CN108804935A - A kind of safety encryption storage system and method based on TrustZone - Google Patents

A kind of safety encryption storage system and method based on TrustZone Download PDF

Info

Publication number
CN108804935A
CN108804935A CN201810572020.4A CN201810572020A CN108804935A CN 108804935 A CN108804935 A CN 108804935A CN 201810572020 A CN201810572020 A CN 201810572020A CN 108804935 A CN108804935 A CN 108804935A
Authority
CN
China
Prior art keywords
module
encryption
data
safety
performing environment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810572020.4A
Other languages
Chinese (zh)
Inventor
龙荣平
韦熙
廖丁石
李果
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Asean Information Port Ltd By Share Ltd
Original Assignee
China Asean Information Port Ltd By Share Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Asean Information Port Ltd By Share Ltd filed Critical China Asean Information Port Ltd By Share Ltd
Priority to CN201810572020.4A priority Critical patent/CN108804935A/en
Publication of CN108804935A publication Critical patent/CN108804935A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2105Dual mode as a secondary aspect
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Mathematical Physics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to mobile device field of encryption.A kind of safety encryption storage system and method based on TrustZone, are applied to mobile device, the mobile device is divided into credible performing environment and common performing environment, increases security module in the credible performing environment in advance;The security module includes data-interface, coding/decoding module, encryption authentication module, safety status classification module, determining module and memory module.The security module of the present invention is set up to be stored according to standard certificate form encrypted authentication, can be provided different grades of encryption and storage protection according to different demands for security, new form is provided for secure storage.

Description

A kind of safety encryption storage system and method based on TrustZone
Technical field
The invention belongs to mobile device field of encryption, and in particular to a kind of safety encryption storage system based on TrustZone System and method.
Background technology
In face of the system vulnerability to emerge one after another, credible performing environment (trusted execution environment, TEE) technology is increasingly becoming research hotspot, and TEE technologies are capable of providing hardware isolated guarantee, even if entire kernel is controlled by attacker It makes, the sensitive application inside TEE still can safe operation.TrustZone realizes technology as the distinctive TEE of ARM frameworks, at present It is supported extensively by mainstream mobile embedded type equipment.ARM system on chip resources are divided into 2 independent execution domains by TrustZone: Common world and safer world.Wherein safer world possesses higher execution permission, common world program can not to its resource into Row accesses.Therefore, common world operation be normally applied with commercial operation system (Android, Linux etc.), and by sensitive application It is deployed in safer world, has become the TEE realization methods of mobile platform mainstream.
Although TrustZone solves the problems, such as the inherently safe of operating system layer, existing safety to a certain extent It about sensitive data in, is mainly stored encrypted in the memory of end side, safety of this storage mode for data Property is relatively low, is easy to be acquired and crack by force.Based on the secure side of TrustZone mechanism, since internal resource is limited, Hen Duofang Case is all to run some simple algorithms to realize verification to ensure safety, lacks a secure side according to standard certificate form Case causes data storage dangerous.
Invention content
It is an object of the invention in view of the above-mentioned problems, providing a kind of safety encryption storage system based on TrustZone System and method, security module is set up to be stored according to standard certificate form encrypted authentication, can be carried according to different demands for security For different grades of encryption and storage protection, new form is provided for secure storage.
In view of this, an aspect of of the present present invention provides a kind of safety encryption storage system based on TrustZone, application In mobile device, the mobile device is divided into credible performing environment and common performing environment, the credible execution ring in advance Increase security module in border;The security module includes data-interface, coding/decoding module, encryption authentication module, safe class stroke Sub-module, determining module and memory module, wherein
The data-interface is asked, resolve command data for receiving the trusted service from common performing environment, and will Coded data incoming API passes to coding/decoding module;
The coding/decoding module is decoded processing to the data parameters of reception, and is sent to encryption authentication module;
Authentication module is encrypted, for being encrypted, signing to sensitive data and authentication operation obtains encryption data, and is sent Into safety status classification module;
Safety status classification module, the safe class for dividing the encryption data, and it is sent to determining module;
When for being stored to the encryption data, the encryption number is determined according to the safe class for determining module According to being stored in the credible performing environment or hardware encryption chip;
Memory module, the instruction for receiving determining module, is written encryption data.
Further, the encryption authentication module includes preparing submodule, digital certificate signature submodule and digital certificate Sign test submodule, the preparation submodule connect the coding/decoding module and digital certificate signature submodule;The digital certificate Sign test submodule connects the safety status classification module;
The preparation submodule, for preparing digital certificate system in advance in mobile device;
The digital certificate signature submodule is signed for being directed to user's request using digital certificate private key;
The digital certificate sign test submodule, the identity of the user for certification request simultaneously ensure described in user's non-repudiation Request, authentication mode includes the legitimacy and validity, the integrality and correctness of the signature for verifying the digital certificate.
Further, user's sensitive data include user account information, individual privacy information, pay invoice information and It is one or more in enterprise's secret file.
Further, the mobile device is mobile phone or tablet computer.
Another aspect of the present invention proposes a kind of safety encryption storage method based on TrustZone, this method application In mobile device, the mobile device is divided into credible performing environment and common performing environment, the credible execution ring in advance Increase security module in border, the credible execution ring is stored in for user's sensitive data to be encrypted, and by encryption data In border;The common performing environment provides normal operating system operation, and normal operating system calls common applications operation, should Method includes the following steps:
S1, data-interface receive the trusted service request from common performing environment, resolve command data, and API is passed The coded data entered passes to coding/decoding module;
S2, coding/decoding module are decoded processing to the data parameters of reception, and are sent to encryption authentication module;
S3, encryption authentication module are encrypted sensitive data, sign and authentication operation obtains encryption data, and be sent to In safety status classification module;
S4, safety status classification module divide the safe class of the encryption data, and are sent to determining module;
When S5, determining module store the encryption data, the encryption data is determined according to the safe class It is stored in the credible performing environment or hardware encryption chip;
S6, memory module receive the instruction of determining module, and encryption data is written.
Further, in the step S3, the encryption and authentication method for encrypting authentication module includes:Match in advance in mobile device Digital certificate system processed;It asks to sign using digital certificate private key for user;The identity of the user of certification request and guarantor It is asked described in card user's non-repudiation, authentication mode includes the legitimacy and validity, the signature for verifying the digital certificate Integrality and correctness.
Further, user's sensitive data include user account information, individual privacy information, pay invoice information and It is one or more in enterprise's secret file.
Further, the mobile device is mobile phone or tablet computer.
Compared with prior art, the invention has the advantages that:
Safety encryption storage system provided by the invention based on TrustZone, is received from outside using data-interface and is passed The data parameters of reception are decoded processing by the data come using coding/decoding module, using encryption authentication module to sensitive number According to being encrypted, sign and authentication operation obtains encryption data;The encryption data is divided using safety status classification module Safe class determines that the encryption data is stored in the credible performing environment or hardware encryption chip using determining module; Specific storing process carries out under credible performing environment, account information, individual privacy information, pay invoice information and the enterprise of user The sensitive informations such as industry secret file are stored under credible performing environment by security module, are avoided during encrypting sign test, User sensitive information generates privacy leakage in common performing environment, and the hidden danger etc. that property is stolen ensure that the safety of information, Security module is set up simultaneously stores according to standard certificate form encrypted authentication, and enough according to different demands for security, provides not The encryption of ad eundem and storage protection provide new form for secure storage.
Special study course is not needed when use of the present invention, use is responded both for user's request, passed through one by one Mobile device prompt is completed, compared to the prior art in safety encryption storage system, agree with the use habit of user, make With very convenient, safety during use and privacy are also improved while easy-to-use.
Safety encryption storage system and method provided by the invention based on TrustZone can be applied to any have The Intelligent mobile equipment of credible performing environment does not need specific equipment, in the usually portable mobile device of user i.e. It can carry out, such as mobile phone, tablet computer equipment, user experience can be made more preferable, safety higher.
Description of the drawings
Fig. 1 is a kind of Organization Chart of the safety encryption storage system based on TrustZone of the present invention;
Fig. 2 is the structural schematic diagram of the security module of the present invention;
Fig. 3 is the structural schematic diagram of another security module of the present invention;
Fig. 4 is a kind of flow chart of the safety encryption storage method based on TrustZone of the present invention;
Wherein, in attached drawing label for:1- mobile devices;Performing environment that 2- is credible;The common performing environments of 3-;The safe moulds of 4- Block;5- data-interfaces;6- coding/decoding modules;7- encrypts authentication module;8- safety status classification modules;9- determining modules;10- is deposited Store up module;11- prepares submodule;12- digital certificate signature submodules;13- digital certificate sign test submodules;14- encryption datas; S1~S6- method and steps.
Specific implementation mode
The invention will be further described with embodiment below in conjunction with the accompanying drawings.It should be noted that the specific reality of the present invention It applies example and is intended merely to the clearer description technique scheme of energy, and cannot function as a kind of limitation of the scope of the present invention.
In view of this, an aspect of of the present present invention provides a kind of safety encryption storage system based on TrustZone, application In mobile device 1, -2 are please referred to Fig.1, the mobile device 1 is divided into credible performing environment 2 and common performing environment in advance 3, increase security module 4 in the credible performing environment 2;The security module 4 includes data-interface 5, coding/decoding module 6, adds Close authentication module 7, safety status classification module 8, determining module 9 and memory module 10, wherein
The data-interface 5 is asked, resolve command data for receiving the trusted service from common performing environment 3, and The API coded datas being passed to are passed into coding/decoding module 6;
The coding/decoding module 6 is decoded processing to the data parameters of reception, and is sent to encryption authentication module 7;
Authentication module 7 is encrypted, for being encrypted, signing to sensitive data and authentication operation obtains encryption data 14, and It is sent in safety status classification module 8;
Safety status classification module 8, the safe class for dividing the encryption data 14, and it is sent to determining module 9;
When for being stored to the encryption data 14, the encryption is determined according to the safe class for determining module 9 Data 14 are stored in the credible performing environment 2 or hardware encryption chip;
Encryption data 14 is written in memory module 10, the instruction for receiving determining module 9.
Safety encryption storage system provided by the invention based on TrustZone, is received from outside using data-interface 5 and is passed The data parameters of reception are decoded processing by the data come using coding/decoding module 6, using encryption authentication module 7 to sensitivity Data are encrypted, sign and authentication operation obtains encryption data 14;The encryption number is divided using safety status classification module 8 According to 14 safe class, determine that the encryption data 14 is stored in the credible performing environment 2 or hardware using determining module 9 Encryption chip;Specific storing process in the 2 times progress of credible performing environment, order by the account information of user, individual privacy information, payment The sensitive informations such as single information and enterprise's secret file are stored for 2 times in credible performing environment by security module 4, are avoided and are being encrypted During sign test, user sensitive information generates privacy leakage in common performing environment 3, and the hidden danger etc. that property is stolen ensures The safety of information, while security module 4 is set up and is stored according to standard certificate form encrypted authentication, and it is enough according to different peaces Full demand provides different grades of encryption and storage protection, and new form is provided for secure storage.
Referring to Fig. 3, in the technical scheme, the encryption authentication module 7 includes preparing submodule 11, digital certificate label Name submodule 12 and digital certificate sign test submodule 13, the preparation submodule 11 connects the coding/decoding module 6 and number is demonstrate,proved Bookmark name submodule 12;The digital certificate sign test submodule 13 connects the safety status classification module 8;
The preparation submodule 11, for preparing digital certificate system in advance in mobile device 1;
The digital certificate signature submodule 12 is signed for being directed to user's request using digital certificate private key;Institute It states digital certificate signature and has non-repudiation, the non-repudiation realized with official seal, signature etc. in actual life on the net may be used It is realized with digital signature by digital certificate.The digital image of the not written signature of digital signature, in private cipher key Password is carried out under control to message itself to change to be formed.Digital signature can realize the anti-tamper of message, anti-counterfeiting and anti-repudiation.
The digital certificate sign test submodule 13, the identity of the user for certification request simultaneously ensure user's non-repudiation institute Request is stated, authentication mode includes the legitimacy and validity, the integrality and correctness of the signature for verifying the digital certificate.
Wherein, user's sensitive data includes user account information, individual privacy information, pay invoice information and enterprise It is one or more in secret file.
Safety encryption storage system provided by the invention based on TrustZone, can be applied to any have credible hold The Intelligent mobile equipment 1 of row environment 2, does not need specific equipment, can be on user usually portable mobile device 1 Row, such as mobile phone, tablet computer equipment, can make user experience more preferable, safety higher.
In the concrete realization, this programme protects the internal storage data of mobile device 1, above-mentioned module can be with pair The hardware cell for answering function can also be the hardware of advance burning program.For example, based on the secure and trusted of TrustZone technologies Performing environment 2 is capable of providing hardware based security service, and when operation, user is passed to various coding lattice by data-interface 5API The data of formula, the various codings such as abstract data ASN.1, base64;Then, coding/decoding module 6 carries out incoming data first Corresponding decoding, meanwhile, the data analysis and synthesis of the certificate format of various standards are provided as needed;Furthermore encrypt certification Module 7 is to the encryption and decryption of data, the verification signature of certificate and signature operation;Then by safety status classification module 8 to encryption Data 14 carry out the division of safe class, determine that the encryption data 14 is stored in the credible performing environment 2 by determining module 9 Or hardware encryption chip;Last memory module 10 is stored.
Another aspect of the present invention proposes a kind of safety encryption storage method based on TrustZone, this method application In mobile device 1, the mobile device 1 is divided into credible performing environment 2 and common performing environment 3 in advance, described credible to hold Increase security module 4 in row environment 2, for user's sensitive data to be encrypted, and by encryption data 14 be stored in it is described can Believe in performing environment 2;The common performing environment 3 provides normal operating system operation, and normal operating system calls common application Program is run, referring to Fig. 4, this method comprises the following steps:
S1, data-interface 5 receive the trusted service request from common performing environment 3, resolve command data, and by API Incoming coded data passes to coding/decoding module 6;
S2, coding/decoding module 6 are decoded processing to the data parameters of reception, and are sent to encryption authentication module 7;
S3, encryption authentication module 7 are encrypted sensitive data, sign and authentication operation obtains encryption data 14, concurrently It is sent in safety status classification module 8;
S4, safety status classification module 8 divide the safe class of the encryption data 14, and are sent to determining module 9;
When S5, determining module 9 store the encryption data 14, the encryption number is determined according to the safe class It is stored in the credible performing environment 2 or hardware encryption chip according to 14;
S6, memory module 10 receive the instruction of determining module 9, and encryption data 14 is written.
Wherein, in the step S3, the encryption and authentication method of encryption authentication module 7 includes:Digital certificate system is prepared in advance System, digital certificate signature process and digital certificate sign test process.Encryption and authentication method is specially:It is prepared in advance in mobile device 1 Digital certificate system;It asks to sign using digital certificate private key for user;The identity of the user of certification request and guarantee It is asked described in user's non-repudiation, authentication mode includes the legitimacy and validity, the signature for verifying the digital certificate Integrality and correctness.
In the technical scheme, user's sensitive data includes user account information, individual privacy information, pay invoice It is one or more in information and enterprise's secret file.
Wherein, the mobile device 1 is mobile phone or tablet computer.
Special study course is not needed when use of the present invention, use is responded both for user's request, passed through one by one The prompt of mobile device 1 is completed, compared to the prior art in safety encryption storage system, agree with the use habit of user, Using very convenient, safety during use and privacy are also improved while easy-to-use.
Above description is the detailed description for the present invention preferably possible embodiments, but embodiment is not limited to this hair Bright patent claim, it is all the present invention suggested by technical spirit under completed same changes or modifications change, should all belong to In the covered the scope of the claims of the present invention.

Claims (8)

1. a kind of safety encryption storage system based on TrustZone, is applied to mobile device, the mobile device is drawn in advance It is divided into credible performing environment and common performing environment, increases security module in the credible performing environment;It is characterized in that:It is described Security module includes data-interface, coding/decoding module, encryption authentication module, safety status classification module, determining module and storage Module, wherein
The data-interface is asked, resolve command data for receiving trusted service from common performing environment, and by API Incoming coded data passes to coding/decoding module;
The coding/decoding module is decoded processing to the data parameters of reception, and is sent to encryption authentication module;
Authentication module is encrypted, for being encrypted, signing to sensitive data and authentication operation obtains encryption data, and is sent to peace In congruent grade division module;
Safety status classification module, the safe class for dividing the encryption data, and it is sent to determining module;
Determining module when for being stored to the encryption data, determines that the encryption data is deposited according to the safe class It is stored in the credible performing environment or hardware encryption chip;
Memory module, the instruction for receiving determining module, is written encryption data.
2. a kind of safety encryption storage system based on TrustZone according to claim 1, it is characterised in that:It is described It includes preparing submodule, digital certificate signature submodule and digital certificate sign test submodule to encrypt authentication module, described to match system Module connects the coding/decoding module and digital certificate signature submodule;The digital certificate sign test submodule connects the safety Grade classification module;
The preparation submodule, for preparing digital certificate system in advance in mobile device;
The digital certificate signature submodule is signed for being directed to user's request using digital certificate private key;
The digital certificate sign test submodule, the identity of the user for certification request simultaneously ensure to ask described in user's non-repudiation It asks, authentication mode includes the legitimacy and validity, the integrality and correctness of the signature for verifying the digital certificate.
3. a kind of safety encryption storage system based on TrustZone according to claim 1, it is characterised in that:It is described User's sensitive data includes one kind in user account information, individual privacy information, pay invoice information and enterprise's secret file Or it is a variety of.
4. a kind of safety encryption storage system based on TrustZone according to claim 1, it is characterised in that:It is described Mobile device is mobile phone or tablet computer.
5. a kind of safety encryption storage method based on TrustZone, it is characterised in that:Applied to mobile device, the movement Equipment is divided into credible performing environment and common performing environment in advance, increases security module in the credible performing environment, is used It is encrypted in user's sensitive data, and encryption data is stored in the credible performing environment;The common execution ring Border provides normal operating system operation, and normal operating system calls common applications operation, and this method comprises the following steps:
S1, data-interface receive the trusted service request from common performing environment, resolve command data, and API is passed to Coded data passes to coding/decoding module;
S2, coding/decoding module are decoded processing to the data parameters of reception, and are sent to encryption authentication module;
S3, encryption authentication module are encrypted sensitive data, sign and authentication operation obtains encryption data, and be sent to safety In grade classification module;
S4, safety status classification module divide the safe class of the encryption data, and are sent to determining module;
When S5, determining module store the encryption data, determine that the encryption data stores according to the safe class In the credible performing environment or hardware encryption chip;
S6, memory module receive the instruction of determining module, and encryption data is written.
6. a kind of safety encryption storage method based on TrustZone according to claim 5, it is characterised in that:It is described In step S3, the encryption and authentication method for encrypting authentication module includes:In advance digital certificate system is prepared in mobile device;For with Family request is signed using digital certificate private key;The identity of the user of certification request simultaneously ensures to ask described in user's non-repudiation It asks, authentication mode includes the legitimacy and validity, the integrality and correctness of the signature for verifying the digital certificate.
7. a kind of safety encryption storage method based on TrustZone according to claim 5, it is characterised in that:It is described User's sensitive data includes one kind in user account information, individual privacy information, pay invoice information and enterprise's secret file Or it is a variety of.
8. a kind of safety encryption storage method based on TrustZone according to claim 5, it is characterised in that:It is described Mobile device is mobile phone or tablet computer.
CN201810572020.4A 2018-05-31 2018-05-31 A kind of safety encryption storage system and method based on TrustZone Pending CN108804935A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810572020.4A CN108804935A (en) 2018-05-31 2018-05-31 A kind of safety encryption storage system and method based on TrustZone

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810572020.4A CN108804935A (en) 2018-05-31 2018-05-31 A kind of safety encryption storage system and method based on TrustZone

Publications (1)

Publication Number Publication Date
CN108804935A true CN108804935A (en) 2018-11-13

Family

ID=64087208

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810572020.4A Pending CN108804935A (en) 2018-05-31 2018-05-31 A kind of safety encryption storage system and method based on TrustZone

Country Status (1)

Country Link
CN (1) CN108804935A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109739522A (en) * 2019-01-03 2019-05-10 中国—东盟信息港股份有限公司 A kind of TEE OS adaption system suitable for eSIM application
CN111666560A (en) * 2020-05-28 2020-09-15 南开大学 Password management method and system based on trusted execution environment
CN113194093A (en) * 2021-04-29 2021-07-30 山东中科好靓科技有限公司 Workload proving system based on TEE
CN113612746A (en) * 2021-07-26 2021-11-05 建信金融科技有限责任公司 Sensitive information storage method and system based on Android system
CN114065240A (en) * 2021-11-10 2022-02-18 南京信易达计算技术有限公司 Storage encryption system based on domestic AI chip architecture and control method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105260663A (en) * 2015-09-15 2016-01-20 中国科学院信息工程研究所 Secure storage service system and method based on TrustZone technology
CN105512576A (en) * 2015-12-14 2016-04-20 联想(北京)有限公司 Method for secure storage of data and electronic equipment
CN107707981A (en) * 2017-09-27 2018-02-16 晶晨半导体(上海)股份有限公司 A kind of microcode signature safety management system and method based on Trustzone technologies

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105260663A (en) * 2015-09-15 2016-01-20 中国科学院信息工程研究所 Secure storage service system and method based on TrustZone technology
CN105512576A (en) * 2015-12-14 2016-04-20 联想(北京)有限公司 Method for secure storage of data and electronic equipment
CN107707981A (en) * 2017-09-27 2018-02-16 晶晨半导体(上海)股份有限公司 A kind of microcode signature safety management system and method based on Trustzone technologies

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109739522A (en) * 2019-01-03 2019-05-10 中国—东盟信息港股份有限公司 A kind of TEE OS adaption system suitable for eSIM application
CN111666560A (en) * 2020-05-28 2020-09-15 南开大学 Password management method and system based on trusted execution environment
CN113194093A (en) * 2021-04-29 2021-07-30 山东中科好靓科技有限公司 Workload proving system based on TEE
CN113612746A (en) * 2021-07-26 2021-11-05 建信金融科技有限责任公司 Sensitive information storage method and system based on Android system
CN114065240A (en) * 2021-11-10 2022-02-18 南京信易达计算技术有限公司 Storage encryption system based on domestic AI chip architecture and control method

Similar Documents

Publication Publication Date Title
TWI667585B (en) Method and device for safety authentication based on biological characteristics
CN108604345B (en) Method and device for adding bank card
CN107743133B (en) Mobile terminal and access control method and system based on trusted security environment
CN108804935A (en) A kind of safety encryption storage system and method based on TrustZone
US8935746B2 (en) System with a trusted execution environment component executed on a secure element
US10650139B2 (en) Securing temporal digital communications via authentication and validation for wireless user and access devices with securitized containers
CN110324276A (en) A kind of method, system, terminal and electronic equipment logging in application
CN105745661A (en) Policy-based trusted inspection of rights managed content
CN103279411A (en) Method and system of entering application programs based on fingerprint identification
WO2015180689A1 (en) Method and apparatus for acquiring verification information
TW201232324A (en) Tamper proof location services
RU2011153984A (en) TRUSTED AUTHORITY ADMINISTRATOR (TIM)
CN106055936A (en) Method and device for encryption/decryption of executable program data package
CN106663163A (en) Securing audio communications
US20210135868A1 (en) System and method for authenticating a transaction
CN110366183A (en) Short message safety protecting method and device
CN108335105A (en) Data processing method and relevant device
WO2015117523A1 (en) Access control method and device
CN105975867A (en) Data processing method
CN104463013A (en) Mobile terminal and data encryption method thereof
WO2020088323A1 (en) Capability exposure method and device
CN106686585A (en) Binding method and system
CN113051542A (en) Two-dimensional code processing method and equipment
CN107026730B (en) Data processing method, device and system
CN108197500A (en) A kind of storage system and method based on TrustZone Security and Integrality of Data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181113

RJ01 Rejection of invention patent application after publication