CN110366843A - 控制可信应用访问的方法和终端 - Google Patents

控制可信应用访问的方法和终端 Download PDF

Info

Publication number
CN110366843A
CN110366843A CN201780087629.6A CN201780087629A CN110366843A CN 110366843 A CN110366843 A CN 110366843A CN 201780087629 A CN201780087629 A CN 201780087629A CN 110366843 A CN110366843 A CN 110366843A
Authority
CN
China
Prior art keywords
tee
target
terminal
service class
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201780087629.6A
Other languages
English (en)
Other versions
CN110366843B (zh
Inventor
李国庆
常新苗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN110366843A publication Critical patent/CN110366843A/zh
Application granted granted Critical
Publication of CN110366843B publication Critical patent/CN110366843B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/629Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Automation & Control Theory (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)
  • Telephone Function (AREA)

Abstract

本发明实施例涉及一种控制可信应用访问的方法和终端。包括:终端在TEE中接收CA发送的目标TA访问请求;终端在TEE中根据目标TA访问请求确定CA的服务级别;终端在TEE中通过目标TA为CA提供服务级别相应的服务。以此,由目标TA为CA提供不同级别的服务,且在TEE中确定CA对应的服务级别,增强了CA访问目标TA的约束限制,提高了CA对目标TA访问的安全性。

Description

PCT国内申请,说明书已公开。

Claims (30)

  1. PCT国内申请,权利要求书已公开。
CN201780087629.6A 2017-07-13 2017-10-27 控制可信应用访问的方法和终端 Active CN110366843B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201710571054 2017-07-13
CN2017105710547 2017-07-13
PCT/CN2017/108068 WO2019010863A1 (zh) 2017-07-13 2017-10-27 控制可信应用访问的方法和终端

Publications (2)

Publication Number Publication Date
CN110366843A true CN110366843A (zh) 2019-10-22
CN110366843B CN110366843B (zh) 2020-12-25

Family

ID=65002502

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201780087629.6A Active CN110366843B (zh) 2017-07-13 2017-10-27 控制可信应用访问的方法和终端

Country Status (4)

Country Link
US (1) US11379573B2 (zh)
EP (1) EP3644569B1 (zh)
CN (1) CN110366843B (zh)
WO (1) WO2019010863A1 (zh)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111459869A (zh) * 2020-04-14 2020-07-28 中国长城科技集团股份有限公司 一种数据访问的方法、装置、设备及存储介质
CN115017486A (zh) * 2021-11-11 2022-09-06 荣耀终端有限公司 业务处理的方法和相关装置
CN115016886A (zh) * 2021-12-31 2022-09-06 荣耀终端有限公司 业务处理方法和装置
CN115017497A (zh) * 2021-11-24 2022-09-06 荣耀终端有限公司 信息处理方法、装置及存储介质
CN115640116A (zh) * 2021-12-14 2023-01-24 荣耀终端有限公司 业务处理方法和相关装置

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11777964B2 (en) * 2019-03-01 2023-10-03 Malikie Innovations Limited Clipboard listener detector
CN110998581B (zh) 2019-03-26 2024-05-24 创新先进技术有限公司 使用多重密钥对签名的程序执行和数据证明方案
US11336684B2 (en) * 2019-06-07 2022-05-17 Lookout, Inc. Mobile device security using a secure execution context
CN114064303A (zh) * 2020-07-31 2022-02-18 华为技术有限公司 远程服务调用方法、设备、系统、存储介质
CN112101949B (zh) 2020-09-18 2022-12-16 支付宝(杭州)信息技术有限公司 安全的服务请求处理方法及装置
CN113591075B (zh) * 2021-07-26 2023-11-07 深信服科技股份有限公司 终端安全管控方法、装置及存储介质

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104765612A (zh) * 2015-04-10 2015-07-08 武汉天喻信息产业股份有限公司 一种访问可信执行环境、可信应用的系统及方法
CN105335673A (zh) * 2015-12-14 2016-02-17 联想(北京)有限公司 一种信息安全处理方法和信息安全处理装置
CN105512576A (zh) * 2015-12-14 2016-04-20 联想(北京)有限公司 一种数据安全存储的方法及电子设备
CN105843653A (zh) * 2016-04-12 2016-08-10 恒宝股份有限公司 一种安全应用配置方法及装置
US20160239649A1 (en) * 2015-02-13 2016-08-18 Qualcomm Incorporated Continuous authentication
CN105978917A (zh) * 2016-07-19 2016-09-28 恒宝股份有限公司 一种用于可信应用安全认证的系统和方法
CN106034120A (zh) * 2015-03-16 2016-10-19 阿里巴巴集团控股有限公司 一种多进程访问可信应用的方法和系统
US20170103382A1 (en) * 2015-10-07 2017-04-13 Samsung Electronics Co., Ltd. Method of providing payment service and electronic device for implementing same

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6609198B1 (en) * 1999-08-05 2003-08-19 Sun Microsystems, Inc. Log-on service providing credential level change without loss of session continuity
EP1282023A1 (en) * 2001-07-30 2003-02-05 Hewlett-Packard Company Trusted platform evaluation
US7739389B2 (en) * 2003-11-20 2010-06-15 International Business Machines Corporation Providing web services from a service environment with a gateway
US7472079B2 (en) * 2005-01-12 2008-12-30 International Business Machines Corporation Computer implemented method for automatically controlling selection of a grid provider for a grid job
US8219802B2 (en) * 2008-05-07 2012-07-10 International Business Machines Corporation System, method and program product for consolidated authentication
US9479509B2 (en) * 2009-11-06 2016-10-25 Red Hat, Inc. Unified system for authentication and authorization
US11144333B2 (en) * 2011-07-12 2021-10-12 Tongling Yuchen Software Technology Co., Ltd. Service model-oriented software system and operation method thereof
US9280655B2 (en) 2013-03-13 2016-03-08 Samsung Electronics Co., Ltd Application authentication method and electronic device supporting the same
US20160248809A1 (en) * 2015-02-20 2016-08-25 Intel Corporation Methods and apparatus to process data based on automatically detecting a security environment
CN105809036B (zh) * 2016-04-01 2019-05-10 中国银联股份有限公司 一种tee访问控制方法以及实现该方法的移动终端
CN107040513B (zh) * 2016-06-30 2020-06-02 郭铮铮 一种可信访问认证处理方法、用户终端和服务端
CN105978920B (zh) * 2016-07-28 2019-05-24 恒宝股份有限公司 一种访问可信应用的方法及ta
EP3293656A1 (en) * 2016-09-13 2018-03-14 Gemalto Sa Method for controlling access to a trusted application in a terminal
US20180096412A1 (en) * 2016-09-30 2018-04-05 Mark E. Scott-Nash Digital brokerage service for iot micro compute services
US10764752B1 (en) * 2018-08-21 2020-09-01 HYPR Corp. Secure mobile initiated authentication

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160239649A1 (en) * 2015-02-13 2016-08-18 Qualcomm Incorporated Continuous authentication
CN106034120A (zh) * 2015-03-16 2016-10-19 阿里巴巴集团控股有限公司 一种多进程访问可信应用的方法和系统
CN104765612A (zh) * 2015-04-10 2015-07-08 武汉天喻信息产业股份有限公司 一种访问可信执行环境、可信应用的系统及方法
US20170103382A1 (en) * 2015-10-07 2017-04-13 Samsung Electronics Co., Ltd. Method of providing payment service and electronic device for implementing same
CN105335673A (zh) * 2015-12-14 2016-02-17 联想(北京)有限公司 一种信息安全处理方法和信息安全处理装置
CN105512576A (zh) * 2015-12-14 2016-04-20 联想(北京)有限公司 一种数据安全存储的方法及电子设备
CN105843653A (zh) * 2016-04-12 2016-08-10 恒宝股份有限公司 一种安全应用配置方法及装置
CN105978917A (zh) * 2016-07-19 2016-09-28 恒宝股份有限公司 一种用于可信应用安全认证的系统和方法

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
罗净: ""基于智能终端可信操作系统的安全支付研究与实现"", 《中国优秀硕士学位论文全文数据库-信息科技辑》 *
陈淑珍: ""基于TEE的移动终端数据安全研究与实现"", 《电信科学》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111459869A (zh) * 2020-04-14 2020-07-28 中国长城科技集团股份有限公司 一种数据访问的方法、装置、设备及存储介质
CN111459869B (zh) * 2020-04-14 2022-04-29 中国长城科技集团股份有限公司 一种数据访问的方法、装置、设备及存储介质
CN115017486A (zh) * 2021-11-11 2022-09-06 荣耀终端有限公司 业务处理的方法和相关装置
CN115017497A (zh) * 2021-11-24 2022-09-06 荣耀终端有限公司 信息处理方法、装置及存储介质
CN115640116A (zh) * 2021-12-14 2023-01-24 荣耀终端有限公司 业务处理方法和相关装置
CN115640116B (zh) * 2021-12-14 2024-03-26 荣耀终端有限公司 业务处理方法和相关装置
CN115016886A (zh) * 2021-12-31 2022-09-06 荣耀终端有限公司 业务处理方法和装置

Also Published As

Publication number Publication date
WO2019010863A1 (zh) 2019-01-17
US20200151320A1 (en) 2020-05-14
US11379573B2 (en) 2022-07-05
EP3644569B1 (en) 2021-09-29
EP3644569A4 (en) 2020-06-10
EP3644569A1 (en) 2020-04-29
CN110366843B (zh) 2020-12-25

Similar Documents

Publication Publication Date Title
CN110366843A (zh) 控制可信应用访问的方法和终端
EP3716656B1 (en) Profile generation method, profile acquisition method, and related device and storage medium
JP6576555B2 (ja) サービス処理方法、デバイス及びシステム
KR102334501B1 (ko) 프로파일 전송 방법, 관련 디바이스 및 저장 매체
WO2017118412A1 (zh) 一种更新密钥的方法、装置和系统
KR102226411B1 (ko) 재등록을 관리하는 전자 장치 및 방법
CN110869907B (zh) 一种浏览应用页面的方法及终端
WO2019072039A1 (zh) 一种业务证书管理方法、终端及服务器
WO2017211205A1 (zh) 一种白名单更新方法和装置
WO2015062425A1 (en) User identity verification method and system, password protection apparatus and storage medium
US9686819B2 (en) Methods, devices and systems for router access control
WO2014000652A1 (zh) 浏览器插件安装方法、装置及终端
WO2013159632A1 (zh) 实现安全防护的方法、防火墙、终端及可读存储介质
WO2019057155A1 (zh) 一种动态管理内核节点的方法和设备
CN107153792B (zh) 一种数据安全处理方法、装置及移动终端
CN110941821A (zh) 数据处理方法、装置及存储介质
JP5997848B2 (ja) 移動端末リソースの処理方法、装置、クライアント側のコンピュータ、サーバ、移動端末、プログラム、及び記録媒体
JP2021512404A (ja) 認証ウィンドウ表示方法及び装置
EP2869229B1 (en) Method, device and equipment for installing an application
KR20220071482A (ko) 에지 컴퓨팅 서비스를 수행하는 전자 장치 및 전자 장치의 동작 방법
CN103824003B (zh) 应用程序保护方法、装置和终端
WO2015062326A1 (zh) 页面访问控制方法、装置及系统
CN106484481B (zh) 一种多开应用的配置方法、装置及终端
US20150120866A1 (en) Methods and devices for processing mobile terminal resource
CN118035976A (zh) 一种冒用访问凭证的检测方法和相关装置

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant