CN105512576A - Method for secure storage of data and electronic equipment - Google Patents
Method for secure storage of data and electronic equipment Download PDFInfo
- Publication number
- CN105512576A CN105512576A CN201510923600.XA CN201510923600A CN105512576A CN 105512576 A CN105512576 A CN 105512576A CN 201510923600 A CN201510923600 A CN 201510923600A CN 105512576 A CN105512576 A CN 105512576A
- Authority
- CN
- China
- Prior art keywords
- execution environment
- storage instruction
- credible execution
- data
- application program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Abstract
The invention discloses a method for secure storage of data and electronic equipment. The method comprises steps as follows: a first credible execution environment authenticates a first application successfully, receives a storage instruction of the first application for first data and analyzes the storage instruction, and the storage instruction represents to perform write operation on the first data on the basis of a second credible execution environment; the second credible execution environment authenticates the first credible execution environment successfully and receives the storage instruction; the second credible execution environment is a second operation system; the second credible execution environment responds to the storage instruction and writes the first data in a storage device corresponding to the second credible execution environment in a preset encryption mode, and the first data written in the storage device in the preset encryption mode are invisible to an upper-layer application of a first operation system.
Description
Technical field
The present invention relates to electronic technology field, particularly a kind of method that stores of data security and electronic equipment.
Background technology
Along with the development of science and technology, electronic technology have also been obtained development at full speed, a lot of electronic equipment, and as panel computer, smart mobile phone etc., become the necessity of people's daily life.In order to meet the user demand of user, electronic equipment can be used for running various operating system or application program usually, brings great dirigibility to electronic equipment.
In the prior art, because electronic equipment can support the operation of various application program, so, the careless operation of user also can make the malicious process such as various wooden horse, virus enter electronic equipment, as, viruliferous website is taken when user clicks one, this virus just can colonize in the operating system of described electronic equipment via electronic equipment, and and then operating system all data of storing up, as, obtain contact phone, short message, password, picture etc. the important information stored in electronic equipment.
Visible, there is the unsafe technical matters of storage data in electronic equipment of the prior art.
Summary of the invention
, there is the unsafe technical matters of storage data for solving electronic equipment of the prior art, realizing the technique effect of safe data storage in a kind of method that the embodiment of the present application provides data security to store and electronic equipment.
The embodiment of the present application provides a kind of method that data security stores on the one hand, comprises the following steps:
First credible execution environment is to the first application authentication success, receive the storage instruction of described first application program for the first data, resolve described storage instruction, described storage instruction characterizes carries out write operation based on the second credible execution environment to described first data; Wherein, described first credible execution environment is the bottom running environment of the first operating system, and the first application program is the upper level applications of described first operating system;
Second credible execution environment, to described first credible execution environment authentication success, receives described storage instruction; Second credible execution environment is described second operating system;
Described second credible execution environment responds described storage instruction, based on predetermined cipher mode, described first data are written in the memory storage corresponding with described second credible execution environment, wherein, the upper level applications of described first data pin to described first operating system be written in described memory storage based on predetermined cipher mode is invisible.
Optionally, at described first credible execution environment to the first application authentication success, receive the storage instruction of described first application program for the first data, before resolving described storage instruction, described method also comprises:
A service routine is created in described first credible execution environment;
A safety applications is created in described second credible execution environment.
Optionally, described first credible execution environment, to the first application authentication success, receives the storage instruction of described first application program for the first data, resolves described storage instruction, comprising:
Described service routine, when described storage instruction being detected, determines whether described first application program is default application program;
When described first application program is described default application program, determine the first application authentication success;
Receive and resolve described storage instruction, obtaining the storage instruction after resolving.
Optionally, at described first credible execution environment to the first application authentication success, receive the storage instruction of described first application program for the first data, after resolving described storage instruction, described method also comprises:
Based on the first cipher mode, described storage instruction after resolving is encrypted, obtains the storage instruction after encryption;
Based on an escape way, the storage instruction after described encryption is sent to described safety applications.
Optionally, described second credible execution environment, to described first credible execution environment authentication success, receives described storage instruction, comprising:
During the storage instruction of described safety applications after described encryption being detected, obtain the authorization information of described service routine;
Based on described authorization information, determine described first credible execution environment authentication success;
Resolve the storage instruction after described encryption based on the first manner of decryption corresponding with described first cipher mode, obtain and receive described storage instruction.
Optionally, respond described storage instruction at described second credible execution environment, after being written in the memory storage corresponding with described second credible execution environment based on predetermined cipher mode by described first data, described method also comprises:
After described second credible execution environment completes described storage instruction, generate the execution result corresponding with described storage instruction;
Based on described first cipher mode, described execution result is encrypted, obtains the execution result after encryption;
Execution result after described encryption is sent to described first credible execution environment;
Described first feasible execution environment, based on described first manner of decryption, resolves the execution result after described encryption, and described execution result is fed back to described first application program.
Optionally, described, execution result after described encryption is sent to described first credible execution environment, and after feeding back to described first application program by described service routine, described method also comprises:
Described reading command, when receiving the reading command for described first data sent by described first application program, is encrypted based on described first cipher mode, and is sent to described second credible execution environment by described first credible execution environment;
Second credible execution environment, to after described first credible execution environment authentication success, receives described storage instruction;
Described second credible execution environment responds described reading command, obtains described first data based on the manner of decryption corresponding with described predetermined cipher mode from described memory storage;
Described second credible execution environment is encrypted described first data with described first cipher mode, obtains the first data after encryption, and the first data after described encryption are sent to described first credible execution environment;
Described first credible execution environment resolves the first data after described encryption based on described first manner of decryption, and by described first data feedback to described first application program.
The embodiment of the present application additionally provides a kind of electronic equipment on the other hand, comprising:
Housing;
Storer, be arranged in described housing, wherein, described storer comprises the first memory storage and the second memory storage, described first memory storage is for storing the first system file corresponding with the first operating system and the application file corresponding with the first application program, and described second memory storage is for storing the second system file corresponding with the second operating system;
Processor, be arranged in described housing, for when the first credible execution environment is to the first application authentication success, receive the storage instruction of described first application program for the first data, resolve described storage instruction, described storage instruction characterizes carries out write operation based on the second credible execution environment to described first data; Wherein, described first credible execution environment is the bottom running environment of the first operating system, and the first application program is the upper level applications of described first operating system; When the second credible execution environment is to described first credible execution environment authentication success, receive described storage instruction; Second credible execution environment is described second operating system; And described second credible execution environment responds described storage instruction, based on predetermined cipher mode, described first data are written in described second memory storage, wherein, the upper level applications of described first data pin to described first operating system be written in described second memory storage based on predetermined cipher mode is invisible.
Optionally, described processor also for:
A service routine is created in described first credible execution environment;
A safety applications is created in described second credible execution environment.
Optionally, described processor specifically for:
Described service routine, when described storage instruction being detected, determines whether described first application program is default application program;
When described first application program is described default application program, determine the first application authentication success;
Receive and resolve described storage instruction, obtaining the storage instruction after resolving.
Optionally, described processor also for:
Based on the first cipher mode, described storage instruction after resolving is encrypted, obtains the storage instruction after encryption;
Based on an escape way, the storage instruction after described encryption is sent to described safety applications.
Optionally, described processor specifically for:
During the storage instruction of described safety applications after described encryption being detected, obtain the authorization information of described service routine;
Based on described authorization information, determine described first credible execution environment authentication success;
Resolve the storage instruction after described encryption based on the first manner of decryption corresponding with described first cipher mode, obtain and receive described storage instruction.
Optionally, described processor also for:
After described second credible execution environment completes described storage instruction, generate the execution result corresponding with described storage instruction;
Based on described first cipher mode, described execution result is encrypted, obtains the execution result after encryption;
Execution result after described encryption is sent to described first credible execution environment;
Described first feasible execution environment, based on described first manner of decryption, resolves the execution result after described encryption, and described execution result is fed back to described first application program.
Optionally, described processor also for:
Described reading command, when receiving the reading command for described first data sent by described first application program, is encrypted based on described first cipher mode, and is sent to described second credible execution environment by described first credible execution environment;
Second credible execution environment, to after described first credible execution environment authentication success, receives described storage instruction;
Described second credible execution environment responds described reading command, obtains described first data based on the manner of decryption corresponding with described predetermined cipher mode from described second memory storage;
Described second credible execution environment is encrypted described first data with described first cipher mode, obtains the first data after encryption, and the first data after described encryption are sent to described first credible execution environment;
Described first credible execution environment resolves the first data after described encryption based on described first manner of decryption, and by described first data feedback to described first application program.
Above-mentioned one or more technical scheme in the embodiment of the present application, at least has one or more technique effects following:
One, due to the technical scheme in the embodiment of the present application, adopt the first credible execution environment to the first application authentication success, receive the storage instruction of described first application program for the first data, resolve described storage instruction, described storage instruction characterizes carries out write operation based on the second credible execution environment to described first data, second credible execution environment, to described first credible execution environment authentication success, receives described storage instruction, described second credible execution environment responds described storage instruction, based on predetermined cipher mode, described first data are written in described memory storage, wherein, the upper level applications sightless technological means of described first data pin in described memory storage to described first operating system is written to based on predetermined cipher mode, like this, when the first application program in electronic equipment needs to store data, first by the first credible execution environment of electronic equipment, authentication is carried out to the first application program, to ensure the communication security of the first application program and the first credible execution environment, then, by the first credible execution environment, the storage instruction of the first application program is sent to the second credible execution environment corresponding to secure storage section again, after the second credible execution environment carries out authentication success to the first credible execution environment, secure storage section is stored in described data encryption to be stored, thus ensure that communication security by the verification process of the first credible execution environment and the second credible execution environment, and, because the first data to be stored are encrypted by the second credible execution environment, thus make other application program or viral wooden horses etc. of electronic equipment, all cannot conduct interviews to the first data to be stored, ensure that the security of the first data to be stored, so, efficiently solve electronic equipment of the prior art and there is the unsafe technical matters of storage data, achieve the technique effect of safe data storage.
Two, due to the technical scheme in the embodiment of the present application, adopting described service routine when described storage instruction being detected, determining whether described first application program is default application program; When described first application program is described default application program, determine the first application authentication success; Receive and resolve described storage instruction, obtain the technological means of the storage instruction after resolving, like this, electronic equipment can only receive the data processing instructions sent by authorized applications, thus prevent unauthorized application program, and e.g., wooden horse, virus etc., to the acquisition of data, achieve the technique effect further ensuring data security.
Three, due to the technical scheme in the embodiment of the present application, adopt and based on the first cipher mode, described storage instruction after resolving is encrypted, obtain the storage instruction after encryption; Based on an escape way, storage instruction after described encryption is sent to the technological means of described safety applications, like this, by sending described storage instruction to the encryption and use safety passage that store instruction, make the first credible execution environment and the second security of credible execution environment when carrying out data communication, thus be stolen when preventing data from transmitting in credible execution environment, achieve the technique effect guaranteeing Security Data Transmission.
Four, due to technical scheme in the embodiment of the present application, when adopting the storage instruction of described safety applications after described encryption being detected, the authorization information of described service routine is obtained; Based on described authorization information, determine described first credible execution environment authentication success; The storage instruction after described encryption is resolved based on the first manner of decryption corresponding with described first cipher mode, obtain and receive the technological means of described storage instruction, like this, even if other service routines in the first credible execution environment have invoked the safety applications corresponding with described storage instruction in the second credible execution environment, because safety applications can carry out authentication to service routine, then, now authentication is unsuccessful, safety applications can not respond this service routine, achieves the technique effect of the data security that ensure that between each service routine.
Five, the second operating system in the embodiment of the present application and the first operating system have the security that certain isolation effect further ensure that stored data.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present application or technical scheme of the prior art, be briefly described by the accompanying drawing used required in describing embodiment below, apparently, the accompanying drawing in the following describes is only some embodiments of the present invention.
The process flow diagram of the method that a kind of data security that Fig. 1 provides for the embodiment of the present application one stores;
Fig. 2 is the specific implementation process flow diagram of step S101 in the embodiment of the present application one;
Fig. 3 is the specific implementation process flow diagram of step S102 in the embodiment of the present application one;
Fig. 4 is the process flow diagram of execution step after step s 103 in the embodiment of the present application one;
Fig. 5 is the process flow diagram to the execution step that data read in the embodiment of the present application one;
Fig. 6 provides a kind of structural representation of electronic equipment for the embodiment of the present application two.
Embodiment
, there is the unsafe technical matters of storage data for solving electronic equipment of the prior art, realizing the technique effect of safe data storage in a kind of method that the embodiment of the present application provides data security to store and electronic equipment.
Technical scheme in the embodiment of the present application is solve above-mentioned technical matters, and general thought is as follows:
The method that data security stores, comprising:
First credible execution environment is to the first application authentication success, receive the storage instruction of described first application program for the first data, resolve described storage instruction, described storage instruction characterizes carries out write operation based on the second credible execution environment to described first data; Wherein, described first credible execution environment is the bottom running environment of the first operating system, and the first application program is the upper level applications of described first operating system;
Second credible execution environment, to described first credible execution environment authentication success, receives described storage instruction; Second credible execution environment is described second operating system;
Described second credible execution environment responds described storage instruction, based on predetermined cipher mode, described first data are written in the memory storage corresponding with described second credible execution environment, wherein, the upper level applications of described first data pin to described first operating system be written in described memory storage based on predetermined cipher mode is invisible.
In technique scheme, adopt the first credible execution environment to the first application authentication success, receive the storage instruction of described first application program for the first data, resolve described storage instruction, described storage instruction characterizes carries out write operation based on the second credible execution environment to described first data, second credible execution environment, to described first credible execution environment authentication success, receives described storage instruction, described second credible execution environment responds described storage instruction, based on predetermined cipher mode, described first data are written in described memory storage, wherein, the upper level applications sightless technological means of described first data pin in described memory storage to described first operating system is written to based on predetermined cipher mode, like this, when the first application program in electronic equipment needs to store data, first by the first credible execution environment of electronic equipment, authentication is carried out to the first application program, to ensure the communication security of the first application program and the first credible execution environment, then, by the first credible execution environment, the storage instruction of the first application program is sent to the second credible execution environment corresponding to secure storage section again, after the second credible execution environment carries out authentication success to the first credible execution environment, secure storage section is stored in described data encryption to be stored, thus ensure that communication security by the verification process of the first credible execution environment and the second credible execution environment, and, because the first data to be stored are encrypted by the second credible execution environment, thus make other application program or viral wooden horses etc. of electronic equipment, all cannot conduct interviews to the first data to be stored, ensure that the security of the first data to be stored, so, efficiently solve electronic equipment of the prior art and there is the unsafe technical matters of storage data, achieve the technique effect of safe data storage.
The second operating system in the embodiment of the present application and the first operating system have the security that certain isolation effect further ensure that stored data.So, second credible execution environment responds described storage instruction, based on predetermined cipher mode, described first data are written in the memory storage corresponding with described second credible execution environment, wherein, the described upper level applications of described first data pin to described first operating system be written in described memory storage based on predetermined cipher mode is invisible.Namely, first operating system for described first data being written to the memory storage corresponding with described second credible execution environment based on predetermined cipher mode invisible (invisible described first data of the first operating system), even if so the first operating system has infected the security that virus does not affect described second data yet.
In order to better understand technique scheme, below by accompanying drawing and specific embodiment, technical solution of the present invention is described in detail, the specific features being to be understood that in the embodiment of the present application and embodiment is the detailed description to technical solution of the present invention, instead of the restriction to technical solution of the present invention, when not conflicting, the technical characteristic in the embodiment of the present application and embodiment can be combined with each other.
Embodiment one
Please refer to Fig. 1, the process flow diagram of the method that a kind of data security provided for the embodiment of the present application one stores, described method comprises:
S101: the first credible execution environment is to the first application authentication success, receive the storage instruction of described first application program for the first data, resolve described storage instruction, described storage instruction characterizes carries out write operation based on the second credible execution environment to described first data; Wherein, described first credible execution environment is the bottom running environment of the first operating system, and the first application program is the upper level applications of described first operating system;
S102: the second credible execution environment, to described first credible execution environment authentication success, receives described storage instruction; Second credible execution environment is described second operating system;
S103: described second credible execution environment responds described storage instruction, based on predetermined cipher mode, described first data are written in the memory storage corresponding with described second credible execution environment, wherein, the upper level applications of described first data pin to described first operating system be written in described memory storage based on predetermined cipher mode is invisible.
In specific implementation process, the method that described data security stores specifically can be applied in smart mobile phone, panel computer, notebook computer, certainly, also can be other intelligent terminal, and at this, just differing one schematically illustrates.In the embodiment of the present application, the method stored for described data security is applied to smart mobile phone, the method that the data security in the embodiment of the present application stores is described in detail.
In intelligent terminal, by the hardware of the SOC (system on a chip) in terminal and software resource are separated, thus make in intelligent terminal, to be present in two running environment, that is: the first credible execution environment and the second credible execution environment, intelligent terminal can switch in these two running environment.In the embodiment of the present application, described first credible execution environment is the common running environment (RichExecutionEnvironment of intelligent terminal, REE), can be used for running various widely, general operating system, thus allow each application program to run in REE; Described second credible execution environment is the credible execution environment (TrustedExecutionEnvironment of intelligent terminal, TEE), it coexists with common execution environment, be exclusively used in and provide one piece of safety zone for performing believable code to intelligent terminal, and all codes performed in TEE self are all high reliability, thus the use of data resource important in intelligent terminal and storing process are all placed in TEE process.
When adopting the technical scheme in the embodiment of the present application to carry out data storage, before execution step S101, described method also comprises:
A service routine is created in described first credible execution environment;
A safety applications is created in described second credible execution environment.
In specific implementation process, the method stored for described data security be applied to smart mobile phone, described first credible execution environment for REE and described second credible execution environment be TEE, before carrying out data storage, need to hold the service routine (CA) of establishment one for storing, called after CA1 at the REE of smart mobile phone; And hold the safety applications (TA) of establishment one for storing at TEE, called after TA1.Meanwhile, set the command request that this CA1 can only process the application program of mandate, e.g., the authorized applications of setting CA1 is: the demand for data security develop separately application program, also can be QQ application program and micro-letter application program; Set this TA1 to be called by specific CA, e.g., setting this TA1 can only be called by CA1.
After complete above-mentioned steps, method in the embodiment of the present application just performs step S101, that is: the first credible execution environment is to the first application authentication success, receive the storage instruction of described first application program for the first data, resolve described storage instruction, described storage instruction characterizes carries out write operation based on the second credible execution environment to described first data; Wherein, described first credible execution environment is the bottom running environment of the first operating system, and the first application program is the upper level applications of described first operating system.
In the embodiment of the present application one, please refer to Fig. 2, the specific implementation of step S101 is:
S201: described service routine, when described storage instruction being detected, determines whether described first application program is default application program;
S202: when described first application program is described default application program, determines the first application authentication success;
S203: receive and resolve described storage instruction, obtains the storage instruction after resolving.
In specific implementation process, continue to use above-mentioned example, when the QQ application program in smart mobile phone is run at the Android system of smart mobile phone, based on the selection operation of user in QQ application program display interface, generate the storage instruction be stored into by chat record in smart mobile phone, at this moment, QQ application program will call the CA1 in REE, CA1 is after the instruction of storage chat record QQ application program being detected, first need to carry out authentication to QQ application program, as, by RSA2048 public key verifications or signature verification etc., be not restricted in the embodiment of the present application.To use signature verification, now, CA1 will obtain the signature of QQ application program, and compare with the signature of default application program, determine that the signature of QQ application program is identical with the signature of default application program, then judge that QQ application program is the application program had permission, authentication success.Then, the storage instruction of acquisition is resolved by CA1, and obtain the command content after resolving for storing data, data content is chat record.
After complete step S101, the method in the embodiment of the present application, before execution step S102, also comprises:
Based on the first cipher mode, described storage instruction after resolving is encrypted, obtains the storage instruction after encryption;
Based on an escape way, the storage instruction after described encryption is sent to described safety applications.
In specific implementation process, continue to use above-mentioned example, after CA1 obtains the storage instruction after resolving, the storage instruction after by parsing is needed to be encrypted, as, RSA2048 public key encryption is carried out to the command content after parsing and data content, certainly, those skilled in the art also can adopt other cipher mode, are not restricted in the embodiment of the present application.After encryption completes, encrypted instruction is just sent to safety applications corresponding in TEE by CA1, the instruction received due to CA1 is the instruction storing data, therefore, CA1 determines the current TA1 needing to call in TEE, thus by the escape way of REE and TEE, the instruction after encryption is sent to TA1.Wherein, escape way is in smart mobile phone be the communication between REE and TEE and the communication port of hardware-level set up, to guarantee the communication security that REE end is held with TEE.
After complete above-mentioned steps, the method in the embodiment of the present application just performs step S102, that is: the second credible execution environment is to described first credible execution environment authentication success, receives described storage instruction; Second credible execution environment is described second operating system.
In the embodiment of the present application one, please refer to Fig. 3, the specific implementation of step S102 is:
S301: during the storage instruction of described safety applications after described encryption being detected, obtain the authorization information of described service routine;
S302: based on described authorization information, determines described first credible execution environment authentication success;
S303: resolve the storage instruction after described encryption based on the first manner of decryption corresponding with described first cipher mode, obtains and receives described storage instruction.
In specific implementation process, continue to use above-mentioned example, after CA1 sends encrypted instruction to TA1, now, smart mobile phone just loads the operating system corresponding with TEE, thus runs TEE, now, TA1 just receives the recalls information that CA1 sends, and then carries out legal checking to CA1, as, it is legal etc. to be judged whether by CAID, Challenge, certainly, those skilled in the art also can adopt other verification mode, are not restricted in the embodiment of the present application.To be verified as example by CAID, first TA1 obtains No. ID of CA1, as No. ID is 1, and with TA1 in preset No. ID contrast, determining whether No. ID that presets, calling as preset the CA that TA1 can only be 1 by No. ID, then judge that CA1 is legal, authentication success.Then, TA1 just obtains the encrypted instruction that CA1 sends, encrypted instruction is decrypted, in specific implementation process, TA and the CA pre-set corresponding cipher mode of meeting and manner of decryption, as, RSA2048 mode is used to encrypt and decrypt, certainly, those skilled in the art also can use other encryption and manner of decryption, are not restricted in the embodiment of the present application.RSA2048 mode is used to be encrypted and to decipher to preset, now, TA1 just adopts RSA2048 private key to be decrypted the encrypted instruction that CA1 sends, thus obtains the presumptive instruction that sent by QQ application program: store chat record, and to obtain data content be chat record.
After complete step S102, method in the embodiment of the present application just performs step S103, that is: described second credible execution environment responds described storage instruction, based on predetermined cipher mode, described first data are written in the memory storage corresponding with described second credible execution environment, wherein, the upper level applications of described first data pin to described first operating system be written in described memory storage based on predetermined cipher mode is invisible.
In specific implementation process, continue to use above-mentioned example, after TA1 obtains the storage instruction storing chat record, the data to be stored obtained just are encrypted and are stored in storage unit corresponding in TEE by TA1.As, des encryption mode is adopted to be encrypted the chat record of QQ application program, certainly, those skilled in the art also can adopt other cipher mode, be not restricted in the embodiment of the present application, then encryption chat record is stored in storer corresponding to TEE end, thus completes the safe storage to QQ chat record.Be stored in the data of TEE end for other application programs in smart mobile phone, as micro-letter, short message etc., all invisible, thus ensure that the security of information.
After complete step S103, please refer to Fig. 4, the method in the embodiment of the present application also comprises:
S401: after described second credible execution environment completes described storage instruction, generates the execution result corresponding with described storage instruction;
S402: be encrypted described execution result based on described first cipher mode, obtains the execution result after encryption;
S403: the execution result after described encryption is sent to described first credible execution environment;
S404: described first feasible execution environment, based on described first manner of decryption, resolves the execution result after described encryption, and described execution result is fed back to described first application program.
In specific implementation process, after encryption chat record is stored in storer corresponding to TEE end by TA1, TA1 can generate an execution result, as " memory address is: 1005 ", then adopts RSA2048 PKI to be encrypted by execution result, and by escape way, the execution result of encryption is sent to CA1, CA1 is after the execution result receiving described encryption, adopt RSA2048 private key to be decrypted, obtain the execution result of " memory address is: 1005 ", and feed back to QQ application program.
After complete execution result back, the method in the embodiment of the present application also comprises the process read data, please refer to Fig. 5, and the method in the embodiment of the present application also comprises:
S501: described first credible execution environment is when receiving the reading command for described first data sent by described first application program, based on described first cipher mode, described reading command is encrypted, and is sent to described second credible execution environment;
S502: the second credible execution environment, to after described first credible execution environment authentication success, receives described storage instruction;
S503: described second credible execution environment responds described reading command, obtains described first data based on the manner of decryption corresponding with described predetermined cipher mode from described memory storage;
S504: described second credible execution environment is encrypted described first data with described first cipher mode, obtains the first data after encryption, and the first data after described encryption is sent to described first credible execution environment;
S505: described first credible execution environment resolves the first data after described encryption based on described first manner of decryption, and by described first data feedback to described first application program.
In specific implementation process, continue to use above-mentioned example, after smart mobile phone completes the safe storage to QQ chat record, smart mobile phone have received the data read command of the described chat record of the acquisition sent by QQ application program, now, REE end will call the service routine corresponding with reading command, called after CA2, and to set the treatable authorized applications of CA2 be QQ application program, now, CA2 just carries out authentication to QQ application program, concrete authentication mode is identical with step S101, when CA2 judges that QQ application program is the application program had permission, authentication success.Then, the reading command of acquisition is resolved by CA2, and send to TEE to hold the TA2 (at TEE hold safety applications for read data that default settings good) corresponding with CA2 by escape way after the reading command after parsing being encrypted, first TA2 verifies that whether CA2 is legal, concrete verification mode is as identical in step S102, after judging that CA2 is legal, TA2 just obtains the encrypted instruction that CA2 sends, encrypted instruction is decrypted, obtain the instruction of the reading chat record of QQ application program, thus obtain described chat record in storage unit corresponding from TEE, and be sent to CA2 by escape way after being encrypted by chat record, after enciphered message is deciphered by CA2, obtain described chat record, and feed back to QQ application program, complete the reading of data.
Embodiment two
Based on the inventive concept identical with the embodiment of the present application one, the embodiment of the present application two provides a kind of electronic equipment, please refer to Fig. 6, comprising:
Housing 10;
Storer 20, be arranged in housing 10, wherein, described storer comprises the first memory storage and the second memory storage, described first memory storage is for storing the first system file corresponding with the first operating system and the application file corresponding with the first application program, and described second memory storage is for storing the second system file corresponding with the second operating system;
Processor 30, be arranged in housing 10, for when the first credible execution environment is to the first application authentication success, receive the storage instruction of described first application program for the first data, resolve described storage instruction, described storage instruction characterizes carries out write operation based on the second credible execution environment to described first data; Wherein, described first credible execution environment is the bottom running environment of the first operating system, and the first application program is the upper level applications of described first operating system; When the second credible execution environment is to described first credible execution environment authentication success, receive described storage instruction; Second credible execution environment is described second operating system; And described second credible execution environment responds described storage instruction, based on predetermined cipher mode, described first data are written in described second memory storage, wherein, the upper level applications of described first data pin to described first operating system be written in described memory storage based on predetermined cipher mode is invisible.
Optionally, processor 30 also for:
A service routine is created in described first credible execution environment;
A safety applications is created in described second credible execution environment.
Optionally, processor 30 specifically for:
Described service routine, when described storage instruction being detected, determines whether described first application program is default application program;
When described first application program is described default application program, determine the first application authentication success;
Receive and resolve described storage instruction, obtaining the storage instruction after resolving.
Optionally, processor 30 also for:
Based on the first cipher mode, described storage instruction after resolving is encrypted, obtains the storage instruction after encryption;
Based on an escape way, the storage instruction after described encryption is sent to described safety applications.
Optionally, processor 30 specifically for:
During the storage instruction of described safety applications after described encryption being detected, obtain the authorization information of described service routine;
Based on described authorization information, determine described first credible execution environment authentication success;
Resolve the storage instruction after described encryption based on the first manner of decryption corresponding with described first cipher mode, obtain and receive described storage instruction.
Optionally, processor 30 also for:
After described second credible execution environment completes described storage instruction, generate the execution result corresponding with described storage instruction;
Based on described first cipher mode, described execution result is encrypted, obtains the execution result after encryption;
Execution result after described encryption is sent to described first credible execution environment;
Described first feasible execution environment, based on described first manner of decryption, resolves the execution result after described encryption, and described execution result is fed back to described first application program.
Optionally, processor 30 also for:
Described reading command, when receiving the reading command for described first data sent by described first application program, is encrypted based on described first cipher mode, and is sent to described second credible execution environment by described first credible execution environment;
Second credible execution environment, to after described first credible execution environment authentication success, receives described storage instruction;
Described second credible execution environment responds described reading command, obtains described first data based on the manner of decryption corresponding with described predetermined cipher mode from described second memory storage;
Described second credible execution environment is encrypted described first data with described first cipher mode, obtains the first data after encryption, and the first data after described encryption are sent to described first credible execution environment;
Described first credible execution environment resolves the first data after described encryption based on described first manner of decryption, and by described first data feedback to described first application program.
By the one or more technical schemes in the embodiment of the present application, following one or more technique effect can be realized:
One, due to the technical scheme in the embodiment of the present application, adopt the first credible execution environment to the first application authentication success, receive the storage instruction of described first application program for the first data, resolve described storage instruction, described storage instruction characterizes carries out write operation based on the second credible execution environment to described first data, second credible execution environment, to described first credible execution environment authentication success, receives described storage instruction, described second credible execution environment responds described storage instruction, based on predetermined cipher mode, described first data are written in described memory storage, wherein, the upper level applications sightless technological means of described first data pin in described memory storage to described first operating system is written to based on predetermined cipher mode, like this, when the first application program in electronic equipment needs to store data, first by the first credible execution environment of electronic equipment, authentication is carried out to the first application program, to ensure the communication security of the first application program and the first credible execution environment, then, by the first credible execution environment, the storage instruction of the first application program is sent to the second credible execution environment corresponding to secure storage section again, after the second credible execution environment carries out authentication success to the first credible execution environment, secure storage section is stored in described data encryption to be stored, thus ensure that communication security by the verification process of the first credible execution environment and the second credible execution environment, and, because the first data to be stored are encrypted by the second credible execution environment, thus make other application program or viral wooden horses etc. of electronic equipment, all cannot conduct interviews to the first data to be stored, ensure that the security of the first data to be stored, so, efficiently solve electronic equipment of the prior art and there is the unsafe technical matters of storage data, achieve the technique effect of safe data storage.
Two, due to the technical scheme in the embodiment of the present application, adopting described service routine when described storage instruction being detected, determining whether described first application program is default application program; When described first application program is described default application program, determine the first application authentication success; Receive and resolve described storage instruction, obtain the technological means of the storage instruction after resolving, like this, electronic equipment can only receive the data processing instructions sent by authorized applications, thus prevent unauthorized application program, and e.g., wooden horse, virus etc., to the acquisition of data, achieve the technique effect further ensuring data security.
Three, due to the technical scheme in the embodiment of the present application, adopt and based on the first cipher mode, described storage instruction after resolving is encrypted, obtain the storage instruction after encryption; Based on an escape way, storage instruction after described encryption is sent to the technological means of described safety applications, like this, by sending described storage instruction to the encryption and use safety passage that store instruction, make the first credible execution environment and the second security of credible execution environment when carrying out data communication, thus be stolen when preventing data from transmitting in credible execution environment, achieve the technique effect guaranteeing Security Data Transmission.
Four, due to technical scheme in the embodiment of the present application, when adopting the storage instruction of described safety applications after described encryption being detected, the authorization information of described service routine is obtained; Based on described authorization information, determine described first credible execution environment authentication success; The storage instruction after described encryption is resolved based on the first manner of decryption corresponding with described first cipher mode, obtain and receive the technological means of described storage instruction, like this, even if other service routines in the first credible execution environment have invoked the safety applications corresponding with described storage instruction in the second credible execution environment, because safety applications can carry out authentication to service routine, then, now authentication is unsuccessful, safety applications can not respond this service routine, achieves the technique effect of the data security that ensure that between each service routine.
Five, the second operating system in the embodiment of the present application and the first operating system have the security that certain isolation effect further ensure that stored data.
Those skilled in the art should understand, embodiments of the invention can be provided as method, system or computer program.Therefore, the present invention can adopt the form of complete hardware embodiment, completely software implementation or the embodiment in conjunction with software and hardware aspect.And the present invention can adopt in one or more form wherein including the upper computer program implemented of computer-usable storage medium (including but not limited to magnetic disk memory, CD-ROM, optical memory etc.) of computer usable program code.
The present invention describes with reference to according to the process flow diagram of the method for the embodiment of the present invention, equipment (system) and computer program and/or block scheme.Should understand can by the combination of the flow process in each flow process in computer program instructions realization flow figure and/or block scheme and/or square frame and process flow diagram and/or block scheme and/or square frame.These computer program instructions can being provided to the processor of multi-purpose computer, special purpose computer, Embedded Processor or other programmable data processing device to produce a machine, making the instruction performed by the processor of computing machine or other programmable data processing device produce device for realizing the function of specifying in process flow diagram flow process or multiple flow process and/or block scheme square frame or multiple square frame.
These computer program instructions also can be stored in can in the computer-readable memory that works in a specific way of vectoring computer or other programmable data processing device, the instruction making to be stored in this computer-readable memory produces the manufacture comprising command device, and this command device realizes the function of specifying in process flow diagram flow process or multiple flow process and/or block scheme square frame or multiple square frame.
These computer program instructions also can be loaded in computing machine or other programmable data processing device, make on computing machine or other programmable devices, to perform sequence of operations step to produce computer implemented process, thus the instruction performed on computing machine or other programmable devices is provided for the step realizing the function of specifying in process flow diagram flow process or multiple flow process and/or block scheme square frame or multiple square frame.
Specifically, the computer program instructions that the method for the data security storage in the embodiment of the present application is corresponding can be stored in CD, hard disk, on the storage mediums such as USB flash disk, when the computer program instructions corresponding with the method that data security stores in storage medium is read by an electronic equipment or be performed, comprise the steps:
First credible execution environment is to the first application authentication success, receive the storage instruction of described first application program for the first data, resolve described storage instruction, described storage instruction characterizes carries out write operation based on the second credible execution environment to described first data; Wherein, described first credible execution environment is the bottom running environment of the first operating system, and the first application program is the upper level applications of described first operating system;
Second credible execution environment, to described first credible execution environment authentication success, receives described storage instruction; Second credible execution environment is described second operating system;
Described second credible execution environment responds described storage instruction, based on predetermined cipher mode, described first data are written in the memory storage corresponding with described second credible execution environment, wherein, the upper level applications of described first data pin to described first operating system be written in described memory storage based on predetermined cipher mode is invisible.
Optionally, other computer instruction is also comprised in described storage medium, this other computer instruction with step: described first credible execution environment to first application authentication success, receive the storage instruction of described first application program for the first data, resolve described storage instruction, be performed before corresponding computer instruction is performed, comprise the steps: in implementation
A service routine is created in described first credible execution environment;
A safety applications is created in described second credible execution environment.
Optionally, that store in described storage medium and step: the first credible execution environment, to the first application authentication success, receives the storage instruction of described first application program for the first data, resolves described storage instruction, corresponding computer instruction, when being performed, comprising:
Described service routine, when described storage instruction being detected, determines whether described first application program is default application program;
When described first application program is described default application program, determine the first application authentication success;
Receive and resolve described storage instruction, obtaining the storage instruction after resolving.
Optionally, other computer instruction is also comprised in described storage medium, this other computer instruction with step: described first credible execution environment to first application authentication success, receive the storage instruction of described first application program for the first data, resolve described storage instruction, be performed after corresponding computer instruction, comprise the steps: in implementation
Based on the first cipher mode, described storage instruction after resolving is encrypted, obtains the storage instruction after encryption;
Based on an escape way, the storage instruction after described encryption is sent to described safety applications.
Optionally, that store in described storage medium and step: the second credible execution environment, to described first credible execution environment authentication success, receives described storage instruction, and corresponding computer instruction, when being performed, comprising:
During the storage instruction of described safety applications after described encryption being detected, obtain the authorization information of described service routine;
Based on described authorization information, determine described first credible execution environment authentication success;
Resolve the storage instruction after described encryption based on the first manner of decryption corresponding with described first cipher mode, obtain and receive described storage instruction.
Optionally, other computer instruction is also stored in described storage medium, this other computer instruction with step: described second credible execution environment responds described storage instruction, based on predetermined cipher mode, described first data are written in the memory storage corresponding with described second credible execution environment, be performed after corresponding computer instruction, comprise the steps: in implementation
After described second credible execution environment completes described storage instruction, generate the execution result corresponding with described storage instruction;
Based on described first cipher mode, described execution result is encrypted, obtains the execution result after encryption;
Execution result after described encryption is sent to described first credible execution environment;
Described first feasible execution environment, based on described first manner of decryption, resolves the execution result after described encryption, and described execution result is fed back to described first application program.
Optionally, other computer instruction is also stored in described storage medium, this other computer instruction with step: the execution result after described encryption is sent to described first credible execution environment, and feed back to described first application program by described service routine, be performed after corresponding computer instruction, comprise the steps: in implementation
Described reading command, when receiving the reading command for described first data sent by described first application program, is encrypted based on described first cipher mode, and is sent to described second credible execution environment by described first credible execution environment;
Second credible execution environment, to after described first credible execution environment authentication success, receives described storage instruction;
Described second credible execution environment responds described reading command, obtains described first data based on the manner of decryption corresponding with described predetermined cipher mode from described memory storage;
Described second credible execution environment is encrypted described first data with described first cipher mode, obtains the first data after encryption, and the first data after described encryption are sent to described first credible execution environment;
Described first credible execution environment resolves the first data after described encryption based on described first manner of decryption, and by described first data feedback to described first application program.
Although describe the preferred embodiments of the present invention, those skilled in the art once obtain the basic creative concept of cicada, then can make other change and amendment to these embodiments.So claims are intended to be interpreted as comprising preferred embodiment and falling into all changes and the amendment of the scope of the invention.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (14)
1. a method for data security storage, comprising:
First credible execution environment is to the first application authentication success, receive the storage instruction of described first application program for the first data, resolve described storage instruction, described storage instruction characterizes carries out write operation based on the second credible execution environment to described first data; Wherein, described first credible execution environment is the bottom running environment of the first operating system, and the first application program is the upper level applications of described first operating system;
Second credible execution environment, to described first credible execution environment authentication success, receives described storage instruction; Second credible execution environment is described second operating system;
Described second credible execution environment responds described storage instruction, based on predetermined cipher mode, described first data are written in the memory storage corresponding with described second credible execution environment, wherein, the upper level applications of described first data pin to described first operating system be written in described memory storage based on predetermined cipher mode is invisible.
2. the method for claim 1, it is characterized in that, at described first credible execution environment to the first application authentication success, receive the storage instruction of described first application program for the first data, before resolving described storage instruction, described method also comprises:
A service routine is created in described first credible execution environment;
A safety applications is created in described second credible execution environment.
3. method as claimed in claim 2, is characterized in that, described first credible execution environment, to the first application authentication success, receives the storage instruction of described first application program for the first data, resolves described storage instruction, comprising:
Described service routine, when described storage instruction being detected, determines whether described first application program is default application program;
When described first application program is described default application program, determine the first application authentication success;
Receive and resolve described storage instruction, obtaining the storage instruction after resolving.
4. method as claimed in claim 3, it is characterized in that, at described first credible execution environment to the first application authentication success, receive the storage instruction of described first application program for the first data, after resolving described storage instruction, described method also comprises:
Based on the first cipher mode, described storage instruction after resolving is encrypted, obtains the storage instruction after encryption;
Based on an escape way, the storage instruction after described encryption is sent to described safety applications.
5. method as claimed in claim 4, it is characterized in that, described second credible execution environment, to described first credible execution environment authentication success, receives described storage instruction, comprising:
During the storage instruction of described safety applications after described encryption being detected, obtain the authorization information of described service routine;
Based on described authorization information, determine described first credible execution environment authentication success;
Resolve the storage instruction after described encryption based on the first manner of decryption corresponding with described first cipher mode, obtain and receive described storage instruction.
6. the method as described in claim arbitrary in claim 1-5, it is characterized in that, described storage instruction is responded at described second credible execution environment, after being written in the memory storage corresponding with described second credible execution environment based on predetermined cipher mode by described first data, described method also comprises:
After described second credible execution environment completes described storage instruction, generate the execution result corresponding with described storage instruction;
Based on described first cipher mode, described execution result is encrypted, obtains the execution result after encryption;
Execution result after described encryption is sent to described first credible execution environment;
Described first feasible execution environment, based on described first manner of decryption, resolves the execution result after described encryption, and described execution result is fed back to described first application program.
7. method as claimed in claim 6, it is characterized in that, described, execution result after described encryption is sent to described first credible execution environment, and after feeding back to described first application program by described service routine, described method also comprises:
Described reading command, when receiving the reading command for described first data sent by described first application program, is encrypted based on described first cipher mode, and is sent to described second credible execution environment by described first credible execution environment;
Second credible execution environment, to after described first credible execution environment authentication success, receives described storage instruction;
Described second credible execution environment responds described reading command, obtains described first data based on the manner of decryption corresponding with described predetermined cipher mode from described memory storage;
Described second credible execution environment is encrypted described first data with described first cipher mode, obtains the first data after encryption, and the first data after described encryption are sent to described first credible execution environment;
Described first credible execution environment resolves the first data after described encryption based on described first manner of decryption, and by described first data feedback to described first application program.
8. an electronic equipment, comprising:
Housing;
Storer, be arranged in described housing, wherein, described storer comprises the first memory storage and the second memory storage, described first memory storage is for storing the first system file corresponding with the first operating system and the application file corresponding with the first application program, and described second memory storage is for storing the second system file corresponding with the second operating system;
Processor, be arranged in described housing, for when the first credible execution environment is to the first application authentication success, receive the storage instruction of described first application program for the first data, resolve described storage instruction, described storage instruction characterizes carries out write operation based on the second credible execution environment to described first data; Wherein, described first credible execution environment is the bottom running environment of the first operating system, and the first application program is the upper level applications of described first operating system; When the second credible execution environment is to described first credible execution environment authentication success, receive described storage instruction; Second credible execution environment is described second operating system; And described second credible execution environment responds described storage instruction, based on predetermined cipher mode, described first data are written in described second memory storage, wherein, the upper level applications of described first data pin to described first operating system be written in described second memory storage based on predetermined cipher mode is invisible.
9. electronic equipment as claimed in claim 8, is characterized in that, described processor also for:
A service routine is created in described first credible execution environment;
A safety applications is created in described second credible execution environment.
10. electronic equipment as claimed in claim 9, is characterized in that, described processor specifically for:
Described service routine, when described storage instruction being detected, determines whether described first application program is default application program;
When described first application program is described default application program, determine the first application authentication success;
Receive and resolve described storage instruction, obtaining the storage instruction after resolving.
11. electronic equipments as claimed in claim 10, is characterized in that, described processor also for:
Based on the first cipher mode, described storage instruction after resolving is encrypted, obtains the storage instruction after encryption;
Based on an escape way, the storage instruction after described encryption is sent to described safety applications.
12. electronic equipments as claimed in claim 11, is characterized in that, described processor specifically for:
During the storage instruction of described safety applications after described encryption being detected, obtain the authorization information of described service routine;
Based on described authorization information, determine described first credible execution environment authentication success;
Resolve the storage instruction after described encryption based on the first manner of decryption corresponding with described first cipher mode, obtain and receive described storage instruction.
13. electronic equipments as described in claim arbitrary in claim 8-12, is characterized in that, described processor also for:
After described second credible execution environment completes described storage instruction, generate the execution result corresponding with described storage instruction;
Based on described first cipher mode, described execution result is encrypted, obtains the execution result after encryption;
Execution result after described encryption is sent to described first credible execution environment;
Described first feasible execution environment, based on described first manner of decryption, resolves the execution result after described encryption, and described execution result is fed back to described first application program.
14. electronic equipments as claimed in claim 13, is characterized in that, described processor also for:
Described reading command, when receiving the reading command for described first data sent by described first application program, is encrypted based on described first cipher mode, and is sent to described second credible execution environment by described first credible execution environment;
Second credible execution environment, to after described first credible execution environment authentication success, receives described storage instruction;
Described second credible execution environment responds described reading command, obtains described first data based on the manner of decryption corresponding with described predetermined cipher mode from described second memory storage;
Described second credible execution environment is encrypted described first data with described first cipher mode, obtains the first data after encryption, and the first data after described encryption are sent to described first credible execution environment;
Described first credible execution environment resolves the first data after described encryption based on described first manner of decryption, and by described first data feedback to described first application program.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510923600.XA CN105512576A (en) | 2015-12-14 | 2015-12-14 | Method for secure storage of data and electronic equipment |
| DE102016105936.6A DE102016105936A1 (en) | 2015-12-14 | 2016-03-31 | Electronic device and method for running applications in different security environments |
| US15/087,772 US20170169213A1 (en) | 2015-12-14 | 2016-03-31 | Electronic device and method for running applications in different security environments |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510923600.XA CN105512576A (en) | 2015-12-14 | 2015-12-14 | Method for secure storage of data and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105512576A true CN105512576A (en) | 2016-04-20 |
Family
ID=55720549
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510923600.XA Pending CN105512576A (en) | 2015-12-14 | 2015-12-14 | Method for secure storage of data and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105512576A (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107666469A (en) * | 2016-07-29 | 2018-02-06 | 华为终端(东莞)有限公司 | The processing method and terminal of identifying code short message |
| CN108268303A (en) * | 2017-01-03 | 2018-07-10 | 北京润信恒达科技有限公司 | A kind of operation requests method, apparatus and system |
| CN108804935A (en) * | 2018-05-31 | 2018-11-13 | 中国-东盟信息港股份有限公司 | A kind of safety encryption storage system and method based on TrustZone |
| CN109309652A (en) * | 2017-07-28 | 2019-02-05 | 阿里巴巴集团控股有限公司 | A kind of method and device of training pattern |
| CN109450620A (en) * | 2018-10-12 | 2019-03-08 | 阿里巴巴集团控股有限公司 | The method and mobile terminal of security application are shared in a kind of mobile terminal |
| CN109792436A (en) * | 2016-10-12 | 2019-05-21 | 华为技术有限公司 | A kind of identifying code processing method and mobile terminal |
| CN110366843A (en) * | 2017-07-13 | 2019-10-22 | 华为技术有限公司 | Control the method and terminal of trusted application access |
| CN110383240A (en) * | 2017-03-20 | 2019-10-25 | 华为技术有限公司 | The method and apparatus of safe computing resource for containerization |
| CN111143857A (en) * | 2019-12-27 | 2020-05-12 | 深圳前海达闼云端智能科技有限公司 | Data sharing method, robot controller and storage medium |
| CN111459869A (en) * | 2020-04-14 | 2020-07-28 | 中国长城科技集团股份有限公司 | Data access method, device, equipment and storage medium |
| CN111510918A (en) * | 2020-04-28 | 2020-08-07 | 拉扎斯网络科技(上海)有限公司 | Communication method, system, device, electronic equipment and readable storage medium |
| CN111753308A (en) * | 2020-06-28 | 2020-10-09 | 联想(北京)有限公司 | Information verification method and electronic equipment |
| WO2021164166A1 (en) * | 2020-02-20 | 2021-08-26 | 苏州浪潮智能科技有限公司 | Service data protection method, apparatus and device, and readable storage medium |
| CN115048642A (en) * | 2021-11-29 | 2022-09-13 | 荣耀终端有限公司 | Communication method between trusted applications in multiple trusted execution environments and electronic equipment |
| CN116049913A (en) * | 2022-05-24 | 2023-05-02 | 荣耀终端有限公司 | Data storage method, device, electronic equipment and computer readable storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104077533A (en) * | 2014-07-17 | 2014-10-01 | 北京握奇智能科技有限公司 | Sensitive data operating method and device |
| CN104091135A (en) * | 2014-02-24 | 2014-10-08 | 电子科技大学 | Safety system and safety storage method of intelligent terminal |
-
2015
- 2015-12-14 CN CN201510923600.XA patent/CN105512576A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104091135A (en) * | 2014-02-24 | 2014-10-08 | 电子科技大学 | Safety system and safety storage method of intelligent terminal |
| CN104077533A (en) * | 2014-07-17 | 2014-10-01 | 北京握奇智能科技有限公司 | Sensitive data operating method and device |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107666469A (en) * | 2016-07-29 | 2018-02-06 | 华为终端(东莞)有限公司 | The processing method and terminal of identifying code short message |
| CN109792436A (en) * | 2016-10-12 | 2019-05-21 | 华为技术有限公司 | A kind of identifying code processing method and mobile terminal |
| CN108268303A (en) * | 2017-01-03 | 2018-07-10 | 北京润信恒达科技有限公司 | A kind of operation requests method, apparatus and system |
| CN110383240A (en) * | 2017-03-20 | 2019-10-25 | 华为技术有限公司 | The method and apparatus of safe computing resource for containerization |
| US11379573B2 (en) | 2017-07-13 | 2022-07-05 | Huawei Technologies Co., Ltd. | Trusted application access control method and terminal |
| CN110366843B (en) * | 2017-07-13 | 2020-12-25 | 华为技术有限公司 | Method and terminal for controlling access of trusted application |
| CN110366843A (en) * | 2017-07-13 | 2019-10-22 | 华为技术有限公司 | Control the method and terminal of trusted application access |
| US10867071B2 (en) | 2017-07-28 | 2020-12-15 | Advanced New Technologies Co., Ltd. | Data security enhancement by model training |
| CN109309652B (en) * | 2017-07-28 | 2020-06-09 | 创新先进技术有限公司 | Method and device for training model |
| CN109309652A (en) * | 2017-07-28 | 2019-02-05 | 阿里巴巴集团控股有限公司 | A kind of method and device of training pattern |
| US10929558B2 (en) | 2017-07-28 | 2021-02-23 | Advanced New Technologies Co., Ltd. | Data secruity enhancement by model training |
| CN108804935A (en) * | 2018-05-31 | 2018-11-13 | 中国-东盟信息港股份有限公司 | A kind of safety encryption storage system and method based on TrustZone |
| CN109450620A (en) * | 2018-10-12 | 2019-03-08 | 阿里巴巴集团控股有限公司 | The method and mobile terminal of security application are shared in a kind of mobile terminal |
| CN111143857A (en) * | 2019-12-27 | 2020-05-12 | 深圳前海达闼云端智能科技有限公司 | Data sharing method, robot controller and storage medium |
| WO2021164166A1 (en) * | 2020-02-20 | 2021-08-26 | 苏州浪潮智能科技有限公司 | Service data protection method, apparatus and device, and readable storage medium |
| CN111459869A (en) * | 2020-04-14 | 2020-07-28 | 中国长城科技集团股份有限公司 | Data access method, device, equipment and storage medium |
| CN111459869B (en) * | 2020-04-14 | 2022-04-29 | 中国长城科技集团股份有限公司 | Data access method, device, equipment and storage medium |
| CN111510918B (en) * | 2020-04-28 | 2022-08-02 | 拉扎斯网络科技(上海)有限公司 | Communication method, system, device, electronic equipment and readable storage medium |
| CN111510918A (en) * | 2020-04-28 | 2020-08-07 | 拉扎斯网络科技(上海)有限公司 | Communication method, system, device, electronic equipment and readable storage medium |
| CN111753308A (en) * | 2020-06-28 | 2020-10-09 | 联想(北京)有限公司 | Information verification method and electronic equipment |
| CN111753308B (en) * | 2020-06-28 | 2023-08-18 | 联想(北京)有限公司 | Information verification method and electronic equipment |
| CN115048642A (en) * | 2021-11-29 | 2022-09-13 | 荣耀终端有限公司 | Communication method between trusted applications in multiple trusted execution environments and electronic equipment |
| CN116049913A (en) * | 2022-05-24 | 2023-05-02 | 荣耀终端有限公司 | Data storage method, device, electronic equipment and computer readable storage medium |
| CN116049913B (en) * | 2022-05-24 | 2023-11-03 | 荣耀终端有限公司 | Data storage method, device, electronic equipment and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105512576A (en) | Method for secure storage of data and electronic equipment | |
| KR102307665B1 (en) | identity authentication | |
| CN105245541B (en) | Authentication method, equipment and system | |
| KR102146587B1 (en) | Method, client, server and system of login verification | |
| JP6117317B2 (en) | Non-repudiation method, settlement management server for this, and user terminal | |
| KR101904177B1 (en) | Data processing method and apparatus | |
| EP2314090B1 (en) | Portable device association | |
| KR101891420B1 (en) | Content protection for data as a service (daas) | |
| CN111917773B (en) | Service data processing method and device and server | |
| US20160004884A1 (en) | Secure Escrow Service | |
| CN112771826A (en) | Application program login method, application program login device and mobile terminal | |
| US20140007213A1 (en) | Systems and methods for push notification based application authentication and authorization | |
| US8811609B2 (en) | Information protection system and method | |
| US20140096179A1 (en) | System and method for performing secure communications | |
| US10601590B1 (en) | Secure secrets in hardware security module for use by protected function in trusted execution environment | |
| JP2015506153A (en) | Method and system for distributed off-line logon using one-time password | |
| JP5827692B2 (en) | Bound data card and mobile host authentication method, apparatus and system | |
| KR101756692B1 (en) | Terminal Device for Dynamic Secure Module and Driving Method Thereof | |
| CN111404696A (en) | Collaborative signature method, security service middleware, related platform and system | |
| US20170169213A1 (en) | Electronic device and method for running applications in different security environments | |
| CN107026730B (en) | Data processing method, device and system | |
| CN113553572A (en) | Resource information acquisition method and device, computer equipment and storage medium | |
| CN106992978B (en) | Network security management method and server | |
| CN103592927A (en) | Method for binding product server and service function through license | |
| US20160210596A1 (en) | Method, device and system for controlling presentation of application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160420 |