CN106650422B - A kind of System and method for for preventing third party's input method sensitive data from revealing using TrustZone technology - Google Patents

A kind of System and method for for preventing third party's input method sensitive data from revealing using TrustZone technology Download PDF

Info

Publication number
CN106650422B
CN106650422B CN201610892087.7A CN201610892087A CN106650422B CN 106650422 B CN106650422 B CN 106650422B CN 201610892087 A CN201610892087 A CN 201610892087A CN 106650422 B CN106650422 B CN 106650422B
Authority
CN
China
Prior art keywords
data
input method
party
module
sensitive
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201610892087.7A
Other languages
Chinese (zh)
Other versions
CN106650422A (en
Inventor
田琛
王雅哲
代蕊蕊
周启惠
徐震
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201610892087.7A priority Critical patent/CN106650422B/en
Publication of CN106650422A publication Critical patent/CN106650422A/en
Application granted granted Critical
Publication of CN106650422B publication Critical patent/CN106650422B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/556Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Mathematical Physics (AREA)
  • Input From Keyboards Or The Like (AREA)

Abstract

The present invention relates to a kind of System and method fors for preventing third party's input method sensitive data from revealing using TrustZone technology, characterized by comprising: the blocking module in common performing environment;Safety keyboard module, data analysis module, playback module and the safe return module of sensitive data in credible performing environment;Combined data analysis module protects the local protecting sensitive data module of sensitive data in common applications;The present invention effectively guarantees the safety of mobile terminal input system, has the advantages such as versatility, efficient and user friendly, strong security.

Description

It is a kind of to prevent third party's input method sensitive data from revealing using TrustZone technology System and method for
Technical field
The present invention relates to a kind of system for preventing third party's input method sensitive data from revealing using TrustZone technology and sides Method belongs to the data security arts of mobile terminal device.
Background technique
With the fast development of development of Mobile Internet technology and mobile intelligent terminal, the business of mobile terminal processing is from traditional Communication, entertainment field extend to the high safeties such as mobile office, mobile payment, high sensitive traffic field.User needs mobile whole It includes login user name and password, contact information, bank's card number etc. that end, which inputs more and more sensitive informations,.Research is found greatly Part third party's input method software can send the information of input to remote server, in order to protect use during user inputs Method service provider's malicious exploitation is not intercepted and captured or be entered to the sensitive information at family by third party's malice, needs a kind of effective method The leakage for the sensitive information for preventing third party's input method from inputting to user.
Common practice is to be encrypted by Encryption Algorithm to sensitive data, but input method service provider can still obtain Take the sensitive information of family input.It is currently to have obtained use in input method to the feasible solution of input method safety problem The operation such as rollback or encryption is executed after the click at family, but cannot be taken action before the execution of the code of input method, therefore safety Problem still has.
In order to better solve mobile terminal third party input method to the leakage problem of user's sensitive data, it is necessary to from bottom The total solution of multiple ring layout software and hardware combinings such as hardware structure, operating system.ARM TrustZone hardware isolated Technology constructs two independent running environment of common performing environment and credible performing environment in mobile terminal, and utilizes processor Monitoring mode provides the switching of two environment and data are transmitted.Common performing environment and credible performing environment are mutually isolated, guarantee Being isolated for application system high sensitive traffic and general service is effectively realized in the safety operated in credible performing environment.
Prevent the leakage of third party's input method sensitive data from need to solve the problems, such as using TrustZone technology following: how Judge whether to need to be switched to credible performing environment;How to be operated in credible performing environment;How by the input data of user just Really return to the common applications in common performing environment.
Summary of the invention
Technology of the invention solves the problems, such as: solving the safety problem for the sensitive data that user inputs in mobile terminal, provides A kind of System and method for for preventing third party's input method sensitive data from revealing using TrustZone technology, to effectively guarantee The safety of the privacy information of user's input, has the advantages such as versatility, efficient and user friendly, strong security.
The technology of the present invention solution are as follows: a kind of to prevent third party's input method sensitive data from letting out using TrustZone technology The System and method for of dew, is briefly described below the basic thought of lower this programme, and the present invention is drawing existing solution advantage On basis, the design philosophy of oneself is proposed, specifically, the present invention prevents third party from inputting using TrustZone technology The system of method sensitive data leakage includes following several aspects:
The blocking module of aspect one, touch event is located in common performing environment, intercepts user in common performing environment Touch event and analyze event type, the safety keyboard for judging whether to be switched to credible performing environment is inputted for user.From touching It touches after event-driven receives touch event, Hook Function of the blocking module using addition in the system service of input method frame Judge event type, in the case where having intercepted keyboard & display event, and intercept key-press event, is then switched to credible hold The safety keyboard of row environment;Otherwise, event is executed by third party's input method that input method frame is transmitted to common performing environment The operation of response.
Aspect two, safety keyboard can allow user to input in credible performing environment, to prevent user from inputting Information is obtained by third party's input method.In order to reduce the complexity of system design, safety keyboard is multiplexed currently common performing environment The soft keyboard of third party's input method of middle display simultaneously verifies layout information, in the case where being verified by third party's input method Soft keyboard is as the safety keyboard in credible performing environment.The present invention only considers the soft key of the Romance of third party's input method Disk, the corresponding character of each key, when user touches a key, safety keyboard can obtain the coordinate of the key, so After be converted into corresponding character, and give data analysis module.
Aspect three, data analysis module analyze the sensibility from the received character of safety keyboard.In order to verify the quick of character Perception unidirectionally matches predefined sensitive data collection using AC prefix match algorithm, whether analyzes the character The prefix for belonging to sensitive data, if not then giving the character to playback module;If it is the prefix is stored to one In buffer area, wait user it is subsequent input and judge completely input whether with sensitive string matching, if mismatch if will Character string gives playback module, gives sensitive data safe return module sensitive character string if matching.
Aspect four, playback module by the corresponding event of non-sensitive character by input method frame give third party's input method into Row processing, and then data are submitted into common applications.The present invention devise operate in the system service of input method frame into Daemon thread in journey imitates event generator, and the character coordinates for needing to reset are placed in credible performing environment and common execution ring In the shared drive in border, then imitates event generator and be waken up and obtain character coordinates from shared drive, then construct word The corresponding touch event of symbol coordinate gives the system service of input method frame, and the system service dispatch third party of input method frame is defeated Enter method and handle the event, so that character is submitted to common applications.
Sensitive character string is passed through credible performing environment and common performing environment by aspect five, the safe return module of sensitive data Shared drive submit to common applications, and without third party's input method.Data safety return module first will be sensitive Data are placed in the shared drive of credible performing environment and common performing environment, then the present invention design safety return service from Sensitive data is obtained in shared drive and gives data to common application journey using input connecting interface InputConnection Sequence.
Aspect six, local protecting sensitive data module adds Hook Function in application programming interfaces prevents third party from inputting Method obtains sensitive data from the buffer area of common applications.The data that submitted data are stored in common applications are slow It rushes in area, it has been found that third party's input method can be its general-purpose interface for providing by input method frame again from common application Program obtains these data, including sensitive data.The present invention adds in all application programming interfaces relevant to retrieving data Hook Function triggers in credible performing environment when third party's input method obtains data from the buffer area of common applications Whether data analysis module analysis data are sensitive, prevent acquisition of third party's input method to sensitive data if sensitive.
A method of it prevents third party's input method sensitive data from revealing using TrustZone technology, realizes that steps are as follows:
(1) blocking module intercepts touch event driving by Hook Function of the addition in the system service of input method frame The corresponding event transmitted, by input method management service class InputMethodManagerService Under the premise of showSoftInput () Hook Function intercepts keyboard & display event, class is handled further through touch input When Hook Function sync () in TouchInputMapper intercepts key-press event, credible performing environment is switched to current The soft keyboard for third party's input method that common performing environment is shown carries out integrity check, carries out corresponding setting then to multiple Use the soft keyboard of third party's input method as the safety keyboard of credible performing environment, the button operation that user executes later occurs On safety keyboard.
(2) user is converted into character by key coordinate in the input of safety keyboard, and character is given data analysis module. Based on the predefined sensitive data collection of user, data analysis module distinguished using AC prefix match algorithm character whether belong to it is quick Feel prefix data, if not then character coordinates are given to playback module, store if it is by the prefix into a buffer area, Wait the complete input of user to judge whether the input of user is sensitive, once confirm that the prefix is nonsensitive data, then by it The coordinate of each character gives playback module, if it is sensitive data, then gives character string to sensitive data and returns to mould safely Block.
(3) in playback module, non-sensitive key coordinate is initially placed in being total to for credible performing environment and common performing environment Memory is enjoyed, the daemon thread imitation event generator added in system service process is waken up and takes out touch from shared drive Event coordinates.The event queue that event generator is placed on event with correct format input method frame system service is imitated, so The input scheduling thread inputDispatcher in system service is waken up and takes event from queue afterwards, and selection scheduling is corresponding Component or service, i.e. calling third party's input method handle corresponding event, input normal direction common application eventually by third party Program submits character.
(4) major part of the safe return module of sensitive data is to return to service safely.Sensitive character string is stored in can In the shared drive for believing performing environment and common performing environment, safety returns to service and is waken up and obtains character from shared drive String, safety return to the input connecting interface InputConnection in service multiplexing input method frame, then common by calling The basic input connecting interface BaseInputConnection of application program directly submits data to application program.
(5) it after common applications receive the data that playback module and the safe return module of sensitive data are submitted, will count According to the buffer area for being stored in common applications.Third party's input method obtains quick from common applications buffer area in order to prevent Feel data, the present invention adds Hook Function in input connecting interface BaseInputConnection substantially GetTextBeforeCursor () and getSelectedText (), when third party's book input method is visited by application programming interfaces When asking common applications buffer area, Hook Function notifies the data analysis module in credible performing environment to third party's input method The data for attempting to obtain are analyzed, and acquisition of third party's input method to data is then prevented if it is sensitive data.
Compared with prior art, the present invention having the advantage that
(1) button operation is isolated in credible performing environment by the present invention using ARM TrustZone hardware isolated technology, Hook Function is added in system service to intercept corresponding event and judge whether to credible performing environment and common execution ring The switching in border makes user in the safety keyboard input data of credible performing environment, and in the form of services to common applications Submit sensitive data.Due to preventing third party's input method sensitive data from revealing in system-level combination hardware technology, have stronger Safety, while the present invention is suitable for all third party's input methods, that is, has versatility.
(2) soft keyboard of third party's input method of safety keyboard of the invention multiplexing normal operating system, reduces system Complexity, and do not influence user experience, and by credible performing environment to the keyboard layout of third party's input method into Row integrity verification guarantees that keyboard layout is unmodified, thus the attack for effectivelying prevent false keypad to be laid out.
(3) system service that the safe return module of sensitive data passes through addition --- safety returns to service directly by sensitive number According to common applications are submitted to, not by third party's input method, therefore sensitive data will not be sent to by third party's input method Cloud storage, ensure that the privacy of user sensitive information.
(4) when having been committed to the data of common applications and being accessed again by third party's input method, it is added to application Hook Function in routine interface captures and the data analysis module in credible performing environment is notified to carry out data analysis, if point Analysis obtains it is sensitive character string, then input method is prevented to obtain the data, to guarantee the sensitive data for being stored in mobile phone local Safety.
Detailed description of the invention
Fig. 1 is general frame schematic diagram of the invention;
Fig. 2 is blocking module of the invention and the schematic diagram for being switched to safety keyboard;
Fig. 3 is the schematic diagram of data analysis module of the invention;
Fig. 4 is schematic diagram of the present invention to the playback module of non-sensitive character;
Fig. 5 is the realization side of the invention for preventing third party's input method from obtaining sensitive data from common applications buffer area Method schematic diagram.
Specific embodiment
For the present invention using ARM TrustZone hardware isolated technology and credible performing environment as basic platform, realization can With the system for effectivelying prevent third party's input method leakage sensitive data.Under the premise of guaranteeing to operating system minimal modifications, defeated Enter in the system service of method frame and add Hook Function, capture the touch event of user, judges whether to be switched to credible execution ring Border is inputted using safety keyboard.For the character that user inputs in safety keyboard, data analysis module utilizes AC mode Sensibility with algorithm analysis character, the coordinate of non-sensitive character gives input method frame by playback module, then by third Square input method processing;Sensitive character string directly gives common applications by the safe return module of sensitive data, thus around the Leakage of tripartite's input method to sensitive data.Based on this, the present invention prevents third party's input method sensitive using TrustZone technology The system and method for leaking data have the advantages such as versatility, efficient and user friendly, strong security.
To keep the purpose of the present invention, advantage and technical solution clearer, below by way of specific implementation, and combine attached Figure, the present invention is described in more detail.
Fig. 1 describes the general frame of program implementation on the whole, mainly includes following five partial content:
One, the implementation method of the blocking module based on common performing environment
Hook Function capture touch event in blocking module 101 drives the touch event transmitted, is sentenced according to event type The disconnected safety keyboard 105 for whether being switched to credible performing environment receives the input of user.It is made a concrete analysis of below with reference to Fig. 2 and intercepts mould Block is how to play a role and be switched to safety keyboard:
(1) for user when common performing environment is executed and operated, touch event driving 100 generates corresponding touch event, blocks Module 101 is cut first by the Hook Function in input method management service class InputMethodManagerService ShowSoftInput () judges whether keyboard & display event 200, if not then continuing to operate in common performing environment 201;
(2) if it is keyboard & display event, and user touches soft keyboard 202, and blocking module 101 utilizes input method frame Touch input handles the Hook Function sync () in class TouchInputMapper and intercepts corresponding event, notifies credible execution The integrality of the keyboard layout for third party's input method that the currently common performing environment of environment measuring is shown, is then set accordingly It sets, is multiplexed the soft keyboard of third party's input method as the safety keyboard 105 in credible performing environment.(3) above-mentioned soft keyboard is touched The touch event touching event and generating on safety keyboard later, blocking module judges whether key-press event 203, if not just Common performing environment 201 is switched back into, is, by key coordinate 204 by being converted into character 205.
Two, in credible performing environment data analysis module implementation method
User is given data analysis module 106 in the input of safety keyboard 105 and carries out sensitivity analysis, non-sensitive character Playback module 107 is given, sensitive data gives sensitive data safe return module 108.Data point are specifically introduced below with reference to Fig. 3 Analyse the implementation of module 106:
(1) it is based on the customized sensitive data collection 300 of user, character 204 is carried out unidirectionally using AC prefix match algorithm Matching, judges whether the character belongs to sensitive data prefix 301, is then if it is not, giving the character to playback module 107 Sensitive data prefix is stored in buffer area 302;
(2) wait that user continues input and repeat character (RPT) judge 303, if word when to certain character in discovery and buffer area Symbol string constitutes sensitive data 304 together, then gives sensitive data safe return module 108 the sensitivity character string, once occur Some character is not belonging to sensitive data prefix, i.e., sensitive data 304 will not be constituted together with character later, then will be in buffer area The coordinate of each character give playback module 107.
Three, the implementation method of the playback module of nonsensitive data
Non-sensitive character coordinates are received from data analysis module 106, playback module 107 passes through in input method frame 102 System service in the imitation event generator thread and original input method frame of addition gives event to third party's input method 103 handle and submit respective symbols to common applications 104.The realization side of playback module 107 is specifically introduced below by Fig. 4 Method:
(1) character coordinates 400 that data analysis module 106 transmits are placed in credible performing environment and common performing environment In shared drive 401;
(2) daemon thread that adds of the present invention imitate event generator 402 operate in the system service of input method frame into Cheng Zhong, it is waken up and obtains character coordinates 400 from shared drive 401;
(3) it imitates event generator 402 and character coordinates is organized into event queue 403 in the system service of input method frame Touch event is put into event queue 403 and wakes up the input scheduling thread in system service, i.e., by the event format needed InputDispatcher thread 404;
(4) inputDispatcher thread 404 obtains event from event queue 403, and selection scheduling third party inputs Method 103 carries out processing event and the corresponding character of key-press event is submitted to common applications 104.
Four, the implementation method of the safe return module of sensitive data
To the sensitive character string received from data analysis module 106, the safe return module 108 of sensitive data puts data In the shared drive of credible performing environment and common performing environment, then safety returns to service and obtains number from shared drive According to, and pass through the base of the input connecting interface InputConnection calling common applications in the input method frame of multiplexing This input connecting interface BaseInputConnection directly submits data to application program.
Five, prevent third party's input method from obtaining the implementation method of sensitive data from common applications
The sensitive data received is stored in data buffer zone by common applications 104, and third party's input method 103 can be with The function access buffer area provided by the basic input connecting interface BaseInputConnection in input method frame 102, To cause local sensitive data to reveal.The method for preventing local sensitive data leakage is discussed in detail below by Fig. 5:
(1) third party's input method 103 is visited by the function that input connecting interface BaseInputConnection is provided substantially When asking common application number of passes according to sequence buffer area 500, the hook in input connecting interface BaseInputConnection substantially is added Subfunction 501getTextBeforeCursor () and getSelectedText () notifies the data in credible performing environment point Analyse module;
(2) data analysis module 106 judges that third party's input method 103 attempts the data obtained using AC prefix match algorithm Whether sensitivity 502, if non-sensitive, switch back into common performing environment 503 and continue to execute;If it is sensitive character string, then prevent Sensitive data obtains 504.
Above embodiments are provided just for the sake of the description purpose of the present invention, and are not intended to limit the scope of the invention.This The range of invention is defined by the following claims.It does not depart from spirit and principles of the present invention and the various equivalent replacements made and repairs Change, should all cover within the scope of the present invention.

Claims (2)

1. a kind of system for preventing third party's input method sensitive data from revealing using TrustZone technology, characterized by comprising: Blocking module in common performing environment;Safety keyboard module, playback module, data point in credible performing environment Analyse module and the safe return module of sensitive data;Combined data analysis module protects the local of sensitive data in common applications Protecting sensitive data module;Wherein:
Blocking module is located in common performing environment, intercepts touch event of the user in common performing environment and analyzes event Type judges whether that the safety keyboard for being switched to credible performing environment is inputted for user;Touch is received from touch event driving After event, blocking module judges event type using Hook Function of the addition in the system service of input method frame, In the case where intercepting keyboard & display event, and key-press event is intercepted, is then switched to the safety keyboard of credible performing environment;
Safety keyboard allows user to input in credible performing environment, so that the information for preventing user from inputting is defeated by third party Enter method acquisition, is multiplexed the soft keyboard of the third party's input method shown in currently common performing environment and verifies layout information;Complete Integrity verification pass through in the case where using the soft keyboard of third party's input method as the safety keyboard in credible performing environment;Work as user When touching a key, safety keyboard obtains the coordinate of the key, is then converted into corresponding character, and gives data analysis Module;
Whether data analysis module judges the sensibility from the received character of safety keyboard, i.e., is sensitive character;User is fixed in advance The good sensitive data collection of justice, when data analysis module receives the character that safety keyboard transmits, using AC prefix match algorithm into Whether the unidirectional matching of row, analysis character belong to the prefix of sensitive data, if not then giving character to playback module;If Be then by the prefix storage into a buffer area, wait user it is subsequent input and judge completely input whether with sensitive character String matching gives character string to playback module if mismatching, and gives sensitive character string to sensitive data peace if matching Full return module;Playback module is given the corresponding event of non-sensitive character to third party's input method by input method frame and is carried out Processing, and then data are submitted into common applications;Operate in the mould of the daemon thread in the system service of input method frame Imitative event generator will need the character coordinates reset to be placed in the shared drive of credible performing environment and common performing environment, Then it imitates event generator to be waken up and obtain character coordinates from shared drive, then constructs the corresponding touch of character coordinates Event gives the system service of input method frame, and system service dispatch third party's input method of input method frame handles the event, To which character is submitted to common applications;
The safe return module of sensitive data, the shared drive that sensitive character string is passed through into credible performing environment and common performing environment Common applications are submitted to, and without third party's input method;The safe return module of sensitive data first puts sensitive data In the shared drive of credible performing environment and common performing environment, the safety then designed returns to service and obtains from shared drive It takes sensitive data and gives data to common applications using input connecting interface InputConnection;
Local protecting sensitive data module, adding Hook Function in application programming interfaces prevents third party's input method from commonly answering Sensitive data is obtained with the buffer area of program;Submitted data are stored in the data buffer zone of common applications, the Tripartite's input method can be that the general-purpose interface that it is provided obtains these data from common applications again by input method frame, Including sensitive data;Hook Function is added in all application programming interfaces relevant to retrieving data, when third party's input method When obtaining data from the buffer area of common applications, whether the data analysis module triggered in credible performing environment analyzes data Sensitivity prevents acquisition of third party's input method to sensitive data if sensitive.
2. a kind of method for preventing third party's input method sensitive data from revealing using TrustZone technology, it is characterised in that realize Steps are as follows:
(1) blocking module intercepts touch event driving by Hook Function of the addition in the system service of input method frame and transmits Corresponding event, passing through the showSoftInput in input method management service class InputMethodManagerService Under the premise of () Hook Function intercepts keyboard & display event, further through in touch input processing class TouchInputMapper Hook Function sync () when intercepting key-press event, be switched to what credible performing environment showed currently common performing environment The soft keyboard of third party's input method carries out integrity check, carries out corresponding setting then to be multiplexed the soft of third party's input method Safety keyboard of the keyboard as credible performing environment, the button operation that user executes later occur on safety keyboard;
(2) user is converted into character by key coordinate in the input of safety keyboard, and character is given data analysis module;It is based on The predefined sensitive data collection of user, data analysis module distinguish whether character belongs to sensitive number using AC prefix match algorithm It, into a buffer area, is waited if not then character coordinates are given to playback module if it is by prefix storage according to prefix The complete input of user is to judge whether the input of user is sensitive, once confirm that the prefix is nonsensitive data, then it is its is each The coordinate of a character gives playback module, if it is sensitive data, then gives sensitive data safe return module character string;
(3) in playback module, non-sensitive key coordinate be initially placed in credible performing environment and common performing environment it is shared in It deposits, the daemon thread imitation event generator added in system service process is waken up and takes out touch event from shared drive Coordinate imitates the event queue that event generator is placed on event with correct format input method frame system service, is then Input scheduling thread inputDispatcher in system service is waken up and takes from queue event, and corresponding group of selection scheduling Part or service, that is, call third party's input method to handle corresponding event, inputs normal direction common applications eventually by third party Submit character;
(4) major function of the safe return module of sensitive data is to return to service safely, and sensitive character string is stored in credible hold In row environment and the shared drive of common performing environment, safety returns to service and is waken up and obtains from shared drive character string, Safety returns to the input connecting interface InputConnection in service multiplexing input method frame, is then commonly answered by calling Data directly are submitted to application program with the basic input connecting interface BaseInputConnection of program;
(5) after common applications receive the data that playback module and the safe return module of sensitive data are submitted, data are deposited It is placed on the buffer area of common applications;Third party's input method obtains sensitive number from common applications buffer area in order to prevent According to addition Hook Function getTextBeforeCursor () in input connecting interface BaseInputConnection substantially With getSelectedText (), when third party's input method by application programming interfaces access common applications buffer area when, The data that Hook Function notifies the data analysis module in credible performing environment to attempt to obtain to third party's input method are analyzed, Acquisition of third party's input method to data is then prevented if it is sensitive data.
CN201610892087.7A 2016-10-13 2016-10-13 A kind of System and method for for preventing third party's input method sensitive data from revealing using TrustZone technology Expired - Fee Related CN106650422B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610892087.7A CN106650422B (en) 2016-10-13 2016-10-13 A kind of System and method for for preventing third party's input method sensitive data from revealing using TrustZone technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610892087.7A CN106650422B (en) 2016-10-13 2016-10-13 A kind of System and method for for preventing third party's input method sensitive data from revealing using TrustZone technology

Publications (2)

Publication Number Publication Date
CN106650422A CN106650422A (en) 2017-05-10
CN106650422B true CN106650422B (en) 2019-06-04

Family

ID=58856933

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610892087.7A Expired - Fee Related CN106650422B (en) 2016-10-13 2016-10-13 A kind of System and method for for preventing third party's input method sensitive data from revealing using TrustZone technology

Country Status (1)

Country Link
CN (1) CN106650422B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11861017B2 (en) 2019-09-20 2024-01-02 The Toronto-Dominion Bank Systems and methods for evaluating security of third-party applications

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109218260B (en) 2017-07-03 2020-11-06 深圳市中兴微电子技术有限公司 Trusted environment-based authentication protection system and method
CN110119632B (en) * 2018-02-05 2021-01-15 中国移动通信有限公司研究院 Sensitive data request method, device, system and computer readable storage medium
CN108614975A (en) * 2018-04-27 2018-10-02 北京可信华泰信息技术有限公司 A kind of safe verification method based on integrity detection
US11436336B2 (en) 2019-09-23 2022-09-06 The Toronto-Dominion Bank Systems and methods for evaluating data access signature of third-party applications
CN112580066A (en) * 2019-09-30 2021-03-30 北京国双科技有限公司 Data protection method and device
CN112231746B (en) * 2020-09-10 2024-02-02 杭州锘崴信息科技有限公司 Joint data analysis method, device, system and computer readable storage medium
CN112511514A (en) * 2020-11-19 2021-03-16 平安普惠企业管理有限公司 HTTP encrypted transmission method and device, computer equipment and storage medium
CN112948824B (en) * 2021-03-31 2022-04-26 支付宝(杭州)信息技术有限公司 Program communication method, device and equipment based on privacy protection

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101894232A (en) * 2010-07-26 2010-11-24 深圳市永达电子股份有限公司 Safe input method applied to identity authentication and input terminal
CN103853993A (en) * 2014-03-26 2014-06-11 联想(北京)有限公司 Information processing method and electronic equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101894232A (en) * 2010-07-26 2010-11-24 深圳市永达电子股份有限公司 Safe input method applied to identity authentication and input terminal
CN103853993A (en) * 2014-03-26 2014-06-11 联想(北京)有限公司 Information processing method and electronic equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Android操作系统安全机制研究与实现;任飞;《中国优秀硕士学位论文全文数据库 信息科技辑》;20160315(第3期);第I138-136页 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11861017B2 (en) 2019-09-20 2024-01-02 The Toronto-Dominion Bank Systems and methods for evaluating security of third-party applications

Also Published As

Publication number Publication date
CN106650422A (en) 2017-05-10

Similar Documents

Publication Publication Date Title
CN106650422B (en) A kind of System and method for for preventing third party's input method sensitive data from revealing using TrustZone technology
Barkadehi et al. Authentication systems: A literature review and classification
CN106650514B (en) A kind of safe input system and method based on TrustZone technology
CN107273736B (en) Cipher-code input method, device, computer equipment and storage medium
CN101794365B (en) The method of safely inputting information and mobile terminal on mobile terminals
CN105610810A (en) Data processing method, client and servers
CN109389727A (en) Method for unlocking, system and computer readable storage medium
CN103002445A (en) Safe mobile electronic equipment for providing application services
CN109923544A (en) Method for authenticating and electronic equipment
CN104361281B (en) A kind of solution of Android platform phishing attack
CN105447378A (en) Password generation method and device
CN106657166B (en) A kind of method of authentication, terminal device and server
CN110311857A (en) A kind of college association online interaction platform
Alluhaybi et al. A survey: agent-based software technology under the eyes of cyber security, security controls, attacks and challenges
CN107666469A (en) The processing method and terminal of identifying code short message
CN104683290A (en) Method and device for monitoring phishing and terminal
CN107657187A (en) A kind of keyboard and input method and system applied to android system
CN102984044A (en) Method and device based on virtual private network (VPN) to achieve data transmission security
CN104955043B (en) A kind of intelligent terminal security protection system
CN112260983B (en) Identity authentication method, device, equipment and computer readable storage medium
CN108959868A (en) A kind of booting computer method, apparatus and computer
CN108566389A (en) A kind of fingerprint identity validation method and device across application
CN206133573U (en) Credible execution systems of software based on ARM framework
US20230177142A1 (en) Detecting sharing of passwords
Chen et al. Security and usability

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20190604

Termination date: 20191013