CN112533196A - Trusted starting method and device for mobile terminal equipment - Google Patents
Trusted starting method and device for mobile terminal equipment Download PDFInfo
- Publication number
- CN112533196A CN112533196A CN202011521788.2A CN202011521788A CN112533196A CN 112533196 A CN112533196 A CN 112533196A CN 202011521788 A CN202011521788 A CN 202011521788A CN 112533196 A CN112533196 A CN 112533196A
- Authority
- CN
- China
- Prior art keywords
- mobile terminal
- sim card
- terminal equipment
- information
- card information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephone Function (AREA)
Abstract
The embodiment of the application provides a trusted starting method and device of mobile terminal equipment, electronic equipment and a computer readable storage medium, and relates to the field of equipment starting. The method comprises the following steps: the method comprises the steps that in the starting process of the mobile terminal equipment, the information of a Subscriber Identity Module (SIM) card of the mobile terminal equipment is obtained; and verifying the SIM card information, and executing corresponding operation aiming at the starting process of the mobile terminal equipment based on the verification result. According to the method and the device, the SIM card information of the mobile terminal equipment is acquired in the starting process of the mobile terminal equipment, the SIM card information is verified, the subsequent starting or stopping of the mobile terminal equipment is triggered based on the verification result, so that the mobile terminal equipment is stopped when the SIM card information is abnormal, the user application program cannot be loaded, and the leakage of the mobile terminal equipment information and the user information is avoided.
Description
Technical Field
The present application relates to the field of device booting technologies, and in particular, to a trusted booting method and apparatus for a mobile terminal device, an electronic device, and a computer-readable storage medium.
Background
The existing intelligent terminal processor has particularly rich functions, and on an SOC (system on chip), besides an application processor, a communication processor is provided. The SOC based on the ARM architecture is widely applied in an intelligent terminal and supports ARM trustzone extension, so a trustzone-based TEE (Trusted execution environment) Trusted boot scheme is generally adopted.
And in the whole trusted starting process, if a certain level of verification fails, the starting process is terminated, and trusted recovery is carried out. However, in a TEE-based trusted boot, no communication processor is involved. The communication processor is responsible for network access, authentication and the like of the SIM, so if the SIM card fails to authenticate, the application processor can still be started, and the system is not influenced.
Disclosure of Invention
The object of the present application is to solve at least one of the above-mentioned technical drawbacks, in particular the technical drawback of mobile device start-up without taking into account SIM card authentication.
In a first aspect, a trusted boot method for a mobile terminal device is provided, where the method includes:
in the starting process of the mobile terminal equipment, obtaining the information of a Subscriber Identity Module (SIM) card of the mobile terminal equipment;
and verifying the SIM card information, and executing corresponding operation aiming at the starting process of the mobile terminal equipment based on the verification result.
In one possible implementation, the start-up procedure of the mobile terminal device comprises starting up a trusted execution environment TEE system,
in the starting process of the mobile terminal equipment, obtaining the information of a Subscriber Identity Module (SIM) card of the mobile terminal equipment, including;
and in the starting process of the mobile terminal equipment, loading and operating the TEE system, and acquiring the SIM card information through a preset trusted application in the TEE system.
In another possible implementation, the start-up procedure of the mobile terminal device comprises starting up the REE system,
verifying the SIM card information, and executing corresponding operation aiming at the starting process of the mobile terminal equipment based on the verification result, wherein the operation comprises the following steps:
if the SIM card information is successfully verified, the REE system is continuously started,
and if the SIM card information verification fails, stopping the starting of the mobile terminal equipment to prohibit the REE system from being started.
In another possible implementation, the SIM card information includes a SIM card authentication result,
verifying the SIM card information, and executing corresponding operation aiming at the starting process of the mobile terminal equipment based on the verification result, wherein the operation comprises the following steps:
if the authentication result of the SIM card is successful, the mobile terminal equipment is continuously started after the verification is confirmed to be passed,
and if the authentication result of the SIM card is authentication failure, determining that the verification fails, and stopping executing the starting of the mobile terminal equipment.
In another possible implementation, the SIM card information includes a SIM card identification and a SIM card access operator network identification,
and verifying the SIM card information, comprising:
the SIM card identification and the SIM card are accessed into an operator network identification and are subjected to information matching with the prestored SIM card information bound by the mobile terminal equipment;
based on the verification result, corresponding operations are executed aiming at the starting process of the mobile terminal equipment, and the operations comprise:
if the information is matched consistently, continuing to execute the starting of the mobile terminal equipment;
and if the information matching is inconsistent, stopping executing the starting of the mobile terminal equipment.
In another possible implementation, the method further includes:
when the equipment of the mobile terminal is started and is in a running state, the trusted application acquires an authentication result of the SIM card within preset time;
and when the SIM card authentication result is authentication failure, stopping the operation of the mobile terminal equipment by any one of ways of turning off the CPU, reducing the frequency and turning off the power supply.
In a second aspect, a trusted boot apparatus for a mobile terminal device is provided, the apparatus including:
the acquisition module is used for acquiring the SIM card information of the user identity module of the mobile terminal equipment in the starting process of the mobile terminal equipment;
and the execution module is used for verifying the SIM card information and executing corresponding operation aiming at the starting process of the mobile terminal equipment based on the verification result.
In one possible implementation, the start-up procedure of the mobile terminal device comprises starting up a trusted execution environment TEE system,
the obtaining module is specifically configured to load and run the TEE system during a starting process of the mobile terminal device, and obtain the SIM card information through a trusted application preset in the TEE system.
In a third aspect, an electronic device is provided, which includes:
one or more processors;
a memory;
one or more application programs, wherein the one or more application programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to: executing the trusted boot method of a mobile terminal device according to any of claims 1 to 6.
For example, in a third aspect of the present application, there is provided a computing device comprising: the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction causes the processor to execute the operation corresponding to the trusted boot method of the mobile terminal device as shown in the first aspect of the application.
In a fourth aspect, a computer-readable storage medium is provided, which computer program, when being executed by a processor, realizes the trusted boot method of a mobile terminal device according to any one of claims 1 to 6.
For example, in a fourth aspect of the embodiments of the present application, a computer-readable storage medium is provided, on which a computer program is stored, and the program, when executed by a processor, implements the trusted boot method for a mobile terminal device shown in the first aspect of the present application.
The beneficial effect that technical scheme that this application provided brought is:
according to the method and the device, the SIM card information of the mobile terminal equipment is acquired in the starting process of the mobile terminal equipment, the SIM card information is verified, the subsequent starting or stopping of the mobile terminal equipment is triggered based on the verification result, and therefore the mobile terminal equipment is stopped when the SIM card information is abnormal, so that the user application program cannot be loaded, and the leakage of the mobile terminal equipment information or the user information and other potential safety hazards are avoided.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings used in the description of the embodiments of the present application will be briefly described below.
Fig. 1 is a schematic flowchart of a trusted boot method of a mobile terminal device according to an embodiment of the present application;
fig. 2 is a schematic diagram illustrating a trusted boot process of a mobile terminal device according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a trusted boot apparatus of a mobile terminal device according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device that is bootable by a mobile terminal device according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present invention.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
The application provides a trusted boot method and device for a mobile terminal device, an electronic device and a computer-readable storage medium, which aim to solve the above technical problems in the prior art.
The following describes the technical solutions of the present application and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
The embodiment of the application provides a trusted starting method of mobile terminal equipment, and an execution main body of the method can be the mobile terminal equipment, and can also be a device or a chip integrated on the mobile terminal equipment. As shown in fig. 1, which is a schematic flowchart of a trusted boot method of a mobile terminal device according to an embodiment of the present application, the method includes the following steps:
s101: and in the starting process of the mobile terminal equipment, obtaining the SIM card information of the subscriber identity module of the mobile terminal equipment.
Specifically, after the mobile terminal device is powered on, an application processor and a communication processor of the mobile terminal device both start to operate, wherein an operating system operated by the application processor is responsible for starting user application programs such as display, man-machine interaction and the like, and the communication processor is responsible for communication and processing information such as access of an SIM card to an operator network, authentication of the SIM card and the like. Therefore, during the startup of the mobile terminal device, the SIM card information can be acquired from the communication processor. The SIM card information may specifically include information such as an authentication result of the SIM card, an identifier of the SIM card, and an identifier of the operator network to which the SIM card is accessed.
S102: and verifying the SIM card information, and executing corresponding operation aiming at the starting process of the mobile terminal equipment based on the verification result.
After the SIM card information is acquired in step S101, the acquired SIM card information is verified, specifically, if the SIM card information is successfully verified, the subsequent starting process of the mobile terminal device may be continuously executed, and if the SIM card information is unsuccessfully verified, the mobile terminal device may be stopped from being started.
According to the method and the device, the SIM card information of the mobile terminal equipment is acquired in the starting process of the mobile terminal equipment, the SIM card information is verified, the subsequent starting or stopping of the mobile terminal equipment is triggered based on the verification result, so that the mobile terminal equipment is stopped when the SIM card information is abnormal, the user application program cannot be loaded, and the leakage of the mobile terminal equipment information and the user information is avoided.
In an embodiment, the starting process of the mobile terminal device includes starting a trusted execution environment TEE system, and step S101 may specifically include:
and in the starting process of the mobile terminal equipment, loading and operating the TEE system, and acquiring the SIM card information through a preset trusted application in the TEE system.
Specifically, during the starting process of the mobile terminal device, the application processor of the mobile terminal device starts the trusted execution environment TEE system when running, wherein the TEE system may be used to start an application with higher security requirements, for example, an application for processing a key, payment, fingerprint identification, and the like. Also, a trusted application may be pre-provisioned in the TEE system, e.g., may be provisioned in an image of the TEE system, which may be used to interact with the communication processor. Therefore, in the starting process of the mobile terminal equipment, after the TEE system is loaded and operated, the trusted application can acquire the SIM card information from the communication processor.
According to the method and the device, the SIM card information is acquired through the preset trusted application in the TEE system, so that the SIM card information is verified, and the subsequent start or stop of the mobile terminal equipment is triggered based on the verification result.
In another embodiment, the starting process of the mobile terminal device further includes starting an REE system, and step S102 may specifically include:
if the SIM card information is successfully verified, the REE system is continuously started,
and if the SIM card information verification fails, stopping the starting of the mobile terminal equipment to prohibit the REE system from being started.
Specifically, in the starting process of the mobile terminal device, the application processor of the mobile terminal device is also used for starting the REE system during running. REE is a shorthand for Rich Execution Environment, sometimes translated as a Rich Execution Environment. In the embodiment of the present application, the REE system may be an operating system facing a user, such as Linux, Android, and the like, and the operating system may run a plurality of user applications. Because the authority of the TEE system is higher than that of the REE system, in the starting process of the mobile terminal device, when the application processor of the mobile terminal device runs, the TEE system is started first, and then the REE system is started. Therefore, in step S101, after the trusted application preset in the TEE system acquires the SIM card information, the SIM card information may be verified, and the start of the REE system may be executed only if the SIM card information verification is successful, so as to load the user application program, and if the SIM card information verification fails, the start of the mobile terminal device is stopped, so as to prohibit the start of the REE system, thereby prohibiting the user program from being loaded.
According to the embodiment of the application, the REE system can be continuously started only when the SIM card information passes the verification by verifying the SIM card information, so that the REE system is forbidden to be started when the SIM card information is abnormal, a user application program cannot be loaded, and the leakage of mobile terminal equipment information or user information and other potential safety hazards are avoided.
In another embodiment, the SIM card information includes an authentication result of the SIM card, and the step S102 may specifically include:
if the authentication result of the SIM card is successful, the mobile terminal equipment is continuously started after the verification is confirmed to be passed,
and if the authentication result of the SIM card is authentication failure, determining that the verification fails, and stopping executing the starting of the mobile terminal equipment.
Specifically, the SIM card information obtained in step S101 may be an authentication result of the SIM card, for example, whether the SIM card of the mobile terminal device accesses the operator network corresponding to the SIM card successfully or not, and when the authentication result is that the authentication is successful, that is, the SIM card accesses the corresponding operator network, the mobile terminal device continues to be started. And if the authentication result is authentication failure, namely the SIM card is not accessed to the corresponding operator network, stopping the starting of the mobile terminal equipment.
In the embodiment, the authentication result of the SIM card is verified, and the mobile terminal device is continuously started when the authentication of the SIM card is successful, so that the mobile terminal device is stopped when the authentication of the SIM card fails, that is, the SIM card does not access the corresponding operator network, so that the user application program is not loaded, and the leakage of the mobile terminal device information or the user information and other potential safety hazards are avoided.
In another embodiment, the SIM card information may further include a SIM card identifier and a SIM card access operator network identifier, so that the verification of the SIM card information in step S102 may further perform information matching between the SIM card identifier and the SIM card access operator network identifier and the pre-stored SIM card information bound to the mobile terminal device.
Specifically, through a trusted application preset in the TEE system, when the SIM card first accesses the operator network, the SIM card identifier is obtained from the communication processor, e.g., ICCID (integrated Circuit Card Identity) and SIM Card access to a carrier network Identity, e.g., IMSI (International Mobile Subscriber Identity), and, obtaining from the TEE system a Unique identification of the mobile terminal device, e.g., HWUID (Hardware Unique ID), then binding the three to obtain the machine-card binding information of the mobile terminal equipment and the SIM card, and stores the mobile terminal device and the SIM card machine-card binding information in a storage area of the TEE system, the storage area of the TEE system is an encryption storage area, so that the machine-card binding information of the mobile terminal equipment and the SIM card is protected from being leaked.
Further, in the starting process of the mobile terminal device, the acquired SIM card identifier and the SIM card access operator network identifier may be matched with the mobile terminal device and SIM card binding information pre-stored in the storage area of the TEE system, so as to verify whether the SIM card is the SIM card bound by the mobile terminal device. If the information is matched consistently, continuing to execute the starting of the mobile terminal equipment; and if the information matching is inconsistent, stopping executing the starting of the mobile terminal equipment.
In the embodiment, the SIM card identification and the SIM card access operator network identification are verified, the mobile terminal equipment is continuously started when the SIM card is the SIM card bound by the mobile terminal equipment, and the mobile terminal equipment is stopped when the SIM card is not the SIM card bound by the mobile terminal equipment, so that a user application program cannot be loaded, and the leakage of mobile terminal equipment information or user information and other potential safety hazards are avoided.
In another embodiment, the trusted boot method for a mobile terminal device may further include step S103:
when the equipment of the mobile terminal is started and is in a running state, the trusted application acquires an authentication result of the SIM card within preset time; and when the SIM card authentication result is authentication failure, stopping the operation of the mobile terminal equipment by any one of ways of turning off the CPU, reducing the frequency and turning off the power supply.
Specifically, when the mobile terminal device is started and in the running state, the trusted application preset in the TEE system may acquire the authentication result of the SIM card in the communication processor at a preset time point, or may periodically acquire the authentication result of the SIM card in the communication processor by using a preset time as a unit, where the authentication of the SIM card may be the authentication actively initiated by the operator network. Based on the obtained authentication result, when the authentication result of the SIM card is authentication failure, the TEE system stops the operation of the mobile terminal equipment by controlling the modes of turning off a CPU, reducing frequency, turning off a power supply and the like.
In the embodiment of the application, when the mobile terminal equipment is started and is in the running state, the mobile terminal equipment is stopped running by acquiring the SIM card authentication result and when the SIM card authentication fails, so that the terminal equipment is prevented from being illegally used.
In order to better understand the method provided by the embodiment of the present application, the following further describes the technical solution of the embodiment of the present application with reference to fig. 2.
As shown in fig. 2, which is a schematic diagram of a principle of a trusted boot process of a mobile terminal device according to an embodiment of the present application, an REE system in the diagram is an Android system. As shown in the figure, after the mobile terminal device is powered on, both the Application processor and the communication processor of the mobile terminal device start to operate, on one hand, in an Application processor AP (Application processor), a code is executed from a memory BOOTROM embedded in a processor chip, then a public key is verified, and after the public key is verified, communication is performed through an Trusted firmware atf (arm Trusted firmware) to execute the start of the TEE system. On the other hand, SIM card authentication is performed in the communication processor.
Further, after the TEE system is loaded and operated, the information of the SIM card can be acquired from the communication processor through a preset trusted application CPTA in the TEE system and verified. The SIM card information may include an authentication result of the SIM card, an identifier of the SIM card, and an identifier of the operator network to which the SIM card is accessed. Therefore, the verification of the SIM card information may include two aspects, on one hand, the verification of the SIM card authentication result is performed to verify whether the SIM card authentication is successful, and on the other hand, the verification of the SIM card identifier and the SIM card access operator network identifier may also be performed to verify whether the SIM card identifier and the SIM card access operator network identifier are consistent with the SIM card identifier and the SIM card access operator network identifier pre-stored in the TEE system and bound by the mobile terminal device. The method comprises the steps that an SIM card identification and an SIM card bound by mobile terminal equipment are accessed into an operator network identification, when the SIM card is accessed into an operator network for the first time, a trusted application CPTA can acquire the SIM card identification, the SIM card access operator network identification and a hardware identification of the mobile terminal equipment through a communication processor, and bind the acquired identifications, so that a machine-card binding relationship between the mobile terminal equipment and SIM card information is obtained, and the machine-card binding relationship is stored in a TEE system.
Further, if the authentication result of the SIM card, the bound information of the SIM card identifier, the SIM card access operator network identifier and the mobile terminal device passes the authentication, that is, the SIM card authentication is successful, and the SIM card identifier, the SIM card access operator network identifier and the bound information of the mobile terminal device are consistent, the start of the REE system may be continuously performed, for example, the Linux kernel is loaded and verified, the Android system is verified, and the user application program is started.
If the authentication of the SIM card fails, or the SIM card identifier and the SIM card access operator network identifier are inconsistent with the information bound by the mobile terminal equipment, the SIM card information verification is not passed, and the mobile terminal equipment is stopped starting. For example, in fig. 2, when the TEE system stops the start of the mobile terminal device, the BootLoader of the REE system is not yet running, and the Linux kernel, the Android operating system, the application running in the Android operating system, and the like cannot be started naturally.
And when the mobile terminal equipment is started and is in a running state, a preset credible application CPTA in the TEE system can acquire the SIM card authentication result in the communication processor at a preset time point, or periodically acquire the SIM card authentication result in the communication processor by taking preset time as a unit, and when the SIM card authentication result is authentication failure, the TEE system stops the mobile terminal equipment from running by controlling the modes of turning off a CPU, reducing frequency, turning off a power supply and the like.
According to the method and the device, the SIM card information of the mobile terminal equipment is acquired in the starting process of the mobile terminal equipment, the SIM card information is verified, the subsequent starting or stopping of the mobile terminal equipment is triggered based on the verification result, and therefore the mobile terminal equipment is stopped when the SIM card information is abnormal, so that the user application program cannot be loaded, and the leakage of the mobile terminal equipment information or the user information and other potential safety hazards are avoided.
An embodiment of the present application provides a trusted boot apparatus for a mobile terminal device, as shown in fig. 3, which is a schematic structural diagram of the trusted boot apparatus for a mobile terminal device provided in the embodiment of the present application, where the inter-process communication apparatus 30 may include: an acquisition module 301 and an execution module 302.
An obtaining module 301, configured to obtain, in a starting process of a mobile terminal device, subscriber identity module SIM card information of the mobile terminal device;
the SIM card information may specifically include information such as an authentication result of the SIM card, an identifier of the SIM card, and an identifier of the operator network to which the SIM card is accessed.
The executing module 302 is configured to verify the SIM card information, and execute corresponding operations for a starting process of the mobile terminal device based on a verification result.
Specifically, if the SIM card information verification is successful, the subsequent starting process of the mobile terminal device may be continuously executed, and if the SIM card information verification is failed, the starting of the mobile terminal device may be stopped.
According to the method and the device, the SIM card information of the mobile terminal equipment is acquired in the starting process of the mobile terminal equipment, the SIM card information is verified, the subsequent starting or stopping of the mobile terminal equipment is triggered based on the verification result, and therefore the mobile terminal equipment is stopped when the SIM card information is abnormal, so that the user application program cannot be loaded, and the leakage of the mobile terminal equipment information or the user information and other potential safety hazards are avoided.
In an embodiment, the starting process of the mobile terminal device includes starting a trusted execution environment TEE system, and the obtaining module 301 is specifically configured to:
and in the starting process of the mobile terminal equipment, loading and operating the TEE system, and acquiring the SIM card information through a preset trusted application in the TEE system.
In another embodiment, the starting process of the mobile terminal device further includes starting an REE system, and the executing module 302 is specifically configured to:
if the SIM card information is successfully verified, the REE system is continuously started,
and if the SIM card information verification fails, stopping the starting of the mobile terminal equipment to prohibit the REE system from being started.
In another embodiment, the SIM card information includes an authentication result of the SIM card, and the executing module 302 is specifically configured to:
if the authentication result of the SIM card is successful, the mobile terminal equipment is continuously started after the verification is confirmed to be passed,
and if the authentication result of the SIM card is authentication failure, determining that the verification fails, and stopping executing the starting of the mobile terminal equipment.
In another embodiment, the SIM card information includes a SIM card identifier and an identifier of an operator network to which the SIM card is accessed, and the executing module 302 is specifically configured to:
the SIM card identification and the SIM card are accessed into an operator network identification and are subjected to information matching with the prestored SIM card information bound by the mobile terminal equipment;
if the information is matched consistently, continuing to execute the starting of the mobile terminal equipment;
and if the information matching is inconsistent, stopping executing the starting of the mobile terminal equipment.
In another embodiment, the apparatus may further include a stopping module to:
when the equipment of the mobile terminal is started and is in a running state, the trusted application acquires an authentication result of the SIM card within preset time; and when the SIM card authentication result is authentication failure, stopping the operation of the mobile terminal equipment by any one of ways of turning off the CPU, reducing the frequency and turning off the power supply.
The trusted boot apparatus of the mobile terminal device of this embodiment can execute the trusted boot method of the mobile terminal device shown in the foregoing embodiments of this application, and the implementation principles thereof are similar and will not be described herein again.
According to the method and the device, the SIM card information of the mobile terminal equipment is acquired in the starting process of the mobile terminal equipment, the SIM card information is verified, the subsequent starting or stopping of the mobile terminal equipment is triggered based on the verification result, and therefore the mobile terminal equipment is stopped when the SIM card information is abnormal, so that the user application program cannot be loaded, and the leakage of the mobile terminal equipment information or the user information and other potential safety hazards are avoided.
An embodiment of the present application provides an electronic device, including: a memory and a processor; at least one program stored in the memory for execution by the processor, which when executed by the processor, implements: according to the method and the device, the SIM card information of the mobile terminal equipment is acquired in the starting process of the mobile terminal equipment, the SIM card information is verified, the subsequent starting or stopping of the mobile terminal equipment is triggered based on the verification result, and therefore the mobile terminal equipment is stopped when the SIM card information is abnormal, so that the user application program cannot be loaded, and the leakage of the mobile terminal equipment information or the user information and other potential safety hazards are avoided.
In an alternative embodiment, an electronic device is provided, as shown in fig. 4, the electronic device 4000 shown in fig. 4 comprising: a processor 4001 and a memory 4003. Processor 4001 is coupled to memory 4003, such as via bus 4002. Optionally, the electronic device 4000 may further include a transceiver 4004, and the transceiver 4004 may be used for data interaction between the electronic device and other electronic devices, such as transmission of data and/or reception of data. In addition, the transceiver 4004 is not limited to one in practical applications, and the structure of the electronic device 4000 is not limited to the embodiment of the present application.
The Processor 4001 may be a CPU (Central Processing Unit), a general-purpose Processor, a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array) or other Programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor 4001 may also be a combination that performs a computational function, including, for example, a combination of one or more microprocessors, a combination of a DSP and a microprocessor, or the like.
The Memory 4003 may be a ROM (Read Only Memory) or other types of static storage devices that can store static information and instructions, a RAM (Random Access Memory) or other types of dynamic storage devices that can store information and instructions, an EEPROM (Electrically Erasable Programmable Read Only Memory), a CD-ROM (Compact Disc Read Only Memory) or other optical Disc storage, optical Disc storage (including Compact Disc, laser Disc, optical Disc, digital versatile Disc, blu-ray Disc, etc.), a magnetic Disc storage medium or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to these.
The memory 4003 is used for storing application codes for executing the scheme of the present application, and the execution is controlled by the processor 4001. Processor 4001 is configured to execute application code stored in memory 4003 to implement what is shown in the foregoing method embodiments.
Among them, electronic devices include but are not limited to: mobile phones, notebook computers, multimedia players, desktop computers, and the like.
The present application provides a computer-readable storage medium, on which a computer program is stored, which, when running on a computer, enables the computer to execute the corresponding content in the foregoing method embodiments. Compared with the prior art, the method and the device have the advantages that the SIM card information of the mobile terminal equipment is obtained in the starting process of the mobile terminal equipment, the SIM card information is verified, the subsequent starting or stopping of the mobile terminal equipment is triggered based on the verification result, so that the mobile terminal equipment is stopped when the SIM card information is abnormal, the user application program cannot be loaded, and the leakage of the mobile terminal equipment information or the user information and other potential safety hazards are avoided.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
The foregoing is only a partial embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (10)
1. A trusted boot method for a mobile terminal device, comprising:
in the starting process of the mobile terminal equipment, obtaining the information of a Subscriber Identity Module (SIM) card of the mobile terminal equipment;
and verifying the SIM card information, and executing corresponding operation aiming at the starting process of the mobile terminal equipment based on a verification result.
2. The trusted boot method according to claim 1, wherein the boot process of the mobile terminal device comprises booting a Trusted Execution Environment (TEE) system,
in the starting process of the mobile terminal equipment, obtaining the information of the subscriber identity module SIM card of the mobile terminal equipment comprises the following steps:
and in the starting process of the mobile terminal equipment, loading and operating the TEE system, and acquiring the SIM card information through a preset trusted application in the TEE system.
3. The trusted boot method according to claim 2, wherein the boot process of the mobile terminal device includes booting an REE system,
the verifying the SIM card information and executing corresponding operation aiming at the starting process of the mobile terminal equipment based on the verification result comprise:
if the SIM card information is successfully verified, continuing to start the REE system,
and if the SIM card information verification fails, stopping the starting of the mobile terminal equipment to prohibit the REE system from being started.
4. The trusted boot method of any of claims 1-3, wherein said SIM card information includes SIM card authentication results,
the verifying the SIM card information and executing corresponding operation aiming at the starting process of the mobile terminal equipment based on the verification result comprise:
if the authentication result of the SIM card is successful, the mobile terminal equipment is continuously started after the verification is confirmed to be passed,
and if the authentication result of the SIM card is authentication failure, determining that the verification fails, and stopping executing the starting of the mobile terminal equipment.
5. The trusted boot method according to claim 4, wherein the SIM card information includes an SIM card identifier and an SIM card access operator network identifier,
the verifying the SIM card information comprises:
the SIM card identification and the SIM card are accessed to an operator network identification and are matched with the prestored SIM card information bound by the mobile terminal equipment;
based on the verification result, corresponding operations are executed for the starting process of the mobile terminal equipment, and the corresponding operations comprise:
if the information is matched consistently, continuing to execute the starting of the mobile terminal equipment;
and if the information matching is inconsistent, stopping executing the starting of the mobile terminal equipment.
6. The trusted boot method of claim 5, further comprising:
when the equipment of the mobile terminal is started and is in a running state, the trusted application acquires the authentication result of the SIM card within preset time;
and when the SIM card authentication result is authentication failure, stopping the operation of the mobile terminal equipment by any one of ways of turning off a CPU, reducing the frequency and turning off a power supply.
7. A trusted boot apparatus for a mobile terminal device, comprising:
the acquisition module is used for acquiring the SIM card information of the user identity module of the mobile terminal equipment in the starting process of the mobile terminal equipment;
and the execution module is used for verifying the SIM card information and executing corresponding operation aiming at the starting process of the mobile terminal equipment based on the verification result.
8. The trusted boot apparatus according to claim 7, wherein the boot process of the mobile terminal device comprises booting a Trusted Execution Environment (TEE) system,
the obtaining module is specifically configured to load and run the TEE system in a starting process of the mobile terminal device, and obtain the SIM card information through a trusted application preset in the TEE system.
9. An electronic device, characterized in that the electronic device comprises:
one or more processors;
a memory;
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to: executing the trusted boot method of a mobile terminal device according to any of claims 1 to 6.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the trusted boot method of a mobile terminal device according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011521788.2A CN112533196A (en) | 2020-12-21 | 2020-12-21 | Trusted starting method and device for mobile terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011521788.2A CN112533196A (en) | 2020-12-21 | 2020-12-21 | Trusted starting method and device for mobile terminal equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112533196A true CN112533196A (en) | 2021-03-19 |
Family
ID=75002210
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011521788.2A Pending CN112533196A (en) | 2020-12-21 | 2020-12-21 | Trusted starting method and device for mobile terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112533196A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006021624A1 (en) * | 2004-07-23 | 2006-03-02 | Waving Technology | Portable recyclable telephone |
| CN101075316A (en) * | 2007-06-25 | 2007-11-21 | 陆航程 | Method for managing electronic ticket trade certification its carrier structure, system and terminal |
| CN104700268A (en) * | 2015-03-30 | 2015-06-10 | 中科创达软件股份有限公司 | Mobile payment method and mobile device |
| CN106529232A (en) * | 2016-10-19 | 2017-03-22 | 广东欧珀移动通信有限公司 | Startup method and device |
-
2020
- 2020-12-21 CN CN202011521788.2A patent/CN112533196A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006021624A1 (en) * | 2004-07-23 | 2006-03-02 | Waving Technology | Portable recyclable telephone |
| CN101075316A (en) * | 2007-06-25 | 2007-11-21 | 陆航程 | Method for managing electronic ticket trade certification its carrier structure, system and terminal |
| CN104700268A (en) * | 2015-03-30 | 2015-06-10 | 中科创达软件股份有限公司 | Mobile payment method and mobile device |
| CN106529232A (en) * | 2016-10-19 | 2017-03-22 | 广东欧珀移动通信有限公司 | Startup method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9426661B2 (en) | Secure lock for mobile device | |
| CN109542518B (en) | Chip and method for starting chip | |
| CN109669734B (en) | Method and apparatus for starting a device | |
| KR101702289B1 (en) | Continuation of trust for platform boot firmware | |
| US8135945B2 (en) | Flexible boot methods for multi-processor devices | |
| US20220109974A1 (en) | Esim card change method and related device | |
| US8726364B2 (en) | Authentication and access protection of computer boot modules in run-time environments | |
| EP2831722B1 (en) | Method and system for verifying proper operation of a computing device after a system change | |
| WO2017052801A1 (en) | Secure patch updates for programmable memories | |
| US10511965B2 (en) | Method and system for downloading software based on mobile terminal | |
| CN107292176B (en) | Method and system for accessing a trusted platform module of a computing device | |
| KR101654778B1 (en) | Hardware-enforced access protection | |
| US9390259B2 (en) | Method for activating an operating system in a security module | |
| US20150288523A1 (en) | Method of programming a smart card, computer program product and programmable smart card | |
| KR102244465B1 (en) | Electronic assembly comprising a disabling module | |
| CN116048639A (en) | Method and device for starting operating system, electronic equipment and readable storage medium | |
| CN108241798B (en) | Method, device and system for preventing machine refreshing | |
| US20110107395A1 (en) | Method and apparatus for providing a fast and secure boot process | |
| CN112182642A (en) | Private data and trusted application processing method, system, device and equipment | |
| JP6354438B2 (en) | Information processing apparatus, information processing system, and processing program | |
| CN112533196A (en) | Trusted starting method and device for mobile terminal equipment | |
| US20200244461A1 (en) | Data Processing Method and Apparatus | |
| US10659599B2 (en) | Certificate loading method and related product | |
| WO2018119873A1 (en) | Method for controlling functioning of microprocessor | |
| CN115238274A (en) | Trusted starting method and system based on domestic cryptographic algorithm by using SD card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210319 |
|
| RJ01 | Rejection of invention patent application after publication |