CN105930730A - Terminal system security update method and apparatus in trusted execution environment - Google Patents
Terminal system security update method and apparatus in trusted execution environment Download PDFInfo
- Publication number
- CN105930730A CN105930730A CN201510607172.XA CN201510607172A CN105930730A CN 105930730 A CN105930730 A CN 105930730A CN 201510607172 A CN201510607172 A CN 201510607172A CN 105930730 A CN105930730 A CN 105930730A
- Authority
- CN
- China
- Prior art keywords
- update
- terminal
- bag
- system update
- update bag
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Abstract
The invention relates to a terminal system security update method and apparatus in a trusted execution environment. The update method comprises the steps of in a trusted execution environment, performing mutual authentication between a terminal and an update server to establish a secure channel; acquiring, by the terminal, a system update package from the update server via the secure channel; and completing the system update using the system update package. The scheme ensures the legitimacy of the source of the system update package by establishing the mutual authentication between the terminal and the update server. The integrity and authenticity of the system update package are ensured by signature verification of the system update package before the system update package is written into a security boot program, the integrity and legitimacy of a system boot image are ensured by signature verification of a system image before the system start-up through the security boot program, and the system security is ensured throughout the link of the multi-system terminal system update, from during the acquisition of the system update package, to before the system update package is written in to after the system update package is written in.
Description
Technical field
The present invention relates to system update technical field, particularly to one in credible execution terminal under environment security of system
Update method and device.
Background technology
The smart terminal product that user buys, such as notebook computer, smart mobile phone etc., necessarily run into needs and carry out certain skill
The attended operation of art.The main method that at present terminal system updates has: the system software update of Based PC end software, based on
The system software update of storage card, system software update based on special burn writing equipment, system online updating etc..
The shortcoming that above-mentioned prior art has following general character:
1, the acquisition of system software update bag is wide-open, and the risk causing software kit illegally to be distorted is the highest;
2, only verify the integrity of brush machine bag during major part intelligent terminal's brush machine, and do not verify the legitimacy of brush machine bag, be
System safety brings very big hidden danger;
3, mounted system image is not verified when existing intelligent terminal starts, it is impossible to fundamentally stop
Illegal system software update.
Summary of the invention
For solving problem of the prior art, the present invention propose a kind of in credible execution terminal under environment security of system update method and
Device.
For achieving the above object, the invention provides a kind of in credible execution terminal under environment security of system update method, including:
Under credible execution environment, carry out two-way authentication between terminal and renewal server, set up escape way;
Described terminal obtains system update bag by described escape way from renewal server;
System update bag completion system is utilized to update.
Preferably, the described step utilizing system update bag completion system to update includes:
Terminal system restarts, and enters safe bootstrap, and described system update bag is signed by described safe bootstrap
Name checking;
After being proved to be successful, described system update bag writing system district, completion system starts.
Preferably, the described step utilizing system update bag completion system to update also includes:
After being proved to be successful described system update bag, described safe bootstrap carries out signature to the system image of system area and tests
Card;
After being proved to be successful, after described system update bag writing system district, complete by safe boot program loads system image
Become system start-up.
Preferably, described system update bag stores the secure storage areas to terminal.
For achieving the above object, present invention also offers a kind of at credible execution terminal under environment security of system updating device, wrap
Include:
Unit set up by escape way, under credible execution environment, carries out two-way authentication between terminal and renewal server,
Set up escape way;
Download system updates bag unit, obtains system update by described escape way for described terminal from renewal server
Bag;
System update unit, is used for utilizing system update bag completion system to update.
Preferably, described system update unit includes:
First signature verification module, restarts for terminal system, enters safe bootstrap, described safe bootstrap
Described system update bag is carried out signature verification;
First more new module, after being used for being proved to be successful, described system update bag writing system district, completion system starts.
Preferably, described system update unit also includes:
Second signature verification module, after being proved to be successful described system update bag, described safe bootstrap is to system
The system image in district carries out signature verification;
Second more new module, after being used for being proved to be successful, after described system update bag writing system district, is guided by safety
Program loading system mirror image completion system starts.
Preferably, also include: secure storage unit;
Described secure storage unit, is placed in terminal, for the storage to described system update bag.
Technique scheme has the advantages that
This programme is by setting up two-way authentication between terminal and renewal server, it is ensured that the legitimacy in system update bag source.Logical
Cross and system update bag is carried out signature verification guarantee the complete of system update bag before safe bootstrap writing system updates bag
Property and verity, carry out signature verification to system image by safe bootstrap before system start-up and guarantee System guides mirror image
Integrity and legitimacy, it is ensured that multisystem terminal system update whole link in, from the acquisition of system update bag, be
Security of system before system updates bag write and after the write of system update bag.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing skill
In art description, the required accompanying drawing used is briefly described, it should be apparent that, the accompanying drawing in describing below is only the present invention
Some embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to root
Other accompanying drawing is obtained according to these accompanying drawings.
The one that Fig. 1 provides for the present invention is at credible execution terminal under environment security of system updating device block diagram;
One of system update unit block diagram in the security of system updating device that Fig. 2 provides for the present invention;
In the security of system updating device that Fig. 3 provides for the present invention the two of system update unit block diagram;
Fig. 4 is the system architecture diagram of the present embodiment;
The one that Fig. 5 provides for the present invention is at credible execution terminal under environment security of system update method flow chart;
Fig. 6 is the system update flow chart of the present embodiment.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clearly and completely
Describe, it is clear that described embodiment is only a part of embodiment of the present invention rather than whole embodiments.Based on this
Embodiment in invention, the every other reality that those of ordinary skill in the art are obtained under not making creative work premise
Execute example, broadly fall into the scope of protection of the invention.
The operation principle of the technical program: the security update service routine of terminal operates under TEE credible execution environment, terminal
With renewal server two-way authentication, set up escape way.System update bag is obtained, it is ensured that system update by this escape way
The legitimacy in bag source.On this basis, by the renewal bag downloaded is carried out signature verification, it is ensured that system update bag complete
Whole property and verity.Further, by mounted system image being carried out signature verification in safe bootstrap, really
The running environment protecting terminal is the valid system being not tampered with.
Based on above-mentioned operation principle, the invention provides a kind of at credible execution terminal under environment security of system updating device, as
Shown in Fig. 1.Including:
Unit 101 set up by escape way, and under credible execution environment, terminal and updating carries out between server two-way recognizing
Card, sets up escape way;
Download system updates bag unit 102, obtains system by described escape way for described terminal from renewal server
Update bag;
System update unit 103, is used for utilizing system update bag completion system to update.
In the security of system updating device that Fig. 1 shows, between terminal and renewal server, establish safety by two-way authentication
Passage, terminal only updates bag by escape way from updating server down-loading system, and the system update bag of acquisition is not
Wide-open, reduce system update and be coated the risk probability illegally distorted, it is ensured that the legitimacy in system update bag source.
Further, for guaranteeing the safety of system update bag, on the basis of Fig. 1, terminal system security update device also wraps
Include: secure storage unit;This secure storage unit is placed in terminal, for the storage to described system update bag.
For the present embodiment, as in figure 2 it is shown, the system update unit 103 in Fig. 1 includes:
First signature verification module 1031, restarts for terminal system, enters safe bootstrap, and described safety guides
Program carries out signature verification to described system update bag;
First more new module 1032, after being used for being proved to be successful, described system update bag writing system district, completion system starts.
For present case, on the basis of guaranteeing the legitimacy that system update bag is originated, the renewal bag downloaded is signed
Name checking, not only checking update bag integrity, more verify brush machine bag legitimacy, it is ensured that the integrity of system update bag and
Verity, updates to security of system and creates safety guarantee.
Further, on the basis of Fig. 1 and Fig. 2, as it is shown on figure 3, system update unit 103 also includes:
Second signature verification module 1033, after described system update bag is proved to be successful, described safe bootstrap pair
The system image of system area carries out signature verification;
Second more new module 1034, after being used for being proved to be successful, after described system update bag writing system district, by safety
Boot program loads system image completion system starts.
For present case, on the basis of going reporting system to update legitimacy, integrity and the verity in bag source, terminal
During startup, mounted system image is verified, can fundamentally stop illegal system software update.
For further describing this device, below in conjunction with practical situation, this device is described in detail.
As shown in Figure 4, for the system architecture diagram of the present embodiment.This programme is by safe bootstrap, security update service desktop
End, security update service end three part composition, safe bootstrap operates in security update service desktop end and security update clothes
Business end.Security update service desktop end is on the display screen of terminal, has the access entrance of system update function, passes through
Operation to security update service desktop end, carries out communication by TEE Client API with security update service end.Safety is more
Under safety communication module in new service end is responsible for, allows and built by two-way authentication between security update service end and renewal server
Vertical escape way, whether terminal inquiry has system update bag, if had by this escape way to renewal server lookup
System update bag, then update bag by escape way download system.Meanwhile, for guaranteeing the safety of system update bag, by safety
The secure storage module updating service end is responsible for the storage of system update bag.
Based on foregoing description, the system architecture shown according to Fig. 4, safe bootstrap, security update service desktop end, peace
The function that full renewal service end performs when terminal system updates is:
1, user enters security update service end by security update service desktop end.System is by REE operating system ring
Border is switched to TEE credible execution environment.
2, security update service end is by carrying out two-way authentication between safety communication module and security update server, certification becomes
After merit, establishing escape way between security update service end and renewal server, inquiry updates whether have new edition on server
Native system updates bag, as redaction exists, then downloads and is responsible for being saved in terminal by secure storage module.
3, after security update service end download system updates bag, notify that user restarts the operating system of terminal and completes more
Newly.
4, during system start-up, initially entering safe bootstrap, safe bootstrap checks whether secure storage areas has system
Update bag, if it has, then system update bag is carried out signature verification.Be proved to be successful, then by system update bag writing system district,
Completion system updates.
During the os starting of 5, terminal, started by safe boot program loads system image completion system, loading
Before system image, safe bootstrap carries out signature verification to the system image of system area, it is ensured that the system that terminal is run is
The most tampered valid system.
The safe bootstrap that is discussed in detail based on above-mentioned, security update service desktop end, security update service end are in terminal system
The function performed when system updates, the present invention also proposes a kind of in credible execution terminal under environment security of system update method.Such as figure
Shown in 5, the method includes:
Step 501): under credible execution environment, carry out two-way authentication between terminal and renewal server, set up escape way;
Step 502): described terminal obtains system update bag by described escape way from renewal server;
Step 503): utilize system update bag completion system to update.
In order to ensure integrity and the verity of system update bag, for step 503, farther include:
Terminal system restarts, and enters safe bootstrap, and described system update bag is signed by described safe bootstrap
Name checking;
After being proved to be successful, described system update bag writing system district, completion system starts.
On the basis of the integrity guaranteeing system update bag and verity, in order to ensure that the running environment of terminal is to be not tampered with
Valid system, for step 503, further include:
Preferably, the described step utilizing system update bag completion system to update also includes:
Terminal system restarts, and enters safe bootstrap, and described system update bag is signed by described safe bootstrap
Name checking;
After being proved to be successful described system update bag, described safe bootstrap carries out signature to the system image of system area and tests
Card;
After being proved to be successful, after described system update bag writing system district, complete by safe boot program loads system image
Become system start-up.
For further describing this method, below in conjunction with Fig. 6, and according to practical situation, this method is described in detail.
Step 1, under the REE operating system of terminal, starts security of system on terminal desktop and updates service, and system is by REE
Operating system environment changing is to credible execution environment;
Step 2, under credible execution environment, terminal sets up two-way authentication passage with updating server;
Step 3, it is judged that terminal system is the need of renewal;If it is, go to step 4;Otherwise, ends with system safety
Update service;
Step 4, updates bag to terminal by two-way authentication passage download system;
Step 5, it is determined whether restart terminal operating system and carry out completion system renewal;If it is, go to step 6;Otherwise,
Ends with system security update services;
Step 6, under security procedure guides, carries out signature verification to system update bag;
Step 7, after being proved to be successful, by system update bag writing system subregion;
Step 8, it is judged that system image modeling is the most legal;If it is, go to step 9;Otherwise, terminal is turned off,
Stop system update;
Step 9, the operating system of terminal, complete to update, run to terminal system desktop.
For the technical program, guarantee system update bag by TEE credible execution environment with updating server two-way authentication
The legitimacy in source, carries out signature verification guarantee integrity and the verity of system update bag by updating downloads to wrap, lead to
Cross and in safe bootstrap, mounted system image is carried out signature verification guarantee that the running environment of terminal is to be not tampered with
Valid system.
Above-described detailed description of the invention, has been carried out the purpose of the present invention, technical scheme and beneficial effect the most in detail
Illustrate, be it should be understood that the detailed description of the invention that the foregoing is only the present invention, be not intended to limit the present invention
Protection domain, all within the spirit and principles in the present invention, any modification, equivalent substitution and improvement etc. done, all should wrap
Within being contained in protection scope of the present invention.
Claims (8)
1. one kind in credible execution terminal under environment security of system update method, it is characterised in that including:
Under credible execution environment, carry out two-way authentication between terminal and renewal server, set up escape way;
Described terminal obtains system update bag by described escape way from renewal server;
System update bag completion system is utilized to update.
2. the method for claim 1, it is characterised in that the described step utilizing system update bag completion system to update
Suddenly include:
Terminal system restarts, and enters safe bootstrap, and described system update bag is signed by described safe bootstrap
Name checking;
After being proved to be successful, described system update bag writing system district, completion system starts.
3. method as claimed in claim 2, it is characterised in that the described step utilizing system update bag completion system to update
Suddenly also include:
After being proved to be successful described system update bag, described safe bootstrap carries out signature to the system image of system area and tests
Card;
After being proved to be successful, after described system update bag writing system district, complete by safe boot program loads system image
Become system start-up.
4. the method as described in claims 1 to 3 any claim, it is characterised in that described system update bag store to
The secure storage areas of terminal.
5. one kind at credible execution terminal under environment security of system updating device, it is characterised in that including:
Unit set up by escape way, under credible execution environment, carries out two-way authentication between terminal and renewal server,
Set up escape way;
Download system updates bag unit, obtains system update by described escape way for described terminal from renewal server
Bag;
System update unit, is used for utilizing system update bag completion system to update.
6. device as claimed in claim 5, it is characterised in that described system update unit includes:
First signature verification module, restarts for terminal system, enters safe bootstrap, described safe bootstrap
Described system update bag is carried out signature verification;
First more new module, after being used for being proved to be successful, described system update bag writing system district, completion system starts.
7. device as claimed in claim 6, it is characterised in that described system update unit also includes:
Second signature verification module, after being proved to be successful described system update bag, described safe bootstrap is to system
The system image in district carries out signature verification;
Second more new module, after being used for being proved to be successful, after described system update bag writing system district, is guided by safety
Program loading system mirror image completion system starts.
8. the device as described in claim 5~7 any claim, it is characterised in that also include: secure storage unit;
Described secure storage unit, is placed in terminal, for the storage to described system update bag.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510607172.XA CN105930730A (en) | 2015-09-22 | 2015-09-22 | Terminal system security update method and apparatus in trusted execution environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510607172.XA CN105930730A (en) | 2015-09-22 | 2015-09-22 | Terminal system security update method and apparatus in trusted execution environment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105930730A true CN105930730A (en) | 2016-09-07 |
Family
ID=56839891
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510607172.XA Pending CN105930730A (en) | 2015-09-22 | 2015-09-22 | Terminal system security update method and apparatus in trusted execution environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105930730A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109286599A (en) * | 2017-07-20 | 2019-01-29 | 北京展讯高科通信技术有限公司 | Data security protection method, smart machine, server and readable storage medium storing program for executing |
CN109472148A (en) * | 2018-11-15 | 2019-03-15 | 百度在线网络技术(北京)有限公司 | Load the method, apparatus and storage medium of hot patch |
CN112241284A (en) * | 2020-12-16 | 2021-01-19 | 支付宝(杭州)信息技术有限公司 | Program data updating method, system, device and equipment based on privacy protection |
CN114185602A (en) * | 2020-09-15 | 2022-03-15 | 成都鼎桥通信技术有限公司 | Starting method and device of operating system and terminal |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1808456A (en) * | 2006-02-24 | 2006-07-26 | 上海方正信息安全技术有限公司 | Method of adding trusted platform on portable terminal |
CN1808385A (en) * | 2006-01-20 | 2006-07-26 | 北京朗通环球科技有限公司 | Guide system of embedded system |
CN102508686A (en) * | 2011-11-30 | 2012-06-20 | 苏州希图视鼎微电子有限公司 | Method and system for realizing safe upgrading of system |
CN102549592A (en) * | 2009-11-06 | 2012-07-04 | 日本电气英富醍株式会社 | Method of authentication at time of update of software embedded in information terminal, system for same and program for same |
CN102945174A (en) * | 2012-11-08 | 2013-02-27 | 大连捷成实业发展有限公司 | Method for upgrading singlechip program by means of connected off-chip Flash |
CN103257880A (en) * | 2013-05-30 | 2013-08-21 | 航天恒星科技有限公司 | Remote application program on-line updating method based on DSP |
CN103955648A (en) * | 2014-05-15 | 2014-07-30 | 乐视致新电子科技(天津)有限公司 | Method and device for verifying legality of system image |
-
2015
- 2015-09-22 CN CN201510607172.XA patent/CN105930730A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1808385A (en) * | 2006-01-20 | 2006-07-26 | 北京朗通环球科技有限公司 | Guide system of embedded system |
CN1808456A (en) * | 2006-02-24 | 2006-07-26 | 上海方正信息安全技术有限公司 | Method of adding trusted platform on portable terminal |
CN102549592A (en) * | 2009-11-06 | 2012-07-04 | 日本电气英富醍株式会社 | Method of authentication at time of update of software embedded in information terminal, system for same and program for same |
CN102508686A (en) * | 2011-11-30 | 2012-06-20 | 苏州希图视鼎微电子有限公司 | Method and system for realizing safe upgrading of system |
CN102945174A (en) * | 2012-11-08 | 2013-02-27 | 大连捷成实业发展有限公司 | Method for upgrading singlechip program by means of connected off-chip Flash |
CN103257880A (en) * | 2013-05-30 | 2013-08-21 | 航天恒星科技有限公司 | Remote application program on-line updating method based on DSP |
CN103955648A (en) * | 2014-05-15 | 2014-07-30 | 乐视致新电子科技(天津)有限公司 | Method and device for verifying legality of system image |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109286599A (en) * | 2017-07-20 | 2019-01-29 | 北京展讯高科通信技术有限公司 | Data security protection method, smart machine, server and readable storage medium storing program for executing |
CN109472148A (en) * | 2018-11-15 | 2019-03-15 | 百度在线网络技术(北京)有限公司 | Load the method, apparatus and storage medium of hot patch |
CN109472148B (en) * | 2018-11-15 | 2021-04-02 | 百度在线网络技术(北京)有限公司 | Method, device and storage medium for loading hot patch |
CN114185602A (en) * | 2020-09-15 | 2022-03-15 | 成都鼎桥通信技术有限公司 | Starting method and device of operating system and terminal |
CN114185602B (en) * | 2020-09-15 | 2023-08-22 | 成都鼎桥通信技术有限公司 | Starting method, device and terminal of operating system |
CN112241284A (en) * | 2020-12-16 | 2021-01-19 | 支付宝(杭州)信息技术有限公司 | Program data updating method, system, device and equipment based on privacy protection |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20130055335A1 (en) | Security enhancement methods and systems | |
CN103744686B (en) | Control method and the system of installation is applied in intelligent terminal | |
CN105786538B (en) | software upgrading method and device based on android system | |
CN103888252A (en) | UID, PID, and APPID-based control application access permission method | |
WO2017088135A1 (en) | Method and device for configuring security indication information | |
EP2705487A1 (en) | System and method for transaction security enhancement | |
US10621335B2 (en) | Method and device for verifying security of application | |
CN102136049B (en) | Terminal application safety management method and system | |
CN105930730A (en) | Terminal system security update method and apparatus in trusted execution environment | |
CN105678192A (en) | Smart card based secret key application method and application apparatus | |
CN111209558A (en) | Internet of things equipment identity authentication method and system based on block chain | |
CN108595950A (en) | A kind of safe Enhancement Methods of SGX of combination remote authentication | |
Shin et al. | Certificate injection-based encrypted traffic forensics in AI speaker ecosystem | |
CN106709281B (en) | Patch granting and acquisition methods, device | |
CN103475661B (en) | The safe acquisition methods of authentication procedure and system | |
CN104348616A (en) | Method for visiting terminal security component, device thereof and system thereof | |
CN108241798B (en) | Method, device and system for preventing machine refreshing | |
CN103491080A (en) | Information safety protecting method and system | |
CN102148831B (en) | Method and system for safely controlling terminal application | |
WO2011055290A2 (en) | Method and apparatus for providing a fast and secure boot process | |
CN107479923A (en) | Application program updating method, apparatus and display terminal | |
US9846790B2 (en) | Method for changing an operating mode of a mobile device | |
CN104158812B (en) | The method of controlling security and system of a kind of terminal applies | |
CN106599619A (en) | Verification method and device | |
CN107992319B (en) | Patch data updating method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160907 |
|
RJ01 | Rejection of invention patent application after publication |