CN104346572A - Construction method of universal external intelligent terminal safety operation environment - Google Patents
Construction method of universal external intelligent terminal safety operation environment Download PDFInfo
- Publication number
- CN104346572A CN104346572A CN201310317084.7A CN201310317084A CN104346572A CN 104346572 A CN104346572 A CN 104346572A CN 201310317084 A CN201310317084 A CN 201310317084A CN 104346572 A CN104346572 A CN 104346572A
- Authority
- CN
- China
- Prior art keywords
- intelligent terminal
- tem
- security strategy
- file
- boot
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a construction method of a universal external intelligent terminal safety operation environment. The method comprises the following steps: (1) establishing an application security strategy packet comprising a ram (random access memory) disk file and a kernel image for a target application by an application publisher; setting a system security control module in the Android system and then compiling the system to generate the kernel image, wherein the system security control module comprises a security strategy file; (2) setting a trusted execution module TEM, transmitting command information to the intelligent terminal to enable the intelligent terminal to download the application security strategy packet from the TEM end, and starting the system on the intelligent terminal; (3) monitoring all files mapped into a memory during operation of the system by the system security control module, examining whether the files belong to the files in the security strategy files, releasing the mapping operation by the system security control module if the files belong to the files in the security strategy files, and otherwise, refusing the mapping operation. According to the method, the original software and hardware of the intelligent terminal are not required to be changed, and the promotion is easy.
Description
Technical field
The present invention relates to a kind of method that intelligent terminal based on ARM and Android builds credible running environment, lay particular emphasis on and be embodied as the object that target Android application program sets up credible running environment on the basis not affecting the original software and hardware structure of intelligent terminal, be applicable to the application of security sensitive, as paid business, secure communication etc. by mails, belong to information system security category.
Background technology
The intelligent terminal being representative with smart mobile phone, panel computer has the operating system of perfect in shape and function, powerful application processor (CPU) and internal memory and outstanding human-computer interaction interface, user can according to individual demand real-time extension machine function, more application program can be installed, achieve the hommization function that software market is synchronous.Intelligent terminal developed into one powerful, integrate the comprehensive personal hand-held terminal device of call, note, video display amusement, network insertion.The above feature of intelligent terminal makes it can meet the multiple demand of user anywhere or anytime.But, along with the widespread use of intelligent terminal, increasing safety problem also occurs thereupon, many illegal rogue application, Malware and unknown virus program are invaded the user information safety problem brought and are on the rise, and make the personal information of user comprise the individual privacies such as address list, schedule, positional information, note, photo and voice memo and electronic account property safety all exists serious potential safety hazard.
Trust computing correlation technique is the effective means solving terminal security problem, tradition is with TPM(credible platform module) be applied to the safety problem solving PC terminal and exist at first for the reliable computing technology of representative, technology path is mainly on the basis of the original software and hardware system of computing machine, by at increase security component at all levels, take BIOS as root of trust, according to boot sequence, each assembly is responsible for carrying out integrity measurement and checking to the next assembly in start-up course, thus builds a safe and reliable running environment for computer utility.In trust computing evolution, researcher also proposed the concept of mobile TPM, its thought mainly uses for reference the technology path of U-Key, achieve the mobile of the function such as trusted storage, key management in TPM chip, but for being the credible running environment this purpose of application build, it is the method for root of trust that mobile TPM still have employed with boot, need to carry out custom-modification to traditional computer boot, thus realize the foundation of credible running environment.In addition, researcher also proposed TPCM(credible platform control module) scheme, by implanting TPCM safety chip in PC terminal, powering up boot sequence by what change traditional computer, thus realizing the transfer of trusted root and the foundation of credible running environment.
Along with the development of intelligent terminal, the demand setting up credible running environment for intelligent terminal is increasing.The Typical Representative of such technology comprises the TrustZone technology of ARM, the MTM(mobile trusted module of TCG) technology etc.Wherein TrustZone technology is the method proposed in ARM V7 architectural framework, and therefore the method needs terminal to adopt the CPU supporting ARM V7 framework.MTM technology is that TPM technology is stretched grinding of intelligent terminal, and the method building credible running environment based on it is similar to TPM.
Analyze said method, can find out, the incident problem of tradition reliable computing technology is that the enforcement of technical scheme needs the degree of depth of terminal business men, chip business men or system software business men to participate in, and do like this and can make on the one hand scheme cannot directly for the terminal user sold provides safety guarantee, terminal business men considers the problem such as product stability and degree of ripeness on the other hand, also can there is doubt to adopting such scheme.Therefore design one that have nothing to do with the original software and hardware structure of intelligent terminal, while there is again the safety guarantee advantage that software and hardware that traditional trust computing has links credible running environment construction method seem very necessary.And by investigation, also someone proposes the credible running environment construction method towards intelligent terminal with These characteristics at present.
Summary of the invention
For the technical matters that prior art exists, a kind of employing external hardware unit is the object of the present invention is to provide to realize being one or more complete application software in intelligent terminal, but not one or more particular module, build the method for secure operating environment.The MicroUSB interface that external hardware unit and intelligent terminal adopt current smart mobile phone generally to support is connected, and need not carry out the change of any software and hardware configuration to original intelligent terminal.Application publisher can utilize this method for software stack environment when intended application customizes the operation that it expects.When intended application operates in new environment, when in intelligent terminal, other application mounted can not cause the operation of intended application software stack environment and publisher's expectation value inconsistent.By the running environment that this method is set up, its computational resource still adopts the hardware resource of original intelligent terminal, and therefore the operational efficiency of intended application and external hardware unit itself configure irrelevant.
As shown in Figure 1, designed system framework of the present invention is as follows:
The hardware unit be connected is carried out in introducing one by system by the MicroUSB hardware interface of smart mobile phone and smart mobile phone, be called credible execution module (TEM).Can be the credible running environment of trusted application Dynamic Establishing in common intelligent mobile phone platform based on TEM.TEM mainly utilizes the existing computing power of smart mobile phone, display capabilities and network interconnection ability etc. to support, and application runs, TEM itself will only be responsible for setting up core security function necessary in credible running environment process, therefore TEM only needs built-in low-cost processes device and low capacity RAM and Flash, support the storage cards such as external SD card, thus ensure that the low cost of TEM.
Contemplated system is run and is mainly comprised two flow processs:
First flow process is using security strategy customization flow process, can be protected application (such as stored value card etc.) make security strategy bag by application publishers such as this Functional Banks.Security strategy bag can be issued with the storage card form storing security strategy bag by application publisher, also can download security strategy bag to the PCMCIA memory cards such as individual SD card by user from assigned address.
Second flow process is that user uses flow process.When user needs to run this application, first the storage card storing security strategy bag is connected to TEM, and TEM is connected to smart mobile phone.Then user presses the " RUN " button on TEM, and TEM will set up credible running environment for intended application software package, and provides visual credible running state information by the user lamp in TEM to user.
In using security strategy customization flow process, the present invention proposes a kind of security strategy bag method for making.The method is described below:
1) apply the intelligent terminal model that publisher needs according to intended application to support to run, determine the android system version that this model device adopts, and generate the kernel mirror image duplicate of the document in this equipment, i.e. boot.img.Having the copy of kernel mirror image file by gathering this equipment, obtaining ramdisk file.
2) according to the system version that the first step is determined, download Android source code, and core part adds system security controls module within it, compiling generates kernel mirror image.
3) ramdisk in the boot.img mirror image of the first step is discharged.
4) step 2 is utilized) ramdisk file generated boot.img that the kernel mirror image that generates and step 3) are extracted, namely this new boot.img file exists as the using security strategy bag of this method.
In using security strategy customization flow process the system security controls module in charge that increases after android system kernel loads to system in the application software run control according to security strategy, its flow process is as follows:
1) the cryptographic hash list of dex file in the built-in application A PK bag allowing to run of system security controls module.This list is security strategy, and dex file is the file suffixes that under android, dalvik virtual machine application is general.
2) system security controls module is mapped into the All Files of internal memory in kernel state supervisory control system running process, for each file, first its suffix name is checked, if be dex file, then hashing operation is performed to it, the cryptographic hash in operating result and the built-in Hash list of the first step is compared, as belonged to this Hash list, system security controls module is let pass to this map operation, otherwise refuses this map operation, and the application APP that Dex is corresponding starts unsuccessfully.
Use in flow process user, the present invention proposes the method utilizing TEM to build secure operating environment, method is as follows:
1) TEM end sends adb order to intelligent terminal: adb reboot bootloaer, makes terminal restart and enter bootloader pattern;
2) TEM end sends fastboot order to intelligent terminal: fastboot boot boot.img, boot.img is above-described using security strategy bag herein.
Compared with prior art, good effect of the present invention is:
1, the secure operating environment method for building up such as traditional TPM needs to carry out custom-modification to original terminal software and hardware usually, but, for intelligent terminal, do things in his own way because its industrial structure exists CPU product man, it is obvious that terminal business men customizes feature, and conventional security running environment method for building up is difficult to when actual deployment carry out.The credible running environment method for building up of general external intelligent terminal based on MicroUSB interface that this method proposes, without the need to changing the original software and hardware configuration of intelligent terminal, therefore has the advantage easily carried out.
2, compare the external technology such as U-Key, such technology can only provide a secure operating environment for cryptography arithmetic usually, and the external technology that this method proposes, can be that a complete application sets up secure operating environment.
3, adopt this method, application publisher can the expection running environment of self-defining intended application, and make it break away from dependence to other safety approach providers, the protection abilities achieved self paying close attention to content is self-defined.
Accompanying drawing explanation
Fig. 1 is the system architecture diagram of inventive method;
Fig. 2 is that TEM builds credible running environment workflow diagram.
Embodiment
1, in using security strategy customization flow process, the present invention proposes a kind of security strategy bag method for making.Specific implementation method is described below:
1) apply the intelligent terminal model that publisher needs according to protected application to support to run, determine the android system version that this model device adopts, and generate the kernel mirror image duplicate of the document in this equipment, i.e. boot.img.
2) according to the system version that the first step is determined, download Android source code, and within it core part adds system security controls module, system security controls module be one based on Linux LSM(Linux security module) framework realize one group of code, this code packages is placed in Linux source code kernel, then according to general Android compilation of source code method, kernel mirror image is generated.
3) ramdisk in the boot.img mirror image of the first step is discharged.Method is as follows:
Utilize unpack-bootimg.pl can unpack boot.img and obtain boot.img-ramdisk.gz.Order is: unpack-bootimg.pl boot.img.
4) utilize mkbootimg, the ramdisk of the kernel mirror image of second step and the 3rd step is generated a boot.img, and namely this boot.img exists as using security strategy bag.Order as follows:
mkbootimg boot.img-kernel boot.img-ramdisk.gz-o boot.img
2, in using security strategy customization flow process the system security controls module in charge that increases after android system kernel loads to system in the application software run control, it mainly utilizes in Linux LSM framework and carries out intercepting and capturing for the system call of Memory Mapping File and its and judge, its decision logic is as follows:
1) system security controls module comprises the cryptographic hash list of dex file in its code in the built-in application A PK bag allowing to run.This list can be adopted and be realized with the following method:
A. use APK untar to unpack the application A PK bag allowing to run and obtain dex file;
B. SHA1 computing is done to dex file;
C. the HASH value that SHA1 computing obtains is preset in safety control module code with array form.
2) system security controls module is mapped into the All Files of internal memory in kernel state supervisory control system running process, for each file, first its suffix name is checked, if be dex file, then hashing operation is performed to it, operating result and the built-in Hash list of the first step are compared, as belonged to this Hash list, system security controls module is let pass to this map operation, otherwise refuses this map operation.
3, as shown in Figure 2, to build the workflow of credible running environment as follows for TEM of the present invention:
1) user presses " the operation key " on TEM, and following steps are automatically performed by TEM;
2) TEM end sends adb order to intelligent terminal: adb devices, if equipment and TEM are in normal connection status, equipment end can hold Returning equipment information to TEM;
3) TEM holds checkout equipment information: if facility information do not detected, and whether checkout facility connects and drive file normal, confirm errorless after return 2) re-execute; If facility information detected, continue to perform 4 downwards);
4) TEM end sends adb order to intelligent terminal: adb reboot bootloaer, makes mobile phone restart and enter bootloader pattern;
5) TEM hold detection 4) in order return results: if the mistake of returning (error:device not found) checkout facility connect, return 2) continue perform; If do not return mistake, wait for 5 seconds and make that mobile phone has the sufficient time to enter bootloader pattern and then continues to perform 6 downwards);
6) TEM end sends fastboot order to intelligent terminal: fastboot devices, is used for checkout equipment whether to have entered bootloader pattern;
7) TEM holds checkout equipment information: if facility information do not detected, and whether checkout facility connects normal, returns 6) re-execute; If facility information detected, continue to perform 8 downwards);
8) TEM end sends fastboot order to intelligent terminal: fastboot boot boot.img, makes intelligent terminal download boot.img from TEM end and utilize this img file to restart and enters credible running environment;
9) judge order 8) whether run succeeded, if run succeeded, flow process terminates, if perform failure, then check the position of boot.img file and name whether correct, checks and revise errorless after return 8) execution.
Claims (10)
1. a general external intelligent terminal secure operating environment construction method, the steps include:
1) apply publisher and set up a using security strategy bag for intended application, it comprises a ramdisk file and a kernel mirror image; Ramdisk file in the android system that described ramdisk file adopts for intelligent terminal that support runs this intended application, carries out compiling to this android system and generates described kernel mirror image after the kernel portion of this android system arranges a system security controls module; Described system security controls module comprises a Java.policy;
2) a credible execution module TEM is set, will equipment and this TEM data cube computation of this using security strategy bag be stored, this TEM is connected with the Intelligent terminal data that support runs this intended application;
3) this TEM sends command information to this intelligent terminal, makes it hold from this TEM and downloads this using security strategy bag, and start android system on this intelligent terminal;
4) this system security controls module monitors the All Files being mapped into internal memory in this android system operational process at kernel state, for each file, check whether it belongs to the file in this Java.policy, if it is this system security controls module is let pass to this map operation, otherwise refuses this map operation.
2. the method for claim 1, is characterized in that described Java.policy comprises one group of fileinfo allowing to run.
3. method as claimed in claim 2, is characterized in that described Java.policy comprises the cryptographic hash list of dex file in the application A PK bag of a permission operation.
4. method as claimed in claim 3, is characterized in that the generation method of described Hash list is: first use APK untar to unpack the application A PK bag allowing to run and obtain dex file; Then SHA1 computing is done to dex file; Then HASH value SHA1 computing obtained is preset in this system security controls module with array form.
5. method as claimed in claim 3, it is characterized in that first this system security controls module checks the file suffixes name of each mapping as internal memory, if be dex file, then hashing operation is performed to it, cryptographic hash in operating result and this Hash list is compared, if there is corresponding cryptographic hash, then system security controls module is let pass to this map operation, otherwise refuses this map operation.
6. the method as described in as arbitrary in Claims 1 to 5, is characterized in that the preparation method of described using security strategy bag is:
61) apply publisher according to the intelligent terminal model supported needed for operational objective application, determine the android system version that this model intelligent terminal adopts, and generate the kernel mirror image duplicate of the document boot.img of this model intelligent terminal;
62) arrange this system security controls module in the kernel portion of this version android system, compiling generates this kernel mirror image;
63) the ramdisk file in this boot.img is discharged;
64) by this kernel mirror image and this ramdisk file generated one kernel mirror image duplicate of the document boot.img, using this kernel mirror image duplicate of the document boot.img as described using security strategy bag.
7. method as claimed in claim 6, it is characterized in that by application publisher issue the mode storing the storage card of this security strategy bag obtain described in store this using security strategy bag equipment or by download from assigned address this security strategy bag to the mode of storage card obtain described in store the equipment of this using security strategy bag.
8. the method for claim 1, is characterized in that, credible execution module TEM utilizes the existing computing power of intelligent terminal, display capabilities and network interconnection ability to support intended application operation.
9. the method for claim 1, after it is characterized in that credible execution module TEM is connected with intelligent terminal, first sends adb order to intelligent terminal: adb reboot bootloaer, makes terminal restart and enter bootloader pattern; Then fastboot order is sent to intelligent terminal: fastboot boot boot.img, boot.img is described using security strategy bag herein.
10. method as claimed in claim 9, is characterized in that credible execution module TEM is provided with user lamp, provides visual credible running state information by user lamp to user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310317084.7A CN104346572B (en) | 2013-07-25 | 2013-07-25 | A kind of general external intelligent terminal secure operating environment construction method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310317084.7A CN104346572B (en) | 2013-07-25 | 2013-07-25 | A kind of general external intelligent terminal secure operating environment construction method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104346572A true CN104346572A (en) | 2015-02-11 |
| CN104346572B CN104346572B (en) | 2017-11-14 |
Family
ID=52502152
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310317084.7A Active CN104346572B (en) | 2013-07-25 | 2013-07-25 | A kind of general external intelligent terminal secure operating environment construction method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104346572B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104683336A (en) * | 2015-02-12 | 2015-06-03 | 中国科学院信息工程研究所 | Security-region-based method and system for protecting Android private data |
| CN106295347A (en) * | 2015-05-28 | 2017-01-04 | 国家计算机网络与信息安全管理中心 | For building the method and device of validating vulnerability environment |
| CN106681761A (en) * | 2016-12-13 | 2017-05-17 | 深圳市恒扬数据股份有限公司 | Interactive upgrade method and system |
| CN107679423A (en) * | 2017-10-10 | 2018-02-09 | 上海闻泰电子科技有限公司 | Partition integrity inspection method and device |
| CN112015478A (en) * | 2020-08-26 | 2020-12-01 | 北京字节跳动网络技术有限公司 | Kernel loading method, server, device, computer device and storage medium |
| CN113791813A (en) * | 2017-10-30 | 2021-12-14 | 华为技术有限公司 | Method and terminal for updating SELinux security policy |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110293097A1 (en) * | 2010-05-27 | 2011-12-01 | Maino Fabio R | Virtual machine memory compartmentalization in multi-core architectures |
| CN102760219A (en) * | 2011-12-20 | 2012-10-31 | 北京安天电子设备有限公司 | Android platform software protecting system, method and equipment |
| CN102880498A (en) * | 2012-09-13 | 2013-01-16 | 深圳市佳创软件有限公司 | Method of virtual SD (Security Digital) card on device with android system |
| CN103020531A (en) * | 2012-12-06 | 2013-04-03 | 中国科学院信息工程研究所 | Method and system for trusted control of operating environment of Android intelligent terminal |
| WO2013048492A1 (en) * | 2011-09-30 | 2013-04-04 | Intel Corporation | Mechanism for providing a secure environment for acceleration of software applications at computing devices |
-
2013
- 2013-07-25 CN CN201310317084.7A patent/CN104346572B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110293097A1 (en) * | 2010-05-27 | 2011-12-01 | Maino Fabio R | Virtual machine memory compartmentalization in multi-core architectures |
| WO2013048492A1 (en) * | 2011-09-30 | 2013-04-04 | Intel Corporation | Mechanism for providing a secure environment for acceleration of software applications at computing devices |
| CN102760219A (en) * | 2011-12-20 | 2012-10-31 | 北京安天电子设备有限公司 | Android platform software protecting system, method and equipment |
| CN102880498A (en) * | 2012-09-13 | 2013-01-16 | 深圳市佳创软件有限公司 | Method of virtual SD (Security Digital) card on device with android system |
| CN103020531A (en) * | 2012-12-06 | 2013-04-03 | 中国科学院信息工程研究所 | Method and system for trusted control of operating environment of Android intelligent terminal |
Non-Patent Citations (2)
| Title |
|---|
| 刘巍然等: "Android操作系统可信计算平台架构", 《武汉大学学报(理学版)》 * |
| 康文军: "在内核下地BootLoader自动更新方法", 《计算机工程》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104683336A (en) * | 2015-02-12 | 2015-06-03 | 中国科学院信息工程研究所 | Security-region-based method and system for protecting Android private data |
| CN104683336B (en) * | 2015-02-12 | 2018-11-13 | 中国科学院信息工程研究所 | A kind of Android private data guard method and system based on security domain |
| CN106295347A (en) * | 2015-05-28 | 2017-01-04 | 国家计算机网络与信息安全管理中心 | For building the method and device of validating vulnerability environment |
| CN106681761A (en) * | 2016-12-13 | 2017-05-17 | 深圳市恒扬数据股份有限公司 | Interactive upgrade method and system |
| CN106681761B (en) * | 2016-12-13 | 2020-12-01 | 深圳市恒扬数据股份有限公司 | Interactive upgrading method and system |
| CN107679423A (en) * | 2017-10-10 | 2018-02-09 | 上海闻泰电子科技有限公司 | Partition integrity inspection method and device |
| CN113791813A (en) * | 2017-10-30 | 2021-12-14 | 华为技术有限公司 | Method and terminal for updating SELinux security policy |
| CN112015478A (en) * | 2020-08-26 | 2020-12-01 | 北京字节跳动网络技术有限公司 | Kernel loading method, server, device, computer device and storage medium |
| CN112015478B (en) * | 2020-08-26 | 2023-09-22 | 抖音视界有限公司 | Kernel loading method, server, device, computer device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104346572B (en) | 2017-11-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6053786B2 (en) | Firmware-based Trusted Platform Module (TPM) for ARM® Trust Zone implementation | |
| EP2962241B1 (en) | Continuation of trust for platform boot firmware | |
| CN102792307B (en) | The system and method for NS software is provided in virtual environment | |
| Wang et al. | Exploiting smart-phone usb connectivity for fun and profit | |
| CN101281577B (en) | Dependable computing system capable of protecting BIOS and method of use thereof | |
| CN110414235B (en) | Active immune double-system based on ARM TrustZone | |
| CN1925926B (en) | Device including cooperative embedded agents, related system and method | |
| CN105205401B (en) | Trusted computer system and its trusted bootstrap method based on security password chip | |
| JP5270377B2 (en) | Platform boot with bridge support | |
| CN107735769B (en) | Firmware-related event notification | |
| CN104346572A (en) | Construction method of universal external intelligent terminal safety operation environment | |
| CN107665308B (en) | TPCM system for building and maintaining trusted operating environment and corresponding method | |
| EP3706019B1 (en) | Hardware-enforced access protection | |
| CN102289622B (en) | Trusted startup method based on authentication policy file and hardware information collection | |
| CN107567629B (en) | Dynamic firmware module loader in trusted execution environment container | |
| EP2893485A1 (en) | Measuring platform components with a single trusted platform module | |
| CN102955921A (en) | Electronic device and safe starting method | |
| US10185633B2 (en) | Processor state integrity protection using hash verification | |
| CN111125707A (en) | BMC (baseboard management controller) safe starting method, system and equipment based on trusted password module | |
| Dhobi et al. | Secure firmware update over the air using trustzone | |
| CN110263532B (en) | Trusted computing method, device and system | |
| US20240160431A1 (en) | Technologies to update firmware and microcode | |
| SG185114A1 (en) | External boot device, external boot program, external boot method and network communication system | |
| CN104243457A (en) | Credibility measuring method and system for mobile terminal | |
| CN103795905A (en) | Trusted starting method of web camera |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |