CN104992122A - Cell phone private information safe box based on ARM Trust Zone - Google Patents
Cell phone private information safe box based on ARM Trust Zone Download PDFInfo
- Publication number
- CN104992122A CN104992122A CN201510425659.6A CN201510425659A CN104992122A CN 104992122 A CN104992122 A CN 104992122A CN 201510425659 A CN201510425659 A CN 201510425659A CN 104992122 A CN104992122 A CN 104992122A
- Authority
- CN
- China
- Prior art keywords
- security
- trustzone
- file
- arm
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6236—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database between heterogeneous systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Abstract
The invention discloses a cell phone private information safe box based on an ARM Trust Zone. The cell phone private information safe box comprises a common zone operating system (Rish OS) and a security zone operating system (Security OS); when the common region zone operating system is switched to the security zone operating system, a monitor mode provided by the ARM Trust Zone is needed; a user sends a fast interrupt request (FIQ) through the common zone operating system to enter the monitor mode; under the monitor mode, an NS site of a security configuration register (SCR) of an ARM processor is modified and is set to be 0, so that a CPU status is switched to the security zone operating system; and a user of a security zone can selectively carry out a security operating procedure or store a cell phone private document, and utilizes an encryption function provided by the CPU of the ARM Trust Zone to carry out encryption and decryption on the security zone. According to the cell phone private information safe box provided by the invention, the cell phone private document and software with high-security requirements are preserved in the security region by a user of a common zone through simple operation, and the private document of the user in the security zone is encrypted and decrypted; and meanwhile, the user can safely operate application programs with high-security requirements.
Description
Technical field
The invention belongs to mobile phone safe technical field, relate to the proof box of a kind of mobile phone privacy information protection and safety operation of applied program, particularly relate to a kind of mobile phone privacy information insurance case based on ARM TrustZone.
Background technology
Have two kinds of Secure isolation technology in field of mobile equipment at present, one is Intel Virtualization Technology, and another kind is the credible execution environment that GlobalPlatform proposes.
Intel Virtualization Technology provides the whole resources required for system for different client operating systems, each operating system can isolated operation in different level of security patterns.The realization of Intel Virtualization Technology, based on virtual machine (Virtual Machine), is split memory headroom, resource and time simultaneously.OpenKernel Labs company has issued the virtualization solution SecureIT Mobile based on Mach OKL4 Microvisor, by Intel Virtualization Technology, supports two territories on the same mobile device simultaneously, mutually isolated between these territories; Green Hills Software is the operating system INTEGRITY that EAL 7 develops, and have employed Intel Virtualization Technology and insincere application and trusted application is kept apart, and trusted application be placed on high believable operating system kernel.But Intel Virtualization Technology does not provide hardware protection to equipment and internal memory, still there is larger potential safety hazard.
Similar with Intel Virtualization Technology on credible execution environment framework, be all run two execution environments on same hardware platform, difference is, it provides the hardware protection to equipment and internal memory.The realization of common credible execution environment is based on ARM TrustZone technology.ARM TrustZone technology realizes complete security of system by hewing out one piece of trusted code district in embedded mmdb.Trusted code district takes up space relatively little, in the safety zone that the processor operating in support ARM TrustZone technology increases newly, thus lay a good foundation for the system-level security of codes implement of internal system, trusted code support starts to the credible execution of code supporting each rank from embedded guiding.These trusted code just can be used for the task that safety is relevant in disposal system.Huawei's sea think of kylin 620 chip has employed the safety chip based on ARM TrustZone.Normal mode and safe mode two kinds of patterns of ARM TrustZone concentrate in a kernel, can realize simple switching, and realize the safeguard protection of hardware layer strengthening, the sensitive data of user is stored in be had in the chip of safe mode, reaches the object of security protection.But the more advantages of this chip are the lifting aspects concentrating on performance, for safety applications not more guidances of user.
Summary of the invention
In order to solve user file and application security isolating problem, the invention provides a mobile phone privacy information insurance case based on ARM TrustZone.
The technical solution adopted in the present invention is: one, based on the mobile phone privacy information insurance case of ARM TrustZone, is characterized in that: comprise common territory operating system (Rish OS) and secure domain operation system (Security OS); When described common territory operating system is switched to secure domain operation system, the monitoring mode (Minitor Mode) that ARM TrustZone provides need be used, user sends quick-speed interruption (FIQ) by common territory operating system and enters monitoring mode, revise the NS position of the secure configuration registers (SCR) of arm processor in the monitoring mode, be set to 0, make CPU state be switched to secure domain operation system; Can select to carry out safe operation program or carry out the storage of mobile phone privacy file security domain user, and the secret file of encryption function to security domain utilizing ARM TrustZone CPU to provide when reading internal memory carries out encryption and decryption.
A mobile phone privacy information insurance case based on ARM TrustZone provided by the invention is used to carry out the method for mobile phone privacy information insurance, it is characterized in that: can realize mobile phone privacy file encryption common territory user by shirtsleeve operation and be saved in security domain, user can safe operation application program in a secure domain.
As preferably, described mobile phone privacy file encryption is saved in security domain, and its specific implementation comprises the following steps:
Step 1: user logs in cell-phone customer terminal, clicks and transmits file button, trigger file transfer mode after tab file;
Step 2: (TrustZone Driver) sends quick-speed interruption (FIQ) to the TrustZone driving in common territory use kernel, system enters monitoring mode (Monitor Mode), freezes the state of common territory CPU simultaneously;
Step 3: monitoring mode (Monitor Mode) revises the NS position in the secure configuration registers (SCR) of arm processor;
Step 4: utilize document backup mechanism to find the file that will transmit according to mark from security domain, remove mark, be sent in the buffer memory of security domain; Now the CPU in common territory is in frozen state, cannot infiltrate transport process.Because security domain has highest weight limit, so can read all data in the internal memory of common territory;
Step 5: the key utilizing ARM TrustZone, adopts cryptographic algorithm to be encrypted storage to the file data sent.
As preferably, the aes algorithm that the cryptographic algorithm described in step 5 adopts ARM TrustZone to provide.
As preferably, described safe operation application program, its specific implementation comprises the following steps:
Step 1: user clicks the program in proof box, triggering handover operation;
Step 2: (TrustZone Driver) sends quick-speed interruption (FIQ) to the TrustZone driving in common territory use kernel, system enters monitoring mode (Monitor Mode), freezes the state of the register of the CPU in common territory simultaneously;
Step 3: monitoring mode (Monitor Mode) revises the NS position in the secure configuration registers (SCR) of arm processor, by this position 0, enters security domain;
Step 4: security domain runs complete Android operation system, user directly runs installation procedure operation, runs application; Achieve hardware isolated due to ARM TrustZone and provide peripheral hardware, as the protection of on-screen keyboard, so application program can safe operation at security domain.
Step 5: use I/O to monitor function and monitor the file reading in security domain internal memory, writing in files adopts cryptographic algorithm to be encrypted, and file reading is then decrypted; This ensure that security and the integrality of data in working procedure process.
As preferably, the aes algorithm that the cryptographic algorithm described in safe operation application program adopts ARM TrustZone to provide, the AES decipherment algorithm that deciphering adopts ARM TrustZone to provide.
As preferably, the blocked operation described in safe operation application program, its specific implementation process comprises following sub-step:
Step 1.1:TrustZone drives and sends interrupt request;
Step 1.2: interrupt request is sent in the interruptable controller TZIC of ARM TrustZone;
Step 1.3: judge the type that request is interrupted by interruptable controller TZIC, sends and interrupts to arm processor accordingly;
Step 1.4: be sent to different ARM registers according to interrupt type, sends to current operating conditions register (Current Program Status Register, CPSR), if FIQ, then enters monitoring mode by IRQ look-at-me;
Step 1.5: by monitoring mode, access security configuration register (Seucre Configuration Register, SCR), by NS position 0, realizes systematic evaluation.
Beneficial effect of the present invention:
(1) utilize ARM TrustZone technology to achieve a mobile phone privacy information insurance case, user relating to privacy and the high program of security requirement and file stored in proof box, thus can protect its security;
(2) the mobile phone dual system switching of secure operating system and non-secure operating system is achieved based on ARM TrustZone technology.Run different operating system in common territory and security domain, user, by shirtsleeve operation, can realize the quick switching of two kinds of systems thus realize hardware isolated;
(3) utilize the key that ARM TrustZone provides, the classified papers data of security domain are encrypted, improve the safety that security protects user data;
(4) switching between security domain and non-secure domains is accomplished fast and transparent, improve ease for use, program high for level of security can be installed in the safe by user by hand simultaneously, also secret file directly can be put in proof box, convenient to operation.
Accompanying drawing explanation
Fig. 1: the system principle schematic diagram being the embodiment of the present invention.
Fig. 2: the private information protection process flow diagram being the embodiment of the present invention.
Fig. 3: be the embodiment of the present invention for safety operation of applied program process flow diagram.
Fig. 4: be that the common territory of the embodiment of the present invention is to security domain switching flow figure.
Embodiment
Understand for the ease of those of ordinary skill in the art and implement the present invention, below in conjunction with drawings and Examples, the present invention is described in further detail, should be appreciated that exemplifying embodiment described herein is only for instruction and explanation of the present invention, is not intended to limit the present invention.
Ask for an interview Fig. 1, a mobile phone privacy information insurance case based on ARM TrustZone provided by the invention, comprises common territory operating system (Rish OS) and secure domain operation system (Security OS); When described common territory operating system is switched to secure domain operation system, the monitoring mode (Minitor Mode) that ARM TrustZone provides need be used, user sends quick-speed interruption (FIQ) by common territory operating system and enters monitoring mode, revise the NS position of the secure configuration registers (SCR) of arm processor in the monitoring mode, be set to 0, make CPU state be switched to secure domain operation system; Can select to carry out safe operation program or carry out the storage of mobile phone privacy file security domain user, and the secret file of encryption function to security domain utilizing ARM TrustZone CPU to provide when reading internal memory carries out encryption and decryption.
Below monitoring mode (Monitor Mode) principle of the present embodiment is described in detail:
In the CP15 coprocessor of the arm processor of band ARM TrustZone security extension, have a secure configuration registers (SCR), have a NS position in this register, this NS position indicates the state of current system.If NS is 0, then current system is in safe state; If NS is 1, then current system is in non-security state.But when system is in monitoring mode, no matter whether NS position is 0, can the resource of access security environment.This NS position not only affects CPU core and memory subsystem, can also affect the work of peripheral hardware in sheet.NS position is the critical extension that ARM TrustZone does system.The safe condition of system and the user model of system and privileged mode have nothing to do, and that is User space program also may operate in safe state, and when running franchise state program, system also may be in non-security state.NS position can only be running in safe state and be in the software change of privileged mode, and system can not access SCR register when non-secure states.The software of security context runs under safe state, and conventional environment software runs under non-security state.Therefore, when switching execution environment, need the safe condition of change system simultaneously.
The present invention adopts quick-speed interruption FIQ to come to enter monitoring mode from non-secure states: FIQ is defaulted as 0, represents that process when FIQ interrupts occurs enters suspending mode, if be 1, represents that processor when FIQ interrupts occurs enters monitoring mode.
If the NS position of SCR is directly set to 1 by the software of security context under non-monitor mode, then system directly enters non-secure states, and this has made non-secure states have to see just in the instruction of streamline, and the possibility of data just in a register.If these instruction and datas are all sensitive informations, this will bring security threat to system.Therefore, the NS position of SCR can just directly be revised under being usually only in monitoring mode.
Below the security interrupt principle of the present embodiment is described in detail:
Watch-dog has under the code without any execution environment helps just can the ability of Direct Acquisition FIQ and IRQ, and this can create an interrupt model flexibly for security interrupt source.When perform flow to reach watch-dog time, interrupt request can be routed to corresponding interrupt handling routine by watch-dog, and if security interrupt controller combine the interruption that security interrupt source just can be allowed to send can not by the software operation of common territory.
The present invention uses IRQ as the interrupt source in common territory, and quick-speed interruption (FIQ) is as the interrupt source of security domain.Because most operating system all adopts IRQ as interrupt source, FIQ is adopted to mean the change of common territory operating system minimum as security interrupt source.If interrupt occurring in corresponding execution environment, then do not need the switching carrying out execution environment, otherwise be trapped in watch-dog, switch execution environment by watch-dog.Close when executive monitor code and interrupt.
A mobile phone privacy information insurance case based on ARM TrustZone provided by the invention is used to carry out the method for mobile phone privacy information insurance, its implementation procedure can realize mobile phone privacy file encryption common territory user by shirtsleeve operation to be saved in security domain, and user can safe operation application program in a secure domain.
Ask for an interview Fig. 2, the mobile phone privacy file encryption of the present embodiment is saved in security domain, and its specific implementation comprises the following steps:
Step 1: user logs in cell-phone customer terminal, clicks and transmits file button, trigger file transfer mode after tab file;
Step 2: (TrustZone Driver) sends quick-speed interruption (FIQ) to the TrustZone driving in common territory use kernel, system enters monitoring mode (Monitor Mode), freezes the state of the register of common territory CPU simultaneously;
Step 3: monitoring mode (Monitor Mode) revises the NS position in the secure configuration registers (SCR) of arm processor;
Step 4: utilize document backup mechanism to find the file that will transmit according to mark from security domain, remove mark, be sent in the buffer memory of security domain;
Step 5: the key utilizing ARM TrustZone, adopts the file data sent and utilizes the AES encryption algorithm of ARM TrustZone CPU to be encrypted storage.
Ask for an interview Fig. 3, the safe operation application program of the present embodiment, its specific implementation comprises the following steps:
Step 1: user clicks the program in proof box, triggering handover operation;
Step 2: (TrustZone Driver) sends quick-speed interruption (FIQ) to the TrustZone driving in common territory use kernel, system enters monitoring mode (Monitor Mode), freezes the state of the register of the CPU in common territory simultaneously;
Step 3: monitoring mode (Monitor Mode) revises the NS position in the secure configuration registers (SCR) of arm processor, by this position 0, enters security domain;
Step 4: security domain runs complete Android operation system, user directly runs installation procedure operation, runs application;
Step 5: use I/O to monitor function and monitor the file reading in security domain internal memory, writing in files adopts AES encryption algorithm to be encrypted, and file reading then carries out checking integrality and AES deciphering.
Ask for an interview Fig. 4, blocked operation in the safe operation application program of the present embodiment, its specific implementation process comprises following sub-step:
Step 1.1:TrustZone drives and sends interrupt request;
Step 1.2: interrupt request is sent in the interruptable controller TZIC of ARM TrustZone;
Step 1.3: judge the type that request is interrupted by interruptable controller TZIC, sends and interrupts to arm processor accordingly;
Step 1.4: be sent to different ARM registers according to interrupt type, sends to current operating conditions register (Current Program Status Register, CPSR), if FIQ, then enters monitoring mode by IRQ look-at-me;
Step 1.5: by monitoring mode, access security configuration register (Seucre Configuration Register, SCR), by NS position 0, realizes systematic evaluation.
Should be understood that, the part that this instructions does not elaborate all belongs to prior art.
Should be understood that; the above-mentioned description for preferred embodiment is comparatively detailed; therefore the restriction to scope of patent protection of the present invention can not be thought; those of ordinary skill in the art is under enlightenment of the present invention; do not departing under the ambit that the claims in the present invention protect; can also make and replacing or distortion, all fall within protection scope of the present invention, request protection domain of the present invention should be as the criterion with claims.
Claims (7)
1. based on a mobile phone privacy information insurance case of ARM TrustZone, it is characterized in that: comprise common territory operating system (Rish OS) and secure domain operation system (Security OS); When described common territory operating system is switched to secure domain operation system, the monitoring mode (Minitor Mode) that ARM TrustZone provides need be used, user sends quick-speed interruption (FIQ) by common territory operating system and enters monitoring mode, revise the NS position of the secure configuration registers (SCR) of arm processor in the monitoring mode, be set to 0, make CPU state be switched to secure domain operation system; Can run the program of high demand for security security domain user or carry out the storage of mobile phone privacy file, and the secret file of encryption function to security domain utilizing when file reading ARM TrustZone CPU to provide carries out AES encryption and decryption.
2. the method utilizing the mobile phone privacy information insurance case based on ARM TrustZone described in claim 1 to carry out mobile phone privacy information insurance, it is characterized in that: can realize mobile phone privacy file encryption common territory user by shirtsleeve operation and be saved in security domain, user can safe operation application program in a secure domain.
3. method according to claim 2, is characterized in that: described mobile phone privacy file encryption is saved in security domain, and its specific implementation comprises the following steps:
Step 1: user logs in cell-phone customer terminal, clicks and transmits file button, trigger file transfer mode after tab file;
Step 2: (TrustZone Driver) sends quick-speed interruption (FIQ) to the TrustZone driving in common territory use kernel, system enters monitoring mode (Monitor Mode), freezes the state of the register of common territory CPU simultaneously;
Step 3: monitoring mode (Monitor Mode) revises the NS position in the secure configuration registers (SCR) of arm processor;
Step 4: utilize document backup mechanism to find the file that will transmit according to mark from security domain, remove mark, be sent in the buffer memory of security domain;
Step 5: the key utilizing ARM TrustZone, adopts cryptographic algorithm to be encrypted storage to the file data sent.
4. method according to claim 3, is characterized in that: the file of AES encryption function to security domain utilizing TrustZone CPU to provide described in step 5 is encrypted.
5. method according to claim 2, is characterized in that: described safe operation application program, and its specific implementation comprises the following steps:
Step 1: user clicks the program in proof box, triggering handover operation;
Step 2: (TrustZone Driver) sends quick-speed interruption (FIQ) to the TrustZone driving in common territory use kernel, system enters monitoring mode (Monitor Mode), freezes the state of the register of the CPU in common territory simultaneously;
Step 3: monitoring mode (Monitor Mode) revises the NS position in the secure configuration registers (SCR) of arm processor, by this position 0, enters security domain;
Step 4: security domain runs complete Android operation system, user can installation and operation application program;
Step 5: use I/O to monitor function and monitor the file reading in security domain internal memory, writing in files adopts cryptographic algorithm to be encrypted, and file reading is then decrypted.
6. method according to claim 5, is characterized in that: the file of AES encryption function to security domain utilizing TrustZone CPU to provide described in step 5 is encrypted.
7. method according to claim 5, is characterized in that, the blocked operation described in step 1, and its specific implementation process comprises following sub-step:
Step 1.1:TrustZone drives and sends interrupt request;
Step 1.2: interrupt request is sent in the interruptable controller TZIC of ARM TrustZone;
Step 1.3: judge the type that request is interrupted by interruptable controller TZIC, sends and interrupts to arm processor accordingly;
Step 1.4: be sent to different ARM registers according to interrupt type, sends to current operating conditions register (Current Program Status Register, CPSR), if FIQ, then enters monitoring mode by IRQ look-at-me;
Step 1.5: by monitoring mode, access security configuration register (Seucre Configuration Register, SCR), by NS position 0, realizes systematic evaluation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510425659.6A CN104992122A (en) | 2015-07-20 | 2015-07-20 | Cell phone private information safe box based on ARM Trust Zone |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510425659.6A CN104992122A (en) | 2015-07-20 | 2015-07-20 | Cell phone private information safe box based on ARM Trust Zone |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104992122A true CN104992122A (en) | 2015-10-21 |
Family
ID=54303935
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510425659.6A Pending CN104992122A (en) | 2015-07-20 | 2015-07-20 | Cell phone private information safe box based on ARM Trust Zone |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104992122A (en) |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106372537A (en) * | 2016-08-31 | 2017-02-01 | 宇龙计算机通信科技(深圳)有限公司 | Document protection method and device and terminal equipment |
CN106709360A (en) * | 2015-11-17 | 2017-05-24 | 福州瑞芯微电子股份有限公司 | Data transmission and storage method and system |
CN106909835A (en) * | 2016-12-28 | 2017-06-30 | 中软信息系统工程有限公司 | A kind of method that kernel integrity measurement is realized based on CPU space-time isolation mech isolation tests |
CN107066331A (en) * | 2016-12-20 | 2017-08-18 | 华为技术有限公司 | A kind of resource allocation methods and equipment based on TrustZone |
CN107168747A (en) * | 2017-05-27 | 2017-09-15 | 努比亚技术有限公司 | Differentiating method, device and the computer-readable recording medium of mobile terminal configuration |
CN107194284A (en) * | 2017-06-22 | 2017-09-22 | 济南浪潮高新科技投资发展有限公司 | A kind of method and system based on the user-isolated data of TrustZone |
CN107403152A (en) * | 2017-07-19 | 2017-11-28 | 大唐终端技术有限公司 | High-pass platform TrustZone fingerprint recognition realization method and systems |
CN108052415A (en) * | 2017-11-17 | 2018-05-18 | 中国科学院信息工程研究所 | A kind of malware detection platform quick recovery method and system |
CN109426523A (en) * | 2017-08-18 | 2019-03-05 | 厦门雅迅网络股份有限公司 | Dual system starts method and computer readable storage medium |
CN109446847A (en) * | 2017-08-31 | 2019-03-08 | 厦门雅迅网络股份有限公司 | Configuration method, terminal device and the storage medium of dual system peripheral resources |
CN109684126A (en) * | 2018-12-25 | 2019-04-26 | 贵州华芯通半导体技术有限公司 | For the Memory Checkout method of ARM equipment and the ARM equipment of execution Memory Checkout |
CN111552992A (en) * | 2020-03-19 | 2020-08-18 | 中国电子科技集团公司第七研究所 | Dual-system multimode communication architecture with asymmetric security level |
CN113835933A (en) * | 2021-11-26 | 2021-12-24 | 北京指掌易科技有限公司 | Data management method, device, medium and electronic equipment |
CN113886834A (en) * | 2021-09-29 | 2022-01-04 | 南方科技大学 | ARM architecture-based GPU trusted execution method, system, equipment and storage medium |
EP4134850A4 (en) * | 2020-05-08 | 2023-09-06 | Huawei Technologies Co., Ltd. | Computer system, service processing method, readable storage medium, and chip |
CN117633912A (en) * | 2024-01-26 | 2024-03-01 | 南湖实验室 | RISC-V architecture-based high-throughput secret calculation method and system |
CN117633912B (en) * | 2024-01-26 | 2024-05-03 | 南湖实验室 | RISC-V architecture-based high-throughput secret calculation method and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130031374A1 (en) * | 2011-07-29 | 2013-01-31 | Microsoft Corporation | Firmware-based trusted platform module for arm processor architectures and trustzone security extensions |
CN104091135A (en) * | 2014-02-24 | 2014-10-08 | 电子科技大学 | Safety system and safety storage method of intelligent terminal |
CN104239814A (en) * | 2014-09-17 | 2014-12-24 | 上海斐讯数据通信技术有限公司 | Mobile office safety method and mobile office safety system |
CN104463013A (en) * | 2014-12-08 | 2015-03-25 | 上海斐讯数据通信技术有限公司 | Mobile terminal and data encryption method thereof |
-
2015
- 2015-07-20 CN CN201510425659.6A patent/CN104992122A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130031374A1 (en) * | 2011-07-29 | 2013-01-31 | Microsoft Corporation | Firmware-based trusted platform module for arm processor architectures and trustzone security extensions |
CN104091135A (en) * | 2014-02-24 | 2014-10-08 | 电子科技大学 | Safety system and safety storage method of intelligent terminal |
CN104239814A (en) * | 2014-09-17 | 2014-12-24 | 上海斐讯数据通信技术有限公司 | Mobile office safety method and mobile office safety system |
CN104463013A (en) * | 2014-12-08 | 2015-03-25 | 上海斐讯数据通信技术有限公司 | Mobile terminal and data encryption method thereof |
Cited By (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106709360A (en) * | 2015-11-17 | 2017-05-24 | 福州瑞芯微电子股份有限公司 | Data transmission and storage method and system |
CN106372537B (en) * | 2016-08-31 | 2019-08-30 | 宇龙计算机通信科技(深圳)有限公司 | A kind of document protection method, apparatus and terminal device |
CN106372537A (en) * | 2016-08-31 | 2017-02-01 | 宇龙计算机通信科技(深圳)有限公司 | Document protection method and device and terminal equipment |
CN107066331A (en) * | 2016-12-20 | 2017-08-18 | 华为技术有限公司 | A kind of resource allocation methods and equipment based on TrustZone |
CN107066331B (en) * | 2016-12-20 | 2021-05-18 | 华为技术有限公司 | TrustZone-based resource allocation method and equipment |
CN106909835A (en) * | 2016-12-28 | 2017-06-30 | 中软信息系统工程有限公司 | A kind of method that kernel integrity measurement is realized based on CPU space-time isolation mech isolation tests |
CN106909835B (en) * | 2016-12-28 | 2020-02-07 | 中软信息系统工程有限公司 | Method for realizing kernel integrity measurement based on CPU (Central processing Unit) space-time isolation mechanism |
CN107168747A (en) * | 2017-05-27 | 2017-09-15 | 努比亚技术有限公司 | Differentiating method, device and the computer-readable recording medium of mobile terminal configuration |
CN107168747B (en) * | 2017-05-27 | 2020-12-29 | 努比亚技术有限公司 | Method and device for distinguishing mobile terminal configuration and computer readable storage medium |
CN107194284A (en) * | 2017-06-22 | 2017-09-22 | 济南浪潮高新科技投资发展有限公司 | A kind of method and system based on the user-isolated data of TrustZone |
CN107403152A (en) * | 2017-07-19 | 2017-11-28 | 大唐终端技术有限公司 | High-pass platform TrustZone fingerprint recognition realization method and systems |
CN107403152B (en) * | 2017-07-19 | 2020-07-31 | 大唐终端技术有限公司 | High-pass platform TrustZone fingerprint identification implementation method and system |
CN109426523A (en) * | 2017-08-18 | 2019-03-05 | 厦门雅迅网络股份有限公司 | Dual system starts method and computer readable storage medium |
CN109426523B (en) * | 2017-08-18 | 2022-12-06 | 厦门雅迅网络股份有限公司 | Dual-system starting method based on trustzone technology and computer readable storage medium |
CN109446847A (en) * | 2017-08-31 | 2019-03-08 | 厦门雅迅网络股份有限公司 | Configuration method, terminal device and the storage medium of dual system peripheral resources |
CN108052415A (en) * | 2017-11-17 | 2018-05-18 | 中国科学院信息工程研究所 | A kind of malware detection platform quick recovery method and system |
CN108052415B (en) * | 2017-11-17 | 2022-01-04 | 中国科学院信息工程研究所 | Rapid recovery method and system for malicious software detection platform |
CN109684126B (en) * | 2018-12-25 | 2022-05-03 | 贵州华芯通半导体技术有限公司 | Memory verification method for ARM equipment and ARM equipment for executing memory verification |
CN109684126A (en) * | 2018-12-25 | 2019-04-26 | 贵州华芯通半导体技术有限公司 | For the Memory Checkout method of ARM equipment and the ARM equipment of execution Memory Checkout |
CN111552992A (en) * | 2020-03-19 | 2020-08-18 | 中国电子科技集团公司第七研究所 | Dual-system multimode communication architecture with asymmetric security level |
CN111552992B (en) * | 2020-03-19 | 2023-11-14 | 中国电子科技集团公司第七研究所 | Asymmetric security level dual-system multimode communication architecture |
EP4134850A4 (en) * | 2020-05-08 | 2023-09-06 | Huawei Technologies Co., Ltd. | Computer system, service processing method, readable storage medium, and chip |
CN113886834A (en) * | 2021-09-29 | 2022-01-04 | 南方科技大学 | ARM architecture-based GPU trusted execution method, system, equipment and storage medium |
CN113835933A (en) * | 2021-11-26 | 2021-12-24 | 北京指掌易科技有限公司 | Data management method, device, medium and electronic equipment |
CN117633912A (en) * | 2024-01-26 | 2024-03-01 | 南湖实验室 | RISC-V architecture-based high-throughput secret calculation method and system |
CN117633912B (en) * | 2024-01-26 | 2024-05-03 | 南湖实验室 | RISC-V architecture-based high-throughput secret calculation method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104992122A (en) | Cell phone private information safe box based on ARM Trust Zone | |
US10152602B2 (en) | Protecting state information for virtual machines | |
EP3281146B1 (en) | Isolating guest code and data using multiple nested page tables | |
US9690947B2 (en) | Processing a guest event in a hypervisor-controlled system | |
US9727709B2 (en) | Support for secure objects in a computer system | |
EP3201820B1 (en) | Protecting application secrets from operating system attacks | |
Blass et al. | TRESOR-HUNT: attacking CPU-bound encryption | |
US10691627B2 (en) | Avoiding redundant memory encryption in a cryptographic protection system | |
US9483635B2 (en) | Methods, systems, and computer readable medium for active monitoring, memory protection and integrity verification of target devices | |
EP3274908B1 (en) | Technologies for hardening data encryption with secure enclaves | |
Boivie et al. | SecureBlue++: CPU support for secure execution | |
JP6580138B2 (en) | Processor, method and computer program for supporting secure objects | |
US20180239909A1 (en) | Systems and methods for providing processor state protections in a virtualized environment | |
Cheng et al. | Appshield: Protecting applications against untrusted operating system | |
CN102521531A (en) | Password protection system based on hardware virtualization | |
Cao et al. | CryptMe: Data leakage prevention for unmodified programs on ARM devices | |
Burdonov et al. | Virtualization-based separation of privilege: working with sensitive data in untrusted environment | |
Tang et al. | Secure and efficient in-hypervisor memory introspection using nested virtualization | |
EP3314502B1 (en) | Protecting state information for virtual machines | |
Hutton | Immunizing files against ransomware with koalafied immunity | |
Lie et al. | Using hypervisors to secure commodity operating systems | |
Nimgaonkar et al. | Ctrust: A framework for secure and trustworthy application execution in cloud computing | |
CN117063162A (en) | Apparatus and method for implementing shared virtual memory in trusted zone | |
Tanda et al. | Detect kernel-mode rootkits via real time logging & controlling memory access | |
Ruan et al. | DomainIsolation: Lightweight Intra-enclave Isolation for Confidential Virtual Machines |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20151021 |
|
RJ01 | Rejection of invention patent application after publication |