, the authentication server 124 sequentially passes through the application 122 and the application to be activated, and sends the registration information to the activation management application 112 in the terminal device. The activation management application 112 decrypts the registration information using the trusted key to obtain a registration code; and storing the registration code to the secure storage space in an encrypted manner.

For the specific implementation process of step S1040, reference may be made to the related descriptions of steps S830 and S840, which are not described herein again.

When a user uses an application, activation verification of the application will be triggered. The user can use the application only when the successful activation of the application is verified; if the application activation is verified to fail, the application is unavailable to the user.

FIG. 11 illustrates a flow diagram of a trusted execution environment based application activation verification method 1100 in accordance with one embodiment of the present invention. The method 1100 is performed in a trusted execution environment of the terminal device, e.g., by an activation management application 112 in the trusted execution environment. As shown in fig. 11, the method 1100 begins at step S1110.

In step S1110, a trusted identity, a trusted key, and a registration code of an application to be verified are obtained, where the registration code includes usage right information and verification information, and the verification information is a ciphertext generated by encrypting the trusted identity and the usage right information with the trusted key.

According to one embodiment, the activation verification application 112 obtains from the secure storage space 111 a trusted identity, a trusted key and a registration code of the application to be verified.

Subsequently, in step S1120, the trusted identity and the usage right information are encrypted by using the trusted key, so as to generate a sixth ciphertext.

Subsequently, in step S1130, if the sixth ciphertext is consistent with the verification information, the registration code is sent to the application to be verified, so that the application determines whether the activation is successful according to whether the current usage environment is matched with the usage right information.

For example, the usage right information includes effective time, ineffective time and available times, and accordingly, the current usage environment of the application includes information of time, used times and the like. And if the current time is in the range of the effective time to the invalid time and the used times of the application are less than or equal to the available times, matching the current use environment with the use permission information, and successfully activating the application.

FIG. 12 illustrates a diagram of a trusted execution environment based application activation verification process, according to one embodiment of the invention. In fig. 12, the secure storage space 111, the activation management application 112, and the second general application 116 are all located in the terminal device 110, the activation management application 112 is a trusted application in a trusted execution environment, and the second general application 116 is a general application in a rich execution environment.

In step S1201, when the user uses the second normal application 116, the second normal application 116 initiates an activation verification request to the activation management application 112.

In steps S1202 and S1203, the activation management application 112 acquires the trusted identity ID, the trusted key IDkey, and the activation code ActiCode of the trusted execution environment from the secure storage space 111.

In step S1204, the activation management application 112 verifies whether activation of the trusted execution environment is successful according to the trusted identity ID, the trusted key IDkey, and the activation code ActiCode. In the case where the trusted execution environment activation is successful, the step S1205 is continuously performed.

In steps S1205 and S1206, the activation management application 112 acquires the registration code License from the secure storage space 111. Referring to table 4, License includes a validation time Stime2, a failure time Etime2, Times available 2, and check information HMAC (IDkey, ID + Stime2+ Etime2+ Times 2).

In step S1207, the activation management application 112 encrypts the trusted identity ID, the validation time Stime2, the expiration time Etime2, and the available Times Times2 using the trusted key IDkey, and generates a sixth ciphertext. If the sixth ciphertext is consistent with the verification information in License, step S1208 is executed.

In step S1208, the activation management application 112 transmits the registration code to the second normal application 116.

In step S1209, the second normal application 116 acquires the current usage environment including the current time and the number of times the second normal application 116 has been used. The effective time Stime2, the dead time Etime2 and the available Times Times2 in the registration code are read. And judging whether the current time is in the time range from the effective time Stime2 to the failure time Etime2 and whether the used Times are less than or equal to the available Times Times 2. If the current time is within the time range from the validation time Stime2 to the expiration time Etime2, and the used Times are less than or equal to the available Times2, the activation of the second general application 116 is successful.

The various techniques described herein may be implemented in connection with hardware or software or, alternatively, with a combination of both. Thus, the methods and apparatus of the present invention, or certain aspects or portions thereof, may take the form of program code (i.e., instructions) embodied in tangible media, such as removable hard drives, U.S. disks, floppy disks, CD-ROMs, or any other machine-readable storage medium, wherein, when the program is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the invention.

In the case of program code execution on programmable computers, the computing device will generally include a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device. Wherein the memory is configured to store program code; the processor is configured to execute the trusted execution environment based application activation method of the present invention according to instructions in the program code stored in the memory.

By way of example, and not limitation, readable media may comprise readable storage media and communication media. Readable storage media store information such as computer readable instructions, data structures, program modules or other data. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. Combinations of any of the above are also included within the scope of readable media.

In the description provided herein, algorithms and displays are not inherently related to any particular computer, virtual system, or other apparatus. Various general purpose systems may also be used with examples of this invention. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.

In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.

Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.

Those skilled in the art will appreciate that the modules or units or components of the devices in the examples disclosed herein may be arranged in a device as described in this embodiment or alternatively may be located in one or more devices different from the devices in this example. The modules in the foregoing examples may be combined into one module or may be further divided into multiple sub-modules.

Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

Furthermore, some of the described embodiments are described herein as a method or combination of method elements that can be performed by a processor of a computer system or by other means of performing the described functions. A processor having the necessary instructions for carrying out the method or method elements thus forms a means for carrying out the method or method elements. Further, the elements of the apparatus embodiments described herein are examples of the following apparatus: the apparatus is used to implement the functions performed by the elements for the purpose of carrying out the invention.

As used herein, unless otherwise specified the use of the ordinal adjectives "first", "second", "third", etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.

While the invention has been described with respect to a limited number of embodiments, those skilled in the art, having benefit of this description, will appreciate that other embodiments can be devised which do not depart from the scope of the invention as described herein. Furthermore, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter. Accordingly, many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the appended claims. The present invention has been disclosed in an illustrative rather than a restrictive sense with respect to the scope of the invention, as defined in the appended claims.

Claims

1. A method of activating a trusted execution environment, the trusted execution environment being deployed in a terminal device, the method comprising:

sending the terminal equipment identification to a server;

receiving activation information returned by a server, wherein the activation information comprises an encrypted trusted identity, a trusted key and an activation code, the trusted identity and the trusted key correspond to the terminal equipment identifier, and the activation code is generated according to the terminal equipment identifier;

decrypting the activation information to obtain a trusted identity, a trusted key and an activation code;

and encrypting and storing the trusted identity, the trusted key and the activation code into a secure storage space.

2. The method of claim 1, wherein the activation information comprises a ciphertext generated by encrypting the trusted identity, a trusted key, and an activation code ciphertext using a session key, the activation code ciphertext being a ciphertext generated by encrypting the activation code using the trusted key.

3. The method of claim 2, wherein decrypting the activation information to obtain the trusted identity, the trusted key, and the activation code comprises:

decrypting the activation information by adopting a session key to obtain a trusted identity, a trusted key and an activation code ciphertext;

and decrypting the activation code ciphertext by adopting the trusted key to obtain the activation code.

4. The method of claim 1, wherein after the step of decrypting the activation information, further comprising:

and verifying the activation code according to the terminal equipment identifier, and after the activation code passes verification, encrypting and storing the credible identity identifier, the credible secret key and the activation code into a safe storage space.

5. The method of claim 4, wherein the activation code includes usage right information of a trusted execution environment and verification information, the verification information including a ciphertext generated by encrypting the trusted identity, the usage right information, and a terminal device identity with the trusted key;

the step of verifying the activation code according to the terminal device identification comprises:

encrypting the trusted identity identification, the use authority information and the terminal equipment identification by adopting a trusted key to generate a first ciphertext;

and if the first ciphertext is consistent with the verification information, the activation code passes verification.

6. The method of claim 5, wherein the usage rights information includes validation time, expiration time, number of times available.

7. The method of claim 1, further comprising:

generating an authentication code according to the terminal equipment identifier;

and sending the authentication code to a server so that the server can verify the authentication code, and generating an activation code according to the terminal equipment identifier after the authentication code passes verification.

8. The method according to claim 7, wherein the authentication code includes a preset key, a second ciphertext and a first mapping value, the second ciphertext is a ciphertext generated by encrypting the session key and the terminal device identifier with the preset key, and the first mapping value is a value obtained by mapping the session key and the terminal device identifier with a preset mapping function;

the server side is suitable for verifying the authentication code according to the following method:

and decrypting the second ciphertext by adopting the preset key to obtain the session key and the terminal equipment identifier, calculating a second mapping value of the session key and the terminal equipment identifier by adopting the preset mapping function, and if the second mapping value is consistent with the first mapping value, passing the authentication code verification.

9. The method of claim 1, performed by an activation management application in the trusted execution environment, the secure storage space being accessible only by the activation management application.

10. The method of claim 9, wherein the activation management application communicates with the server via an interface application located in a rich execution environment.

11. A method of activating a trusted execution environment, the trusted execution environment being deployed in a terminal device, the method comprising:

receiving a terminal equipment identifier sent by terminal equipment;

generating a trusted identity identifier and a trusted key corresponding to the terminal equipment identifier, and generating an activation code according to the terminal equipment identifier;

encrypting the trusted identity, a trusted key and an activation code to generate activation information;

sending the activation information to the terminal device so that the terminal device: and decrypting the activation information to obtain a trusted identity, a trusted key and an activation code, and encrypting and storing the trusted identity, the trusted key and the activation code to a secure storage space.

12. The method of claim 11, wherein the activation information is generated according to the steps of:

encrypting the activation code by using the trusted key to generate an activation code ciphertext;

and encrypting the trusted identity, the trusted key and the activation code ciphertext by adopting a session key to generate activation information.

13. The method of claim 11, wherein the activation code includes usage rights information of a trusted execution environment and verification information, the verification information including a ciphertext generated by encrypting the trusted identity, usage rights information, and terminal device identification with the trusted key.

14. The method of claim 13, wherein the usage rights information includes validation time, expiration time, number of times available.

15. The method of claim 11, further comprising:

receiving an authentication code sent by terminal equipment, wherein the authentication code is generated according to the terminal equipment identifier;

verifying the authentication code;

and after the authentication code passes verification, generating an activation code according to the terminal equipment identifier.

16. The method according to claim 15, wherein the authentication code includes a preset key, a first ciphertext and a first mapping value, the first ciphertext is a ciphertext generated by encrypting the session key and the terminal device identifier with the preset key, and the first mapping value is a value obtained by mapping the session key and the terminal device identifier with a preset mapping function;

the step of verifying the authentication code comprises:

decrypting the first ciphertext by using the preset key to obtain the session key and the terminal equipment identifier;

calculating a second mapping value of the session key and the terminal equipment identifier by adopting the preset mapping function;

and if the second mapping value is consistent with the first mapping value, the authentication code passes the verification.

17. A method of activation verification of a trusted execution environment, performed in a trusted execution environment of a terminal device, the method comprising:

acquiring a trusted identity, a trusted key and an activation code of a trusted execution environment, wherein the activation code comprises use authority information and verification information of the trusted execution environment, and the verification information comprises a ciphertext generated by encrypting the trusted identity, the use authority information and a terminal equipment identifier by using the trusted key;

acquiring a terminal equipment identifier, and encrypting the trusted identity identifier, the use authority information and the terminal equipment identifier by adopting a trusted key to generate a first ciphertext;

and if the first ciphertext is consistent with the verification information and the current use environment of the terminal equipment is matched with the use authority information, the trusted execution environment is activated successfully.

18. A method for activating an application based on a trusted execution environment, the trusted execution environment being deployed in a terminal device, the method comprising:

sending the credible identity of the terminal equipment to a server:

receiving registration information returned by a server, wherein the registration information comprises a registration code encrypted by a trusted key corresponding to the trusted identity, and the registration code is generated according to the trusted identity;

decrypting the registration information by adopting a trusted key to obtain a registration code;

and encrypting and storing the registration code to a secure storage space.

19. The method as recited in claim 18, further comprising:

verifying whether the trusted execution environment is successfully activated;

and under the condition that the trusted execution environment is successfully activated, sending the trusted identity of the terminal equipment to the server.

20. The method of claim 18, wherein after the step of decrypting the registration information with a trusted key, further comprising:

and verifying the registration code according to the credible identity, and after the registration code passes verification, encrypting and storing the registration code to a safe storage space.

21. The method of claim 20, wherein the registration code includes usage rights information of the application to be activated and verification information, the verification information including a ciphertext generated by encrypting the trusted identity and the usage rights information with the trusted key;

the step of verifying the registration code in accordance with the trusted identity comprises:

encrypting the trusted identity and the use authority information by adopting a trusted key to generate a first ciphertext;

and if the first ciphertext is consistent with the verification information, the registration code passes verification.

22. The method of claim 21, wherein the usage rights information includes validation time, expiration time, number of times available.

23. The method as recited in claim 18, further comprising:

generating an authentication code according to the credible identity;

and sending the authentication code to a server so that the server can verify the authentication code, and generating a registration code according to the credible identity after the authentication code passes verification.

24. The method of claim 23, wherein the authentication code comprises a preset key, a second ciphertext and a first mapping value, the second ciphertext is a ciphertext generated by encrypting the trusted identity using the preset key, and the first mapping value is a value obtained by mapping the trusted identity using a preset mapping function;

and decrypting the second ciphertext by using the preset key to obtain the trusted identity, calculating a second mapping value of the trusted identity by using the preset mapping function, and if the second mapping value is consistent with the first mapping value, passing the authentication code verification.

25. The method of claim 18, performed by an activation management application in the trusted execution environment, the secure storage space being accessible only by the activation management application.

26. The method of claim 25, wherein the activation management application communicates with the server via an application to be activated.

27. A method for activating an application based on a trusted execution environment, the trusted execution environment being deployed in a terminal device, the method comprising:

receiving a trusted identity sent by terminal equipment;

generating a registration code according to the credible identity;

encrypting the registration code by adopting a trusted key corresponding to the trusted identity to generate registration information;

sending the registration information to the terminal device so that the terminal device: decrypting the registration information by adopting a trusted key to obtain a registration code; and encrypting and storing the registration code to a secure storage space.

28. The method of claim 27, wherein the registration code includes usage rights information of the application to be activated and verification information, the verification information including a ciphertext generated by encrypting the trusted identity and the usage rights information with the trusted key.

29. The method of claim 28, wherein the usage rights information includes validation time, expiration time, number of times available.

30. The method of claim 28, wherein the server includes an application server and an authentication server, the usage right information is generated by the application server, and the verification information is generated by the authentication server.

31. The method of claim 27, further comprising:

receiving an authentication code sent by terminal equipment, wherein the authentication code is generated according to the credible identity;

verifying the authentication code;

and after the authentication code passes the verification, generating a registration code according to the credible identity.

32. The method of claim 31, wherein the authentication code includes a preset key, a first ciphertext and a first mapping value, the first ciphertext is a ciphertext generated by encrypting the trusted identity using the preset key, and the first mapping value is a value obtained by mapping the trusted identity using a preset mapping function;

the step of verifying the authentication code comprises:

decrypting the first ciphertext by using the preset key to obtain the trusted identity;

calculating a second mapping value of the trusted identity by adopting the preset mapping function;

33. An application activation verification method based on a trusted execution environment, executed in the trusted execution environment of a terminal device, the method comprising:

acquiring a trusted identity, a trusted key and a registration code of an application to be verified, wherein the registration code comprises use authority information and verification information, and the verification information is a ciphertext generated by encrypting the trusted identity and the use authority information by using the trusted key;

encrypting the trusted identity and the use authority information by adopting the trusted key to generate a first ciphertext;

and if the first ciphertext is consistent with the verification information, the registration code is sent to an application to be verified, so that the application can determine whether the activation is successful according to the fact that whether the current use environment is matched with the use authority information.

34. A terminal device having a trusted execution environment deployed thereon,

the trusted execution environment comprises an activation management application adapted to perform the method of any one of claims 1-10, 17, 18-26, 33.

35. A server, comprising:

at least one processor; and

a memory storing program instructions configured for execution by the at least one processor, the program instructions comprising instructions for performing the method of any of claims 11-16, 27-32.

36. A trusted execution environment based application activation system, comprising:

the terminal device of claim 34; and

the server of claim 35.