CN105391673B - Safety access method and device - Google Patents
Safety access method and device Download PDFInfo
- Publication number
- CN105391673B CN105391673B CN201410449035.3A CN201410449035A CN105391673B CN 105391673 B CN105391673 B CN 105391673B CN 201410449035 A CN201410449035 A CN 201410449035A CN 105391673 B CN105391673 B CN 105391673B
- Authority
- CN
- China
- Prior art keywords
- world
- rfb
- under
- common
- safer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of safety access method and devices, belong to computer safety field.The described method includes: obtaining the encryption data of RFB server-side by Remote Frame Buffer RFB client under common world;It is switched to safer world from common world, encryption data is decrypted to obtain display data;Under safer world, shown according to display data.The present invention passes through under common world, obtain the encryption data of RFB server-side, then it is switched to safer world, encryption data is decrypted to obtain display data, and under safer world, the problem of being shown solve and run RFB client under safer world in the prior art according to display data, leading to the code library increase under safer world;Reach under the premise of guaranteeing safety, it is only necessary to increase the code library under very small part safer world, the effect of RFB server-side can be accessed by RFB client secure.
Description
Technical field
The present invention relates to computer safety field, in particular to a kind of safety access method and device.
Background technique
Remote Frame Buffer (English: Remote Frame Buffer, abbreviation: RFB) is a kind of for remotely accessing figure use
The simple protocol at family interface.According to the agreement, RFB client can remotely access the graphic user interface of RFB server.Remotely
Frame buffering is widely used in the fields such as telecommuting, long-range control.
For security reasons, Advanced Reduced Instruction Set machine (English: Advanced RISC Machines, abbreviation:
ARM) company provides trust region (English: TrustZone) hardware technology.In the terminal using TrustZone hardware technology,
Terminal may operate in common world (English: Normal World) or safer world (English: Secure World).Its
In, the running environment of common world and safer world is mutually isolated.It, can when the terminal runs RFB client under safer world
To guarantee the safety of remote access process.
The inventor finds that the existing technology has at least the following problems: since safer world will not be directly multiplexed under common world
Code library, if it is desired that RFB client can operate in safer world, it is necessary to realize a set of again under safer world
The code library of RFB agreement is held, the size of code under safer world can not only be made to increase severely, but also causes to pacify because of the increase of size of code
The whole world is possible to will appear this loophole that should not occur.
Summary of the invention
The embodiment of the invention provides a kind of safety access method and devices, are visited using safety provided in an embodiment of the present invention
It asks method and device, can solve the code library run under safer world caused by RFB client under safer world and increase
The problem of.The technical solution is as follows:
In a first aspect, a kind of safety access method is provided, it is described in the terminal for supporting trust region hardware technology
Terminal may operate in common world or safer world, which comprises
Under the common world, the encryption data of RFB server-side is obtained by Remote Frame Buffer RFB client;
It is switched to the safer world from the common world, the encryption data is decrypted to obtain display data;
Under the safer world, shown according to the display data.
With reference to first aspect, described to be cut from the common world in the first possible embodiment of first aspect
It is changed to safer world, the encryption data is decrypted to obtain display data, comprising:
Under the common world, receive the write request of the RFB client, wherein said write request refer to by
The request of the encryption data write-in frame buffer zone memory, the frame buffer zone memory is can only to visit under the safer world
The memory asked;
When said write requests triggering mistake, the safer world is switched to by the common world;
Under the safer world, the encryption data is decrypted to obtain display data;
It is described under the safer world, shown according to the display data, comprising:
By in frame buffer zone memory described in the display data writing, and read the frame buffer zone automatically by display component
The display data in memory are shown.
With reference to first aspect, described under common world in second of possible embodiment of first aspect, pass through
Remote Frame Buffer RFB client obtains before the encryption data of RFB server-side, further includes:
Under the common world, the RFB server-side is logged in by the RFB client;
It is only under the safer world by the frame buffer zone memory setting when logging in RFB server-side success
The memory being able to access that.
The possible embodiment of second with reference to first aspect, in the third possible embodiment of first aspect
In, it is described under the common world, the RFB server-side is logged in by the RFB client, comprising:
Under the common world, the login interface data of the RFB server-side are obtained by the RFB client;
Login interface is shown according to the login interface data;
The safer world is switched to from the common world, receives the user name inputted in the login interface and close
Code;
Under the common world, the user name and the encrypted password are sent to the RFB server-side, with
So that the RFB server-side is verified according to the user name and the encrypted password.
The third possible embodiment with reference to first aspect, in the 4th kind of possible embodiment of first aspect
In, it is described under the common world, the user name and the encrypted password are sent to the RFB server-side, wrapped
It includes:
Under the safer world, the password received is written in secure memory, the user that will be received
In name write-in common memory, the secure memory is the memory being only able to access that under the safer world, the common memory
It is the memory that can be accessed under the common world and the safer world;
It is switched to the common world from the safer world, and is sent the user name by the RFB client
To the RFB server-side;
In verifying of the user name by the RFB server-side, the random number that the RFB server-side generates is received;
It is switched to the safer world from the common world, and utilizes predetermined Hash function by the random number and password
It is converted into feedback information, the predetermined Hash function is the Hash letter that the RFB client and the RFB server-side are made an appointment
Number;
It is switched to the common world from the safer world, and is sent out the feedback information by the RFB client
Give the RFB server-side.
With reference to first aspect or second of the first possible embodiment of first aspect or first aspect
The 4th kind of the possible embodiment of the third of possible embodiment or first aspect or first aspect is possible
Embodiment, it is described under common world in the 5th kind of possible embodiment of first aspect, pass through Remote Frame Buffer
RFB client obtains before the encryption data of RFB server-side, further includes:
It is directly entered the safer world after actuation, and sets safer world prompting component to only in the safe generation
It is able to use under boundary, the safer world reminds component for reminding the current world that runs for the common world and the safety
One of world.
With reference to first aspect or second of the first possible embodiment of first aspect or first aspect
The 4th kind of the possible embodiment of the third of possible embodiment or first aspect or first aspect is possible
Embodiment, in the 6th kind of possible embodiment of first aspect, the method also includes:
Under the safer world, the input signal that external input device receives is obtained, the external input device is
The external input device that can be only accessed under the safer world;
Common memory will be written after input signal encryption, the common memory is in the common world and the peace
The memory that can be accessed under the whole world;
Under the common world, the encrypted input signal is sent to by the RFB by the RFB client
Server-side.
The 6th kind of possible embodiment with reference to first aspect, in the 7th kind of possible embodiment of first aspect
In, it is described under the safer world, before the input signal that acquisition external input device receives, further includes:
In the RFB client terminal start-up, set the external input device of the terminal to only in the safer world
The lower external input device that can be accessed.
Second aspect provides a kind of secure access device, described in the terminal for supporting trust region hardware technology
Terminal may operate in common world or safer world, and described device includes:
Data acquisition module, for obtaining RFB service by Remote Frame Buffer RFB client under the common world
The encryption data at end;
Data decryption module carries out the encryption data for being switched to the safer world from the common world
Decryption obtains display data;
Data disaply moudle, for being shown according to the display data under the safer world.
In conjunction with second aspect, in the first possible embodiment of second aspect, the data decryption module, packet
It includes:
Request reception unit, for receiving the write request of the RFB client, wherein institute under the common world
It states write request and refers to that the frame buffer zone memory is only described by the request of encryption data write-in frame buffer zone memory
The memory being able to access that under safer world;
Handoff-security unit, for being switched to the peace by the common world when said write requests triggering mistake
The whole world;
Data decryption unit obtains display data under the safer world, the encryption data to be decrypted;
The data disaply moudle, for by frame buffer zone memory described in the display data writing, and by display group
Part reads the display data in the frame buffer zone memory automatically and is shown.
In conjunction with second aspect, in second of possible embodiment of second aspect, described device, further includes:
Client's log-in module, for logging in the RFB server-side by the RFB client under the common world;
Secure memory module, for being only by the frame buffer zone memory setting when logging in RFB server-side success
The memory being able to access that under the safer world.
In conjunction with second of possible embodiment of second aspect, in the third possible embodiment of second aspect
In, client's log-in module, comprising:
Login interface unit, for obtaining the RFB server-side by the RFB client under the common world
Login interface data;
Interface display unit, for showing login interface according to the login interface data;
Input receiving unit is received for being switched to the safer world from the common world in the login interface
The username and password of middle input;
Transmission unit is inputted, under the common world, the user name and the encrypted password to be sent
To the RFB server-side, so that the RFB server-side is tested according to the user name and the encrypted password
Card.
In conjunction with the third possible embodiment of second aspect, in the 4th kind of possible embodiment of second aspect
In, the input transmission unit, comprising:
Input write-in subelement, under the safer world, the password received to be written in secure memory,
The user name received is written in common memory, the secure memory is only able to access that under the safer world
Memory, the common memory are the memories that can access under the common world and the safer world;
User name transmission sub-unit for being switched to the common world from the safer world, and passes through the RFB visitor
The user name is sent to the RFB server-side by family end;
Random number receiving subelement receives the RFB clothes in verifying of the user name by the RFB server-side
The random number that business end generates;
Feedback generates subelement, for being switched to the safer world from the common world, and utilizes predetermined Hash letter
The random number and password are converted feedback information by number, and the predetermined Hash function is that the RFB client and the RFB take
The hash function that business end is made an appointment;
The feedback transmission sub-unit for being switched to the common world from the safer world, and passes through the RFB
The feedback information is sent to the RFB server-side by client.
In conjunction with second of the possible embodiment of the first of second aspect or second aspect or second aspect
The 4th kind of the possible embodiment of the third of possible embodiment or second aspect or second aspect is possible
Embodiment, in the 5th kind of possible embodiment of second aspect, described device, further includes:
Clean boot module is set for being directly entered the safer world after actuation, and by safer world prompting component
It is set to and is only able to use under the safer world, it is described that the safer world, which reminds component to be used to remind the current operation world,
One of common world and the safer world.
In conjunction with second of the possible embodiment of the first of second aspect or second aspect or second aspect
The 4th kind of the possible embodiment of the third of possible embodiment or second aspect or second aspect is possible
Embodiment, in the 6th kind of possible embodiment of second aspect, described device further include:
Input obtains module, under the safer world, obtaining the input signal that external input device receives, institute
Stating external input device is the external input device that can only access under the safer world;
Writing module is encrypted, for common memory will be written after input signal encryption, the common memory is in institute
State the memory that can access under common world and the safer world;
Signal transmitting module, under the common world, by the RFB client by the encrypted input
Signal is sent to the RFB server-side.
In conjunction with the 6th kind of possible embodiment of second aspect, in the 7th kind of possible embodiment of second aspect
In, described device, further includes:
Safe input module, for setting the external input device of the terminal in the RFB client terminal start-up
The external input device that can be only accessed under the safer world.
Technical solution provided in an embodiment of the present invention has the benefit that
By utilizing Remote Frame Buffer RFB client to obtain the encryption data of RFB server-side under common world, from common
The world is switched to safer world and is decrypted to obtain display data to encryption data, and under safer world according to display data into
Row display, solves and runs RFB client under safer world in the prior art, cause the code library under safer world increased
Problem;Reach under the premise of guaranteeing safety, RFB client still operates in common world, it is only necessary to increase very little one
Code library under the Partial security world can access the effect of RFB server-side by RFB client secure.
Further, by being directly entered safer world after actuation, and safer world prompting component is set as only pacifying
It is able to use under the whole world, safer world reminds component for reminding the current operation world in common world and safer world
One kind, having reached user can remind component to judge whether present terminal is in safer world by safer world, thus certainly
It is fixed whether to carry out the input of confidentiality data, or judge current confidentiality data show whether An Quan effect.
Further, by under safer world, obtaining the input signal that external input device receives, external input device
It is the external input device that can be only accessed under safer world, common memory is written after later encrypting input signal, it is common interior
Depositing is the memory that can access under common world and safer world, finally under common world, will be encrypted by RFB client
Input signal afterwards is sent to RFB server-side, has reached the safety that both ensure that the input signal of user, has in turn avoided RFB
Client runs in safer world the effect for needing to increase code library.
Further, by being the only energy under safer world by frame buffer zone memory setting when logging in the success of RFB server-side
The memory enough accessed has reached terminal and has existed so that terminal also can continue to carry out under common world the display of confidentiality data
User can also be seen that the effect of smooth display image when the switching of safer world and common world.
Further, by receiving the random number that RFB server-side generates in verifying of the user name by RFB server-side, it
It is switched to safer world from common world afterwards, and converts feedback information for random number and password using predetermined Hash function, in advance
Determining hash function is the hash function that RFB client and RFB server-side are made an appointment, and is finally switched to common generation from safer world
Boundary, and feedback information is sent to by RFB server-side by RFB client, i.e. feedback information is a multidate information, and having reached makes
Technical solution provided in an embodiment of the present invention can effectively avoid the effect by Replay Attack.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for
For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is a kind of schematic diagram of implementation environment of safety access method provided in an embodiment of the present invention;
Fig. 2 is a kind of method flow diagram of safety access method provided by one embodiment of the present invention;
Fig. 3 is a kind of method flow diagram for safety access method that another embodiment of the present invention provides;
Fig. 4 is a kind of structural block diagram of secure access device provided by one embodiment of the present invention;
Fig. 5 A is a kind of structural block diagram for secure access device that another embodiment of the present invention provides;
Fig. 5 B is the structural block diagram for the input transmission unit that Fig. 5 A illustrated embodiment provides;
Fig. 6 is the structural block diagram of terminal provided by one embodiment of the present invention.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistented with the present invention.On the contrary, they be only with it is such as appended
The example of device and method being described in detail in claims, some aspects of the invention are consistent.
Fig. 1 is a kind of schematic diagram of implementation environment of the safety access method shown in the embodiment of the present invention, the implementation environment
It include: terminal 110 and server 120;
Terminal 110 is the electronic equipment with connection network function, such as smart phone, tablet computer, electronic computer etc.
Deng.Terminal 110 can run RFB (English: Remote Frame Buffer, Chinese: Remote Frame Buffer) client.Terminal
110 include to meet ARM (English: Advanced RISC Machines, Chinese: Advanced Reduced Instruction Set machine) company
The hardware structure of TrustZone technical specification, the hardware structure can support the safety access method shown in the embodiment of the present invention.
In other words, which is the terminal for supporting to select an operation with safer world and common world both of which.
Server 120 can be a server, or the server cluster consisted of several servers or one
A cloud computing service center.Server 120 can run RFB server-side.
It can establish network connection between terminal 110 and server 120.
Several terms involved in the embodiment of the present invention are described below:
The world that the operating system of terminal is run when term " common world " refers to routine use terminal, the common world
The application program of user oneself can be run.
Term " safer world " is the one mode with " common world " security isolation, the mode by terminal central processing
Trusted code area that device (English: Central Processing Unit, abbreviation: CPU) is opened up in kernel support that terminal is logical
Crossing trusted code area may be implemented the code-insulated of safer world and common world, i.e., general when terminal operating is under safer world
Code under the logical world is can not data in the access safety world.To which user can carry out in the safer world of terminal
The various operations in relation to sensitive data.
Referring to FIG. 2, it illustrates a kind of method flow diagram of safety access method provided by one embodiment of the present invention,
It is illustrated in the terminal 110 that the present embodiment is applied in implementation environment shown in FIG. 1 with the safety access method.The safety
Access method may include the following steps:
Step 201, under common world, the encryption data of RFB server-side is obtained by Remote Frame Buffer RFB client.
Step 202, it is switched to safer world from common world, encryption data is decrypted to obtain display data.
Step 203, it under safer world, is shown according to display data.
In conclusion safety access method provided in this embodiment, by utilizing Remote Frame Buffer under common world
RFB client obtains the encryption data of RFB server-side, is then switched to safer world from common world, carries out to encryption data
Decryption obtains display data, and under safer world, is shown solve in the prior art in safe generation according to display data
The problem of running RFB client under boundary, leading to the code library increase under safer world;Reach in the premise for guaranteeing safety
Under, RFB client still operates in common world, it is only necessary to increase the code library under very small part safer world, can lead to
Cross the effect of RFB client secure access RFB server-side.
Referring to FIG. 3, a kind of method flow of the safety access method provided it illustrates another embodiment of the present invention
Figure, the present embodiment are applied to illustrate in implementation environment shown in FIG. 1 with the safety access method.The safety access method
May include the following steps:
Step 301, terminal is directly entered safer world on startup, and safer world prompting component is set as only pacifying
It is able to use under the whole world, safer world reminds component for reminding the current operation world in common world and safer world
It is a kind of.
Terminal enters safer world on startup, and sets the only energy under safer world for safer world prompting component
It is enough to use, it may insure that the setting is safely and effectively in this way.
Safer world reminds component to can be indicator light, and terminal can be set the indicator light and light under safer world, and
Extinguish under common world;Or the indicator light is set and is lighted under common world, extinguish under safer world.
Safer world reminds component to be also possible to sounding device, then the sounding device can be set under safer world in terminal
Specific sound is issued, and is not worked under common world;Or the sounding device is set and issues specific sound under common world, and
It does not work under safer world.
Safer world reminds component to can also be vibration type reminding device, and the vibration type reminding device can be set in safety in terminal
It vibrates under the world, is not vibrated under common world;Or the vibration type reminding device is set and is vibrated under common world, under safer world not
Vibration.
After the setup, the different alert states of indicator light, sounding device and vibration type reminding device respectively correspond safety
The world and common world, user can remind the alert state of component to judge whether present terminal is in by safer world
Safer world to decide whether the input of progress confidentiality data, or judges whether the display of current confidentiality data is pacified
Entirely, it may include any one or more in above-mentioned three kinds of safer worlds prompting component in terminal.
It is once just able to satisfy terminal is had secure access to later when it should be noted that only being needed to be implemented as this step 1
It needs, for example, this step can just be completed before factory, there is no need to remind component to safer world again after factory for terminal
Be configured, but user whenever necessary, user still with regard to controlling terminal can enter safer world to peace when terminal starts
Component is reminded to be configured in the whole world.
Step 302, terminal logs in RFB server-side by RFB client under common world.
This step may include following 7 sub-steps when being executed:
1) terminal sends security access request to RFB server-side by RFB client under common world.
User's operation terminal starts RFB client, and sends security access request to RFB server-side.
In addition, the external input device of terminal can be set as only pacifying by terminal after user is by RFB client terminal start-up
The external input device that can be accessed under the whole world, such user can not just carry out input operation under common world, to guarantee
The safety of the input data of user.
It should be noted that terminal can also set external input device to user to external input device carry out it is specific
It is switched to safer world after operation, for example after user clicks input frame by touch screen, terminal is switched to safer world, for another example
Input equipment is physical button, then after user clicks specific keys or specific keys combination, terminal enters safer world.
2) server is received by RFB server-side and provides stepping on for RFB server-side to RFB client after security access request
Record interface data.
Since it does not include the data of encryption in need in the login interface data, thus the login interface data can be
The login interface data of unencryption, while also facilitating RFB client and the login interface data are shown under common world
Show.
3) terminal obtains the login interface data of RFB server-side by RFB client under common world.
Terminal receives the login interface data that RFB server-side is sent by RFB client under common world.
4) terminal shows login interface according to login interface data.
Login interface data are written frame buffer zone memory and shown by terminal.
5) terminal is switched to safer world from common world, receives the username and password inputted in login interface.
After terminal is switched to safer world from common world, user inputs user in login interface by external input device
Name and password, terminal receive the username and password.
Wherein, terminal can be switched to safer world after showing login interface data at once, can also want in user
It carries out being switched to safer world when input operation, for example terminal is switched to safer world after user's click input frame;It is for another example defeated
Entering equipment is physical button, then is switched to safer world after user clicks specific keys, can be by terminal in 1) to external defeated
Enter being arranged to determine that terminal is switched to the mode of safer world for equipment.
6) user name and encrypted password are sent to RFB server-side under common world by terminal, so that RFB takes
It is verified according to user name and encrypted password at business end.
User name and encrypted password can be sent jointly to RFB server-side, the encryption under common world by terminal
Password afterwards is to be encrypted under safer world by predetermined key, which can be RFB client and RFB server-side
The key or password itself made an appointment.It, will be encrypted close after RFB server-side receives the user name and encrypted password
Code is decrypted, and the password after decryption is verified.
Optionally, this step may include following 6 sub-steps:
(1) password received is written in secure memory under safer world for terminal, and the user name received is written
In common memory, secure memory is the memory being only able to access that under safer world, and common memory is in common world and safety
The memory that can be accessed under the world.
Terminal is after the password for receiving user's input, and by the password storage in secure memory, which is stored in
In common memory.
Wherein secure memory can be set as the memory being only able to access that under safer world in step 301.
(2) terminal is switched to common world from safer world, and user name is sent to RFB service by RFB client
End.
Since user name is stored in common memory, it is interior that common memory is that common world and safer world can access
It deposits, thus after terminal is switched to common world from safer world, user name can be obtained simultaneously from common memory, by the user name
RFB server-side is sent to by RFB client.
(3) terminal receives the random number that RFB server-side generates when user name passes through the verifying of RFB server-side.
RFB server-side verifies whether the user name belongs to legitimate user after obtaining user name, if the user name belongs to conjunction
Method user, then RFB server-side generates a random number, records and the random number is sent to RFB client after the random number.It is legal
User can be the user of the accessible server of server license, and the user name of legitimate user can store and server
In.
(4) terminal is switched to safer world from common world and is converted random number and password to using predetermined Hash function
Feedback information, predetermined Hash function are the hash function that RFB client and RFB server-side are made an appointment.
Terminal converts feedback information for random number and password after receiving random number, using predetermined Hash function.Than
It such as, can should be with by Message Digest Algorithm 5 (English: Message Digest Algorithm5, abbreviation: MD5)
Password in machine number and secure memory is converted into feedback information as a whole.
(5) terminal is switched to common world from safer world, and feedback information is sent to RFB clothes by RFB client
Business end.
(6) server receives the feedback information that RFB client is sent by RFB server-side, and tests feedback information
Card.
Server receives the feedback information that RFB client is sent by RFB server-side.
After RFB server-side receives the feedback information, being sent in server will be stored in by predetermined Hash function
The random number of RFB client and the user name received are converted into verification information, whether detect the verification information and feedback information
Unanimously, when the verification information is consistent with feedback information, RFB client validation success, the verification information and feedback information not
When consistent, RFB client validation failure.
It should be noted that (1) to (6) can be performed a plurality of times during entire secure access or every excessively pre- timing
Between execute it is primary, to improve the safety of the present embodiment safety access method.
7) when being proved to be successful, server sends successfully login prompt to RFB client by RFB server-side.
When being proved to be successful, server establishes secure access connection by RFB server-side and RFB client, and takes to RFB
Business end sends successfully login prompt.
In authentication failed, server sends login failure prompt to RFB client by RFB server-side.
Step 303, frame buffer zone memory setting is only under safer world when logging in the success of RFB server-side by terminal
The memory being able to access that.
Terminal can be when logging in the success of RFB server-side and receive when logining successfully prompt of RFB server-side feedback,
Frame buffer zone memory setting is the memory being only able to access that under safer world by terminal.Terminal is saved as in frame buffer zone for depositing
The memory of screen picture content is put, this setting can forbid terminal to carry out the aobvious of remote user's graphical interfaces under common world
Show.
After RFB client logs in the success of RFB server, the display data that RFB server-side is sent to RFB client have can
It can be the data of confidentiality, frame buffer zone memory setting is at this moment the memory being only able to access that under safer world by terminal,
The data of confidentiality can be effectively avoided to be shown under common world.
And terminal can return in 5) when logging in the failure of RFB server-side and receive the use inputted in login interface again
Name in an account book and password, i.e. user can re-enter username and password.
It should be noted that being the memory this operation being only able to access that under safer world by frame buffer zone memory setting
It can also be immediately performed when user opens RFB client, corresponding, login interface data can be shown in safer world by terminal
In, login interface data can be encryption at this time, be also possible to unencryption, when login interface data are encryptions, add
Key can be predetermined key.
Step 304, server provides encryption data to RFB client by RFB server-side.
After RFB client logs in the success of RFB server, server provides encryption to RFB client by RFB server-side
Data, the encryption data can be RFB server-side default and be sent to adding for RFB client after RFB client logins successfully
Ciphertext data, after being also possible to the request that RFB server-side receives RFB client, according to the encryption data of request transmission.
In addition, the encryption key of the encryption data can be predetermined key, i.e. RFB client and RFB server-side appoints in advance
Fixed key or user log in used password itself when RFB server-side.
Step 305, terminal obtains the encryption data of RFB server-side by RFB client under common world.
Due to being the secure access connection established between RFB client and RFB server-side, thus terminal is in common world
Under, it needs to obtain the encryption data that RFB server-side is sent by RFB client.
Step 306, terminal is under common world, receives the write request of RFB client, wherein write request refer to by
The request of frame buffer zone memory is written in encryption data, and frame buffer zone memory is the memory being only able to access that under safer world.
After terminal receives the encryption data of RFB server-side transmission under common world, RFB client can be sent to terminal
By the write request of encryption data write-in frame buffer zone memory.
Step 307, terminal is switched to safer world by common world when write request triggers mistake.
Since frame buffer zone memory at this time is arranged to the memory being only able to access that under safer world, thus terminal exists
Received under common world RFB client transmission by encryption data write-in frame buffer zone memory write request after, terminal meeting
Triggering mistake is simultaneously switched to safer world.
Step 308, terminal is decrypted encryption data to obtain display data under safer world.
After terminal is switched to safer world, the display data deciphering of predetermined key pair encryption can use.
Step 309, terminal is under safer world, by the memory of display data writing frame buffer zone, and by display component from
The dynamic display data read in the memory of frame buffer zone are shown.
Since terminal is currently in safer world, thus terminal can by the memory of display data writing frame buffer zone simultaneously
It is shown by display component.Wherein, display component is arranged to automatically read display number from the memory of frame buffer zone
According to being shown.
Step 310, terminal obtains the input signal that external input device receives under safer world, and external input is set
Standby is the external input device that can only access under safer world.
Terminal according to display data shown after, user can according to the display data by external input device into
The input operation of user can be converted to input signal by external input device by row input operation, terminal, and external input is set
Standby may include touch screen, physical button, microphone and camera etc..
Step 311, common memory is written after terminal encrypts input signal, common memory is common world and safer world
The memory that can access.
Terminal is common by being written after input signal encryption after the input signal for obtaining user by external input device
Memory, terminal can obtain the input signal encrypted in common memory under common world.
Step 312, terminal is switched to common world from safer world, and under common world, terminal will by RFB client
Encrypted input signal is sent to RFB server-side.
When terminal is written with the input signal of encryption in common memory, RFB client can be passed through under common world
Encrypted input signal is sent to RFB server-side.
Step 313, terminal continues to the subsequent encryption data of RFB server-side transmission under common world.
Terminal continues to the encryption data of RFB server-side transmission under common world.I.e. terminal can be with return step 304
In continue to have secure access to.
Wherein, subsequent encryption data can be after the input signal of encryption decrypted and obtain input signal by RFB server-side,
It is sent according to the input signal.
In addition, before RFB client receives the subsequent encryption data that RFB server is sent after being switched to common world,
It can still be shown according to display data, it is because frame buffer zone memory at this time is only able to access that under safer world, i.e., general
Terminal under the logical world can not read frame buffer zone memory, thus it is also safe that the display data, which are shown in common world,.
In conclusion safety access method provided in this embodiment, by utilizing Remote Frame Buffer under common world
RFB client obtains the encryption data of RFB server-side, is then switched to safer world from common world, carries out to encryption data
Decryption obtains display data, and under safer world, is shown solve in the prior art in safe generation according to display data
The problem of running RFB client under boundary, leading to the code library increase under safer world;Reach in the premise for guaranteeing safety
Under, RFB client still operates in common world, it is only necessary to increase the code library under very small part safer world, can lead to
Cross the effect of RFB client secure access RFB server-side.
It should be added that safety access method provided in this embodiment, also by being directly entered peace after actuation
The whole world, and safer world prompting component is set as only being able to use under safer world, safer world reminds component to be used for
Reminding the current operation world is one of common world and safer world, and group can be reminded by safer world by having reached user
Part judges whether present terminal is in safer world, to decide whether to carry out the input of confidentiality data, or judgement is current
Confidentiality data display whether An Quan effect.
It should be added that safety access method provided in this embodiment, also outer by obtaining under safer world
The input signal that portion's input equipment receives, external input device are the external input devices that can only access under safer world,
Common memory is written after input signal is encrypted later, common memory is in capable of accessing under common world and safer world
It deposits, finally under common world, encrypted input signal is sent to by RFB server-side by RFB client, has reached and had both protected
The safety for having demonstrate,proved the input signal of user in turn avoids RFB client and runs on to need to increase code library in safer world
Effect.
It should be added that safety access method provided in this embodiment, also by logging in the success of RFB server-side
When, it is the memory being only able to access that under safer world by frame buffer zone memory setting, so that terminal also can under common world
The display for enough continuing confidentiality data, having reached terminal user in the switching of safer world and common world can also see
To the effect of smooth display image.
It should be added that safety access method provided in this embodiment, also by being serviced in user name by RFB
When the verifying at end, the random number that RFB server-side generates is received, is switched to safer world from common world later, and is utilized predetermined
Random number and password are converted feedback information by hash function, and predetermined Hash function is that RFB client and RFB server-side appoint in advance
Fixed hash function is finally switched to common world from safer world, and feedback information is sent to RFB by RFB client
Server-side, i.e. feedback information are a multidate information, and having reached keeps technical solution provided in an embodiment of the present invention effective
Avoid the effect by Replay Attack.
Referring to FIG. 4, it illustrates a kind of structural block diagram of secure access device provided by one embodiment of the present invention,
The secure access device being implemented in combination with as the end in implementation environment shown in FIG. 1 by software, hardware or both
The all or part at end 110.The secure access device includes: that data acquisition module 410, data decryption module 420 and data are aobvious
Show module 430;
Data acquisition module 410, for obtaining RFB server-side by Remote Frame Buffer RFB client under common world
Encryption data.
Data decryption module 420 is decrypted encryption data and is shown for being switched to safer world from common world
Registration evidence.
Data disaply moudle 430, for being shown according to display data under safer world.
In conclusion secure access device provided in this embodiment, by utilizing Remote Frame Buffer under common world
RFB client obtains the encryption data of RFB server-side, is then switched to safer world from common world, carries out to encryption data
Decryption obtains display data, and under safer world, is shown solve in the prior art in safe generation according to display data
The problem of running RFB client under boundary, leading to the code library increase under safer world;Reach in the premise for guaranteeing safety
Under, RFB client still operates in common world, it is only necessary to increase the code library under very small part safer world, can lead to
Cross the effect of RFB client secure access RFB server-side.
Fig. 5 A is please referred to, it illustrates a kind of structure boxes for secure access device that another embodiment of the present invention provides
Figure, which being implemented in combination with as in implementation environment shown in FIG. 1 by software, hardware or both
The all or part of terminal 110.The secure access device includes: data acquisition module 410, data decryption module 420 and data
Display module 430;
Data acquisition module 410, for obtaining RFB server-side by Remote Frame Buffer RFB client under common world
Encryption data.
Data decryption module 420 is decrypted encryption data and is shown for being switched to safer world from common world
Registration evidence.
Data disaply moudle 430, for being shown according to display data under safer world.
In the present embodiment, data decryption module 420 may include:
Request reception unit 421, for receiving the write request of RFB client under common world, wherein write-in is asked
Seeking Truth refers to that, by the request of encryption data write-in frame buffer zone memory, frame buffer zone memory is only able to access that under safer world
Memory;
Handoff-security unit 422, for being switched to safer world by common world when write request triggers mistake;
Data decryption unit 423 obtains display data under the safer world, encryption data to be decrypted;
Data disaply moudle 430 for by the memory of display data writing frame buffer zone, and is read automatically by display component
Display data in the memory of frame buffer zone are shown.
In the present embodiment, the secure access device can also include:
Client's log-in module 440, for logging in RFB server-side by RFB client under common world;
Secure memory module 450, for being only to pacify by frame buffer zone memory setting when logging in the success of RFB server-side
The memory being able to access that under the whole world.
In the present embodiment, client's log-in module 440 may include:
Login interface unit 441, for obtaining the login interface of RFB server-side by RFB client under common world
Data;
Interface display unit 442, for showing login interface according to login interface data;
Input receiving unit 443 receives the use inputted in login interface for being switched to safer world from common world
Name in an account book and password;
Transmission unit 444 is inputted, under common world, user name and encrypted password to be sent to RFB service
End, so that RFB server-side is verified according to user name and encrypted password.
In conjunction with shown in Fig. 5 B, transmission unit 444 is inputted, may include:
Input write-in subelement 444a, for the password received being written in secure memory, will be connect under safer world
In the user name write-in common memory received, secure memory is the memory being only able to access that under safer world, and common memory is
The memory that can be accessed under common world and safer world;
User name transmission sub-unit 444b for being switched to common world from safer world, and will be used by RFB client
Name in an account book is sent to RFB server-side;
Random number receiving subelement 444c receives RFB server-side and generates when user name passes through the verifying of RFB server-side
Random number;
Feedback generates subelement 444d, for being switched to safer world from common world, and will using predetermined Hash function
Random number and password are converted into feedback information, and predetermined Hash function is the Hash letter that RFB client and RFB server-side are made an appointment
Number;
Transmission sub-unit 444e is fed back, for being switched to common world from safer world, and will be fed back by RFB client
Information is sent to RFB server-side.
In the present embodiment, which can also include:
Clean boot module 460 reminds component setting for being directly entered safer world on startup, and by safer world
To be only able to use under safer world, safer world reminds component for reminding the current world that runs for common world and safety
One of world.
In the present embodiment, which can also include:
Input obtains module 470, under safer world, obtaining the input signal that external input device receives, outside
Portion's input equipment is the external input device that can only access under safer world;
Writing module 480 is encrypted, for common memory to be written after encrypting input signal, common memory is in common world
With the memory that can be accessed under safer world;
Signal transmitting module 490, for being sent encrypted input signal by RFB client under common world
Give RFB server-side.
In the present embodiment, the secure access device can also include:
Safe input module 500, in RFB client terminal start-up, the external input device of terminal being set as only existing
The external input device that can be accessed under safer world.
In conclusion secure access device provided in this embodiment, by utilizing Remote Frame Buffer under common world
RFB client obtains the encryption data of RFB server-side, is then switched to safer world from common world, carries out to encryption data
Decryption obtains display data, and under safer world, is shown solve in the prior art in safe generation according to display data
The problem of running RFB client under boundary, leading to the code library increase under safer world;Reach in the premise for guaranteeing safety
Under, RFB client still operates in common world, it is only necessary to increase the code library under very small part safer world, can lead to
Cross the effect of RFB client secure access RFB server-side.
Secure access device provided in this embodiment, also by being directly entered safer world after actuation, and by safe generation
Boundary reminds component to be set as only being able to use under safer world, and safer world prompting component is for reminding the current operation world
One of common world and safer world, having reached user can be to judge present terminal by safer world prompting component
It is no to be in safer world, to decide whether the input of progress confidentiality data, or judge the display of current confidentiality data
Whether An Quan effect.
Secure access device provided in this embodiment is also received by under safer world, obtaining external input device
Input signal, external input device is the external input device that can only access under safer world, later adds input signal
Common memory is written after close, common memory is the memory that can access under common world and safer world, finally in common generation
Under boundary, encrypted input signal is sent to by RFB server-side by RFB client, has reached the input that both ensure that user
The safety of signal in turn avoids RFB client and runs in safer world the effect for needing to increase code library.
Secure access device provided in this embodiment, also by log in RFB server-side success when, by frame buffer zone memory
It is set as the memory being only able to access that under safer world, so that terminal also can continue to carry out confidentiality number under common world
According to display, having reached terminal user in the switching of safer world and common world can also be seen that smooth display image
Effect.
Secure access device provided in this embodiment, also by receiving in verifying of the user name by RFB server-side
The random number that RFB server-side generates is switched to safer world from common world later, and utilizes predetermined Hash function by random number
It is converted into feedback information with password, predetermined Hash function is the hash function that RFB client and RFB server-side are made an appointment, most
It is switched to common world from safer world afterwards, and feedback information is sent to by RFB server-side, i.e. feedback letter by RFB client
Breath is a multidate information, and having reached avoids technical solution provided in an embodiment of the present invention effectively by Replay Attack
Effect.
Referring to FIG. 6, it illustrates the structural block diagrams of terminal provided by one embodiment of the present invention.The terminal includes:
Processor 620 and memory 640.
Processor 620, for obtaining the encryption of RFB server-side by Remote Frame Buffer RFB client under common world
Data.
Processor 620 is decrypted encryption data to obtain display number for being switched to safer world from common world
According to.
Processor 620, for being shown according to display data under safer world.
In conclusion terminal provided in this embodiment, by utilizing Remote Frame Buffer RFB client under common world
The encryption data for obtaining RFB server-side, is then switched to safer world from common world, is decrypted and is shown to encryption data
Registration evidence, and under safer world, shown solve and run under safer world in the prior art according to display data
RFB client, cause under safer world code library increase the problem of;Reach under the premise of guaranteeing safety, RFB client
End still operates in common world, it is only necessary to increase the code library under very small part safer world, can pass through RFB client
Have secure access to the effect of RFB server-side.
In the more optional embodiment provided based on embodiment illustrated in fig. 6:
Optionally, memory 640 includes frame buffer zone memory.
Processor 620, for receiving the write request of RFB client, wherein write request refers under common world
By the request of encryption data write-in frame buffer zone memory, frame buffer zone memory is the memory being only able to access that under safer world;
Processor 620, for being switched to safer world by common world when write request triggers mistake;
Processor 620 obtains display data under safer world, encryption data to be decrypted;
Processor 620 for by the memory of display data writing frame buffer zone, and is read frame buffering by display component automatically
Display data in area's memory are shown.
Processor 620, for logging in RFB server-side by RFB client under common world;
Processor 620, for being only in safer world by frame buffer zone memory setting when logging in the success of RFB server-side
Under the memory that is able to access that.
Processor 620, for obtaining the login interface data of RFB server-side by RFB client under common world;
Processor 620, for showing login interface according to login interface data;
Processor 620, for being switched to safer world from common world, receive the user name inputted in login interface and
Password;
Processor 620, under common world, user name and encrypted password to be sent to RFB server-side, so that
RFB server-side is obtained to be verified according to user name and encrypted password.
Optionally, memory 640 further includes secure memory and common memory, and secure memory can wrap containing in frame buffer zone
It deposits.
Processor 620, under safer world, the password received to be written in secure memory, the use that will be received
Name in an account book is written in common memory, and secure memory is the memory being only able to access that under safer world, and common memory is in common generation
The memory that can be accessed under boundary and safer world;
User name for being switched to common world from safer world, and is sent to by processor 620 by RFB client
RFB server-side;
Processor 620 receives the random number that RFB server-side generates when user name passes through the verifying of RFB server-side;
Processor 620, for being switched to safer world from common world, and using predetermined Hash function by random number and close
Code is converted into feedback information, and predetermined Hash function is the hash function that RFB client and RFB server-side are made an appointment;
Processor 620 for being switched to common world from safer world, and is sent feedback information by RFB client
Give RFB server-side.
Processor 620 is set as only existing for being directly entered safer world on startup, and by safer world prompting component
It is able to use under safer world, safer world reminds component for reminding the current operation world in common world and safer world
One kind.
Processor 620, under safer world, obtaining the input signal that external input device receives, external input
Equipment is the external input device that can only access under safer world;
Processor 620, for common memory to be written after encrypting input signal, common memory is in common world and safety
The memory that can be accessed under the world;
Processor 620, for encrypted input signal to be sent to RFB clothes by RFB client under common world
Business end.
Processor 620, for setting the external input device of terminal to only in safe generation in RFB client terminal start-up
The external input device that can be accessed under boundary.
In conclusion terminal provided in this embodiment, also by being directly entered safer world after actuation, and by safe generation
Boundary reminds component to be set as only being able to use under safer world, and safer world prompting component is for reminding the current operation world
One of common world and safer world, having reached user can be to judge present terminal by safer world prompting component
It is no to be in safer world, to decide whether the input of progress confidentiality data, or judge the display of current confidentiality data
Whether An Quan effect.
Terminal provided in this embodiment, the input letter also received by under safer world, obtaining external input device
Number, external input device is the external input device that can only access under safer world, is written after later encrypting input signal
Common memory, common memory are that the memory that can access under common world and safer world passes through finally under common world
Encrypted input signal is sent to RFB server-side by RFB client, has reached the safety that both ensure that the input signal of user
Property, it in turn avoids RFB client and runs in safer world the effect for needing to increase code library.
Terminal provided in this embodiment, also by being only by frame buffer zone memory setting when logging in the success of RFB server-side
The memory being able to access that under safer world, so that terminal also can continue to carry out the aobvious of confidentiality data under common world
Show, has achieved the effect that terminal user in the switching of safer world and common world can also be seen that smooth display image.
Terminal provided in this embodiment, also by receiving RFB server-side in verifying of the user name by RFB server-side
The random number of generation is switched to safer world from common world later, and is turned random number and password using predetermined Hash function
Feedback information is turned to, predetermined Hash function is the hash function that RFB client and RFB server-side are made an appointment, finally from safety
The world is switched to common world, and feedback information is sent to RFB server-side by RFB client, i.e. feedback information is one
Multidate information has achieved the effect that avoid technical solution provided in an embodiment of the present invention effectively by Replay Attack.
Those skilled in the art will readily occur to of the invention its after considering specification and the invention invented here of practice
Its embodiment.This application is intended to cover any variations, uses, or adaptations of the invention, these modifications, purposes or
The common knowledge in the art that person's adaptive change follows general principle of the invention and do not invent including the present invention
Or conventional techniques.The description and examples are only to be considered as illustrative, and true scope and spirit of the invention are by following
Claim is pointed out.
It should be understood that the present invention is not limited to the precise structure already described above and shown in the accompanying drawings, and
And various modifications and changes may be made without departing from the scope thereof.The scope of the present invention is limited only by the attached claims.
Claims (16)
1. a kind of safety access method, which is characterized in that in terminal of the method for supporting trust region hardware technology, institute
Stating terminal may operate in common world or safer world, in central processor core of the safer world by the terminal
It the trusted code area that opens up supports, which comprises
Under the common world, the encryption data of RFB server-side is obtained by Remote Frame Buffer RFB client;
It is switched to the safer world from the common world, the encryption data is decrypted to obtain display data;
Under the safer world, shown according to the display data.
2. the method according to claim 1, wherein described be switched to the safe generation from the common world
Boundary is decrypted the encryption data to obtain display data, comprising:
Under the common world, the write request of the RFB client is received, wherein said write request refers to will be described
The request of frame buffer zone memory is written in encryption data, and the frame buffer zone memory is only able to access that under the safer world
Memory;
When said write requests triggering mistake, the safer world is switched to by the common world;
Under the safer world, the encryption data is decrypted to obtain display data;
It is described under the safer world, shown according to the display data, comprising:
By in frame buffer zone memory described in the display data writing, and read the frame buffer zone memory automatically by display component
In the display data shown.
3. passing through Remote Frame Buffer RFB visitor the method according to claim 1, wherein described under common world
Family end obtains before the encryption data of RFB server-side, further includes:
Under the common world, the RFB server-side is logged in by the RFB client;
It is only to be able to access that under the safer world by frame buffer zone memory setting when logging in RFB server-side success
Memory.
4. according to the method described in claim 3, passing through the RFB client it is characterized in that, described under the common world
End logs in the RFB server-side, comprising:
Under the common world, the login interface data of the RFB server-side are obtained by the RFB client;
Login interface is shown according to the login interface data;
It is switched to the safer world from the common world, receives the username and password inputted in the login interface;
Under the common world, the user name and the encrypted password are sent to the RFB server-side, so that
The RFB server-side is verified according to the user name and the encrypted password.
5. according to the method described in claim 4, it is characterized in that, described under the common world, by the user name and
The encrypted password is sent to the RFB server-side, comprising:
Under the safer world, the password received is written in secure memory, the user name received is write
Enter in common memory, the secure memory is the memory being only able to access that under the safer world, the common memory be
The memory that can be accessed under the common world and the safer world;
It is switched to the common world from the safer world, and the user name is sent to by institute by the RFB client
State RFB server-side;
In verifying of the user name by the RFB server-side, the random number that the RFB server-side generates is received;
It is switched to the safer world from the common world, and is converted the random number and password using predetermined Hash function
For feedback information, the predetermined Hash function is the hash function that the RFB client and the RFB server-side are made an appointment;
It is switched to the common world from the safer world, and is sent to the feedback information by the RFB client
The RFB server-side.
6. method according to any one of claims 1 to 5, which is characterized in that it is described under the common world, by long-range
Frame buffers before the encryption data that RFB client obtains RFB server-side, further includes:
It is directly entered the safer world after actuation, and sets safer world prompting component to only under the safer world
It is able to use, the safer world reminds component for reminding the current world that runs for the common world and the safer world
One of.
7. method according to any one of claims 1 to 5, which is characterized in that the method also includes:
Under the safer world, the input signal that external input device receives is obtained, the external input device is only in institute
State the external input device that can be accessed under safer world;
Common memory will be written after input signal encryption, the common memory is in the common world and the safe generation
The memory that can be accessed under boundary;
Under the common world, the encrypted input signal is sent to by the RFB by the RFB client and is serviced
End.
8. acquisition external input is set the method according to the description of claim 7 is characterized in that described under the safer world
Before the standby input signal received, further includes:
In the RFB client terminal start-up, the only energy under the safer world is set by the external input device of the terminal
The external input device of access.
9. a kind of secure access device, which is characterized in that in the terminal for supporting trust region hardware technology, the terminal can
To operate in common world or safer world, the safer world can by what is opened up in the central processor core of the terminal
Code area is believed to support, described device includes:
Data acquisition module, for obtaining RFB server-side by Remote Frame Buffer RFB client under the common world
Encryption data;
Data decryption module is decrypted the encryption data for being switched to the safer world from the common world
Obtain display data;
Data disaply moudle, for being shown according to the display data under the safer world.
10. device according to claim 9, which is characterized in that the data decryption module, comprising:
Request reception unit, for receiving the write request of the RFB client, wherein described to write under the common world
Enter request and refers to that the frame buffer zone memory is only in the safety by the request of encryption data write-in frame buffer zone memory
The memory being able to access that under the world;
Handoff-security unit, for being switched to the safe generation by the common world when said write requests triggering mistake
Boundary;
Data decryption unit obtains display data under the safer world, the encryption data to be decrypted;
The data disaply moudle, for by frame buffer zone memory described in the display data writing, and by display component from
The dynamic display data read in the frame buffer zone memory are shown.
11. device according to claim 9, which is characterized in that described device, further includes:
Client's log-in module, for logging in the RFB server-side by the RFB client under the common world;
Secure memory module, for being only in the peace by frame buffer zone memory setting when logging in RFB server-side success
The memory being able to access that under the whole world.
12. device according to claim 11, which is characterized in that client's log-in module, comprising:
Login interface unit, for obtaining stepping on for the RFB server-side by the RFB client under the common world
Record interface data;
Interface display unit, for showing login interface according to the login interface data;
Input receiving unit receives defeated in the login interface for being switched to the safer world from the common world
The username and password entered;
Transmission unit is inputted, under the common world, the user name and the encrypted password to be sent to institute
RFB server-side is stated, so that the RFB server-side is verified according to the user name and the encrypted password.
13. device according to claim 12, which is characterized in that the input transmission unit, comprising:
Input write-in subelement, for the password received being written in secure memory, will be connect under the safer world
In the user name write-in common memory received, the secure memory is in being only able to access that under the safer world
It deposits, the common memory is the memory that can access under the common world and the safer world;
User name transmission sub-unit for being switched to the common world from the safer world, and passes through the RFB client
The user name is sent to the RFB server-side;
Random number receiving subelement receives the RFB server-side in verifying of the user name by the RFB server-side
The random number of generation;
Feedback generates subelement, for being switched to the safer world from the common world, and will using predetermined Hash function
The random number and password are converted into feedback information, and the predetermined Hash function is that the RFB client and the RFB are serviced
Hold the hash function made an appointment;
Transmission sub-unit is fed back, for being switched to the common world from the safer world, and will by the RFB client
The feedback information is sent to the RFB server-side.
14. device according to any one of claims 9 to 13, which is characterized in that described device, further includes:
Clean boot module is set as being directly entered the safer world after actuation, and by safer world prompting component
It is only able to use under the safer world, it is described common that the safer world, which reminds component to be used to remind the current operation world,
One of the world and the safer world.
15. device according to any one of claims 9 to 13, which is characterized in that described device, further includes:
Input obtains module, described outer under the safer world, obtaining the input signal that external input device receives
Portion's input equipment is the external input device that can only access under the safer world;
Writing module is encrypted, for common memory will be written after input signal encryption, the common memory is described general
The memory that can be accessed under the logical world and the safer world;
Signal transmitting module, under the common world, by the RFB client by the encrypted input signal
It is sent to the RFB server-side.
16. device according to claim 15, which is characterized in that described device, further includes:
Safe input module, in the RFB client terminal start-up, the external input device of the terminal being set as only existing
The external input device that can be accessed under the safer world.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410449035.3A CN105391673B (en) | 2014-09-04 | 2014-09-04 | Safety access method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410449035.3A CN105391673B (en) | 2014-09-04 | 2014-09-04 | Safety access method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105391673A CN105391673A (en) | 2016-03-09 |
| CN105391673B true CN105391673B (en) | 2018-12-28 |
Family
ID=55423514
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410449035.3A Active CN105391673B (en) | 2014-09-04 | 2014-09-04 | Safety access method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105391673B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107835185B (en) * | 2017-11-21 | 2020-10-02 | 广州大学 | Mobile terminal security service method and device based on ARM TrustZone |
| CN110348252B (en) * | 2018-04-02 | 2021-09-03 | 华为技术有限公司 | Trust zone based operating system and method |
| CN111859416B (en) * | 2020-06-23 | 2024-05-24 | 天地融科技股份有限公司 | Method and device for controlling safe display |
| CN117744067B (en) * | 2024-02-21 | 2024-06-21 | 北京象帝先计算技术有限公司 | Access space switching method, device, processor, equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217544A (en) * | 2008-01-02 | 2008-07-09 | 浪潮电子信息产业股份有限公司 | A remote frame buffer area to enhance the security |
| CN102611711A (en) * | 2012-04-09 | 2012-07-25 | 中山爱科数字科技股份有限公司 | Cloud data safe storing method |
| CN102868826A (en) * | 2012-09-25 | 2013-01-09 | 东莞宇龙通信科技有限公司 | Terminal and terminal data protection method |
| CN103034788A (en) * | 2011-10-10 | 2013-04-10 | 上海无戒空间信息技术有限公司 | Verification method and system of electronic readings, server, client and terminal |
-
2014
- 2014-09-04 CN CN201410449035.3A patent/CN105391673B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217544A (en) * | 2008-01-02 | 2008-07-09 | 浪潮电子信息产业股份有限公司 | A remote frame buffer area to enhance the security |
| CN103034788A (en) * | 2011-10-10 | 2013-04-10 | 上海无戒空间信息技术有限公司 | Verification method and system of electronic readings, server, client and terminal |
| CN102611711A (en) * | 2012-04-09 | 2012-07-25 | 中山爱科数字科技股份有限公司 | Cloud data safe storing method |
| CN102868826A (en) * | 2012-09-25 | 2013-01-09 | 东莞宇龙通信科技有限公司 | Terminal and terminal data protection method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105391673A (en) | 2016-03-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11838324B2 (en) | Secure web container for a secure online user environment | |
| JP6424295B1 (en) | Shared secret repository for applications including single sign-on | |
| US20240106865A1 (en) | Secure Web Container for a Secure Online User Environment | |
| US9846783B2 (en) | Multiscreen secure content access | |
| US9794228B2 (en) | Security challenge assisted password proxy | |
| US9628448B2 (en) | User and device authentication in enterprise systems | |
| Liu et al. | Veriui: Attested login for mobile devices | |
| US20170346815A1 (en) | Multifactor authentication processing using two or more devices | |
| US8156331B2 (en) | Information transfer | |
| CN113557703B (en) | Authentication method and device of network camera | |
| CN109787989B (en) | Password modification method, system, target server and storage medium | |
| CN105391673B (en) | Safety access method and device | |
| CN108335105A (en) | Data processing method and relevant device | |
| US20220376919A1 (en) | Blockchain-enabled secure messaging system, device, and method using blockchain validation and biometric authentication | |
| Blumenberg | WiFi Gate Guard: A Captive Portal Implementation for Home Networks | |
| US20220237629A1 (en) | System, method, and computer-accessible medium for determining the veracity of a bank fraud call | |
| US20220417020A1 (en) | Information processing device, information processing method, and non-transitory computer readable storage medium | |
| Liu | Enhanced Password Security on Mobile Devices. | |
| CN116089927A (en) | Password protection method and device, electronic equipment and storage medium | |
| KR20130110331A (en) | System of user authentication for mobile device using secure operating system and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |