CN110096881A - Malice calls means of defence, device, equipment and computer-readable medium - Google Patents
Malice calls means of defence, device, equipment and computer-readable medium Download PDFInfo
- Publication number
- CN110096881A CN110096881A CN201910377120.6A CN201910377120A CN110096881A CN 110096881 A CN110096881 A CN 110096881A CN 201910377120 A CN201910377120 A CN 201910377120A CN 110096881 A CN110096881 A CN 110096881A
- Authority
- CN
- China
- Prior art keywords
- client application
- calling
- application
- performing environment
- credible performing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
Abstract
The present invention proposes that a kind of malice calls means of defence, device, equipment and computer-readable medium, which comprises obtains the request of the credible performing environment resource of calling of client application;The client application is verified;If verified successfully, allow to call the credible performing environment resource.When client application calls credible performing environment resource, the case where verifying to client application, can preventing credible performing environment resource from maliciously being called, the embodiment of the present invention occurs.
Description
Technical field
The present invention relates to system calling technology field more particularly to a kind of malice call means of defence and device, equipment and
Computer-readable medium.
Background technique
Current chip processor mobile payment, Secure Transaction scene in application it is more and more wider, therefore to processing
The requirement of the security of system of device is higher.For example, to improve security of system, ARM company is introducing TrustZone (trust
Area) technology, provide protection and isolation of the chip-scale to hardware resource.TrustZone is conceptually by SoC's (system on chip)
Hardware and software resource is divided into safer world (Secure World) and the non-security world (Normal World) two worlds.
TEE (trusted execution environment, credible performing environment) is the operating system for operating in safer world, is
The operating system REE (Rich Execution Environment, application runtime environment) in the non-security world provides security service.
However, it is a kind of sensitive behavior that application program, which is called TEE under REE environment, and currently without to this
It calls and corresponding monitoring and protection is provided, it is possible to which there is a situation where malice to call.
Summary of the invention
The embodiment of the present invention provides a kind of malice and calls means of defence, device, equipment and computer-readable medium, to solve
Or alleviate one or more technical problems in the prior art.
In a first aspect, the embodiment of the invention provides a kind of malice to call means of defence, comprising:
Obtain the request of the credible performing environment resource of calling of client application;
The client application is verified;
If verified successfully, allow to call the credible performing environment resource.
In one embodiment, the request of the credible performing environment resource of calling of client application is obtained, comprising:
Obtain the request of the calling trusted application performance objective operation of client application.
In one embodiment, the calling trusted application performance objective operation for obtaining client application
Request, comprising:
The calling for obtaining the client application by the kernel services of credible performing environment is described to trust using journey
Sequence executes the request of the object run.
In one embodiment, further includes:
If verification failure, the result of malloc failure malloc is returned to the client application.
It is in one embodiment, described that the client application is verified, comprising:
The document and signature of the client application are obtained by the kernel services of credible performing environment;
Public key is read from storage chip;
It is verified using document and signature of the public key to the client application.
In one embodiment, allow to call the credible performing environment resource, comprising:
Allow that the trusted application is called to execute the object run;
Implementing result is returned into the client application.
It is in one embodiment, described that implementing result is returned into the client application, comprising:
Implementing result is returned into the client application by the kernel services of credible performing environment.
Second aspect, the embodiment of the invention provides a kind of malice to call protective device, comprising:
Module is obtained, the request of the credible performing environment resource of calling for obtaining client application;
Correction verification module, for being verified to the client application;
Calling module, if allowing to call the credible performing environment resource for verifying successfully.
In one embodiment, the module that obtains is specifically used for obtaining the calling trust application of client application
The request of program performance objective operation.
In one embodiment, the module that obtains is specifically used for obtaining institute by the kernel services of credible performing environment
The calling trusted application for stating client application executes the request of the object run.
In one embodiment, further includes:
Return module, if returning to the result of malloc failure malloc to the client application for verifying failure.
In one embodiment, the correction verification module includes:
Acquisition submodule, for obtaining the file of the client application by the kernel services of credible performing environment
Abstract and signature;
Reading submodule, for reading public key from storage chip;
Submodule is verified, for carrying out school using document and signature of the public key to the client application
It tests.
In one embodiment, the calling module includes:
Submodule is called, for allowing that the trusted application is called to execute the object run;
Implementation sub-module, for implementing result to be returned to the client application.
In one embodiment, the implementation sub-module is specifically used for hold by the kernel services of credible performing environment
Row result returns to the client application.
The third aspect, the embodiment of the present invention provide a kind of malice calling safeguard, and the equipment includes:
One or more processors;
Storage device, for storing one or more programs;
When one or more of programs are executed by one or more of processors, so that one or more of places
Reason device realizes that malice described in above-mentioned first aspect calls means of defence.
In a possible design, malice is called including processor and memory in the structure of safeguard, described to deposit
Reservoir calls safeguard to execute the program for maliciously calling means of defence in above-mentioned first aspect for storing support malice, described
Processor is configurable for executing the program stored in the memory.It can also include logical that the malice, which calls safeguard,
Interface is believed, for maliciously calling safeguard and other equipment or communication.
Fourth aspect, the embodiment of the invention provides a kind of computer-readable mediums, call protection dress for storing malice
Set computer software instructions used comprising the malice for executing above-mentioned first aspect calls journey involved in means of defence
Sequence.
In a kind of above-mentioned scheme, the embodiment of the present invention calls credible performing environment resource in client application
When, the case where verifying to client application, can preventing credible performing environment resource from maliciously being called, occurs.
In above-mentioned another scheme, described in kernel reception of the embodiment of the present invention by using credible performing environment system
The call request of client application, and the operating result of trusted application is back to the client application journey
Sequence, to not have to additionally carry out client application and trusted application adapting operation, compatibility is stronger.
Above-mentioned general introduction is merely to illustrate that the purpose of book, it is not intended to be limited in any way.Except foregoing description
Schematical aspect, except embodiment and feature, by reference to attached drawing and the following detailed description, the present invention is further
Aspect, embodiment and feature, which will be, to be readily apparent that.
Detailed description of the invention
In the accompanying drawings, unless specified otherwise herein, otherwise indicate the same or similar through the identical appended drawing reference of multiple attached drawings
Component or element.What these attached drawings were not necessarily to scale.It should be understood that these attached drawings depict only according to the present invention
Disclosed some embodiments, and should not serve to limit the scope of the present invention.
Fig. 1 is that the malice of one embodiment of the invention calls the flow chart of means of defence;
Fig. 2 is the specific steps flow chart of the step S120 of one embodiment of the invention;
Fig. 3 is the specific steps flow chart of the step S130 of one embodiment of the invention;
Fig. 4 is that the malice of another embodiment of the present invention calls the flow chart of protection;
Fig. 5 is that the malice of one embodiment of the invention calls the whole implementation schematic diagram of means of defence;
Fig. 6 is that the malice of one embodiment of the invention calls the connection block diagram of protective device;
Fig. 7 is that the system malice of another embodiment of the present invention calls the connection block diagram of protection;
Fig. 8 is the internal frame diagram of the correction verification module of one embodiment of the invention;
Fig. 9 is the internal frame diagram of the calling module of one embodiment of the invention;
Figure 10 is that the malice of another embodiment of the present invention calls safeguard block diagram.
Specific embodiment
Hereinafter, certain exemplary embodiments are simply just described.As one skilled in the art will recognize that
Like that, without departing from the spirit or scope of the present invention, described embodiment can be modified by various different modes.
Therefore, attached drawing and description are considered essentially illustrative rather than restrictive.The embodiment of the present invention mainly provides one kind
Logical malice calls the method and device of protection, is described separately below by the expansion that following embodiment carries out technical solution.
As shown in Figure 1, in one embodiment, the present invention provides a kind of malice to call means of defence, comprising:
S110: obtain client application (CA, client application) the credible performing environment of calling (TEE,
Trusted Execution Environment) resource request.
In one embodiment, calling T EE resource may include calling trusted application (TA, trusted
Application certain operations) are executed.The step S110 is specifically included: the calling trust for obtaining client application is answered
The request operated with program performance objective.
In one embodiment, read-write in only TEE by special-purpose software in equipment management center before equipment publication
Sustainable storage chip write-in manufacturer's public key for example, pubKEY.Furthermore, it is possible to initialize one or more pubKEY, divided
Grade management.It, can be by private key priKEY to client application when the client application (CA) is just issued
Abstract sign, and signature file is stored in extended attribute.The client application is mounted on using operation
In environment (REE, Rich Execution Environment) system.In order to be verified to client application, need
Corresponding public key is first written in sustainable storage chip.It is described sustainable to deposit for example, in order to improve the safety of signature verification
Storage chip is only capable of being read and write by TEE system, is verified in TEE system with facilitating.
Wherein, the TEE system is the secure operating system being relatively isolated, it is ensured that is not interfered by conventional operating systems
Calculating.TEE is the isolated execution environment run parallel with REE, provides security service for REE environment.TEE independently of
Application in REE and the system, is used for access hardware and software secure resources.Therefore the operation that can will be maintained secrecy
It is executed in TEE system, such as fingerprint recognition, Cipher Processing, data encryption, data deciphering, safety certification etc..Therefore in TEE
Application resource may include various trusted applications (TA), such as the application of fingerprint recognition, decryption verification Application, at password
Ought to use etc..And other operating systems or application can then execute in REE, such as operating system, the various applications of user
Program etc..For example, installing a client application (CA) in REE, which is payment application
Program.When payment application starting, then need to carry out safety verification.Such as need to carry out fingerprint authentication, then it can send out
The trusted application (TA) for instructing and being called in TEE into TEE is sent, the trusted application (TA) is fingerprint recognition application.
In one embodiment, it is obtained in the step S110 especially by the kernel services of credible performing environment (TEE)
The call request for taking the client application, do not need to trusted application (TA) and client application (CA) into
Row adapting operation, it is more convenient.
S120: the client application is verified.
As shown in Fig. 2, in one embodiment, the step S120 may include:
S121: the document and label of the client application are obtained by the kernel services of credible performing environment
Name.
S122: public key is read from storage chip.
S123: it is verified using document and signature of the public key to the client application.
In one embodiment, when carrying out signature verification, such as can be by public key to the client application journey
The abstract of sequence carries out cryptographic operation, and whether judgement is consistent with the private key signature received by the signature after public key encryption, if
It is then to be verified.
S130: if verified successfully, allow to call the credible performing environment resource.
In one embodiment, as shown in figure 3, the step S130 includes:
S131: allow that the trusted application is called to execute the object run.
For example, after fingerprint recognition application of the payment application in REE into TEE issues call request, when described
After the safety check of payment application passes through, then allow that the fingerprint recognition application execution fingerprint recognition is called to operate.
S132: implementing result is returned into the client application.
In one embodiment, the step S132 can specifically be transmitted by the kernel services of credible performing environment and be grasped
Make result it is not necessary to carry out adapting operation to trusted application (TA) and client application (CA), it is more convenient.Example
Such as, after fingerprint recognition application carries out identification operation, then the recognition result is sent to the payment application.
As shown in figure 4, in one embodiment, the method also includes steps: S140: if verification failure, is returned
The result of malloc failure malloc is returned to the client application.For example, if the payment application verification failure when,
Show that the payment application does not pass through safety certification, belong to unsafe application software, therefore refuses it to the fingerprint
Identification application is called.
As shown in figure 5, it calls the specific implementation schematic diagram of means of defence for the malice of the embodiment of the present invention.Firstly,
It include TEE operating system and REE operating system inside processor.It include trusted application (TA), institute in TEE operating system
State includes client application (CA) in REE operating system.It is taken in addition, being provided with TEE kernel in the REE operating system
Business module, for docking client application and TEE operating system.The present embodiment can be in REE inner nuclear layer and TEE inner nuclear layer
It realizes, without being adapted to TA and CA.The client application (CA) is calling the specific of trusted application (TA)
Step may include:
1, client application (CA) calls the trusted application in TEE operating system by TEE kernel services
(TA) execute corresponding operation, for example may include turn on (open) operation etc..
2, TEE operating system (OS, Operating System) obtains client application by TEE kernel services
(CA) document and signature.
3, TEE operating system reads public key, and making a summary and sign to CA using public key carries out sign test.If sign test success,
It proves that client application (CA) is application program trusty, otherwise refuses the calling to trusted application (TA), and
Return to the instruction of malloc failure malloc.
4, TEE operating system calls trusted application (TA) to execute corresponding operation, such as open action etc..
5, after TA completes open action, operation implementing result is returned to visitor by TEE kernel services by TEE operating system
Family end application program (CA).
The embodiment of the present invention carries out school to client application when client application calls trusted application
The case where testing, trusted application being prevented to be called by Malware appearance.In addition, the embodiment of the present invention by using
The kernel of credible performing environment system receives the call request of the client application, and by the behaviour of trusted application
It is back to the client application as result, to not have to additionally carry out client application and trusted application
Adapting operation, compatibility are stronger.
As shown in fig. 6, in one embodiment, the present invention also provides a kind of malice to call protective device, comprising:
Module 110 is obtained, the request of the credible performing environment resource of calling for obtaining client application.
Correction verification module 120, for being verified to the client application.
Calling module 130, if allowing to call the credible performing environment resource for verifying successfully.
In one embodiment, the module 110 that obtains is specifically used for obtaining the calling trust of client application
The request of application program performance objective operation.
In one embodiment, described to obtain the specific kernel services being also used to through credible performing environment of module 110
The calling trusted application for obtaining the client application executes the request of the object run.
As shown in fig. 7, in one embodiment, further includes:
Return module 140, if returning to the result of malloc failure malloc to the client application journey for verifying failure
Sequence.
As shown in figure 8, in one embodiment, the correction verification module 120 includes:
Acquisition submodule 121, for obtaining the client application by the kernel services of credible performing environment
Document and signature.
Reading submodule 122, for reading public key from storage chip.
Verify submodule 123, for using the public key to the document of the client application and sign into
Row verification.
As shown in figure 9, in one embodiment, the calling module 130 includes:
Submodule 131 is called, for allowing that the trusted application is called to execute the object run.
Implementation sub-module 132, for implementing result to be returned to the client application.
In one embodiment, the implementation sub-module 132 is specifically used for the kernel services by credible performing environment
Implementing result is returned into the client application.
The malice of the present embodiment calls protective device to call the principle of means of defence similar with the malice of above-described embodiment, therefore
It repeats no more.
In another embodiment, the present invention also provides a kind of malice to call safeguard, as shown in Figure 10, the equipment packet
Include: memory 510 and processor 520 are stored with the computer program that can be run on processor 520 in memory 510.It is described
Processor 520 realizes that the malice in above-described embodiment calls means of defence when executing the computer program.The memory 510
Quantity with processor 520 can be one or more.
The equipment further include:
Communication interface 530 carries out data interaction for being communicated with external device.
Memory 510 may include high speed RAM memory, it is also possible to further include nonvolatile memory (non-
Volatile memory), a for example, at least magnetic disk storage.
If memory 510, processor 520 and the independent realization of communication interface 530, memory 510,520 and of processor
Communication interface 530 can be connected with each other by bus and complete mutual communication.The bus can be Industry Standard Architecture
Structure (ISA, Industry Standard Architecture) bus, external equipment interconnection (PCI, Peripheral
Component) bus or extended industry-standard architecture (EISA, Extended Industry Standard
Component) bus etc..The bus can be divided into address bus, data/address bus, control bus etc..For convenient for expression, Figure 10
In only indicated with a thick line, it is not intended that an only bus or a type of bus.
Optionally, in specific implementation, if memory 510, processor 520 and communication interface 530 are integrated in one piece of core
On piece, then memory 510, processor 520 and communication interface 530 can complete mutual communication by internal interface.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example
Point is included at least one embodiment or example of the invention.Moreover, particular features, structures, materials, or characteristics described
It may be combined in any suitable manner in any one or more of the embodiments or examples.In addition, without conflicting with each other, this
The technical staff in field can be by the spy of different embodiments or examples described in this specification and different embodiments or examples
Sign is combined.
In addition, term " first ", " second " are used for descriptive purposes only and cannot be understood as indicating or suggesting relative importance
Or implicitly indicate the quantity of indicated technical characteristic." first " is defined as a result, the feature of " second " can be expressed or hidden
It include at least one this feature containing ground.In the description of the present invention, the meaning of " plurality " is two or more, unless otherwise
Clear specific restriction.
Any process described otherwise above or method description are construed as in flow chart or herein, and expression includes
It is one or more for realizing specific logical function or process the step of executable instruction code module, segment or portion
Point, and the range of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discussed suitable
Sequence, including according to related function by it is basic simultaneously in the way of or in the opposite order, Lai Zhihang function, this should be of the invention
Embodiment person of ordinary skill in the field understood.
Expression or logic and/or step described otherwise above herein in flow charts, for example, being considered use
In the order list for the executable instruction for realizing logic function, may be embodied in any computer-readable medium, for
Instruction execution system, device or equipment (such as computer based system, including the system of processor or other can be held from instruction
The instruction fetch of row system, device or equipment and the system executed instruction) it uses, or combine these instruction execution systems, device or set
It is standby and use.For the purpose of this specification, " computer-readable medium ", which can be, any may include, stores, communicates, propagates or pass
Defeated program is for instruction execution system, device or equipment or the dress used in conjunction with these instruction execution systems, device or equipment
It sets.
Computer-readable medium described in the embodiment of the present invention can be computer-readable signal media or computer can
Read storage medium either the two any combination.The more specific example of computer readable storage medium is at least (non-poor
Property list to the greatest extent) include the following: there is the electrical connection section (electronic device) of one or more wirings, portable computer diskette box (magnetic
Device), random access memory (RAM), read-only memory (ROM), erasable edit read-only storage (EPROM or flash
Memory), fiber device and portable read-only memory (CDROM).In addition, computer readable storage medium even can be with
It is the paper or other suitable media that can print described program on it, because can be for example by paper or the progress of other media
Optical scanner is then edited, interpreted or is handled when necessary with other suitable methods and is described electronically to obtain
Program is then stored in computer storage.
In embodiments of the present invention, computer-readable signal media may include in a base band or as carrier wave a part
The data-signal of propagation, wherein carrying computer-readable program code.The data-signal of this propagation can use a variety of
Form, including but not limited to electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media is also
It can be any computer-readable medium other than computer readable storage medium, which can send, pass
It broadcasts or transmits for instruction execution system, input method or device use or program in connection.Computer can
The program code for reading to include on medium can transmit with any suitable medium, including but not limited to: wirelessly, electric wire, optical cable, penetrate
Frequently (Radio Frequency, RF) etc. or above-mentioned any appropriate combination.
It should be appreciated that each section of the invention can be realized with hardware, software, firmware or their combination.Above-mentioned
In embodiment, software that multiple steps or method can be executed in memory and by suitable instruction execution system with storage
Or firmware is realized.It, and in another embodiment, can be under well known in the art for example, if realized with hardware
Any one of column technology or their combination are realized: having a logic gates for realizing logic function to data-signal
Discrete logic, with suitable combinational logic gate circuit specific integrated circuit, programmable gate array (PGA), scene
Programmable gate array (FPGA) etc..
Those skilled in the art are understood that realize all or part of step that above-described embodiment method carries
It suddenly is that relevant hardware can be instructed to complete by program, the program can store in a kind of computer-readable storage medium
In matter, which when being executed, includes the steps that one or a combination set of embodiment of the method.
It, can also be in addition, each functional unit in each embodiment of the present invention can integrate in a processing module
It is that each unit physically exists alone, can also be integrated in two or more units in a module.Above-mentioned integrated mould
Block both can take the form of hardware realization, can also be realized in the form of software function module.The integrated module is such as
Fruit is realized and when sold or used as an independent product in the form of software function module, also can store in a computer
In readable storage medium storing program for executing.The storage medium can be read-only memory, disk or CD etc..
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
Those familiar with the art in the technical scope disclosed by the present invention, can readily occur in its various change or replacement,
These should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with the guarantor of the claim
It protects subject to range.
Claims (16)
1. a kind of malice calls means of defence characterized by comprising
Obtain the request of the credible performing environment TEE resource of calling of client application;
The client application is verified;
If verified successfully, allow to call the credible performing environment resource.
2. the method according to claim 1, wherein obtaining the credible performing environment of calling of client application
The request of resource, comprising:
Obtain the request of the calling trusted application performance objective operation of client application.
3. according to the method described in claim 2, it is characterized in that, the calling for obtaining client application trusts application
The request of program performance objective operation, comprising:
The calling for obtaining the client application by the kernel services of the credible performing environment trusted application is held
The request of the row object run.
4. the method according to claim 1, wherein further include:
If verification failure, the result of malloc failure malloc is returned to the client application.
5. being wrapped the method according to claim 1, wherein described verify the client application
It includes:
The document and signature of the client application are obtained by the kernel services of credible performing environment;
Public key is read from storage chip;
It is verified using document and signature of the public key to the client application.
6. according to the method described in claim 2, it is characterized in that, allowing to call the credible performing environment resource, comprising:
Allow that the trusted application is called to execute the object run;
Implementing result is returned into the client application.
7. according to the method described in claim 6, it is characterized in that, described return to the client application journey for implementing result
Sequence, comprising:
Implementing result is returned into the client application by the kernel services of credible performing environment.
8. a kind of malice calls protective device characterized by comprising
Module is obtained, the request of the credible performing environment resource of calling for obtaining client application;
Correction verification module, for being verified to the client application;
Calling module, if allowing to call the credible performing environment resource for verifying successfully.
9. device according to claim 8, which is characterized in that the acquisition module is specifically used for obtaining client application journey
The request of the calling trusted application performance objective operation of sequence.
10. device according to claim 9, which is characterized in that the acquisition module is specifically used for passing through credible execution ring
The calling trusted application that the kernel services in border obtain the client application executes asking for the object run
It asks.
11. device according to claim 8, which is characterized in that further include:
Return module, if returning to the result of malloc failure malloc to the client application for verifying failure.
12. device according to claim 8, which is characterized in that the correction verification module includes:
Acquisition submodule, for obtaining the document of the client application by the kernel services of credible performing environment
And signature;
Reading submodule, for reading public key from storage chip;
Submodule is verified, for verifying using document and signature of the public key to the client application.
13. device according to claim 9, which is characterized in that the calling module includes:
Submodule is called, for allowing that the trusted application is called to execute the object run;
Implementation sub-module, for implementing result to be returned to the client application.
14. device according to claim 13, which is characterized in that the implementation sub-module is specifically used for passing through credible execution
Implementing result is returned to the client application by the kernel services of environment.
15. a kind of malice calls safeguard, which is characterized in that the equipment includes:
One or more processors;
Storage device, for storing one or more programs;
When one or more of programs by one or more of processors execute according to when so that one or more of places
It manages device and realizes that the malice as described in any in claim 1-7 calls means of defence.
16. a kind of computer-readable medium, is stored with computer program, which is characterized in that when the program is executed by processor
Realize that the malice as described in any in claim 1-7 calls means of defence.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910377120.6A CN110096881A (en) | 2019-05-07 | 2019-05-07 | Malice calls means of defence, device, equipment and computer-readable medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910377120.6A CN110096881A (en) | 2019-05-07 | 2019-05-07 | Malice calls means of defence, device, equipment and computer-readable medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110096881A true CN110096881A (en) | 2019-08-06 |
Family
ID=67447278
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910377120.6A Pending CN110096881A (en) | 2019-05-07 | 2019-05-07 | Malice calls means of defence, device, equipment and computer-readable medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110096881A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110555293A (en) * | 2019-09-10 | 2019-12-10 | 百度在线网络技术(北京)有限公司 | Method, apparatus, electronic device and computer readable medium for protecting data |
CN111191203A (en) * | 2020-01-02 | 2020-05-22 | 北京字节跳动网络技术有限公司 | Identity verification method and device |
CN112448819A (en) * | 2020-11-06 | 2021-03-05 | 支付宝(杭州)信息技术有限公司 | Method and device for generating verification and signature files of Internet of things equipment |
CN112446033A (en) * | 2020-12-11 | 2021-03-05 | 中国科学院信息工程研究所 | Software trusted starting method and device, electronic equipment and storage medium |
CN113553125A (en) * | 2020-04-26 | 2021-10-26 | 中移(成都)信息通信科技有限公司 | Calling method, device and equipment of trusted application program and computer storage medium |
CN115037482A (en) * | 2022-06-10 | 2022-09-09 | 维沃移动通信有限公司 | Fraud detection method and device, electronic equipment and readable storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105978917A (en) * | 2016-07-19 | 2016-09-28 | 恒宝股份有限公司 | System and method for trusted application security authentication |
CN106295350A (en) * | 2015-06-04 | 2017-01-04 | 联想移动通信软件(武汉)有限公司 | Auth method, device and the terminal of a kind of credible execution environment |
US20170091444A1 (en) * | 2015-09-26 | 2017-03-30 | Mcafee, Inc. | Hardware-enforced code paths |
CN109547451A (en) * | 2018-11-30 | 2019-03-29 | 四川长虹电器股份有限公司 | The method of authentic authentication service authentication based on TEE |
-
2019
- 2019-05-07 CN CN201910377120.6A patent/CN110096881A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106295350A (en) * | 2015-06-04 | 2017-01-04 | 联想移动通信软件(武汉)有限公司 | Auth method, device and the terminal of a kind of credible execution environment |
US20170091444A1 (en) * | 2015-09-26 | 2017-03-30 | Mcafee, Inc. | Hardware-enforced code paths |
CN105978917A (en) * | 2016-07-19 | 2016-09-28 | 恒宝股份有限公司 | System and method for trusted application security authentication |
CN109547451A (en) * | 2018-11-30 | 2019-03-29 | 四川长虹电器股份有限公司 | The method of authentic authentication service authentication based on TEE |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110555293A (en) * | 2019-09-10 | 2019-12-10 | 百度在线网络技术(北京)有限公司 | Method, apparatus, electronic device and computer readable medium for protecting data |
CN111191203A (en) * | 2020-01-02 | 2020-05-22 | 北京字节跳动网络技术有限公司 | Identity verification method and device |
CN113553125A (en) * | 2020-04-26 | 2021-10-26 | 中移(成都)信息通信科技有限公司 | Calling method, device and equipment of trusted application program and computer storage medium |
CN113553125B (en) * | 2020-04-26 | 2024-03-19 | 中移(成都)信息通信科技有限公司 | Method, device and equipment for calling trusted application program and computer storage medium |
CN112448819A (en) * | 2020-11-06 | 2021-03-05 | 支付宝(杭州)信息技术有限公司 | Method and device for generating verification and signature files of Internet of things equipment |
CN112446033A (en) * | 2020-12-11 | 2021-03-05 | 中国科学院信息工程研究所 | Software trusted starting method and device, electronic equipment and storage medium |
CN115037482A (en) * | 2022-06-10 | 2022-09-09 | 维沃移动通信有限公司 | Fraud detection method and device, electronic equipment and readable storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110096881A (en) | Malice calls means of defence, device, equipment and computer-readable medium | |
CN105447406B (en) | A kind of method and apparatus for accessing memory space | |
US10078599B2 (en) | Application access control method and electronic apparatus implementing the same | |
US8768303B2 (en) | Telecommunications chip card and mobile telephone device | |
CN107038369A (en) | The method and terminal of a kind of resources accessing control | |
CN110826043B (en) | Digital identity application system and method, identity authentication system and method | |
CN100478970C (en) | Method for enabling a trusted dialog for collection of sensitive data | |
CN106778337B (en) | Document protection method, device and terminal | |
CN105701423B (en) | Date storage method and device applied to high in the clouds payment transaction | |
CN107181714A (en) | Verification method and device, the generation method of service code and device based on service code | |
JP5049185B2 (en) | Information security apparatus, security system, and input information leakage prevention method | |
CN108335105A (en) | Data processing method and relevant device | |
KR102180529B1 (en) | Application access control method and electronic device implementing the same | |
CN105282117A (en) | Access control method and device | |
CN110876144A (en) | Mobile application method, device and system of identity certificate | |
CN110190958A (en) | A kind of auth method of vehicle, device, electronic equipment and storage medium | |
CN106127483A (en) | Method of mobile payment, SOC(system on a chip) and terminal | |
CN109977039A (en) | HD encryption method for storing cipher key, device, equipment and readable storage medium storing program for executing | |
CN107924516B (en) | Payment authentication method and device of mobile terminal and mobile terminal | |
CN106851613A (en) | Service request method, the verification method of business handling number and its terminal | |
CN106685945A (en) | Service request processing method, verifying method of service handling number, and terminal thereof | |
Akram et al. | User centric security model for tamper-resistant devices | |
CN106529271A (en) | Terminal and binding check method thereof | |
US20180101485A1 (en) | Method and apparatus for accessing private data in physical memory of electronic device | |
CN108460263A (en) | Information sharing method, device and electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20211013 Address after: 100176 Room 101, 1st floor, building 1, yard 7, Ruihe West 2nd Road, economic and Technological Development Zone, Daxing District, Beijing Applicant after: Apollo Zhilian (Beijing) Technology Co.,Ltd. Address before: 100085 Baidu Building, 10 Shangdi Tenth Street, Haidian District, Beijing Applicant before: BAIDU ONLINE NETWORK TECHNOLOGY (BEIJING) Co.,Ltd. |
|
TA01 | Transfer of patent application right |