CN105653978A - Method and system for improving TEE command execution speed - Google Patents
Method and system for improving TEE command execution speed Download PDFInfo
- Publication number
- CN105653978A CN105653978A CN201511008933.6A CN201511008933A CN105653978A CN 105653978 A CN105653978 A CN 105653978A CN 201511008933 A CN201511008933 A CN 201511008933A CN 105653978 A CN105653978 A CN 105653978A
- Authority
- CN
- China
- Prior art keywords
- parameter
- security application
- buffer memory
- certificate
- execution speed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6281—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
Abstract
The present invention relates to a method and system for improving a TEE command execution speed, and belongs to the technical field of security storage. The method provided by the present invention comprises the following steps: (1) a non-security application inputs a parameter, and a security application stores the parameter; (2) the security application determines, according to the stored parameter, whether a completely stored flag object exists, and if yes, proceeds to step (3), or otherwise proceeds to step (4); (3) the security application traverses a complete Applet application ID, an SEID and a certificate file index object, obtains a certificate cache object name according to a traversing result, opens and reads certificate cache content, and returns the cache content to the non-security application, and proceeds to step (5); (4) the security application performs certificate content caching according to a cache policy, and after caching ends, repeats step (3) once; and (5) a calling process ends. The method and system provided by the present invention are still capable of improving an execution speed of read instructions under multiple sessions, and one session can only access a cache of the session.
Description
Technical field
The invention belongs to secure memory techniques field, it is specifically related to a kind of method and the system that improve TEE order execution speed.
Background technology
Linux system comprises numerous order, and wherein, TEE order is for showing the output of program and is copied in a file. When performing Linux command, it is possible to output is redirected in file, at this moment just can not seeing and outputing, if both having want output to be saved in file, wanting again to see output content on screen, so that it may to use TEE order. Standard input is read in TEE order, these contents is outputted to simultaneously in standard output and (multiple) file. It is to be noted that when using pipe line, the standard error of a front order exports and can not be read by TEE.
Applet is the java program operating in eSE, for generating public and private key in security context, carries out data signature, sets up the operations such as escape way.
In TEE, the execution of a reading command needs to initiate by non-security application on mobile terminal, again this instruction is forwarded to safety applications by shared drive or other communication modes, this instruction is passed through eSE by SPI, SWP or other bus mode by safety applications again, security domain or Applet in eSE apply according to current safety environment and condition, determine whether the instruction performing to receive, and after instruction performs, execution result is returned step by step. But often because instruction transmission process level is too many, or wherein certain layer of instruction process realizes imperfect, causes a reading command to perform the long duration. Such result causes product performance to reduce and cause poor Consumer's Experience.
Summary of the invention
For the defect existed in prior art, it is an object of the invention to provide a kind of method and the system that utilize stored safely raising TEE order execution speed, to solve reading command problem consuming time.
For achieving the above object, the technical solution used in the present invention is as follows: a kind of method improving TEE order execution speed, comprises the following steps:
(1) parameter is imported in non-security application into, and safety applications preserves described parameter;
(2) according to preserving parameter, safety applications judges whether complete preservation logo object exists, in this way, then forwards step (3) to, otherwise forwards step (4) to;
(3) complete Applet application ID, SEID, certificate file index object is traveled through, certificate cache object name is obtained according to traversing result, open and read certificate cache content, return described cache contents to non-security application, forward step (5) to;
(4) safety applications carries out certificate content buffer memory according to cache policy, after buffer memory terminates, repeats a step (3);
(5) end of processing is called.
Further, in step (1), described parameter comprises imperfect Applet application ID.
Further, in step (1), after parameter is imported in non-security application into, safety applications and Applet set up session and open basis or logic passage between applying, returning session id and wait non-security application instruction, non-security application sends reads certificate instruction to safety applications.
Further, in step (2), judge that the method whether complete preservation logo object exists is: under current sessions, search and whether exist " session id+imperfect Applet application ID " and the complete preservation logo object of buffer memory.
Further, in step (4), described cache policy comprises buffer memory integrity flag inspection last time, and buffer memory index travels through, and safety storing object is set up, content write and the write of buffer memory integrity flag.
Present invention also offers a kind of system improving TEE order execution speed, comprise with lower device:
Parameter processing module, imports parameter into for non-security application, and safety applications preserves described parameter;
Judge module, judge whether complete preservation logo object exists for safety applications according to preserving parameter, in this way, then forward processing module one process to, otherwise forward processing module two process to;
Processing module one, for traveling through complete Applet application ID, SEID, certificate file index object, obtains certificate cache object name according to traversing result, opens and read certificate cache content, returns described cache contents to non-security application, forwards end module to;
Processing module two, carries out certificate content buffer memory for safety applications according to cache policy, after buffer memory terminates, repeats the process of primary treatment module one;
Terminate module, terminate to call process.
Further, the parameter that described parameter processing module is imported into comprises imperfect Applet application ID.
Further, described parameter processing module also for: after parameter is imported in non-security application into, safety applications and Applet set up session and open basis or logic passage between applying, and return session id and wait non-security application instruction, and non-security application sends reads certificate instruction to safety applications.
Further, the described method that module judges whether complete preservation logo object exists that judges is: search and whether exist " session id+imperfect Applet application ID " under current sessions and the complete preservation logo object of buffer memory.
Further, the cache policy of described processing module two bases comprises buffer memory integrity flag inspection last time, and buffer memory index travels through, and safety storing object is set up, content write and the write of buffer memory integrity flag.
The useful effect of the present invention is: adopt a kind of method and system improving TEE order execution speed of the present invention, still the execution speed of reading command can be improved under many sessions, and the buffer memory of this session can only be conducted interviews by a session, solve the problem that reading command is consuming time.
Accompanying drawing explanation
Fig. 1 is the schema of a kind of method improving TEE order execution speed of the present invention;
Fig. 2 is the schema of a kind of method improving TEE order execution speed described in the specific embodiment of the invention;
Fig. 3 is the structure iron of a kind of system improving TEE order execution speed described in the specific embodiment of the invention.
Embodiment
Below in conjunction with drawings and Examples, the present invention is described in detail.
The present invention is applicable in security context certificate content, security context mark (SEID) and the executable operations of AID reading command or other reading command.
As shown in Figure 1, a kind of method improving TEE order execution speed, comprises the following steps:
Step S1, parameter is imported in (1) non-security application into, and safety applications preserves described parameter;
Step S2, according to preserving parameter, (2) safety applications judges whether complete preservation logo object exists, in this way, then forward step (3) to, otherwise forward step (4) to;
Step S3, (3) travel through complete Applet application ID, SEID, certificate file index object, obtain certificate cache object name according to traversing result, open and read certificate cache content, return described cache contents to non-security application, forward step (5) to;
Step S4, (4) safety applications carries out certificate content buffer memory according to cache policy, after buffer memory terminates, repeats a step (3);
Step S5, (5) call end of processing.
As shown in Figure 2, a kind of a kind of specific implementation utilizing stored safely to improve TEE reading order execution speed method of the present invention, comprises the following steps:
Step S101: parameter is imported in non-security application into, a wherein main parameter is: imperfect Applet application ID, and other parameter is exactly address and the length of return data substantially;
Step S201: safety applications and Applet set up session between applying, open basis or logic passage, and preserve currently imperfect Applet application ID;
Step S102: return session id and wait non-security application instruction;
Step S101: non-security application sends reads certificate instruction to safety applications;
Step S202: safety applications, according to preserving imperfect Applet application ID, is searched under current sessions and whether be there is " session id+imperfect Applet application ID " and the complete preservation logo object of buffer memory; If complete preservation logo object exists, then travel through complete Applet application ID, SEID, certificate file index object; Certificate cache object name is obtained according to traversing result; Open and read certificate cache content; Described SEID is security context mark;
Step S102: return cache content gives non-security application;
Step S201: safety applications, according to preserving imperfect Applet application ID, is searched under current sessions and whether be there is " session id+imperfect Applet application ID " and the complete preservation logo object of buffer memory; If complete preservation logo object does not exist, then represent that cache contents is imperfect;
Step S203: safety applications will carry out certificate content buffer memory according to cache policy;
Step S202: travel through complete Applet application ID, SEID, certificate file index object; Certificate cache object name is obtained according to indexed results; Open and read certificate cache content;
Step S102: return cache content gives non-security application.
Whole call end of processing.
As shown in Figure 3, a kind of system improving TEE order execution speed, comprises with lower module:
Parameter processing module 1, imports parameter into for non-security application, and safety applications preserves described parameter;
Judge module 2, judge whether complete preservation logo object exists for safety applications according to preserving parameter, in this way, then forward processing module one process to, otherwise forward processing module two process to;
Processing module 1, for traveling through complete Applet application ID, SEID, certificate file index object, obtain certificate cache object name according to traversing result, open and read certificate cache content, return described cache contents to non-security application, forward to and terminate module 5;
Processing module 24, carries out certificate content buffer memory for safety applications according to cache policy, after buffer memory terminates, repeats the process of primary treatment module one;
Terminate module 5, terminate to call process.
In the present embodiment, the parameter that described parameter processing module is imported into comprises imperfect Applet application ID, after parameter is imported in non-security application into, safety applications and Applet set up session and open basis or logic passage between applying, returning session id and wait non-security application instruction, non-security application sends reads certificate instruction to safety applications.
The described method that module judges whether complete preservation logo object exists that judges is: search and whether exist " session id+imperfect Applet application ID " under current sessions and the complete preservation logo object of buffer memory.
The cache policy of described processing module two bases comprises buffer memory integrity flag inspection last time, and buffer memory index travels through, and safety storing object is set up, content write and the write of buffer memory integrity flag.
Can be found out by above-described embodiment, adopt a kind of method and system improving TEE order execution speed of the present invention, still the execution speed of reading command can be improved, and the buffer memory of this session can only be conducted interviews by a session, solves the problem that reading command is consuming time under many sessions.
Obviously, the present invention can be carried out various change and modification and not depart from the spirit and scope of the present invention by the technician of this area. Like this, if these amendments and modification to the present invention belong within the scope of the claims in the present invention and equivalent technology thereof, then the present invention also is intended to comprise these and changes and modification.
Claims (10)
1. improve a method for TEE order execution speed, comprise the following steps:
(1) parameter is imported in non-security application into, and safety applications preserves described parameter;
(2) according to preserving parameter, safety applications judges whether complete preservation logo object exists, in this way, then forwards step (3) to, otherwise forwards step (4) to;
(3) complete Applet application ID, SEID, certificate file index object is traveled through, certificate cache object name is obtained according to traversing result, open and read certificate cache content, return described cache contents to non-security application, forward step (5) to;
(4) safety applications carries out certificate content buffer memory according to cache policy, after buffer memory terminates, repeats a step (3);
(5) end of processing is called.
2. a kind of method improving TEE order execution speed as claimed in claim 1, it is characterised in that: in step (1), described parameter comprises imperfect Applet application ID.
3. a kind of method improving TEE order execution speed as claimed in claim 2, it is characterized in that: in step (1), after parameter is imported in non-security application into, safety applications and Applet set up session and open basis or logic passage between applying, returning session id and wait non-security application instruction, non-security application sends reads certificate instruction to safety applications.
4. a kind of method improving TEE order execution speed as claimed in claim 3, it is characterized in that, in step (2), judge that the method whether complete preservation logo object exists is: under current sessions, search and whether exist " session id+imperfect Applet application ID " and the complete preservation logo object of buffer memory.
5. a kind of method improving TEE order execution speed as claimed in claim 4, it is characterized in that: in step (4), described cache policy comprises buffer memory integrity flag inspection last time, buffer memory index travels through, safety storing object is set up, content write and the write of buffer memory integrity flag.
6. improve a system for TEE order execution speed, comprise with lower device:
Parameter processing module, imports parameter into for non-security application, and safety applications preserves described parameter;
Judge module, judge whether complete preservation logo object exists for safety applications according to preserving parameter, in this way, then forward processing module one process to, otherwise forward processing module two process to;
Processing module one, for traveling through complete Applet application ID, SEID, certificate file index object, obtains certificate cache object name according to traversing result, opens and read certificate cache content, returns described cache contents to non-security application, forwards end module to;
Processing module two, carries out certificate content buffer memory for safety applications according to cache policy, after buffer memory terminates, repeats the process of primary treatment module one;
Terminate module, terminate to call process.
7. a kind of system improving TEE order execution speed as claimed in claim 6, it is characterised in that: the parameter that described parameter processing module is imported into comprises imperfect Applet application ID.
8. a kind of system improving TEE order execution speed as claimed in claim 7, it is characterized in that, described parameter processing module also for: after parameter is imported in non-security application into, safety applications and Applet set up session and open basis or logic passage between applying, returning session id and wait non-security application instruction, non-security application sends reads certificate instruction to safety applications.
9. a kind of system improving TEE order execution speed as claimed in claim 8, it is characterized in that, the described method that module judges whether complete preservation logo object exists that judges is: search and whether exist " session id+imperfect Applet application ID " under current sessions and the complete preservation logo object of buffer memory.
10. a kind of system improving TEE order execution speed as claimed in claim 9, it is characterized in that: the cache policy of described processing module two bases comprises buffer memory integrity flag inspection last time, buffer memory index travels through, safety storing object is set up, content write and the write of buffer memory integrity flag.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511008933.6A CN105653978B (en) | 2015-12-29 | 2015-12-29 | A kind of method and system for improving TEE orders and executing speed |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511008933.6A CN105653978B (en) | 2015-12-29 | 2015-12-29 | A kind of method and system for improving TEE orders and executing speed |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105653978A true CN105653978A (en) | 2016-06-08 |
CN105653978B CN105653978B (en) | 2018-07-24 |
Family
ID=56477246
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201511008933.6A Expired - Fee Related CN105653978B (en) | 2015-12-29 | 2015-12-29 | A kind of method and system for improving TEE orders and executing speed |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105653978B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109117625A (en) * | 2017-06-22 | 2019-01-01 | 华为技术有限公司 | The determination method and device of AI software systems safe condition |
CN110868416A (en) * | 2019-11-15 | 2020-03-06 | 北京握奇智能科技有限公司 | Method and equipment for realizing cryptographic function service based on trusted execution environment |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101369250A (en) * | 2008-10-08 | 2009-02-18 | 上海闻泰电子科技有限公司 | Execution method with log based on Shell |
CN105117310A (en) * | 2015-07-30 | 2015-12-02 | 浪潮电子信息产业股份有限公司 | Linux system-based memory read-write bandwidth optimization testing method |
-
2015
- 2015-12-29 CN CN201511008933.6A patent/CN105653978B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101369250A (en) * | 2008-10-08 | 2009-02-18 | 上海闻泰电子科技有限公司 | Execution method with log based on Shell |
CN105117310A (en) * | 2015-07-30 | 2015-12-02 | 浪潮电子信息产业股份有限公司 | Linux system-based memory read-write bandwidth optimization testing method |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109117625A (en) * | 2017-06-22 | 2019-01-01 | 华为技术有限公司 | The determination method and device of AI software systems safe condition |
CN109117625B (en) * | 2017-06-22 | 2020-11-06 | 华为技术有限公司 | Method and device for determining safety state of AI software system |
CN110868416A (en) * | 2019-11-15 | 2020-03-06 | 北京握奇智能科技有限公司 | Method and equipment for realizing cryptographic function service based on trusted execution environment |
Also Published As
Publication number | Publication date |
---|---|
CN105653978B (en) | 2018-07-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102087478B1 (en) | Method and apparatus of downloading and installing a client | |
US20130159709A1 (en) | Session completion through co-browsing | |
CN104182234B (en) | A kind of method for processing business and operation system | |
JP2009054165A5 (en) | ||
US20160315835A1 (en) | Tracking content sharing across a variety of communications channels | |
CN107305488A (en) | One kind application method for internationalizing, device and terminal | |
CN104870068A (en) | Method and router for access network | |
CN105718272A (en) | Method for restoring factory settings of terminal and terminal | |
CN103246830A (en) | Encrypting processing method, encrypting processing device, deciphering processing method and deciphering processing device of client side scripting | |
CN105653978A (en) | Method and system for improving TEE command execution speed | |
WO2017045480A1 (en) | Webpage animation rendering method and apparatus | |
US9632703B2 (en) | Peer to peer volume merge and delete in a shared storage environment | |
CN106873958A (en) | The call method and device of a kind of API | |
CN103546829A (en) | Method and device for processing video service | |
US9495342B2 (en) | System and method for automatically inserting correct escaping functions for field references in a multi-tenant computing environment | |
KR101499535B1 (en) | Computer-executable hybrid application performing method, coumputer-excutable device and storage media performing the same | |
CN104426834A (en) | Webpage requesting method, client, server and system | |
US9990369B2 (en) | Method and apparatus for scanning files | |
CN111090616B (en) | File management method, corresponding device, equipment and storage medium | |
CN104090801A (en) | Method for fast opening webpage of mobile terminal browser and browser | |
US10554682B2 (en) | Detecting and removing injected elements from content interfaces | |
US9350723B2 (en) | Determination and classification of defense measures in web applications | |
US20160134708A1 (en) | System and method for cookie management | |
US20140304763A1 (en) | Secure Socket Policy Files For Establishing Secure Socket Connections | |
CN109558375B (en) | Optimized file storage method, storage medium, equipment and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20180724 Termination date: 20211229 |