CN110366843A - 控制可信应用访问的方法和终端 - Google Patents
控制可信应用访问的方法和终端 Download PDFInfo
- Publication number
- CN110366843A CN110366843A CN201780087629.6A CN201780087629A CN110366843A CN 110366843 A CN110366843 A CN 110366843A CN 201780087629 A CN201780087629 A CN 201780087629A CN 110366843 A CN110366843 A CN 110366843A
- Authority
- CN
- China
- Prior art keywords
- tee
- target
- terminal
- service class
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/629—Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Automation & Control Theory (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
- Telephone Function (AREA)
Abstract
本发明实施例涉及一种控制可信应用访问的方法和终端。包括:终端在TEE中接收CA发送的目标TA访问请求;终端在TEE中根据目标TA访问请求确定CA的服务级别;终端在TEE中通过目标TA为CA提供服务级别相应的服务。以此,由目标TA为CA提供不同级别的服务,且在TEE中确定CA对应的服务级别,增强了CA访问目标TA的约束限制,提高了CA对目标TA访问的安全性。
Description
PCT国内申请,说明书已公开。
Claims (30)
- PCT国内申请,权利要求书已公开。
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710571054 | 2017-07-13 | ||
CN2017105710547 | 2017-07-13 | ||
PCT/CN2017/108068 WO2019010863A1 (zh) | 2017-07-13 | 2017-10-27 | 控制可信应用访问的方法和终端 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110366843A true CN110366843A (zh) | 2019-10-22 |
CN110366843B CN110366843B (zh) | 2020-12-25 |
Family
ID=65002502
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201780087629.6A Active CN110366843B (zh) | 2017-07-13 | 2017-10-27 | 控制可信应用访问的方法和终端 |
Country Status (4)
Country | Link |
---|---|
US (1) | US11379573B2 (zh) |
EP (1) | EP3644569B1 (zh) |
CN (1) | CN110366843B (zh) |
WO (1) | WO2019010863A1 (zh) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111459869A (zh) * | 2020-04-14 | 2020-07-28 | 中国长城科技集团股份有限公司 | 一种数据访问的方法、装置、设备及存储介质 |
CN115017486A (zh) * | 2021-11-11 | 2022-09-06 | 荣耀终端有限公司 | 业务处理的方法和相关装置 |
CN115016886A (zh) * | 2021-12-31 | 2022-09-06 | 荣耀终端有限公司 | 业务处理方法和装置 |
CN115017497A (zh) * | 2021-11-24 | 2022-09-06 | 荣耀终端有限公司 | 信息处理方法、装置及存储介质 |
CN115640116A (zh) * | 2021-12-14 | 2023-01-24 | 荣耀终端有限公司 | 业务处理方法和相关装置 |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11777964B2 (en) * | 2019-03-01 | 2023-10-03 | Malikie Innovations Limited | Clipboard listener detector |
CN110998581B (zh) | 2019-03-26 | 2024-05-24 | 创新先进技术有限公司 | 使用多重密钥对签名的程序执行和数据证明方案 |
US11336684B2 (en) * | 2019-06-07 | 2022-05-17 | Lookout, Inc. | Mobile device security using a secure execution context |
CN114064303A (zh) * | 2020-07-31 | 2022-02-18 | 华为技术有限公司 | 远程服务调用方法、设备、系统、存储介质 |
CN112101949B (zh) | 2020-09-18 | 2022-12-16 | 支付宝(杭州)信息技术有限公司 | 安全的服务请求处理方法及装置 |
CN113591075B (zh) * | 2021-07-26 | 2023-11-07 | 深信服科技股份有限公司 | 终端安全管控方法、装置及存储介质 |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104765612A (zh) * | 2015-04-10 | 2015-07-08 | 武汉天喻信息产业股份有限公司 | 一种访问可信执行环境、可信应用的系统及方法 |
CN105335673A (zh) * | 2015-12-14 | 2016-02-17 | 联想(北京)有限公司 | 一种信息安全处理方法和信息安全处理装置 |
CN105512576A (zh) * | 2015-12-14 | 2016-04-20 | 联想(北京)有限公司 | 一种数据安全存储的方法及电子设备 |
CN105843653A (zh) * | 2016-04-12 | 2016-08-10 | 恒宝股份有限公司 | 一种安全应用配置方法及装置 |
US20160239649A1 (en) * | 2015-02-13 | 2016-08-18 | Qualcomm Incorporated | Continuous authentication |
CN105978917A (zh) * | 2016-07-19 | 2016-09-28 | 恒宝股份有限公司 | 一种用于可信应用安全认证的系统和方法 |
CN106034120A (zh) * | 2015-03-16 | 2016-10-19 | 阿里巴巴集团控股有限公司 | 一种多进程访问可信应用的方法和系统 |
US20170103382A1 (en) * | 2015-10-07 | 2017-04-13 | Samsung Electronics Co., Ltd. | Method of providing payment service and electronic device for implementing same |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6609198B1 (en) * | 1999-08-05 | 2003-08-19 | Sun Microsystems, Inc. | Log-on service providing credential level change without loss of session continuity |
EP1282023A1 (en) * | 2001-07-30 | 2003-02-05 | Hewlett-Packard Company | Trusted platform evaluation |
US7739389B2 (en) * | 2003-11-20 | 2010-06-15 | International Business Machines Corporation | Providing web services from a service environment with a gateway |
US7472079B2 (en) * | 2005-01-12 | 2008-12-30 | International Business Machines Corporation | Computer implemented method for automatically controlling selection of a grid provider for a grid job |
US8219802B2 (en) * | 2008-05-07 | 2012-07-10 | International Business Machines Corporation | System, method and program product for consolidated authentication |
US9479509B2 (en) * | 2009-11-06 | 2016-10-25 | Red Hat, Inc. | Unified system for authentication and authorization |
US11144333B2 (en) * | 2011-07-12 | 2021-10-12 | Tongling Yuchen Software Technology Co., Ltd. | Service model-oriented software system and operation method thereof |
US9280655B2 (en) | 2013-03-13 | 2016-03-08 | Samsung Electronics Co., Ltd | Application authentication method and electronic device supporting the same |
US20160248809A1 (en) * | 2015-02-20 | 2016-08-25 | Intel Corporation | Methods and apparatus to process data based on automatically detecting a security environment |
CN105809036B (zh) * | 2016-04-01 | 2019-05-10 | 中国银联股份有限公司 | 一种tee访问控制方法以及实现该方法的移动终端 |
CN107040513B (zh) * | 2016-06-30 | 2020-06-02 | 郭铮铮 | 一种可信访问认证处理方法、用户终端和服务端 |
CN105978920B (zh) * | 2016-07-28 | 2019-05-24 | 恒宝股份有限公司 | 一种访问可信应用的方法及ta |
EP3293656A1 (en) * | 2016-09-13 | 2018-03-14 | Gemalto Sa | Method for controlling access to a trusted application in a terminal |
US20180096412A1 (en) * | 2016-09-30 | 2018-04-05 | Mark E. Scott-Nash | Digital brokerage service for iot micro compute services |
US10764752B1 (en) * | 2018-08-21 | 2020-09-01 | HYPR Corp. | Secure mobile initiated authentication |
-
2017
- 2017-10-27 WO PCT/CN2017/108068 patent/WO2019010863A1/zh unknown
- 2017-10-27 US US16/629,948 patent/US11379573B2/en active Active
- 2017-10-27 CN CN201780087629.6A patent/CN110366843B/zh active Active
- 2017-10-27 EP EP17917639.1A patent/EP3644569B1/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160239649A1 (en) * | 2015-02-13 | 2016-08-18 | Qualcomm Incorporated | Continuous authentication |
CN106034120A (zh) * | 2015-03-16 | 2016-10-19 | 阿里巴巴集团控股有限公司 | 一种多进程访问可信应用的方法和系统 |
CN104765612A (zh) * | 2015-04-10 | 2015-07-08 | 武汉天喻信息产业股份有限公司 | 一种访问可信执行环境、可信应用的系统及方法 |
US20170103382A1 (en) * | 2015-10-07 | 2017-04-13 | Samsung Electronics Co., Ltd. | Method of providing payment service and electronic device for implementing same |
CN105335673A (zh) * | 2015-12-14 | 2016-02-17 | 联想(北京)有限公司 | 一种信息安全处理方法和信息安全处理装置 |
CN105512576A (zh) * | 2015-12-14 | 2016-04-20 | 联想(北京)有限公司 | 一种数据安全存储的方法及电子设备 |
CN105843653A (zh) * | 2016-04-12 | 2016-08-10 | 恒宝股份有限公司 | 一种安全应用配置方法及装置 |
CN105978917A (zh) * | 2016-07-19 | 2016-09-28 | 恒宝股份有限公司 | 一种用于可信应用安全认证的系统和方法 |
Non-Patent Citations (2)
Title |
---|
罗净: ""基于智能终端可信操作系统的安全支付研究与实现"", 《中国优秀硕士学位论文全文数据库-信息科技辑》 * |
陈淑珍: ""基于TEE的移动终端数据安全研究与实现"", 《电信科学》 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111459869A (zh) * | 2020-04-14 | 2020-07-28 | 中国长城科技集团股份有限公司 | 一种数据访问的方法、装置、设备及存储介质 |
CN111459869B (zh) * | 2020-04-14 | 2022-04-29 | 中国长城科技集团股份有限公司 | 一种数据访问的方法、装置、设备及存储介质 |
CN115017486A (zh) * | 2021-11-11 | 2022-09-06 | 荣耀终端有限公司 | 业务处理的方法和相关装置 |
CN115017497A (zh) * | 2021-11-24 | 2022-09-06 | 荣耀终端有限公司 | 信息处理方法、装置及存储介质 |
CN115640116A (zh) * | 2021-12-14 | 2023-01-24 | 荣耀终端有限公司 | 业务处理方法和相关装置 |
CN115640116B (zh) * | 2021-12-14 | 2024-03-26 | 荣耀终端有限公司 | 业务处理方法和相关装置 |
CN115016886A (zh) * | 2021-12-31 | 2022-09-06 | 荣耀终端有限公司 | 业务处理方法和装置 |
Also Published As
Publication number | Publication date |
---|---|
WO2019010863A1 (zh) | 2019-01-17 |
US20200151320A1 (en) | 2020-05-14 |
US11379573B2 (en) | 2022-07-05 |
EP3644569B1 (en) | 2021-09-29 |
EP3644569A4 (en) | 2020-06-10 |
EP3644569A1 (en) | 2020-04-29 |
CN110366843B (zh) | 2020-12-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110366843A (zh) | 控制可信应用访问的方法和终端 | |
EP3716656B1 (en) | Profile generation method, profile acquisition method, and related device and storage medium | |
JP6576555B2 (ja) | サービス処理方法、デバイス及びシステム | |
KR102334501B1 (ko) | 프로파일 전송 방법, 관련 디바이스 및 저장 매체 | |
WO2017118412A1 (zh) | 一种更新密钥的方法、装置和系统 | |
KR102226411B1 (ko) | 재등록을 관리하는 전자 장치 및 방법 | |
CN110869907B (zh) | 一种浏览应用页面的方法及终端 | |
WO2019072039A1 (zh) | 一种业务证书管理方法、终端及服务器 | |
WO2017211205A1 (zh) | 一种白名单更新方法和装置 | |
WO2015062425A1 (en) | User identity verification method and system, password protection apparatus and storage medium | |
US9686819B2 (en) | Methods, devices and systems for router access control | |
WO2014000652A1 (zh) | 浏览器插件安装方法、装置及终端 | |
WO2013159632A1 (zh) | 实现安全防护的方法、防火墙、终端及可读存储介质 | |
WO2019057155A1 (zh) | 一种动态管理内核节点的方法和设备 | |
CN107153792B (zh) | 一种数据安全处理方法、装置及移动终端 | |
CN110941821A (zh) | 数据处理方法、装置及存储介质 | |
JP5997848B2 (ja) | 移動端末リソースの処理方法、装置、クライアント側のコンピュータ、サーバ、移動端末、プログラム、及び記録媒体 | |
JP2021512404A (ja) | 認証ウィンドウ表示方法及び装置 | |
EP2869229B1 (en) | Method, device and equipment for installing an application | |
KR20220071482A (ko) | 에지 컴퓨팅 서비스를 수행하는 전자 장치 및 전자 장치의 동작 방법 | |
CN103824003B (zh) | 应用程序保护方法、装置和终端 | |
WO2015062326A1 (zh) | 页面访问控制方法、装置及系统 | |
CN106484481B (zh) | 一种多开应用的配置方法、装置及终端 | |
US20150120866A1 (en) | Methods and devices for processing mobile terminal resource | |
CN118035976A (zh) | 一种冒用访问凭证的检测方法和相关装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |