CN104463028B - Safe mode reminding method and the mobile equipment for realizing this method - Google Patents
Safe mode reminding method and the mobile equipment for realizing this method Download PDFInfo
- Publication number
- CN104463028B CN104463028B CN201310440444.2A CN201310440444A CN104463028B CN 104463028 B CN104463028 B CN 104463028B CN 201310440444 A CN201310440444 A CN 201310440444A CN 104463028 B CN104463028 B CN 104463028B
- Authority
- CN
- China
- Prior art keywords
- prompt message
- safe mode
- mobile equipment
- mode
- memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Mathematical Physics (AREA)
- Telephone Function (AREA)
Abstract
The present invention relates to computer technologies, and the mobile equipment of the method and realization this method into safe mode is more particularly to prompted in the man-machine interface of mobile equipment.Include the following steps according to the method for one embodiment of the invention:In the secure mode, the secure storage section that information is written from safety storage apparatus in the mobile equipment is will be prompted to, wherein, the prompt message generates under external trusted context and inputs the safety storage apparatus;And if the mobile equipment subsequently switches from non-security mode into the safe mode, read the prompt message from the secure storage section and the prompt message is presented in the man-machine interface.
Description
Technical field
The present invention relates to computer technologies, and more particularly to prompting enters safe mode in the man-machine interface of mobile equipment
Method and the mobile equipment for realizing this method.
Background technology
With the rapid development of wireless access wide band technology and mobile terminal technology, mobile Internet come into being and into
For the market that with fastest developing speed, potentiality are maximum and prospect is the most tempting.It is daily that business based on mobile Internet is penetrating into people
The various aspects of life, such as social, shopping, financial transaction and life information acquisition etc..Many mobile Internet business are related to
Sensitive information(Such as privacy of user, login identity and password etc.)Storage, reading and transmission, it is therefore desirable to security mechanism is provided
It is protected.
Industry has developed secure operating system thus, for running the peace originally run on multimedia OS
Total correlation application, and other application still runs on multimedia OS.TrustZone technologies are exactly ARM companies according to upper
The solution imagined and proposed is stated, the program provides secure and non-secure on the mobile apparatus by the handover mechanism of hardware in itself
Two kinds of operating modes, wherein, multimedia OS is run under non-security mode, and secure operating system runs on safe mould
Under formula, and two operating systems prevent the system money under the routine access safe mode under non-security mode by hardware isolated
Source(Such as memory and peripheral hardware etc.), so as to meet the security requirement of mobile equipment.
In the secure mode, user can be by trusted user interface (Trusted User Interface), through touch screen
Sensitive information is inputted with man-machine interfaces such as keyboards, at this point, the interaction data between user and external equipment is all by strict guarantor
Shield.But some rogue programs may lure user to input confidential information by showing the secure interface of personation, so as to reach
The purpose illegally stolen.The generation of such case in order to prevent, current way be when mobile equipment enters safe mode with
Specific mode is prompted to user.The hardware that common prompting mode adds such as indicator light etc on the mobile apparatus refers to
Show module, indicator light is lit when entrance safe mode.But the cost that this mode will increase mobile equipment, and it is reliable
Property is not high(Such as the hardware module may be damaged due to collide with etc.).
It can be seen that how reliably to be presented when mobile equipment enters safe mode prompt message be one there is an urgent need to
It solves the problems, such as.
Invention content
An object of the present invention is to provide a kind of prompting in the man-machine interface of mobile equipment into the side of safe mode
Method has many advantages, such as reliable, efficient and realizes simple.
Include the following steps according to the method for the present embodiment:
A kind of prompting in the man-machine interface of mobile equipment into the method for safe mode, includes the following steps:
In the secure mode, it will be prompted to information and the specified region in the mobile equipment be written from safety storage apparatus,
In, the prompt message generates under external trusted context and inputs the safety storage apparatus;And
If the mobile equipment subsequently switches from non-security mode into the safe mode, from the secure storage areas
It reads the prompt message and the prompt message is presented in the man-machine interface in domain.
Preferably, in the above-mentioned methods, the specified region is only addressable under the safe mode in memory
Region.Or preferably, the specified region is the addressable memory only under the safe mode.
Preferably, in the above-mentioned methods, the prompt message includes image, sound, word or combination thereof.
Preferably, in the above-mentioned methods, the prompt message is saved and transmits in an encrypted form.
Preferably, in the above-mentioned methods, if the mobile equipment enters the safe mode, immediately from the safety
Storage region reads the prompt message and the prompt message is presented in the man-machine interface.
It is also an object of the present invention to provide a kind of mobile equipment, can be real in a manner of reliable, efficient and simple
Now enter the prompting of safe mode.
Include according to the mobile equipment of one embodiment of the invention:
Suitable for the communication unit to communicate with safety storage apparatus;
Memory, it includes be only allowed in the secure storage section that is accessed under safe mode;
It is coupled with the communication unit and memory and is suitable for the processing run under safe mode and non-security mode
Device is configured as:Make prompt message that the secure storage section, and if the shifting be written from the safety storage apparatus
Dynamic equipment switches from non-security mode into safe mode, then reads the prompt message and in people from the secure storage section
The prompt message is presented on machine interface, wherein, the prompt message generates under external trusted context and inputs the safety
Storage device.
Preferably, in above-mentioned mobile equipment, the safety storage apparatus includes at least one of following:Contact card,
The secure storage areas that non-contact card or trust authority provide on its site, the prompt message are entered institute in trusted context
State external equipment.
Preferably, in above-mentioned mobile equipment, the communication unit includes at least one of following interfaces:Near-field communication
Interface, 7816 interfaces, SDIO interfaces and WiFi interfaces.
Include according to the mobile equipment of one embodiment of the invention:
Suitable for the communication unit to communicate with safety storage apparatus;
Safe mode memory is only allowed under safe mode and accesses;
It is coupled with the communication unit and memory and is suitable for the processing run under safe mode and non-security mode
Device is configured as:Make prompt message that the safe mode memory be written from the safety storage apparatus, and if described
Mobile equipment switches from non-security mode into safe mode, then from the safe mode memory read the prompt message and
The prompt message is presented in man-machine interface, wherein, the prompt message is generated under external trusted context and is inputted described
Safety storage apparatus.
Embodiment according to the invention, the prompt message shown by man-machine interface in the secure mode is in external credible ring
It is generated under border.Since external trusted context has various peripheral hardwares, the abundant prompt message of type can be generated, from
And under the premise of secure operating system simplicity is ensured, it solves the problems, such as complicated authentication information input, improves the peace of system
Quan Xing.
Description of the drawings
From the following detailed description with reference to attached drawing, it will make above and other objects of the present invention and advantage more complete
It is clear.
Fig. 1 is the Organization Chart according to the mobile equipment of one embodiment of the invention.
Fig. 2 is to enter safe mode according to the prompting in the man-machine interface of mobile equipment of another embodiment of the present invention
The flow chart of method.
Specific embodiment
Specific embodiment is described below with reference to attached drawing to illustrate the present invention.It should be understood that these have
Body embodiment is only exemplary, for the present invention spirit and scope there is no restriction effect.
In the present specification, the term of "comprising" and " comprising " etc is represented in addition to having in specification and claims
In have directly and other than the unit clearly stated and step, technical scheme of the present invention is also not excluded for having not by direct or clear and definite
Other units of statement and the situation of step.Furthermore such as the term of " first ", " second ", " third " and " the 4th " etc is simultaneously
Do not indicate that unit or numerical value in the sequence of time, space, size etc. are only to make to distinguish each unit or numerical value to be used.
In the present specification, trusted context refers in the present context, and component, process or the behavior of operation are arbitrarily operating
Under the conditions of be predictable, and destruction caused by bad code and certain physical disturbance can be resisted well, such as can
To be provided by mobile operator, bank or other trust authorities.
In the present specification, secure operating system refers to the operating system that mobile equipment is made to work in the secure mode,
Non-secure operating system refers to the open operating system that mobile equipment is made to work in the normal mode.
Fig. 1 is the Organization Chart according to the mobile equipment of one embodiment of the invention.
As shown in Figure 1, the mobile equipment 10 of the present embodiment includes communication unit 110, memory 120, safe mode storage
Device 130, display 140, audio output device 150 and processor 160, wherein, processor 160 and communication unit 110, memory
120th, safe mode memory 130, display 140 and audio output device 150 couple.
Communication unit 110 is responsible for the communication between mobile equipment 10 and external equipment, such as can include following interfaces
At least one of:Such as WIFI interface, NFC interface, 7816 interfaces and SDIO interfaces.
In the present embodiment, memory 120 includes nonvolatile storage 121 and dynamic RAM 122.When movement is set
When standby 10 power-up starts, the computer program that is stored in nonvolatile storage 121(Such as multimedia OS)It is loaded into
In dynamic RAM 122.Secure operating system can be loaded into when powering up and starting in dynamic memory 122, Huo Zhe
It is loaded into when receiving switching command in dynamic memory 122.Security application and sensitive data are stored in safe mode and deposit
In reservoir 130.
Processor 160 runs the computer program being loaded into dynamic memory 121, so as to other with mobile equipment 10
Various application processing are completed in component collaboration.For example, when processor 140 is run under non-security mode, it can be through communication unit
110 interact to perform common business processing with external equipment 20.In the secure mode, secure operating system calls safe mode
Security application and sensitive data in memory 130 are to realize corresponding business processing.
According to the present embodiment, secure operating system includes indicator module, which, which is responsible for presenting to user, enters safety
The prompt message of pattern.When secure operating system takes over mobile equipment 10, indicator module will be called to perform and enter safety
Mode annunciations routine.Once into safe mode, indicator module is called to complete the presentation of prompt message.
In view of safety, prompt message cannot be too simple to increase counterfeit difficulty.Prompt message can be such as
The acoustic information of image information, such as snatch of music and the user speech of photo and picture etc etc, such as number, letter
The text information of class.In the present embodiment, the prompt message of image, word and form of sound can be in an individual manner or with group
The mode of conjunction is presented to the user.
For security consideration, prompt message should generate under trusted context.But when prompt message is more complicated,
If directly generated in the secure mode by mobile equipment 10, the complexity of secure operating system will be increased, while also can shadow
Ring the safety to system.For this purpose, in the present embodiment, what the generation operation of prompt message was arranged at mobile device external can
Completed under letter environment, the subsequent prompt message from external safety storage apparatus 20 be written into safe mode memory 130 with
It is called for indicator module when performing safe mode prompting routine.Preferably, prompt message is set in an encrypted form in movement
It is standby to transmit and be stored in safe mode memory 130 between 10 and safety storage apparatus 20.
Data can be provided to be various it should be pointed out that safety storage apparatus 20 described here should broadly understood
The device of safeguard protection, such as include but not limited to the peace that contact card, non-contact card or trust authority provide on its site
Full memory block.
In the improved form to the above embodiment of the present invention, safe mode memory 130 is removed, and prompt message quilt
It is stored in the specific region of nonvolatile storage 121, which is only addressable secure storage in the secure mode
Region.
Fig. 2 is according between the untrusted of the realization in a mobile device environment and trusted context of another embodiment of the present invention
The flow chart of the method for switching.Illustratively, it is assumed here that using the framework of mobile equipment shown in FIG. 1, but from following
It will recognize that, the method for the present embodiment is not rely on specific framework in description.
As shown in Fig. 2, in step s 201, processor 160 judges whether mobile equipment 10 has been configured into safe mould
The prompt message of formula if be configured, enters step S202, otherwise enters step S203.
In step S202, processor 160 further determines whether to need to update prompt message, if it is desired, then enters
Step S203, otherwise enters step S204.
In step S203, processor 160 is in the secure mode by the safety storage apparatus through communication unit 110 from outside
In the 20 prompt message write-in safe mode memories 130 received.
Step S204 is subsequently entered, processor 160 judges whether mobile equipment 10 switches from non-security mode into safe mould
Formula in case of switching, then enters step S205, otherwise continues the switching of detection pattern.
In step S205, processor 160 reads prompt message from safe mode memory 130 and makes corresponding unit
Prompt message is presented.In step S205, such as one piece of individual region can be marked in the man-machine interface of display 140
It shows the image or word as prompt message, for the sound as prompt message, then can be broadcast through audio output device 150
It puts.
Since in the case of without departing substantially from essence spirit of the present invention the present invention can be implemented in a variety of manners, therefore above
The specific embodiment of description is merely illustrative rather than restricted.The scope of the present invention is defined by the independent claims,
The protection domain of appended claims is belonged to various change that mode made or variation is described above.
Claims (7)
1. a kind of prompting in the man-machine interface of mobile equipment enters the method for safe mode, which is characterized in that including following step
Suddenly:
In the secure mode, it will be prompted to information and the specified region in the mobile equipment be written from safety storage apparatus, wherein, institute
Prompt message is stated to generate under external trusted context and input the safety storage apparatus;And
If the mobile equipment subsequently switches from non-security mode into the safe mode, institute is read from the specified region
It states prompt message and the prompt message is presented in the man-machine interface,
Wherein, the prompt message includes image, sound, word or combination thereof,
Wherein, the specified region in memory only under the safe mode addressable region or only in the safe mould
Addressable memory under formula.
2. the method for claim 1, wherein the prompt message is saved and transmits in an encrypted form.
3. the method for claim 1, wherein if the mobile equipment enters the safe mode, immediately from institute
Specified region is stated to read the prompt message and the prompt message is presented in the man-machine interface.
4. a kind of mobile equipment, which is characterized in that including:
Suitable for the communication unit to communicate with safety storage apparatus;
Memory, it includes be only allowed in the secure storage section that is accessed under safe mode;
It is coupled with the communication unit and memory and is suitable for the processor run under safe mode and non-security mode,
It is configured as:Make prompt message that the secure storage section be written from the safety storage apparatus, and if the movement is set
It is standby to switch from non-security mode into safe mode, then read the prompt message and on man-machine boundary from the secure storage section
The prompt message is presented on face, wherein, the prompt message generates under external trusted context and inputs the secure storage
Equipment,
Wherein, the prompt message includes image, sound, word or combination thereof.
5. mobile equipment as claimed in claim 4, wherein, the safety storage apparatus includes at least one of following:It connects
Touch the secure storage areas that card, non-contact card or trust authority provide on its site.
6. mobile equipment as claimed in claim 4, wherein, the communication unit includes at least one of following interfaces:Closely
Field communication interface, 7816 interfaces, SDIO interfaces and WiFi interfaces.
7. a kind of mobile equipment, which is characterized in that including:
Suitable for the communication unit to communicate with safety storage apparatus;
Safe mode memory is only allowed under safe mode and accesses;
It is coupled with the communication unit and memory and is suitable for the processor run under safe mode and non-security mode,
It is configured as:Make prompt message that the safe mode memory, and if the movement be written from the safety storage apparatus
Equipment switches from non-security mode into safe mode, then reads the prompt message and in people from the safe mode memory
The prompt message is presented on machine interface, wherein, the prompt message generates under external trusted context and inputs the safety
Storage device,
Wherein, the prompt message includes image, sound, word or combination thereof.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310440444.2A CN104463028B (en) | 2013-09-25 | 2013-09-25 | Safe mode reminding method and the mobile equipment for realizing this method |
| PCT/CN2014/087161 WO2015043444A1 (en) | 2013-09-25 | 2014-09-23 | Secure mode prompt method and mobile device for realizing the method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310440444.2A CN104463028B (en) | 2013-09-25 | 2013-09-25 | Safe mode reminding method and the mobile equipment for realizing this method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104463028A CN104463028A (en) | 2015-03-25 |
| CN104463028B true CN104463028B (en) | 2018-06-22 |
Family
ID=52742052
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310440444.2A Active CN104463028B (en) | 2013-09-25 | 2013-09-25 | Safe mode reminding method and the mobile equipment for realizing this method |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN104463028B (en) |
| WO (1) | WO2015043444A1 (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105356998B (en) * | 2015-09-28 | 2019-06-11 | 宇龙计算机通信科技(深圳)有限公司 | A kind of domain space switching system and method based on TrustZone |
| CN109446847B (en) * | 2017-08-31 | 2022-08-19 | 厦门雅迅网络股份有限公司 | Configuration method of dual-system peripheral resources, terminal equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5822435A (en) * | 1992-07-10 | 1998-10-13 | Secure Computing Corporation | Trusted path subsystem for workstations |
| CN1510540A (en) * | 2002-12-18 | 2004-07-07 | 德克萨斯仪器股份有限公司 | Safety mode indicator for intelligent telephone or individual digital assistant (PDA) |
| CN101065737A (en) * | 2004-11-26 | 2007-10-31 | 松下电器产业株式会社 | Processor and secure processing system |
| CN101763272A (en) * | 2008-11-05 | 2010-06-30 | 环旭电子股份有限公司 | Electronic device firmware updating method and system |
| CN101968838A (en) * | 2010-09-29 | 2011-02-09 | 北京握奇数据系统有限公司 | Browser and method for configuring safe browser |
| CN103136479A (en) * | 2011-11-22 | 2013-06-05 | 中兴通讯股份有限公司 | Information protection method and device of mobile terminal |
-
2013
- 2013-09-25 CN CN201310440444.2A patent/CN104463028B/en active Active
-
2014
- 2014-09-23 WO PCT/CN2014/087161 patent/WO2015043444A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5822435A (en) * | 1992-07-10 | 1998-10-13 | Secure Computing Corporation | Trusted path subsystem for workstations |
| CN1510540A (en) * | 2002-12-18 | 2004-07-07 | 德克萨斯仪器股份有限公司 | Safety mode indicator for intelligent telephone or individual digital assistant (PDA) |
| CN101065737A (en) * | 2004-11-26 | 2007-10-31 | 松下电器产业株式会社 | Processor and secure processing system |
| CN101763272A (en) * | 2008-11-05 | 2010-06-30 | 环旭电子股份有限公司 | Electronic device firmware updating method and system |
| CN101968838A (en) * | 2010-09-29 | 2011-02-09 | 北京握奇数据系统有限公司 | Browser and method for configuring safe browser |
| CN103136479A (en) * | 2011-11-22 | 2013-06-05 | 中兴通讯股份有限公司 | Information protection method and device of mobile terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2015043444A1 (en) | 2015-04-02 |
| CN104463028A (en) | 2015-03-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10432627B2 (en) | Secure sensor data transport and processing | |
| CN101340281B (en) | Method and system for safe login input on network | |
| US9083701B2 (en) | Method for providing active security authentication, and terminal and system supporting same | |
| CN105519038B (en) | User input data protection method and system | |
| KR101382222B1 (en) | System and method for mobile data loss prevention which uses file system virtualization | |
| CN104182662B (en) | Hiding and deployment method, system and the mobile terminal of hide application program | |
| US20160350525A1 (en) | Application Program Management Method, Device, Terminal, and Computer Storage Medium | |
| WO2015016901A1 (en) | Signal tokens indicative of malware | |
| WO2006000369A2 (en) | Non-intrusive trusted user interface | |
| CN106778337A (en) | Document protection method, device and terminal | |
| CN105809000A (en) | Information processing method and electronic device | |
| CN113704826A (en) | Privacy protection-based business risk detection method, device and equipment | |
| CN111737304B (en) | Processing method, device and equipment of block chain data | |
| CN112199661A (en) | Privacy protection-based equipment identity processing method, device and equipment | |
| CN105659247B (en) | The proactive Threat Management system of context-aware | |
| CN104252388B (en) | Untrusted environment in mobile device and the switching between trusted context | |
| Goth | Mobile security issues come to the forefront | |
| CN104463028B (en) | Safe mode reminding method and the mobile equipment for realizing this method | |
| CN101383833B (en) | Apparatus and method for enhancing PIN code input security of intelligent cipher key apparatus | |
| CN108694329A (en) | A kind of mobile intelligent terminal security incident based on software and hardware combining is credible record system and method | |
| WO2015099938A1 (en) | Content protection system using biometric authentication | |
| CN107169354A (en) | Multi-layer android system malicious act monitoring method | |
| Kaur et al. | PeMo: Modifying application's permissions and preventing information stealing on smartphones | |
| Rai et al. | Security and Auditing of Smart Devices: Managing Proliferation of Confidential Data on Corporate and BYOD Devices | |
| EP3016015B1 (en) | Method for indicating operating environment of mobile device and mobile device capable of indicating operating environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |