CN112800488A - Application upgrading method and device and electronic equipment - Google Patents
Application upgrading method and device and electronic equipment Download PDFInfo
- Publication number
- CN112800488A CN112800488A CN202110390557.0A CN202110390557A CN112800488A CN 112800488 A CN112800488 A CN 112800488A CN 202110390557 A CN202110390557 A CN 202110390557A CN 112800488 A CN112800488 A CN 112800488A
- Authority
- CN
- China
- Prior art keywords
- application
- trusted
- code
- execution environment
- update
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
Abstract
One or more embodiments of the present specification provide an application upgrade method, apparatus, and electronic device, which are applied to an electronic device equipped with a trusted execution environment; at least one trusted application is deployed in the trusted execution environment; the method comprises the following steps: receiving an application upgrading request aiming at a trusted application and sent by an application deployment party; the application upgrading request comprises an identity certificate corresponding to the application deployment party and an updating code corresponding to the trusted application; in the trusted execution environment, acquiring an update certificate corresponding to the trusted application and stored in the trusted execution environment, and determining whether an identity certificate corresponding to an application deployment party in the application upgrading request is the same as an identity certificate obtained by decrypting the update certificate; the updating certificate is an encrypted identity certificate obtained by encrypting an identity certificate corresponding to the application deployment party based on a secret key corresponding to the trusted application; if so, the code of the trusted application is updated based on the update code.
Description
Technical Field
One or more embodiments of the present disclosure relate to the technical field of information security, and in particular, to an application upgrade method and apparatus, and an electronic device.
Background
In recent years, interconnection devices are increasingly popularized, so that device manufacturers are forced to treat security problems occurring in the operation process of the devices more seriously and seriously, and a Trusted Execution Environment (TEE) mounted in the devices provides solutions for the security problems.
The trusted execution environment is a secure area within the host processor, runs in a separate environment, and runs in parallel with the conventional operating system, so that the confidentiality and integrity of code and data loaded in the trusted execution environment can be protected.
Trusted Applications (TAPP) running in a trusted execution environment can access all functions of the main processor and memory in the device, while hardware isolation can protect these trusted applications from user-installed applications running in the main operating system; furthermore, software and cryptographic isolation in the trusted execution environment may protect different trusted applications from each other.
Disclosure of Invention
The present specification proposes an application upgrade method, which is applied to an electronic device equipped with a trusted execution environment; at least one trusted application is deployed in the trusted execution environment; the method comprises the following steps:
receiving an application upgrading request aiming at the trusted application and sent by an application deployment party; wherein the application upgrade request includes an identity credential corresponding to the application signing party and an update code corresponding to the trusted application;
in the trusted execution environment, acquiring an update certificate corresponding to the trusted application and stored in the trusted execution environment, and determining whether an identity certificate corresponding to the application deployment party in the application upgrading request is the same as an identity certificate obtained by decrypting the update certificate; the update certificate is an encrypted identity certificate obtained by encrypting an identity certificate corresponding to the application deployment party based on a key corresponding to the trusted application;
if so, updating the code of the trusted application based on the update code.
Optionally, the application upgrade request further includes an application identifier corresponding to the trusted application;
before the obtaining of the update credential corresponding to the trusted application stored in the trusted execution environment, the method further includes:
determining whether the trusted application is deployed in the trusted execution environment based on the application identification;
and if so, acquiring the update certificate which is stored in the trusted execution environment and corresponds to the trusted application.
Optionally, the method further comprises:
receiving an application deployment request sent by the application deployment party; wherein the application deployment request comprises an identity credential corresponding to the application deployment party, and a key and an initial code corresponding to the trusted application;
deploying the trusted application in the trusted execution environment based on the initial code, and encrypting the identity credential in the trusted execution environment based on the key, so as to store the encrypted identity credential as an update credential corresponding to the trusted application to the trusted execution environment.
Optionally, the key corresponding to the trusted application includes an application identification corresponding to the trusted application.
Optionally, the initial code includes attribute information indicating whether the trusted application is a scalable application;
before the updating the code of the trusted application based on the update code, the method further comprises:
determining, in the trusted execution environment, whether the trusted application is a scalable application based on attribute information of the trusted application stored in the trusted execution environment;
if so, updating the code of the trusted application based on the update code.
Optionally, the application upgrade request further includes a data version corresponding to the update code;
before the updating the code of the trusted application based on the update code, the method further comprises:
determining, in the trusted execution environment, whether a data version of the application upgrade request corresponding to the update code is higher than a data version of the trusted application stored in the trusted execution environment corresponding to code;
if so, updating the code of the trusted application based on the update code.
Optionally, the application upgrade request further includes a public key of the application distributor and a digital signature obtained by signing the update code based on a private key of the application distributor;
before the updating the code of the trusted application based on the update code, the method further comprises:
verifying, in the trusted execution environment, the digital signature based on a public key of the application signature in the application upgrade request;
and if the verification is passed, updating the code of the trusted application based on the updating code.
Optionally, the identity credential corresponding to the application deployment party comprises a public key of the application deployment party.
Optionally, the application identifier corresponding to the trusted application includes a service name of a service corresponding to the trusted application.
The present specification also proposes an application upgrade apparatus, which is applied to an electronic device that carries a trusted execution environment; at least one trusted application is deployed in the trusted execution environment; the device comprises:
the first receiving module is used for receiving an application upgrading request aiming at the trusted application and sent by an application deployment party; wherein the application upgrade request includes an identity credential corresponding to the application signing party and an update code corresponding to the trusted application;
a determining module, configured to obtain, in the trusted execution environment, an update credential corresponding to the trusted application stored in the trusted execution environment, and determine whether an identity credential corresponding to the application deployment party in the application upgrade request is the same as an identity credential obtained by decrypting the update credential; the update certificate is an encrypted identity certificate obtained by encrypting an identity certificate corresponding to the application deployment party based on a key corresponding to the trusted application;
and if so, updating the code of the trusted application based on the update code.
Optionally, the application upgrade request further includes an application identifier corresponding to the trusted application;
the acquisition module:
determining whether the trusted application is deployed in the trusted execution environment based on the application identification before obtaining update credentials corresponding to the trusted application stored in the trusted execution environment;
and if so, acquiring the update certificate which is stored in the trusted execution environment and corresponds to the trusted application.
Optionally, the apparatus further comprises:
a second receiving module, configured to receive an application deployment request sent by the application deployment party; wherein the application deployment request comprises an identity credential corresponding to the application deployment party, and a key and an initial code corresponding to the trusted application;
and the deployment module is used for deploying the trusted application in the trusted execution environment based on the initial code, and encrypting the identity certificate in the trusted execution environment based on the secret key so as to store the encrypted identity certificate as an update certificate corresponding to the trusted application in the trusted execution environment.
Optionally, the key corresponding to the trusted application includes an application identification corresponding to the trusted application.
Optionally, the initial code includes attribute information indicating whether the trusted application is a scalable application;
the update module:
prior to updating code of the trusted application based on the update code, determining, in the trusted execution environment, whether the trusted application is a scalable application based on attribute information of the trusted application stored in the trusted execution environment;
if so, updating the code of the trusted application based on the update code.
Optionally, the application upgrade request further includes a data version corresponding to the update code;
the update module:
prior to updating code of the trusted application based on the update code, determining, in the trusted execution environment, whether a data version of the application upgrade request that corresponds to the update code is higher than a data version of the trusted application that is stored in the trusted execution environment;
if so, updating the code of the trusted application based on the update code.
Optionally, the application upgrade request further includes a public key of the application distributor and a digital signature obtained by signing the update code based on a private key of the application distributor;
the update module:
verifying, in the trusted execution environment, the digital signature based on a public key of the application signature in the application upgrade request prior to updating code of the trusted application based on the update code;
and if the verification is passed, updating the code of the trusted application based on the updating code.
Optionally, the identity credential corresponding to the application deployment party comprises a public key of the application deployment party.
Optionally, the application identifier corresponding to the trusted application includes a service name of a service corresponding to the trusted application.
This specification also proposes an electronic device including:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the steps of the above method by executing the executable instructions.
The present specification also contemplates a computer-readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the above-described method.
In the above technical solution, when an application upgrade request sent by an application deployment party for a trusted application deployed in a trusted execution environment is received, if it is determined that an identity credential corresponding to the application deployment party in the application upgrade request is the same as an identity credential obtained by decrypting an update credential corresponding to the trusted application stored in the trusted execution environment, a code of the trusted application is updated based on an update code corresponding to the trusted application in the application upgrade request, so that for the application deployment party, the update credential corresponding to the trusted application is not changed due to a change in the code of the trusted application, and therefore, subsequent application upgrade of the trusted application is not affected, and smooth upgrade of the trusted application can be achieved.
Drawings
FIG. 1 is a schematic diagram of an application upgrade system shown in an exemplary embodiment of the present description;
FIG. 2 is a flow chart diagram illustrating a method for application upgrade in accordance with an exemplary embodiment of the present description;
FIG. 3 is a flow chart diagram illustrating a method for application deployment in accordance with an exemplary embodiment of the present description;
fig. 4 is a hardware structure diagram of an electronic device where an application upgrading apparatus is located according to an exemplary embodiment of the present specification;
fig. 5 is a block diagram of an application upgrade apparatus according to an exemplary embodiment of the present specification.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with one or more embodiments of the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of one or more embodiments of the specification, as detailed in the claims which follow.
It should be noted that: in other embodiments, the steps of the corresponding methods are not necessarily performed in the order shown and described herein. In some other embodiments, the method may include more or fewer steps than those described herein. Moreover, a single step described in this specification may be broken down into multiple steps for description in other embodiments; multiple steps described in this specification may be combined into a single step in other embodiments.
In practical applications, a trusted execution environment may be hosted in an electronic device and at least one trusted application may be deployed in the trusted execution environment. In this case, each trusted application deployed may run in the trusted execution environment; that is, code and data corresponding to each trusted application may be loaded into the trusted execution environment for execution to protect the confidentiality and integrity of the code and data corresponding to each trusted application.
The electronic device with the trusted execution environment may be a server, a computer, a mobile phone, a tablet device, a notebook computer, a Personal Digital Assistants (PDAs), and the like, which is not limited in this specification.
Generally, for a certain trusted application deployed in a trusted execution environment, data corresponding to the trusted application (e.g., a function for computing indicated by code corresponding to the trusted application; parameters required for the code corresponding to the trusted application to be executed; etc.) may be stored in the trusted execution environment in advance. Subsequently, when the user calls the trusted application, the user may specify data corresponding to the trusted application in the call (i.e., data that the trusted application needs to use when running in the call), so that the trusted application may perform trusted computing based on the data specified by the user in the trusted execution environment, and output a corresponding computing result.
Specifically, data corresponding to the trusted application may be encrypted in advance, and the encrypted data may be stored in the trusted execution environment as private data corresponding to the trusted application. Subsequently, the trusted application may decrypt the private data specified by the user in the trusted execution environment, perform trusted computing based on the decrypted data, and output a corresponding computing result.
For private data corresponding to a trusted application deployed in a trusted execution environment, the private data is typically held and maintained by a data owner and provided to the trusted application, such that the trusted application can perform trusted computing in the trusted execution environment based on the private data.
In the related art, for a certain trusted application deployed in a trusted execution environment, when application upgrade is performed on the trusted application (that is, when a code of the trusted application is updated), in order to ensure data security of an update code, an update code corresponding to the trusted application is encrypted based on a public key of the trusted application, and the encrypted update code is provided to the trusted application; accordingly, the trusted application may decrypt, in the trusted execution environment, the encrypted update code based on the private key of the trusted application to obtain the update code, and update the code of the trusted application based on the update code.
However, since the public key of the trusted application is usually generated based on the key attribute information in the code of the trusted application, when the trusted application performs application upgrade to change the code of the trusted application, the public key of the trusted application may also change accordingly, thereby affecting subsequent application upgrade of the trusted application.
The present specification provides a technical solution for updating a code of a trusted application based on an update code corresponding to a trusted application in an application upgrade request, if it is determined that an identity credential corresponding to an application deployment party in the application upgrade request is the same as an identity credential obtained by decrypting an update credential corresponding to the trusted application stored in a trusted execution environment, when the application upgrade request for the trusted application deployed in the trusted execution environment sent by the application deployment party is received.
In a specific implementation, for a trusted application deployed in the trusted execution environment, an application deployment party (e.g., an application management party of the trusted application) may initiate an application upgrade request for the trusted application, and send the application upgrade request to an electronic device hosting the trusted execution environment through an electronic device corresponding to the application deployment party, in order to upgrade the application.
In practical applications, the application upgrade request may include: the identity certificate corresponding to the application deployment party and the updating code corresponding to the trusted application.
When the application upgrading request is received, on one hand, an identity certificate corresponding to the application deployment party in the application upgrading request can be obtained; on the other hand, the update credential corresponding to the trusted application stored in the trusted execution environment may be acquired.
It should be noted that the update credential stored in the trusted execution environment and corresponding to the trusted application is an encrypted identity credential obtained by encrypting the identity credential corresponding to the application deployment party based on the key corresponding to the trusted application.
In this case, when the update credential corresponding to the trusted application stored in the trusted execution environment is acquired, the update credential may be decrypted to obtain the identity credential corresponding to the application deployment party. Further, in the trusted execution environment, it may be determined whether the identity credential corresponding to the application signature in the application upgrade request is the same as the identity credential corresponding to the application signature obtained by decrypting the update credential.
If the identity credential corresponding to the application deployment party in the application upgrade request is the same as the identity credential corresponding to the application deployment party decrypted from the update credential, the application deployment party is considered to have the application upgrade authority of the trusted application, and therefore, the current code of the trusted application can be updated in the trusted execution environment based on the update code corresponding to the trusted application in the application upgrade request.
In the above technical solution, when an application upgrade request sent by an application deployment party for a trusted application deployed in a trusted execution environment is received, if it is determined that an identity credential corresponding to the application deployment party in the application upgrade request is the same as an identity credential obtained by decrypting an update credential corresponding to the trusted application stored in the trusted execution environment, a code of the trusted application is updated based on an update code corresponding to the trusted application in the application upgrade request, so that for the application deployment party, the update credential corresponding to the trusted application is not changed due to a change in the code of the trusted application, and therefore, subsequent application upgrade of the trusted application is not affected, and smooth upgrade of the trusted application can be achieved.
Referring to fig. 1, fig. 1 is a schematic diagram of an application upgrade system according to an exemplary embodiment of the present disclosure.
As shown in fig. 1, a trusted execution environment may be installed in an electronic device, and at least one trusted application may be deployed in the trusted execution environment, where each deployed trusted application may run in the trusted execution environment. In this case, for a trusted application deployed in the trusted execution environment, the trusted application may perform trusted computing using private data corresponding to the trusted application; that is, the trusted application may perform trusted computations in the trusted execution environment based on private data corresponding to the trusted application.
Referring to fig. 2, fig. 2 is a flowchart illustrating an application upgrade method according to an exemplary embodiment of the present disclosure.
In conjunction with the application upgrade system shown in fig. 1, the application upgrade method may be applied to an electronic device loaded with a trusted execution environment in the application upgrade system; at least one trusted application is deployed in the trusted execution environment. The application upgrading method can comprise the following steps:
and step 206, if yes, updating the code of the trusted application based on the updating code.
In this embodiment, for a certain trusted application deployed in the trusted execution environment, in order to upgrade the application of the trusted application, an application deployment party (for example, an application management party of the trusted application) may initiate an application upgrade request for the trusted application, and send the application upgrade request to an electronic device hosting the trusted execution environment through an electronic device corresponding to the application deployment party.
In practical applications, the application upgrade request may include: the identity certificate corresponding to the application deployment party and the updating code corresponding to the trusted application.
In this embodiment, when the application upgrade request is received, on one hand, an identity credential corresponding to the application deployment party in the application upgrade request may be obtained; on the other hand, the update credential corresponding to the trusted application stored in the trusted execution environment may be acquired.
It should be noted that the update credential stored in the trusted execution environment and corresponding to the trusted application is an encrypted identity credential obtained by encrypting the identity credential corresponding to the application deployment party based on the key corresponding to the trusted application. The key corresponding to the trusted application may be an application identifier corresponding to the trusted application, or may be a specific key set by a technician in advance for the trusted application, which is not limited in this specification.
For example, based on the HMAC SHA256 algorithm, the identity credential corresponding to the application deployment party is used as HMAC source data, the application identifier corresponding to the trusted application is used as an HMAC Key, the update credential corresponding to the trusted application is calculated, and the update credential is stored in the trusted execution environment.
In one illustrated embodiment, the application identification corresponding to the trusted application may include a business name of a business corresponding to the trusted application. For example, assuming that a data verification service can be executed by invoking the trusted application, the application identification corresponding to the trusted application may be a data verification.
In practical application, the application identifier corresponding to the trusted application may also be a hash value of an initial code of the trusted application, and may be specifically set according to practical requirements, which is not limited in this specification.
Generally, for different trusted applications, the keys corresponding to the trusted applications are different; that is, keys corresponding to different trusted applications are different from each other. For a certain trusted application, since the application identifier corresponding to the trusted application can uniquely refer to the trusted application, the application identifier corresponding to the trusted application can be directly used as a key corresponding to the trusted application, and the trusted application is prevented from being additionally allocated with the corresponding key.
In this embodiment, when the update credential corresponding to the trusted application stored in the trusted execution environment is acquired, the update credential may be decrypted to obtain the identity credential corresponding to the application deployment party. Further, in the trusted execution environment, it may be determined whether the identity credential corresponding to the application signature in the application upgrade request is the same as the identity credential corresponding to the application signature obtained by decrypting the update credential.
In this embodiment, if the identity credential corresponding to the application deployment party in the application upgrade request is the same as the identity credential corresponding to the application deployment party decrypted from the update credential, it is considered that the application deployment party has the application upgrade authority of the trusted application, and therefore, the current code of the trusted application can be updated in the trusted execution environment based on the update code corresponding to the trusted application in the application upgrade request.
In an embodiment, before obtaining the update credential corresponding to the trusted application stored in the trusted execution environment, it may be determined whether the trusted application is deployed in the trusted execution environment.
Specifically, the application upgrade request may further include: an application identification corresponding to the trusted application. At this time, it may be determined whether a trusted application corresponding to the application identifier is deployed in the trusted execution environment based on the application identifier corresponding to the trusted application in the application upgrade request; if so, the trusted application may be considered to be deployed in the trusted execution environment; otherwise, the trusted application may be deemed to be undeployed in the trusted execution environment.
If the trusted application is deployed in the trusted execution environment, the update credential stored in the trusted execution environment and corresponding to the trusted application may be acquired, so as to execute a subsequent process of upgrading the trusted application.
Referring to fig. 3, on the basis of the application upgrade flow shown in fig. 2, fig. 3 is a flowchart of an application deployment method shown in an exemplary embodiment of this specification.
Likewise, the application deployment method may be applied to the electronic device described above in the application upgrade system shown in fig. 1. The application deployment method can comprise the following steps:
In order to deploy the trusted application to the trusted execution environment, the application deployment party may initiate an application deployment request for the trusted application, and transmit the application deployment request to the electronic device equipped with the trusted execution environment through an electronic device corresponding to the application deployment party.
Specifically, the application deployment request may include: an identity credential corresponding to the application signing party, and a key and an initial code corresponding to the trusted application. The key corresponding to the trusted application may be an application identifier corresponding to the trusted application, or may be a specific key set by a technician in advance for the trusted application, which is not limited in this specification.
In this case, the electronic device, upon receiving the application deployment request, may, on the one hand, deploy the trusted application in the trusted execution environment based on the initial code; on the other hand, in the trusted execution environment, the identity credential corresponding to the application deployment party in the application deployment request may be encrypted based on the key corresponding to the trusted application in the application deployment request, so that the encrypted identity credential may be stored to the trusted execution environment as the update credential corresponding to the trusted application.
In order to ensure the security of the upgrade of the trusted application, in an embodiment shown, the initial code corresponding to the trusted application may include: attribute information indicating whether the trusted application is a scalable application. That is, the code of the trusted application deployed in the trusted execution environment may include: attribute information indicating whether the trusted application is a scalable application.
In this case, before the current code of the trusted application is updated based on the update code, it may be determined whether the trusted application is a scalable application in the trusted execution environment based on attribute information in the current code of the trusted application indicating whether the trusted application is a scalable application.
If the trusted application is a scalable application, verification of the upgrade to the trusted application may be deemed to be passed, and the current code of the trusted application may be updated based on the update code.
In another embodiment shown, the application upgrade request may further include: and the data version corresponding to the update code. Correspondingly, the application deployment request may further include: a version of the data corresponding to the initial code. That is, the trusted execution environment may store therein a version of data corresponding to the current code of the trusted application.
In this case, before updating the current code of the trusted application based on the update code, it may be determined in the trusted execution environment whether a data version corresponding to the update code in the application upgrade request is higher than a data version corresponding to the current code of the trusted application stored in the trusted execution environment.
If the data version corresponding to the update code in the application upgrade request is higher than the data version corresponding to the current code of the trusted application stored in the trusted execution environment, the update code in the application upgrade request may be considered to be more updated than the current code of the trusted application deployed in the trusted execution environment, and thus, the verification for the trusted application upgrade may be considered to pass, so that the current code of the trusted application may be updated based on the update code.
For example, assume that the data version of the code of the trusted application is a version number in a digital form, and a larger number of the version number indicates a higher version; further assume that a data version corresponding to the update code in the application upgrade request is version1.3, and a data version corresponding to the current code of the trusted application stored in the trusted execution environment is version 2.0; then since 2.0 is greater than 1.3, it may be determined that the version of data in the application upgrade request corresponding to the update code is higher than the version of data stored in the trusted execution environment corresponding to the current code of the trusted application.
In another illustrated embodiment, the application upgrade request may further include: the public key of the application deployment party.
In this case, the application signature generator may sign the update code with a private key thereof to obtain a corresponding digital signature, and add the digital signature to the application upgrade request to transmit the application upgrade request including the digital signature to the electronic device equipped with the trusted execution environment.
In this case, before the current code of the trusted application is updated based on the update code, the public key of the application signature in the application upgrade request may be acquired in the trusted execution environment, and the digital signature in the application upgrade request may be verified based on the acquired public key of the application signature.
If the verification for the digital signature passes, the verification for the trusted application upgrade may be deemed to pass, so that the current code of the trusted application may be updated based on the update code.
Correspondingly, the application deployment request may further include: the public key of the application deployment party.
In this case, the application deployment party may sign the initial code using its private key to obtain a corresponding digital signature, and add the digital signature to the application deployment request to transmit the application deployment request including the digital signature to the electronic device equipped with the trusted execution environment. When the electronic device receives the application deployment request, the electronic device may first acquire the public key of the application deployment party in the application deployment request in the trusted execution environment, and verify the digital signature in the application deployment request based on the acquired public key of the application deployment party. If the verification of the digital signature is passed, a subsequent process of application deployment of the trusted application may be performed.
In practical applications, the identity credential corresponding to the application deployer may include: the public key of the application distributor. That is, the application upgrade request may include: an identity credential corresponding to the application deployer (including a public key of the application deployer), and an update code corresponding to the trusted application.
It should be noted that the application upgrade request may include one or more of the following information for verifying the trusted application upgrade: a data version corresponding to the update code; the public key of the application deployment party. Meanwhile, the initial code corresponding to the trusted application may include: attribute information indicating whether the trusted application is a scalable application. In this case, it may be determined that the upgrade for the trusted application is validated when every information therein is validated.
For example, assume that the application upgrade request includes: a data version corresponding to the update code and a public key of the application deployment party; the initial code corresponding to the trusted application may include: attribute information indicating whether the trusted application is a scalable application; further assume that the following three conditions are all satisfied: (1) determining that the trusted application is a scalable application based on attribute information in current code of the trusted application indicating whether the trusted application is a scalable application; (2) the data version corresponding to the update code in the application upgrade request is higher than the data version corresponding to the current code of the trusted application stored in the trusted execution environment; (3) the verification of the digital signature in the application upgrading request is passed; it may be determined that the verification for the trusted application upgrade passed, and a subsequent process of application upgrade of the trusted application may be performed.
In the above technical solution, when an application upgrade request sent by an application deployment party for a trusted application deployed in a trusted execution environment is received, if it is determined that an identity credential corresponding to the application deployment party in the application upgrade request is the same as an identity credential obtained by decrypting an update credential corresponding to the trusted application stored in the trusted execution environment, a code of the trusted application is updated based on an update code corresponding to the trusted application in the application upgrade request, so that for the application deployment party, the update credential corresponding to the trusted application is not changed due to a change in the code of the trusted application, and therefore, subsequent application upgrade of the trusted application is not affected, and smooth upgrade of the trusted application can be achieved.
Corresponding to the foregoing embodiment of the application upgrade method, this specification also provides an embodiment of an application upgrade apparatus.
The embodiment of the application upgrading device can be applied to electronic equipment. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. Taking a software implementation as an example, as a logical device, the device is formed by reading, by a processor of the electronic device where the device is located, a corresponding computer program instruction in the nonvolatile memory into the memory for operation. From a hardware aspect, as shown in fig. 4, the hardware structure diagram of the electronic device where the application upgrading apparatus is located in this specification is shown, except for the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 4, the electronic device where the apparatus is located in the embodiment may also include other hardware according to the actual function of the application upgrading, which is not described again.
Referring to fig. 5, fig. 5 is a block diagram of an application upgrading apparatus according to an exemplary embodiment of the present disclosure. The application upgrading apparatus 50 may be applied to an electronic device as shown in fig. 4, and the electronic device may be loaded with a trusted execution environment; at least one trusted application is deployed in the trusted execution environment; the application upgrading apparatus 50 may include:
a first receiving module 501, configured to receive an application upgrade request for the trusted application sent by an application deployment party; wherein the application upgrade request includes an identity credential corresponding to the application signing party and an update code corresponding to the trusted application;
a determining module 502, configured to obtain, in the trusted execution environment, an update credential corresponding to the trusted application stored in the trusted execution environment, and determine whether an identity credential corresponding to the application deployment party in the application upgrade request is the same as an identity credential obtained by decrypting the update credential; the update certificate is an encrypted identity certificate obtained by encrypting an identity certificate corresponding to the application deployment party based on a key corresponding to the trusted application;
and if so, the updating module 503 updates the code of the trusted application based on the update code.
In this embodiment, the application upgrade request further includes an application identifier corresponding to the trusted application;
the obtaining module 502:
determining whether the trusted application is deployed in the trusted execution environment based on the application identification before obtaining update credentials corresponding to the trusted application stored in the trusted execution environment;
and if so, acquiring the update certificate which is stored in the trusted execution environment and corresponds to the trusted application.
In this embodiment, the apparatus 50 further comprises:
a second receiving module 504, configured to receive the application deployment request sent by the application deployment party; wherein the application deployment request comprises an identity credential corresponding to the application deployment party, and a key and an initial code corresponding to the trusted application;
the deployment module 505 is configured to deploy the trusted application in the trusted execution environment based on the initial code, and encrypt the identity credential in the trusted execution environment based on the secret key, so as to store the encrypted identity credential as an update credential corresponding to the trusted application in the trusted execution environment.
In this embodiment, the key corresponding to the trusted application includes an application identifier corresponding to the trusted application.
In this embodiment, the initial code includes attribute information indicating whether the trusted application is a scalable application;
the update module 503:
prior to updating code of the trusted application based on the update code, determining, in the trusted execution environment, whether the trusted application is a scalable application based on attribute information of the trusted application stored in the trusted execution environment;
if so, updating the code of the trusted application based on the update code.
In this embodiment, the application upgrade request further includes a data version corresponding to the update code;
the update module 503:
prior to updating code of the trusted application based on the update code, determining, in the trusted execution environment, whether a data version of the application upgrade request that corresponds to the update code is higher than a data version of the trusted application that is stored in the trusted execution environment;
if so, updating the code of the trusted application based on the update code.
In this embodiment, the application upgrade request further includes a public key of the application signature party and a digital signature obtained by signing the update code based on a private key of the application signature party;
the update module 503:
verifying, in the trusted execution environment, the digital signature based on a public key of the application signature in the application upgrade request prior to updating code of the trusted application based on the update code;
and if the verification is passed, updating the code of the trusted application based on the updating code.
In this embodiment, the identity credential corresponding to the application subscriber includes the public key of the application subscriber.
In this embodiment, the application identifier corresponding to the trusted application includes a service name of a service corresponding to the trusted application.
The implementation process of the functions and actions of each module in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, wherein the modules described as separate parts may or may not be physically separate, and the parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in the specification. One of ordinary skill in the art can understand and implement it without inventive effort.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The terminology used in the description of the one or more embodiments is for the purpose of describing the particular embodiments only and is not intended to be limiting of the description of the one or more embodiments. As used in one or more embodiments of the present specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in one or more embodiments of the present description to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of one or more embodiments herein. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The above description is only for the purpose of illustrating the preferred embodiments of the one or more embodiments of the present disclosure, and is not intended to limit the scope of the one or more embodiments of the present disclosure, and any modifications, equivalent substitutions, improvements, etc. made within the spirit and principle of the one or more embodiments of the present disclosure should be included in the scope of the one or more embodiments of the present disclosure.
Claims (20)
1. An application upgrading method is applied to electronic equipment loaded with a trusted execution environment; at least one trusted application is deployed in the trusted execution environment; the method comprises the following steps:
receiving an application upgrading request aiming at the trusted application and sent by an application deployment party; wherein the application upgrade request includes an identity credential corresponding to the application signing party and an update code corresponding to the trusted application;
in the trusted execution environment, acquiring an update certificate corresponding to the trusted application and stored in the trusted execution environment, and determining whether an identity certificate corresponding to the application deployment party in the application upgrading request is the same as an identity certificate obtained by decrypting the update certificate; the update certificate is an encrypted identity certificate obtained by encrypting an identity certificate corresponding to the application deployment party based on a key corresponding to the trusted application;
if so, updating the code of the trusted application based on the update code.
2. The method of claim 1, the application upgrade request further comprising an application identification corresponding to the trusted application;
before the obtaining of the update credential corresponding to the trusted application stored in the trusted execution environment, the method further includes:
determining whether the trusted application is deployed in the trusted execution environment based on the application identification;
and if so, acquiring the update certificate which is stored in the trusted execution environment and corresponds to the trusted application.
3. The method of claim 1, further comprising:
receiving an application deployment request sent by the application deployment party; wherein the application deployment request comprises an identity credential corresponding to the application deployment party, and a key and an initial code corresponding to the trusted application;
deploying the trusted application in the trusted execution environment based on the initial code, and encrypting the identity credential in the trusted execution environment based on the key, so as to store the encrypted identity credential as an update credential corresponding to the trusted application to the trusted execution environment.
4. The method of claim 1 or 3, the key corresponding to the trusted application comprising an application identification corresponding to the trusted application.
5. The method of claim 3, the initial code comprising attribute information for indicating whether the trusted application is a scalable application;
before the updating the code of the trusted application based on the update code, the method further comprises:
determining, in the trusted execution environment, whether the trusted application is a scalable application based on attribute information of the trusted application stored in the trusted execution environment;
if so, updating the code of the trusted application based on the update code.
6. The method of claim 1, the application upgrade request further comprising a data version corresponding to the update code;
before the updating the code of the trusted application based on the update code, the method further comprises:
determining, in the trusted execution environment, whether a data version of the application upgrade request corresponding to the update code is higher than a data version of the trusted application stored in the trusted execution environment corresponding to code;
if so, updating the code of the trusted application based on the update code.
7. The method of claim 1, the application upgrade request further comprising a public key of the application signature and a digital signature obtained by signing the update code based on a private key of the application signature;
before the updating the code of the trusted application based on the update code, the method further comprises:
verifying, in the trusted execution environment, the digital signature based on a public key of the application signature in the application upgrade request;
and if the verification is passed, updating the code of the trusted application based on the updating code.
8. The method of claim 7, wherein the identity credential corresponding to the application subscriber comprises a public key of the application subscriber.
9. The method of claim 1, the application identification corresponding to the trusted application comprising a business name of a business corresponding to the trusted application.
10. An application upgrading device is applied to an electronic device with a trusted execution environment; at least one trusted application is deployed in the trusted execution environment; the device comprises:
the first receiving module is used for receiving an application upgrading request aiming at the trusted application and sent by an application deployment party; wherein the application upgrade request includes an identity credential corresponding to the application signing party and an update code corresponding to the trusted application;
a determining module, configured to obtain, in the trusted execution environment, an update credential corresponding to the trusted application stored in the trusted execution environment, and determine whether an identity credential corresponding to the application deployment party in the application upgrade request is the same as an identity credential obtained by decrypting the update credential; the update certificate is an encrypted identity certificate obtained by encrypting an identity certificate corresponding to the application deployment party based on a key corresponding to the trusted application;
and if so, updating the code of the trusted application based on the update code.
11. The apparatus of claim 10, the application upgrade request further comprising an application identification corresponding to the trusted application;
the determination module:
determining whether the trusted application is deployed in the trusted execution environment based on the application identification before obtaining update credentials corresponding to the trusted application stored in the trusted execution environment;
and if so, acquiring the update certificate which is stored in the trusted execution environment and corresponds to the trusted application.
12. The apparatus of claim 10, the apparatus further comprising:
a second receiving module, configured to receive an application deployment request sent by the application deployment party; wherein the application deployment request comprises an identity credential corresponding to the application deployment party, and a key and an initial code corresponding to the trusted application;
and the deployment module is used for deploying the trusted application in the trusted execution environment based on the initial code, and encrypting the identity certificate in the trusted execution environment based on the secret key so as to store the encrypted identity certificate as an update certificate corresponding to the trusted application in the trusted execution environment.
13. The apparatus of claim 10 or 12, the key corresponding to the trusted application comprising an application identification corresponding to the trusted application.
14. The apparatus of claim 12, the initial code comprising attribute information to indicate whether the trusted application is a scalable application;
the update module:
prior to updating code of the trusted application based on the update code, determining, in the trusted execution environment, whether the trusted application is a scalable application based on attribute information of the trusted application stored in the trusted execution environment;
if so, updating the code of the trusted application based on the update code.
15. The apparatus of claim 10, the application upgrade request further comprising a data version corresponding to the update code;
the update module:
prior to updating code of the trusted application based on the update code, determining, in the trusted execution environment, whether a data version of the application upgrade request that corresponds to the update code is higher than a data version of the trusted application that is stored in the trusted execution environment;
if so, updating the code of the trusted application based on the update code.
16. The apparatus of claim 10, the application upgrade request further comprising a public key of the application signature and a digital signature obtained by signing the update code based on a private key of the application signature;
the update module:
verifying, in the trusted execution environment, the digital signature based on a public key of the application signature in the application upgrade request prior to updating code of the trusted application based on the update code;
and if the verification is passed, updating the code of the trusted application based on the updating code.
17. The apparatus of claim 16, the identity credential corresponding to the application deployment party comprising a public key of the application deployment party.
18. The apparatus of claim 10, the application identification corresponding to the trusted application comprising a business name of a business corresponding to the trusted application.
19. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of any one of claims 1 to 9 by executing the executable instructions.
20. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the method of any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110390557.0A CN112800488A (en) | 2021-04-12 | 2021-04-12 | Application upgrading method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110390557.0A CN112800488A (en) | 2021-04-12 | 2021-04-12 | Application upgrading method and device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112800488A true CN112800488A (en) | 2021-05-14 |
Family
ID=75816872
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110390557.0A Pending CN112800488A (en) | 2021-04-12 | 2021-04-12 | Application upgrading method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112800488A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103885798A (en) * | 2014-03-03 | 2014-06-25 | 联想(北京)有限公司 | Data processing method and electronic device |
| CN104780445A (en) * | 2015-03-18 | 2015-07-15 | 福建新大陆通信科技股份有限公司 | Method and system for preventing set top box software from malicious upgrade |
| CN105843653A (en) * | 2016-04-12 | 2016-08-10 | 恒宝股份有限公司 | TA (trusted application) configuration method and device |
| CN107783791A (en) * | 2017-11-13 | 2018-03-09 | 重庆首亨软件有限公司 | A kind of embedded software maintaining method |
| CN109992288A (en) * | 2019-04-12 | 2019-07-09 | 苏州浪潮智能科技有限公司 | A kind of firmware update, device and computer readable storage medium |
| CN110351316A (en) * | 2018-04-04 | 2019-10-18 | 北京华大信安科技有限公司 | A kind of remote software upgrade method and device |
| CN111740824A (en) * | 2020-07-17 | 2020-10-02 | 支付宝(杭州)信息技术有限公司 | Trusted application management method and device |
| CN112346759A (en) * | 2020-10-14 | 2021-02-09 | 深圳市共进电子股份有限公司 | Firmware upgrading method and device and computer readable storage medium |
-
2021
- 2021-04-12 CN CN202110390557.0A patent/CN112800488A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103885798A (en) * | 2014-03-03 | 2014-06-25 | 联想(北京)有限公司 | Data processing method and electronic device |
| CN104780445A (en) * | 2015-03-18 | 2015-07-15 | 福建新大陆通信科技股份有限公司 | Method and system for preventing set top box software from malicious upgrade |
| CN105843653A (en) * | 2016-04-12 | 2016-08-10 | 恒宝股份有限公司 | TA (trusted application) configuration method and device |
| CN107783791A (en) * | 2017-11-13 | 2018-03-09 | 重庆首亨软件有限公司 | A kind of embedded software maintaining method |
| CN110351316A (en) * | 2018-04-04 | 2019-10-18 | 北京华大信安科技有限公司 | A kind of remote software upgrade method and device |
| CN109992288A (en) * | 2019-04-12 | 2019-07-09 | 苏州浪潮智能科技有限公司 | A kind of firmware update, device and computer readable storage medium |
| CN111740824A (en) * | 2020-07-17 | 2020-10-02 | 支付宝(杭州)信息技术有限公司 | Trusted application management method and device |
| CN112346759A (en) * | 2020-10-14 | 2021-02-09 | 深圳市共进电子股份有限公司 | Firmware upgrading method and device and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10419216B2 (en) | Keying infrastructure | |
| CN111614656B (en) | Credible management method and device for cross-link data and electronic equipment | |
| JP6332766B2 (en) | Trusted Service Manager Trusted Security Zone Container for data protection and confidentiality | |
| CN111539813A (en) | Method, device, equipment and system for backtracking processing of business behaviors | |
| CN112800436B (en) | Data authorization method and device and electronic equipment | |
| EP3961974B1 (en) | Block content editing methods and apparatuses | |
| CN105446713A (en) | Safe storage method and equipment | |
| CN108229144B (en) | Verification method of application program, terminal equipment and storage medium | |
| CN113704211B (en) | Data query method and device, electronic equipment and storage medium | |
| CN111783051A (en) | Identity authentication method and device and electronic equipment | |
| CN114880011A (en) | OTA (over the air) upgrading method and device, electronic equipment and readable storage medium | |
| EP2689367B1 (en) | Data protection using distributed security key | |
| CN112262545B (en) | Attestation protocol between a host system and a data processing accelerator | |
| US20230058046A1 (en) | Apparatus and Method for Protecting Shared Objects | |
| CN112800488A (en) | Application upgrading method and device and electronic equipment | |
| CN111046440B (en) | Tamper verification method and system for secure area content | |
| CN113868691B (en) | Authorized operation method and device of block chain based on cloud-native technology | |
| US11783070B2 (en) | Managing sensitive information using a trusted platform module | |
| CN116089967B (en) | Data rollback prevention method and electronic equipment | |
| US20240022418A1 (en) | Cryptographic processing | |
| CN112262546B (en) | Method and system for key distribution and exchange for data processing accelerator | |
| KR20220062866A (en) | Network camera and method for providing security service thereof | |
| CN117834627A (en) | Remote proving method, device, electronic equipment and storage medium | |
| CN117579331A (en) | Remote proving method, device, electronic equipment and storage medium | |
| CN114091064A (en) | Data transfer method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |