CN104463028A - Safety mode prompting method and movable device for implementing method - Google Patents
Safety mode prompting method and movable device for implementing method Download PDFInfo
- Publication number
- CN104463028A CN104463028A CN201310440444.2A CN201310440444A CN104463028A CN 104463028 A CN104463028 A CN 104463028A CN 201310440444 A CN201310440444 A CN 201310440444A CN 104463028 A CN104463028 A CN 104463028A
- Authority
- CN
- China
- Prior art keywords
- mobile device
- information
- mode
- safe mode
- storer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Abstract
The invention relates to the technology of computers, in particular to a method for prompting that a human-computer interface of a movable device enters a safety mode and the movable device for implementing the method. The method includes the following steps that in the safety mode, prompt information is written in a safety storage region in the movable device from a safety storage device, wherein the prompt information is generated in an external trusted environment and input into the safety storage device; if the movable device is switched into the safety mode from a non-safety mode in the later period, the prompt information is read from the safety storage region and displayed on the human-computer interface.
Description
Technical field
the present invention relates to computer technology, particularly in the man-machine interface of mobile device, prompting enters the method for safe mode and realizes the mobile device of the method.
Background technology
along with the develop rapidly of wireless access wide band technology and mobile terminal technology, mobile Internet arises at the historic moment and becomes with fastest developing speed, with the largest potentiality and that prospect is the most tempting market.Business based on mobile Internet is infiltrating the various aspects of people's daily life, such as social activity, shopping, financial transaction and life information acquisition etc.Many mobile Internet business relate to the storage of sensitive information (such as privacy of user, log in identity and password etc.), reading and transmission, therefore need to provide security mechanism protected.
industry develops secure operating system for this reason, and for running the safety-relevant applications originally run on multimedia OS, and other application still runs on multimedia OS.TrustZone technology is exactly the solution that ARM company proposes according to above-mentioned imagination, the program provides safe and non-security two kinds of mode of operations on the mobile apparatus by the handover mechanism of hardware itself, wherein, under multimedia OS runs on non-security mode, and under secure operating system runs on safe mode, and two operating systems are by hardware isolated, stop the system resource (such as internal memory and peripheral hardware etc.) under the routine access safe mode under non-security mode, thus meet the security requirement of mobile device.
in the secure mode, user is by trusted user interface (Trusted User Interface), and through the man-machine interface such as touch-screen and keyboard input sensitive information, now, the interaction data between user and external unit is all subject to tight protection.But some rogue program can lure user's reader confidential information by the secure interface of display personation, thus reaches the object illegally stolen.In order to prevent the generation of this situation, current way points out to user in a particular manner when mobile device enters safe mode.Conventional prompting mode adds the hardware indicating module of such as pilot lamp and so on the mobile apparatus, and when entering safe mode, pilot lamp is lit.But this mode will increase the cost of mobile device, and reliability not high (such as this hardware module may due to collide with etc. reason and damage).
as can be seen here, how reliably presenting information when mobile device enters safe mode is a problem in the urgent need to address.
Summary of the invention
an object of the present invention be to provide a kind of in the man-machine interface of mobile device prompting enter the method for safe mode, it has reliably, efficiently and realize the advantages such as simple.
comprise the following steps: according to the method for the present embodiment
in the man-machine interface of mobile device, prompting enters a method for safe mode, comprises the following steps:
in the secure mode, information is write the appointed area described mobile device from safety storage apparatus, wherein, described information generates and inputs described safety storage apparatus under outside trusted context; And
switch into described safe mode if described mobile device is follow-up from non-security mode, then read described information from described secure storage section and present described information in described man-machine interface.
preferably, in the above-mentioned methods, described appointed area is only addressable region under described safe mode in storer.Or preferably, described appointed area is only addressable storer under described safe mode.
preferably, in the above-mentioned methods, described information comprises image, sound, word or their combination.
preferably, in the above-mentioned methods, described information is saved in an encrypted form and transmits.
preferably, in the above-mentioned methods, if described mobile device enters described safe mode, then read described information from described secure storage section immediately and present described information in described man-machine interface.
of the present invention also have an object to be to provide a kind of mobile device, and it reliable, efficient and simple mode can realize the prompting entering safe mode.
comprise according to the mobile device of one embodiment of the invention:
be suitable for the communication unit carrying out with safety storage apparatus communicating;
storer, it comprises the secure storage section only allowing to access in the secure mode;
be coupled with described communication unit and storer and be suitable for the processor that runs under safe mode and non-security mode, it is configured to: make information write described secure storage section from described safety storage apparatus, and if described mobile device switches into safe mode from non-security mode, then read described information from described secure storage section and present described information in man-machine interface, wherein, described information generates and inputs described safety storage apparatus under outside trusted context.
preferably, in above-mentioned mobile device, described safety storage apparatus comprise following at least one: the secure storage areas that contact card, non-contact card or trust authority provide on its site, described information is transfused to described external unit in trusted context.
preferably, in above-mentioned mobile device, described communication unit comprises at least one in following interfaces: near field communication interface, 7816 interfaces, SDIO interface and WiFi interface.
comprise according to the mobile device of one embodiment of the invention:
be suitable for the communication unit carrying out with safety storage apparatus communicating;
safe mode storer, it only allows to access in the secure mode;
be coupled with described communication unit and storer and be suitable for the processor that runs under safe mode and non-security mode, it is configured to: make information write described safe mode storer from described safety storage apparatus, and if described mobile device switches into safe mode from non-security mode, then read described information from described safe mode storer and present described information in man-machine interface, wherein, described information generates and inputs described safety storage apparatus under outside trusted context.
according to embodiments of the invention, the information shown by man-machine interface in the secure mode generates under outside trusted context.Because outside trusted context has various peripheral hardware, therefore can generate the information of abundant species, thus under the prerequisite ensureing secure operating system simplicity, solve the problem of complicated authentication information input, improve the security of system.
Accompanying drawing explanation
from following detailed description by reference to the accompanying drawings, above and other objects of the present invention and advantage will be made more completely clear.
fig. 1 is the Organization Chart of the mobile device according to one embodiment of the invention.
fig. 2 enters the process flow diagram of the method for safe mode according to the prompting in the man-machine interface of mobile device of another embodiment of the present invention.
Embodiment
below by embodiment being described with reference to the drawings to set forth the present invention.But it is to be appreciated that these embodiments are only exemplary, restriction be there is no for spirit of the present invention and protection domain.
in this manual, " comprise " and the term of " comprising " and so on represents except having the unit and step that have in the specification and in the claims directly and clearly state, technical scheme of the present invention does not get rid of the situation had not by other unit of directly or clearly stating and step yet.Moreover the term of such as " first ", " second ", " the 3rd " and " the 4th " and so on does not represent order in time, space, size etc. of unit or numerical value and is only be used as to distinguish each unit or numerical value.
in this manual, trusted context refers in the present context, the behavior of assembly, process or operation is predictable under any operating conditions, and can resist the destruction that bad code and certain Physical Interference cause well, it such as can be provided by mobile operator, bank or other trust authority.
in this manual, secure operating system refers to the operating system that mobile device is worked in the secure mode, and non-secure operating system refers to the open operating system that mobile device is worked in the normal mode.
fig. 1 is the Organization Chart of the mobile device according to one embodiment of the invention.
as shown in Figure 1, the mobile device 10 of the present embodiment comprises communication unit 110, storer 120, safe mode storer 130, display 140, audio output device 150 and processor 160, wherein, processor 160 is coupled with communication unit 110, storer 120, safe mode storer 130, display 140 and audio output device 150.
communication unit 110 is responsible for the communication between mobile device 10 and external unit, and it such as can comprise at least one in following interfaces: as WIFI interface, NFC interface, 7816 interfaces and SDIO interface etc.
in the present embodiment, storer 120 comprises nonvolatile memory 121 and dynamic RAM 122.When mobile device 10 powers up startup, the computer program (such as multimedia OS) stored in nonvolatile memory 121 is loaded in dynamic RAM 122.Secure operating system can be loaded into when powering up startup in dynamic storage 122, or is loaded into when receiving switching command in dynamic storage 122.Safety applications and sensitive data are stored in safe mode storer 130.
processor 160 runs the computer program be loaded in dynamic storage 121, thus has worked in coordination with various application process with other parts of mobile device 10.Such as, when processor 140 runs under non-security mode, it can be mutual to perform common business processing through communication unit 110 and external unit 20.In the secure mode, secure operating system calls safety applications in safe mode storer 130 and sensitive data to realize corresponding business processing.
according to the present embodiment, secure operating system comprises indicator module, and this module in charge presents the information entering safe mode to user.When secure operating system adapter mobile device 10, it will call indicator module execution and enter safe mode prompting routine.Once enter safe mode, indicator module is namely called to complete presenting of information.
consider security, information can not be too simple to increase counterfeit difficulty.Information can be acoustic information, the such as numeral of image information, the such as snatch of music and user speech and so on of such as photo and picture and so on, alphabetical and so on Word message.In the present embodiment, the information of image, word and form of sound can present to user in an individual manner or in combination.
for security consideration, information should generate under trusted context.But when information more complicated, if directly generated in the secure mode by mobile device 10, then will increase the complicacy of secure operating system, also can have influence on the security of system simultaneously.For this reason, in the present embodiment, complete under the generating run of information is arranged at the trusted context of mobile device outside, this information is written in safe mode storer 130 from the safety storage apparatus 20 of outside and calls when performing safe mode prompting routine for indicator module subsequently.Preferably, information is transmitted in an encrypted form and is kept in safe mode storer 130 between mobile device 10 and safety storage apparatus 20.
it is pointed out that safety storage apparatus 20 described here should broad understanding be the various device that can provide safeguard protection to data, it such as includes but not limited to the secure storage areas that contact card, non-contact card or trust authority provide on its site.
to in the improved form of the above embodiment of the present invention, safe mode storer 130 is removed, and information is stored in the specific region of nonvolatile memory 121, and this specific region is only addressable secure storage section in the secure mode.
fig. 2 is the process flow diagram realizing the method switched between untrusted environment and trusted context in a mobile device according to another embodiment of the present invention.Exemplarily, hypothesis adopts the framework of the mobile device shown in Fig. 1 here, but will recognize that from the following description, and the method for the present embodiment does not also rely on specific framework.
as shown in Figure 2, in step s 201, processor 160 judges whether mobile device 10 has been configured the information entering safe mode, if be configured, then enters step S202, otherwise enters step S203.
in step S202, processor 160 judges whether to need to upgrade information further, if needed, then enters step S203, otherwise enters step S204.
in step S203, the information received from the safety storage apparatus 20 of outside through communication unit 110 writes in safe mode storer 130 by processor 160 in the secure mode.
then enter step S204, processor 160 judges whether mobile device 10 switches into safe mode from non-security mode, if switched, then enters step S205, otherwise continues the switching of detecting pattern.
in step S205, processor 160 reads information from safe mode storer 130 and makes corresponding unit present information.In step S205, such as, can mark one piece of independent region and show image as information or word in the man-machine interface of display 140, for the sound as information, then can play through audio output device 150.
owing to when not deviating from essence spirit of the present invention, can implement the present invention in a variety of manners, therefore above-described embodiment is only illustrative and not restrictive.Scope of the present invention is defined by claims, and the various change do describing mode above or variation all belong to the protection domain of claims.
Claims (11)
1. in the man-machine interface of mobile device, prompting enters a method for safe mode, it is characterized in that, comprises the following steps:
In the secure mode, information is write the appointed area described mobile device from safety storage apparatus, wherein, described information generates and inputs described safety storage apparatus under outside trusted context; And
Switch into described safe mode if described mobile device is follow-up from non-security mode, then read described information from described secure storage section and present described information in described man-machine interface.
2.
the method of claim 1, wherein described appointed area is only addressable region under described safe mode in storer.
3.
the method of claim 1, wherein described appointed area is only addressable storer under described safe mode.
4.
the method of claim 1, wherein described information comprises image, sound, word or their combination.
5.
the method of claim 1, wherein described information is saved in an encrypted form and transmits.
6.
if the method for claim 1, wherein described mobile device enters described safe mode, then read described information from described secure storage section immediately and present described information in described man-machine interface.
7.
a kind of mobile device, is characterized in that, comprising:
be suitable for the communication unit carrying out with safety storage apparatus communicating;
storer, it comprises the secure storage section only allowing to access in the secure mode;
be coupled with described communication unit and storer and be suitable for the processor that runs under safe mode and non-security mode, it is configured to: make information write described secure storage section from described safety storage apparatus, and if described mobile device switches into safe mode from non-security mode, then read described information from described secure storage section and present described information in man-machine interface, wherein, described information generates and inputs described safety storage apparatus under outside trusted context.
8.
mobile device as claimed in claim 7, wherein, described information comprises image, sound, word or their combination.
9.
mobile device as claimed in claim 7, wherein, described safety storage apparatus comprise following at least one: the secure storage areas that contact card, non-contact card or trust authority provide on its site, described information is transfused to described external unit in trusted context.
10.
mobile device as claimed in claim 7, wherein, described communication unit comprises at least one in following interfaces: near field communication interface, 7816 interfaces, SDIO interface and WiFi interface.
11.
a kind of mobile device, is characterized in that, comprising:
be suitable for the communication unit carrying out with safety storage apparatus communicating;
safe mode storer, it only allows to access in the secure mode;
be coupled with described communication unit and storer and be suitable for the processor that runs under safe mode and non-security mode, it is configured to: make information write described safe mode storer from described safety storage apparatus, and if described mobile device switches into safe mode from non-security mode, then read described information from described safe mode storer and present described information in man-machine interface, wherein, described information generates and inputs described safety storage apparatus under outside trusted context.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310440444.2A CN104463028B (en) | 2013-09-25 | 2013-09-25 | Safe mode reminding method and the mobile equipment for realizing this method |
| PCT/CN2014/087161 WO2015043444A1 (en) | 2013-09-25 | 2014-09-23 | Secure mode prompt method and mobile device for realizing the method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310440444.2A CN104463028B (en) | 2013-09-25 | 2013-09-25 | Safe mode reminding method and the mobile equipment for realizing this method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104463028A true CN104463028A (en) | 2015-03-25 |
| CN104463028B CN104463028B (en) | 2018-06-22 |
Family
ID=52742052
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310440444.2A Active CN104463028B (en) | 2013-09-25 | 2013-09-25 | Safe mode reminding method and the mobile equipment for realizing this method |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN104463028B (en) |
| WO (1) | WO2015043444A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105356998A (en) * | 2015-09-28 | 2016-02-24 | 宇龙计算机通信科技(深圳)有限公司 | TrustZone-based domain space switching system and method |
| CN109446847A (en) * | 2017-08-31 | 2019-03-08 | 厦门雅迅网络股份有限公司 | Configuration method, terminal device and the storage medium of dual system peripheral resources |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5822435A (en) * | 1992-07-10 | 1998-10-13 | Secure Computing Corporation | Trusted path subsystem for workstations |
| CN1510540A (en) * | 2002-12-18 | 2004-07-07 | 德克萨斯仪器股份有限公司 | Safety mode indicator for intelligent telephone or individual digital assistant (PDA) |
| CN101065737A (en) * | 2004-11-26 | 2007-10-31 | 松下电器产业株式会社 | Processor and secure processing system |
| CN101763272A (en) * | 2008-11-05 | 2010-06-30 | 环旭电子股份有限公司 | Electronic device firmware updating method and system |
| CN101968838A (en) * | 2010-09-29 | 2011-02-09 | 北京握奇数据系统有限公司 | Browser and method for configuring safe browser |
| CN103136479A (en) * | 2011-11-22 | 2013-06-05 | 中兴通讯股份有限公司 | Information protection method and device of mobile terminal |
-
2013
- 2013-09-25 CN CN201310440444.2A patent/CN104463028B/en active Active
-
2014
- 2014-09-23 WO PCT/CN2014/087161 patent/WO2015043444A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5822435A (en) * | 1992-07-10 | 1998-10-13 | Secure Computing Corporation | Trusted path subsystem for workstations |
| CN1510540A (en) * | 2002-12-18 | 2004-07-07 | 德克萨斯仪器股份有限公司 | Safety mode indicator for intelligent telephone or individual digital assistant (PDA) |
| CN101065737A (en) * | 2004-11-26 | 2007-10-31 | 松下电器产业株式会社 | Processor and secure processing system |
| CN101763272A (en) * | 2008-11-05 | 2010-06-30 | 环旭电子股份有限公司 | Electronic device firmware updating method and system |
| CN101968838A (en) * | 2010-09-29 | 2011-02-09 | 北京握奇数据系统有限公司 | Browser and method for configuring safe browser |
| CN103136479A (en) * | 2011-11-22 | 2013-06-05 | 中兴通讯股份有限公司 | Information protection method and device of mobile terminal |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105356998A (en) * | 2015-09-28 | 2016-02-24 | 宇龙计算机通信科技(深圳)有限公司 | TrustZone-based domain space switching system and method |
| CN109446847A (en) * | 2017-08-31 | 2019-03-08 | 厦门雅迅网络股份有限公司 | Configuration method, terminal device and the storage medium of dual system peripheral resources |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104463028B (en) | 2018-06-22 |
| WO2015043444A1 (en) | 2015-04-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10846425B2 (en) | Data protection based on user input during device boot-up, user login, and device shut-down states | |
| US10432627B2 (en) | Secure sensor data transport and processing | |
| CN104182662B (en) | Hiding and deployment method, system and the mobile terminal of hide application program | |
| WO2016101384A1 (en) | Dual-system switch based data security processing method and apparatus | |
| US9571280B2 (en) | Application integrity protection via secure interaction and processing | |
| US20190332765A1 (en) | File processing method and system, and data processing method | |
| US9323930B1 (en) | Systems and methods for reporting security vulnerabilities | |
| US10185633B2 (en) | Processor state integrity protection using hash verification | |
| EP3028203A1 (en) | Signal tokens indicative of malware | |
| US9984231B2 (en) | Detecting program evasion of virtual machines or emulators | |
| EP3007066A1 (en) | Method for using shared device in apparatus capable of operating two operating systems | |
| Mohsen et al. | Android keylogging threat | |
| US9965620B2 (en) | Application program interface (API) monitoring bypass | |
| CN111259382A (en) | Malicious behavior identification method, device and system and storage medium | |
| CN104252388B (en) | Untrusted environment in mobile device and the switching between trusted context | |
| US8336111B2 (en) | Communication device and method for securing data | |
| CN104463028A (en) | Safety mode prompting method and movable device for implementing method | |
| WO2018053988A1 (en) | Secure input system and method, intelligent terminal, and storage medium | |
| CN114896603A (en) | Service processing method, device and equipment | |
| EP3007092B1 (en) | Mobile device-based authentication method and authentication apparatus | |
| KR20170056369A (en) | Apparatus and method for protecting electronic device | |
| CN117811617A (en) | Intelligent card cutting method and device, storage medium and electronic equipment | |
| WO2024035509A1 (en) | Identification of a resource attack path by connecting code, configuration, and telemetry | |
| Ollis | Design vulnerabilities in android operating smartphones and their susceptibility to cyber-attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |