CN104902291B - A kind of safe Enhancement Method of Android intelligent television sensitive data - Google Patents
A kind of safe Enhancement Method of Android intelligent television sensitive data Download PDFInfo
- Publication number
- CN104902291B CN104902291B CN201510259122.7A CN201510259122A CN104902291B CN 104902291 B CN104902291 B CN 104902291B CN 201510259122 A CN201510259122 A CN 201510259122A CN 104902291 B CN104902291 B CN 104902291B
- Authority
- CN
- China
- Prior art keywords
- key
- sensitive data
- intelligent television
- developer
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25808—Management of client data
- H04N21/25816—Management of client data involving client authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
- H04N21/26613—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Graphics (AREA)
- Storage Device Security (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The invention discloses a kind of safe Enhancement Method of Android intelligent television sensitive data, it is related to and the safety of Android intelligent television sensitive data is further enhanced, on the basis of existing technology, propose that a kind of new strategy more fully ensures the confidentiality of sensitive data.Virtual File System is encrypted by using the key code system related to hardware unique information, and decruption key is strictly bound with equipment, performed if attacker attempts the file and APK file of storing sensitive data being transplanted in other equipment, now attacker will be unable to obtain correct decruption key;Increase interface interchange certification, if attacker attempts decompiling Java layer identification codes, interface interchange authentication error will now occur for the local JNI interfaces of the Virtual File System after encryption is locally re-called, it is impossible to which success calling interface steals sensitive data.
Description
Technical field
Further enhanced the present invention relates to the safety to Android intelligent television sensitive data, on the basis of prior art
On, propose that a kind of new strategy more fully ensures the confidentiality of sensitive data, belong to field of information security technology.
Background technology
Relative closure situation, the integration of three networks, multifrequency interaction etc. is presented in current intelligent television industry contrast smart mobile phone industry
The development of technology, attack form will be on the increase, for some sensitive datas, the secret of data such as key, user profile
Property need to be sufficiently ensured, and the presence of malicious application may make these sensitive datas at any time in Android intelligent television
Everywhere by stealing, propagate, distort.Such issues that to solve, an effective approach is that secure storage areas technology is realized in design,
The secure storage areas technology stores sensitive number using multistage key code system and symmetric encipherment algorithm encrypted virtual file system
According to the Virtual File System after encryption is referred to as VFS.However, the significant challenge that such scheme faces is how to prevent
After the super-ordinate right (manager's authority, root authority) of Android intelligent television is acquired, attacker is to above-mentioned secure storage areas
VFS files and APK carry out attack to steal sensitive data.The present invention protects sensitive number in encrypted virtual file system technology
On the basis of confidentiality, it is proposed that further enhance the strategy of the security of Android intelligent television sensitive data.
The content of the invention
The technology of the present invention solves problem:Overcoming the deficiencies in the prior art, there is provided a kind of sensitive number of Android intelligent television
According to safe Enhancement Method, effectively prevent attacker that sensitive data storage file or APK file are transplanted in other equipment and hold
Capable behavior, further enhancing the security of Android intelligent television sensitive data.
Effective security strategy of the invention further enhances the safety of the sensitive data stored in Android intelligent television
Property, it in the following two cases, can effectively prevent attacker from obtaining sensitive data from above-mentioned secure storage areas, first, deposit
After storage area initialization, the super-ordinate right of intelligent television is acquired, and attacker gets VFS files and APK, and attempts to be transplanted to
Performed in other unauthorized devices, realize illicit copies validated user data, the behavior such as the validated user that disguises oneself as;Secondly, storage
After area's initialization, the super-ordinate right of intelligent television is acquired, and attacker attempts locally getting the content of secure storage areas,
By to Java layer identification codes again decompiling and calling secure storage areas JNI interfaces, so as to directly obtain sensitive data.
In order to achieve the above object, the present invention proposes a kind of safe Enhancement Method of Android intelligent television sensitive data.This
The sensitive data Confidentiality protection method that inventing includes can be divided into the security strategy of three phases:Operating system initialization rank
Section, secure storage areas initial phase and read data phase.
The safe Enhancement Method of Android intelligent television sensitive data of the present invention, its step is:
(1) in the operating system initialization stage, root key RootKey is produced according to hardware unique information, generated with secret
Key using Rootkey to Fskey encryption generation SafeFSKey, and is stored in VFS keys as VFS one-time pad FSKey
Area;
(2) in secure storage areas initial phase, facility information generation RootKey is reacquired, using Rootkey to 16
Generation RootFixedKey is encrypted in position fixed key FixedKey, and then RootFixedKey is encrypted to SafeFSKey
To final key FinalKey, initialize secure storage areas using FinalKey and critical data is stored in secure storage areas;
(3) it can regenerate FinalKey in read data phase, when reading data every time and carry out file decryption;
(4) after storage initialization, it is assumed that the super-ordinate right of intelligent television is acquired, attacker gets VFS files
And APK, and attempt to be transplanted to execution in other equipment, because decruption key is strictly bound with equipment, it can not now obtain
Obtain correct decruption key;
(5) after storage initialization, it is assumed that the super-ordinate right of intelligent television is acquired, attacker attempts locally obtaining
To the content of secure storage areas, by the decompiling of Java layer identification codes and re-calling secure storage areas JNI interfaces, so that
Sensitive data is directly obtained, increases interface interchange certification in memory block local library is called, if upper layer identification code is tampered, now
Interface interchange authentication error can occur for bottom code.
The decruption key and the method that equipment is strictly bound are as follows:
Root key RootKey 2-1) is produced with hardware unique information;
16 fixed key FixedKey 2-2) are encrypted with generation RootFixedKey using Rootkey;
Final key FinalKey 2-3) is obtained to the SafeFSKey encryptions of VFS key zones using RootFixedKey;
2-4) FinalKey is exactly unique decruption key.Therefore can not be obtained in other equipment correctly decrypt it is close
Key.
The method for increasing interface interchange certification in memory block local library is called is as follows:
3-1) service platform KeyFactory generates a pair of public and private keys;
3-2) developer submits third-party application installation kit and developer's certificate, keeper's checking bag legitimacy, if checking
Pass through, developer's information and bag name are encrypted using private key, encryption data is handed down to third-party application as Key;
It is 3-3) when third-party application calls secure storage areas JNI interfaces, Key is incoming;
3-4) present invention obtains third-party application bag name and developer's information;
3-5) Key is decrypted using public key by the present invention;
3-6) present invention is authenticated to the bag name and developer's information that are obtained after decryption;
If 3-7) certification success, allows calling interface;
The bag name obtained if 3-8) upper layer identification code has been tampered after the decryption of Key values and the failure of developer's authentification of message,
Now interface interchange authentication error can occur for bottom code.
Beneficial effects of the present invention:
Present invention uses the unique information of hardware device come decrypt encryption after sensitive data, effectively prevent attacker
Sensitive data storage file and APK file are transplanted to the behavior performed in other equipment, and possessed using legal developer
Developer key unique characteristic, by interface interchange authentication method, to prevent attacker from calling secure storage areas sheet
Ground JNI interfaces, further enhancing the security of Android intelligent television sensitive data.
Brief description of the drawings
Fig. 1 is the safe Enhancement Method encryption system schematic diagram of Android intelligent television sensitive data of the present invention;
Fig. 2 is the safe Enhancement Method Verification System schematic diagram of Android intelligent television sensitive data of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is to be understood that described embodiment is only a part of embodiment of the invention, rather than whole implementation
Example.Based on the embodiment in the present invention, it is all that those skilled in the art are obtained under the premise of creative work is not made
Other embodiment, belongs to the scope of protection of the invention.
The embodiment is to provide the intelligent television TSM Security Agent software of service for the unified management of intelligent television product,
Used with ensureing that intelligent television can legally be run by safety and stability, mainly comprising certificate activation, authentication, using sign test
With safety storage etc. function.When TSM Security Agent is run, service is provided for application erector using sign test interface;Authentication interface
Interface is provided for cloud services such as application shops, passes through the legitimacy of unified identity authentication center query facility;Certificate activation interface
Called, interacted by certification agency server and manufacturer sub- CA certificate server by manufacturer, complete swashing for user certificate
It is living;User certificate and the key file used using sign test are stored in secure storage areas.
The intelligent television TSM Security Agent software is as embodiments of the invention, and the safe Enhancement Method of its sensitive data is related
Technical scheme is as follows:
As shown in figure 1, the safe Enhancement Method encryption system schematic diagram of Android intelligent television sensitive data of the present invention.
In the operating system initialization stage, root key RootKey is produced according to hardware unique information, generation random key is used as the one of VFS
A secondary close FSKey, using Rootkey to Fskey encryption generation SafeFSKey, and is stored in VFS key zones;The safe generation
When reason software starts first, secure storage interfaces can be called to set up a virtual file system and carry out data storage, while intelligence
The installed certificate of energy television terminal, software sign test public key, configuration file are saved in secure storage areas.TSM Security Agent needs to store number
According to when, it is necessary to call data memory interface, secure storage module is received after this request, reacquires facility information life
Into RootKey, 16 fixed key FixedKey are encrypted with generation RootFixedKey using Rootkey, then
RootFixedKey obtains final key FinalKey to SafeFSKey encryptions, and secure storage areas is initialized using FinalKey
And critical data is stored in secure storage areas, secure storage areas stores critical data, table directly perceived using encrypted virtual file system
It is now binary file form, using 256 keys and AES encryption algorithm, and uses the multistage key code system with apparatus bound;
Equally, when TSM Security Agent needs access safety storage area data, required data are read by reading data-interface, when safety storage
Module is connected to after reading request of data, and corresponding data file is found from Virtual File System, is regenerated in the same way
FinalKey carries out file decryption, and the data after decryption are then transferred to TSM Security Agent.Because decruption key is entered with equipment
The strict binding of row, if attacker gets VFS files and APK, and attempts to be transplanted to execution in other equipment, can not now be obtained
Correct decruption key.
It is the safe Enhancement Method Verification System schematic diagram of Android intelligent television sensitive data of the present invention as shown in Figure 2.Peace
Three main functional modules of Full Proxy software are certificate activation, authentication, using sign test.When intelligent television is opened, factory
Negotiate the transfer of the interface provided with TSM Security Agent device id and vendor id is incoming, can be opened after TSM Security Agent recording equipment ID and vendor id
Dynamic certificate activation process, now calls the certificate activation interface of TSM Security Agent;When Intelligent television terminal accesses cloud application service,
TSM Security Agent can be called to initiate certification request, the authentication interface provided by TSM Security Agent to authentication agent server first
Carry out authentication;The sign test interface that TSM Security Agent module is provided calls in manufacturer during using installation, according to application program
The relevant information of installation kit carries out sign test operation to application program or application patch, and sign test result is returned into caller.With
On call the behaviors such as certificate activation interface, authentication interface, sign test interface to be all involved in following security strategy:It is flat by service
Platform KeyFactory generates a pair of public and private keys, and developer submits third-party application installation kit and developer's certificate, keeper's checking
Bag legitimacy, if being verified, developer's information and bag name is encrypted using private key, encryption data is handed down to as Key
The developer of third-party application.When intelligent television manufacturer third-party application calls the local JNI interfaces of TSM Security Agent, (certificate activation connects
Mouth, authentication interface, sign test interface) when need Key is incoming, TSM Security Agent arrive first local secure storage area read it is public
Key, if it is local without storage of public keys information, it is necessary to connecting network arrives the address of service acquisition public key specified, get it
Afterwards, secure storage areas is write, and returns to public key, verifies whether developer KEY is legal, does not conform to rule and returns to error message;If closing
Method, Key is decrypted using public key.TSM Security Agent is authenticated to the bag name and developer's information that are obtained after decryption, if recognizing
Demonstrate,prove successfully, then allow calling interface, realize correlation function;If upper layer identification code has been tampered, the bag obtained after the decryption of Key values
Name and the failure of developer's authentification of message, now interface interchange authentication error can occur for bottom code, cause interface interchange to fail.Its
Middle service platform KeyFactory needs special messenger's Maintenance Development person application, examines and issue Key.
Above example is provided just for the sake of the description purpose of the present invention, and is not intended to limit the scope of the present invention.This
The scope of invention is defined by the following claims.The various equivalent substitutions that do not depart from spirit and principles of the present invention and make and repair
Change, all should cover within the scope of the present invention.
Claims (2)
1. a kind of safe Enhancement Method of Android intelligent television sensitive data, it is characterised in that realize that step is as follows:
(1) in the operating system initialization stage, root key RootKey is produced according to hardware unique information, generation random key is made
For VFS one-time pad FSKey, using Rootkey to Fskey encryption generation safe key SafeFSKey, and VFS is stored in
Key zone;
(2) in secure storage areas initial phase, reacquire facility information and generate RootKey, it is solid to 16 using Rootkey
Determine key FixedKey and generation root fixed key RootFixedKey is encrypted, then RootFixedKey is to SafeFSKey
Encryption obtains final key FinalKey, initializes secure storage areas using FinalKey and stores critical data deposit safety
Area;
(3) it can regenerate FinalKey in read data phase, when reading data every time and carry out file decryption;
(4) after storage initialization, it is assumed that the super-ordinate right of intelligent television is acquired, attacker get VFS files and
APK, and attempt to be transplanted to execution in other equipment, decruption key and equipment are strictly bound, and can not now obtain correct
Decruption key;
(5) after storage initialization, it is assumed that the super-ordinate right of intelligent television is acquired, attacker attempts locally getting peace
The content of full memory block, by the decompiling of Java layer identification codes and re-calling secure storage areas JNI interfaces, so that directly
Acquisition sensitive data, increases interface interchange certification in memory block local library is called, if upper layer identification code is tampered, now bottom
Interface interchange authentication error can occur for code.
2. the safe Enhancement Method of Android intelligent television sensitive data according to claim 1, it is characterised in that described
The method for increasing interface interchange certification in memory block local library is called is as follows:
(3-1) service platform KeyFactory generates a pair of public and private keys;
(3-2) developer submits third-party application installation kit and developer's certificate, keeper's checking bag legitimacy, if checking is logical
Cross, developer's information and bag name are encrypted using private key, encryption data is handed down to third-party application as Key;
(3-3) calls secure storage areas JNI interfaces when third-party application, and Key is incoming;
(3-4) obtains third-party application bag name and developer's information;
(3-5) Key is decrypted using public key;
(3-6) is authenticated to the bag name and developer's information that are obtained after decryption;
(3-7) is if certification success, allows calling interface;
Bag name and the failure of developer's authentification of message that (3-8) is obtained if upper layer identification code has been tampered after the decryption of Key values, this
When bottom code can occur interface interchange authentication error.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510259122.7A CN104902291B (en) | 2015-05-20 | 2015-05-20 | A kind of safe Enhancement Method of Android intelligent television sensitive data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510259122.7A CN104902291B (en) | 2015-05-20 | 2015-05-20 | A kind of safe Enhancement Method of Android intelligent television sensitive data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104902291A CN104902291A (en) | 2015-09-09 |
| CN104902291B true CN104902291B (en) | 2017-09-29 |
Family
ID=54034642
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510259122.7A Expired - Fee Related CN104902291B (en) | 2015-05-20 | 2015-05-20 | A kind of safe Enhancement Method of Android intelligent television sensitive data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104902291B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107342933B (en) * | 2017-06-16 | 2021-03-19 | 上海庆科信息技术有限公司 | Activation and binding method and device for intelligent equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103237235A (en) * | 2013-03-18 | 2013-08-07 | 中国科学院信息工程研究所 | Method and system for realizing identity authentication on Cloud TV terminals |
| CN103763631A (en) * | 2014-01-07 | 2014-04-30 | 青岛海信信芯科技有限公司 | Authentication method, server and television |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP5311981B2 (en) * | 2008-11-21 | 2013-10-09 | 三菱電機株式会社 | Cryptographic communication system |
-
2015
- 2015-05-20 CN CN201510259122.7A patent/CN104902291B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103237235A (en) * | 2013-03-18 | 2013-08-07 | 中国科学院信息工程研究所 | Method and system for realizing identity authentication on Cloud TV terminals |
| CN103763631A (en) * | 2014-01-07 | 2014-04-30 | 青岛海信信芯科技有限公司 | Authentication method, server and television |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104902291A (en) | 2015-09-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105260663B (en) | A kind of safe storage service system and method based on TrustZone technologies | |
| CN110532735B (en) | Firmware upgrading method | |
| CN108055133B (en) | Key security signature method based on block chain technology | |
| CN103843303B (en) | The management control method and device of virtual machine, system | |
| US11882442B2 (en) | Handset identifier verification | |
| CN109726588B (en) | Privacy protection method and system based on information hiding | |
| CN109361668A (en) | A kind of data trusted transmission method | |
| US20080005577A1 (en) | Subsidy lock enabled handset device with asymmetric verification unlocking control and method thereof | |
| KR20140126787A (en) | Puf-based hardware device for providing one time password, and method for 2-factor authenticating using thereof | |
| CN111431707B (en) | Service data information processing method, device, equipment and readable storage medium | |
| CN111723383A (en) | Data storage and verification method and device | |
| CN110795126A (en) | Firmware safety upgrading system | |
| US20130097427A1 (en) | Soft-Token Authentication System | |
| EP3017580A1 (en) | Signatures for near field communications | |
| CN111901360B (en) | Control system and method suitable for safe access of intranet data | |
| KR20130008939A (en) | Apparatus and method for preventing a copy of terminal's unique information in a mobile terminal | |
| KR100939725B1 (en) | Certification method for a mobile phone | |
| CN112653553B (en) | Internet of things equipment identity management system | |
| CN106686585A (en) | Binding method and system | |
| CN107911221B (en) | Key management method for secure storage of solid-state disk data | |
| US20170262640A1 (en) | Database operation method and device | |
| CN112613033A (en) | Method and device for safely calling executable file | |
| CN109474431A (en) | Client certificate method and computer readable storage medium | |
| CN109302442B (en) | Data storage proving method and related equipment | |
| CN104902291B (en) | A kind of safe Enhancement Method of Android intelligent television sensitive data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170929 Termination date: 20180520 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |