CN105335673A - Information safety processing method and device - Google Patents
Information safety processing method and device Download PDFInfo
- Publication number
- CN105335673A CN105335673A CN201510925145.7A CN201510925145A CN105335673A CN 105335673 A CN105335673 A CN 105335673A CN 201510925145 A CN201510925145 A CN 201510925145A CN 105335673 A CN105335673 A CN 105335673A
- Authority
- CN
- China
- Prior art keywords
- security
- execution environment
- security mechanism
- information
- indication parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides an information safety processing method and device and is applied to electronic equipment. The electronic equipment is configured with a first execution environment and a second execution environment, wherein the safety of the second execution environment is higher than that of the first execution environment. The method includes the steps that a safety mechanism indication parameter is obtained; one safety mechanism is selected from a first safety mechanism and a second safety mechanism according to the safety mechanism indication parameter; when the first safety mechanism is selected, the first execution environment is utilized to process information; when the second safety mechanism is selected, the first execution environment is utilized to call the second execution environment to process information. By means of the scheme, for application with relatively lower safety requirement, the operation speed is increased, and for application with relatively higher safety, information processing safety is guaranteed.
Description
Technical field
The present invention relates to a kind of information security processing method and the information security treating apparatus corresponding with the method.
Background technology
Authentication refers to the process confirming operator's identity in computing machine or computer network system, thus determines whether this user has access to certain resource and rights of using, prevents assailant from palming off the behavior of validated user.At present, authenticating user identification technology is widely used in various electronic equipment, such as, needing input fingerprint to carry out identifying user identity when entering operating system, when using terminal to pay, needing to input payment cipher.
Such as, but at present, when using terminal device to carry out authentication, be all generally carry out in common running environment, the identity information of user is still easily by assault, and, password is stolen, finger print is used to replace true hand etc.How ensureing the safety problem of input information, is that identity identifying technology needs the urgent problem solved at present.
Summary of the invention
The object of the embodiment of the present invention is to provide a kind of information security processing method and the information security treating apparatus that are applied to electronic equipment, to solve the problems of the technologies described above.
According to another embodiment of the invention, provide a kind of information security processing method, be applied to electronic equipment, wherein, electronic configurations has the first execution environment and the second execution environment, the security of the second execution environment is higher than the security of the first execution environment, and method comprises: obtain security mechanism indication parameter; In the first security mechanism and the second security mechanism, a kind of security mechanism is selected according to security mechanism indication parameter; When selection the first security mechanism, the first execution environment is utilized to process information; When selection the second security mechanism, utilize the first execution environment to call the second execution environment and information is processed.
According to one embodiment of present invention, provide a kind of information security treating apparatus, be applied to electronic equipment, wherein, electronic configurations has the first execution environment and the second execution environment, the security of the second execution environment is higher than the security of the first execution environment, and device comprises: indication parameter acquiring unit, for obtaining security mechanism indication parameter; Selection unit, for selecting a kind of security mechanism according to security mechanism indication parameter in the first security mechanism and the second security mechanism; First processing unit, for when selection the first security mechanism, utilizes the first execution environment to process information; Second processing unit, for when selection the second security mechanism, utilizes the first execution environment to call the second execution environment and processes information.
By the scheme that the invention described above embodiment provides, for the application program that security requirement is relatively not high, improve its travelling speed, for the application that security is higher, ensure that the security of its information processing.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, be briefly described to the accompanying drawing used required in the description of embodiment below.Accompanying drawing in the following describes is only exemplary embodiment of the present invention.
Fig. 1 is the process flow diagram of the information security processing method according to first embodiment of the invention;
Fig. 2 is the exemplary framework figure of the information security treating apparatus according to second embodiment of the invention;
Fig. 3 is the first security mechanism exemplary architecture figure;
Fig. 4 is the second security mechanism exemplary architecture figure.
Embodiment
Hereinafter, the preferred embodiments of the present invention are described in detail with reference to accompanying drawing.Note, in the present description and drawings, there is substantially the same step and represent with the identical Reference numeral of element, and will be omitted the repetition of explanation of these steps and element.
In following examples of the present invention, electronic equipment refer to can with the equipment of other devices communicatings.The concrete form of electronic equipment includes but not limited to mobile phone, personal computer, digital camera, personal digital assistant, portable computer, game machine etc.Electronic configurations has the first execution environment and the second execution environment, first execution environment can be operating system (such as Android, IOS etc. of using in mobile terminal, there is powerful processing power and multimedia function) or the part of operating system, realize the part of functions of operating system.First execution environment can be such as common execution environment, i.e. REE (RichExecutionEnvironment); Second execution environment is the credible execution environment having secure processing capability He provide secure peripheral to operate, such as, and credible execution environment TEE (TrustedExecutionEnvironment is credible execution environment).Second execution environment is, independent operating mutually isolated with above-mentioned first execution environment on same electronic equipment.In addition, the second execution environment can be a trusted operating system, and unique function of this operating system is run exactly and provided credible execution environment, and therefore the security of the second execution environment is higher than the security of the first execution environment.
Fig. 1 describes the process flow diagram of information security processing method 100 according to an embodiment of the invention.Fig. 3 is the first security mechanism exemplary architecture figure; Fig. 4 is the second security mechanism exemplary architecture figure.The information security processing method of one embodiment of the present of invention is described below with reference to Fig. 1,3,4.Information security processing method 100 can be applied to above-mentioned electronic equipment, and this electronic equipment can be configured to carry out safe process to information.
See Fig. 1, in step S101, obtain security mechanism indication parameter.This security mechanism indication parameter is used to indicate the security mechanism of process corresponding to scheduled event.According to an example of the present invention, security mechanism can have multiple, such as, and at least two kinds of security mechanisms.The safe class that different security mechanisms is corresponding different, such as, can set the security of security higher than the first security mechanism of the second security mechanism.Scheduled event described above can be triggered by application programming interfaces, current operating environment state.Such as, the startup of application program or thread, and the running environment of different application programs or thread requires that different security mechanisms is to process data.Or scheduled event can also be triggered by events such as operation system state, user's input actions.
In step s 102, in the first security mechanism and the second security mechanism, a kind of security mechanism is selected according to security mechanism indication parameter.According to an example of the present invention, when determining that according to security mechanism indication parameter process current event uses the first security mechanism, select the first security mechanism; When determining that according to security mechanism indication parameter process current event uses the second security mechanism, select the second security mechanism.Such as, electronic equipment can be provided with the first application and the second application, the running environment of the first application and the second application needs different level of securitys, therefore, the security mechanism indication parameter of the first application and the second application is different, when determining that use the first security mechanism is applied in process first according to security mechanism indication parameter, then select the first security mechanism; When determining that use the second security mechanism is applied in process second according to security mechanism indication parameter, then select the second security mechanism.
First application examples is as being unlocking screen application, second application examples is as being financial payment application, because unlocking screen application does not need more safe and secret measure, and user often wishes that this program can be run to save time fast, therefore, the security mechanism indication parameter of the first application can indicate it to use the first security mechanism to process the information of this application.And relate to the pecuniary exchange of user due to financial payment application, therefore need user's payment information more protection, avoid by assault, therefore, the security mechanism indication parameter of the second application can indicate it to use the second security mechanism to carry out process information.Therefore, when the first application start, according to the security mechanism indication parameter of the first application, when system determines that it needs use first security mechanism to process data, select the first security mechanism to process the data of the first application; When the second application start, according to the security mechanism indication parameter of the second application, when system is determined to need use second security mechanism to process data, select the second security mechanism to process the data of the second application.
In step s 103, when selection the first security mechanism, the first execution environment is utilized to process information.According to an example of the present invention, in the first security mechanism, aforesaid first execution environment can be only used to carry out safe handling to information.First execution environment can be foregoing common execution environment, i.e. REE (RichExecutionEnvironment).First utilize the first execution environment to receive the security information of user's input, then judge security information whether with the correlated information match of registered in advance, when being judged as mating, feed back to the first execution environment.Such as, when running unlocking screen program, fingerprint, gesture or the password of user's input can be received by means of only Android operation system, and judge whether this input mates, and directly feeds back to Android operation system during coupling, and by checking.
Fig. 3 is the first security mechanism exemplary architecture figure.See Fig. 3, according to an example of the present invention, can comprise a kind of common territory 300 in the first security mechanism, common territory 300 can comprise common territory user model 310, common territory privileged mode 320.Common territory user model 310 is connected with common territory privileged mode 320, can realize information communication between them.After user inputs security information, the security information of user's input can be received by common territory user model 310, then be verified, to ensure the security of proof procedure by the security information of common territory privileged mode 320 pairs of user's inputs.According to an example of the present invention, above-mentioned common territory 300 is configured in the first execution environment.Due under this first security mechanism, do not need to implement extra safeguard protection and safety practice to the security information of user's input, therefore, effectively accelerate the process of security information, improve the operational efficiency of application program.
In step S104, when selection the second security mechanism, utilize the first execution environment to call the second execution environment and information is processed.According to an example of the present invention, in the second security mechanism, the second execution environment can be called by the first execution environment and information is processed.When in step s 102, after determining certain procedure Selection second security mechanism according to security mechanism indication parameter, such as, certain in the first execution environment needs the second security mechanism after the application program launching processing data, in step S104, first call the second execution environment by the first execution environment; Then utilize the second execution environment to receive the security information of user's input, judge security information whether with the correlated information match of registered in advance; When being judged as coupling, feed back to the second execution environment.Such as, after certain financial payment program in Android system starts, or this program is when needing user to input payment cipher, Android system will call credible execution environment TEE, receive the payment cipher of user's input by credible execution environment and judge that whether password is correct, when correct, feed back to credible execution environment, thus by checking.
Fig. 4 is the second security mechanism exemplary architecture figure.See Fig. 4, according to an example of the present invention, common territory 410 and security domain 420 in the second security mechanism, can be comprised.Wherein, common territory 410 can comprise common territory user model 411, common territory privileged mode 412.Common territory user model 411 is connected with common territory privileged mode 412, can realize information communication between them.Security domain 420 comprises security domain user model 421, security domain privileged mode 422, monitoring mode 423; Security domain user model 421 is connected with security domain privileged mode 422, and realizes information interaction; Security domain privileged mode 422 is connected with fitness mode 423, and realizes information interaction.Further, common territory 410 is communicated by the monitoring mode 423 in security domain 420 with between security domain 420.
According to an example of the present invention, common territory 410 can be arranged in the first execution environment, and security domain 420 can be arranged in the second execution environment.First execution environment realizes information interaction by monitoring mode 423 and the second execution environment.
After the second security mechanism starts and the first execution environment calls the second execution environment, received the security information of user's input by security domain user model 421.In addition, can also comprise safe storage in security domain 420, the security information of user's input can be stored in safe storage.
In the embodiment of the present invention, the first security mechanism or the second security mechanism is selected according to security mechanism indication parameter, and according to corresponding security mechanism, information is processed, such as, when user is when playing, unlocking, choice for use first security mechanism, while guarantee security, also meets the requirement of user to speed.When user needs to pay by mails, select the second security mechanism, call credible execution environment and information is processed, effectively safeguard protection has been carried out to the storage of security information and transmission, ensure that the security of information processing.
Fig. 2 describes the exemplary framework figure of the information security treating apparatus 200 according to second embodiment of the present invention.Fig. 3 is the first security mechanism exemplary architecture figure; Fig. 4 is the second security mechanism exemplary architecture figure.The information security treating apparatus of one embodiment of the present of invention is described below with reference to Fig. 2,3,4.Information security treating apparatus 200 can be applied to above-mentioned electronic equipment, and this electronic equipment can be configured to carry out safe process to information.Information security treating apparatus 200 is corresponding with information security processing method 100, in order to the brief introduction of instructions, only does concise and to the point description below.
See Fig. 2, information security treating apparatus 200 comprises: indication parameter acquiring unit 201, selection unit 202, the first processing unit 203 and the second processing unit 204.
Indication parameter acquiring unit 201 obtains security mechanism indication parameter.This security mechanism indication parameter is used to indicate the security mechanism of process corresponding to scheduled event.According to an example of the present invention, security mechanism can have multiple, such as, and at least two kinds of security mechanisms.The safe class that different security mechanisms is corresponding different, such as, can set the security of security higher than the first security mechanism of the second security mechanism.Scheduled event described above can be triggered by application programming interfaces, current operating environment state.Such as, the startup of application program or thread, and the running environment of different application programs or thread requires that different security mechanisms is to process data.Or scheduled event can also be triggered by events such as operation system state, user's input actions.
Selection unit 202 selects a kind of security mechanism according to security mechanism indication parameter in the first security mechanism and the second security mechanism.According to an example of the present invention, when determining that according to security mechanism indication parameter process current event uses the first security mechanism, select the first security mechanism; When determining that according to security mechanism indication parameter process current event uses the second security mechanism, select the second security mechanism.Such as, electronic equipment can be provided with the first application and the second application, the running environment of the first application and the second application needs different level of securitys, therefore, the security mechanism indication parameter of the first application and the second application is different, when determining that use the first security mechanism is applied in process first according to security mechanism indication parameter, then select the first security mechanism; When determining that use the second security mechanism is applied in process second according to security mechanism indication parameter, then select the second security mechanism.
First application examples is as being unlocking screen application, second application examples is as being financial payment application, because unlocking screen application does not need more safe and secret measure, and user often wishes that this program can be run to save time fast, therefore, the security mechanism indication parameter of the first application can indicate it to use the first security mechanism to process the information of this application.And relate to the pecuniary exchange of user due to financial payment application, therefore need user's payment information more protection, avoid by assault, therefore, the security mechanism indication parameter of the second application can indicate it to use the second security mechanism to carry out process information.Therefore, when the first application start, according to the security mechanism indication parameter of the first application, when system determines that it needs use first security mechanism to process data, select the first security mechanism to process the data of the first application; When the second application start, according to the security mechanism indication parameter of the second application, when system is determined to need use second security mechanism to process data, select the second security mechanism to process the data of the second application.
When selection the first security mechanism, the first processing unit 203 utilizes the first execution environment to process information.According to an example of the present invention, in the first security mechanism, aforesaid first execution environment can be only used to carry out safe handling to information.First execution environment can be foregoing common execution environment, i.e. REE (RichExecutionEnvironment).First utilize the first execution environment to receive the security information of user's input, then judge security information whether with the correlated information match of registered in advance, when being judged as mating, feed back to the first execution environment.Such as, when running unlocking screen program, fingerprint, gesture or the password of user's input can be received by means of only Android operation system, and judge whether this input mates, and directly feeds back to Android operation system during coupling, and by checking.
Fig. 3 is the first security mechanism exemplary architecture figure.See Fig. 3, according to an example of the present invention, can comprise a kind of common territory 300 in the first security mechanism, common territory 300 can comprise common territory user model 310, common territory privileged mode 320.Common territory user model 310 is connected with common territory privileged mode 320, can realize information communication between them.After user inputs security information, the security information of user's input can be received by common territory user model 310, then be verified, to ensure the security of proof procedure by the security information of common territory privileged mode 320 pairs of user's inputs.According to an example of the present invention, above-mentioned common territory 300 is configured in the first execution environment.Due under this first security mechanism, do not need to implement extra safeguard protection and safety practice to the security information of user's input, therefore, effectively accelerate the process of security information, improve the operational efficiency of application program.
When selection the second security mechanism, the second processing unit 204 utilizes the first execution environment to call the second execution environment and processes information.According to an example of the present invention, in the second security mechanism, the second execution environment can be called by the first execution environment and information is processed.After selection unit 202 determines certain procedure Selection second security mechanism according to security mechanism indication parameter, such as, certain in the first execution environment needs the second security mechanism after the application program launching processing data, and first the second processing unit 204 calls the second execution environment by the first execution environment; Then utilize the second execution environment to receive the security information of user's input, judge security information whether with the correlated information match of registered in advance; When being judged as coupling, feed back to the second execution environment.Such as, after certain financial payment program in Android system starts, or this program is when needing user to input payment cipher, Android system will call credible execution environment TEE, receive the payment cipher of user's input by credible execution environment and judge that whether password is correct, when correct, feed back to credible execution environment, thus by checking.
Fig. 4 is the second security mechanism exemplary architecture figure.See Fig. 4, according to an example of the present invention, common territory 410 and security domain 420 in the second security mechanism, can be comprised.Wherein, common territory 410 can comprise common territory user model 411, common territory privileged mode 412.Common territory user model 411 is connected with common territory privileged mode 412, can realize information communication between them.Security domain 420 comprises security domain user model 421, security domain privileged mode 422, monitoring mode 423; Security domain user model 421 is connected with security domain privileged mode 422, and realizes information interaction; Security domain privileged mode 422 is connected with fitness mode 423, and realizes information interaction.Further, common territory 410 is communicated by the monitoring mode 423 in security domain 420 with between security domain 420.
According to an example of the present invention, common territory 410 can be arranged in the first execution environment, and security domain 420 can be arranged in the second execution environment.First execution environment realizes information interaction by monitoring mode 423 and the second execution environment.
After the second security mechanism starts and the first execution environment calls the second execution environment, received the security information of user's input by security domain user model 421.In addition, can also comprise safe storage in security domain 420, the security information of user's input can be stored in safe storage.
In the embodiment of the present invention, the first security mechanism or the second security mechanism is selected according to security mechanism indication parameter, and according to corresponding security mechanism, information is processed, such as, when user is when playing, unlocking, choice for use first security mechanism, while guarantee security, also meets the requirement of user to speed.When user needs to pay by mails, select the second security mechanism, call credible execution environment and information is processed, effectively safeguard protection has been carried out to the storage of security information and transmission, ensure that the security of information processing.
Those of ordinary skill in the art can recognize, in conjunction with unit and the algorithm steps of each example of embodiment disclosed herein description, can realize with electronic hardware, computer software or the combination of the two.And software module can be placed in the computer-readable storage medium of arbitrary form.In order to the interchangeability of hardware and software is clearly described, generally describe composition and the step of each example in the above description according to function.These functions perform with hardware or software mode actually, depend on application-specific and the design constraint of technical scheme.Those skilled in the art can use distinct methods to realize described function to each specifically should being used for, but this realization should not thought and exceeds scope of the present invention.
It should be appreciated by those skilled in the art that and can be dependent on design requirement and other factors carries out various amendment, combination, incorporating aspects and replacement to the present invention, as long as they are in the scope of appended claims and equivalent thereof.
Claims (16)
1. an information security processing method, is applied to electronic equipment, and wherein, described electronic configurations has the first execution environment and the second execution environment, and the security of described second execution environment is higher than the security of described first execution environment, and described method comprises:
Obtain security mechanism indication parameter;
In the first security mechanism and the second security mechanism, a kind of security mechanism is selected according to described security mechanism indication parameter;
When selecting described first security mechanism, the first execution environment is utilized to process described information;
When selecting described second security mechanism, utilizing the first execution environment to call the second execution environment and described information is processed.
2. method according to claim 1, wherein, described security mechanism indication parameter is used to indicate the security mechanism of process corresponding to scheduled event,
In multiple security mechanism, a kind of step of security mechanism is selected to comprise according to described security mechanism indication parameter:
When determining that process current event uses the first security mechanism according to described security mechanism indication parameter, select the first security mechanism;
When determining that process current event uses the second security mechanism according to described security mechanism indication parameter, select the second security mechanism.
3. method according to claim 2, wherein, described electronic equipment is provided with the first application and the second application, selects a kind of step of security mechanism to comprise according to described security mechanism indication parameter in multiple security mechanism:
When determining that use the first security mechanism is applied in process first according to described security mechanism indication parameter, select the first security mechanism;
When determining that use the second security mechanism is applied in process second according to described security mechanism indication parameter, select the second security mechanism.
4. method according to claim 2, described when selecting described first security mechanism, utilize the first execution environment to comprise the step that described information processes:
Described first execution environment is utilized to receive the security information of described user input;
Judge described security information whether with the correlated information match of registered in advance;
When being judged as coupling, feed back to described first execution environment.
5. method according to claim 4, wherein,
Described first execution environment comprises common territory user model, common territory privileged mode;
Described common territory user model is connected with described common territory privileged mode, and realizes information interaction;
The described step utilizing described first execution environment to receive the security information of described user input comprises:
The security information of described user input is received by described common territory user model.
6. method according to claim 2, described when selecting described second security mechanism, utilize the first execution environment to call the second execution environment and the step that described information processes is comprised:
Described second execution environment is called by described first execution environment;
Described second execution environment is utilized to receive the security information of described user input;
Judge described security information whether with the correlated information match of registered in advance;
When being judged as coupling, feed back to described second execution environment.
7. method according to claim 6, wherein,
Described second execution environment comprises security domain user model, security domain privileged mode, monitoring mode;
Described security domain user model is connected with security domain privileged mode, and realizes information interaction;
Described first execution environment realizes information interaction by described monitoring mode and described security domain privileged mode;
The described step utilizing described second execution environment to receive the security information of described user input comprises:
The security information of described user input is received by described security domain user model.
8. method according to claim 7, wherein, also comprise safe storage in described second execution environment, described method also comprises:
By the secure information storage of the described user's input received in described safe storage.
9. an information security treating apparatus, is applied to electronic equipment, and wherein, described electronic configurations has the first execution environment and the second execution environment, and the security of described second execution environment is higher than the security of described first execution environment, and described device comprises:
Indication parameter acquiring unit, for obtaining security mechanism indication parameter;
Selection unit, for selecting a kind of security mechanism according to described security mechanism indication parameter in the first security mechanism and the second security mechanism;
First processing unit, for when selecting described first security mechanism, utilizes the first execution environment to process described information;
Second processing unit, for when selecting described second security mechanism, utilizing the first execution environment to call the second execution environment and processing described information.
10. device according to claim 9, wherein, described security mechanism indication parameter is used to indicate the security mechanism of process corresponding to scheduled event,
Described selection unit comprises:
First selection unit, during for determining that according to described security mechanism indication parameter process current event uses the first security mechanism, selects the first security mechanism;
Second selection unit, during for determining that according to described security mechanism indication parameter process current event uses the second security mechanism, selects the second security mechanism.
11. devices according to claim 10, wherein, described electronic equipment is provided with the first application and the second application, wherein,
When described first selection unit determines that use the first security mechanism is applied in process first further according to described security mechanism indication parameter, select the first security mechanism;
When described second selection unit determines that use the second security mechanism is applied in process second further according to described security mechanism indication parameter, select the second security mechanism.
12. devices according to claim 10, described first processing unit comprises:
Receiving element, for the security information utilizing described first execution environment to receive described user input;
Judging unit, for judge described security information whether with the correlated information match of registered in advance;
Feedback unit, for when being judged as coupling, feeds back to described first execution environment.
13. devices according to claim 12, wherein,
Described first execution environment comprises common territory user model, common territory privileged mode;
Described common territory user model is connected with described common territory privileged mode, and realizes information interaction;
Described receiving element receives the security information of described user input further by described common territory user model.
14. devices according to claim 10, described second processing unit comprises:
Call unit, for calling described second execution environment by described first execution environment;
Receiving element, for the security information utilizing described second execution environment to receive described user input;
Judging unit, for judge described security information whether with the correlated information match of registered in advance;
Feedback unit, for when being judged as coupling, feeds back to described second execution environment.
15. devices according to claim 14, wherein,
Described second execution environment comprises security domain user model, security domain privileged mode, monitoring mode;
Described security domain user model is connected with security domain privileged mode, and realizes information interaction;
Described first execution environment realizes information interaction by described monitoring mode and described security domain privileged mode;
Described receiving element receives the security information of described user input by described security domain user model.
16. devices according to claim 15, wherein, also comprise safe storage in described second execution environment, described device also comprises:
Storage unit, for the secure information storage of user's input that receives described in described safe storage.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510925145.7A CN105335673A (en) | 2015-12-14 | 2015-12-14 | Information safety processing method and device |
| US15/087,772 US20170169213A1 (en) | 2015-12-14 | 2016-03-31 | Electronic device and method for running applications in different security environments |
| DE102016105936.6A DE102016105936A1 (en) | 2015-12-14 | 2016-03-31 | Electronic device and method for running applications in different security environments |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510925145.7A CN105335673A (en) | 2015-12-14 | 2015-12-14 | Information safety processing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105335673A true CN105335673A (en) | 2016-02-17 |
Family
ID=55286191
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510925145.7A Pending CN105335673A (en) | 2015-12-14 | 2015-12-14 | Information safety processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105335673A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107451514A (en) * | 2016-05-31 | 2017-12-08 | 展讯通信(上海)有限公司 | A kind of method and device of biological information certification |
| CN108605046A (en) * | 2016-11-14 | 2018-09-28 | 华为技术有限公司 | A kind of information push method and terminal |
| CN110366843A (en) * | 2017-07-13 | 2019-10-22 | 华为技术有限公司 | Control the method and terminal of trusted application access |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104102876A (en) * | 2014-07-17 | 2014-10-15 | 北京握奇智能科技有限公司 | Device for safeguarding operational security of client side |
| CN104143065A (en) * | 2014-08-28 | 2014-11-12 | 北京握奇智能科技有限公司 | Safety intelligent terminal equipment and information processing method |
| CN105138930A (en) * | 2015-08-12 | 2015-12-09 | 山东超越数控电子有限公司 | Encryption system and encryption method based on TrustZone |
-
2015
- 2015-12-14 CN CN201510925145.7A patent/CN105335673A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104102876A (en) * | 2014-07-17 | 2014-10-15 | 北京握奇智能科技有限公司 | Device for safeguarding operational security of client side |
| CN104143065A (en) * | 2014-08-28 | 2014-11-12 | 北京握奇智能科技有限公司 | Safety intelligent terminal equipment and information processing method |
| CN105138930A (en) * | 2015-08-12 | 2015-12-09 | 山东超越数控电子有限公司 | Encryption system and encryption method based on TrustZone |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107451514A (en) * | 2016-05-31 | 2017-12-08 | 展讯通信(上海)有限公司 | A kind of method and device of biological information certification |
| CN107451514B (en) * | 2016-05-31 | 2020-08-18 | 展讯通信(上海)有限公司 | Method and device for authenticating biological characteristic information |
| CN108605046A (en) * | 2016-11-14 | 2018-09-28 | 华为技术有限公司 | A kind of information push method and terminal |
| US11258871B2 (en) | 2016-11-14 | 2022-02-22 | Huawei Technologies Co., Ltd. | Message push method and terminal |
| CN110366843A (en) * | 2017-07-13 | 2019-10-22 | 华为技术有限公司 | Control the method and terminal of trusted application access |
| CN110366843B (en) * | 2017-07-13 | 2020-12-25 | 华为技术有限公司 | Method and terminal for controlling access of trusted application |
| US11379573B2 (en) | 2017-07-13 | 2022-07-05 | Huawei Technologies Co., Ltd. | Trusted application access control method and terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109711168B (en) | Behavior-based service identification method, behavior-based service identification device, behavior-based service identification equipment and readable storage medium | |
| CN111143890B (en) | Calculation processing method, device, equipment and medium based on block chain | |
| US10878083B2 (en) | Mobile device having trusted execution environment | |
| CN104023032B (en) | Application based on credible performing environment technology is limited discharging method, server and terminal | |
| EP3270319B1 (en) | Method and apparatus for generating dynamic security module | |
| CN103095457A (en) | Login and verification method for application program | |
| US20120017081A1 (en) | Method for authenticating device capabilities to a verified third party | |
| US20170169213A1 (en) | Electronic device and method for running applications in different security environments | |
| CN107992729A (en) | A kind of control method, terminal and subscriber identification module card | |
| WO2018040972A1 (en) | Method and system for improving application security of payment terminal | |
| CN1869927A (en) | Device controller, method for controlling a device, and program therefor | |
| CN105095765A (en) | Mobile terminal, and processor system and trusted execution method thereof | |
| CN111818469B (en) | Calling method, calling device, electronic equipment and network equipment | |
| CN105335673A (en) | Information safety processing method and device | |
| CN105095694B (en) | The method and system of webpage calling plug-in unit | |
| CN106534047A (en) | Information transmitting method and apparatus based on Trust application | |
| CN106778297B (en) | Application program running method and device and mobile terminal | |
| CN104573484A (en) | Highly safe password input box | |
| CA2746062C (en) | Method for authenticating device capabilities to a verified third party | |
| CN105701397B (en) | A kind of application control method and device | |
| KR101306658B1 (en) | Firewall apparatus, applications and method for blocking using network | |
| DONG et al. | Sesoa: Security enhancement system with online authentication for android apk | |
| CN108846272A (en) | Application security management method and device and electronic equipment | |
| CN111740980B (en) | Method and device for logging in application, mobile terminal and storage medium | |
| CN111523115B (en) | Information determining method, function calling method and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160217 |