TWI687867B - Method for generating and installing trusted application for trusted execution environment - Google Patents

Method for generating and installing trusted application for trusted execution environment Download PDF

Info

Publication number
TWI687867B
TWI687867B TW105137496A TW105137496A TWI687867B TW I687867 B TWI687867 B TW I687867B TW 105137496 A TW105137496 A TW 105137496A TW 105137496 A TW105137496 A TW 105137496A TW I687867 B TWI687867 B TW I687867B
Authority
TW
Taiwan
Prior art keywords
application
trusted
target application
installing
file
Prior art date
Application number
TW105137496A
Other languages
Chinese (zh)
Other versions
TW201729089A (en
Inventor
李定洲
周鈺
Original Assignee
大陸商中國銀聯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 大陸商中國銀聯股份有限公司 filed Critical 大陸商中國銀聯股份有限公司
Publication of TW201729089A publication Critical patent/TW201729089A/en
Application granted granted Critical
Publication of TWI687867B publication Critical patent/TWI687867B/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Stored Programmes (AREA)

Abstract

本發明提出了用於可信執行環境的可信應用產生及安裝方法,所述方法包括:基於通用的物件導向語言編寫用於實現特定應用的應用程式碼;編譯所述應用程式碼以產生中間位元組碼,並將所述中間位元組碼傳送至可信應用管理伺服器;所述可信應用管理伺服器解析並重編譯所述中間位元組碼以產生並存儲由至少一個目標應用程式檔案組成的經壓縮的應用安裝包,以便供安全性資訊交互終端下載並安裝。本發明所公開的方法具有高的平臺適用性和擴展性。 The present invention provides a method for generating and installing a trusted application for a trusted execution environment. The method includes: writing application code for implementing a specific application based on a general object-oriented language; compiling the application code to generate an intermediate Byte code, and send the intermediate byte code to the trusted application management server; the trusted application management server parses and recompiles the intermediate byte code to generate and store the at least one target application A compressed application installation package consisting of program files for download and installation by the security information interactive terminal. The method disclosed by the invention has high platform applicability and scalability.

Description

用於可信執行環境的可信應用產生及安裝方法 Method for generating and installing trusted application for trusted execution environment

本發明涉及應用產生及安裝方法,更具體地,涉及用於可信執行環境的可信應用產生及安裝方法。 The present invention relates to an application generation and installation method, and more particularly, to a trusted application generation and installation method for a trusted execution environment.

目前,隨著電腦和網路應用的日益廣泛以及不同領域的業務種類的日益豐富,用於安全性資訊交互(即對安全性要求較高的資訊交互,例如金融領域中的交易處理過程)的設備(尤其是基於移動終端的安全性資訊交互設備)變得越來越重要。 At present, with the increasingly widespread use of computers and networks and the increasing variety of business types in different fields, it is used for security information interaction (that is, information interaction with high security requirements, such as transaction processing in the financial field). Devices (especially security information interaction devices based on mobile terminals) are becoming more and more important.

在現有的基於可信執行環境的技術方案中,安全性資訊交互設備(例如移動終端)通常採用從可信應用管理平臺上下載並安裝可信應用的方式完成特定的可信應用的安裝過程。 In existing technical solutions based on a trusted execution environment, security information interaction devices (such as mobile terminals) usually complete the installation process of a specific trusted application by downloading and installing the trusted application from the trusted application management platform.

然而,現有的技術方案存在如下問題:由於可信應用管理平臺上所存儲的可信應用一般是僅針對單一硬體平臺(例如ARM平臺或者Intel平臺)的特定格式編碼的應用程式,故難於適應多平臺的使用環境,從而導致低的平臺適用性和擴展性。 However, the existing technical solutions have the following problems: Since the trusted applications stored on the trusted application management platform are generally application programs encoded in a specific format for a single hardware platform (such as the ARM platform or the Intel platform), it is difficult to adapt Multi-platform use environment, resulting in low platform applicability and scalability.

因此,存在如下需求:提供具有高的平臺適用性和擴展性的用於可信執行環境的可信應用產生及安裝方法。 Therefore, there is a need to provide a trusted application generation and installation method for a trusted execution environment with high platform applicability and scalability.

為了解決上述現有技術方案所存在的問題,本發明提出了具有高的平臺適用性和擴展性的用於可信執行環境的可信應用產生及安裝方法。 In order to solve the problems in the above prior art solutions, the present invention proposes a method for generating and installing a trusted application for a trusted execution environment with high platform applicability and scalability.

本發明的目的是通過以下技術方案實現的:一種用於可信執行環境的可信應用產生及安裝方法,所述用於可信執行環境的可信應用產生及安裝方法包括下列步驟:(A1)基於通用的物件導向語言編寫用於實現特定應用的應用程式碼;(A2)編譯所述應用程式碼以產生中間位元組碼,並將所述中間位元組碼傳送至可信應用管理伺服器;(A3)所述可信應用管理伺服器解析並重編譯所述中間位元組碼以產生並存儲由至少一個目標應用程式檔案組成的經壓縮的應用安裝包,以便供安全性資訊交互終端下載並安裝。 The object of the present invention is achieved by the following technical solution: a method for generating and installing a trusted application for a trusted execution environment, the method for generating and installing a trusted application for a trusted execution environment includes the following steps: (A1 ) Write application code for implementing specific applications based on a general object-oriented language; (A2) compile the application code to generate intermediate byte codes, and send the intermediate byte codes to the trusted application management Server; (A3) The trusted application management server parses and recompiles the intermediate byte code to generate and store a compressed application installation package consisting of at least one target application file for security information interaction Terminal download and install.

在上面所公開的方案中,較佳地,所述至少一個目標應用程式檔案是至少兩個目標應用程式檔案,並且所述至少兩個目標應用程式檔案中的每個的格式分別對應於至少兩個不同格式的虛擬機器。 In the solution disclosed above, preferably, the at least one target application file is at least two target application files, and the format of each of the at least two target application files corresponds to at least two Virtual machines in different formats.

在上面所公開的方案中,較佳地,所述安全性資訊交互終端以如下方式下載並安裝目標應用程式檔案:(B1)在下載目標應用程式檔案之前,所述安全性資訊交互終端中的管理代理驅動模組預先從運行於所述安全性資訊交互終端上的安全操作平臺中獲取平臺類型支援列表,該平臺類型支援列表指示所述安全操作平臺的類型以及其所支援的目標應用程式檔案的格式;(B2)根據使用者指令從所述可信應用管理伺服器查詢並下載目標應用安裝包,並隨之解壓縮並解析所述目標應用安裝包以獲得至少一個目標應用程式檔案;(B3)根據所述平臺類型支援列表從所述至少一個目標應用程式檔案中確定一個所述安全操作平臺支援的目標應用程式檔案,並且刪除剩餘的目標應用程式檔案;(B4)安裝所確定的該安全操作平臺支援的目標應用程式檔案。 In the solution disclosed above, preferably, the security information interactive terminal downloads and installs the target application file in the following manner: (B1) Before downloading the target application file, the The management agent driver module obtains in advance the platform type support list from the security operation platform running on the security information interactive terminal, the platform type support list indicating the type of the security operation platform and the target application files it supports (B2) query and download the target application installation package from the trusted application management server according to user instructions, and then decompress and parse the target application installation package to obtain at least one target application file; B3) Determine a target application file supported by the secure operating platform from the at least one target application file according to the platform type support list, and delete the remaining target application file; (B4) Install the determined Target application files supported by the secure operating platform.

在上面所公開的方案中,較佳地,所述步驟(B3)進一步包括:如果確定所述至少一個目標應用程式檔案中沒有一個目標應用程式檔案是所述安全操作平臺支援的目標應用程式檔案,則繼續從所述可信應用管理伺服器查詢相應的目標應用安裝包,並且如果仍然查詢不到相應的目標應用安裝包,則報錯。 In the solution disclosed above, preferably, the step (B3) further includes: if it is determined that none of the at least one target application file is a target application file supported by the secure operating platform , Continue to query the corresponding target application installation package from the trusted application management server, and if the corresponding target application installation package is still not queried, an error is reported.

在上面所公開的方案中,可選地,所述可信應用管理伺服器據使用者指令從查詢相應的目標應用安裝 包,並隨之解壓縮並解析所述目標應用安裝包以獲得至少一個目標應用程式檔案,以及隨之根據所述平臺類型支援列表從所述至少一個目標應用程式檔案中確定一個所述安全操作平臺支援的目標應用程式檔案,並通知所述安全性資訊交互終端中的管理代理驅動模組下載並安裝所確定的該安全操作平臺支援的目標應用程式檔案。 In the solution disclosed above, optionally, the trusted application management server queries the corresponding target application installation from the user's instruction Package, and then decompress and parse the target application installation package to obtain at least one target application file, and then determine one of the security operations from the at least one target application file according to the platform type support list The target application file supported by the platform, and notifying the management agent driver module in the security information interaction terminal to download and install the determined target application file supported by the secure operating platform.

在上面所公開的方案中,較佳地,所述步驟(A3)進一步包括:所述可信應用管理伺服器對所述應用安裝包進行數位簽章以用於所述安全性資訊交互終端對其進行安全驗證。 In the solution disclosed above, preferably, the step (A3) further includes: the trusted application management server digitally signing the application installation package for the security information interaction terminal pair It performs security verification.

在上面所公開的方案中,較佳地,所述中間位元組碼包含至少由如下項組成的部件:標頭檔、常量池、類、域、方法、屬性。 In the solution disclosed above, preferably, the intermediate byte code includes a component consisting of at least the following items: header file, constant pool, class, field, method, attribute.

在上面所公開的方案中,較佳地,所述解析並重編譯所述中間位元組碼包括:解析所述中間位元組碼的各個部件,並對解析出的各個部件按預定規則進行重新排序以及對各個部件的參數重新定義,其中,所述預定規則與所述不同格式的虛擬機器相適配。 In the solution disclosed above, preferably, the parsing and recompilation of the intermediate byte code includes: parsing each component of the intermediate byte code, and re-analyzing each component resolved according to a predetermined rule Sorting and redefining the parameters of various components, wherein the predetermined rules are adapted to the virtual machines of different formats.

本發明所公開的用於可信執行環境的可信應用產生及安裝方法具有下列優點:由於能夠將中間位元組碼轉換成多個目標應用程式檔案,故顯著地提高了目標應用程式的平臺適用性和擴展性。 The method for generating and installing a trusted application for a trusted execution environment disclosed in the present invention has the following advantages: Since the intermediate byte code can be converted into multiple target application program files, the platform of the target application program is significantly improved Applicability and scalability.

A1‧‧‧方法步驟 A1‧‧‧Method steps

A2‧‧‧方法步驟 A2‧‧‧Method steps

A3‧‧‧方法步驟 A3‧‧‧Method steps

結合附圖,本發明的技術特徵以及優點將會被本領域技術人員更好地理解,其中:圖1是根據本發明的實施例的用於可信執行環境的可信應用產生及安裝方法的流程圖。 With reference to the drawings, the technical features and advantages of the present invention will be better understood by those skilled in the art, where: FIG. 1 is a method for generating and installing a trusted application for a trusted execution environment according to an embodiment of the present invention flow chart.

圖1是根據本發明的實施例的用於可信執行環境的可信應用產生及安裝方法的流程圖。如圖1所示,本發明所公開的用於可信執行環境的可信應用產生及安裝方法包括下列步驟:(A1)基於通用的物件導向語言(例如類java語言)編寫用於實現特定應用的應用程式碼;(A2)編譯所述應用程式碼以產生中間位元組碼,並將所述中間位元組碼傳送至可信應用管理伺服器;(A3)所述可信應用管理伺服器解析並重編譯所述中間位元組碼以產生並存儲由至少一個目標應用程式檔案組成的經壓縮的應用安裝包,以便供安全性資訊交互終端(例如智慧手機)下載並安裝。 FIG. 1 is a flowchart of a method for generating and installing a trusted application for a trusted execution environment according to an embodiment of the present invention. As shown in FIG. 1, the method for generating and installing a trusted application for a trusted execution environment disclosed in the present invention includes the following steps: (A1) written based on a general object-oriented language (such as java-like language) for implementing a specific application Application code; (A2) compile the application code to generate intermediate byte code and send the intermediate byte code to the trusted application management server; (A3) the trusted application management server The browser parses and recompiles the intermediate byte code to generate and store a compressed application installation package composed of at least one target application file for download and installation by a security information interactive terminal (such as a smart phone).

較佳地,在本發明所公開的用於可信執行環境的可信應用產生及安裝方法中,所述至少一個目標應用程式檔案是至少兩個目標應用程式檔案,並且所述至少兩個目標應用程式檔案中的每個的格式分別對應於至少兩個不同格式的虛擬機器(例如用於Android作業系統的java虛擬機器、NEF虛擬機器、Dalvik虛擬機器、JEFF虛擬機器等等)。 Preferably, in the method for generating and installing a trusted application for a trusted execution environment disclosed in the present invention, the at least one target application file is at least two target application files, and the at least two targets The format of each of the application files corresponds to at least two virtual machines in different formats (for example, java virtual machine, NEF virtual machine, Dalvik virtual machine, JEFF virtual machine for Android operating system, etc.).

較佳地,在本發明所公開的用於可信執行環境的可信應用產生及安裝方法中,所述安全性資訊交互終端以如下方式下載並安裝目標應用程式檔案:(B1)在下載目標應用程式檔案之前,所述安全性資訊交互終端中的管理代理驅動模組預先從運行於所述安全性資訊交互終端上的安全操作平臺(例如TEE作業系統)中獲取平臺類型支援列表,該平臺類型支援列表指示所述安全操作平臺的類型以及其所支援的目標應用程式檔案的格式;(B2)根據使用者指令從所述可信應用管理伺服器查詢並下載目標應用安裝包,並隨之解壓縮並解析所述目標應用安裝包以獲得至少一個目標應用程式檔案;(B3)根據所述平臺類型支援列表從所述至少一個目標應用程式檔案中確定一個所述安全操作平臺支援的目標應用程式檔案,並且刪除剩餘的目標應用程式檔案;(B4)安裝所確定的該安全操作平臺支援的目標應用程式檔案。 Preferably, in the method for generating and installing a trusted application for a trusted execution environment disclosed in the present invention, the security information interactive terminal downloads and installs the target application program file in the following manner: (B1) Before the application file, the management agent driver module in the security information interactive terminal obtains the platform type support list from the security operating platform (such as TEE operating system) running on the security information interactive terminal in advance. The type support list indicates the type of the secure operating platform and the format of the target application file it supports; (B2) query and download the target application installation package from the trusted application management server according to user instructions, and follow Extract and parse the target application installation package to obtain at least one target application file; (B3) determine a target application supported by the secure operating platform from the at least one target application file according to the platform type support list Program files, and delete the remaining target application files; (B4) Install the determined target application files supported by the secure operating platform.

較佳地,在本發明所公開的用於可信執行環境的可信應用產生及安裝方法中,所述步驟(B3)進一步包括:如果確定所述至少一個目標應用程式檔案中沒有一個目標應用程式檔案是所述安全操作平臺支援的目標應用程式檔案,則繼續從所述可信應用管理伺服器查詢相應的目標應用安裝包,並且如果仍然查詢不到相應的目標應用安裝包,則報錯。 Preferably, in the method for generating and installing a trusted application for a trusted execution environment disclosed in the present invention, the step (B3) further includes: if it is determined that there is no target application in the at least one target application file The program file is a target application program file supported by the secure operating platform, and then the corresponding target application installation package is continuously queried from the trusted application management server, and if the corresponding target application installation package is still not queried, an error is reported.

可選地,在本發明所公開的用於可信執行環境的可信應用產生及安裝方法中,所述可信應用管理伺服 器據使用者指令從查詢相應的目標應用安裝包,並隨之解壓縮並解析所述目標應用安裝包以獲得至少一個目標應用程式檔案,以及隨之根據所述平臺類型支援列表從所述至少一個目標應用程式檔案中確定一個所述安全操作平臺支援的目標應用程式檔案,並通知所述安全性資訊交互終端中的管理代理驅動模組下載並安裝所確定的該安全操作平臺支援的目標應用程式檔案。 Optionally, in the method for generating and installing a trusted application for a trusted execution environment disclosed in the present invention, the trusted application manages the servo According to user instructions, the device queries the corresponding target application installation package, and then decompresses and parses the target application installation package to obtain at least one target application file, and then according to the platform type support list from the at least A target application file determines a target application file supported by the secure operating platform, and notifies the management agent driver module in the security information interaction terminal to download and install the determined target application supported by the secure operating platform Program file.

較佳地,在本發明所公開的用於可信執行環境的可信應用產生及安裝方法中,所述步驟(A3)進一步包括:所述可信應用管理伺服器對所述應用安裝包進行數位簽章以用於所述安全性資訊交互終端對其進行安全驗證。 Preferably, in the method for generating and installing a trusted application for a trusted execution environment disclosed in the present invention, the step (A3) further includes: the trusted application management server performs the application installation package The digital signature is used for the security information interactive terminal to perform security verification on it.

較佳地,在本發明所公開的用於可信執行環境的可信應用產生及安裝方法中,所述中間位元組碼包含至少由如下項組成的部件:標頭檔、常量池、類、域、方法、屬性。 Preferably, in the method for generating and installing a trusted application for a trusted execution environment disclosed in the present invention, the intermediate byte code includes components composed of at least the following items: header file, constant pool, class , Domain, method, attribute.

較佳地,在本發明所公開的用於可信執行環境的可信應用產生及安裝方法中,所述解析並重編譯所述中間位元組碼包括:解析所述中間位元組碼的各個部件,並對解析出的各個部件按預定規則進行重新排序以及對各個部件的參數重新定義,其中,所述預定規則與所述不同格式的虛擬機器相適配。 Preferably, in the method for generating and installing a trusted application for a trusted execution environment disclosed in the present invention, the parsing and recompiling the intermediate byte code includes: parsing each of the intermediate byte code Components, and reorder each parsed component according to a predetermined rule and redefine the parameters of each component, wherein the predetermined rule is adapted to the virtual machine in a different format.

由上可見,本發明所公開的用於可信執行環境的可信應用產生及安裝方法具有下列優點:由於能夠將 中間位元組碼轉換成多個目標應用程式檔案,故顯著地提高了目標應用程式的平臺適用性和擴展性。 It can be seen from the above that the method for generating and installing a trusted application for a trusted execution environment disclosed by the present invention has the following advantages: The mid-byte code is converted into multiple target application files, so the platform applicability and scalability of the target application are significantly improved.

儘管本發明是通過上述的較佳實施方式進行描述的,但是其實現形式並不局限於上述的實施方式。應該認識到:在不脫離本發明主旨和範圍的情況下,本領域技術人員可以對本發明做出不同的變化和修改。 Although the present invention is described by the above-mentioned preferred embodiments, the implementation form is not limited to the above-mentioned embodiments. It should be recognized that those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention.

Claims (8)

一種用於可信執行環境的可信應用生成及安裝方法,所述用於可信執行環境的可信應用生成及安裝方法包括下列步驟:(A1)基於通用的物件導向語言編寫用於實現特定應用的應用程式碼;(A2)編譯所述應用程式碼以生成中間位元組碼,並將所述中間位元組碼傳送至可信應用管理伺服器;(A3)所述可信應用管理伺服器解析並重編譯所述中間位元組碼以生成並存儲由至少一個目標應用程式檔案組成的經壓縮的應用安裝包,以便供安全性資訊交互終端下載並安裝。 A method for generating and installing a trusted application for a trusted execution environment. The method for generating and installing a trusted application for a trusted execution environment includes the following steps: (A1) written based on a general object-oriented language for implementing specific Application code of the application; (A2) Compile the application code to generate intermediate byte code, and send the intermediate byte code to the trusted application management server; (A3) The trusted application management The server parses and recompiles the intermediate byte code to generate and store a compressed application installation package composed of at least one target application file, so as to be downloaded and installed by the security information interactive terminal. 如申請專利範圍第1項所述的用於可信執行環境的可信應用生成及安裝方法,其中,所述至少一個目標應用程式檔案是至少兩個目標應用程式檔案,並且所述至少兩個目標應用程式檔案中的每個的格式分別對應於至少兩個不同格式的虛擬機器。 The method for generating and installing a trusted application for a trusted execution environment as described in item 1 of the patent scope, wherein the at least one target application file is at least two target application files, and the at least two The format of each of the target application files corresponds to at least two virtual machines in different formats. 如申請專利範圍第2項所述的用於可信執行環境的可信應用生成及安裝方法,其中,所述安全性資訊交互終端以如下方式下載並安裝目標應用程式檔案:(B1)在下載目標應用程式檔案之前,所述安全性資訊交互終端中的管理代理驅動模組預先從運行於所述安全性資訊交互終端上的安全操作平臺中獲取平臺類型支援列表,該平臺類型支援列表指示所述安全操作平臺的類型以 及其所支援的目標應用程式檔案的格式;(B2)根據使用者指令從所述可信應用管理伺服器查詢並下載目標應用安裝包,並隨之解壓縮並解析所述目標應用安裝包以獲得至少一個目標應用程式檔案;(B3)根據所述平臺類型支援列表從所述至少一個目標應用程式檔案中確定一個所述安全操作平臺支援的目標應用程式檔案,並且刪除剩餘的目標應用程式檔案;(B4)安裝所確定的該安全操作平臺支援的目標應用程式檔案。 The method for generating and installing a trusted application for a trusted execution environment as described in item 2 of the patent scope, wherein the security information interactive terminal downloads and installs the target application program file in the following manner: (B1) Before the target application file, the management agent driver module in the security information interactive terminal obtains in advance the platform type support list from the security operation platform running on the security information interactive terminal, and the platform type support list indicates the Describe the type of safe operating platform And the format of the target application file it supports; (B2) query and download the target application installation package from the trusted application management server according to user instructions, and then decompress and parse the target application installation package to Obtain at least one target application file; (B3) Determine a target application file supported by the secure operating platform from the at least one target application file according to the platform type support list, and delete the remaining target application file ; (B4) Install the determined target application file supported by the secure operating platform. 如申請專利範圍第3項所述的用於可信執行環境的可信應用生成及安裝方法,其中,所述步驟(B3)進一步包括:如果確定所述至少一個目標應用程式檔案中沒有一個目標應用程式檔案是所述安全操作平臺支援的目標應用程式檔案,則繼續從所述可信應用管理伺服器查詢相應的目標應用安裝包,並且如果仍然查詢不到相應的目標應用安裝包,則報錯。 The method for generating and installing a trusted application for a trusted execution environment as described in item 3 of the patent scope, wherein the step (B3) further includes: if it is determined that there is no target in the at least one target application file If the application file is the target application file supported by the secure operating platform, continue to query the corresponding target application installation package from the trusted application management server, and if the corresponding target application installation package is still not queried, an error will be reported . 如申請專利範圍第2項所述的用於可信執行環境的可信應用生成及安裝方法,其中,所述可信應用管理伺服器據使用者指令從查詢相應的目標應用安裝包,並隨之解壓縮並解析所述目標應用安裝包以獲得至少一個目標應用程式檔案,以及隨之根據所述平臺類型支援列表從所述至少一個目標應用程式檔案中確定一個所述安全操作平臺支援的目標應用程式檔案,並通知所述安全性資訊交互終端中的管理代理驅動模組下載並安裝所確定的該安全操作 平臺支援的目標應用程式檔案。 The method for generating and installing a trusted application for a trusted execution environment as described in item 2 of the patent application scope, wherein the trusted application management server queries the corresponding target application installation package from the user's instruction Extract and parse the target application installation package to obtain at least one target application file, and then determine a target supported by the secure operating platform from the at least one target application file according to the platform type support list Application file, and notify the management agent driver module in the security information interaction terminal to download and install the determined security operation Target application files supported by the platform. 如申請專利範圍第4項所述的用於可信執行環境的可信應用生成及安裝方法,其中,所述步驟(A3)進一步包括:所述可信應用管理伺服器對所述應用安裝包進行數位簽章以用於所述安全性資訊交互終端對其進行安全驗證。 The method for generating and installing a trusted application for a trusted execution environment as described in item 4 of the patent application scope, wherein the step (A3) further includes: the trusted application management server installing a package to the application A digital signature is used for the security information interactive terminal to perform security verification on it. 如申請專利範圍第6項所述的用於可信執行環境的可信應用生成及安裝方法,其中,所述中間位元組碼包含至少由如下項組成的部件:標頭檔、常量池、類、域、方法、屬性。 The method for generating and installing a trusted application for a trusted execution environment as described in item 6 of the patent scope, wherein the intermediate byte code includes components consisting of at least the following items: header file, constant pool, Class, domain, method, attribute. 如申請專利範圍第7項所述的用於可信執行環境的可信應用生成及安裝方法,其中,所述解析並重編譯所述中間位元組碼包括:解析所述中間位元組碼的各個部件,並對解析出的各個部件按預定規則進行重新排序以及對各個部件的參數重新定義,其中,所述預定規則與所述不同格式的虛擬機器相適配。 The method for generating and installing a trusted application for a trusted execution environment as described in item 7 of the patent scope, wherein the parsing and recompiling the intermediate byte code includes: parsing the intermediate byte code Each component, and reorders the parsed components according to a predetermined rule and redefines the parameters of each component, wherein the predetermined rule is adapted to the virtual machine in a different format.
TW105137496A 2015-11-18 2016-11-16 Method for generating and installing trusted application for trusted execution environment TWI687867B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510793197.3A CN105590051B (en) 2015-11-18 2015-11-18 Trusted application for credible performing environment generates and installation method
CN201510793197.3 2015-11-18

Publications (2)

Publication Number Publication Date
TW201729089A TW201729089A (en) 2017-08-16
TWI687867B true TWI687867B (en) 2020-03-11

Family

ID=55929626

Family Applications (1)

Application Number Title Priority Date Filing Date
TW105137496A TWI687867B (en) 2015-11-18 2016-11-16 Method for generating and installing trusted application for trusted execution environment

Country Status (3)

Country Link
CN (1) CN105590051B (en)
TW (1) TWI687867B (en)
WO (1) WO2017084555A1 (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105590051B (en) * 2015-11-18 2018-10-23 中国银联股份有限公司 Trusted application for credible performing environment generates and installation method
CN107995230B (en) * 2016-10-26 2019-10-18 中国移动通信有限公司研究院 A kind of method for down loading and terminal
CN108282466B (en) * 2017-12-29 2021-02-02 北京握奇智能科技有限公司 Method, system for providing digital certificate functionality in a TEE
CN108563953B (en) * 2018-03-26 2021-12-21 南京微可信信息技术有限公司 Safe and extensible trusted application development method
CN109308406B (en) * 2018-07-09 2021-10-22 中国银联股份有限公司 User terminal and trusted application management system
CN110442422B (en) * 2019-07-03 2023-01-31 创新先进技术有限公司 Active response type trusted Python virtual machine and execution method thereof
US20210132925A1 (en) * 2019-10-30 2021-05-06 Red Hat, Inc. Software provisioning agent residing in trusted execution environment
US11263310B2 (en) 2019-11-26 2022-03-01 Red Hat, Inc. Using a trusted execution environment for a proof-of-work key wrapping scheme that verifies remote device capabilities
CN115136127A (en) * 2020-03-19 2022-09-30 深圳市欢太科技有限公司 Distributed compiling and caching method and system
CN112559293B (en) * 2020-12-22 2023-03-07 上海哔哩哔哩科技有限公司 Application package monitoring method and device
CN112596751B (en) * 2020-12-29 2024-05-17 Oppo广东移动通信有限公司 Compiling method, terminal, server and storage medium of application program installation package
CN113010187B (en) * 2021-02-07 2024-04-05 上海硬通网络科技有限公司 Application installation method and device and electronic equipment
CN116032510A (en) * 2021-10-27 2023-04-28 北京字节跳动网络技术有限公司 Data security protection system
CN114036524A (en) * 2021-10-29 2022-02-11 中国银联股份有限公司 Electronic equipment
CN114051061A (en) * 2021-11-09 2022-02-15 武汉虹旭信息技术有限责任公司 Internet application protocol analysis method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030005425A1 (en) * 2001-06-27 2003-01-02 Zee Dae Hoon Java compile-on-demand service system for accelerating processing speed of java program in data processing system and method thereof
CN101645018A (en) * 2009-09-03 2010-02-10 深圳市茁壮网络股份有限公司 Method and system for processing byte codes in multiple versions and virtual machine
CN102236757A (en) * 2011-06-30 2011-11-09 北京邮电大学 Software protection method and system applicable to Android system
CN102289378A (en) * 2011-09-30 2011-12-21 互动在线(北京)科技有限公司 Method for automatically generating APP (Application)
CN103701930A (en) * 2014-01-07 2014-04-02 浙江大学 Mobile application program real-time updating method and system
US20140108600A1 (en) * 2010-12-06 2014-04-17 Flexycore Application distribution supplying a dedicated application to a terminal from an application deposited by the developer

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2122526B1 (en) * 2007-02-13 2017-06-21 Cyber-Ark Software Ltd. Methods and systems for solving problems with hard-coded credentials
CN102799444B (en) * 2011-05-27 2016-06-08 华为软件技术有限公司 The method of cross-platform packing program and device
CN102289374B (en) * 2011-08-31 2017-06-30 南京中兴新软件有限责任公司 A kind of method and device for building multi-platform software running environment
CN104346146B (en) * 2013-07-29 2016-05-04 腾讯科技(深圳)有限公司 A kind of method of cross-platform transformation applications code and device
CN103744652B (en) * 2013-12-19 2017-02-08 深圳市蓝凌软件股份有限公司 Hybrid APP development method and device across mobile terminals
CN104484585A (en) * 2014-11-26 2015-04-01 北京奇虎科技有限公司 Application program installation package processing method and device, and mobile apparatus
CN105590051B (en) * 2015-11-18 2018-10-23 中国银联股份有限公司 Trusted application for credible performing environment generates and installation method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030005425A1 (en) * 2001-06-27 2003-01-02 Zee Dae Hoon Java compile-on-demand service system for accelerating processing speed of java program in data processing system and method thereof
CN101645018A (en) * 2009-09-03 2010-02-10 深圳市茁壮网络股份有限公司 Method and system for processing byte codes in multiple versions and virtual machine
US20140108600A1 (en) * 2010-12-06 2014-04-17 Flexycore Application distribution supplying a dedicated application to a terminal from an application deposited by the developer
CN102236757A (en) * 2011-06-30 2011-11-09 北京邮电大学 Software protection method and system applicable to Android system
CN102289378A (en) * 2011-09-30 2011-12-21 互动在线(北京)科技有限公司 Method for automatically generating APP (Application)
CN103701930A (en) * 2014-01-07 2014-04-02 浙江大学 Mobile application program real-time updating method and system

Also Published As

Publication number Publication date
CN105590051B (en) 2018-10-23
WO2017084555A1 (en) 2017-05-26
CN105590051A (en) 2016-05-18
TW201729089A (en) 2017-08-16

Similar Documents

Publication Publication Date Title
TWI687867B (en) Method for generating and installing trusted application for trusted execution environment
KR102281052B1 (en) Mobile terminal application update method and apparatus
CN102663285B (en) Extracting method and extracting device for APK (android package) virus characteristic code
CN105786538B (en) software upgrading method and device based on android system
CN108182365B (en) CPE-based vulnerability detection method, device and computer-readable storage medium
CN107506256B (en) Method and device for monitoring crash data
CN109800005B (en) Client hot update method and device
US20150143348A1 (en) Hybrid dynamic code compiling device, method, and service system thereof
CN106815049B (en) Method and device for upgrading feature library
CN103177199A (en) Webpage application code protective method and system, and executive speed-up method and system
CN106657361B (en) A kind of Android installation kit OTA upgrade method that code addition is obscured
CN107835228B (en) Instruction processing method and device based on dynamic generalized routing
CN111179086A (en) Intelligent contract virtual machine based on WebAssembly
CN108089870B (en) Method and apparatus for repairing applications
CN105068851A (en) Secure packaging method and system for mobile terminal ROM packets and mobile terminal
WO2021175053A1 (en) Method and apparatus for executing functional module in virtual machine
WO2022078366A1 (en) Application protection method and apparatus, device and medium
CN106709281B (en) Patch granting and acquisition methods, device
CN102156650B (en) Method and device capable of implementing automatic analysis of patch
CN111176685A (en) Upgrading method and device
CN105706060A (en) Header section download of package
CN111273920A (en) Method and device for writing data into installation package and storage medium
CN112698842A (en) Method and device for acquiring additional information of application program
CN111090442A (en) Application updating method and device and storage medium
CN113553068B (en) Method and device for downloading application package and electronic equipment