CN105391673A - Safe access method and device - Google Patents
Safe access method and device Download PDFInfo
- Publication number
- CN105391673A CN105391673A CN201410449035.3A CN201410449035A CN105391673A CN 105391673 A CN105391673 A CN 105391673A CN 201410449035 A CN201410449035 A CN 201410449035A CN 105391673 A CN105391673 A CN 105391673A
- Authority
- CN
- China
- Prior art keywords
- world
- rfb
- common
- safer
- under
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a safe access method and device, and belongs to the field of computer safety. The method comprises the steps: obtaining encryption data of an RFB server side in a common world through an RFB (remote frame buffer) client side; carrying out the switching from the common world to a safe world, carrying out the decryption of the encryption data, and obtaining display data; and carrying out display in the safe world according to the display data. According to the invention, the method obtains the encryption data of the RFB server side in the common world, carries out the switching from the common world to the safe world, carries out the decryption of the encryption data to obtain the display data, and carries out the display in the safe world according to the display data, thereby solving a problem of the increase of a code library in the safe world because the RFB client side operates in the safety world in the prior art, and achieving an effect of safe access to the RFB server side through the RFB client side under the condition of guaranteeing the safety only if a small part of the code library needs to be increased in the safe world.
Description
Technical field
The present invention relates to computer safety field, particularly a kind of safety access method and device.
Background technology
Remote Frame Buffer (English: RemoteFrameBuffer, abbreviation: RFB) be a kind of simple protocol for remote access graphic user interface.According to this agreement, RFB client can the graphic user interface of remote access RFB server.Remote Frame Buffer is widely used in the field such as telecommuting, Long-distance Control.
For the consideration of fail safe, and Advanced Reduced Instruction Set machine (English: AdvancedRISCMachines, abbreviation: ARM) company provides trust region (English: TrustZone) hardware technology.In the terminal adopting TrustZone hardware technology, terminal may operate in common world (English: NormalWorld) or safer world (English: SecureWorld).Wherein, the running environment of common world and safer world is mutually isolated.When this terminal runs RFB client under safer world, the fail safe of remote access process can be ensured.
Inventor finds that prior art at least exists following problem: because safer world can not code library under direct multiplexing common world, if enable RFB client operate in safer world, just need the code library again realizing a set of support RFB agreement under safer world, the size of code under safer world not only can be made to increase severely, and cause because of the increase of size of code safer world likely to there will be the leak that originally should not occur.
Summary of the invention
Embodiments provide a kind of safety access method and device, the safety access method that provides of the embodiment of the present invention and device are provided, the problem that the code library run under safer world under safer world that RFB client causes increases can be solved.Described technical scheme is as follows:
First aspect, provides a kind of safety access method, and for supporting that, in the terminal of trust region hardware technology, described terminal may operate in common world or safer world, described method comprises:
Under described common world, obtained the enciphered data of RFB service end by Remote Frame Buffer RFB client;
Switch to described safer world from described common world, described enciphered data is decrypted and obtains showing data;
Under described safer world, show according to described display data.
In conjunction with first aspect, in the first possible execution mode of first aspect, describedly switch to safer world from described common world, described enciphered data be decrypted and obtain showing data, comprising:
Under described common world, receive the write request of described RFB client, wherein, said write request refers to that described frame buffer zone internal memory is the internal memory only can accessed under described safer world by the request of described enciphered data write frame buffer zone internal memory;
When said write request trigger erroneous, switch to described safer world by described common world;
Under described safer world, described enciphered data is decrypted and obtains showing data;
Described under described safer world, show according to described display data, comprising:
By in frame buffer zone internal memory described in described display data writing, and the described display data automatically read in the internal memory of described frame buffer zone by display module show.
In conjunction with first aspect, in the execution mode that the second of first aspect is possible, described under common world, obtained the enciphered data of RFB service end by Remote Frame Buffer RFB client before, also comprise:
Under described common world, by RFB service end described in described RFB client logs;
When logging in the success of described RFB service end, be the internal memory only can accessed under described safer world by described frame buffer zone memory setting.
In conjunction with the execution mode that the second of first aspect is possible, in the third possible execution mode of first aspect, described under described common world, by RFB service end described in described RFB client logs, comprising:
Under described common world, obtained the login interface data of described RFB service end by described RFB client;
According to described login interface data display login interface;
Switch to described safer world from described common world, be received in the username and password inputted in described login interface;
Under described common world, the described password after described user name and encryption is sent to described RFB service end, verifies according to the described password after described user name and described encryption to make described RFB service end.
In conjunction with the third possible execution mode of first aspect, in the 4th kind of possible execution mode of first aspect, described under described common world, the described password after described user name and encryption is sent to described RFB service end, comprising:
Under described safer world, the described password received is write in secure memory, the described user name received is write in common memory, described secure memory is the internal memory only can accessed under described safer world, and described common memory is the internal memory all can accessed under described common world and described safer world;
Switch to described common world from described safer world, and by described RFB client, described user name is sent to described RFB service end;
When the checking of described user name by described RFB service end, receive the random number that described RFB service end produces;
Switch to described safer world from described common world, and utilize predetermined Hash function that described random number and password are converted into feedback information, described predetermined Hash function is the hash function that described RFB client and described RFB service end are made an appointment;
Switch to described common world from described safer world, and by described RFB client, described feedback information is sent to described RFB service end.
In conjunction with first aspect, or the first possible execution mode of first aspect, or the execution mode that the second of first aspect is possible, or the third possible execution mode of first aspect, or the 4th of first aspect the kind of possible execution mode, in the 5th kind of possible execution mode of first aspect, described under common world, obtained the enciphered data of RFB service end by Remote Frame Buffer RFB client before, also comprise:
Directly enter described safer world upon actuation, and reminded by safer world assembly to be set to only can use under described safer world, described safer world reminds assembly to be one in described common world and described safer world for reminding the current operation world.
In conjunction with first aspect, or the first possible execution mode of first aspect, or the execution mode that the second of first aspect is possible, or the third possible execution mode of first aspect, or the 4th of first aspect the kind of possible execution mode, in the 6th kind of possible execution mode of first aspect, described method also comprises:
Under described safer world, obtain the input signal that external input device receives, described external input device is the external input device only can accessed under described safer world;
Write common memory by after described input signal encryption, described common memory is the internal memory all can accessed under described common world and described safer world;
Under described common world, by described RFB client, the described input signal after encryption is sent to described RFB service end.
In conjunction with the 6th kind of possible execution mode of first aspect, in the 7th kind of possible execution mode of first aspect, described under described safer world, before the input signal that acquisition external input device receives, also comprise:
When described RFB client terminal start-up, the external input device of described terminal is set to the external input device only can accessed under described safer world.
Second aspect, provides a kind of secure access device, and for supporting that, in the terminal of trust region hardware technology, described terminal may operate in common world or safer world, described device comprises:
Data acquisition module, under described common world, obtains the enciphered data of RFB service end by Remote Frame Buffer RFB client;
Data decryption module, for switching to described safer world from described common world, being decrypted described enciphered data and obtaining showing data;
Data disaply moudle, under described safer world, shows according to described display data.
In conjunction with second aspect, in the first possible execution mode of second aspect, described data decryption module, comprising:
Request reception unit, for under described common world, receive the write request of described RFB client, wherein, said write request refers to that described frame buffer zone internal memory is the internal memory only can accessed under described safer world by the request of described enciphered data write frame buffer zone internal memory;
Handoff-security unit, for when said write request trigger erroneous, switches to described safer world by described common world;
Data decryption unit, under described safer world, is decrypted described enciphered data and obtains showing data;
Described data disaply moudle, for by frame buffer zone internal memory described in described display data writing, and the described display data automatically read in the internal memory of described frame buffer zone by display module show.
In conjunction with second aspect, in the execution mode that the second of second aspect is possible, described device, also comprises:
Client's log-in module, under described common world, by RFB service end described in described RFB client logs;
Described frame buffer zone memory setting, for when logging in the success of described RFB service end, is the internal memory only can accessed under described safer world by secure memory module.
In conjunction with the execution mode that the second of second aspect is possible, in the third possible execution mode of second aspect, described client's log-in module, comprising:
Login interface unit, under described common world, obtains the login interface data of described RFB service end by described RFB client;
Interface display unit, for showing login interface according to described login interface data;
Input receiving unit, for switching to described safer world from described common world, is received in the username and password inputted in described login interface;
Input transmitting element, under described common world, sends to described RFB service end by the described password after described user name and encryption, verifies to make described RFB service end according to the described password after described user name and described encryption.
In conjunction with the third possible execution mode of second aspect, in the 4th kind of possible execution mode of second aspect, described input transmitting element, comprising:
Input write subelement, for under described safer world, the described password received is write in secure memory, the described user name received is write in common memory, described secure memory is the internal memory only can accessed under described safer world, and described common memory is the internal memory all can accessed under described common world and described safer world;
User name sends subelement, for switching to described common world from described safer world, and by described RFB client, described user name is sent to described RFB service end;
Random number receives subelement, when the checking of described user name by described RFB service end, receives the random number of described RFB service end generation;
Feedback generates subelement, for switching to described safer world from described common world, and utilizing predetermined Hash function that described random number and password are converted into feedback information, described predetermined Hash function is the hash function that described RFB client and described RFB service end are made an appointment;
Described feedback sends subelement, for switching to described common world from described safer world, and by described RFB client, described feedback information is sent to described RFB service end.
In conjunction with second aspect, or the first possible execution mode of second aspect, or the execution mode that the second of second aspect is possible, or the third possible execution mode of second aspect, or the 4th of second aspect the kind of possible execution mode, in the 5th kind of possible execution mode of second aspect, described device, also comprises:
Clean boot module, for directly entering described safer world upon actuation, and reminded by safer world assembly to be set to only can use under described safer world, described safer world reminds assembly to be one in described common world and described safer world for reminding the current operation world.
In conjunction with second aspect, or the first possible execution mode of second aspect, or the execution mode that the second of second aspect is possible, or the third possible execution mode of second aspect, or the 4th of second aspect the kind of possible execution mode, in the 6th kind of possible execution mode of second aspect, described device also comprises:
Input acquisition module, under described safer world, obtain the input signal that external input device receives, described external input device is the external input device only can accessed under described safer world;
Encryption writing module, for writing common memory by after described input signal encryption, described common memory is the internal memory all can accessed under described common world and described safer world;
Signal transmitting module, under described common world, sends to described RFB service end by described RFB client by the described input signal after encryption.
In conjunction with the 6th kind of possible execution mode of second aspect, in the 7th kind of possible execution mode of second aspect, described device, also comprises:
Safe input module, for when described RFB client terminal start-up, is set to the external input device only can accessed under described safer world by the external input device of described terminal.
The beneficial effect that the technical scheme that the embodiment of the present invention provides is brought is:
By the enciphered data utilizing Remote Frame Buffer RFB client to obtain RFB service end under common world, from common world switch to safer world to enciphered data be decrypted obtain show data, and show according to display data under safer world, solve in prior art and run RFB client under safer world, cause the problem that the code library under safer world increases; Reach under the prerequisite ensureing fail safe, RFB client still operates in common world, only needs the code library under the very little a part of safer world of increase, just by the effect of RFB client secure access RFB service end.
Further, by directly entering safer world upon actuation, and reminded by safer world assembly to be set to only can use under safer world, safer world reminds assembly to be one in common world and safer world for reminding the current operation world, reach user assembly can be reminded to judge by safer world whether present terminal is in safer world, thus determine the input whether carrying out confidentiality data, or judge the effect whether display of current confidentiality data is safe.
Further, by under safer world, obtain the input signal that external input device receives, external input device is the external input device only can accessed under safer world, common memory is write after being encrypted by input signal afterwards, common memory is the internal memory all can accessed under common world and safer world, last under common world, by RFB client, the input signal after encryption is sent to RFB service end, reach the fail safe of the input signal that both ensure that user, turn avoid RFB client and run in safer world the effect needing to increase code library.
Further, by when logging in the success of RFB service end, it is the internal memory only can accessed under safer world by frame buffer zone memory setting, make terminal under common world, also can proceed the display of confidentiality data, reach terminal user when the switching of safer world and common world and also can see the effect of smooth display image.
Further, by when user name passes through the checking of RFB service end, receive the random number that RFB service end produces, safer world is switched to afterwards from common world, and utilize predetermined Hash function that random number and password are converted into feedback information, predetermined Hash function is the hash function that RFB client and RFB service end are made an appointment, finally switch to common world from safer world, and by RFB client, feedback information is sent to RFB service end, namely feedback information is a multidate information, reach the effect that the technical scheme that the embodiment of the present invention is provided can effectively avoid suffering Replay Attack.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the schematic diagram of a kind of implementation environment of the safety access method that the embodiment of the present invention provides;
Fig. 2 is the method flow diagram of a kind of safety access method that one embodiment of the invention provides;
Fig. 3 is the method flow diagram of a kind of safety access method that another embodiment of the present invention provides;
Fig. 4 is the block diagram of a kind of secure access device that one embodiment of the invention provides;
Fig. 5 A is the block diagram of a kind of secure access device that another embodiment of the present invention provides;
Fig. 5 B is the block diagram of the input transmitting element that Fig. 5 A illustrated embodiment provides;
Fig. 6 is the block diagram of the terminal that one embodiment of the invention provides.
Embodiment
Here will be described exemplary embodiment in detail, its sample table shows in the accompanying drawings.When description below relates to accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawing represents same or analogous key element.Execution mode described in following exemplary embodiment does not represent all execution modes consistent with the present invention.On the contrary, they only with as in appended claims describe in detail, the example of apparatus and method that aspects more of the present invention are consistent.
Fig. 1 is the schematic diagram of a kind of implementation environment of the safety access method that the invention process exemplifies, and this implementation environment comprises: terminal 110 and server 120;
Terminal 110 for having the electronic equipment of interconnection network function, as smart mobile phone, panel computer, electronic computer etc.Terminal 110 can run RFB (English: RemoteFrameBuffer, Chinese: Remote Frame Buffer) client.Terminal 110 includes and meets ARM (English: AdvancedRISCMachines, Chinese: Advanced Reduced Instruction Set machine) hardware structure of TrustZone technical specification of company, this hardware structure can support the safety access method that the invention process exemplifies.In other words, this terminal 110 is the terminals of supporting to select with safer world and common world two kinds of patterns an operation.
Server 120 can be a station server, or the server cluster be made up of some station servers, or a cloud computing service center.Server 120 can run RFB service end.
Network can be set up between terminal 110 and server 120 connect.
Below the some terms involved by the embodiment of the present invention are described:
The world that when term " common world " refers to routine use terminal, the operating system of terminal is run, this common world can the application program of run user oneself.
Term " safer world " is a kind of pattern with " common world " Secure isolation, this pattern is (English: CentralProcessingUnit by the central processing unit of terminal, abbreviation: trusted code district CPU) opened up in kernel supports, terminal can realize the code-insulated of safer world and common world by trusted code district, namely, when terminal operating is under safer world, the code under common world is cannot data in the access security world.Thus user can carry out the operation of various regarding sensitive data in the safer world of terminal.
Please refer to Fig. 2, it illustrates the method flow diagram of a kind of safety access method that one embodiment of the invention provides, the present embodiment is applied to this safety access method in the terminal 110 in the implementation environment shown in Fig. 1 and illustrates.This safety access method can comprise following several step:
Step 201, under common world, obtains the enciphered data of RFB service end by Remote Frame Buffer RFB client.
Step 202, switches to safer world from common world, is decrypted obtains showing data to enciphered data.
Step 203, under safer world, shows according to display data.
In sum, the safety access method that the present embodiment provides, by under common world, utilize Remote Frame Buffer RFB client to obtain the enciphered data of RFB service end, then switch to safer world from common world, enciphered data is decrypted and obtains showing data, and under safer world, show according to display data, solve in prior art and run RFB client under safer world, cause the problem that the code library under safer world increases; Reach under the prerequisite ensureing fail safe, RFB client still operates in common world, only needs the code library under the very little a part of safer world of increase, just by the effect of RFB client secure access RFB service end.
Please refer to Fig. 3, it illustrates the method flow diagram of a kind of safety access method that another embodiment of the present invention provides, the present embodiment is applied in the implementation environment shown in Fig. 1 with this safety access method and illustrates.This safety access method can comprise following several step:
Step 301, terminal directly enters safer world when starting, and is reminded by safer world assembly to be set to only can use under safer world, and safer world reminds assembly to be one in common world and safer world for reminding the current operation world.
Terminal just enters safer world when starting, and is reminded by safer world assembly to be set to only can use under safer world, can guarantee that this setting is safely and effectively like this.
Safer world prompting assembly can be indicator light, and terminal can arrange this indicator light and light under safer world, and extinguishes under common world; Or this indicator light is set lights under common world, extinguish under safer world.
Safer world prompting assembly also can be sound-producing device, then terminal can arrange this sound-producing device and send specific sound under safer world, and does not work under common world; Or this sound-producing device is set under common world, sends specific sound, and do not work under safer world.
Safer world prompting assembly can also be vibration type reminding device, and terminal can arrange this vibration type reminding device and vibrate under safer world, does not vibrate under common world; Or this vibration type reminding device is set vibrates under common world, do not shake under safer world.
After the setup, different alert state corresponding safer world and the common world respectively of indicator light, sound-producing device and vibration type reminding device, user just can remind the alert state of assembly to judge by safer world, and whether present terminal is in safer world, thus determine the input whether carrying out confidentiality data, or judge the display whether safety of current confidentiality data, can comprise in terminal above-mentioned three kinds of safer world remind in assembly any one or multiple.
It should be noted that, this step carries out needs during secure access after generally only needing execution once just can meet terminal, such as, this step just can complete before dispatching from the factory, terminal reminds assembly to arrange to safer world again with regard to not needing after dispatching from the factory, but user whenever necessary, user still can when terminal starts with regard to control terminal enter safer world to safer world remind assembly arrange.
Step 302, terminal under common world, by RFB client logs RFB service end.
This step can comprise following 7 sub-steps when performing:
1) terminal sends security access request by RFB client to RFB service end under common world.
User operation terminal starts RFB client, and sends security access request to RFB service end.
In addition, terminal can after user be by RFB client terminal start-up, the external input device of terminal is set to the external input device only can accessed under safer world, such user just cannot carry out input operation under common world, thus ensure that the fail safe of the input data of user.
It should be noted that, external input device can also be set to switch to safer world after user carries out specific operation to external input device by terminal, after such as user clicks input frame by touch-screen, terminal switch is safer world, such as input equipment is physical button again, then after user clicks specific keys or specific keys combination, terminal enters safer world.
2) the login interface data of RFB service end are provided to RFB client after server receives security access request by RFB service end.
Because do not include the data of needs encryption in these login interface data, thus these login interface data can be unencrypted login interface data, also facilitate RFB client simultaneously and show these login interface data under common world.
3) terminal is under common world, is obtained the login interface data of RFB service end by RFB client.
Terminal receives the login interface data of RFB service end transmission under common world by RFB client.
4) terminal is according to login interface data display login interface.
Login interface data are write frame buffer zone internal memory and show by terminal.
5) terminal switches to safer world from common world, is received in the username and password inputted in login interface.
After terminal switches to safer world from common world, user inputs username and password by external input device at login interface, and terminal receives this username and password.
Wherein, terminal can switch to safer world at once after display login interface data, and also can want to switch to safer world when carrying out input operation user, after such as user clicks input frame, terminal switch is safer world; Such as input equipment is physical button again, then after user clicks specific keys, switch to safer world, can by 1) in the setting of terminal to external input device decide the mode that terminal switch is safer world.
6) terminal is under common world, and the password after user name and encryption is sent to RFB service end, verifies according to the password after user name and encryption to make RFB service end.
Terminal is under common world, user name can be sent to RFB service end together with the password after encryption, password after this encryption is by predetermined secret key encryption under safer world, and this predetermined key can be RFB client and the RFB service end key of making an appointment or password itself.Password after encryption is decrypted after receiving the password after this user name and encryption by RFB service end, and is verified by the password after deciphering.
Optionally, this step can comprise 6 sub-steps below:
(1) terminal is under safer world, the password received is write in secure memory, the user name received is write in common memory, secure memory is the internal memory only can accessed under safer world, and common memory is the internal memory all can accessed under common world and safer world.
Terminal is after the password receiving user's input, and be stored in secure memory by this password, this user name is stored in common memory.
Wherein secure memory can be set to the internal memory that only can access under safer world in step 301.
(2) terminal switches to common world from safer world, and by RFB client, user name is sent to RFB service end.
Because user name is stored in common memory, common memory is the internal memory that common world and safer world all can be accessed, thus, after terminal switches to common world from safer world, user name can be obtained also from common memory, this user name is sent to RFB service end by RFB client.
(3) terminal is when user name passes through the checking of RFB service end, receives the random number that RFB service end produces.
RFB service end is after acquisition user name, and verify whether this user name belongs to validated user, if this user name belongs to validated user, then RFB service end produces a random number, after recording this random number, this random number is sent to RFB client.Validated user can be the user that can access this server of server license, and the user name of validated user can store with server.
(4) terminal switches to safer world from common world and utilizes predetermined Hash function that random number and password are converted into feedback information, and predetermined Hash function is the hash function that RFB client and RFB service end are made an appointment.
Terminal, after receiving random number, utilizes predetermined Hash function that random number and password are converted into feedback information.Such as, Message Digest Algorithm 5 (English: MessageDigestAlgorithm5, abbreviation: MD5) password in this random number and secure memory is integrally converted into feedback information can be passed through.
(5) terminal switches to common world from safer world, and by RFB client, feedback information is sent to RFB service end.
(6) server receives the feedback information of RFB client transmission by RFB service end, and verifies feedback information.
Server receives the feedback information of RFB client transmission by RFB service end.
After RFB service end receives this feedback information, by predetermined Hash function, the random number sending to RFB client be stored in server and the user name received are converted into authorization information, detect this authorization information whether consistent with feedback information, when this authorization information is consistent with feedback information, RFB client validation success, this authorization information and feedback information inconsistent time, RFB client validation failure.
It should be noted that, (1) to (6) can in the process of whole secure access multiple exercise, or often spend the scheduled time and perform once, thus improve the fail safe of the present embodiment safety access method.
7) when being proved to be successful, server sends Successful login prompting by RFB service end to RFB client.
When being proved to be successful, server is set up secure access by RFB service end with RFB client and is connected, and sends Successful login prompting to RFB service end.
When authentication failed, server sends login failure prompting by RFB service end to RFB client.
Step 303, frame buffer zone memory setting, when logging in the success of RFB service end, is the internal memory only can accessed under safer world by terminal.
Terminal when logging in the success of RFB service end, can be receive RFB service end feedback login successfully prompting time, frame buffer zone memory setting is the internal memory only can accessed under safer world by terminal.Save as terminal in frame buffer zone for depositing the internal memory of screen picture content, this is arranged can forbid that terminal carries out the display of long-distance user's graphical interfaces under common world.
After the success of RFB client logs RFB server, RFB service end is likely the data of confidentiality to the display data that RFB client sends, frame buffer zone memory setting is the internal memory only can accessed under safer world by terminal at this moment, can effectively avoid the data of confidentiality to show under common world.
And terminal is when logging in the failure of RFB service end, can 5 be returned) in be again received in the username and password inputted in login interface, namely user can re-enter username and password.
It should be noted that, be that this operation of internal memory only can accessed under safer world also can perform when user opens RFB client immediately by frame buffer zone memory setting, corresponding, login interface data can be shown in safer world by terminal, now login interface data can be encryptions, also can be unencrypted, when login interface data are encryptions, encryption key can be predetermined key.
Step 304, server provides enciphered data by RFB service end to RFB client.
After the success of RFB client logs RFB server, server provides enciphered data by RFB service end to RFB client, this enciphered data can be the enciphered data that RFB service end acquiescence sends to RFB client after the success of RFB client logs, also can be after RFB service end receives the request of RFB client, according to the enciphered data that this request sends.
In addition, the encryption key of this enciphered data can be predetermined key, the password itself used when namely RFB client and the RFB service end key of making an appointment or user log in RFB service end.
Step 305, terminal, under common world, obtains the enciphered data of RFB service end by RFB client.
Owing to being that the secure access of setting up between RFB client with RFB service end is connected, thus terminal is under common world, needs the enciphered data being obtained the transmission of RFB service end by RFB client.
Step 306, terminal is under common world, and receive the write request of RFB client, wherein, write request refers to request enciphered data being write frame buffer zone internal memory, and frame buffer zone internal memory is the internal memory only can accessed under safer world.
After terminal receives the enciphered data of RFB service end transmission under common world, RFB client can send the write request of this enciphered data write frame buffer zone internal memory to terminal.
Step 307, terminal, when write request trigger erroneous, switches to safer world by common world.
Because frame buffer zone internal memory is now set to the internal memory that only can access under safer world, what thus terminal received under common world that RFB client sends write the write request of frame buffer zone internal memory by enciphered data after, terminal also can switch to safer world by trigger erroneous.
Step 308, terminal, under safer world, is decrypted enciphered data and obtains showing data.
Terminal switch is after safer world, can utilize the display data deciphering of predetermined key pair encryption.
Step 309, terminal is under safer world, and by the internal memory of display data writing frame buffer zone, and the display data automatically read in the internal memory of frame buffer zone by display module show.
Because terminal is in safer world at present, thus terminal can will be shown by display module in the internal memory of display data writing frame buffer zone.Wherein, display module be set to can automatically from the internal memory of frame buffer zone reading displayed data show.
Step 310, terminal is under safer world, and obtain the input signal that external input device receives, external input device is the external input device only can accessed under safer world.
Terminal is after showing according to display data, user can carry out input operation according to these display data by external input device, the input operation of user can be converted to input signal by external input device by terminal, and external input device can comprise touch-screen, physical button, microphone and camera etc.
Step 311, terminal writes common memory after being encrypted by input signal, and common memory is the internal memory that common world and safer world all can be accessed.
Terminal is after the input signal being obtained user by external input device, and write common memory after being encrypted by this input signal, terminal can obtain the input signal encrypted in common memory under common world.
Step 312, terminal switches to common world from safer world, and under common world, the input signal after encryption is sent to RFB service end by RFB client by terminal.
When terminal is written with the input signal of encryption in common memory, under common world, by RFB client, the input signal after encryption can be sent to RFB service end.
Step 313, terminal continues the follow-up enciphered data receiving the transmission of RFB service end under common world.
Terminal continues the enciphered data receiving the transmission of RFB service end under common world.Namely terminal can return in step 304 and proceed secure access.
Wherein, follow-up enciphered data can be that the input signal of encryption is deciphered and after obtaining input signal, sends according to this input signal by RFB service end.
In addition, before RFB client receives the follow-up enciphered data of RFB server transmission after switching to common world, still can show according to display data, because frame buffer zone internal memory now only can be accessed under safer world, namely the terminal under common world cannot read frame buffer zone internal memory, is also thus safe in common world according to the show by this display.
In sum, the safety access method that the present embodiment provides, by under common world, utilize Remote Frame Buffer RFB client to obtain the enciphered data of RFB service end, then switch to safer world from common world, enciphered data is decrypted and obtains showing data, and under safer world, show according to display data, solve in prior art and run RFB client under safer world, cause the problem that the code library under safer world increases; Reach under the prerequisite ensureing fail safe, RFB client still operates in common world, only needs the code library under the very little a part of safer world of increase, just by the effect of RFB client secure access RFB service end.
It should be added that, the safety access method that the present embodiment provides, also by directly entering safer world upon actuation, and reminded by safer world assembly to be set to only can use under safer world, safer world reminds assembly to be one in common world and safer world for reminding the current operation world, reach user assembly can be reminded to judge by safer world whether present terminal is in safer world, thus determine the input whether carrying out confidentiality data, or judge the effect whether display of current confidentiality data is safe.
It should be added that, the safety access method that the present embodiment provides, also by under safer world, obtain the input signal that external input device receives, external input device is the external input device only can accessed under safer world, common memory is write after being encrypted by input signal afterwards, common memory is the internal memory all can accessed under common world and safer world, last under common world, by RFB client, the input signal after encryption is sent to RFB service end, reach the fail safe of the input signal that both ensure that user, turn avoid RFB client and run in safer world the effect needing to increase code library.
It should be added that, the safety access method that the present embodiment provides, also by when logging in the success of RFB service end, it is the internal memory only can accessed under safer world by frame buffer zone memory setting, make terminal under common world, also can proceed the display of confidentiality data, reach terminal user when the switching of safer world and common world and also can see the effect of smooth display image.
It should be added that, the safety access method that the present embodiment provides, also by when user name passes through the checking of RFB service end, receive the random number that RFB service end produces, safer world is switched to afterwards from common world, and utilize predetermined Hash function that random number and password are converted into feedback information, predetermined Hash function is the hash function that RFB client and RFB service end are made an appointment, finally switch to common world from safer world, and by RFB client, feedback information is sent to RFB service end, namely feedback information is a multidate information, reach the effect that the technical scheme that the embodiment of the present invention is provided can effectively avoid suffering Replay Attack.
Please refer to Fig. 4, it illustrates the block diagram of a kind of secure access device that one embodiment of the invention provides, this secure access device can realize becoming all or part of of the terminal 110 in the implementation environment shown in Fig. 1 by software, hardware or both combinations.This secure access device comprises: data acquisition module 410, data decryption module 420 and data disaply moudle 430;
Data acquisition module 410, under common world, obtains the enciphered data of RFB service end by Remote Frame Buffer RFB client.
Data decryption module 420, for switching to safer world from common world, being decrypted enciphered data and obtaining showing data.
Data disaply moudle 430, under safer world, shows according to display data.
In sum, the secure access device that the present embodiment provides, by under common world, utilize Remote Frame Buffer RFB client to obtain the enciphered data of RFB service end, then switch to safer world from common world, enciphered data is decrypted and obtains showing data, and under safer world, show according to display data, solve in prior art and run RFB client under safer world, cause the problem that the code library under safer world increases; Reach under the prerequisite ensureing fail safe, RFB client still operates in common world, only needs the code library under the very little a part of safer world of increase, just by the effect of RFB client secure access RFB service end.
Please refer to Fig. 5 A, it illustrates the block diagram of a kind of secure access device that another embodiment of the present invention provides, this secure access device can realize becoming all or part of of the terminal 110 in the implementation environment shown in Fig. 1 by software, hardware or both combinations.This secure access device comprises: data acquisition module 410, data decryption module 420 and data disaply moudle 430;
Data acquisition module 410, under common world, obtains the enciphered data of RFB service end by Remote Frame Buffer RFB client.
Data decryption module 420, for switching to safer world from common world, being decrypted enciphered data and obtaining showing data.
Data disaply moudle 430, under safer world, shows according to display data.
In the present embodiment, data decryption module 420, can comprise:
Request reception unit 421, under common world, receive the write request of RFB client, wherein, write request refers to request enciphered data being write frame buffer zone internal memory, and frame buffer zone internal memory is the internal memory only can accessed under safer world;
Handoff-security unit 422, for when write request trigger erroneous, switches to safer world by common world;
Data decryption unit 423, under described safer world, is decrypted enciphered data and obtains showing data;
Data disaply moudle 430, for by the internal memory of display data writing frame buffer zone, and the display data automatically read in the internal memory of frame buffer zone by display module show.
In the present embodiment, this secure access device, can also comprise:
Client's log-in module 440, under common world, by RFB client logs RFB service end;
Frame buffer zone memory setting, for when logging in the success of RFB service end, is the internal memory only can accessed under safer world by secure memory module 450.
In the present embodiment, client's log-in module 440, can comprise:
Login interface unit 441, under common world, obtains the login interface data of RFB service end by RFB client;
Interface display unit 442, for showing login interface according to login interface data;
Input receiving unit 443, for switching to safer world from common world, is received in the username and password inputted in login interface;
Input transmitting element 444, under common world, sends to RFB service end by the password after user name and encryption, verifies according to the password after user name and encryption to make RFB service end.
Shown in composition graphs 5B, input transmitting element 444, can comprise:
Input write subelement 444a, for under safer world, the password received is write in secure memory, the user name received is write in common memory, secure memory is the internal memory only can accessed under safer world, and common memory is the internal memory all can accessed under common world and safer world;
User name sends subelement 444b, for switching to common world from safer world, and by RFB client, user name is sent to RFB service end;
Random number receives subelement 444c, when user name passes through the checking of RFB service end, receives the random number that RFB service end produces;
Feedback generates subelement 444d, and for switching to safer world from common world, and utilize predetermined Hash function that random number and password are converted into feedback information, predetermined Hash function is the hash function that RFB client and RFB service end are made an appointment;
Feedback sends subelement 444e, for switching to common world from safer world, and by RFB client, feedback information is sent to RFB service end.
In the present embodiment, this secure access device can also comprise:
Clean boot module 460, for directly entering safer world when starting, and reminded by safer world assembly to be set to only can use under safer world, safer world reminds assembly to be one in common world and safer world for reminding the current operation world.
In the present embodiment, this secure access device can also comprise:
Input acquisition module 470, under safer world, obtain the input signal that external input device receives, external input device is the external input device only can accessed under safer world;
Encryption writing module 480, writes common memory after being encrypted by input signal, and common memory is the internal memory all can accessed under common world and safer world;
Signal transmitting module 490, under common world, sends to RFB service end by RFB client by the input signal after encryption.
In the present embodiment, this secure access device, can also comprise:
Safe input module 500, for when RFB client terminal start-up, is set to the external input device only can accessed under safer world by the external input device of terminal.
In sum, the secure access device that the present embodiment provides, by under common world, utilize Remote Frame Buffer RFB client to obtain the enciphered data of RFB service end, then switch to safer world from common world, enciphered data is decrypted and obtains showing data, and under safer world, show according to display data, solve in prior art and run RFB client under safer world, cause the problem that the code library under safer world increases; Reach under the prerequisite ensureing fail safe, RFB client still operates in common world, only needs the code library under the very little a part of safer world of increase, just by the effect of RFB client secure access RFB service end.
The secure access device that the present embodiment provides, also by directly entering safer world upon actuation, and reminded by safer world assembly to be set to only can use under safer world, safer world reminds assembly to be one in common world and safer world for reminding the current operation world, reach user assembly can be reminded to judge by safer world whether present terminal is in safer world, thus determine the input whether carrying out confidentiality data, or judge the effect whether display of current confidentiality data is safe.
The secure access device that the present embodiment provides, also by under safer world, obtain the input signal that external input device receives, external input device is the external input device only can accessed under safer world, common memory is write after being encrypted by input signal afterwards, common memory is the internal memory all can accessed under common world and safer world, last under common world, by RFB client, the input signal after encryption is sent to RFB service end, reach the fail safe of the input signal that both ensure that user, turn avoid RFB client and run in safer world the effect needing to increase code library.
The secure access device that the present embodiment provides, also by when logging in the success of RFB service end, it is the internal memory only can accessed under safer world by frame buffer zone memory setting, make terminal under common world, also can proceed the display of confidentiality data, reach terminal user when the switching of safer world and common world and also can see the effect of smooth display image.
The secure access device that the present embodiment provides, also by when user name passes through the checking of RFB service end, receive the random number that RFB service end produces, safer world is switched to afterwards from common world, and utilize predetermined Hash function that random number and password are converted into feedback information, predetermined Hash function is the hash function that RFB client and RFB service end are made an appointment, finally switch to common world from safer world, and by RFB client, feedback information is sent to RFB service end, namely feedback information is a multidate information, reach the effect that the technical scheme that the embodiment of the present invention is provided can effectively avoid suffering Replay Attack.
Please refer to Fig. 6, it illustrates the block diagram of the terminal that one embodiment of the invention provides.This terminal comprises: processor 620 and memory 640.
Processor 620, under common world, obtains the enciphered data of RFB service end by Remote Frame Buffer RFB client.
Processor 620, for switching to safer world from common world, being decrypted enciphered data and obtaining showing data.
Processor 620, under safer world, shows according to display data.
In sum, the terminal that the present embodiment provides, by under common world, utilize Remote Frame Buffer RFB client to obtain the enciphered data of RFB service end, then switch to safer world from common world, enciphered data is decrypted and obtains showing data, and under safer world, show according to display data, solve in prior art and run RFB client under safer world, cause the problem that the code library under safer world increases; Reach under the prerequisite ensureing fail safe, RFB client still operates in common world, only needs the code library under the very little a part of safer world of increase, just by the effect of RFB client secure access RFB service end.
Based in the more optional embodiment provided embodiment illustrated in fig. 6:
Optionally, memory 640 comprises frame buffer zone internal memory.
Processor 620, under common world, receive the write request of RFB client, wherein, write request refers to request enciphered data being write frame buffer zone internal memory, and frame buffer zone internal memory is the internal memory only can accessed under safer world;
Processor 620, for when write request trigger erroneous, switches to safer world by common world;
Processor 620, under safer world, is decrypted enciphered data and obtains showing data;
Processor 620, for by the internal memory of display data writing frame buffer zone, and the display data automatically read in the internal memory of frame buffer zone by display module show.
Processor 620, under common world, by RFB client logs RFB service end;
Frame buffer zone memory setting, for when logging in the success of RFB service end, is the internal memory only can accessed under safer world by processor 620.
Processor 620, under common world, obtains the login interface data of RFB service end by RFB client;
Processor 620, for showing login interface according to login interface data;
Processor 620, for switching to safer world from common world, is received in the username and password inputted in login interface;
Processor 620, under common world, sends to RFB service end by the password after user name and encryption, verifies according to the password after user name and encryption to make RFB service end.
Optionally, memory 640 also comprises secure memory and common memory, and secure memory can include frame buffer zone internal memory.
Processor 620, for under safer world, the password received is write in secure memory, the user name received is write in common memory, secure memory is the internal memory only can accessed under safer world, and common memory is the internal memory all can accessed under common world and safer world;
Processor 620, for switching to common world from safer world, and is sent to RFB service end by RFB client by user name;
Processor 620, when user name passes through the checking of RFB service end, receives the random number that RFB service end produces;
Processor 620, for switching to safer world from common world, and utilizes predetermined Hash function that random number and password are converted into feedback information, and predetermined Hash function is the hash function that RFB client and RFB service end are made an appointment;
Processor 620, for switching to common world from safer world, and sends to RFB service end by RFB client by feedback information.
Processor 620, for directly entering safer world when starting, and reminds assembly to be set to only can use under safer world by safer world, safer world reminds assembly to be one in common world and safer world for reminding the current operation world.
Processor 620, under safer world, obtain the input signal that external input device receives, external input device is the external input device only can accessed under safer world;
Processor 620, writes common memory after being encrypted by input signal, and common memory is the internal memory all can accessed under common world and safer world;
Processor 620, under common world, sends to RFB service end by RFB client by the input signal after encryption.
Processor 620, for when RFB client terminal start-up, is set to the external input device only can accessed under safer world by the external input device of terminal.
In sum, the terminal that the present embodiment provides, also by directly entering safer world upon actuation, and reminded by safer world assembly to be set to only can use under safer world, safer world reminds assembly to be one in common world and safer world for reminding the current operation world, reach user assembly can be reminded to judge by safer world whether present terminal is in safer world, thus determine the input whether carrying out confidentiality data, or judge the effect whether display of current confidentiality data is safe.
The terminal that the present embodiment provides, also by under safer world, obtain the input signal that external input device receives, external input device is the external input device only can accessed under safer world, common memory is write after being encrypted by input signal afterwards, common memory is the internal memory all can accessed under common world and safer world, last under common world, by RFB client, the input signal after encryption is sent to RFB service end, reach the fail safe of the input signal that both ensure that user, turn avoid RFB client and run in safer world the effect needing to increase code library.
The terminal that the present embodiment provides, also by when logging in the success of RFB service end, it is the internal memory only can accessed under safer world by frame buffer zone memory setting, make terminal under common world, also can proceed the display of confidentiality data, reach terminal user when the switching of safer world and common world and also can see the effect of smooth display image.
The terminal that the present embodiment provides, also by when user name passes through the checking of RFB service end, receive the random number that RFB service end produces, safer world is switched to afterwards from common world, and utilize predetermined Hash function that random number and password are converted into feedback information, predetermined Hash function is the hash function that RFB client and RFB service end are made an appointment, finally switch to common world from safer world, and by RFB client, feedback information is sent to RFB service end, namely feedback information is a multidate information, reach the effect that the technical scheme that the embodiment of the present invention is provided can effectively avoid suffering Replay Attack.
Those skilled in the art, after considering the invention that specification and practice are invented here, will easily expect other embodiment of the present invention.The application is intended to contain any modification of the present invention, purposes or adaptations, and these modification, purposes or adaptations are followed general principle of the present invention and comprised the common practise in the art or conventional techniques means that the present invention do not invent.Specification and embodiment are only regarded as exemplary, and true scope of the present invention and spirit are pointed out by claim below.
Should be understood that, the present invention is not limited to precision architecture described above and illustrated in the accompanying drawings, and can carry out various amendment and change not departing from its scope.Scope of the present invention is only limited by appended claim.
Claims (16)
1. a safety access method, is characterized in that, described method is for supporting that, in the terminal of trust region hardware technology, described terminal may operate in common world or safer world, and described method comprises:
Under described common world, obtained the enciphered data of RFB service end by Remote Frame Buffer RFB client;
Switch to described safer world from described common world, described enciphered data is decrypted and obtains showing data;
Under described safer world, show according to described display data.
2. method according to claim 1, is characterized in that, describedly switches to described safer world from described common world, is decrypted and obtains showing data, comprising described enciphered data:
Under described common world, receive the write request of described RFB client, wherein, said write request refers to that described frame buffer zone internal memory is the internal memory only can accessed under described safer world by the request of described enciphered data write frame buffer zone internal memory;
When said write request trigger erroneous, switch to described safer world by described common world;
Under described safer world, described enciphered data is decrypted and obtains showing data;
Described under described safer world, show according to described display data, comprising:
By in frame buffer zone internal memory described in described display data writing, and the described display data automatically read in the internal memory of described frame buffer zone by display module show.
3. method according to claim 1, is characterized in that, described under common world, before being obtained the enciphered data of RFB service end, also comprises by Remote Frame Buffer RFB client:
Under described common world, by RFB service end described in described RFB client logs;
When logging in the success of described RFB service end, be the internal memory only can accessed under described safer world by described frame buffer zone memory setting.
4. method according to claim 3, is characterized in that, described under described common world, by RFB service end described in described RFB client logs, comprising:
Under described common world, obtained the login interface data of described RFB service end by described RFB client;
According to described login interface data display login interface;
Switch to described safer world from described common world, be received in the username and password inputted in described login interface;
Under described common world, the described password after described user name and encryption is sent to described RFB service end, verifies according to the described password after described user name and described encryption to make described RFB service end.
5. method according to claim 4, is characterized in that, described under described common world, the described password after described user name and encryption is sent to described RFB service end, comprising:
Under described safer world, the described password received is write in secure memory, the described user name received is write in common memory, described secure memory is the internal memory only can accessed under described safer world, and described common memory is the internal memory all can accessed under described common world and described safer world;
Switch to described common world from described safer world, and by described RFB client, described user name is sent to described RFB service end;
When the checking of described user name by described RFB service end, receive the random number that described RFB service end produces;
Switch to described safer world from described common world, and utilize predetermined Hash function that described random number and password are converted into feedback information, described predetermined Hash function is the hash function that described RFB client and described RFB service end are made an appointment;
Switch to described common world from described safer world, and by described RFB client, described feedback information is sent to described RFB service end.
6., according to the arbitrary described method of claim 1 to 5, it is characterized in that, described under described common world, obtained the enciphered data of RFB service end by Remote Frame Buffer RFB client before, also comprise:
Directly enter described safer world upon actuation, and reminded by safer world assembly to be set to only can use under described safer world, described safer world reminds assembly to be one in described common world and described safer world for reminding the current operation world.
7., according to the arbitrary described method of claim 1 to 5, it is characterized in that, described method also comprises:
Under described safer world, obtain the input signal that external input device receives, described external input device is the external input device only can accessed under described safer world;
Write common memory by after described input signal encryption, described common memory is the internal memory all can accessed under described common world and described safer world;
Under described common world, by described RFB client, the described input signal after encryption is sent to described RFB service end.
8. method according to claim 7, is characterized in that, described under described safer world, before the input signal that acquisition external input device receives, also comprises:
When described RFB client terminal start-up, the external input device of described terminal is set to the external input device only can accessed under described safer world.
9. a secure access device, is characterized in that, for supporting that, in the terminal of trust region hardware technology, described terminal may operate in common world or safer world, described device comprises:
Data acquisition module, under described common world, obtains the enciphered data of RFB service end by Remote Frame Buffer RFB client;
Data decryption module, for switching to described safer world from described common world, being decrypted described enciphered data and obtaining showing data;
Data disaply moudle, under described safer world, shows according to described display data.
10. device according to claim 9, is characterized in that, described data decryption module, comprising:
Request reception unit, for under described common world, receive the write request of described RFB client, wherein, said write request refers to that described frame buffer zone internal memory is the internal memory only can accessed under described safer world by the request of described enciphered data write frame buffer zone internal memory;
Handoff-security unit, for when said write request trigger erroneous, switches to described safer world by described common world;
Data decryption unit, under described safer world, is decrypted described enciphered data and obtains showing data;
Described data disaply moudle, for by frame buffer zone internal memory described in described display data writing, and the described display data automatically read in the internal memory of described frame buffer zone by display module show.
11. devices according to claim 9, is characterized in that, described device, also comprises:
Client's log-in module, under described common world, by RFB service end described in described RFB client logs;
Described frame buffer zone memory setting, for when logging in the success of described RFB service end, is the internal memory only can accessed under described safer world by secure memory module.
12. devices according to claim 11, is characterized in that, described client's log-in module, comprising:
Login interface unit, under described common world, obtains the login interface data of described RFB service end by described RFB client;
Interface display unit, for showing login interface according to described login interface data;
Input receiving unit, for switching to described safer world from described common world, is received in the username and password inputted in described login interface;
Input transmitting element, under described common world, sends to described RFB service end by the described password after described user name and encryption, verifies to make described RFB service end according to the described password after described user name and described encryption.
13. devices according to claim 12, is characterized in that, described input transmitting element, comprising:
Input write subelement, for under described safer world, the described password received is write in secure memory, the described user name received is write in common memory, described secure memory is the internal memory only can accessed under described safer world, and described common memory is the internal memory all can accessed under described common world and described safer world;
User name sends subelement, for switching to described common world from described safer world, and by described RFB client, described user name is sent to described RFB service end;
Random number receives subelement, when the checking of described user name by described RFB service end, receives the random number of described RFB service end generation;
Feedback generates subelement, for switching to described safer world from described common world, and utilizing predetermined Hash function that described random number and password are converted into feedback information, described predetermined Hash function is the hash function that described RFB client and described RFB service end are made an appointment;
Described feedback sends subelement, for switching to described common world from described safer world, and by described RFB client, described feedback information is sent to described RFB service end.
14. according to the arbitrary described device of claim 9 to 13, and it is characterized in that, described device, also comprises:
Clean boot module, for directly entering described safer world upon actuation, and reminded by safer world assembly to be set to only can use under described safer world, described safer world reminds assembly to be one in described common world and described safer world for reminding the current operation world.
15. according to the arbitrary described device of claim 9 to 13, and it is characterized in that, described device, also comprises:
Input acquisition module, under described safer world, obtain the input signal that external input device receives, described external input device is the external input device only can accessed under described safer world;
Encryption writing module, for writing common memory by after described input signal encryption, described common memory is the internal memory all can accessed under described common world and described safer world;
Signal transmitting module, under described common world, sends to described RFB service end by described RFB client by the described input signal after encryption.
16. devices according to claim 15, is characterized in that, described device, also comprises:
Safe input module, for when described RFB client terminal start-up, is set to the external input device only can accessed under described safer world by the external input device of described terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410449035.3A CN105391673B (en) | 2014-09-04 | 2014-09-04 | Safety access method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410449035.3A CN105391673B (en) | 2014-09-04 | 2014-09-04 | Safety access method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105391673A true CN105391673A (en) | 2016-03-09 |
| CN105391673B CN105391673B (en) | 2018-12-28 |
Family
ID=55423514
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410449035.3A Active CN105391673B (en) | 2014-09-04 | 2014-09-04 | Safety access method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105391673B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107835185A (en) * | 2017-11-21 | 2018-03-23 | 广州大学 | A kind of mobile terminal safety method of servicing and device based on ARM TrustZone |
| CN110348252A (en) * | 2018-04-02 | 2019-10-18 | 华为技术有限公司 | Operating system and method based on trusted domain |
| CN111859416A (en) * | 2020-06-23 | 2020-10-30 | 天地融科技股份有限公司 | Method and device for controlling safety display |
| CN117744067A (en) * | 2024-02-21 | 2024-03-22 | 北京象帝先计算技术有限公司 | Access space switching method, device, processor, equipment and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217544A (en) * | 2008-01-02 | 2008-07-09 | 浪潮电子信息产业股份有限公司 | A remote frame buffer area to enhance the security |
| CN103034788A (en) * | 2011-10-10 | 2013-04-10 | 上海无戒空间信息技术有限公司 | Verification method and system of electronic readings, server, client and terminal |
| CN102611711A (en) * | 2012-04-09 | 2012-07-25 | 中山爱科数字科技股份有限公司 | Cloud data safe storing method |
| CN102868826B (en) * | 2012-09-25 | 2014-09-24 | 东莞宇龙通信科技有限公司 | Terminal and terminal data protection method |
-
2014
- 2014-09-04 CN CN201410449035.3A patent/CN105391673B/en active Active
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107835185A (en) * | 2017-11-21 | 2018-03-23 | 广州大学 | A kind of mobile terminal safety method of servicing and device based on ARM TrustZone |
| CN110348252A (en) * | 2018-04-02 | 2019-10-18 | 华为技术有限公司 | Operating system and method based on trusted domain |
| CN110348252B (en) * | 2018-04-02 | 2021-09-03 | 华为技术有限公司 | Trust zone based operating system and method |
| US11443034B2 (en) | 2018-04-02 | 2022-09-13 | Huawei Technologies Co., Ltd. | Trust zone-based operating system and method |
| CN111859416A (en) * | 2020-06-23 | 2020-10-30 | 天地融科技股份有限公司 | Method and device for controlling safety display |
| CN111859416B (en) * | 2020-06-23 | 2024-05-24 | 天地融科技股份有限公司 | Method and device for controlling safe display |
| CN117744067A (en) * | 2024-02-21 | 2024-03-22 | 北京象帝先计算技术有限公司 | Access space switching method, device, processor, equipment and storage medium |
| CN117744067B (en) * | 2024-02-21 | 2024-06-21 | 北京象帝先计算技术有限公司 | Access space switching method, device, processor, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105391673B (en) | 2018-12-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108632284B (en) | User data authorization method, medium, device and computing equipment based on block chain | |
| US9846783B2 (en) | Multiscreen secure content access | |
| CN110492990B (en) | Private key management method, device and system under block chain scene | |
| Herzberg et al. | Can Johnny finally encrypt? Evaluating E2E-encryption in popular IM applications | |
| CN111193695B (en) | Encryption method and device for third party account login and storage medium | |
| CN108322461B (en) | Method, system, device, equipment and medium for automatically logging in application program | |
| CN110417543B (en) | Data encryption method, device and storage medium | |
| CN108769027B (en) | Secure communication method, device, mobile terminal and storage medium | |
| Liu et al. | Veriui: Attested login for mobile devices | |
| KR20200027500A (en) | Generate key certificates that provide device anonymity | |
| CN105027107A (en) | Secure virtual machine migration | |
| CN104954126B (en) | Sensitive operation verification method, device and system | |
| CN113557703B (en) | Authentication method and device of network camera | |
| CN109672523A (en) | Information ciphering method, device, equipment and readable storage medium storing program for executing based on filter | |
| CN105512576A (en) | Method for secure storage of data and electronic equipment | |
| KR20150054828A (en) | Securely handling server certificate errors in synchronization communication | |
| CN111464297A (en) | Transaction processing method and device based on block chain, electronic equipment and medium | |
| US20210320790A1 (en) | Terminal registration system and terminal registration method | |
| WO2017071296A1 (en) | Vpn-based secure data access method, device and system | |
| CN105391673A (en) | Safe access method and device | |
| US10985921B1 (en) | Systems and methods for out-of-band authenticity verification of mobile applications | |
| CN103036852A (en) | Method and device for achieving network login | |
| CN113630412B (en) | Resource downloading method, resource downloading device, electronic equipment and storage medium | |
| CN114363088A (en) | Method and device for requesting data | |
| CN113127844A (en) | Variable access method, device, system, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |