CN104077533B - A kind of method and apparatus for operating sensitive data - Google Patents

A kind of method and apparatus for operating sensitive data Download PDF

Info

Publication number
CN104077533B
CN104077533B CN201410342484.8A CN201410342484A CN104077533B CN 104077533 B CN104077533 B CN 104077533B CN 201410342484 A CN201410342484 A CN 201410342484A CN 104077533 B CN104077533 B CN 104077533B
Authority
CN
China
Prior art keywords
sensitive data
middleware
credible
under
application program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201410342484.8A
Other languages
Chinese (zh)
Other versions
CN104077533A (en
Inventor
江先
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing WatchSmart Technologies Co Ltd
Original Assignee
Beijing WatchSmart Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing WatchSmart Technologies Co Ltd filed Critical Beijing WatchSmart Technologies Co Ltd
Priority to CN201410342484.8A priority Critical patent/CN104077533B/en
Publication of CN104077533A publication Critical patent/CN104077533A/en
Application granted granted Critical
Publication of CN104077533B publication Critical patent/CN104077533B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode

Abstract

The invention discloses a kind of method and apparatus of sensitive data operation.This method includes:Run in response to application program under open operation system, call the universal middleware under open operation system, and control the operation of universal middleware execution application triggers;Sensitive data operation is triggered under open operation system in response to application program, application program is switched under trusted operating system from open operation system and run, and credible middleware under trusted operating system is called, control credible middleware to perform sensitive data operation;In the implementation procedure that the sensitive data is operated, control credible middleware to read sensitive data from safety element and use, and/or, control credible middleware to write sensitive data into safety element.By embodiment of the present invention, can not only ensure safety of the sensitive data in the middleware-operation stage, it is also possible that middleware to the access speed of sensitive data faster, improve treatment effeciency of the middleware to sensitive data.

Description

A kind of method and apparatus for operating sensitive data
Technical field
The present invention relates to data processing technique, more particularly to a kind of method and apparatus for operating sensitive data.
Background technology
At present, many application programs can all be related to the processing of sensitive data.For example, Net silver client is in the process of running Need to handle the sensitive datas such as key, PIN code.In order to ensure the security of sensitive data, existing Net silver client, A kind of external safety element (such as Net silver shield, U-shield) that can be connected with user terminal is employed, is as the key of sensitive data It is stored in external safety element, when Net silver client is needing to use key to be operated, it is necessary to be gone by middleware Key is taken out from external safety element, the operation using key is then completed by middleware.Wherein, safety element There is encryption/decryption logic circuit in (Secure Element, abbreviation SE), outside malice parsing attack, protection can be prevented The safety of its data stored.
For existing sensitive data mode of operation, although sensitive data, which is stored in SE, can ensure sensitive data Do not parsed in storage by outside malice, but because the middleware for being operated to sensitive data is transported under open platform It is capable, so, taken out from SE during middleware is operated to sensitive data after sensitive data, sensitive data reality It is to be under open platform on border, so allowing for malicious user by the attack under open platform can crack mode and big It is big to add the chance for obtaining sensitive data, so as to be difficult to ensure that the safety of sensitive data.
The content of the invention
The technical problems to be solved by the invention are to provide a kind of method and apparatus for operating sensitive data, to solve to press Cause according to being exposed in the prior art in sensitive data during middleware is operated to sensitive data under open platform It is difficult to ensure that the problem of sensitive data is safe.
In order to solve the above technical problems, the invention provides a kind of method for operating sensitive data, this method includes:
A kind of method of sensitive data operation, including:
Run in response to application program under open operation system, call the general centre under the open operation system Part, and control the operation of the universal middleware execution application triggers;
Sensitive data operation is triggered under the open operation system in response to the application program, by the application program It is switched under trusted operating system and runs from the open operation system, and calls the credible middleware under trusted operating system, The credible middleware is controlled to perform the sensitive data operation;
In the implementation procedure that the sensitive data is operated, the credible middleware is controlled to read sensitivity from safety element Data, and/or, control the credible middleware to write sensitive data into the safety element.
There is sensitive data operation agent interface, the sensitive data operation agent interface is used in the universal middleware The application program is responded, sensitive data operation is triggered under the open operation system;
It is described to trigger sensitive data operation under the open operation system in response to the application program, by the application Program is switched under trusted operating system from the open operation system and run, including:
In running of the application program under the open operation system, the fortune of the universal middleware is monitored OK;
The sensitive data operation agent interface is run in response to the universal middleware, safety monitor is called, and control Make the safety monitor and the running environment of the application program is switched to trusted operating system from the open operation system.
After the credible middleware called under trusted operating system, in addition to:
Control to set up escape way between the credible middleware and the safety element, so as to the credible middleware with The interaction of sensitive data is carried out between the safety element by the escape way.
Methods described also includes:
In the implementation procedure that the sensitive data is operated, control the credible middleware that output information is encrypted, And the output information after encryption is stored in open memory;Wherein, the open memory is used to store the open behaviour Make the information produced under system and under the trusted operating system.
The open operation system and the trusted operating system are configured in credible performing environment TEE chips, the peace Full element is SE chips.
A kind of equipment of sensitive data operation, including:
First calling module, for being run in response to application program under open operation system, calls the open operation Universal middleware under system;
First control module, for controlling the universal middleware to perform the operation of the application triggers;
Handover module, for sensitive data operation to be triggered under the open operation system in response to the application program, The application program is switched under trusted operating system from the open operation system and run;
Second calling module, for calling the credible middleware under trusted operating system;
Second control module, for controlling the credible middleware to perform the sensitive data operation;
Module for reading and writing, in the implementation procedure that the sensitive data is operated, controlling the credible middleware from safety Sensitive data is read in element to use, and/or, control the credible middleware to write sensitive data into the safety element.
There is sensitive data operation agent interface, the sensitive data operation agent interface is used in the universal middleware Respond the application program and sensitive data operation is triggered under the open operation system;
The handover module includes:
Submodule is monitored, in running of the application program under the open operation system, monitoring institute State the operation of universal middleware;
Submodule is called, for running the sensitive data operation agent interface in response to the universal middleware, is called Safety monitor;
Control submodule, for controlling the safety monitor to grasp the running environment of the application program from the opening Trusted operating system is switched to as system.
The equipment also includes:
3rd control module, for calling the credible middleware under trusted operating system after, in response to control is described can Escape way is set up between letter middleware and the safety element, to lead between the credible middleware and the safety element Cross the interaction that the escape way carries out sensitive data.
The equipment also includes:
4th control module, in the implementation procedure that the sensitive data is operated, controlling the credible middleware pair Output information is encrypted;
Storage module, for the output information after encryption to be stored in open memory;Wherein, the open memory For storing the information produced under the open operation system and under the trusted operating system.
The open operation system and the trusted operating system are configured in credible performing environment TEE chips, the peace Full element is SE chips.
Compared with prior art, the present invention has advantages below:
The technical scheme provided according to embodiments of the present invention, can be with when application program is run under open operation system The universal middleware under open operation system is called, and controls universal middleware to perform the operation of application triggers, and works as and answers Sensitive data operation is triggered under the open operation system with program, application program can be switched to from open operation system Run under trusted operating system, and call the credible middleware under trusted operating system, control credible middleware to perform the sensitivity Data manipulation, in the implementation procedure that sensitive data is operated, can control credible middleware to read sensitive number from safety element According to using, and/or, control credible middleware to write sensitive data into safety element.Therefore, because application program is triggering quick It is switched under trusted operating system and runs during sense data manipulation, and sensitive data operation is specifically to call trusted operating system Under credible middleware perform, so, after sensitive data is taken out from SE middleware is operated to sensitive data During, sensitive data can be caused to be under credible platform, so as to avoid malicious user from passing through the attack under open platform The mode of cracking goes to obtain sensitive data, it is ensured that safety of the sensitive data in the middleware-operation stage.In addition, taking out quick from SE During middleware is operated to sensitive data after sense data, because sensitive data is actually in security context storage And operation, therefore sensitive data can be made in safety zone with plaintext version storage without re-encrypting storage, so that Credible middleware faster, improves the processing speed of sensitive data operation to the access speed of sensitive data.
Brief description of the drawings
, below will be to embodiment or existing in order to illustrate more clearly of the embodiment of the present application or technical scheme of the prior art There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are only this Some embodiments described in application, for those of ordinary skill in the art, on the premise of not paying creative work, Other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is the block schematic illustration of an exemplary application scene in embodiment of the present invention;
The flow chart for the embodiment of the method 1 that Fig. 2 operates for sensitive data in the present invention;
Fig. 3 is the schematic diagram of the embodiment of system architecture one in the embodiment of the present invention;
The flow chart for the embodiment of the method 2 that Fig. 4 operates for sensitive data in the present invention;
The structure chart for the apparatus embodiments 1 that Fig. 5 operates for sensitive data in the present invention;
Fig. 6 is the structure chart of the embodiment of handover module 503 1 in the embodiment of the present invention;
The structure chart for the apparatus embodiments 2 that Fig. 7 operates for sensitive data in the present invention;
The structure chart for the apparatus embodiments 3 that Fig. 8 operates for sensitive data in the present invention
Embodiment
In order that those skilled in the art more fully understand application scheme, below in conjunction with the embodiment of the present application Accompanying drawing, the technical scheme in the embodiment of the present application is clearly and completely described, it is clear that described embodiment is only this Apply for a part of embodiment, rather than whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art exist The every other embodiment obtained under the premise of creative work is not made, the scope of the application protection is belonged to.
Inventor has found that for the application program for being related to sensitive data, it is in order to ensure sensitive data Safety, be typically sensitive data is stored in external safety element, need to call centre when needing to use sensitive data Part is operated to sensitive data.And be all to provide an open operation system for all application programs in existing equipment System, all application programs are run all under open operation system, and the operation of all application triggers is also all to call open behaviour Make the middleware under system to perform, therefore, for the application program for being related to sensitive data, call middleware to sensitive number During according to being operated, sensitive data is practically under open platform, so allows for malicious user easily by open platform Sensitive data is obtained, so as to be difficult to ensure that the safety of sensitive data.In addition, although middleware can be by adding under open platform The modes such as close, shell adding, but encryption technology, encryption technology algorithm be the operating mechanism based on open platform and be it is disclosed, This is not only still difficult to avoid that attack of the malicious user under open platform is cracked, so that in middleware to sensitive data Need to access encrypted sensitive data and cause the inefficiency of sensitive data operation during operation.
Based on the studies above, basic thought of the invention is:Open operation system is provided in same equipment and credible Operating system, wherein, trusted operating system adapter device hardware can form credible performing environment (Trusted Excutive Enviroment, abbreviation TEE);For the application program for being related to sensitive data, when application program is under exploitation operating system It is switched under trusted operating system and runs during triggering sensitive data operation, and calls the credible middleware under trusted operating system To perform sensitive data operation, in the implementation procedure that sensitive data is operated, credible middleware is controlled to be read from safety element Sensitive data is used, and/or, control credible middleware to write sensitive data into safety element.Therefore, taking out quick from SE During middleware is operated to sensitive data after sense data, sensitive data can be caused to be in trusted context, from And avoid malicious user from cracking mode by the attack under open platform and go to obtain sensitive data, it is ensured that sensitive data is in middleware The safety of operational phase.In addition, during middleware operates to sensitive data after sensitive data is taken out from SE, Because sensitive data is actually to be stored in safety zone, thus can make sensitive data region with plaintext version store and nothing Storage need to be re-encrypted so that credible middleware to the access speed of sensitive data faster, improve the place of sensitive data operation Manage speed.
Based on above-mentioned basic thought, an Application Scenarios-Example of embodiment of the present invention may apply to as shown in Figure 1 System in.Wherein, the system can include under trusted operating system 101, open operation system 102, trusted operating system 101 Credible middleware 103, universal middleware 104 and safety element 105 under open operation system 102.
Based in the Application Scenarios-Example framework shown in Fig. 1, application program, can in the 102 times operations of open operation system To call the universal middleware 104 under open operation system 102, and universal middleware 104 is controlled to perform application triggers Operation, and when application program is operated in 102 time triggering sensitive datas of the open operation system, can be by application program from opening Operating system 102 is switched to 101 times operations of trusted operating system, and calls the credible middleware under trusted operating system 101 103, control credible middleware 103 to perform sensitive data operation, in the implementation procedure that sensitive data is operated, can control can Letter middleware 103 reads sensitive data from safety element 105, and/or, control the credible write-in of middleware 103 sensitive data to arrive In safety element 105.
Understand spirit and principles of the present invention it should be noted that above-mentioned example application scenarios are for only for ease of and show Go out, embodiments of the present invention are unrestricted in this regard.On the contrary, embodiments of the present invention can apply to it is applicable Any scene.
After the main thought of the present invention is described, below in conjunction with the accompanying drawings, the various unrestricted of the present invention is described in detail Property embodiment.
Referring to Fig. 2, the flow chart of the embodiment of the method 1 that sensitive data is operated in the present invention is shown.In the present embodiment, For example specifically it may include steps of:
S201, run in response to application program, call general under the open operation system under open operation system Middleware, and control the universal middleware to perform the application triggers operation.
Two kinds of operation systems of open operation system and trusted operating system can be provided with when implementing, in same equipment System.For the application program for being related to sensitive data, when application triggers are not related to the nonsensitive data behaviour of sensitive data When making, application program is run under open operation system, nonsensitive data operation is by the general centre under open operation system Part is performed;When application triggers are related to the sensitive data operation of sensitive data, application is run under trusted operating system Program, sensitive data operation is the credible middleware under trusted operating system to perform.
For example, for Net silver client this application program example, its sensitive data mainly includes key, PIN Code, configuration information etc..Wherein, being related to the sensitive data operation of key mainly has encryption, decryption, key agreement, signature, sign test Deng being related to the sensitive data operation of PIN code mainly has checking PIN code, updates PIN code, unlocking PIN code etc., is related to configuration The sensitive data operation of information mainly has encryption configuration information, checking configuration information etc..When the triggering of Net silver client is not related to During the nonsensitive data operation of any sensitive data such as key, PIN code, configuration information, Net silver is run under open operation system Client, by universal middleware operates to perform nonsensitive data;When Net silver client triggers signature, encryption, checking PIN code etc. When any sensitive data for being related to sensitive data is operated, Net silver client is run under trusted operating system, by credible middleware To perform sensitive data operation.
S202, sensitive data operation is triggered under the open operation system in response to the application program, will it is described should It is switched under trusted operating system and is run from the open operation system with program, and is called in credible under trusted operating system Between part, control the credible middleware to perform the sensitive data operation.
Wherein, trusted operating system adapter device hardware can be the credible middleware for performing sensitive data operation Operation provides credible performing environment.Credible performing environment is present in the primary processor of the equipment such as smart mobile phone, tablet personal computer A safety zone.Credible middleware is run in credible performing environment, and credible middleware can be made to be operated in sensitive data Implementation procedure in the sensitive data that calls stored, handled in a trusted context, so as to be protected and avoid being disliked Meaning is obtained.
It should be noted that in the prior art, for the application program for being related to sensitive data, there is performance and peace Full contradiction:On the one hand, the Chip Operating System of security mechanism guarantee can be provided for storing the safety element of sensitive data (Chip Operating System, abbreviation COS), using the teaching of the invention it is possible to provide safe running environment, but its performance is relatively low, operating system Function is also fairly simple, therefore, and sensitive data operation can not be performed completely in safety element;On the other hand, for sensitivity The middleware of data manipulation is against the resource energy such as the hardware devices such as powerful central processing unit, memory and open operation system Powerful performance and abundant function are enough provided, also therefore sensitive data operation is mainly performed by middleware, but existing Middleware is operated under open operation system again, and this safety for allowing for sensitive data is difficult to ensure that.And in the present embodiment, due to Simultaneously there is provided open operation system and trusted operating system in equipment, sensitive data operation can be in credible performing environment Performed by credible middleware, on the one hand cause sensitive data operation to be held by powerful and feature-rich middleware OK, sensitive data on the other hand can be caused to be deposited in the implementation procedure that sensitive data is operated in a trusted context Storage, processing, to ensure security.
In some embodiments of the present embodiment, in order to ensure that application triggers operating process has integrality and company The Consumer's Experience of coherence, can set a sensitive data operation agent to connect in the universal middleware under open operation system Mouthful, when application triggers sensitive data is operated, universal middleware runs to the sensitive data operation agent interface, the sensitivity Data manipulation proxy interface, which is then triggered, is switched under trusted operating system and calls credible middleware to perform application program The sensitive data is operated, and the wherein switching of operating system can be realized by a safety monitor, can thus make Obtaining sensitive data operation can trigger in the universal middleware under open operation system, maintain universal middleware handling process Integrality and continuity.Specifically, it can for example make that there is sensitive data in the universal middleware under open operation system Operation agent interface, the sensitive data operation agent interface can be used for responding the application program in the open operation system The lower triggering sensitive data operation of system;Correspondingly, to the sensitive data operation monitoring and the switching of operating system of application triggers, It can such as include:In running of the application program under the open operation system, the general centre is monitored The operation of part;In response to monitoring that the universal middleware runs the sensitive data operation agent interface, security monitoring is called Device, and control the safety monitor that the running environment of the application program is switched into credible behaviour from the open operation system Make system.
S203, in the implementation procedure that the sensitive data is operated, control the credible middleware to be read from safety element Sensitive data is taken to use, and/or, control the credible middleware to write sensitive data into the safety element.
Wherein, sensitive data is needed to use in the implementation procedure of sensitive data operation, for example, encrypts, decrypts, signs, tests The operation of the sensitive datas such as label needs to use key.And sensitive data is stored in safety element.Therefore, grasped in sensitive data In the implementation procedure of work, credible middleware needs into safety element reading sensitive data to use, or, credible middleware is needed Sensitive data is written in safety element, so that safety element is stored or is operated.
It is understood that in some embodiments of the present embodiment, it is contemplated that credible middleware is read safety element Be actually the interaction that sensitive data is carried out between two operating systems when writing sensitive data, and sensitive data two systems it Between be transmitted during may also can be by malicious attack.In order to avoid credible middleware reads and writes sensitivity to safety element Sensitive data can be made sensitive by escape way transmission between credible middleware and safety element by malicious attack during data Data.Specifically, in the present embodiment, after the credible middleware called under trusted operating system, for example, it can also wrap Include:Control to set up escape way between the credible middleware and the safety element, so as to the credible middleware with it is described The interaction of sensitive data is carried out between safety element by the escape way.Wherein, the foundation of escape way, can pass through The mode of key agreement is carried out between credible middleware and safety element to realize.
In other embodiments of the present embodiment, it is contemplated that had in the implementation procedure of sensitive data operation substantial amounts of Output information, these output informations have certain security requirement, but the secure storage areas cost provided in safety element High, capacity is small and dumb, therefore, and a large amount of output informations of sensitive data operation should not be stored in the peace that safety element is provided In full memory block.And because the implementation procedure that sensitive data is operated is completed under trusted operating system, output information is can It is safety under letter operating system, therefore, output information can first encrypt under trusted operating system and be saved in common mode again In open memory, so it is also ensured that the safety of output information.Specifically, the present embodiment can also for example include:Institute In the implementation procedure for stating sensitive data operation, control the credible middleware that output information is encrypted, and by after encryption Output information is stored in open memory;Wherein, the open memory is used to store under the open operation system and institute State the information produced under trusted operating system.
It should be noted that in some embodiments of the present embodiment, the open operation that is provided in same equipment and credible Operating system, can be specifically while being configured in credible performing environment TEE chips, and it can be SE cores that safety element, which is specifically, Piece.Wherein, SE chips can be configured simultaneously in same equipment with TEE chips, and such as SE chips and TEE chips are built in simultaneously The mobile devices such as mobile phone, tablet personal computer, or, SE chips can also be relative to one of equipment where TEE chips outside install Standby, the Net silver shield of such as built-in SE chips may be coupled to the mobile phone of built-in TEE chips, tablet personal computer mobile device.
Specifically, referring to Fig. 3, in the hardware subsystem middleware layer of TEE chips, with being carried by TEE licensed softwares The trusted operating system of confession and credible middleware, and, also with open operation system and universal middleware.In universal middleware In can have the sensitive data operation agent interface that is monitored by safety monitor.When safety monitor monitor it is general in Between part running environment is then switched to trusted operating system from open operation system when running to sensitive data operation agent interface, Credible middleware is called to complete sensitive data operation.Credible middleware can have a sensitive data memory interface API, be used for Data interaction is carried out between the Chip Operating System (COS layers) of credible middleware and SE chip, completes to read and write sensitivity to SE chips Data.
By the technical scheme of the present embodiment, middleware is grasped to sensitive data after sensitive data is taken out from SE During work, sensitive data can be caused to be under credible platform, so as to avoid malicious user from passing through attacking under open platform Break up solution mode to go to obtain sensitive data, it is ensured that safety of the sensitive data in the middleware-operation stage.In addition, being taken out from SE During middleware is operated to sensitive data after sensitive data, because sensitive data is actually to be stored in place of safety In domain, therefore sensitive data can be made in safety zone with plaintext version storage without re-encrypting storage, so that can Believe that middleware faster, improves the processing speed of sensitive data operation to the access speed of sensitive data.
In order that application of the those skilled in the art to embodiment of the present invention has more deep understanding, below with one Exemplified by application scenarios, a kind of application example of the method embodiment of sensitive data operation is introduced.Under the application scenarios, it is related to Application program to sensitive data is Net silver client, and sensitive data operation is specially key data operation.
Referring to Fig. 4, the flow chart of the embodiment of the method 2 that sensitive data is operated in the present invention is shown.In the present embodiment, For example it may include steps of:
S401, the startup Net silver client under open operation system.
S402, for Net silver client call universal middleware operation.
S403, when Net silver client triggering key data operation when, universal middleware runs to cipher key operation proxy interface, To call cipher key operation by cipher key operation proxy interface.
Wherein, key data operation can mainly include password encryption operation, password decryption oprerations, signature operation, sign test Operation etc..
S404, the running environment of Net silver client is switched to by trusted operating system by safety monitor, to set up With the communication between the credible middleware under trusted operating system.
S405, the key data in credible middleware is called to operate.
S406, during credible middleware performs key data operation, control to carry out between credible middleware and SE Key agreement, to set up escape way.
S407, credible middleware is controlled to read key data or write-in key data to SE from SE.
S408, practical operation SE hardware memories.
By the technical scheme of the present embodiment, Net silver middleware enters to key data after key data is taken out from SE During row operation, key data can be caused to be under credible platform, so as to avoid malicious user from passing through under open platform Attack crack mode go obtain user's Net silver key data, it is ensured that safety of the key data in the middleware-operation stage.Separately Outside, during middleware operates to key data after key data is taken out from SE, due to key data reality On be stored in safe buffering area, therefore key data can be made in safety buffer zone with plaintext version storage without Re-encrypt storage so that credible middleware to the access speed of key data faster, improve the processing of key data operation Speed.
After method exemplary in describing the present invention, next to exemplary embodiment of the invention, be used for The equipment of sensitive data operation is introduced.
Referring to Fig. 5, the structure chart of the apparatus embodiments 1 that sensitive data is operated in the present invention is shown.In the present embodiment, The equipment for example can specifically include:
First calling module 501, for being run in response to application program under open operation system, calls the open behaviour Make the universal middleware under system;
First control module 502, for controlling the universal middleware to perform the operation of the application triggers;
Handover module 503, for triggering sensitive data behaviour under the open operation system in response to the application program Make, the application program is switched under trusted operating system from the open operation system and run;
Second calling module 504, for calling the credible middleware under trusted operating system;
Second control module 505, for controlling the credible middleware to perform the sensitive data operation;
Module for reading and writing 506, in the implementation procedure that the sensitive data is operated, controlling the credible middleware from peace Sensitive data is read in full element to use, and/or, control the credible middleware to write sensitive data to the safety element In.
Optionally, in some embodiments of the present embodiment, can for example have sensitive number in the universal middleware According to operation agent interface, the sensitive data operation agent interface for example can be used for responding the application program in the opening Sensitive data operation is triggered under operating system;Correspondingly, referring to Fig. 6, the handover module 503 for example can specifically include:
Submodule 601 is monitored, in running of the application program under the open operation system, monitoring The operation of the universal middleware;
Submodule 602 is called, for operating generation in response to monitoring that the universal middleware runs to the sensitive data Interface is managed, safety monitor is called;
Control submodule 603, for controlling the safety monitor to open the running environment of the application program from described Put operating system and be switched to trusted operating system.
Optionally, in other embodiments of the present embodiment, the open operation system and the trusted operations system System can be for example configured in credible performing environment TEE chips, and the safety element for example can be SE chips.
Referring to Fig. 7, the structure chart of the apparatus embodiments 2 that sensitive data is operated in the present invention is shown.In the present embodiment, In addition to all structures shown in Fig. 5, the equipment can also for example include:
3rd control module 701, for calling the credible middleware under trusted operating system after, it is described in response to control Escape way is set up between credible middleware and the safety element, so as between the credible middleware and the safety element The interaction of sensitive data is carried out by the escape way
Referring to Fig. 8, the structure chart of the apparatus embodiments 3 that sensitive data is operated in the present invention is shown.In the present embodiment, In addition to all structures shown in Fig. 5, the equipment can also for example include:
4th control module 801, in the implementation procedure that the sensitive data is operated, controlling the credible middleware Output information is encrypted;
Storage module 802, for the output information after encryption to be stored in open memory;Wherein, the opening is deposited The information that reservoir is used to store under the open operation system and produced under the trusted operating system.
By the technical scheme of the present embodiment, middleware is grasped to sensitive data after sensitive data is taken out from SE During work, sensitive data can be caused to be under credible platform, so as to avoid malicious user from passing through attacking under open platform Break up solution mode to go to obtain sensitive data, it is ensured that safety of the sensitive data in the middleware-operation stage.In addition, being taken out from SE During middleware is operated to sensitive data after sensitive data, due to sensitive data be actually be stored in it is safe In buffering area, therefore sensitive data can be made in safety buffer zone with plaintext version storage without re-encrypting storage, so that So that credible middleware to the access speed of sensitive data faster, improve the processing speed of sensitive data operation.
It should be noted that herein, such as first and second or the like relational terms are used merely to a reality Body or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or deposited between operating In any this actual relation or order.Term " comprising ", "comprising" or its any other variant are intended to non-row His property is included, so that process, method, article or equipment including a series of key elements not only include those key elements, and And also including other key elements being not expressly set out, or also include for this process, method, article or equipment institute inherently Key element.In the absence of more restrictions, the key element limited by sentence " including one ... ", it is not excluded that including Also there is other identical element in process, method, article or the equipment of the key element.
For apparatus embodiments, because it corresponds essentially to embodiment of the method, so related part is real referring to method Apply the part explanation of example.Apparatus embodiments described above are only schematical, wherein described be used as separating component The unit of explanation can be or may not be physically separate, and the part shown as unit can be or can also It is not physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can be according to reality Selection some or all of module therein is needed to realize the purpose of this embodiment scheme.Those of ordinary skill in the art are not In the case of paying creative work, you can to understand and implement.
Described above is only the embodiment of the application, it is noted that for the ordinary skill people of the art For member, on the premise of the application principle is not departed from, some improvements and modifications can also be made, these improvements and modifications also should It is considered as the protection domain of the application.

Claims (8)

1. a kind of method of sensitive data operation, it is characterised in that including:
Run in response to application program under open operation system, call the universal middleware under the open operation system, and The universal middleware is controlled to perform the operation of the application triggers;
Sensitive data operation is triggered under the open operation system in response to the application program, by the application program from institute State open operation system and be switched to operation under trusted operating system, and call the credible middleware under trusted operating system, control The credible middleware performs the sensitive data operation;
In the implementation procedure that the sensitive data is operated, the credible middleware is controlled to read sensitive number from safety element According to, and/or, control the credible middleware to write sensitive data into the safety element;
Wherein, the open operation system, the universal middleware, the trusted operating system and the credible middleware are matched somebody with somebody Put in credible performing environment TEE chips, the safety element is specially SE chips.
2. the method according to the claim 1, it is characterised in that in the universal middleware there is sensitive data to operate Proxy interface, the sensitive data operation agent interface is used to respond the application program, is touched under the open operation system Send out sensitive data operation;
It is described to trigger sensitive data operation under the open operation system in response to the application program, by the application program It is switched under trusted operating system and runs from the open operation system, including:
In running of the application program under the open operation system, the operation of the universal middleware is monitored;
The sensitive data operation agent interface is run in response to the universal middleware, safety monitor is called, and control institute State safety monitor and the running environment of the application program is switched to trusted operating system from the open operation system.
3. according to the method described in claim 1, it is characterised in that the credible middleware called under trusted operating system it Afterwards, in addition to:
Control to set up escape way between the credible middleware and the safety element, so as to the credible middleware with it is described The interaction of sensitive data is carried out between safety element by the escape way.
4. according to the method described in claim 1, it is characterised in that also include:
In the implementation procedure that the sensitive data is operated, control the credible middleware that output information is encrypted, and will Output information after encryption is stored in open memory;Wherein, the open memory is used to store the open operation system The information produced under system and under the trusted operating system.
5. a kind of equipment of sensitive data operation, it is characterised in that including:
First calling module, for being run in response to application program under open operation system, calls the open operation system Under universal middleware;
First control module, for controlling the universal middleware to perform the operation of the application triggers;
Handover module, for triggering sensitive data operation under the open operation system in response to the application program, by institute State application program and be switched to operation under trusted operating system from the open operation system;
Second calling module, for calling the credible middleware under trusted operating system;
Second control module, for controlling the credible middleware to perform the sensitive data operation;
Module for reading and writing, in the implementation procedure that the sensitive data is operated, controlling the credible middleware from safety element Middle reading sensitive data is used, and/or, control the credible middleware to write sensitive data into the safety element;
Wherein, the open operation system, the universal middleware, the trusted operating system and the credible middleware are matched somebody with somebody Put in credible performing environment TEE chips, the safety element is specially SE chips.
6. the equipment according to the claim 5, it is characterised in that in the universal middleware there is sensitive data to operate Proxy interface, the sensitive data operation agent interface is triggered for responding the application program under the open operation system Sensitive data is operated;
The handover module includes:
Submodule is monitored, it is described logical in running of the application program under the open operation system, monitoring With the operation of middleware;
Submodule is called, for running the sensitive data operation agent interface in response to the universal middleware, safety is called Monitor;
Control submodule, for controlling the safety monitor by the running environment of the application program from the open operation system System is switched to trusted operating system.
7. equipment according to claim 5, it is characterised in that also include:
3rd control module, for calling the credible middleware under trusted operating system after, in response to control it is described it is credible in Between set up escape way between part and the safety element, to pass through institute between the credible middleware and the safety element State the interaction that escape way carries out sensitive data.
8. equipment according to claim 5, it is characterised in that also include:
4th control module, in the implementation procedure that the sensitive data is operated, controlling the credible middleware to output Information is encrypted;
Storage module, for the output information after encryption to be stored in open memory;Wherein, the open memory is used for Store the information produced under the open operation system and under the trusted operating system.
CN201410342484.8A 2014-07-17 2014-07-17 A kind of method and apparatus for operating sensitive data Expired - Fee Related CN104077533B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410342484.8A CN104077533B (en) 2014-07-17 2014-07-17 A kind of method and apparatus for operating sensitive data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410342484.8A CN104077533B (en) 2014-07-17 2014-07-17 A kind of method and apparatus for operating sensitive data

Publications (2)

Publication Number Publication Date
CN104077533A CN104077533A (en) 2014-10-01
CN104077533B true CN104077533B (en) 2017-09-15

Family

ID=51598783

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410342484.8A Expired - Fee Related CN104077533B (en) 2014-07-17 2014-07-17 A kind of method and apparatus for operating sensitive data

Country Status (1)

Country Link
CN (1) CN104077533B (en)

Families Citing this family (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105592019B (en) * 2014-11-05 2018-12-25 中国银联股份有限公司 The method that two-way access is applied between dual execution environment
CN104462958B (en) * 2014-11-06 2018-01-09 东莞宇龙通信科技有限公司 The inter-system switching method and device of a kind of terminal
CN104468611B (en) * 2014-12-24 2017-09-08 宇龙计算机通信科技(深圳)有限公司 The data safety processing method and device switched based on dual system
CN104615553B (en) * 2015-01-30 2017-12-12 深圳酷派技术有限公司 Data capture method, data acquisition facility and terminal
DE102015001900A1 (en) * 2015-02-09 2016-08-11 Giesecke & Devrient Gmbh Method for operating a security element
CN104899506B (en) * 2015-05-08 2018-01-12 深圳市雪球科技有限公司 Security system implementation method based on virtual secure element in credible performing environment
CN107004098B (en) * 2015-05-28 2020-10-16 宇龙计算机通信科技(深圳)有限公司 System switching method, device and terminal
CN106529228A (en) * 2015-09-02 2017-03-22 北京壹人壹本信息科技有限公司 Method and device for safe operations of personal information
CN106548084A (en) * 2015-09-02 2017-03-29 北京壹人壹本信息科技有限公司 File security means of defence and device
CN105512576A (en) * 2015-12-14 2016-04-20 联想(北京)有限公司 Method for secure storage of data and electronic equipment
CN106940776A (en) * 2016-01-04 2017-07-11 中国移动通信集团公司 A kind of sensitive data operating method and mobile terminal
CN107315970B (en) * 2016-04-26 2020-03-20 展讯通信(上海)有限公司 Sensitive data interaction method and device
CN106027563A (en) * 2016-07-08 2016-10-12 上海瀚银信息技术有限公司 Sensitive data encryption and decryption device and method, and transaction system
EP3547195B1 (en) 2016-12-29 2020-11-25 Huawei Technologies Co., Ltd. System-on-chip and method for switching secure operating systems
CN108933660A (en) * 2017-05-26 2018-12-04 展讯通信(上海)有限公司 Digital content protective system based on HDCP
CN109960903A (en) * 2017-12-26 2019-07-02 中移(杭州)信息技术有限公司 A kind of method, apparatus, electronic equipment and storage medium that application is reinforced
CN108228157A (en) * 2017-12-29 2018-06-29 北京握奇智能科技有限公司 TEE system interfaces packaging method, device and mobile terminal
CN112468473B (en) * 2018-11-16 2023-10-24 创新先进技术有限公司 Remote proving method and device for trusted application program and electronic equipment
CN111159782B (en) * 2019-12-03 2021-05-18 支付宝(杭州)信息技术有限公司 Safety task processing method and electronic equipment
CN111177701B (en) * 2019-12-11 2022-09-13 北京握奇智能科技有限公司 Method and equipment for realizing cryptographic function service based on trusted execution environment and security chip
CN115330383A (en) * 2021-07-22 2022-11-11 支付宝(杭州)信息技术有限公司 Offline bill generation method and device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102763098A (en) * 2009-12-14 2012-10-31 思杰系统有限公司 Methods and systems for communicating between trusted and non-trusted virtual machines

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8543841B2 (en) * 2011-06-30 2013-09-24 Oracle International Corporation Secure hosted execution architecture
CN103514414A (en) * 2012-06-26 2014-01-15 上海盛轩网络科技有限公司 Encryption method and encryption system based on ARM TrustZone
CN103745155A (en) * 2014-01-03 2014-04-23 东信和平科技股份有限公司 Credible Key and safe operation method thereof

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102763098A (en) * 2009-12-14 2012-10-31 思杰系统有限公司 Methods and systems for communicating between trusted and non-trusted virtual machines

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ARM TrustZone安全隔离技术研究与应用;王熙友;《中国优秀硕士学位论文全文数据库 信息科技辑 2014年第01期》;20140115;第17、18、36页、第54-57页 *

Also Published As

Publication number Publication date
CN104077533A (en) 2014-10-01

Similar Documents

Publication Publication Date Title
CN104077533B (en) A kind of method and apparatus for operating sensitive data
US9800560B1 (en) Systems and methods for monitoring encrypted data transmission
JP6335315B2 (en) System and method for scanning a packed program in response to detection of suspicious behavior
CN104331644B (en) A kind of transparent encipher-decipher method of intelligent terminal file
CN104125216B (en) A kind of method, system and terminal for lifting credible performing environment security
EP3123657B1 (en) Method and apparatus for cloud-assisted cryptography
CN103353931B (en) Security-enhanced computer system and method
CN105493097B (en) Protection scheme for the data remotely stored
CN110492990B (en) Private key management method, device and system under block chain scene
US9246944B1 (en) Systems and methods for enforcing data loss prevention policies on mobile devices
CN107851167A (en) Protection calculates the technology of data in a computing environment
CN103150514A (en) Mobile equipment-based credible module and credible service method thereof
CN110348252A (en) Operating system and method based on trusted domain
US9027078B1 (en) Systems and methods for enforcing data loss prevention policies on sandboxed applications
EP3449607B1 (en) Systems and methods for managing encryption keys for single-sign-on applications
CN107358114A (en) A kind of method and terminal for preventing user data loss
KR20150022815A (en) A method for dynamic generation and modification of an electronic entity architecture
CN107609412A (en) A kind of method for realizing that mobile terminal safety stores under mobile Internet based on TrustZone technologies
CN103902922B (en) A kind of method and system for preventing file from stealing
CN106295386A (en) The guard method of data file, device and terminal unit
US11032319B1 (en) Systems and methods for preparing honeypot computer files
CN109325322B (en) Software intellectual property protection system and method for embedded platform
CN105095784A (en) Terminal data writing and reading methods and devices
CN102685326A (en) Message encryption method and device and mobile terminal
CN103593619A (en) Method and system applied to data protection

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20170915

Termination date: 20210717

CF01 Termination of patent right due to non-payment of annual fee