CN104077533B - A kind of method and apparatus for operating sensitive data - Google Patents
A kind of method and apparatus for operating sensitive data Download PDFInfo
- Publication number
- CN104077533B CN104077533B CN201410342484.8A CN201410342484A CN104077533B CN 104077533 B CN104077533 B CN 104077533B CN 201410342484 A CN201410342484 A CN 201410342484A CN 104077533 B CN104077533 B CN 104077533B
- Authority
- CN
- China
- Prior art keywords
- sensitive data
- middleware
- credible
- under
- application program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
Abstract
The invention discloses a kind of method and apparatus of sensitive data operation.This method includes:Run in response to application program under open operation system, call the universal middleware under open operation system, and control the operation of universal middleware execution application triggers;Sensitive data operation is triggered under open operation system in response to application program, application program is switched under trusted operating system from open operation system and run, and credible middleware under trusted operating system is called, control credible middleware to perform sensitive data operation;In the implementation procedure that the sensitive data is operated, control credible middleware to read sensitive data from safety element and use, and/or, control credible middleware to write sensitive data into safety element.By embodiment of the present invention, can not only ensure safety of the sensitive data in the middleware-operation stage, it is also possible that middleware to the access speed of sensitive data faster, improve treatment effeciency of the middleware to sensitive data.
Description
Technical field
The present invention relates to data processing technique, more particularly to a kind of method and apparatus for operating sensitive data.
Background technology
At present, many application programs can all be related to the processing of sensitive data.For example, Net silver client is in the process of running
Need to handle the sensitive datas such as key, PIN code.In order to ensure the security of sensitive data, existing Net silver client,
A kind of external safety element (such as Net silver shield, U-shield) that can be connected with user terminal is employed, is as the key of sensitive data
It is stored in external safety element, when Net silver client is needing to use key to be operated, it is necessary to be gone by middleware
Key is taken out from external safety element, the operation using key is then completed by middleware.Wherein, safety element
There is encryption/decryption logic circuit in (Secure Element, abbreviation SE), outside malice parsing attack, protection can be prevented
The safety of its data stored.
For existing sensitive data mode of operation, although sensitive data, which is stored in SE, can ensure sensitive data
Do not parsed in storage by outside malice, but because the middleware for being operated to sensitive data is transported under open platform
It is capable, so, taken out from SE during middleware is operated to sensitive data after sensitive data, sensitive data reality
It is to be under open platform on border, so allowing for malicious user by the attack under open platform can crack mode and big
It is big to add the chance for obtaining sensitive data, so as to be difficult to ensure that the safety of sensitive data.
The content of the invention
The technical problems to be solved by the invention are to provide a kind of method and apparatus for operating sensitive data, to solve to press
Cause according to being exposed in the prior art in sensitive data during middleware is operated to sensitive data under open platform
It is difficult to ensure that the problem of sensitive data is safe.
In order to solve the above technical problems, the invention provides a kind of method for operating sensitive data, this method includes:
A kind of method of sensitive data operation, including:
Run in response to application program under open operation system, call the general centre under the open operation system
Part, and control the operation of the universal middleware execution application triggers;
Sensitive data operation is triggered under the open operation system in response to the application program, by the application program
It is switched under trusted operating system and runs from the open operation system, and calls the credible middleware under trusted operating system,
The credible middleware is controlled to perform the sensitive data operation;
In the implementation procedure that the sensitive data is operated, the credible middleware is controlled to read sensitivity from safety element
Data, and/or, control the credible middleware to write sensitive data into the safety element.
There is sensitive data operation agent interface, the sensitive data operation agent interface is used in the universal middleware
The application program is responded, sensitive data operation is triggered under the open operation system;
It is described to trigger sensitive data operation under the open operation system in response to the application program, by the application
Program is switched under trusted operating system from the open operation system and run, including:
In running of the application program under the open operation system, the fortune of the universal middleware is monitored
OK;
The sensitive data operation agent interface is run in response to the universal middleware, safety monitor is called, and control
Make the safety monitor and the running environment of the application program is switched to trusted operating system from the open operation system.
After the credible middleware called under trusted operating system, in addition to:
Control to set up escape way between the credible middleware and the safety element, so as to the credible middleware with
The interaction of sensitive data is carried out between the safety element by the escape way.
Methods described also includes:
In the implementation procedure that the sensitive data is operated, control the credible middleware that output information is encrypted,
And the output information after encryption is stored in open memory;Wherein, the open memory is used to store the open behaviour
Make the information produced under system and under the trusted operating system.
The open operation system and the trusted operating system are configured in credible performing environment TEE chips, the peace
Full element is SE chips.
A kind of equipment of sensitive data operation, including:
First calling module, for being run in response to application program under open operation system, calls the open operation
Universal middleware under system;
First control module, for controlling the universal middleware to perform the operation of the application triggers;
Handover module, for sensitive data operation to be triggered under the open operation system in response to the application program,
The application program is switched under trusted operating system from the open operation system and run;
Second calling module, for calling the credible middleware under trusted operating system;
Second control module, for controlling the credible middleware to perform the sensitive data operation;
Module for reading and writing, in the implementation procedure that the sensitive data is operated, controlling the credible middleware from safety
Sensitive data is read in element to use, and/or, control the credible middleware to write sensitive data into the safety element.
There is sensitive data operation agent interface, the sensitive data operation agent interface is used in the universal middleware
Respond the application program and sensitive data operation is triggered under the open operation system;
The handover module includes:
Submodule is monitored, in running of the application program under the open operation system, monitoring institute
State the operation of universal middleware;
Submodule is called, for running the sensitive data operation agent interface in response to the universal middleware, is called
Safety monitor;
Control submodule, for controlling the safety monitor to grasp the running environment of the application program from the opening
Trusted operating system is switched to as system.
The equipment also includes:
3rd control module, for calling the credible middleware under trusted operating system after, in response to control is described can
Escape way is set up between letter middleware and the safety element, to lead between the credible middleware and the safety element
Cross the interaction that the escape way carries out sensitive data.
The equipment also includes:
4th control module, in the implementation procedure that the sensitive data is operated, controlling the credible middleware pair
Output information is encrypted;
Storage module, for the output information after encryption to be stored in open memory;Wherein, the open memory
For storing the information produced under the open operation system and under the trusted operating system.
The open operation system and the trusted operating system are configured in credible performing environment TEE chips, the peace
Full element is SE chips.
Compared with prior art, the present invention has advantages below:
The technical scheme provided according to embodiments of the present invention, can be with when application program is run under open operation system
The universal middleware under open operation system is called, and controls universal middleware to perform the operation of application triggers, and works as and answers
Sensitive data operation is triggered under the open operation system with program, application program can be switched to from open operation system
Run under trusted operating system, and call the credible middleware under trusted operating system, control credible middleware to perform the sensitivity
Data manipulation, in the implementation procedure that sensitive data is operated, can control credible middleware to read sensitive number from safety element
According to using, and/or, control credible middleware to write sensitive data into safety element.Therefore, because application program is triggering quick
It is switched under trusted operating system and runs during sense data manipulation, and sensitive data operation is specifically to call trusted operating system
Under credible middleware perform, so, after sensitive data is taken out from SE middleware is operated to sensitive data
During, sensitive data can be caused to be under credible platform, so as to avoid malicious user from passing through the attack under open platform
The mode of cracking goes to obtain sensitive data, it is ensured that safety of the sensitive data in the middleware-operation stage.In addition, taking out quick from SE
During middleware is operated to sensitive data after sense data, because sensitive data is actually in security context storage
And operation, therefore sensitive data can be made in safety zone with plaintext version storage without re-encrypting storage, so that
Credible middleware faster, improves the processing speed of sensitive data operation to the access speed of sensitive data.
Brief description of the drawings
, below will be to embodiment or existing in order to illustrate more clearly of the embodiment of the present application or technical scheme of the prior art
There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments described in application, for those of ordinary skill in the art, on the premise of not paying creative work,
Other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is the block schematic illustration of an exemplary application scene in embodiment of the present invention;
The flow chart for the embodiment of the method 1 that Fig. 2 operates for sensitive data in the present invention;
Fig. 3 is the schematic diagram of the embodiment of system architecture one in the embodiment of the present invention;
The flow chart for the embodiment of the method 2 that Fig. 4 operates for sensitive data in the present invention;
The structure chart for the apparatus embodiments 1 that Fig. 5 operates for sensitive data in the present invention;
Fig. 6 is the structure chart of the embodiment of handover module 503 1 in the embodiment of the present invention;
The structure chart for the apparatus embodiments 2 that Fig. 7 operates for sensitive data in the present invention;
The structure chart for the apparatus embodiments 3 that Fig. 8 operates for sensitive data in the present invention
Embodiment
In order that those skilled in the art more fully understand application scheme, below in conjunction with the embodiment of the present application
Accompanying drawing, the technical scheme in the embodiment of the present application is clearly and completely described, it is clear that described embodiment is only this
Apply for a part of embodiment, rather than whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art exist
The every other embodiment obtained under the premise of creative work is not made, the scope of the application protection is belonged to.
Inventor has found that for the application program for being related to sensitive data, it is in order to ensure sensitive data
Safety, be typically sensitive data is stored in external safety element, need to call centre when needing to use sensitive data
Part is operated to sensitive data.And be all to provide an open operation system for all application programs in existing equipment
System, all application programs are run all under open operation system, and the operation of all application triggers is also all to call open behaviour
Make the middleware under system to perform, therefore, for the application program for being related to sensitive data, call middleware to sensitive number
During according to being operated, sensitive data is practically under open platform, so allows for malicious user easily by open platform
Sensitive data is obtained, so as to be difficult to ensure that the safety of sensitive data.In addition, although middleware can be by adding under open platform
The modes such as close, shell adding, but encryption technology, encryption technology algorithm be the operating mechanism based on open platform and be it is disclosed,
This is not only still difficult to avoid that attack of the malicious user under open platform is cracked, so that in middleware to sensitive data
Need to access encrypted sensitive data and cause the inefficiency of sensitive data operation during operation.
Based on the studies above, basic thought of the invention is:Open operation system is provided in same equipment and credible
Operating system, wherein, trusted operating system adapter device hardware can form credible performing environment (Trusted Excutive
Enviroment, abbreviation TEE);For the application program for being related to sensitive data, when application program is under exploitation operating system
It is switched under trusted operating system and runs during triggering sensitive data operation, and calls the credible middleware under trusted operating system
To perform sensitive data operation, in the implementation procedure that sensitive data is operated, credible middleware is controlled to be read from safety element
Sensitive data is used, and/or, control credible middleware to write sensitive data into safety element.Therefore, taking out quick from SE
During middleware is operated to sensitive data after sense data, sensitive data can be caused to be in trusted context, from
And avoid malicious user from cracking mode by the attack under open platform and go to obtain sensitive data, it is ensured that sensitive data is in middleware
The safety of operational phase.In addition, during middleware operates to sensitive data after sensitive data is taken out from SE,
Because sensitive data is actually to be stored in safety zone, thus can make sensitive data region with plaintext version store and nothing
Storage need to be re-encrypted so that credible middleware to the access speed of sensitive data faster, improve the place of sensitive data operation
Manage speed.
Based on above-mentioned basic thought, an Application Scenarios-Example of embodiment of the present invention may apply to as shown in Figure 1
System in.Wherein, the system can include under trusted operating system 101, open operation system 102, trusted operating system 101
Credible middleware 103, universal middleware 104 and safety element 105 under open operation system 102.
Based in the Application Scenarios-Example framework shown in Fig. 1, application program, can in the 102 times operations of open operation system
To call the universal middleware 104 under open operation system 102, and universal middleware 104 is controlled to perform application triggers
Operation, and when application program is operated in 102 time triggering sensitive datas of the open operation system, can be by application program from opening
Operating system 102 is switched to 101 times operations of trusted operating system, and calls the credible middleware under trusted operating system 101
103, control credible middleware 103 to perform sensitive data operation, in the implementation procedure that sensitive data is operated, can control can
Letter middleware 103 reads sensitive data from safety element 105, and/or, control the credible write-in of middleware 103 sensitive data to arrive
In safety element 105.
Understand spirit and principles of the present invention it should be noted that above-mentioned example application scenarios are for only for ease of and show
Go out, embodiments of the present invention are unrestricted in this regard.On the contrary, embodiments of the present invention can apply to it is applicable
Any scene.
After the main thought of the present invention is described, below in conjunction with the accompanying drawings, the various unrestricted of the present invention is described in detail
Property embodiment.
Referring to Fig. 2, the flow chart of the embodiment of the method 1 that sensitive data is operated in the present invention is shown.In the present embodiment,
For example specifically it may include steps of:
S201, run in response to application program, call general under the open operation system under open operation system
Middleware, and control the universal middleware to perform the application triggers operation.
Two kinds of operation systems of open operation system and trusted operating system can be provided with when implementing, in same equipment
System.For the application program for being related to sensitive data, when application triggers are not related to the nonsensitive data behaviour of sensitive data
When making, application program is run under open operation system, nonsensitive data operation is by the general centre under open operation system
Part is performed;When application triggers are related to the sensitive data operation of sensitive data, application is run under trusted operating system
Program, sensitive data operation is the credible middleware under trusted operating system to perform.
For example, for Net silver client this application program example, its sensitive data mainly includes key, PIN
Code, configuration information etc..Wherein, being related to the sensitive data operation of key mainly has encryption, decryption, key agreement, signature, sign test
Deng being related to the sensitive data operation of PIN code mainly has checking PIN code, updates PIN code, unlocking PIN code etc., is related to configuration
The sensitive data operation of information mainly has encryption configuration information, checking configuration information etc..When the triggering of Net silver client is not related to
During the nonsensitive data operation of any sensitive data such as key, PIN code, configuration information, Net silver is run under open operation system
Client, by universal middleware operates to perform nonsensitive data;When Net silver client triggers signature, encryption, checking PIN code etc.
When any sensitive data for being related to sensitive data is operated, Net silver client is run under trusted operating system, by credible middleware
To perform sensitive data operation.
S202, sensitive data operation is triggered under the open operation system in response to the application program, will it is described should
It is switched under trusted operating system and is run from the open operation system with program, and is called in credible under trusted operating system
Between part, control the credible middleware to perform the sensitive data operation.
Wherein, trusted operating system adapter device hardware can be the credible middleware for performing sensitive data operation
Operation provides credible performing environment.Credible performing environment is present in the primary processor of the equipment such as smart mobile phone, tablet personal computer
A safety zone.Credible middleware is run in credible performing environment, and credible middleware can be made to be operated in sensitive data
Implementation procedure in the sensitive data that calls stored, handled in a trusted context, so as to be protected and avoid being disliked
Meaning is obtained.
It should be noted that in the prior art, for the application program for being related to sensitive data, there is performance and peace
Full contradiction:On the one hand, the Chip Operating System of security mechanism guarantee can be provided for storing the safety element of sensitive data
(Chip Operating System, abbreviation COS), using the teaching of the invention it is possible to provide safe running environment, but its performance is relatively low, operating system
Function is also fairly simple, therefore, and sensitive data operation can not be performed completely in safety element;On the other hand, for sensitivity
The middleware of data manipulation is against the resource energy such as the hardware devices such as powerful central processing unit, memory and open operation system
Powerful performance and abundant function are enough provided, also therefore sensitive data operation is mainly performed by middleware, but existing
Middleware is operated under open operation system again, and this safety for allowing for sensitive data is difficult to ensure that.And in the present embodiment, due to
Simultaneously there is provided open operation system and trusted operating system in equipment, sensitive data operation can be in credible performing environment
Performed by credible middleware, on the one hand cause sensitive data operation to be held by powerful and feature-rich middleware
OK, sensitive data on the other hand can be caused to be deposited in the implementation procedure that sensitive data is operated in a trusted context
Storage, processing, to ensure security.
In some embodiments of the present embodiment, in order to ensure that application triggers operating process has integrality and company
The Consumer's Experience of coherence, can set a sensitive data operation agent to connect in the universal middleware under open operation system
Mouthful, when application triggers sensitive data is operated, universal middleware runs to the sensitive data operation agent interface, the sensitivity
Data manipulation proxy interface, which is then triggered, is switched under trusted operating system and calls credible middleware to perform application program
The sensitive data is operated, and the wherein switching of operating system can be realized by a safety monitor, can thus make
Obtaining sensitive data operation can trigger in the universal middleware under open operation system, maintain universal middleware handling process
Integrality and continuity.Specifically, it can for example make that there is sensitive data in the universal middleware under open operation system
Operation agent interface, the sensitive data operation agent interface can be used for responding the application program in the open operation system
The lower triggering sensitive data operation of system;Correspondingly, to the sensitive data operation monitoring and the switching of operating system of application triggers,
It can such as include:In running of the application program under the open operation system, the general centre is monitored
The operation of part;In response to monitoring that the universal middleware runs the sensitive data operation agent interface, security monitoring is called
Device, and control the safety monitor that the running environment of the application program is switched into credible behaviour from the open operation system
Make system.
S203, in the implementation procedure that the sensitive data is operated, control the credible middleware to be read from safety element
Sensitive data is taken to use, and/or, control the credible middleware to write sensitive data into the safety element.
Wherein, sensitive data is needed to use in the implementation procedure of sensitive data operation, for example, encrypts, decrypts, signs, tests
The operation of the sensitive datas such as label needs to use key.And sensitive data is stored in safety element.Therefore, grasped in sensitive data
In the implementation procedure of work, credible middleware needs into safety element reading sensitive data to use, or, credible middleware is needed
Sensitive data is written in safety element, so that safety element is stored or is operated.
It is understood that in some embodiments of the present embodiment, it is contemplated that credible middleware is read safety element
Be actually the interaction that sensitive data is carried out between two operating systems when writing sensitive data, and sensitive data two systems it
Between be transmitted during may also can be by malicious attack.In order to avoid credible middleware reads and writes sensitivity to safety element
Sensitive data can be made sensitive by escape way transmission between credible middleware and safety element by malicious attack during data
Data.Specifically, in the present embodiment, after the credible middleware called under trusted operating system, for example, it can also wrap
Include:Control to set up escape way between the credible middleware and the safety element, so as to the credible middleware with it is described
The interaction of sensitive data is carried out between safety element by the escape way.Wherein, the foundation of escape way, can pass through
The mode of key agreement is carried out between credible middleware and safety element to realize.
In other embodiments of the present embodiment, it is contemplated that had in the implementation procedure of sensitive data operation substantial amounts of
Output information, these output informations have certain security requirement, but the secure storage areas cost provided in safety element
High, capacity is small and dumb, therefore, and a large amount of output informations of sensitive data operation should not be stored in the peace that safety element is provided
In full memory block.And because the implementation procedure that sensitive data is operated is completed under trusted operating system, output information is can
It is safety under letter operating system, therefore, output information can first encrypt under trusted operating system and be saved in common mode again
In open memory, so it is also ensured that the safety of output information.Specifically, the present embodiment can also for example include:Institute
In the implementation procedure for stating sensitive data operation, control the credible middleware that output information is encrypted, and by after encryption
Output information is stored in open memory;Wherein, the open memory is used to store under the open operation system and institute
State the information produced under trusted operating system.
It should be noted that in some embodiments of the present embodiment, the open operation that is provided in same equipment and credible
Operating system, can be specifically while being configured in credible performing environment TEE chips, and it can be SE cores that safety element, which is specifically,
Piece.Wherein, SE chips can be configured simultaneously in same equipment with TEE chips, and such as SE chips and TEE chips are built in simultaneously
The mobile devices such as mobile phone, tablet personal computer, or, SE chips can also be relative to one of equipment where TEE chips outside install
Standby, the Net silver shield of such as built-in SE chips may be coupled to the mobile phone of built-in TEE chips, tablet personal computer mobile device.
Specifically, referring to Fig. 3, in the hardware subsystem middleware layer of TEE chips, with being carried by TEE licensed softwares
The trusted operating system of confession and credible middleware, and, also with open operation system and universal middleware.In universal middleware
In can have the sensitive data operation agent interface that is monitored by safety monitor.When safety monitor monitor it is general in
Between part running environment is then switched to trusted operating system from open operation system when running to sensitive data operation agent interface,
Credible middleware is called to complete sensitive data operation.Credible middleware can have a sensitive data memory interface API, be used for
Data interaction is carried out between the Chip Operating System (COS layers) of credible middleware and SE chip, completes to read and write sensitivity to SE chips
Data.
By the technical scheme of the present embodiment, middleware is grasped to sensitive data after sensitive data is taken out from SE
During work, sensitive data can be caused to be under credible platform, so as to avoid malicious user from passing through attacking under open platform
Break up solution mode to go to obtain sensitive data, it is ensured that safety of the sensitive data in the middleware-operation stage.In addition, being taken out from SE
During middleware is operated to sensitive data after sensitive data, because sensitive data is actually to be stored in place of safety
In domain, therefore sensitive data can be made in safety zone with plaintext version storage without re-encrypting storage, so that can
Believe that middleware faster, improves the processing speed of sensitive data operation to the access speed of sensitive data.
In order that application of the those skilled in the art to embodiment of the present invention has more deep understanding, below with one
Exemplified by application scenarios, a kind of application example of the method embodiment of sensitive data operation is introduced.Under the application scenarios, it is related to
Application program to sensitive data is Net silver client, and sensitive data operation is specially key data operation.
Referring to Fig. 4, the flow chart of the embodiment of the method 2 that sensitive data is operated in the present invention is shown.In the present embodiment,
For example it may include steps of:
S401, the startup Net silver client under open operation system.
S402, for Net silver client call universal middleware operation.
S403, when Net silver client triggering key data operation when, universal middleware runs to cipher key operation proxy interface,
To call cipher key operation by cipher key operation proxy interface.
Wherein, key data operation can mainly include password encryption operation, password decryption oprerations, signature operation, sign test
Operation etc..
S404, the running environment of Net silver client is switched to by trusted operating system by safety monitor, to set up
With the communication between the credible middleware under trusted operating system.
S405, the key data in credible middleware is called to operate.
S406, during credible middleware performs key data operation, control to carry out between credible middleware and SE
Key agreement, to set up escape way.
S407, credible middleware is controlled to read key data or write-in key data to SE from SE.
S408, practical operation SE hardware memories.
By the technical scheme of the present embodiment, Net silver middleware enters to key data after key data is taken out from SE
During row operation, key data can be caused to be under credible platform, so as to avoid malicious user from passing through under open platform
Attack crack mode go obtain user's Net silver key data, it is ensured that safety of the key data in the middleware-operation stage.Separately
Outside, during middleware operates to key data after key data is taken out from SE, due to key data reality
On be stored in safe buffering area, therefore key data can be made in safety buffer zone with plaintext version storage without
Re-encrypt storage so that credible middleware to the access speed of key data faster, improve the processing of key data operation
Speed.
After method exemplary in describing the present invention, next to exemplary embodiment of the invention, be used for
The equipment of sensitive data operation is introduced.
Referring to Fig. 5, the structure chart of the apparatus embodiments 1 that sensitive data is operated in the present invention is shown.In the present embodiment,
The equipment for example can specifically include:
First calling module 501, for being run in response to application program under open operation system, calls the open behaviour
Make the universal middleware under system;
First control module 502, for controlling the universal middleware to perform the operation of the application triggers;
Handover module 503, for triggering sensitive data behaviour under the open operation system in response to the application program
Make, the application program is switched under trusted operating system from the open operation system and run;
Second calling module 504, for calling the credible middleware under trusted operating system;
Second control module 505, for controlling the credible middleware to perform the sensitive data operation;
Module for reading and writing 506, in the implementation procedure that the sensitive data is operated, controlling the credible middleware from peace
Sensitive data is read in full element to use, and/or, control the credible middleware to write sensitive data to the safety element
In.
Optionally, in some embodiments of the present embodiment, can for example have sensitive number in the universal middleware
According to operation agent interface, the sensitive data operation agent interface for example can be used for responding the application program in the opening
Sensitive data operation is triggered under operating system;Correspondingly, referring to Fig. 6, the handover module 503 for example can specifically include:
Submodule 601 is monitored, in running of the application program under the open operation system, monitoring
The operation of the universal middleware;
Submodule 602 is called, for operating generation in response to monitoring that the universal middleware runs to the sensitive data
Interface is managed, safety monitor is called;
Control submodule 603, for controlling the safety monitor to open the running environment of the application program from described
Put operating system and be switched to trusted operating system.
Optionally, in other embodiments of the present embodiment, the open operation system and the trusted operations system
System can be for example configured in credible performing environment TEE chips, and the safety element for example can be SE chips.
Referring to Fig. 7, the structure chart of the apparatus embodiments 2 that sensitive data is operated in the present invention is shown.In the present embodiment,
In addition to all structures shown in Fig. 5, the equipment can also for example include:
3rd control module 701, for calling the credible middleware under trusted operating system after, it is described in response to control
Escape way is set up between credible middleware and the safety element, so as between the credible middleware and the safety element
The interaction of sensitive data is carried out by the escape way
Referring to Fig. 8, the structure chart of the apparatus embodiments 3 that sensitive data is operated in the present invention is shown.In the present embodiment,
In addition to all structures shown in Fig. 5, the equipment can also for example include:
4th control module 801, in the implementation procedure that the sensitive data is operated, controlling the credible middleware
Output information is encrypted;
Storage module 802, for the output information after encryption to be stored in open memory;Wherein, the opening is deposited
The information that reservoir is used to store under the open operation system and produced under the trusted operating system.
By the technical scheme of the present embodiment, middleware is grasped to sensitive data after sensitive data is taken out from SE
During work, sensitive data can be caused to be under credible platform, so as to avoid malicious user from passing through attacking under open platform
Break up solution mode to go to obtain sensitive data, it is ensured that safety of the sensitive data in the middleware-operation stage.In addition, being taken out from SE
During middleware is operated to sensitive data after sensitive data, due to sensitive data be actually be stored in it is safe
In buffering area, therefore sensitive data can be made in safety buffer zone with plaintext version storage without re-encrypting storage, so that
So that credible middleware to the access speed of sensitive data faster, improve the processing speed of sensitive data operation.
It should be noted that herein, such as first and second or the like relational terms are used merely to a reality
Body or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or deposited between operating
In any this actual relation or order.Term " comprising ", "comprising" or its any other variant are intended to non-row
His property is included, so that process, method, article or equipment including a series of key elements not only include those key elements, and
And also including other key elements being not expressly set out, or also include for this process, method, article or equipment institute inherently
Key element.In the absence of more restrictions, the key element limited by sentence " including one ... ", it is not excluded that including
Also there is other identical element in process, method, article or the equipment of the key element.
For apparatus embodiments, because it corresponds essentially to embodiment of the method, so related part is real referring to method
Apply the part explanation of example.Apparatus embodiments described above are only schematical, wherein described be used as separating component
The unit of explanation can be or may not be physically separate, and the part shown as unit can be or can also
It is not physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can be according to reality
Selection some or all of module therein is needed to realize the purpose of this embodiment scheme.Those of ordinary skill in the art are not
In the case of paying creative work, you can to understand and implement.
Described above is only the embodiment of the application, it is noted that for the ordinary skill people of the art
For member, on the premise of the application principle is not departed from, some improvements and modifications can also be made, these improvements and modifications also should
It is considered as the protection domain of the application.
Claims (8)
1. a kind of method of sensitive data operation, it is characterised in that including:
Run in response to application program under open operation system, call the universal middleware under the open operation system, and
The universal middleware is controlled to perform the operation of the application triggers;
Sensitive data operation is triggered under the open operation system in response to the application program, by the application program from institute
State open operation system and be switched to operation under trusted operating system, and call the credible middleware under trusted operating system, control
The credible middleware performs the sensitive data operation;
In the implementation procedure that the sensitive data is operated, the credible middleware is controlled to read sensitive number from safety element
According to, and/or, control the credible middleware to write sensitive data into the safety element;
Wherein, the open operation system, the universal middleware, the trusted operating system and the credible middleware are matched somebody with somebody
Put in credible performing environment TEE chips, the safety element is specially SE chips.
2. the method according to the claim 1, it is characterised in that in the universal middleware there is sensitive data to operate
Proxy interface, the sensitive data operation agent interface is used to respond the application program, is touched under the open operation system
Send out sensitive data operation;
It is described to trigger sensitive data operation under the open operation system in response to the application program, by the application program
It is switched under trusted operating system and runs from the open operation system, including:
In running of the application program under the open operation system, the operation of the universal middleware is monitored;
The sensitive data operation agent interface is run in response to the universal middleware, safety monitor is called, and control institute
State safety monitor and the running environment of the application program is switched to trusted operating system from the open operation system.
3. according to the method described in claim 1, it is characterised in that the credible middleware called under trusted operating system it
Afterwards, in addition to:
Control to set up escape way between the credible middleware and the safety element, so as to the credible middleware with it is described
The interaction of sensitive data is carried out between safety element by the escape way.
4. according to the method described in claim 1, it is characterised in that also include:
In the implementation procedure that the sensitive data is operated, control the credible middleware that output information is encrypted, and will
Output information after encryption is stored in open memory;Wherein, the open memory is used to store the open operation system
The information produced under system and under the trusted operating system.
5. a kind of equipment of sensitive data operation, it is characterised in that including:
First calling module, for being run in response to application program under open operation system, calls the open operation system
Under universal middleware;
First control module, for controlling the universal middleware to perform the operation of the application triggers;
Handover module, for triggering sensitive data operation under the open operation system in response to the application program, by institute
State application program and be switched to operation under trusted operating system from the open operation system;
Second calling module, for calling the credible middleware under trusted operating system;
Second control module, for controlling the credible middleware to perform the sensitive data operation;
Module for reading and writing, in the implementation procedure that the sensitive data is operated, controlling the credible middleware from safety element
Middle reading sensitive data is used, and/or, control the credible middleware to write sensitive data into the safety element;
Wherein, the open operation system, the universal middleware, the trusted operating system and the credible middleware are matched somebody with somebody
Put in credible performing environment TEE chips, the safety element is specially SE chips.
6. the equipment according to the claim 5, it is characterised in that in the universal middleware there is sensitive data to operate
Proxy interface, the sensitive data operation agent interface is triggered for responding the application program under the open operation system
Sensitive data is operated;
The handover module includes:
Submodule is monitored, it is described logical in running of the application program under the open operation system, monitoring
With the operation of middleware;
Submodule is called, for running the sensitive data operation agent interface in response to the universal middleware, safety is called
Monitor;
Control submodule, for controlling the safety monitor by the running environment of the application program from the open operation system
System is switched to trusted operating system.
7. equipment according to claim 5, it is characterised in that also include:
3rd control module, for calling the credible middleware under trusted operating system after, in response to control it is described it is credible in
Between set up escape way between part and the safety element, to pass through institute between the credible middleware and the safety element
State the interaction that escape way carries out sensitive data.
8. equipment according to claim 5, it is characterised in that also include:
4th control module, in the implementation procedure that the sensitive data is operated, controlling the credible middleware to output
Information is encrypted;
Storage module, for the output information after encryption to be stored in open memory;Wherein, the open memory is used for
Store the information produced under the open operation system and under the trusted operating system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410342484.8A CN104077533B (en) | 2014-07-17 | 2014-07-17 | A kind of method and apparatus for operating sensitive data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410342484.8A CN104077533B (en) | 2014-07-17 | 2014-07-17 | A kind of method and apparatus for operating sensitive data |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104077533A CN104077533A (en) | 2014-10-01 |
CN104077533B true CN104077533B (en) | 2017-09-15 |
Family
ID=51598783
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410342484.8A Expired - Fee Related CN104077533B (en) | 2014-07-17 | 2014-07-17 | A kind of method and apparatus for operating sensitive data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104077533B (en) |
Families Citing this family (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105592019B (en) * | 2014-11-05 | 2018-12-25 | 中国银联股份有限公司 | The method that two-way access is applied between dual execution environment |
CN104462958B (en) * | 2014-11-06 | 2018-01-09 | 东莞宇龙通信科技有限公司 | The inter-system switching method and device of a kind of terminal |
CN104468611B (en) * | 2014-12-24 | 2017-09-08 | 宇龙计算机通信科技(深圳)有限公司 | The data safety processing method and device switched based on dual system |
CN104615553B (en) * | 2015-01-30 | 2017-12-12 | 深圳酷派技术有限公司 | Data capture method, data acquisition facility and terminal |
DE102015001900A1 (en) * | 2015-02-09 | 2016-08-11 | Giesecke & Devrient Gmbh | Method for operating a security element |
CN104899506B (en) * | 2015-05-08 | 2018-01-12 | 深圳市雪球科技有限公司 | Security system implementation method based on virtual secure element in credible performing environment |
CN107004098B (en) * | 2015-05-28 | 2020-10-16 | 宇龙计算机通信科技(深圳)有限公司 | System switching method, device and terminal |
CN106529228A (en) * | 2015-09-02 | 2017-03-22 | 北京壹人壹本信息科技有限公司 | Method and device for safe operations of personal information |
CN106548084A (en) * | 2015-09-02 | 2017-03-29 | 北京壹人壹本信息科技有限公司 | File security means of defence and device |
CN105512576A (en) * | 2015-12-14 | 2016-04-20 | 联想(北京)有限公司 | Method for secure storage of data and electronic equipment |
CN106940776A (en) * | 2016-01-04 | 2017-07-11 | 中国移动通信集团公司 | A kind of sensitive data operating method and mobile terminal |
CN107315970B (en) * | 2016-04-26 | 2020-03-20 | 展讯通信(上海)有限公司 | Sensitive data interaction method and device |
CN106027563A (en) * | 2016-07-08 | 2016-10-12 | 上海瀚银信息技术有限公司 | Sensitive data encryption and decryption device and method, and transaction system |
EP3547195B1 (en) | 2016-12-29 | 2020-11-25 | Huawei Technologies Co., Ltd. | System-on-chip and method for switching secure operating systems |
CN108933660A (en) * | 2017-05-26 | 2018-12-04 | 展讯通信(上海)有限公司 | Digital content protective system based on HDCP |
CN109960903A (en) * | 2017-12-26 | 2019-07-02 | 中移(杭州)信息技术有限公司 | A kind of method, apparatus, electronic equipment and storage medium that application is reinforced |
CN108228157A (en) * | 2017-12-29 | 2018-06-29 | 北京握奇智能科技有限公司 | TEE system interfaces packaging method, device and mobile terminal |
CN112468473B (en) * | 2018-11-16 | 2023-10-24 | 创新先进技术有限公司 | Remote proving method and device for trusted application program and electronic equipment |
CN111159782B (en) * | 2019-12-03 | 2021-05-18 | 支付宝(杭州)信息技术有限公司 | Safety task processing method and electronic equipment |
CN111177701B (en) * | 2019-12-11 | 2022-09-13 | 北京握奇智能科技有限公司 | Method and equipment for realizing cryptographic function service based on trusted execution environment and security chip |
CN115330383A (en) * | 2021-07-22 | 2022-11-11 | 支付宝(杭州)信息技术有限公司 | Offline bill generation method and device |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102763098A (en) * | 2009-12-14 | 2012-10-31 | 思杰系统有限公司 | Methods and systems for communicating between trusted and non-trusted virtual machines |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8543841B2 (en) * | 2011-06-30 | 2013-09-24 | Oracle International Corporation | Secure hosted execution architecture |
CN103514414A (en) * | 2012-06-26 | 2014-01-15 | 上海盛轩网络科技有限公司 | Encryption method and encryption system based on ARM TrustZone |
CN103745155A (en) * | 2014-01-03 | 2014-04-23 | 东信和平科技股份有限公司 | Credible Key and safe operation method thereof |
-
2014
- 2014-07-17 CN CN201410342484.8A patent/CN104077533B/en not_active Expired - Fee Related
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102763098A (en) * | 2009-12-14 | 2012-10-31 | 思杰系统有限公司 | Methods and systems for communicating between trusted and non-trusted virtual machines |
Non-Patent Citations (1)
Title |
---|
ARM TrustZone安全隔离技术研究与应用;王熙友;《中国优秀硕士学位论文全文数据库 信息科技辑 2014年第01期》;20140115;第17、18、36页、第54-57页 * |
Also Published As
Publication number | Publication date |
---|---|
CN104077533A (en) | 2014-10-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104077533B (en) | A kind of method and apparatus for operating sensitive data | |
US9800560B1 (en) | Systems and methods for monitoring encrypted data transmission | |
JP6335315B2 (en) | System and method for scanning a packed program in response to detection of suspicious behavior | |
CN104331644B (en) | A kind of transparent encipher-decipher method of intelligent terminal file | |
CN104125216B (en) | A kind of method, system and terminal for lifting credible performing environment security | |
EP3123657B1 (en) | Method and apparatus for cloud-assisted cryptography | |
CN103353931B (en) | Security-enhanced computer system and method | |
CN105493097B (en) | Protection scheme for the data remotely stored | |
CN110492990B (en) | Private key management method, device and system under block chain scene | |
US9246944B1 (en) | Systems and methods for enforcing data loss prevention policies on mobile devices | |
CN107851167A (en) | Protection calculates the technology of data in a computing environment | |
CN103150514A (en) | Mobile equipment-based credible module and credible service method thereof | |
CN110348252A (en) | Operating system and method based on trusted domain | |
US9027078B1 (en) | Systems and methods for enforcing data loss prevention policies on sandboxed applications | |
EP3449607B1 (en) | Systems and methods for managing encryption keys for single-sign-on applications | |
CN107358114A (en) | A kind of method and terminal for preventing user data loss | |
KR20150022815A (en) | A method for dynamic generation and modification of an electronic entity architecture | |
CN107609412A (en) | A kind of method for realizing that mobile terminal safety stores under mobile Internet based on TrustZone technologies | |
CN103902922B (en) | A kind of method and system for preventing file from stealing | |
CN106295386A (en) | The guard method of data file, device and terminal unit | |
US11032319B1 (en) | Systems and methods for preparing honeypot computer files | |
CN109325322B (en) | Software intellectual property protection system and method for embedded platform | |
CN105095784A (en) | Terminal data writing and reading methods and devices | |
CN102685326A (en) | Message encryption method and device and mobile terminal | |
CN103593619A (en) | Method and system applied to data protection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170915 Termination date: 20210717 |
|
CF01 | Termination of patent right due to non-payment of annual fee |