CN104902291A - Safety enhancing method of Android intelligent television sensitive data - Google Patents
Safety enhancing method of Android intelligent television sensitive data Download PDFInfo
- Publication number
- CN104902291A CN104902291A CN201510259122.7A CN201510259122A CN104902291A CN 104902291 A CN104902291 A CN 104902291A CN 201510259122 A CN201510259122 A CN 201510259122A CN 104902291 A CN104902291 A CN 104902291A
- Authority
- CN
- China
- Prior art keywords
- key
- sensitive data
- intelligent television
- developer
- rootkey
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25808—Management of client data
- H04N21/25816—Management of client data involving client authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
- H04N21/26613—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Graphics (AREA)
- Storage Device Security (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The invention discloses a safety enhancing method of Android intelligent television sensitive data and relates to further enhancement for safety of enhancing method of Android intelligent television sensitive data. Based on the prior art, a new strategy is provided so as to ensuring confidentiality of sensitive data more fundamentally. The method comprises steps of encrypting a virtual file system by use of a secret key system related to sole information of hardware and tightly binding the decryption secret key and a device, wherein if an attacker tries to transplant files and APK files storing sensitive data to other devices for execution, the attacker will not obtain the correct decryption secret key; and adding port calling authorization, wherein if the attacker tries to decompile a Java-layer coder, and recall encrypted a local JNI port of the virtual file system in local, port calling authorization errors will occur, and the attacker will fail to call the port and steal the sensitive data.
Description
Technical field
The present invention relates to and the safety of Android intelligent television sensitive data is strengthened further, on the basis of existing technology, propose the confidentiality that a kind of strategy newly ensures sensitive data more fully, belong to field of information security technology.
Background technology
Current intelligent television industry contrast smart mobile phone industry presents relative closure situation, the development of the technology such as the integration of three networks, multifrequency interaction, attack form will be on the increase, for some sensitive datas, the confidentiality of the such as data such as key, user profile needs to be ensured fully, and in Android intelligent television, the existence of malicious application may make these sensitive datas be stolen, propagate, distort whenever and wherever possible.For solving this kind of problem, an effective approach is that design realizes secure storage areas technology, described secure storage areas technology adopts multistage key code system and symmetric encipherment algorithm encrypted virtual file system to store sensitive data, and the Virtual File System after encryption is called VFS.But, the significant challenge that such scheme faces is that after how preventing the super-ordinate right of Android intelligent television (manager's authority, root authority) to be acquired, assailant attacks above-mentioned secure storage areas VFS file and APK thus steals sensitive data.The present invention, on the basis of encrypted virtual file system technology protection sensitive data confidentiality, proposes the strategy of the fail safe strengthening Android intelligent television sensitive data further.
Summary of the invention
Technology of the present invention is dealt with problems: overcome the deficiencies in the prior art, there is provided a kind of Android intelligent television sensitive data safe Enhancement Method, effectively stop assailant sensitive data storage file or APK file to be transplanted to the behavior that other equipment perform, further enhancing the fail safe of Android intelligent television sensitive data.
The effective security strategy of the present invention strengthens the fail safe of the sensitive data stored in Android intelligent television further, in the following two cases, assailant can be effectively stoped to obtain sensitive data from above-mentioned secure storage areas, first, after storage initialization, the super-ordinate right of intelligent television is acquired, assailant gets VFS file and APK, and attempt to be transplanted in other unauthorized device and perform, realize illicit copies validated user data, disguise oneself as the behaviors such as validated user; Secondly, after storage initialization, the super-ordinate right of intelligent television is acquired, and assailant attempts the content getting secure storage areas in this locality, by calling secure storage areas JNI interface to Java layer identification code again decompiling, thus directly obtain sensitive data.
In order to achieve the above object, the present invention proposes the safe Enhancement Method of a kind of Android intelligent television sensitive data.The sensitive data Confidentiality protection method that the present invention includes can be divided into the security strategy of three phases: operating system initialization stage, secure storage areas initial phase and read data phase.
The safe Enhancement Method of Android intelligent television sensitive data of the present invention, the steps include:
(1) in the operating system initialization stage, produce root key RootKey according to hardware unique information, generate the one-time pad FSKey of random key as VFS, use Rootkey to generate SafeFSKey to Fskey encryption, and leave VFS key district in;
(2) at secure storage areas initial phase, again obtain facility information and generate RootKey, use Rootkey to be encrypted 16 fixed key FixedKey and generate RootFixedKey, then RootFixedKey obtains final key FinalKey to SafeFSKey encryption, uses FinalKey initializing secure memory block by critical data stored in secure storage areas;
(3) in read data phase, FinalKey can be regenerated during each reading data and carry out file decryption;
(4) after storage initialization, suppose that the super-ordinate right of intelligent television is acquired, assailant gets VFS file and APK, and attempts to be transplanted on other equipment and perform, because decruption key strictly binds with equipment, now correct decruption key cannot be obtained;
(5) after storage initialization, suppose that the super-ordinate right of intelligent television is acquired, assailant attempts the content getting secure storage areas in this locality, by to the decompiling of Java layer identification code and re invocation secure storage areas JNI interface, thus directly obtain sensitive data, in memory block local library calls, increase interface interchange certification, if upper layer identification code is tampered, now can there is interface interchange authentication error in bottom code.
The method that described decruption key and equipment carry out strictly binding is as follows:
2-1) produce root key RootKey with hardware unique information;
2-2) use Rootkey to be encrypted 16 fixed key FixedKey and generate RootFixedKey;
The SafeFSKey encryption of RootFixedKey to VFS key district 2-3) is used to obtain final key FinalKey;
2-4) this FinalKey is exactly unique decruption key.Therefore correct decruption key cannot be obtained on other equipment.
The described method increasing interface interchange certification in memory block local library calls is as follows:
3-1) service platform KeyFactory generates a pair public and private key;
3-2) developer submits third-party application installation kit and developer's certificate to, and keeper verifies bag legitimacy, if be verified, use private key to be encrypted developer's information and bag name, enciphered data is handed down to third-party application as Key;
3-3) when third-party application calls secure storage areas JNI interface, Key is imported into;
3-4) the present invention obtains third-party application bag name and developer's information;
3-5) the present invention uses public-key and to be decrypted Key;
3-6) the present invention carries out certification to the bag name obtained after deciphering and developer's information;
If 3-7) authentication success, then allow calling interface;
If 3-8) upper layer identification code is tampered, then the bag name obtained after the deciphering of Key value and the failure of developer's authentification of message, now can there is interface interchange authentication error in bottom code.
Beneficial effect of the present invention:
The unique information that present invention uses hardware device carrys out the sensitive data after enabling decryption of encrypted, assailant is effectively stoped sensitive data storage file and APK file to be transplanted to the behavior that other equipment perform, and the unique characteristic of the developer key using legal developer to have, by interface interchange authentication method, stop assailant to call secure storage areas JNI interface, further enhancing the fail safe of Android intelligent television sensitive data.
Accompanying drawing explanation
Fig. 1 is Android intelligent television sensitive data of the present invention safe Enhancement Method encryption system schematic diagram;
Fig. 2 is Android intelligent television sensitive data of the present invention safe Enhancement Method Verification System schematic diagram.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described, be understandable that the technical scheme in the embodiment of the present invention, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those skilled in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
Described embodiment is the intelligent television TSM Security Agent software providing service for the unified management of intelligent television product, to ensure that intelligent television can be run use legally by safety and stability, mainly comprise the functions such as certificate activation, authentication, application sign test and safe storage.When TSM Security Agent runs, application sign test interface provides service for applying erector; Authentication interface provides interface, by the legitimacy of unified identity authentication center query facility for applying the cloud services such as shop; Certificate activation interface is called by manufacturer, is undertaken alternately, the activation of completing user certificate by the sub-CA certificate server of certification agency server and manufacturer; The key file that user certificate and application sign test use all is stored in secure storage areas.
Described intelligent television TSM Security Agent software is as embodiments of the invention, and its sensitive data safe Enhancement Method related art scheme is as follows:
As shown in Figure 1, Android intelligent television sensitive data of the present invention safe Enhancement Method encryption system schematic diagram.In the operating system initialization stage, produce root key RootKey according to hardware unique information, generate the one-time pad FSKey of random key as VFS, use Rootkey to generate SafeFSKey to Fskey encryption, and leave VFS key district in; During described TSM Security Agent software initiating switchup, secure storage interfaces can be called and set up a virtual file system to store data, the installed certificate of Intelligent television terminal, software sign test PKI, configuration file are saved in secure storage areas simultaneously.Time TSM Security Agent needs to store data, need calling data memory interface, after secure storage module receives this request, again obtain facility information and generate RootKey, use Rootkey to be encrypted 16 fixed key FixedKey and generate RootFixedKey, then RootFixedKey obtains final key FinalKey to SafeFSKey encryption, use FinalKey initializing secure memory block by critical data stored in secure storage areas, secure storage areas adopts encrypted virtual file system to store critical data, visualize is binary file form, adopt 256 keys and AES encryption algorithm, and use the multistage key code system with apparatus bound, equally, when TSM Security Agent needs access security storage area data, desired data is read by reading data-interface, after secure storage module receives reading request of data, corresponding data file is found from Virtual File System, regenerate FinalKey in the same way and carry out file decryption, then the data after deciphering are transferred to TSM Security Agent.Because decruption key strictly binds with equipment, if assailant gets VFS file and APK, and attempt to be transplanted on other equipment and perform, now cannot obtain correct decruption key.
Android intelligent television sensitive data of the present invention safe Enhancement Method Verification System schematic diagram as shown in Figure 2.Three main functional modules of TSM Security Agent software are certificate activation, authentication, application sign test.When intelligent television is opened, device id and vendor id import into by the interface that TSM Security Agent calls in manufacturer to be provided, and can start certificate activation process after TSM Security Agent recording equipment ID and vendor id, now call the certificate activation interface of TSM Security Agent; When Intelligent television terminal access cloud application service, first can call TSM Security Agent and initiate authentication request to authentication agent server, the authentication interface provided by TSM Security Agent carries out authentication; In the process that application is installed, the sign test interface that TSM Security Agent module provides calls in manufacturer, carries out sign test operation, and sign test result is returned to caller according to the relevant information application programs of application program installation kit or application patch.More than call the behaviors such as certificate activation interface, authentication interface, sign test interface and all will relate to following security strategy: generate a pair public and private key by service platform KeyFactory, developer submits third-party application installation kit and developer's certificate to, keeper verifies bag legitimacy, if be verified, use private key to be encrypted developer's information and bag name, enciphered data is handed down to the developer of third-party application as Key.Need Key to import into when intelligent television manufacturer third-party application calls TSM Security Agent local JNI interface (certificate activation interface, authentication interface, sign test interface), first TSM Security Agent arrives local secure storage district and reads PKI, if there is no storage of public keys information in this locality, interconnection network is needed to obtain PKI to the address of service of specifying, after getting, write secure storage areas, and return PKI, whether checking developer KEY is legal, do not conform to rule and returns error message; If legal, using public-key is decrypted Key.TSM Security Agent carries out certification to the bag name obtained after deciphering and developer's information, if authentication success, then allows calling interface, realizes correlation function; If upper layer identification code is tampered, then the bag name obtained after the deciphering of Key value and the failure of developer's authentification of message, now can there is interface interchange authentication error in bottom code, causes interface interchange failure.Wherein service platform KeyFactory needs special messenger's Maintenance Development person to apply for, examine and issue Key.
There is provided above embodiment to be only used to describe object of the present invention, and do not really want to limit the scope of the invention.Scope of the present invention is defined by the following claims.Do not depart from spirit of the present invention and principle and the various equivalent substitutions and modifications made, all should contain within the scope of the present invention.
Claims (3)
1. the safe Enhancement Method of Android intelligent television sensitive data, is characterized in that performing step is as follows:
(1) in the operating system initialization stage, root key RootKey is produced according to hardware unique information, generate the one-time pad FSKey of random key as VFS, use Rootkey to generate safe key SafeFSKey to Fskey encryption, and leave VFS key district in;
(2) at secure storage areas initial phase, again obtain facility information and generate RootKey, use Rootkey to be encrypted 16 fixed key FixedKey and generate root fixed key RootFixedKey, then RootFixedKey obtains final key FinalKey to SafeFSKey encryption, uses FinalKey initializing secure memory block by critical data stored in secure storage areas;
(3) in read data phase, FinalKey can be regenerated during each reading data and carry out file decryption;
(4) after storage initialization, suppose that the super-ordinate right of intelligent television is acquired, assailant gets VFS file and APK, and attempts to be transplanted on other equipment and perform, decruption key and equipment are strictly bound, and now cannot obtain correct decruption key;
(5) after storage initialization, suppose that the super-ordinate right of intelligent television is acquired, assailant attempts the content getting secure storage areas in this locality, by to the decompiling of Java layer identification code and re invocation secure storage areas JNI interface, thus directly obtain sensitive data, in memory block local library calls, increase interface interchange certification, if upper layer identification code is tampered, now can there is interface interchange authentication error in bottom code.
2. the safe Enhancement Method of Android intelligent television sensitive data according to claim 1, is characterized in that: the method that described decruption key and equipment carry out strictly binding is as follows:
(2-1) root key RootKey is produced with hardware unique information;
(2-2) use Rootkey to be encrypted 16 fixed key FixedKey and generate RootFixedKey;
(2-3) the SafeFSKey encryption of RootFixedKey to VFS key district is used to obtain final key FinalKey;
(2-4) this FinalKey is exactly unique decruption key, therefore cannot obtain correct decruption key on other equipment.
3. the safe Enhancement Method of Android intelligent television sensitive data according to claim 1, is characterized in that, the described method increasing interface interchange certification in memory block local library calls is as follows:
(3-1) service platform KeyFactory generates a pair public and private key;
(3-2) developer submits third-party application installation kit and developer's certificate to, and keeper verifies bag legitimacy, if be verified, use private key to be encrypted developer's information and bag name, enciphered data is handed down to third-party application as Key;
(3-3) when third-party application calls secure storage areas JNI interface, Key is imported into;
(3-4) the present invention obtains third-party application bag name and developer's information;
(3-5) the present invention uses public-key and to be decrypted Key;
(3-6) the present invention carries out certification to the bag name obtained after deciphering and developer's information;
If (3-7) authentication success, then allow calling interface;
If (3-8) upper layer identification code is tampered, then the bag name obtained after the deciphering of Key value and the failure of developer's authentification of message, now can there is interface interchange authentication error in bottom code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510259122.7A CN104902291B (en) | 2015-05-20 | 2015-05-20 | A kind of safe Enhancement Method of Android intelligent television sensitive data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510259122.7A CN104902291B (en) | 2015-05-20 | 2015-05-20 | A kind of safe Enhancement Method of Android intelligent television sensitive data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104902291A true CN104902291A (en) | 2015-09-09 |
| CN104902291B CN104902291B (en) | 2017-09-29 |
Family
ID=54034642
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510259122.7A Expired - Fee Related CN104902291B (en) | 2015-05-20 | 2015-05-20 | A kind of safe Enhancement Method of Android intelligent television sensitive data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104902291B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107342933A (en) * | 2017-06-16 | 2017-11-10 | 上海庆科信息技术有限公司 | A kind of activation of smart machine and binding method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2010124376A (en) * | 2008-11-21 | 2010-06-03 | Mitsubishi Electric Corp | Authentication apparatus and encryption processing device |
| CN103237235A (en) * | 2013-03-18 | 2013-08-07 | 中国科学院信息工程研究所 | Method and system for realizing identity authentication on Cloud TV terminals |
| CN103763631A (en) * | 2014-01-07 | 2014-04-30 | 青岛海信信芯科技有限公司 | Authentication method, server and television |
-
2015
- 2015-05-20 CN CN201510259122.7A patent/CN104902291B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2010124376A (en) * | 2008-11-21 | 2010-06-03 | Mitsubishi Electric Corp | Authentication apparatus and encryption processing device |
| CN103237235A (en) * | 2013-03-18 | 2013-08-07 | 中国科学院信息工程研究所 | Method and system for realizing identity authentication on Cloud TV terminals |
| CN103763631A (en) * | 2014-01-07 | 2014-04-30 | 青岛海信信芯科技有限公司 | Authentication method, server and television |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107342933A (en) * | 2017-06-16 | 2017-11-10 | 上海庆科信息技术有限公司 | A kind of activation of smart machine and binding method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104902291B (en) | 2017-09-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105260663B (en) | A kind of safe storage service system and method based on TrustZone technologies | |
| CN108399329B (en) | Method for improving security of trusted application program | |
| CN103843303B (en) | The management control method and device of virtual machine, system | |
| CN111723383B (en) | Data storage and verification method and device | |
| CN109726588B (en) | Privacy protection method and system based on information hiding | |
| EP1542112A1 (en) | Open type general-purpose attack-resistant cpu, and application system thereof | |
| CN110795126A (en) | Firmware safety upgrading system | |
| CN105408912A (en) | Process authentication and resource permissions | |
| CN108229144B (en) | Verification method of application program, terminal equipment and storage medium | |
| CN108496323B (en) | Certificate importing method and terminal | |
| CN113032814B (en) | Internet of things data management method and system | |
| KR20130008939A (en) | Apparatus and method for preventing a copy of terminal's unique information in a mobile terminal | |
| CN112765637A (en) | Data processing method, password service device and electronic equipment | |
| CN110837634B (en) | Electronic signature method based on hardware encryption machine | |
| JP6951375B2 (en) | Information processing equipment, information processing methods and programs | |
| JP6199712B2 (en) | Communication terminal device, communication terminal association method, and computer program | |
| CN114329511A (en) | Virtual machine encryption method, system, equipment and medium based on identity authentication | |
| CN104902291B (en) | A kind of safe Enhancement Method of Android intelligent television sensitive data | |
| CN111953477A (en) | Terminal equipment, generation method of identification token of terminal equipment and interaction method of client | |
| CN114520735A (en) | User identity authentication method, system and medium based on trusted execution environment | |
| KR20150072007A (en) | Method for accessing temper-proof device and apparatus enabling of the method | |
| CN111046440B (en) | Tamper verification method and system for secure area content | |
| CN114036490A (en) | Security authentication method for calling plug-in software interface, USBKey driving device and authentication system | |
| CN113591053A (en) | Method and system for identifying general mobile equipment based on biological information | |
| CN110858246B (en) | Authentication method and system of security code space, and registration method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170929 Termination date: 20180520 |