CN106650422A - System and method for using TrustZone technology to prevent leakage of sensitive data of third-party input method - Google Patents

System and method for using TrustZone technology to prevent leakage of sensitive data of third-party input method Download PDF

Info

Publication number
CN106650422A
CN106650422A CN201610892087.7A CN201610892087A CN106650422A CN 106650422 A CN106650422 A CN 106650422A CN 201610892087 A CN201610892087 A CN 201610892087A CN 106650422 A CN106650422 A CN 106650422A
Authority
CN
China
Prior art keywords
data
input method
module
party
sensitive
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610892087.7A
Other languages
Chinese (zh)
Other versions
CN106650422B (en
Inventor
田琛
王雅哲
代蕊蕊
周启惠
徐震
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201610892087.7A priority Critical patent/CN106650422B/en
Publication of CN106650422A publication Critical patent/CN106650422A/en
Application granted granted Critical
Publication of CN106650422B publication Critical patent/CN106650422B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/556Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Mathematical Physics (AREA)
  • Input From Keyboards Or The Like (AREA)

Abstract

The invention relates to a system and method for using a TrustZone technology to prevent leakage of sensitive data of a third-party input method. The system and method are characterized by comprising an intercepting module which is located in a common execution environment; a safe keyboard module, a data analysis module, a reset module, and a sensitive data safe returning module which are located in a credible execution environment; a local sensitive data protecting module which combines with the data analysis module to protect the sensitive data in a common application program. According to the system and method for using the TrustZone technology to prevent leakage of sensitive data of the third-party input method, the safety of an input system of a mobile terminal can be effectively guaranteed, and the system and method for using a TrustZone technology to prevent leakage of sensitive data of the third-party input method have the advantages of having universality, being efficient, user-friendly, strong in safety and the like.

Description

A kind of utilization TrustZone technologies prevent what third party's input method sensitive data from revealing System and method for
Technical field
The present invention relates to a kind of utilization TrustZone technologies prevent the system of third party's input method sensitive data leakage and side Method, belongs to the data security arts of mobile terminal device.
Background technology
With the fast development of development of Mobile Internet technology and mobile intelligent terminal, the business of mobile terminal process is from traditional Communication, entertainment field extend to the high safeties such as mobile office, mobile payment, high sensitive traffic field.User is needed mobile whole Input increasing sensitive information in end includes login user name and password, associated person information, bank's card number etc..Research finds big Part third party's input method software can send the information of input to remote server during user input, in order to protect use Method service provider's malicious exploitation is not intercepted and captured or be transfused to the sensitive information at family by third party's malice, needs a kind of effective method Prevent leakage of third party's input method to the sensitive information of user input.
Common practice is that sensitive data is encrypted by AES, but input method service provider still can obtain Take the sensitive information of user input.The current feasible solution to input method safety problem is to have obtained use in input method The operation such as rollback or encryption is performed after the click at family, but can not be taken action before the code of input method is performed, therefore safety Problem is yet suffered from.
In order to preferably solve leakage problem of the mobile terminal third party input method to user's sensitive data, it is necessary to from bottom The total solution of multiple ring layout software and hardware combinings such as hardware structure, operating system.ARM TrustZone hardware isolateds Technology builds two independent running environment of common performing environment and credible performing environment in mobile terminal, and using processor Monitoring mode provides the switching of two environment and data transfer.Common performing environment is mutually isolated with credible performing environment, it is ensured that The security operated in credible performing environment, effectively realizes isolating for application system high sensitive traffic and general service.
Preventing third party's input method sensitive data from revealing using TrustZone technologies need to solve following problem:How Judge whether to need to be switched to credible performing environment;How in the operation of credible performing environment;How by the input data of user just Really return to the common applications in common performing environment.
The content of the invention
The technology solve problem of the present invention:Solve the safety problem of the sensitive data that user is input into mobile terminal, there is provided A kind of utilization TrustZone technologies prevent the System and method for that third party's input method sensitive data is revealed, so as to effectively ensure The security of the privacy information of user input, with advantages such as versatility, efficient and user friendly, strong securities.
The technology of the present invention solution is:One kind prevents third party's input method sensitive data from letting out using TrustZone technologies The System and method for of dew, is briefly described below the basic thought of lower this programme, and the present invention is drawing existing solution advantage On basis, it is proposed that the design philosophy of oneself, specifically, the present invention prevents third party to be input into using TrustZone technologies The system that method sensitive data is revealed includes following several aspects:
Aspect one, the blocking module of touch event is located in common performing environment, and user is in common performing environment for interception Touch event and analyze event type, judge whether that the safety keyboard for being switched to credible performing environment supplies user input.From touch Touch event-driven to receive after touch event, blocking module is using the Hook Function being added in the system service of input method framework Judge event type, in the case where keyboard & display event has been intercepted, key-press event is intercepted again, be then switched to credible holding The safety keyboard of row environment;Otherwise, event is performed by third party's input method that input method framework passes to common performing environment The operation of response.
Aspect two, safety keyboard can allow user to be input into credible performing environment, so as to prevent user input Information is obtained by third party's input method.In order to reduce the complexity of system design, safety keyboard is multiplexed currently common performing environment The soft keyboard of third party's input method of middle display simultaneously verifies layout information, in the case where being verified by third party's input method Soft keyboard is used as the safety keyboard in credible performing environment.The present invention only considers the soft key of the Romance of third party's input method Disk, each button one character of correspondence, when user touches a button, safety keyboard can obtain the coordinate of the button, so After be converted into corresponding character, and give data analysis module.
Aspect three, data analysis module analyzes the sensitiveness of the character received from safety keyboard.In order to verify the quick of character Perception, the sensitive data collection good for predefined, is unidirectionally matched using AC prefix match algorithms, whether analyzes the character Belong to the prefix of sensitive data, if not then by the character giving playback module;If it is the prefix is stored to one In buffering area, wait the follow-up input of user and judge complete input whether with sensitive string matching, will if mismatching Character string gives playback module, gives sensitive data by sensitive character string if matching and returns module safely.
Aspect four, the corresponding event of non-sensitive character is given third party's input method and is entered by playback module by input method framework Row is processed, and then data are submitted into common applications.The present invention devises and operates in the system service of input method framework and enter Daemon thread in journey imitates event generator, needs the character coordinates reset to be placed in credible performing environment and commonly perform ring In the shared drive in border, then imitate event generator and be waken up and character coordinates are obtained from shared drive, then construct word The corresponding touch event of symbol coordinate gives the system service of input method framework, and the system service dispatch third party of input method framework is defeated Enter method and process the event, so as to character is submitted into common applications.
Aspect five, sensitive data returns safely module by sensitive character string by credible performing environment and common performing environment Shared drive submit to common applications, and without third party's input method.Data safety returns module first by sensitivity Data are placed in the shared drive of credible performing environment and common performing environment, then the present invention design safety return service from Sensitive data is obtained in shared drive and common application journey is given by data using input connecting interface InputConnection Sequence.
Aspect six, local protecting sensitive data module adds Hook Function in application programming interfaces prevents third party to be input into Method obtains sensitive data from the buffering area of common applications.Submitted data are stored in the data of common applications and delay In rushing area, it has been found that the general-purpose interface that third party's input method can be provided for it by input method framework is again from common application Program obtains these data, including sensitive data.The present invention adds in all application programming interfaces related to retrieving data Hook Function, when third party's input method obtains data from the buffering area of common applications, in triggering credible performing environment Whether data analysis module analyze data is sensitive, and acquisition of third party's input method to sensitive data is prevented if sensitivity.
A kind of utilization TrustZone technologies prevent the method that third party's input method sensitive data is revealed, and realize that step is as follows:
(1) Hook Function during blocking module is by being added on the system service of input method framework intercepts touch event and drives The corresponding event for transmitting, in by input method management service class InputMethodManagerService On the premise of showSoftInput () Hook Function intercepts keyboard & display event, further through touch input class is processed When Hook Function sync () in TouchInputMapper intercepts key-press event, credible performing environment is switched to current The soft keyboard of third party's input method that common performing environment shows carries out integrity check, then carries out corresponding setting so as to multiple With the soft keyboard of third party's input method as credible performing environment safety keyboard, the button operation that afterwards user performs occurs to exist On safety keyboard.
(2) user passes through button Coordinate Conversion into character in the input of safety keyboard, and character is given data analysis module. Based on the predefined sensitive data collection of user, data analysis module distinguishes whether character belongs to quick using AC prefix match algorithms Sense prefix data, if not then by character coordinates playback module is given, if the prefix is stored in a buffering area, Wait the complete input of user whether sensitive with the input for judging user, once confirm that the prefix is nonsensitive data, then by it The coordinate of each character gives playback module, if sensitive data, then gives sensitive data by character string and returns mould safely Block.
(3) in playback module, non-sensitive button coordinate is initially placed in being total to for credible performing environment and common performing environment Internal memory is enjoyed, the daemon thread being added in system service process imitates event generator and is waken up and takes out touch from shared drive Event coordinates.The event queue that event generator is placed on event with correct form the service of input method frame system is imitated, so Afterwards the input scheduling thread inputDispatcher in system service is waken up and event is taken from queue, and selection scheduling is corresponding Component or service, that is, call third party's input method to process corresponding event, eventually through third party be input into normal direction common application Program submits character to.
(4) major part that sensitive data returns safely module is that safety returns service.Sensitive character string is stored in can In the shared drive of letter performing environment and common performing environment, safe return service is waken up and obtains from shared drive character String, safety returns input connecting interface InputConnection in service multiplexing input method framework, then common by calling Basic input connecting interface BaseInputConnection of application program directly submits data to application program.
(5) common applications receive playback module and sensitive data is returned safely after the data that module is submitted to, by number According to the buffering area for being stored in common applications.In order to prevent third party's input method from obtaining quick from common applications buffering area Sense data, the present invention adds Hook Function in basic input connecting interface BaseInputConnection GetTextBeforeCursor () and getSelectedText (), when third party's book input method is visited by application programming interfaces When asking common applications buffering area, Hook Function notifies the data analysis module in credible performing environment to third party's input method The data for attempting to obtain are analyzed, if sensitive data then prevents acquisition of third party's input method to data.
The present invention compared with prior art, with advantages below:
(1) present invention is isolated in button operation in credible performing environment using ARM TrustZone hardware isolateds technologies, Add Hook Function in system service to intercept corresponding event and judge whether to credible performing environment and common execution ring The switching in border, makes user in the safety keyboard input data of credible performing environment, and in the form of services to common applications Submit sensitive data to.Due to preventing third party's input method sensitive data from revealing in system-level combined with hardware technology, with stronger Security, while the present invention is applied to all of third party's input method, i.e., with versatility.
(2) soft keyboard of third party's input method of safety keyboard of the invention multiplexing normal operating system, reduces system Complexity, and do not affect Consumer's Experience, and by entering to the keyboard layout of third party's input method in credible performing environment Row integrity verification is unmodified to ensure keyboard layout, so as to effectively prevent the attack of false keypad layout.
(3) sensitive data returns safely system service of the module by addition --- and safety returns service directly by sensitive number According to common applications are submitted to, not by third party's input method, therefore sensitive data will not be sent to by third party's input method High in the clouds stores, it is ensured that the privacy of user sensitive information.
(4) when the data for having been committed to common applications are accessed again by third party's input method, it is added to application Hook Function in routine interface is captured and notifies that the data analysis module in credible performing environment carries out data analysis, if point Analysis draws it is sensitive character string, then prevent input method from obtaining the data, so as to ensure to be stored in the local sensitive data of mobile phone Security.
Description of the drawings
Fig. 1 is the general frame schematic diagram of the present invention;
Fig. 2 is the blocking module of the present invention and the schematic diagram for being switched to safety keyboard;
Fig. 3 is the schematic diagram of the data analysis module of the present invention;
Fig. 4 is schematic diagram of the present invention to the playback module of non-sensitive character;
Fig. 5 is that the present invention prevents third party's input method from the realization side of sensitive data is obtained from common applications buffering area Method schematic diagram.
Specific embodiment
, using platform based on ARM TrustZone hardware isolateds technologies and credible performing environment, realization can for the present invention System effectively to prevent third party's input method from revealing sensitive data.On the premise of ensureing to operating system minimal modifications, defeated Add Hook Function in the system service for entering method framework, capture the touch event of user, judge whether to be switched to credible execution ring Border is input into using safety keyboard.For the character that user is input into safety keyboard, data analysis module utilizes AC patterns Sensitiveness with Algorithm Analysis character, the coordinate of non-sensitive character gives input method framework by playback module, then by the 3rd Square input method is processed;Sensitive character string directly returns safely module and gives common applications by sensitive data, so as to bypass the Leakage of tripartite's input method to sensitive data.Based on this, the present invention prevents third party's input method sensitive using TrustZone technologies The system and method for leaking data have the advantages such as versatility, efficient and user friendly, strong security.
To make the purpose of the present invention, advantage and technical scheme clearer, below by way of being embodied as, and with reference to attached Figure, the present invention is described in more detail.
Fig. 1 describes on the whole the general frame of program enforcement, mainly including following five partial content:
First, based on common performing environment blocking module implementation method
Hook Function capture touch event in blocking module 101 drives the touch event for transmitting, and is sentenced according to event type The input of the disconnected receive user of safety keyboard 105 for whether being switched to credible performing environment.Mould is intercepted with reference to Fig. 2 concrete analyses Block is how to play a role and be switched to safety keyboard:
(1) user when common performing environment is performed and operated, touch event drives 100 to produce corresponding touch event, blocks Module 101 is cut first by the Hook Function in input method management service class InputMethodManagerService ShowSoftInput () judges whether keyboard & display event 200, if not then in the continuation operation of common performing environment 201;
(2) if keyboard & display event, and user touches soft keyboard 202, and blocking module 101 is using input method framework Hook Function sync () that touch input is processed in class TouchInputMapper intercepts corresponding event, notifies credible execution The integrality of the keyboard layout of third party's input method that the currently common performing environment of environment measuring shows, is then set accordingly Put, be multiplexed the soft keyboard of third party's input method as the safety keyboard 105 in credible performing environment.(3) above-mentioned soft keyboard is touched Event and the touch event for producing on safety keyboard afterwards are touched, blocking module judges whether key-press event 203, if not just Common performing environment 201 is switched back into, is, by button coordinate 204 by being converted into character 205.
2nd, in credible performing environment data analysis module implementation method
User is given data analysis module 106 and is carried out sensitivity analysis, non-sensitive character in the input of safety keyboard 105 Playback module 107 is given, sensitive data gives sensitive data and returns module 108 safely.Data point are specifically introduced with reference to Fig. 3 The implementation of analysis module 106:
(1) based on user-defined sensitive data collection 300, character 204 is carried out unidirectionally using AC prefix match algorithms Matching, judges whether the character belongs to sensitive data prefix 301, is then if it is not, giving playback module 107 by the character Sensitive data prefix is stored in into buffering area 302;
(2) wait user continues to be input into and repeat character (RPT) judges 303, if to the word in discovery and buffering area during certain character Symbol string constitutes together sensitive data 304, then give sensitive data by the sensitive character string and return module 108 safely, once occur Certain character is not belonging to sensitive data prefix, i.e., sensitive data 304 will not be constituted together with character afterwards, then by buffering area The coordinate of each character give playback module 107.
3rd, the implementation method of the playback module of nonsensitive data
Non-sensitive character coordinates are received from data analysis module 106, playback module 107 is by input method framework 102 Event is given third party input method by the system service in the imitation event generator thread of addition and original input method framework 103 process and submit respective symbols to common applications 104.The realization side of playback module 107 is specifically introduced below by Fig. 4 Method:
(1) character coordinates 400 that data analysis module 106 is transmitted are placed in credible performing environment and common performing environment In shared drive 401;
(2) the daemon thread imitation event generator 402 that the present invention adds operates in the system service of input method framework and enters Cheng Zhong, it is waken up and obtains character coordinates 400 from shared drive 401;
(3) imitate event generator 402 and character coordinates are organized into event queue 403 in the system service of input method framework The event format of needs, is put into touch event event queue 403 and wakes up the input scheduling thread in system service, i.e., InputDispatcher threads 404;
(4) inputDispatcher threads 404 obtain event from event queue 403, and selection scheduling third party is input into Method 103 carries out process event and the corresponding character of key-press event is submitted into common applications 104.
4th, sensitive data returns safely the implementation method of module
To the sensitive character string received from data analysis module 106, sensitive data returns safely module 108 and puts data In the shared drive of credible performing environment and common performing environment, then safety returns service and number is obtained from shared drive According to, and input connecting interface InputConnection in the input method framework for passing through multiplexing calls the base of common applications This input connecting interface BaseInputConnection directly submits data to application program.
5th, prevent third party's input method from the implementation method of sensitive data is obtained from common applications
The sensitive data for receiving is stored in data buffer zone by common applications 104, and third party's input method 103 can be with The function access buffer area that basic input connecting interface BaseInputConnection in by input method framework 102 is provided, So as to cause local sensitive data to reveal.The method for preventing local sensitive data from revealing is discussed in detail below by Fig. 5:
(1) third party's input method 103 is visited by the function that basic input connecting interface BaseInputConnection is provided When asking common application number of passes according to sequence buffering area 500, the hook being added in basic input connecting interface BaseInputConnection Subfunction 501getTextBeforeCursor () and getSelectedText () notify the data point in credible performing environment Analysis module;
(2) data analysis module 106 judges that third party's input method 103 attempts the data for obtaining using AC prefix match algorithms Whether sensitive 502, if non-sensitive, switch back into common performing environment 503 and continue executing with;If sensitive character string, then prevent Sensitive data obtains 504.
Above example is provided just for the sake of the description purpose of the present invention, and is not intended to limit the scope of the present invention.This The scope of invention is defined by the following claims.The various equivalents made without departing from spirit and principles of the present invention and repair Change, all should cover within the scope of the present invention.

Claims (2)

1. a kind of utilization TrustZone technologies prevent the system that third party's input method sensitive data is revealed, it is characterised in that include: Blocking module in common performing environment;Safety keyboard module, playback module, data in credible performing environment point Analysis module and sensitive data return safely module;With reference to data analysis module protect common applications in sensitive data it is local Protecting sensitive data module;Wherein:
Blocking module, in common performing environment, intercepts touch event of the user in common performing environment and analyzes event Type, judges whether that the safety keyboard for being switched to credible performing environment supplies user input;Drive from touch event and receive touch After event, blocking module judges event type using the Hook Function being added in the system service of input method framework, In the case of intercepting keyboard & display event, key-press event is intercepted again, then be switched to the safety keyboard of credible performing environment;
Safety keyboard, allows user to be input into credible performing environment, so as to prevent the information of user input defeated by third party Enter method acquisition, be multiplexed the soft keyboard of the third party's input method shown in currently common performing environment and verify layout information;Complete Integrity verification is by the case of using the soft keyboard of third party's input method as the safety keyboard in credible performing environment;Work as user When touching a button, safety keyboard obtains the coordinate of the button, is then converted into corresponding character, and gives data analysis Module;
Whether data analysis module, judges the sensitiveness of the character from safety keyboard reception, i.e., be sensitive character;User is fixed in advance The good sensitive data collection of justice, when data analysis module receives the character that safety keyboard is transmitted, is entered using AC prefix match algorithms Row unidirectional matching, analyzes the prefix whether character belongs to sensitive data, if not then by character giving playback module;If Then the prefix to be stored in a buffering area, wait the follow-up input of user and judge complete input whether with sensitive character String matching, playback module is given if mismatching by character string, and sensitive data peace is given by sensitive character string if matching It is complete to return module;Playback module, giving third party's input method by input method framework by the corresponding event of non-sensitive character is carried out Process, and then data are submitted into common applications;Operate in the mould of the daemon thread in the system service of input method framework Imitative event generator is placed in the character coordinates for needing to reset in the shared drive of credible performing environment and common performing environment, Then imitate event generator to be waken up and character coordinates are obtained from shared drive, then construct the corresponding touch of character coordinates Event gives the system service of input method framework, and system service dispatch third party's input method of input method framework processes the event, So as to character is submitted into common applications;
Sensitive data returns safely module, by sensitive character string by credible performing environment and the shared drive of common performing environment Common applications are submitted to, and without third party's input method;Sensitive data returns safely module and first puts sensitive data In the shared drive of credible performing environment and common performing environment, the safety for then designing returns service and obtains from shared drive Take sensitive data and give common applications by data using input connecting interface InputConnection;
Local protecting sensitive data module, Hook Function is added in application programming interfaces prevents third party's input method from answering from common Sensitive data is obtained with the buffering area of program;Submitted data are stored in the data buffer zone of common applications, the Tripartite's input method can obtain these data from common applications again by input method framework for the general-purpose interface that it is provided, Including sensitive data;Add Hook Function in all application programming interfaces related to retrieving data, when third party's input method When obtaining data from the buffering area of common applications, whether the data analysis module analyze data in performing environment that triggering is credible Sensitivity, prevents acquisition of third party's input method to sensitive data if sensitivity.
2. a kind of utilization TrustZone technologies prevent the method that third party's input method sensitive data is revealed, it is characterised in that realize Step is as follows:
(1) Hook Function during blocking module is by being added on the system service of input method framework intercepts touch event driving and transmits Corresponding event, by the showSoftInput in input method management service class InputMethodManagerService On the premise of () Hook Function intercepts keyboard & display event, process in class TouchInputMapper further through touch input Hook Function sync () when intercepting key-press event, be switched to what credible performing environment showed to currently common performing environment The soft keyboard of third party's input method carries out integrity check, then carries out arranging so as to be multiplexed the soft of third party's input method accordingly , used as the safety keyboard of credible performing environment, the button operation generation that afterwards user performs is on safety keyboard for keyboard;
(2) user passes through button Coordinate Conversion into character in the input of safety keyboard, and character is given data analysis module;It is based on The predefined sensitive data collection of user, data analysis module distinguishes whether character belongs to sensitive number using AC prefix match algorithms According to prefix, if not then by character coordinates playback module is given, if the prefix is stored in a buffering area, wait Whether the complete input of user is sensitive with the input for judging user, once confirm that the prefix is nonsensitive data, then it is its is each The coordinate of individual character gives playback module, if sensitive data, then gives sensitive data by character string and returns module safely;
(3) in playback module, non-sensitive button coordinate be initially placed in credible performing environment and common performing environment it is shared in Deposit, the daemon thread being added in system service process imitates event generator and is waken up and takes out touch event from shared drive Coordinate.The event queue that event generator is placed on event with correct form the service of input method frame system is imitated, is then Input scheduling thread inputDispatcher in system service is waken up and takes from queue event, corresponding group of selection scheduling Part or service, that is, call third party's input method to process corresponding event, and eventually through third party normal direction common applications are input into Submit character to;
(4) major part that sensitive data returns safely module is that safety returns service, and sensitive character string is stored in credible holding In the shared drive of row environment and common performing environment, safe return service is waken up and obtains from shared drive character string, Safety returns input connecting interface InputConnection in service multiplexing input method framework, then by calling common answering Directly data are submitted to basic input connecting interface BaseInputConnection of program to application program;
(5) common applications receive playback module and sensitive data is returned safely after the data that module is submitted to, and data are deposited It is placed on the buffering area of common applications;In order to prevent third party's input method from sensitive number is obtained from common applications buffering area According to addition Hook Function getTextBeforeCursor () in basic input connecting interface BaseInputConnection With getSelectedText (), when third party's input method by application programming interfaces access common applications buffering area when, Hook Function notifies that the data analysis module in credible performing environment is analyzed to the data that third party's input method attempts to obtain, If sensitive data then prevents acquisition of third party's input method to data.
CN201610892087.7A 2016-10-13 2016-10-13 A kind of System and method for for preventing third party's input method sensitive data from revealing using TrustZone technology Expired - Fee Related CN106650422B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610892087.7A CN106650422B (en) 2016-10-13 2016-10-13 A kind of System and method for for preventing third party's input method sensitive data from revealing using TrustZone technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610892087.7A CN106650422B (en) 2016-10-13 2016-10-13 A kind of System and method for for preventing third party's input method sensitive data from revealing using TrustZone technology

Publications (2)

Publication Number Publication Date
CN106650422A true CN106650422A (en) 2017-05-10
CN106650422B CN106650422B (en) 2019-06-04

Family

ID=58856933

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610892087.7A Expired - Fee Related CN106650422B (en) 2016-10-13 2016-10-13 A kind of System and method for for preventing third party's input method sensitive data from revealing using TrustZone technology

Country Status (1)

Country Link
CN (1) CN106650422B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108614975A (en) * 2018-04-27 2018-10-02 北京可信华泰信息技术有限公司 A kind of safe verification method based on integrity detection
WO2019007028A1 (en) * 2017-07-03 2019-01-10 深圳市中兴微电子技术有限公司 Authentication protection system and method based on trusted environment, and storage medium
CN110119632A (en) * 2018-02-05 2019-08-13 中国移动通信有限公司研究院 Sensitive data requesting method, device, system and computer readable storage medium
CN112231746A (en) * 2020-09-10 2021-01-15 杭州锘崴信息科技有限公司 Joint data analysis method, device and system and computer readable storage medium
CN112511514A (en) * 2020-11-19 2021-03-16 平安普惠企业管理有限公司 HTTP encrypted transmission method and device, computer equipment and storage medium
CN112580066A (en) * 2019-09-30 2021-03-30 北京国双科技有限公司 Data protection method and device
CN112948824A (en) * 2021-03-31 2021-06-11 支付宝(杭州)信息技术有限公司 Program communication method, device and equipment based on privacy protection
US11275842B2 (en) 2019-09-20 2022-03-15 The Toronto-Dominion Bank Systems and methods for evaluating security of third-party applications
US11436336B2 (en) 2019-09-23 2022-09-06 The Toronto-Dominion Bank Systems and methods for evaluating data access signature of third-party applications
WO2024103830A1 (en) * 2022-11-15 2024-05-23 百富计算机技术(深圳)有限公司 Secure input method and apparatus, and terminal device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101894232A (en) * 2010-07-26 2010-11-24 深圳市永达电子股份有限公司 Safe input method applied to identity authentication and input terminal
CN103853993A (en) * 2014-03-26 2014-06-11 联想(北京)有限公司 Information processing method and electronic equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101894232A (en) * 2010-07-26 2010-11-24 深圳市永达电子股份有限公司 Safe input method applied to identity authentication and input terminal
CN103853993A (en) * 2014-03-26 2014-06-11 联想(北京)有限公司 Information processing method and electronic equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
任飞: "Android操作系统安全机制研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019007028A1 (en) * 2017-07-03 2019-01-10 深圳市中兴微电子技术有限公司 Authentication protection system and method based on trusted environment, and storage medium
US11620373B2 (en) 2017-07-03 2023-04-04 Sanechips Technology Co., Ltd. Authentication protection system and method based on trusted environment, and storage medium
CN110119632A (en) * 2018-02-05 2019-08-13 中国移动通信有限公司研究院 Sensitive data requesting method, device, system and computer readable storage medium
CN110119632B (en) * 2018-02-05 2021-01-15 中国移动通信有限公司研究院 Sensitive data request method, device, system and computer readable storage medium
CN108614975A (en) * 2018-04-27 2018-10-02 北京可信华泰信息技术有限公司 A kind of safe verification method based on integrity detection
US11275842B2 (en) 2019-09-20 2022-03-15 The Toronto-Dominion Bank Systems and methods for evaluating security of third-party applications
US11947678B2 (en) 2019-09-23 2024-04-02 The Toronto-Dominion Bank Systems and methods for evaluating data access signature of third-party applications
US11436336B2 (en) 2019-09-23 2022-09-06 The Toronto-Dominion Bank Systems and methods for evaluating data access signature of third-party applications
CN112580066A (en) * 2019-09-30 2021-03-30 北京国双科技有限公司 Data protection method and device
CN112231746B (en) * 2020-09-10 2024-02-02 杭州锘崴信息科技有限公司 Joint data analysis method, device, system and computer readable storage medium
CN112231746A (en) * 2020-09-10 2021-01-15 杭州锘崴信息科技有限公司 Joint data analysis method, device and system and computer readable storage medium
CN112511514A (en) * 2020-11-19 2021-03-16 平安普惠企业管理有限公司 HTTP encrypted transmission method and device, computer equipment and storage medium
CN112948824B (en) * 2021-03-31 2022-04-26 支付宝(杭州)信息技术有限公司 Program communication method, device and equipment based on privacy protection
CN112948824A (en) * 2021-03-31 2021-06-11 支付宝(杭州)信息技术有限公司 Program communication method, device and equipment based on privacy protection
WO2024103830A1 (en) * 2022-11-15 2024-05-23 百富计算机技术(深圳)有限公司 Secure input method and apparatus, and terminal device

Also Published As

Publication number Publication date
CN106650422B (en) 2019-06-04

Similar Documents

Publication Publication Date Title
CN106650422B (en) A kind of System and method for for preventing third party's input method sensitive data from revealing using TrustZone technology
CN101340281B (en) Method and system for safe login input on network
WO2016110101A1 (en) Fingerprint authentication method and device, intelligent terminal, and computer storage medium
CN101794365B (en) The method of safely inputting information and mobile terminal on mobile terminals
CN105183307A (en) Application message display control method and application message display control device
CN105701414B (en) Method and device for multiplexing electronic equipment based on multiple accounts and electronic equipment
CN106650514B (en) A kind of safe input system and method based on TrustZone technology
CN102842001B (en) System and method for detecting computer security information based on U disc authentication
CN101483658B (en) System and method for input content protection of browser
CN106341381A (en) Method and system of key management for rack server system
CN104361281B (en) A kind of solution of Android platform phishing attack
CN109923544A (en) Method for authenticating and electronic equipment
CN104700007A (en) Gesture impression password setting and application method
CN104901805B (en) A kind of identification authentication methods, devices and systems
CN108536783A (en) Data processing method and device, terminal, computer readable storage medium
WO2017147890A1 (en) Verification code short message display method and mobile terminal
CN110378097A (en) Ensure sensing data safety
US20190377863A1 (en) Password input method, computer device and storage medium
CN110311857A (en) A kind of college association online interaction platform
CN102195940A (en) Virtual-machine-technology-based data security input and submission method and system
CN112131564A (en) Encrypted data communication method, apparatus, device, and medium
CN102984044B (en) The method and apparatus realizing data transmission security based on VPN (virtual private network)
CN104580197A (en) Code detection method and code detection system
CN112632605A (en) Method and device for preventing unauthorized access, computer equipment and storage medium
CN109981891A (en) A kind of terminal control method, device and terminal device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20190604

Termination date: 20191013

CF01 Termination of patent right due to non-payment of annual fee