CN105095696B - Method, system and the equipment of safety certification are carried out to application program - Google Patents
Method, system and the equipment of safety certification are carried out to application program Download PDFInfo
- Publication number
- CN105095696B CN105095696B CN201510357652.5A CN201510357652A CN105095696B CN 105095696 B CN105095696 B CN 105095696B CN 201510357652 A CN201510357652 A CN 201510357652A CN 105095696 B CN105095696 B CN 105095696B
- Authority
- CN
- China
- Prior art keywords
- application program
- trusted application
- secret key
- trusted
- additional information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000012795 verification Methods 0.000 claims description 26
- 238000009826 distribution Methods 0.000 claims description 6
- 239000004148 curcumin Substances 0.000 description 16
- 230000008569 process Effects 0.000 description 16
- 238000010586 diagram Methods 0.000 description 8
- 239000004172 quinoline yellow Substances 0.000 description 8
- 238000010200 validation analysis Methods 0.000 description 6
- 239000004231 Riboflavin-5-Sodium Phosphate Substances 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 5
- 239000004149 tartrazine Substances 0.000 description 4
- 238000007689 inspection Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000002955 isolation Methods 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 230000004913 activation Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 239000000686 essence Substances 0.000 description 1
- 239000002360 explosive Substances 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
- G06F21/126—Interacting with the operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses method, system and equipment that safety certification is carried out to application program, wherein this method includes:Trusted application package is obtained from trusted application program Distributor, is transferred in trusted execution environments, is unpacked in trusted execution environments, obtain trusted application program and additional information;Obtain the decryption secret key of trusted application program and additional information;Using decryption secret key decryption trusted application program and additional information, the trusted application program after being decrypted and additional information;Single input digest algorithm operation is carried out to the trusted application program after decryption, obtains summary info;Using the signing messages in the public key decryptions additional information in additional information, original digest information is obtained;Judge whether the original digest information and the summary info are consistent, if it is, through safety certification, loading and running trusted application program in trusted execution environments.The present invention program can improve the safety of certification.
Description
Technical field
The present invention relates to secure authentication technologies, more particularly to carry out the method for safety certification, system to application program and set
It is standby.
Background technology
With popularizing for the smart machines such as smart mobile phone, tablet computer and smart television, in operation and smart machine
Explosive growth is also presented in the quantity of application program.In order to safeguard that the equity of software developer, the distribution of application program are required for
By safety certification.Smart machine usually only allows to install application program through safety certification, and existing safety verification mistake
Cheng Feichang is simple, only ensures the copyright of the integrality and software developer of application program.
At the same time, the use scope of application program is also increasingly wider, such as audio and video playback, e-payment and equipment
Between content it is shared etc..The key algorithm (code segment) and sensitive information (data segment) of application program are under above application scene
Belong to sensitive information, cannot distribute publicly, it is necessary to be protected.
And the prior art only carries out simple safety verification to application program, it is not further to application program content itself
Safety protection and certification are taken, key algorithm and sensitive information may be caused illegally to be stolen by hacker, causes huge loss.
Invention content
The present invention provides a kind of method carrying out safety certification to application program, this method can improve the safety of certification
Property.
The present invention provides a kind of system carrying out safety certification to application program, which can improve the safety of certification
Property.
The present invention provides a kind of smart machines carrying out safety certification to application program, which, which can improve, recognizes
The safety of card.
A method of safety certification being carried out to application program, this method includes:
Trusted application package is obtained from trusted application program Distributor, trusted application package is shifted
It into trusted execution environments, is unpacked in trusted execution environments, obtains trusted application program and additional information;
Obtain the decryption secret key of trusted application program and additional information;
Using decryption secret key decryption trusted application program and additional information, trusted application program after decrypt with
Additional information;
Single input digest algorithm operation is carried out to the trusted application program after decryption, obtains summary info;
Using the signing messages in the public key decryptions additional information in additional information, original digest information is obtained;
Judge whether the original digest information and the summary info are consistent, if it is, through safety certification, can
Trust and trusted application program is loaded and run in performing environment.
A kind of system carrying out safety certification to application program, the system include smart machine and trusted application program point
Server is sent out, the smart machine includes trusted application program management unit and Security Authentication Service unit, safety certification clothes
Business unit is located in trusted execution environments;
The trusted application program management unit obtains trusted application journey from trusted application program Distributor
Sequence packet is sent to the Security Authentication Service unit;
The Security Authentication Service unit receives the trusted application journey that the trusted application program management unit is sent
Sequence packet obtains encrypted trusted application program and additional information after being unpacked to it;Obtain trusted application program and additional letter
The decryption secret key of breath;Using decryption secret key decryption trusted application program and additional information, the trusted application after being decrypted
Program and additional information;Single input digest algorithm operation is carried out to the trusted application program after decryption, obtains summary info;Profit
With the signing messages in the public key decryptions additional information in additional information, original digest information is obtained;Judge the original digest
Whether information is consistent with the summary info, if it is, through safety certification, load and operation trusted application program;
The trusted application program Distributor is according to the request of the trusted application program management unit
It provides trusted application package.
A kind of smart machine carrying out safety certification to application program, which includes trusted application program management
Unit and Security Authentication Service unit, Security Authentication Service unit are located in trusted execution environments;
The trusted application program management unit obtains trusted application journey from trusted application program Distributor
Sequence packet is sent to the Security Authentication Service unit;
The Security Authentication Service unit receives the trusted application journey that the trusted application program management unit is sent
Sequence packet obtains trusted application program and additional information after being unpacked to it;Obtain the solution of trusted application program and additional information
Close secret key;Using decryption secret key decryption trusted application program and additional information, trusted application program after decrypt with
Additional information;Single input digest algorithm operation is carried out to the trusted application program after decryption, obtains summary info;Using additional
The signing messages in public key decryptions additional information in information, obtains original digest information;Judge the original digest information with
Whether the summary info is consistent, if it is, through safety certification, load and operation trusted application program.
From said program as can be seen that in the present invention, trusted application is obtained from trusted application program Distributor
Program bag, trusted application package is transferred in trusted execution environments, and trusted application program and attached is obtained after unpacking
Add information;Obtain the decryption secret key of trusted application program and additional information;Trusted application program is decrypted using decryption secret key
And additional information, the trusted application program after being decrypted and additional information;Trusted application program after decryption is carried out
Single input digest algorithm operation, obtains summary info;Using the signing messages in the public key decryptions additional information in additional information,
Obtain original digest information;Judge whether the original digest information and the summary info are consistent, if it is, passing through safety
Certification loads and runs trusted application program in trusted execution environments.Using the present invention program, to trusted application journey
Safety certification, load and the operation of sequence are all completed in trusted execution environments, ensure that the safety of certification.Also, it is credible
The transmission of application program and additional information between trusted application program Distributor and intelligent terminal is all to encrypt
Mode exist, ensure that the safety of trusted application program;The additional information of trusted application program simultaneously, including signature
Information and public key are also encrypted, enhance the integrality of trusted application program;To further improve the safety of certification
Property.
Description of the drawings
Fig. 1 is the method schematic flow chart that the present invention carries out application program safety certification;
Fig. 2 is the example flow diagram that trusted application program is submitted at present invention exploitation end;
Fig. 3 is the example flow diagram that smart machine of the present invention carries out trusted application program safety certification;
Fig. 4 is the system structure diagram that the present invention carries out application program safety certification;
Fig. 5 is the system architecture schematic diagram example that the present invention carries out application program complete certification.
Specific implementation mode
To make the objectives, technical solutions, and advantages of the present invention clearer, with reference to embodiment and attached drawing, to this
Invention is further described.
In the present invention, ring is executed by trusted is transferred to the safety certification of trusted application program, load and operation
Completed in border, also, trusted application and additional information trusted application program Distributor and intelligent terminal it
Between transmission be all to exist in a manner of encrypted, to, improve the safety of certification.
Referring to Fig. 1, the method schematic flow chart of safety certification is carried out to application program for the present invention comprising following step
Suddenly:
Step 101, trusted application package is obtained from trusted application program Distributor, by trusted application journey
Sequence packet is transferred in trusted execution environments, is unpacked in trusted execution environments, and trusted application program and attached is obtained
Add information.
Present invention employs carry out safety certification to application program from existing different scheme to adopt to be distinguished
It is known as trusted application program with the object that the present invention program is authenticated, the object being authenticated using existing scheme is known as
Common applications.
In the present invention, after trusted application program Distributor obtains trusted application package, trusted is answered
It is transferred in trusted execution environments with program bag, trusted application program can then be pacified in trusting performing environment
Full certification.
Step 102, the decryption secret key of trusted application program and additional information is obtained.
Decryption secret key can be that the arbitrarily decryption arranged between intelligent terminal and trusted application program Distributor is secret
Key;When needing, intelligent terminal directly extracts advance scheduled decryption secret key.It is also possible that when needed, according to what is made an appointment
Numerical procedure operation obtains required decryption secret key;Such as:
Smart machine obtains local safety and shares secret key;
Smart machine carries out the Universally Unique Identifier (UUID) of trusted application program and the shared secret key of safety how defeated
Enter digest algorithm calculating, obtains the decryption secret key of trusted application program and additional information.
Multi input digest algorithm, that is, have multiple input, and digest algorithm operation is carried out to multiple input.It is specific right in the present invention
UUID and safety two inputs of shared secret key carry out digest algorithm operation, obtain decryption secret key;The multi input digest algorithm is for example
For hash operation message authentication code (HMAC, Hash-based Message Authentication Code) algorithm.
The safety is shared secret key and is stored in the firmware of trusted execution environments with plaintext version, alternatively, being added by hardware
It is stored in the firmware of trusted execution environments after close;
If the shared secret key of safety is stored in the firmware of trusted execution environments in such a way that hardware is encrypted, using hard
Safety after part decryption engine is decrypted shares secret key, and the safety after decryption is shared secret key and is transported for multi input digest algorithm
It calculates;Otherwise safety is directly shared into secret key for multi input digest algorithm operation.
The shared secret key of safety can be present in the form of plaintext in the firmware of trusted execution environments, can also be by hard
It is present in the firmware of trusted execution environments after part encryption, the secret key that encryption safe shares secret key is hardware secret key, this hardware
Secret key can only be obtained by hardware cryptographic engine.Accordingly even when the firmware of trusted execution environments is illegally cracked by hacker, Hei Keye
The shared secret key of safety can not be obtained, the shared secret key safety of safety is improved.
For being related to sharing the situation of secret key safely, the method for the present invention further includes:
Authorization center receives the binding information that production firm provides, and the binding information includes that the safety of smart machine is shared
Correspondence between secret key and smart machine model, same type smart machine have unique smart machine model;
Authorization center preserves the binding information received.Correspondingly, distribute from trusted application program described in step 101 and service
Device obtains trusted application package, including:
Smart machine sends smart machine model and trusted to be asked to trusted application program Distributor
The UUID of application program;
Trusted application program Distributor sends the secret key comprising smart machine model to authorization center and asks;
Authorization center finds out corresponding safety in the binding relationship according to smart machine model and shares secret key, Xiang Ke
Trusted application Distributor returns to the shared secret key of safety;
Trusted application program Distributor uses UUID and the shared secret key of safety, to trusted application program and adds
Information carries out multi input digest algorithm operation, obtains the encryption secret key for encrypting trusted application program and additional information;
Using encryption secret key encryption trusted application program and additional information, wherein additional information includes signing messages and tests
The public key of signed certificate name;
Trusted application program Distributor beats encrypted trusted application program and corresponding additional information
It is bundled into trusted application package, trusted application package is returned into smart machine;
Smart machine downloads trusted application package.
Further, can also include UUID in the secret key request;After authorization center receives secret key request, this method is also
Including:
Authorization center verifies smart machine model and UUID, after verification effectively, executes described according to smart machine
Model finds out the step of corresponding safety shares secret key in the binding relationship.
Step 103, it is answered using decryption secret key decryption trusted application program and additional information, the trusted after being decrypted
With program and additional information.
In the present invention, trusted application program and additional information are all encrypted, and need to first calculate decryption secret key, are used
Decrypting secret key pair, it is decrypted.
Step 104, single input digest algorithm operation is carried out to the trusted application program after decryption, obtains summary info.
Single input digest algorithm, i.e., only there are one inputs, and digest algorithm operation is carried out to the input.It is specific right in this step
This input of trusted application program after decryption carries out digest algorithm operation, obtains decryption secret key;Single input abstract is calculated
Method is, for example, hash algorithm.
Step 105, using the signing messages in the public key decryptions additional information in additional information, original digest letter is obtained
Breath.
Step 106, judge whether the original digest information and the summary info are consistent, if it is, passing through safety
Certification loads and runs trusted application program in trusted execution environments.
In the present invention, trusted application package is obtained from trusted application program Distributor, by trusted application
Program bag is transferred in trusted execution environments, and trusted application program and additional information are obtained after unpacking;Trusted is obtained to answer
With the decryption secret key of program and additional information;Using decryption secret key decryption trusted application program and additional information, decrypted
Trusted application program afterwards and additional information;Single input digest algorithm operation is carried out to the trusted application program after decryption,
Obtain summary info;Using the signing messages in the public key decryptions additional information in additional information, original digest information is obtained;Sentence
Whether the original digest information of breaking and the summary info are consistent, if it is, through safety certification, ring is executed in trusted
Trusted application program is loaded and run in border.Using the present invention program, to the safety certification of trusted application program, load and
Operation is all completed in trusted execution environments, ensure that the safety of certification.Also, trusted application and additional information
Transmission between trusted application program Distributor and intelligent terminal is existed in a manner of encrypted, ensure that credible
Appoint the safety of application program;Simultaneously trusted application program additional information, including signing messages and public key be also it is encrypted,
Enhance the integrality of trusted application program;To further improve the safety of certification.
In the present invention, trusted application program Distributor is supplied to the trusted application program of user and additional letter
Breath uploads to trusted application program Distributor after the completion of it can in advance write at the beginning.Specifically:
It develops end and asks a UUID from authorization center;
Exploitation end carries out single input digest algorithm operation to the trusted application program write, and obtains summary info;It obtains
Random unsymmetrical key pair is encrypted operation to summary info using the private key of unsymmetrical key pair, obtains trusted and answer
With the signing messages of program;Additional information is formed by the public key of signing messages and asymmetric secret key;
Trusted application program, additional information and the UUID that ask are submitted into trusted application program and divided in exploitation end
Send out server.
The flow for developing end from authorization center acquisition UUID can be specific as follows:
It develops end and sends identification code application request to authorization center;
Authorization center carries out authentication, and the UUID of trusted application program is fed back in certification to exploitation end after passing through, each
A trusted application program all corresponds to a UUID.
Below by the flow of Fig. 2-3, safety certifying method of the present invention is illustrated.
Referring to Fig. 2, the example flow diagram of trusted application program is submitted for present invention exploitation end, in figure:
Software developer E100:Software developer is that trusted application code is write, tests, to trusted application journey
Sequence authorization center application Universally Unique Identifier, and submit trusted application package to distribute to trusted application program and service
The main body of device.
Digital signature service E102:For obtaining the asymmetric secret key pair for generating and verifying signature;Being obtained by Hash calculation can
The summary info of trusted application;Signing messages is generated using the private key encryption summary info of asymmetric secret key pair.
Trusted application program authorization center E104 (abbreviation authorization center E104 in figure):It is responsible for software developer's account
It issues;The distribution of trusted application program Universally Unique Identifier.
Trusted application program Distributor E106:The trusted application package that software developer submits is received, and
And safeguard a Universally Unique Identifier to trusted application package mapping table.
Wherein, software developer E100 and Digital signature service E102, composition exploitation end, it is common complete trusted application program and
Additional information is write.
The flow of Fig. 2 includes the following steps:
Step S200:Software developer E100 applies for the exploitation for submitting trusted application program to authorization center E104
Account, and the relevant authentication information for issuing exploitation account is provided.
Step S202:Authorization center E104 examines the account application of software developer E100, according to software development
It holds the relevant authentication information provided to E100 to be confirmed whether it is one exploitation account of its distribution to issue if by title examination
One exploitation account of hair gives software developer E100, and the account information for developing end is stored in local data base.
Step S204:The exploitation account request authorization center E104 distribution that software developer E100 is obtained according to step S202
One UUID.
Step S206:Software developer E100 to the trusted application program that has write using Digital signature service E102 into
Row Hash operation obtains the summary info of trusted application program.
Step S208:Software developer E100 obtains the unsymmetrical key pair randomly generated using Digital signature service E102, non-
Private key in symmetrical secret key pair is for generating signing messages, and public key is for verifying signing messages.
Step S210:Software developer E100 is believed using the private key encryption step S206 that step S208 the is generated abstracts obtained
Breath generates signing messages, and the public key of this signing messages and step S208 is formed additional information.
Step S212:Software developer E100 carries out the additional information generated in trusted application program and step S210
It is packaged, using the UUID of the step S202 exploitation accounts obtained and step S204 applications, distributes to trusted application program and service
Device E106, which is sent, submits request.
Step S214:Trusted application program Distributor E106 receives the submission request of software developer E100, and
To the validity of authorization center E104 inquiry exploitation account information and Universally Unique Identifier.
Step S216:Authorization center E104 inquires exploitation account in the database and UUID whether there is, if it is present
It is determined as effective information, and query result is replied into trusted application program Distributor E106.
Step S218:After trusted application program Distributor E106 confirms exploitation account and UUID validity, into
One step checks whether trusted application program and additional information have malicious code, and software developer is then received by safety inspection
The trusted application program and additional information that E100 is submitted, and increase a trusted application package and general unique identification
The correspondence of code is to mapping table.
After being checked, if trusted application program and additional information do not contain malicious code, pass through safety inspection.
Further, step S202 is developed in account verification process, and software developer E100 must provide sufficient proof
It is legal to need the trusted application program developed, because trusted application program runs on trusted execution environments.Such as
Software development end is the member of some standardization body or the employee of some content and service provider.
Further, step S214 first can before developing account and UUID validity to authorization center E104 inquiries
It checks whether UUID has existed inside mapping table, if it is present illustrating that the UUID had been submitted, directly returns wrong
Mistake gives software developer E100.
Further, malicious code is checked in step S218 by manually carrying out, therefore software developer E100 must
Complete trusted application program source code must be provided.Malicious code generally comprises abnormal operation hardware decryption engine, read-write decoding
The video memory etc. of device or display module.
In the present embodiment, it is contemplated that the security requirement of trusted application program is very high, it is necessary to software development end
Identity information and the trusted application program source code of submission do close inspection, can prevent the trusted application journey of malice in this way
Sequence attacks trusted execution environments.
It is the example flow diagram that smart machine of the present invention carries out trusted application program safety certification, packet referring to Fig. 3
Include following steps:
Step S302:Secret key is shared using the safety in the corresponding UUID of trusted application program and trusted execution environments
HMAC calculating is carried out, the decryption secret key of decryption trusted application program and additional information is obtained.
Step S304:The decryption secret key decryption trusted application program that is obtained using step S302 and corresponding additional
Information, the trusted application program after being decrypted and corresponding additional information.
Step S306:Hash operation is carried out to the trusted application program after decryption and obtains summary info 1.
Step S308:Using the signing messages in the public key decryptions additional information in additional information, summary info 2 is obtained.
Step S310:Comparison step S306 obtains the summary info 2 that summary info 1 and step S308 are obtained, and judges whether
It is equal, trusted application program is loaded and activated if equal, otherwise returns to error code.
Further, in step S302, if the shared secret key of safety is present in trusted execution environments in the form of plaintext
In, it then be used directly;If being present in trusted execution environments in such a way that hardware is encrypted, pass through hardware decryption engine solution
The close cryptographically existing shared secret key of safety, obtains the decryption secret key of decryption trusted application program and additional information.
Further, in step S304, trusted application program can be decrypted in a manner of software or hardware and is added
Information, whether this supports hardware decryption engine depending on smart machine, can effectively improving performance using hardware decryption engine.
Further, in step S308, public key and signing messages are extracted from additional information, are carried by software development end
A kind of mode of the copyright of the integrality and protection author for checking trusted application program supplied.
Further, in step S310, the trusted application program activated possesses independent address space, and safety is recognized
All operation modules are all isolation during card.
Further, the processing procedure of above-mentioned all steps is all completed in trusted execution environments, and pilot process generates
Ephemeral data and final trusted application code section and data segment be temporarily stored in secure memory, secure memory can only be by
Module read-write in trusted execution environments.
Referring to Fig. 4, the system structure diagram of complete certification is carried out to application program for the present invention, which includes intelligence
Equipment and trusted application program Distributor, the smart machine include that trusted application program management unit and safety are recognized
Service unit is demonstrate,proved, Security Authentication Service unit is located in trusted execution environments;Trusted application program management unit can be located at
In non-trusted performing environment, it may be alternatively located in trusted execution environments;
The trusted application program management unit obtains trusted application journey from trusted application program Distributor
Sequence packet is sent to the Security Authentication Service unit;
The Security Authentication Service unit receives the trusted application journey that the trusted application program management unit is sent
Sequence packet obtains trusted application program and additional information after being unpacked to it;Obtain the solution of trusted application program and additional information
Close secret key;Using decryption secret key decryption trusted application program and additional information, trusted application program after decrypt with
Additional information;Single input digest algorithm operation is carried out to the trusted application program after decryption, obtains summary info;Using additional
The signing messages in public key decryptions additional information in information, obtains original digest information;Judge the original digest information with
Whether the summary info is consistent, if it is, through safety certification, load and operation trusted application program;
The trusted application program Distributor is according to the request of the trusted application program management unit
It provides trusted application package.
Further, which further includes authorization center, receives binding information, and the binding information includes smart machine
The shared correspondence between secret key and smart machine model of safety, same type smart machine have unique smart machine model;
Preserve the binding information received.Some smart machine manufacturer may have multiple and different unit types, unit type can root
Formulated according to certain rule, for example, system on chip version, on condition that must assure that all same types of equipment manufacturer are set
One and only one standby unique model.
Further, the trusted application program management unit, under being sent to trusted application program Distributor
Request is carried, it is described to download UUID of the request comprising smart machine model and trusted application program to be asked;From it is described can
After trusted application Distributor downloads trusted application package, it is sent to the Security Authentication Service unit;
The trusted application program Distributor sends the secret key for including smart machine model to the authorization center
Request receives the safety that the authorization center returns and shares secret key;Using UUID and the shared secret key of safety, to trusted application journey
Sequence and additional information carry out multi input digest algorithm operation, obtain the encryption for encrypting trusted application program and additional information
Secret key;Using encryption secret key encryption trusted application program and additional information, wherein additional information includes signing messages and verification
The public key of signature;Encrypted trusted application program and corresponding additional information are packaged into trusted application package,
Trusted application package is returned into smart machine;
The authorization center receives the secret key request from the trusted application program Distributor, according to intelligence
Unit type finds out corresponding safety in the binding relationship and shares secret key, distributes to the trusted application program and services
Device returns to the shared secret key of safety.
Further, which further includes exploitation end, and a UUID is asked from authorization center;Trusted application to writing
Program carries out single input digest algorithm operation, obtains summary info;Random unsymmetrical key pair is obtained, using unsymmetrical key
To private key operation is encrypted to summary info, obtain the signing messages of trusted application program;By signing messages and non-right
The public key of secret key is claimed to form additional information;Trusted application program, additional information and the UUID that asks are submitted to credible
Appoint application program Distributor.
Further, the trusted application program management unit includes request module and receiving module, and the safety is recognized
Card service unit is located in trusted execution environments, including Packet analyzing service module, decryption service module, signature verification service mould
Block and process load service module;
The request module sends to trusted application program Distributor and downloads request;
The receiving module is sent to after trusted application program Distributor downloads trusted application package
The Packet analyzing service module;
The Packet analyzing service module, is decoded trusted application package, obtains trusted application program and attached
Add information, is sent to the decryption service module;
The decryption service module obtains the decryption secret key of trusted application program and additional information;Using decryption secret key
Trusted application program and additional information, the trusted application program after being decrypted and additional information are decrypted, is sent to described
Signature verification service module;
The signature verification service module carries out single input digest algorithm operation to the trusted application program after decryption,
Obtain summary info;Using the signing messages in the public key decryptions additional information in additional information, original digest information is obtained;Sentence
Whether the original digest information of breaking and the summary info are consistent, if it is, through safety certification, by trusted application journey
Sequence is sent to the process load service module;
The process loads service module, load and operation trusted application program.
Further, the Packet analyzing service module includes secret key submodule, and the decryption service module includes decryption
Module;
The secret key submodule obtains local safety and shares secret key, is sent to the decryption submodule;
The Universally Unique Identifier (UUID) of trusted application program and safety are shared secret key by the decryption submodule,
Multi input digest algorithm calculating is carried out, the decryption secret key of trusted application program and additional information is obtained.
The present invention program is suitable for the embedded device with security extension, includes but are not limited to smart mobile phone, tablet
Computer, smart television, TV set-top box etc..Main body involved by trusted application authentication method includes software development
Person, smart machine manufacturer, trusted application program authorization center and trusted application program Distributor.
Using the present invention program, software on the one hand ensure that by encryption to trusted application program and signature verification
Safety and integrality;On the other hand the binding that secret key and Universally Unique Identifier are decrypted by trusted application program, increases
Isolation between trusted application program, any one is credible appoint program decryption secret key leakage do not interfere with other can
The safety of trusted application;The binding that secret key and unit type are decrypted finally by trusted application program, increases intelligence
Isolation between equipment, shared cracking for secret key will not spread to other models to some unit type safely, increase safety
The robustness of shared secret key.
Referring to Fig. 5, the system architecture schematic diagram example of complete certification, the system architecture are carried out to application program for the present invention
Include mainly three functional entitys:Trusted application program authorization center 501 (abbreviation authorization center 501 in Fig. 5), trusted are answered
With program distribution server 502 (abbreviation Distributor 502 in Fig. 5) and smart machine 503.Wherein smart machine 503 is transported again
Go two kinds of code execution environments:Non-trusted performing environment 504 and trusted execution environments 508, it is corresponding respectively that safety is supported to expand
Open up the non-secure states and safe condition of processor.
Trusted application program management unit 505 is operated in non-trusted performing environment, is mainly responsible for and is answered with trusted
With the Security Authentication Service list in program distribution server (abbreviation Distributor 502 in Fig. 5) and trusted execution environments
Data interaction between member 513, trusted application program management unit 505 include:Request module 506 and receiving module 507.Please
The model and the Universally Unique Identifier needed for trusted application program management unit 505 that modulus block 506 collects current device, to
Distributor 502 sends the download request of trusted application package;Receiving module 507 is responsible for receiving Distributor 502
The trusted application package of offer, and the Security Authentication Service unit 513 being sent in trusted execution environments.
Security Authentication Service unit 513 operates in trusted execution environments, and main task is:It receives from non-trusted execution
The trusted application package that the trusted application program management unit 505 of environment is sent;Parse trusted application package, solution
Close trusted application program and additional information;Utilize the signing messages in the public key verifications additional information in additional information;Load
And the trusted application program of activation through safety certification.
Security Authentication Service unit 513 with lower module by being formed:Packet analyzing service module 509, decryption service module 510,
Signature recognizes validation service module 511 and process load service module 512.Packet analyzing service module 509, which is responsible for receiving, comes from non-letter
The trusted application package for appointing the trusted application program management unit 505 of performing environment to send;Parse trusted application journey
Sequence packet obtains trusted application program and corresponding additional information;And signing messages and verification label are extracted inside additional information
The public key of name.It is secret by HMAC calculating acquisition trusted application program and the decryption of corresponding additional information to decrypt service module 510
Key, and trusted application program and corresponding additional information are decrypted, then by the trusted application program and correspondence after decryption
Additional information be sent into signature and recognize validation service module 511 and wait being further processed.It is additional that signature recognizes the verification of validation service module 511
Signing messages in information whether with trusted application-consistent, trusted application program is sent to process if consistent and is added
Carry service module 512.Process load service module 512 loads and activates trusted application journey through safety certification
Sequence.
Trusted application program management unit 505, for being obtained from trusted application program Distributor with the side of encryption
Trusted application package existing for formula;Packet analyzing service module 509, parse trusted application package after obtain it is encrypted can
Trust and applies application program and corresponding additional information;Service module 510 is decrypted, for decrypting trusted application program and attached
Add information;Signature verification service module 511, the signing messages for verifying trusted application program;Process loads service module
512, the trusted application program that load and operation pass through signature verification.
Trusted application program management unit trusted application program management unit further, the trusted application journey
Sequence administrative unit 505 further includes transfer submodule, is sent out the trusted application package after download by non-security shared drive
To the Packet analyzing module 509 in trusted execution environments.Non-security shared drive be it is not trusted, can be by non-trusted execution
Any module read-write in environment.
Further, the Packet analyzing service module 509 includes unpacking submodule, for parsing trusted application program pipe
The trusted application package that unit 505 is submitted is managed, encrypted trusted application program and corresponding additional information are obtained, and
Encrypted summary info and signature verification information are extracted inside from additional information.
Further, the Packet analyzing service module 509 further includes secret key submodule, and secret key submodule obtains current device
Safety share secret key.If the shared secret key of safety is encrypted, encrypted safety is obtained from trusted execution environments
Shared secret key, and the decryption secret key for decrypting trusted application program and additional information is obtained by hardware decryption engine.
Further, the decryption service module 510 includes decryption submodule, for decrypting trusted application program and right
The additional information answered.HMAC meters are carried out by the shared secret key of Universally Unique Identifier and safety of current trusted application program
It calculates, obtains the decryption secret key of decryption trusted application program and corresponding additional information.Trusted application is decrypted using this secret key
Program and corresponding additional information, and then obtain the signing messages in additional information and signature verification public key.
Further, the decryption submodule, by after decryption trusted application program and corresponding additional information store
In secure memory, secure memory cannot be read and write by the module in non-trusted performing environment.
Smart machine certification trusted application program detailed process is as follows:
First, during trusted application program management unit 505 starts, the model of current smart machine is obtained.
Current smart machine model is that smart machine manufacturer registered before manufacture to authorization center 501, and authorization center safeguards institute
There is the model of smart machine manufacturer, if smart machine manufacturer did not register unit type, distribution can not be used
The trusted application program download service that server 502 provides.
Secondly, trusted application program management unit 505 inquires institute using the unit type obtained to Distributor 502
There are trusted application name and corresponding Universally Unique Identifier, and is shown to current trusted application program management
In the user interface of unit 505, wait for that the user of smart machine selects.
Then, the user of smart machine selects oneself to want the trusted application program downloaded, trusted application program
Administrative unit 505 obtains the corresponding Universally Unique Identifier of trusted application name, request module according to the input of user
507 is corresponding with Universally Unique Identifier to the request download of Distributor 502 using Universally Unique Identifier and unit type
Trusted application program.
Later, Distributor 502 sends out request to authorization center 501, inquires Universally Unique Identifier and unit type
Validity, authorization center 501 inquires current database, is confirmed whether to exist and returns result to Distributor
502.After Distributor 502 confirms that Universally Unique Identifier and unit type are effective, the equipment type is asked to authorization center 501
Number corresponding safety shares secret key, and the corresponding safety of unit type is shared secret key and replies to Distributor by authorization center 501
502。
Later, Distributor 502 using Universally Unique Identifier and authorization center 501 return specific to unit type
Safety share secret key carry out HMAC calculating, obtain encryption trusted application package encryption secret key, then utilize this secret key
Encrypt trusted application package.Then the download trusted application requests of notice request module 507 are permitted.Wherein
It is that smart machine manufacturer is registering unit type that the safety specific to unit type that authorization center 501 returns, which shares secret key,
When bind, by smart machine, manufacturer provides.
Later, it is encrypted credible to notify that the reception Distributor 502 of receiving module 506 issues for request module 507
Appoint application package.After receiving module 506 obtains encrypted trusted application package, transmitted by non-security shared drive
To the Security Authentication Service unit 513 in trusted execution environments, and by the corresponding general unique knowledge of trusted application package
Other code is also passed to Security Authentication Service unit 513.Wherein non-security shared drive is not trusted, can be held by non-trusted
Module read-write in row environment.
Later, Security Authentication Service unit 513 receives 505 certification trusted application journey of trusted application program management unit
The request of sequence packet.Packet analyzing module 509 receives encrypted trusted application package, and the trusted of encrypted state is obtained after parsing
Application program and corresponding additional information.
Later, decryption service module 510 obtains the shared secret key of safety from trusted execution environments, if safety is shared secret
Key exists in the form of plaintext, then directly using.If the shared secret key of safety is stored in trusted in such a way that hardware is encrypted
In performing environment, then decrypt service module 510 first pass through hardware decryption engine decrypt and the safety after being decrypted share it is secret
Key can only be drawn wherein the secret key for decrypting the shared secret key of existing safety in an encrypted form is hardware secret key by hardware decryption
It holds up acquisition and uses.
Later, Universally Unique Identifier and safe shared secret key of the decryption service module 510 using the transmission of receiving module 506
Make HMAC calculating, obtains decryption trusted application program and corresponding additional information decrypts secret key.Service module 510 is decrypted to utilize
This decryption secret key decryption trusted application program and corresponding additional information, and signing messages and verification are extracted from additional information
The public key of signature gives signature and recognizes validation service module 511.
Later, signature recognizes plucking for the trusted application program that the calculating decryption service module 510 of validation service module 511 is sent
Information is wanted, and obtains original digest using the signing messages in the public key decryptions additional information in additional information after decryption and believes
Breath, and make Hash operation acquisition summary info by it and by trusted application program and compare, if unanimously, by recognizing safely
Card sends trusted application program to process and loads service module 512, otherwise returns to error code.
Later, process load service module 512 loads and activates trusted application program through safety certification,
And there is independent address space, the two mutually cannot directly visit for trusted application program and Security Authentication Service unit 513
Ask data.
Further, in above-mentioned steps, it is total that smart machine manufacturer cannot reveal the corresponding safety of any unit type
Secret key is enjoyed, and safety can only be shared to secret key and be placed in trusted execution environments firmware, if current device supports hardware solution
Ciphertext engine, then the shared secret key of safety must be present in the firmware of trusted execution environments in an encrypted form, accordingly even when
The firmware of the trusted execution environments of some model is illegally cracked by hacker, and hacker can not also obtain the shared secret key of safety.
Further, in above-mentioned steps, trusted application program can also be used in combination with non-trusted applications, non-
Trusted application can send request to trusted application program management unit 505 and download some Universally Unique Identifier correspondence
Trusted application program.
Further, in above-mentioned steps, decryption service module 510 decrypts trusted application program and corresponding additional letter
The result of breath must be maintained in the secure memory that decryption service module 510 distributes, and secure memory can only be in trusted and hold
Module read-write in row environment.And subsequent signature is recognized involved by validation service module 511 and process load service module 512
And to memory be all secure memory.
Further, in above-mentioned steps, the public key of signing messages and verification signature in additional information is also encrypted
, safety can be enhanced in this way, hacker can not replace the information of signature verification.
Further, in above-mentioned steps, trusted application program can with a certain item function of complete independently, can also with it is non-
A certain item function is completed in trusted application interaction, this depends on the realization mechanism of trusted application program.
Through this embodiment, trusted application and additional information are in Distributor 502 and trusted execution environments
Security Authentication Service unit 513 between transmission be all to exist in a manner of encrypted, ensure that the peace of trusted application program
Quan Xing;The additional information of trusted application program simultaneously, including the public key of signing messages and verification signature are also encrypted, enhancing
The integrality of trusted application program;The smart machine of each unit type has different safety to share secret key, even if
Shared secret key is cracked the smart machine of some model safely, will not jeopardize this manufacturer or other manufacturer's different intelligents
The safety of the model of equipment shares secret key;Each trusted application program has different Universally Unique Identifiers, therefore every
One trusted application program has different decryption secret keys, the decryption secret key of any one of trusted application program to let out
Dew does not interfere with other trusted application program decryption secret keys, improves the robustness of safety certification.Support hardware decryption
In the smart machine of engine, the shared secret key of safety is to be present in the firmware of trusted execution environments in an encrypted form, in this way
Safety shared secret key can not be obtained if even if the firmware of trusted execution environments is by hacker attack hacker, increase trusted
The robustness of performing environment.
Through this embodiment, any newly-increased trusted application program and smart machine model, which need not all update, has deposited
Trusted execution environments firmware, greatly improve the maintainability of trusted application program management.Trusted is answered simultaneously
Directly interaction and communication need not occur for the software developer and smart machine provider being related to the verification process of program,
All it is that contact is set up by authorization center and Distributor indirectly, improves the efficiency of trusted application program management.
Using this embodiment scheme, the defect for being unable to security applications program content itself in the prior art is overcome, for
Per se with or operational process in using key algorithm and generate sensitive data application program, trusted will be packaged into and answered
It is distributed with program bag, the issuing process of trusted application program and common application program are treated respectively.For common
Application program, it is only necessary to ensure software integrality itself and the copyright of software developer, not need to protection application program
The content of itself, therefore only need to carry out signature verification to application program.And trusted application program itself is also required to be encrypted,
Also ensure the integrality of trusted application program and the copyright of software developer with signature verification simultaneously.Trusted application
Program runs on trusted execution environments, while the safety certification of trusted application program is also complete in trusted execution environments
At.Before trusted application program is activated, it is necessary to which, by the safety certification of trusted execution environments, otherwise activation is lost
It loses.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention
With within principle, any modification, equivalent substitution, improvement and etc. done should be included within the scope of protection of the invention god.
Claims (9)
1. a kind of method carrying out safety certification to application program, which is characterized in that this method includes:
Trusted application package is obtained from trusted application program Distributor, trusted application package is transferred to can
Trust in performing environment, is unpacked in trusted execution environments, obtain trusted application program and additional information;
Obtain the decryption secret key of trusted application program and additional information;
Using decryption secret key decryption trusted application program and additional information, trusted application program after decrypt and add
Information;
Single input digest algorithm operation is carried out to the trusted application program after decryption, obtains summary info;
Using the signing messages in the public key decryptions additional information in additional information, original digest information is obtained;
Judge whether the original digest information and the summary info are consistent, if it is, through safety certification, in trusted
Trusted application program is loaded and run in performing environment;
Authorization center receives binding information, and the binding information includes that the safety of smart machine shares secret key and smart machine model
Between correspondence, same type smart machine has unique smart machine model;
Authorization center preserves the binding information received.
2. the method as described in claim 1, which is characterized in that the decryption for obtaining trusted application program and additional information
Secret key includes:
Smart machine obtains local safety and shares secret key;
The Universally Unique Identifier (UUID) of trusted application program and the shared secret key of safety are carried out multi input and plucked by smart machine
It wants algorithm to calculate, obtains the decryption secret key of trusted application program and additional information.
3. method as claimed in claim 2, which is characterized in that the shared secret key of the safety is stored in trusted with plaintext version and holds
In the firmware of row environment, alternatively, being stored in the firmware of trusted execution environments after being encrypted by hardware;
If the shared secret key of safety is stored in the firmware of trusted execution environments in such a way that hardware is encrypted, hardware solution is used
Safety after ciphertext engine is decrypted shares secret key, and the safety after decryption, which is shared secret key, is used for multi input digest algorithm operation;
Otherwise safety is directly shared into secret key for multi input digest algorithm operation.
4. the method as described in claim 1, which is characterized in that described credible from the acquisition of trusted application program Distributor
Appoint application package, including:
Smart machine sends smart machine model and trusted application to be asked to trusted application program Distributor
The UUID of program;
Trusted application program Distributor sends the secret key comprising smart machine model to authorization center and asks;
Authorization center finds out corresponding safety in the binding information according to smart machine model and shares secret key, to trusted
Application program Distributor returns to the shared secret key of safety;
Trusted application program Distributor is using UUID and the shared secret key of safety, to trusted application program and additional information
Multi input digest algorithm operation is carried out, the encryption secret key for encrypting trusted application program and additional information is obtained;
Using encryption secret key encryption trusted application program and additional information, wherein additional information includes that signing messages and verification are signed
The public key of name;
Encrypted trusted application program and corresponding additional information are packaged by trusted application program Distributor
Trusted application package is returned to smart machine by trusted application package;
Smart machine downloads trusted application package.
5. method as claimed in claim 4, which is characterized in that also include UUID in the secret key request;Authorization center receives
After secret key request, this method further includes:
Authorization center verifies smart machine model and UUID, after verification effectively, executes described according to smart machine model
The step of corresponding safety shares secret key is found out in the binding information.
6. the method as described in claim 1, which is characterized in that this method further includes:
It develops end and asks a UUID from authorization center;
Exploitation end carries out single input digest algorithm operation to the trusted application program write, and obtains summary info;It obtains random
Unsymmetrical key pair, operation is encrypted to summary info using the private key of unsymmetrical key pair, obtains trusted application journey
The signing messages of sequence;Additional information is formed by the public key of signing messages and asymmetric secret key;
Trusted application program, additional information and the UUID that ask are submitted into the distribution of trusted application program and taken in exploitation end
Business device.
7. a kind of system carrying out safety certification to application program, which is characterized in that the system includes smart machine and trusted
Application program Distributor, the smart machine include trusted application program management unit and Security Authentication Service unit,
Security Authentication Service unit is located in trusted execution environments;
The trusted application program management unit obtains trusted application program from trusted application program Distributor
Packet, is sent to the Security Authentication Service unit;
The Security Authentication Service unit receives the trusted application program that the trusted application program management unit is sent
Packet, obtains encrypted trusted application program and additional information after being unpacked to it;Obtain trusted application program and additional information
Decryption secret key;Using decryption secret key decryption trusted application program and additional information, the trusted application journey after being decrypted
Sequence and additional information;Single input digest algorithm operation is carried out to the trusted application program after decryption, obtains summary info;It utilizes
The signing messages in public key decryptions additional information in additional information, obtains original digest information;Judge the original digest letter
Whether breath is consistent with the summary info, if it is, through safety certification, load and operation trusted application program;
The trusted application program Distributor is carried according to the request of the trusted application program management unit for it
For trusted application package;
The system further includes authorization center, receives binding information, and the binding information includes that the safety of smart machine shares secret key
With the correspondence between smart machine model, same type smart machine has unique smart machine model;Preserve tying up for reception
Determine information.
8. system as claimed in claim 7, which is characterized in that the trusted application program management unit is answered to trusted
It is sent with program distribution server and downloads request, the download request is answered comprising smart machine model and trusted to be asked
With the UUID of program;After the trusted application program Distributor downloads trusted application package, it is sent to described
Security Authentication Service unit;
The trusted application program Distributor sends the secret key comprising smart machine model to the authorization center and asks
It asks, receives the safety that the authorization center returns and share secret key;Using UUID and the shared secret key of safety, to trusted application program
Multi input digest algorithm operation is carried out with additional information, is obtained secret for encrypting the encryption of trusted application program and additional information
Key;Using encryption secret key encryption trusted application program and additional information, wherein additional information includes that signing messages and verification are signed
The public key of name;Encrypted trusted application program and corresponding additional information are packaged into trusted application package, it will
Trusted application package returns to smart machine;
The authorization center receives the secret key request from the trusted application program Distributor, according to smart machine
Model finds out corresponding safety in the binding information and shares secret key, is returned to the trusted application program Distributor
Return the shared secret key of safety.
9. the system as described in any one of claim 7-8, which is characterized in that the system further includes exploitation end, from mandate
The heart asks a UUID;Single input digest algorithm operation is carried out to the trusted application program write, obtains summary info;It obtains
Random unsymmetrical key pair is encrypted operation to summary info using the private key of unsymmetrical key pair, obtains trusted and answer
With the signing messages of program;Additional information is formed by the public key of signing messages and asymmetric secret key;By trusted application program, attached
The UUID for adding information and asking submits to trusted application program Distributor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510357652.5A CN105095696B (en) | 2015-06-25 | 2015-06-25 | Method, system and the equipment of safety certification are carried out to application program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510357652.5A CN105095696B (en) | 2015-06-25 | 2015-06-25 | Method, system and the equipment of safety certification are carried out to application program |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105095696A CN105095696A (en) | 2015-11-25 |
| CN105095696B true CN105095696B (en) | 2018-10-16 |
Family
ID=54576113
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510357652.5A Active CN105095696B (en) | 2015-06-25 | 2015-06-25 | Method, system and the equipment of safety certification are carried out to application program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105095696B (en) |
Families Citing this family (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107689938A (en) * | 2016-08-04 | 2018-02-13 | 捷而思股份有限公司 | Forge instruction automatic filtering system, Collaboration system, examine circuit to related instruction |
| CN107483523A (en) * | 2016-11-02 | 2017-12-15 | 深圳市波普安创技术有限公司 | Legal the firmware debugging system and its method of information safety devices |
| CN106709324A (en) | 2016-11-10 | 2017-05-24 | 京东方科技集团股份有限公司 | Method and equipment used for verifying application safety |
| CN106778102B (en) * | 2016-12-27 | 2023-04-28 | 上海云间半导体科技有限公司 | Android system-based application program encryption method and device |
| CN106712964A (en) * | 2016-12-27 | 2017-05-24 | 广州智慧城市发展研究院 | Application verification method and application verification system based on Java card |
| CN107194237B (en) * | 2017-04-05 | 2020-04-03 | 百富计算机技术(深圳)有限公司 | Method and device for application program security authentication, computer equipment and storage medium |
| CN107908977B (en) * | 2017-09-28 | 2020-02-18 | 中国船舶重工集团公司第七0九研究所 | TrustZone-based intelligent mobile terminal trust chain security transmission method and system |
| CN107682159B (en) * | 2017-10-12 | 2021-02-02 | 北京握奇智能科技有限公司 | Trusted application management method and trusted application management system of intelligent terminal |
| CN107919960A (en) * | 2017-12-04 | 2018-04-17 | 北京深思数盾科技股份有限公司 | The authentication method and system of a kind of application program |
| CN110098933B (en) * | 2018-01-29 | 2021-09-14 | 卓望数码技术(深圳)有限公司 | Automatic identity authentication method and system for mobile phone application |
| CN108710361B (en) * | 2018-05-30 | 2020-07-28 | 广州明珞软控信息技术有限公司 | Security program checking method and system |
| CN108769043B (en) * | 2018-06-06 | 2021-02-02 | 中国联合网络通信集团有限公司 | Trusted application authentication system and trusted application authentication method |
| CN109559796B (en) * | 2018-11-30 | 2020-12-08 | 苏州东巍网络科技有限公司 | Intermittent training data acquisition request and authentication system and method |
| CN110071924B (en) * | 2019-04-24 | 2020-07-31 | 武汉武房网信息服务有限公司 | Big data analysis method and system based on terminal |
| CN111193730B (en) * | 2019-12-25 | 2022-06-14 | 上海沄界信息科技有限公司 | IoT trusted scene construction method and device |
| CN111158771B (en) * | 2019-12-30 | 2021-08-17 | 联想(北京)有限公司 | Processing method and device and computer equipment |
| CN113381859B (en) * | 2020-03-10 | 2024-02-20 | 本无链科技(深圳)有限公司 | Process mutual sign communication method and system for block chain |
| US20220114249A1 (en) * | 2020-10-09 | 2022-04-14 | Huawei Technologies Co., Ltd. | Systems and methods for secure and fast machine learning inference in a trusted execution environment |
| CN114567425B (en) * | 2020-11-27 | 2024-02-02 | 中国电信股份有限公司 | Internet of things communication method and system, soC Sim and Internet of things terminal |
| CN112968774B (en) * | 2021-02-01 | 2023-04-07 | 中国海洋石油集团有限公司 | Method, device storage medium and equipment for encrypting and decrypting configuration file |
| CN112948807A (en) * | 2021-02-04 | 2021-06-11 | 中国联合网络通信集团有限公司 | Application program validity verification method and device |
| CN116248291B (en) * | 2023-01-30 | 2023-11-17 | 深圳市盛思达通讯技术有限公司 | Signature verification method and system of consumer |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1423766A (en) * | 2000-02-17 | 2003-06-11 | 通用仪器公司 | Method and apparatus for providing secure control of software or firmware code dowloading and secure operation of a computer device receiving dowloaded code |
| CN102271130A (en) * | 2011-07-22 | 2011-12-07 | 四川长虹电器股份有限公司 | Method for safely delivering and distributing software |
| CN103685138A (en) * | 2012-08-30 | 2014-03-26 | 卓望数码技术(深圳)有限公司 | Method and system for authenticating application software of Android platform on mobile internet |
-
2015
- 2015-06-25 CN CN201510357652.5A patent/CN105095696B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1423766A (en) * | 2000-02-17 | 2003-06-11 | 通用仪器公司 | Method and apparatus for providing secure control of software or firmware code dowloading and secure operation of a computer device receiving dowloaded code |
| CN102271130A (en) * | 2011-07-22 | 2011-12-07 | 四川长虹电器股份有限公司 | Method for safely delivering and distributing software |
| CN103685138A (en) * | 2012-08-30 | 2014-03-26 | 卓望数码技术(深圳)有限公司 | Method and system for authenticating application software of Android platform on mobile internet |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105095696A (en) | 2015-11-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105095696B (en) | Method, system and the equipment of safety certification are carried out to application program | |
| CN110519309B (en) | Data transmission method, device, terminal, server and storage medium | |
| CN1985466B (en) | Method of delivering direct proof private keys in signed groups to devices using a distribution CD | |
| US8495383B2 (en) | Method for the secure storing of program state data in an electronic device | |
| CN112737779B (en) | Cryptographic machine service method, device, cryptographic machine and storage medium | |
| US20220114249A1 (en) | Systems and methods for secure and fast machine learning inference in a trusted execution environment | |
| CN103731395B (en) | The processing method and system of file | |
| JP5136012B2 (en) | Data sending method | |
| US20080123843A1 (en) | Method for binding a security element to a mobile device | |
| US20210006548A1 (en) | Method for authorizing access and apparatus using the method | |
| TW202109320A (en) | Trusted execution environment-based application activation method and apparatus | |
| CN102271124A (en) | Data processing equipment and data processing method | |
| KR20080065661A (en) | A method for controlling access to file systems, related system, sim card and computer program product for use therein | |
| US20220247576A1 (en) | Establishing provenance of applications in an offline environment | |
| CN110235134B (en) | Addressing trusted execution environments using clean room provisioning | |
| KR20090084545A (en) | Ce device management server, method for issuing drm key using ce device management server, and computer readable medium | |
| US8774407B2 (en) | System and method for executing encrypted binaries in a cryptographic processor | |
| KR20170019308A (en) | Method for providing trusted right information, method for issuing user credential including trusted right information, and method for obtaining user credential | |
| CN111901287B (en) | Method and device for providing encryption information for light application and intelligent equipment | |
| JP2004140636A (en) | System, server, and program for sign entrustment of electronic document | |
| KR100883442B1 (en) | Method of delivering direct proof private keys to devices using an on-line service | |
| CN108243158A (en) | A kind of method and apparatus of safety certification | |
| CN112131597A (en) | Method and device for generating encrypted information and intelligent equipment | |
| KR100897075B1 (en) | Method of delivering direct proof private keys in signed groups to devices using a distribution cd | |
| TWM585941U (en) | Account data processing system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |