CN108614975A - A kind of safe verification method based on integrity detection - Google Patents
A kind of safe verification method based on integrity detection Download PDFInfo
- Publication number
- CN108614975A CN108614975A CN201810393114.5A CN201810393114A CN108614975A CN 108614975 A CN108614975 A CN 108614975A CN 201810393114 A CN201810393114 A CN 201810393114A CN 108614975 A CN108614975 A CN 108614975A
- Authority
- CN
- China
- Prior art keywords
- privileged domain
- application program
- method based
- privileged
- verification method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000012795 verification Methods 0.000 title claims abstract description 21
- 238000001514 detection method Methods 0.000 title claims abstract description 15
- 238000012545 processing Methods 0.000 claims description 7
- 238000004364 calculation method Methods 0.000 claims description 2
- JBWKIWSBJXDJDT-UHFFFAOYSA-N triphenylmethyl chloride Chemical compound C=1C=CC=CC=1C(C=1C=CC=CC=1)(Cl)C1=CC=CC=C1 JBWKIWSBJXDJDT-UHFFFAOYSA-N 0.000 claims 2
- 230000005540 biological transmission Effects 0.000 abstract description 4
- 238000005259 measurement Methods 0.000 description 11
- 238000012360 testing method Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 2
- 238000004321 preservation Methods 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 244000062793 Sorghum vulgare Species 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 235000019713 millet Nutrition 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 229910052709 silver Inorganic materials 0.000 description 1
- 239000004332 silver Substances 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6281—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of safe verification methods based on integrity detection, by marking off privileged domain and non-privileged domain in systems, when the first application program in non-privileged domain carries out sensitive operation, sensitive data is transferred to the trusted application in privileged domain by data transmission channel to handle, and handling result is returned into first application program and carries out subsequent operation, to ensure that the safety of sensitive operation in application program.
Description
Technical field
The present invention relates to security control field, more particularly to a kind of safe verification method based on integrity detection.
Background technology
Trust computing is as one new developing direction of information security field by more and more companies and research institution
Pay attention to.The main target of credible accounting system is the computing environment for building a user and being expected, to ensure computing resource
It will not be maliciously tampered, steal.
Universal with smart mobile phone, mobile payment becomes an important function of mobile phone end, but due to
The sensitive datas such as general data and password only there are one subregion, i.e. user partition in smart mobile phone, therefore in smart mobile phone are
It is stored together, it is difficult to ensure the safety of sensitive data.
In consideration of it, needing to seek a kind of control management method of lifting system safety.
Invention content
The present invention proposes a kind of safe verification method based on integrity detection, when for ensureing that application program is run
Safety.
A kind of safe verification method based on integrity detection was applied in intelligent terminal, which is characterized in that at intelligent end
Privileged domain and non-privileged domain two parts are marked off in end and are separately operable, the privileged domain includes TPCM, the method includes:
Step 1:Sensitive data is sent to the trusted application in privileged domain by the first application program in non-privileged domain;
Step 2:Trusted application in privileged domain handles the sensitive data;
Step 3:The trusted application sends the handling result to the non-privileged domain.
Further include:
The operation of the trusted application in the privileged domain is based on the TPCM.
Further include:
Further include control module in the non-privileged domain system, for receiving the sensitive number in first application program
According to.
Further include:
The sensitive data is sent to the trusted application in the privileged domain by data channel by the control module.
Further include:
The data channel is shared drive, can meet privileged domain and non-privileged domain system is carried out at the same time access and progress
The access of data.
Further include:
The processing, and can be to generate corresponding handling result to preserve and calculation process.
Further include:
The trusted application transmits the handling result of the sensitive data by shared drive.
Further include:
The handling result is received by the control module in non-privileged domain, and is passed to by the control module described
First application program, first application program are further operated using the handling result.
Technical solution of the present invention marks off privileged domain and non-privileged domain in systems, when first in non-privileged domain applies journey
When sequence carries out sensitive operation, sensitive data is transferred to the trusted application in privileged domain by data transmission channel and is handled,
And handling result is returned into first application program and carries out subsequent operation, to ensure that sensitive operation in application program
Safety.
Description of the drawings
Fig. 1 is a kind of system framework figure of the credible platform control module implementation method based on firmware in the present invention;
Fig. 2 is a kind of flow chart of credible platform control module method in the embodiment of the present invention one;
Fig. 3 is a kind of flow chart of safe verification method in the embodiment of the present invention two;
Fig. 4 is a kind of flow chart for the method ensureing security of system in the embodiment of the present invention three;
Fig. 5 is a kind of flow chart of trusted software list updating method in the embodiment of the present invention four.
Specific implementation mode
The present invention provides a kind of safe verification method based on integrity detection.To make the purpose of the present invention, technical solution
And effect is clearer, clear, the present invention is described in more detail for the embodiment that develops simultaneously referring to the drawings.It should be appreciated that this
Place is described, and specific examples are only used to explain the present invention, is not intended to limit the present invention.
Term " first ", " second ", " third " " in description and claims of this specification and above-mentioned attached drawing
The (if present)s such as four " are for distinguishing similar object, without being used to describe specific sequence or precedence.It should manage
The data that solution uses in this way can be interchanged in the appropriate case, so that the embodiments described herein can be in addition to illustrating herein
Or the sequence other than the content of description is implemented.In addition, term " comprising " and " having " and their any deformation, it is intended that
Cover it is non-exclusive include, for example, containing the process of series of steps or unit, method, system, product or equipment need not limit
In those of clearly listing step or unit, but may include not listing clearly or for these processes, method, production
The intrinsic other steps of product or equipment or unit.
Embodiment one
The credible platform control module implementation method based on firmware that the present embodiment provides a kind of, marks off in intelligent terminal
Privileged domain and non-privileged domain.It is as shown in Figure 1 the frame diagram of system in the present embodiment, wherein privileged domain is credible performing environment
(TEE), special memory, crypto module that franchise domain system uses, specially are specialized in including TPCM (credible platform control module), and
With external memory and dedicated cpu;Non-privileged domain is in mobile terminal rich in performing environment (REE), including support controlled system operation
Soft hardware equipment set.
It is illustrated in figure 2 the flow chart of credible platform control module method in the present embodiment, is included the following steps:
Step 1:Privileged domain System Priority starts.
Specifically, it is privileged domain system power supply using dedicated supply line on mainboard, ensures equipment in the standby state
Franchise domain system has just been powered.
Specifically, the standby mode refers to state when equipment has been powered on but user does not press power button also.
Specifically, if user directly presses power button progress electrifying startup, privileged domain system after enabling equipment power-on
System, which will control, powers on order, executes startup to franchise domain system in advance and active safety is measured.
Step 2:Self-test is actively measured to TPCM progress, if self-test is without exception, starts the controlled system for starting non-privileged domain
System, and enter step 3;If self-test notes abnormalities, alarms and equipment is forbidden to start.
Specifically, the franchise domain system controls the leading electrifying startups of the TPCM and carries out self-test and inside initially
Change.Self-test executes further work after initializing successfully;Self-test, initialization are unsuccessful, LED lights according to ad hoc fashion,
Buzzer is lighted according to ad hoc fashion and is piped, and prompts have exception.
Specifically, if TPCM modules are not present after electrifying startup in discovering device, prove that TPCM is maliciously moved
It removes, then will this time equipment be forbidden to start.
Specifically, active safety measurement be franchise domain system the exclusive function module in TPCM is measured, authorize and
Certification.
Step 3:Non-privileged domain operation system starts.
Specifically, the measurement service in TPCM carries out credible measurement to non-privileged domain operation system start-up course, including hard
The measurement of part.
Specifically, if not privileged domain operation system needs to carry out authentication during startup, then pass through privileged domain
TPCM carries out authentication, its startup is allowed after being verified.
Step 4:TPCM actively initiates to operate the security measure of non-privileged domain system, if measurement results are normal, into
Enter step 5;Otherwise, non-privileged domain operation system is forbidden to start.
Specifically, the active measurement service being located under TPCM environment actively initiates countermeasure according to the opportunity that specific policy is specified
The metric operations of slightly specified object, in general, default metric object is the system core content in non-privileged system, such as system
Kernel code section, the code segment of trusted software, read-only data section, policy data etc..
Specifically, when carrying out active safety metric operations, shared drive is established for franchise domain system and non-privileged domain system,
The intermediary service data generated when for being operated to security measure are stored and are interacted.
Step 5:After measurement passes through, the trusted software in non-privileged system is notified to continue to measure subsequent content, if measurement knot
Fruit is normal, then enters step 6;Otherwise, non-privileged domain operation system is forbidden to start.
Specifically, in the case of the active measurement results of core content are normal in TPCM is to non-privileged domain system, swash
Credible metric software in non-privileged domain system living, by the non-privileged domain of the credible measurement software metrics in non-privileged domain system
Other function modules in system, such as service application code segment, network connection state, access control policy.
Step 6:System enters normal operating conditions.
Technical solution in the present embodiment marks off privileged domain and non-privileged domain in systems, after terminal startup, preferentially
Make franchise domain system start to measure with self-test, after measurement passes through, degree of safety is carried out to non-privileged domain system using franchise domain system
Amount, it is crucial in ensureing privileged domain to realize the active inspection verification of the safety to non-privileged domain system and integrality
While Information Security, it is ensured that the safety of operation system and application in non-privileged domain.
Embodiment two
The present embodiment provides a kind of safe verification method, workflow is as shown in figure 3, using system as described in Figure 1
Frame, transmission and verification for carrying out sensitive data when running application program in non-privileged domain, includes the following steps:
Step 1:Sensitive data is sent to the trusted application in privileged domain by the first application program in non-privileged domain.
Specifically, the operation of the trusted application is based on the TPCM.
Specifically, first application program is any application program that can be run in intelligent terminal, and described first answers
With sensitive data is stored in program, for carrying out sensitive operation, such as verification and payment when needed.If for example, institute
It is payment class application to state the first application program, then it can be wechat wallet or millet wallet etc., and silver can be related under payment scenario
The data such as row card card number, electronic key and transaction voucher, these data are higher to security requirement, therefore can be used as in the present embodiment
Sensitive data;Alternatively, in such as traffic scene, in the voice communication content or information that some Content of communciation may be related to
Appearance may relate to trade secret and individual privacy etc., have preserve need in the case of requirement of these data to safety also compare
Higher, first application program is also required to consider that these data want safety when preserving these Content of communciation
It asks, therefore can also be used as the sensitive data in the present embodiment.
Specifically, the non-privileged domain further includes control module, for receiving the sensitive number in first application program
According to;Further, the control module credible is answered by data channel by what the sensitive data sent in the privileged domain
With.
Specifically, the data channel is shared drive, can meet privileged domain and non-privileged domain be carried out at the same time access and
Carry out the access of data.
Step 2:Trusted application in privileged domain handles the sensitive data.
Specifically, the processing can be the processing such as preservation and operation, and generate corresponding handling result.
Step 3:The trusted application sends the handling result to the non-privileged domain.
Specifically, the trusted application transmits the handling result of the sensitive data by shared drive.
Specifically, the handling result is received by the control module in non-privileged domain, and is passed by the control module
First application program is passed, first application program is further operated using the handling result.
Technical solution in the present embodiment marks off privileged domain and non-privileged domain in systems, and first in non-privileged domain
When application program carries out sensitive operation, sensitive data is transferred to the trusted application in privileged domain by data transmission channel and is carried out
Processing, and handling result is returned into first application program and carries out subsequent operation, it is sensitive in application program to ensure that
The safety of operation.
Embodiment three
Based on previous embodiment, the present embodiment provides a kind of method ensureing security of system, workflow such as Fig. 4 institutes
Show, using system framework as described in Figure 1, journey is applied for being carried out when running application program in non-privileged domain operation system
The safety verification of sequence, includes the following steps:
Step 1:The first trusted software list is stored in the control module in the non-privileged domain.
Specifically, it is software program trusty that the software in the first trusted software list, which is verified, described
The title and digital signature information of the software program trusty are stored in one trusted software list.
Step 2:When running first application program in non-privileged domain, judge first application program whether be
Software program trusty.
Specifically, when running first application program, the control module, acquisition is called to be stored in the control mould
First trusted software list in the block is arranged using the title of first application program to be launched in first trusted software
It is traversed in table, if finding the list items of same names, continues the number for judging first application program to be launched
Signing messages whether with the digital signature information corresponding to first application program that is stored in the first trusted software list
It is whether consistent, if unanimously, judging first application program for trusted application, and allow its operation;If described
The list items of same names are not found in one trusted software list, or are found that while that title is consistent but digital signature by contrast
Information is inconsistent, then judges that first application program is not trusted application, and forbid its operation.
Step 3:When it is trusted application to judge first application program, controls first application program and exist
It is run in privileged domain and non-privileged domain.
Specifically, first application program is run in non-privileged domain system, and is monitored described first in real time and applied journey
Sequence calls the control module using shared drive as data channel when sensitive operation occurs for first application program
Sensitive data and the processing result data being sequentially generated are transmitted.
Technical solution in the present embodiment marks off privileged domain and non-privileged domain in systems, the control mould in non-privileged domain
The first trusted software list is preserved in block, when user is intended to start the first application program in non-privileged domain, calls the control
Whether mould the first trusted software list in the block is trusted software to judge first application program to be started, when being judged as
Just allow its operation when trusted software, and by the cooperation of non-privileged domain and privileged domain ensures to be generated by the first application program quick
Feel the safety of operation, through this embodiment in technical solution can effectively ensure the safety of sensitive operation in application program
Property.
Example IV
Based on previous embodiment, the present embodiment provides a kind of update method of trusted software list, workflow such as Fig. 5
It is shown, using system framework as described in Figure 1, include the following steps:
Step 1:When the non-privileged domain system starts, using the second trusted software list preserved in privileged domain to institute
The the first trusted software list stated in non-privileged domain is updated.
Specifically, the second trusted software list is stored in special memory or the special external memory of the privileged domain, from
And can guarantee the second trusted software list will not be tampered.
Specifically, after carrying out security measure to the non-privileged domain using TPCM and measurement results are normal, pass through
The the second trusted software list preserved in the privileged domain is sent to the control module in the non-privileged domain by shared drive,
Whether the control module compares the first trusted software list that the second trusted software list is preserved with itself identical, if phase
It is same then without updating the first trusted software list;Using the second trusted software list to described first if differing
Trusted software list carries out cover type update.
Step 2:When needing to update the second trusted software list preserved in the privileged domain, pass through the non-privileged domain
In the second application program receive third trusted software list.
Specifically, second application program is run in the non-privileged domain system, and second application program is used for
Receive the trusted software list that user newly defines, i.e. third trusted software list.
Step 3:The control module in non-privileged domain is called, by shared drive by the third trusted software list
Send the trusted application in privileged domain to.
Step 4:The trusted application in privileged domain receives the third trusted software list, to what is preserved in privileged domain
The second trusted software list carries out cover type update.
Specifically, the second trusted software list is stored in the path in the special memory of the privileged domain or special external memory
Information preservation is in the trusted application, when trusted application receives the third trusted software row that non-privileged domain is sent
After table, the second trusted software list in specified path is covered using the third trusted software list.
A kind of method of update trusted software list is present embodiments provided, marks off privileged domain and non-privileged in systems
Domain preserves the first trusted software list in non-privileged domain, is preserved in privileged domain for updating first trusted software
The second trusted software list of list can all call described second credible soft when the franchise domain system starts every time
Part list is updated the first trusted software list, when needing to update second software matrix, calls described non-
Second application program in privileged domain sends the third trusted software list to the franchise domain system to cover
The second trusted software list is stated, to can guarantee the second trusted software list real-time update in the non-privileged domain, into
And improve the safety of system.
In several embodiments provided by the present invention, it should be understood that disclosed method and terminal can pass through it
Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the module, only
Only a kind of division of logic function, formula that in actual implementation, there may be another division manner.
In addition, in the case where not conflicting, the technical solution in above-mentioned several embodiments can be combined with each other and replace
It changes.
The module illustrated as separating component may or may not be physically separated, aobvious as module
The component shown may or may not be physical unit, you can be located at a place, or may be distributed over multiple
In network element.Some or all of module therein can be selected according to the actual needs to realize the mesh of this embodiment scheme
's.
In addition, each function module in each embodiment of the present invention can be integrated in a processing unit, it can also
It is that each unit physically exists alone, it can also be during two or more units be integrated in one unit.Above-mentioned integrated list
The form that hardware had both may be used in member is realized, can also be realized in the form of hardware adds software function module.
It is obvious to a person skilled in the art that invention is not limited to the details of the above exemplary embodiments, Er Qie
In the case of without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter
From the point of view of which point, the present embodiments are to be considered as illustrative and not restrictive, and the scope of the present invention is by appended power
Profit requires rather than above description limits, it is intended that all by what is fallen within the meaning and scope of the equivalent requirements of the claims
Variation includes within the present invention.Should not any attached associated diagram label in claim be considered as the involved right of limitation to want
It asks.Furthermore, it is to be understood that one word of " comprising " is not excluded for other units or step, odd number is not excluded for plural number.It is stated in system claims
Multiple modules or device can also be realized by software or hardware by a module or device.The first, the second equal words
It is used to indicate names, and does not represent any particular order.
Finally it should be noted that the above examples are only used to illustrate the technical scheme of the present invention and are not limiting, although reference
Preferred embodiment describes the invention in detail, it will be understood by those of ordinary skill in the art that, it can be to the present invention's
Technical solution is modified or equivalent replacement, without departing from the spirit of the technical scheme of the invention and range.
Claims (8)
1. a kind of safe verification method based on integrity detection is applied in intelligent terminal, which is characterized in that in intelligent terminal
In mark off privileged domain and non-privileged domain two parts and be separately operable, the privileged domain includes TPCM, the method includes:
Step 1:Sensitive data is sent to the trusted application in privileged domain by the first application program in non-privileged domain;
Step 2:Trusted application in privileged domain handles the sensitive data;
Step 3:The trusted application sends the handling result to the non-privileged domain.
2. a kind of safe verification method based on integrity detection as described in claim 1, which is characterized in that further include:
The operation of the trusted application in the privileged domain is based on the TPCM.
3. a kind of safe verification method based on integrity detection as claimed in claim 2, which is characterized in that further include:
Further include control module in the non-privileged domain system, for receiving the sensitive data in first application program.
4. a kind of safe verification method based on integrity detection as claimed in claim 3, which is characterized in that further include:
The sensitive data is sent to the trusted application in the privileged domain by data channel by the control module.
5. a kind of safe verification method based on integrity detection as claimed in claim 4, which is characterized in that further include:
The data channel is shared drive, can meet privileged domain and non-privileged domain system is carried out at the same time access and carries out data
Access.
6. a kind of safe verification method based on integrity detection as claimed in claim 5, which is characterized in that further include:
The processing, and can be to generate corresponding handling result to preserve and calculation process.
7. a kind of safe verification method based on integrity detection as claimed in claim 6, which is characterized in that further include:
The trusted application transmits the handling result of the sensitive data by shared drive.
8. a kind of safe verification method based on integrity detection as claimed in claim 7, which is characterized in that further include:
The handling result is received by the control module in non-privileged domain, and passes to described first by the control module
Application program, first application program are further operated using the handling result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810393114.5A CN108614975A (en) | 2018-04-27 | 2018-04-27 | A kind of safe verification method based on integrity detection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810393114.5A CN108614975A (en) | 2018-04-27 | 2018-04-27 | A kind of safe verification method based on integrity detection |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108614975A true CN108614975A (en) | 2018-10-02 |
Family
ID=63661195
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810393114.5A Pending CN108614975A (en) | 2018-04-27 | 2018-04-27 | A kind of safe verification method based on integrity detection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108614975A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111796779A (en) * | 2020-06-23 | 2020-10-20 | 天津光电通信技术有限公司 | Credible judgment method and system for active measurement of printer |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103812862A (en) * | 2014-01-23 | 2014-05-21 | 厦门密安信息技术有限责任公司 | Dependable security cloud computing composition method |
| US20140259003A1 (en) * | 2013-03-07 | 2014-09-11 | Go Daddy Operating Company, LLC | Method for trusted application deployment |
| CN105791284A (en) * | 2016-02-29 | 2016-07-20 | 华为技术有限公司 | Secure data transmission device and method |
| CN106650422A (en) * | 2016-10-13 | 2017-05-10 | 中国科学院信息工程研究所 | System and method for using TrustZone technology to prevent leakage of sensitive data of third-party input method |
-
2018
- 2018-04-27 CN CN201810393114.5A patent/CN108614975A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140259003A1 (en) * | 2013-03-07 | 2014-09-11 | Go Daddy Operating Company, LLC | Method for trusted application deployment |
| CN103812862A (en) * | 2014-01-23 | 2014-05-21 | 厦门密安信息技术有限责任公司 | Dependable security cloud computing composition method |
| CN105791284A (en) * | 2016-02-29 | 2016-07-20 | 华为技术有限公司 | Secure data transmission device and method |
| CN106650422A (en) * | 2016-10-13 | 2017-05-10 | 中国科学院信息工程研究所 | System and method for using TrustZone technology to prevent leakage of sensitive data of third-party input method |
Non-Patent Citations (1)
| Title |
|---|
| 张焕国 等: "《可信计算》", 31 August 2011, 武汉大学出版社 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111796779A (en) * | 2020-06-23 | 2020-10-20 | 天津光电通信技术有限公司 | Credible judgment method and system for active measurement of printer |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109492420B (en) | Model parameter training method, terminal, system and medium based on federal learning | |
| US20160203320A1 (en) | Privacy Protection for Mobile Devices | |
| US11025415B2 (en) | Cryptographic operation method, method for creating working key, cryptographic service platform, and cryptographic service device | |
| CN105975864A (en) | Operation system starting method and device, and terminal | |
| CN104660557B (en) | operation processing method and device | |
| US11640730B2 (en) | Method and apparatus for configuring automobile diagnostic function and automobile diagnostic device | |
| CN109583226A (en) | Data desensitization process method, apparatus and electronic equipment | |
| CN108595964A (en) | A kind of credible platform control module implementation method based on firmware | |
| CN108256303A (en) | Electronic device, auth method and storage medium | |
| CN107463380B (en) | Message treatment method, device and electronic equipment | |
| US11841972B2 (en) | System and method to safeguarding sensitive information in cobrowsing session | |
| CN108664772A (en) | A method of ensureing security of system | |
| KR101672627B1 (en) | User individual information providing method and system using verifying personal identity | |
| CN113569263A (en) | Secure processing method and device for cross-private-domain data and electronic equipment | |
| CN108256355A (en) | The method and device of BIOS integralities is verified when refreshing BIOS outside a kind of band | |
| CN108614975A (en) | A kind of safe verification method based on integrity detection | |
| CN108985040B (en) | Method and apparatus, storage medium and the processor logged in using cipher key | |
| CN108596598A (en) | A kind of update method of trusted software list | |
| CN107193484A (en) | Method and apparatus for data storage service | |
| CN114936365B (en) | System, method and device for protecting secret data | |
| CN105590379A (en) | POS terminal and method executed therein | |
| CN113190200B (en) | Exhibition data security protection method and device | |
| CN113961911A (en) | Model data sending method, model data integration method and device | |
| CN108322907A (en) | One kind opening chucking method and terminal | |
| CN113657914A (en) | Commodity tracing method based on block chain, computer device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181002 |
|
| RJ01 | Rejection of invention patent application after publication |