CN104809379A - System execution state verification method based on screen hierarchical management - Google Patents
System execution state verification method based on screen hierarchical management Download PDFInfo
- Publication number
- CN104809379A CN104809379A CN201510243289.4A CN201510243289A CN104809379A CN 104809379 A CN104809379 A CN 104809379A CN 201510243289 A CN201510243289 A CN 201510243289A CN 104809379 A CN104809379 A CN 104809379A
- Authority
- CN
- China
- Prior art keywords
- screen
- execution environment
- verification method
- management
- execution state
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- User Interface Of Digital Computer (AREA)
Abstract
The invention discloses a system execution state verification method based on screen hierarchical management, and belongs to the technical field of security of mobile platforms. The system execution state verification method comprises two-layer screen display region authority division and a screen retention region management and display mechanism. By adoption of the two-layer screen display region authority division technology and the screen retention region management and display mechanism, verification on an execution state of a system is realized by effectively using the isolation property among different execution environments provided by an existing mobile platform architecture. Compared with the existing system execution state verification method, the system execution state verification method disclosed by the invention has the advantages that the 'physical attack' easily caused on a mobile platform can be better resisted according to a hardware characteristic of a screen. Under the condition that a secure architecture is normally used, a user can be effectively assisted to verify the execution state of the current system; therefore, the security of the secure architecture in actual application is improved, and popularization of the secure architecture in the actual life is promoted, so that objective social and economical benefits can be brought.
Description
Technical field
The invention belongs to mobile platform security technology area, specifically, is that a kind of technology of screen Layering manifestation that utilizes is to improve the system executing state verification method of existing mobile platform execution environment.
Background technology
Day by day universal along with mobile platform, its security also receives increasing concern.The mobile platform security solution of existing a kind of main flow utilizes specific hardware configuration to go out two execution environments for system divides: credible execution environment (TEE) and common execution environment (REE).Hardware configuration ensure that the isolation between two execution environments, thus makes the safety applications run in credible execution environment can from " harassing and wrecking " of assailant in common execution environment.For payment software, wherein user input capability " can be put into " credible execution environment and runs, when user inputs password, systematic evaluation to credible execution environment process user incoming event to prevent the leakage of user cipher.Therefore user is in order to confirm current operation whether safety, needs a kind of mode to verify whether current system is in credible running environment.The execution environment verification mode of current main-stream has two kinds, " reserved characters " checking and the checking based on LED.Idiographic flow is as follows respectively:
" reserved characters " is verified:
1) reserved characters: user first time use system time, system enter credible execution environment (TEE) incite somebody to action and require that user inputs reserved characters.The character of now user's input will only be obtained by credible execution environment and store.
2) Charactes Display and checking: after system initialization, when user wishes whether checking current system is in credible execution environment (TEE), " reserved characters " that set before system output can be required.Owing to only having credible execution environment to have this character string, therefore " reserved characters " can be shown to verify whether current system is in credible execution environment according to system.
LED is verified:
1) LED management right assignment: when system boot, hardware resource can be distributed to different execution environments, now the administration authority of LED be distributed to credible execution environment (TEE).After distribution, common execution environment (REE) is by uncontrollable LED.
2) LED checking when running: when system enters in credible running environment, LED can be set to specific color (such as green) by credible running environment, before exiting credible running environment, LED is set to another color (such as red).Whether user can be in credible execution environment according to the color of LED so that verification system is current.
Above two kinds of mainstream solutions all make use of the isolation between different execution environment, use and are only verified the execution environment residing for current system by the resource (" reserved characters ", LED) that credible execution environment manages.But both all reckon without another characteristic of mobile platform, that is exactly easily by other people contact.The such as highstrung POS of safety, assailant can " peep " " reserved characters " of the system that obtains easily, thus with user cheating, malice output " reserved characters " thinks that system is in credible execution environment.Even if use LED verification mode, assailant also by easy " physical attacks " (cutting short the connecting line of LED) to control LED, thus can reach the object of user cheating.Therefore mobile security field need badly a kind of simple effectively and the execution environment verification method of assailant's " physical attacks " can be resisted.
Summary of the invention
The object of the invention is to, utilize the characteristic of display device layering, two display layers had by display device transfer to different execution environment management respectively.Coordinate the isolation between different execution environment to provide a kind of system execution environment verification mode simultaneously.This method needs can resist " physical attacks " that mobile platform is comparatively vulnerable to simultaneously.
In order to achieve the above object, the present invention is achieved through the following technical solutions, the present invention includes double-deck on-screen display (osd) area delineation of power, the management of screen reserved area and display mechanism.
Further, in the present invention, double-deck on-screen display (osd) area delineation of power, comprises the following steps: the first, transfers to different execution environments to manage respectively on the upper strata " viewing area " in screen display buffer zone from lower floor " viewing area "; The second, utilize the isolation between different execution environment the management of levels " viewing area " to be separated.
Further, in the present invention, the management of screen reserved area and display mechanism, comprise following content, the first, utilize upper strata " viewing area " can cover lower floor " viewing area " this characteristic, a screen reserved area is safeguarded on the upper strata " viewing area " making credible execution environment can use it to manage; The second, by showing certain validation character to help the execution environment residing for user rs authentication current system in reserved area.
When system needs on screen during displaying contents, the display buffer of the content write screen that hope can be shown.Screen will reading displayed buffer zone content and the color of corresponding pixel points is set thus completes the process of whole display.Display buffer is actual can be divided into two " display layer " (the upper and lower), and two display layers can merge to show by final screen.If upper strata is nontransparent in merging process, it will cover the content of lower floor.Utilize this feature, the present invention proposes double-deck on-screen display (osd) area right assignment technology, the administration authority of different in display buffer " display layer " can be distributed to different execution environments.
The basic procedure of double-deck on-screen display (osd) area right assignment: (1) system starts, loads and enters credible execution environment and run; (2) distribute the administration authority of display buffer difference " display layer ", transferred on upper strata credible execution environment to manage, lower floor transfers to common execution environment to manage; (3) system switches to common execution environment and normally runs.
After the difference " display layer " in display buffer distributes different administration authority, a reserved area will be safeguarded in screen.When system is in common execution environment, reserved area will not show any content (being such as a slice black region).And when system enters credible execution environment, reserved area will show authorization information (such as showing character " TEE ").User can execution environment residing for the content verification current system according to current reserved area.The present invention utilize display buffer at the middle and upper levels " display layer " cover this feature maintenance screen reserved area of lower floor's " display layer ".Specifically, if the part that in the upper strata that it manages by credible execution environment " display layer ", reserved area is corresponding is set to black, then no matter which kind of color is part corresponding for reserved area in lower floor's " display layer " is set to by common execution environment, all covers by the content on upper strata.That is, credible execution environment can by controlling the content that in its upper strata " display layer " managed, reserved area is corresponding thus the content (as Fig. 1) controlled in screen shown by reserved area.Because screen, display buffer, mobile platform chip are connected by complicated circuit, assailant is difficult to stop credible execution environment to the management of upper strata " display layer " by " physical attacks ", and therefore this method effectively can resist " physical attacks " of assailant.
The management of screen reserved area and the basic procedure shown: after (1) different " display layer " right assignment completes, part corresponding for reserved area in upper strata " display layer " is set to black by credible execution environment.System switches to the operation of common execution environment afterwards; (2) when in systematic evaluation to credible execution environment, credible execution environment checking character (as " TEE ") can write the part that in upper strata " display layer " of its management, reserved area is corresponding.Now user will see checking character (as " TEE ") in the reserved area in screen; (3) when systematic evaluation returns in common execution environment, credible execution environment can " " middle reserved area corresponding part be set to black to display layer by the upper strata of management.Reserved area now in screen will become ater (checking character disappears) again.
The invention has the beneficial effects as follows: the system executing state verification method based on screen layer-management that the present invention proposes, utilize double-deck on-screen display (osd) area to distribute and screen reserved area administrative skill, effectively help user to carry out the checking of execution environment residing for system.Utilize the ardware feature of screen itself simultaneously, effectively prevent assailant and forge current system execution environment by " physical attacks ".
Accompanying drawing explanation
Fig. 1 is display buffer differentiate layers of the present invention and reserved area display structure figure;
Fig. 2 is the system executing state verification method process flow diagram that the present invention is based on screen layer-management.
Embodiment
Elaborate to embodiments of the invention below in conjunction with accompanying drawing, the present embodiment, premised on technical solution of the present invention, give detailed embodiment and concrete operating process, but protection scope of the present invention is not limited to following embodiment.
embodiment
System executing state verification method based on screen layer-management comprises on-screen display (osd) area right assignment and the management of screen reserved area and shows two stages.Below will be described in detail by concrete exemplifying embodiment and the invention provides system executing state verification method.
As shown in Figure 2, residing for system, executing state verification method example concrete steps are as follows:
Step
first system enters credible execution environment and runs, to ensure the safety of whole method in initial phase (double-deck on-screen display (osd) area right assignment) when starting.
Step 1., by display buffer at the middle and upper levels " viewing area " transfer to credible execution environment to manage, lower floor " viewing area " transfers to common execution environment to manage.The position (such as screen bottom one block length square region being divided into screen reserved area) of screen reserved area is set.
2., the part that in the upper strata " viewing area " that the system in credible execution environment that is in is managed, reserved area is corresponding is set to black to step, and system execution environment is switched to common execution environment.(this step ends with system is in common execution environment, and reserved area, without checking character, is ater).
3., systematic evaluation, to credible execution environment, will verify that " TEE " writes the part that in the upper strata " viewing area " of its management, reserved area is corresponding to character to step afterwards.(this step ends with system is in credible execution environment, reserved area display checking character).
4., systematic evaluation is to common execution environment, and the part that in the upper strata " viewing area " managed before switching, reserved area is corresponding is set to black for step.(this step terminates rear system and is in common execution environment, and reserved area, without checking character, is ater).
(all will perform step 4. whenever system switches to common execution environment by credible execution environment, all will perform step 3. whenever system switches to credible trip environment by common execution environment, 4. 3. step will alternately perform, until system closedown.)
In sum, the system executing state verification method based on screen layer-management that the present invention proposes, utilizes double-deck on-screen display (osd) area to distribute and screen reserved area administrative skill, effectively helps user to carry out the checking of execution environment residing for system.Utilize the ardware feature of screen itself simultaneously, effectively prevent assailant and forge current system execution environment by " physical attacks ".
Above-mentioned case study on implementation only listing property illustrates principle of the present invention and effect, but not for limiting the present invention.Any person skilled in the art person all can without departing from the spirit and scope of the present invention, modify to above-described embodiment.Therefore, the scope of the present invention, should listed by claims.
Claims (3)
1. based on a system executing state verification method for screen layer-management, it is characterized in that, comprising: 1) double-deck on-screen display (osd) area delineation of power; 2) management of screen reserved area and display mechanism.
2. the system executing state verification method based on screen layer-management according to claim 1, it is characterized in that, described double-deck on-screen display (osd) area delineation of power, comprise the following steps: the first, transfer to different execution environments to manage respectively from lower floor " viewing area " on the upper strata " viewing area " in screen display buffer zone; The second, utilize the isolation between different execution environment the management of levels " viewing area " to be separated.
3. the system executing state verification method based on screen layer-management according to claim 2, it is characterized in that, the management of described screen reserved area and display mechanism, comprise following content, first, utilize upper strata " viewing area " can cover lower floor " viewing area " this characteristic, a screen reserved area is safeguarded on the upper strata " viewing area " making credible execution environment can use it to manage; The second, by showing certain validation character to help the execution environment residing for user rs authentication current system in reserved area.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510243289.4A CN104809379A (en) | 2015-05-13 | 2015-05-13 | System execution state verification method based on screen hierarchical management |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510243289.4A CN104809379A (en) | 2015-05-13 | 2015-05-13 | System execution state verification method based on screen hierarchical management |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104809379A true CN104809379A (en) | 2015-07-29 |
Family
ID=53694195
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510243289.4A Pending CN104809379A (en) | 2015-05-13 | 2015-05-13 | System execution state verification method based on screen hierarchical management |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104809379A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017156784A1 (en) * | 2016-03-18 | 2017-09-21 | 华为技术有限公司 | Method and device for processing notification message, and terminal |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1609809A (en) * | 2003-10-23 | 2005-04-27 | 微软公司 | Providing a graphical user interface in a system with a high-assurance execution environment |
| CN101529366A (en) * | 2006-10-18 | 2009-09-09 | 微软公司 | Identification and visualization of trusted user interface objects |
| CN102087687A (en) * | 2009-12-04 | 2011-06-08 | 株式会社Ntt都科摩 | State notification apparatus and state notification method |
| WO2014096334A1 (en) * | 2012-12-21 | 2014-06-26 | Deutsche Telekom Ag | Displaying a forgery-proof identity indicator |
-
2015
- 2015-05-13 CN CN201510243289.4A patent/CN104809379A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1609809A (en) * | 2003-10-23 | 2005-04-27 | 微软公司 | Providing a graphical user interface in a system with a high-assurance execution environment |
| CN101529366A (en) * | 2006-10-18 | 2009-09-09 | 微软公司 | Identification and visualization of trusted user interface objects |
| CN102087687A (en) * | 2009-12-04 | 2011-06-08 | 株式会社Ntt都科摩 | State notification apparatus and state notification method |
| WO2014096334A1 (en) * | 2012-12-21 | 2014-06-26 | Deutsche Telekom Ag | Displaying a forgery-proof identity indicator |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017156784A1 (en) * | 2016-03-18 | 2017-09-21 | 华为技术有限公司 | Method and device for processing notification message, and terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210006407A1 (en) | Usb security gateway | |
| CN103108082B (en) | Smartphone multi-user mode permission management method and smartphone multi-user mode permission management system | |
| CN105493044B (en) | Mobile communications device and its operating method | |
| CN105205370B (en) | Mobile terminal safety means of defence and mobile terminal, security system and methods for using them | |
| CN102855426B (en) | A kind of user management method based on Android | |
| EP1526424B1 (en) | Providing a graphical user interface in a system with a high-assurance execution environment | |
| CN101986325A (en) | Computer security access control system and method | |
| CN108063752A (en) | A kind of credible genetic test and data sharing method based on block chain and proxy re-encryption technology | |
| CN104794402A (en) | System switching method, system switching device and terminal | |
| CN103955638A (en) | Method and device for privacy protection | |
| CN106534148A (en) | Access control method and device for application | |
| CN101957900A (en) | Credible virtual machine platform | |
| CN105656890A (en) | FIDO (Fast Identity Online) authenticator, system and method based on TEE (Trusted Execution Environment) and wireless confirmation | |
| CN104281388A (en) | Smart mobile terminal based multiple-unlocking setting method and device | |
| CN103503426A (en) | Method for displaying information on a display device of a terminal | |
| CN105447375A (en) | Picture decryption method and electronic device | |
| CN103313238A (en) | Safety system and safety protection method for mobile terminal | |
| CN105825149A (en) | Switching method for multi-operation system and terminal equipment | |
| CN106789085B (en) | Computer booting based on mobile phone cipher manages system and method | |
| CN104809379A (en) | System execution state verification method based on screen hierarchical management | |
| CN105635794A (en) | Screen recording method and system | |
| CN102983969B (en) | Security login system and security login method for operating system | |
| CN106162607A (en) | The management method of a kind of virtual SIM card, device and system | |
| CN104462899A (en) | Trust access control method for comprehensive avionics system | |
| CN112711452A (en) | Image display method and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150729 |
|
| WD01 | Invention patent application deemed withdrawn after publication |