CN113645045B - Security control method, device and equipment in TEE and storage medium - Google Patents

Security control method, device and equipment in TEE and storage medium Download PDF

Info

Publication number
CN113645045B
CN113645045B CN202111189397.XA CN202111189397A CN113645045B CN 113645045 B CN113645045 B CN 113645045B CN 202111189397 A CN202111189397 A CN 202111189397A CN 113645045 B CN113645045 B CN 113645045B
Authority
CN
China
Prior art keywords
request instruction
analysis result
information
reference data
target request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111189397.XA
Other languages
Chinese (zh)
Other versions
CN113645045A (en
Inventor
李斌
潘广毅
杨洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Imilab Technology Co Ltd
Original Assignee
Shanghai Chuangmi Technology Co ltd
Beijing Chuangmizhihui Iot Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Chuangmi Technology Co ltd, Beijing Chuangmizhihui Iot Technology Co ltd filed Critical Shanghai Chuangmi Technology Co ltd
Priority to CN202111189397.XA priority Critical patent/CN113645045B/en
Publication of CN113645045A publication Critical patent/CN113645045A/en
Application granted granted Critical
Publication of CN113645045B publication Critical patent/CN113645045B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof

Abstract

The utility model provides a security control method, device and equipment in TEE, storage medium, the method is applied to intelligent security equipment, the intelligent security equipment can run with trusted execution environment TEE and rich execution environment REE, the trusted application TA is run in the TEE, the client application CA is run in the REE, the method includes: obtaining a target request instruction, the target request instruction being transmitted by a CA in a REE to a TA in a TEE through an application program interface between the CA and the TA; obtaining at least first reference data, wherein the first reference data is data related to the attribute of a target request instruction; analyzing the reasonability or legality of the target request instruction according to the first reference data to obtain a first analysis result; and determining whether to respond to the target request instruction according to the first analysis result. According to the method and the device, the reliability, the safety and the intelligence of security can be improved.

Description

Security control method, device and equipment in TEE and storage medium
Technical Field
The present disclosure relates to the field of internet of things technology, and in particular, to a method, an apparatus, and a device for security control in a Trusted Execution Environment (TEE), and a storage medium.
Background
In the current technology of the internet of things, the received instruction is responded under the condition that the equipment of the internet of things receives the instruction. If the received instruction is a pseudo instruction, such as an instruction generated by a hacker through illegal means, and the response of the internet of things device to the instruction, the security is insufficient.
Disclosure of Invention
The embodiment of the disclosure provides a security control method, a security control device, security control equipment and a storage medium in a TEE, and at least solves the problem of insufficient security in the related art.
The technical scheme provided by the embodiment of the disclosure is as follows:
the embodiment of the disclosure provides a security control method in a TEE, which is applied to an intelligent security device, wherein the intelligent security device can run a trusted execution environment TEE and a rich execution environment REE, the TEE runs a trusted application TA, the REE runs a client application CA, and the method comprises the following steps:
obtaining a target request instruction transmitted by a CA of the REE to a TA of the TEE through an application program interface between the CA and the TA; obtaining at least first reference data, wherein the first reference data is data related to the attribute of a target request instruction; analyzing the reasonability or legality of the target request instruction according to the first reference data to obtain a first analysis result; and determining whether to respond to the target request instruction or not according to the first analysis result.
In the above scheme, the method further comprises: acquiring second reference data, and analyzing the reasonability or legality of the target request instruction according to the second reference data to obtain a second analysis result; the second reference data represents identity information of an object appearing in the monitoring information collected by the intelligent security equipment; and/or obtaining third reference data, and analyzing the reasonability or legality of the target request instruction according to the third reference data to obtain a third analysis result; the third reference data represents the distance between the position of a reasonable user of the intelligent security equipment and the position of the intelligent security equipment; correspondingly, the determining whether to respond to the target request instruction according to the first analysis result includes: and determining whether to respond to the target request instruction according to the first analysis result and a target analysis result, wherein the target analysis result is at least one of the first analysis result and the second analysis result.
In the above scheme, the intelligent security device includes an information acquisition device, and the information acquisition device acquires monitoring information in the monitoring environment of the intelligent security device in the REE or the TEE; the obtaining of the second reference data comprises: acquiring monitoring information acquired by the information acquisition device in the REE or the TEE, wherein target information exists in the monitoring information, and the target information comprises at least one of the following information: face image, fingerprint, voice, iris and eye mask information; extracting physiological characteristic information of the subject appearing in the monitoring information from the target information; identifying, based on the physiological characteristic information, identity information of the subject appearing in the monitoring information.
In the foregoing solution, the obtaining the third reference data includes: generating and sending a notification message to a target application running in an REE, the target application requesting location information of a terminal of the reasonable-use user based on the notification message, and receiving the location information of the terminal fed back by the target application for the notification message; and/or sending request positioning information to the terminal and receiving the position information of the terminal fed back by the terminal according to the request positioning information; acquiring position information of intelligent security equipment, and calculating the distance between the terminal and the intelligent security equipment according to the position information of the terminal and the position information of the intelligent security equipment; and regarding the distance between the terminal and the intelligent security equipment as the distance between the position of the reasonable user of the intelligent security equipment and the position of the intelligent security equipment.
In the foregoing solution, the analyzing the reasonability or validity of the target request instruction according to the second reference data to obtain a second analysis result includes: determining whether the identity information of the object is identity information of a predetermined object; when the identity information of the object is determined to be the identity information of the preset object, obtaining a second analysis result that the target request instruction is reasonable or legal; and when the identity information of the object is determined not to be the identity information of the preset object, obtaining a second analysis result that the target request instruction is unreasonable or illegal.
In the foregoing scheme, the analyzing the reasonability or validity of the target request instruction according to the third reference data to obtain a third analysis result includes: determining whether the distance between the position of the reasonable user of the intelligent security equipment and the position of the intelligent security equipment is within a distance threshold value; when the distance between the position of the reasonable user of the intelligent security equipment and the position of the intelligent security equipment is within a distance threshold value, obtaining a third analysis result that the target request instruction is reasonable or legal; and when the distance between the position of the reasonable user of the intelligent security equipment and the position of the intelligent security equipment is not within the distance threshold value, obtaining a third analysis result that the target request instruction is unreasonable or illegal.
In the above scheme, the extracting physiological characteristic information of the subject appearing in the monitoring information from the target information; identifying identity information of the subject appearing in the monitoring information based on the physiological characteristic information, including at least one of:
firstly, a stored deep neural network model is called, so that the deep neural network model extracts the physiological characteristic information based on the target information and predicts the identity of a subject appearing in the monitoring information based on the physiological characteristic information to obtain the identity information of the subject;
secondly, the stored physiological characteristic information is called; performing similarity matching on the physiological characteristic information extracted from the target information and the stored physiological characteristic information; and determining the identity information of the object according to the matching result.
In the foregoing solution, the determining, according to the first analysis result and the target analysis result, whether the TA responds to the target request instruction includes: when the first analysis result representation analyzes that the target request instruction is reasonable or legal according to the first reference data, but the second analysis result representation analyzes that the target request instruction is unreasonable or illegal according to the second reference data and/or the third analysis result representation analyzes that the target request instruction is unreasonable or illegal according to the third reference data, not responding to the target request instruction; and responding to the target request instruction under the conditions that the first analysis result representation analyzes that the target request instruction is reasonable or legal according to the first reference data, the second analysis result representation analyzes that the target request instruction is reasonable or legal according to the second reference data, and the third analysis result representation analyzes that the target request instruction is reasonable or legal according to the third reference data.
In the above scheme, the TA is a first TA operated in the TEE, and the TEE further operates a second TA; determining whether to respond to the target request instruction at least according to the first analysis result is performed by the first TA; or the first TA transmits at least a first analysis result obtained by analyzing the rationality or the legality of the target request instruction according to the first reference data to the second TA through a communication interface between the first TA and the second TA, and the first analysis result can be used for the second TA to determine whether to respond to the target request instruction.
In the foregoing solution, the first reference data includes at least one of the following preset information: the data processing method comprises the steps of white list, black list, first data and second data; wherein a white list records a request for allowing the TA to respond, a black list records a request for forbidding the TA to respond, the first data is used for recording the identification of the applications authorized by the TA in the TEE to communicate with the TA in the REE, and the second data records the identification of a secure transmission channel established between the TA and the applications capable of communicating with the TA in the REE;
correspondingly, according to the first reference data, analyzing the reasonability or legality of the target request instruction to obtain a first analysis result, including: determining to obtain a first analysis result that the target request instruction is not reasonable or legal when at least one of: determining that the target request instruction does not exist in the white list; determining that the target request instruction exists in the blacklist; determining, from the first data and the identity of the CA, that the CA is not an application authorized by the TEE; and determining that the target request instruction is not received by the TA through a secure transmission channel established between the TA and the CA according to the second data and the identification of the transmission channel used by the target request instruction transmitted from the REE to the TEE.
The disclosed embodiment provides a safety control device in TEE, the device includes:
the system comprises a first obtaining unit, a second obtaining unit and a third obtaining unit, wherein the first obtaining unit is used for obtaining a target request instruction, and the target request instruction is transmitted to a Trusted Application (TA) in a Trusted Execution Environment (TEE) by a Client Application (CA) in a Rich Execution Environment (REE) operated by the intelligent security equipment through an application program interface between the CA and the TA; a second obtaining unit, configured to obtain at least first reference data, where the first reference data is data related to an attribute of a target request instruction; the analysis unit is used for analyzing the reasonability or the legality of the target request instruction according to the first reference data to obtain a first analysis result; and the determining unit is used for determining whether the TA responds to the target request instruction according to the first analysis result.
In the foregoing scheme, the second obtaining unit is configured to: obtaining second reference data and/or third reference data; the second reference data is characterized by identity information of an object appearing in the monitoring information collected by the intelligent security equipment; the third reference data is characterized by the distance between the position of a reasonable user of the intelligent security equipment and the position of the intelligent security equipment; correspondingly, the analysis unit is used for analyzing the reasonability or the legality of the target request instruction according to second reference data to obtain a second analysis result; and/or analyzing the reasonability or legality of the target request instruction according to third reference data to obtain a third analysis result; the determining unit is configured to determine whether the TA responds to the target request instruction according to the first analysis result and a target analysis result, where the target analysis result is at least one of the first analysis result and the second analysis result.
The embodiment of the disclosure provides an intelligent security device, the intelligent security device can operate a trusted execution environment TEE and a rich execution environment REE, a trusted application TA is operated in the TEE, a client application CA is operated in the REE, and the intelligent security device comprises the security control device in the TEE.
The embodiment of the present disclosure provides an intelligent security device, including: one or more processors; a memory communicatively coupled to the one or more processors; one or more computer programs, wherein the one or more computer programs are stored in the memory, which when executed, cause the apparatus to perform the aforementioned security control method in a TEE.
Embodiments of the present disclosure provide a computer-readable storage medium storing computer instructions, which, when executed on a computer, cause the computer to execute the foregoing security control method in a TEE.
The technical scheme provided by the embodiment of the disclosure at least comprises the following beneficial effects:
under the condition of obtaining the target request instruction, whether the target request instruction is responded or not is determined according to the analysis result of whether the target request instruction is reasonable or legal or not based on the first reference data analysis, so that the wrong response to the target request instruction can be greatly avoided, the occurrence of unnecessary events under the condition that the target request instruction is a pseudo instruction is avoided, and the safety is improved.
Other features and aspects of the present disclosure will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.
Drawings
FIG. 1 is a schematic diagram of an operating environment of an intelligent security device in an embodiment of the present disclosure;
fig. 2 is a first schematic flow chart illustrating an implementation of a security control method in a TEE according to an embodiment of the present disclosure;
fig. 3 is a schematic diagram illustrating an implementation flow of a security control method in a TEE according to an embodiment of the present disclosure;
fig. 4 is a schematic flow chart illustrating an implementation flow of a security control method in a TEE according to an embodiment of the present disclosure;
fig. 5 is a schematic flow chart illustrating an implementation flow of a security control method in a TEE according to an embodiment of the present disclosure;
fig. 6 is a schematic flow chart illustrating an implementation flow of a security control method in a TEE according to an embodiment of the present disclosure;
FIG. 7 is a schematic structural diagram of a deep neural network model according to an embodiment of the present disclosure;
FIG. 8 is a schematic diagram of an application scenario of an embodiment of the present disclosure;
fig. 9 is a schematic structural diagram of a safety control device in a TEE according to an embodiment of the present disclosure;
fig. 10 is a block diagram of an intelligent security device according to an embodiment of the present disclosure.
Detailed Description
The present disclosure will be described in further detail below with reference to the accompanying drawings. In the drawings, like reference numbers can indicate functionally identical or similar elements. While the various aspects of the embodiments are presented in drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
Furthermore, in the following detailed description, numerous specific details are set forth in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, methods, means, elements, circuits, etc., that are well known to those skilled in the art have not been described in detail so as not to obscure the present disclosure.
The internet of things equipment in the embodiment of the disclosure can be intelligent security equipment in the internet of things network. The intelligent security device of the embodiment of the disclosure is provided with a processor. The processor may be any reasonable module with Processing function, such as a Central Processing Unit (CPU), a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), and so on.
As shown in fig. 1, the smart security device of the embodiment of the present disclosure, specifically, a Trusted Execution Environment (TEE) and a Rich Execution Environment (REE) may run on a processor. Behaviors with higher requirements on security, such as fingerprint comparison, payment behaviors, face recognition, password verification and the like, can be executed in the TEE environment. Routine activities such as shopping, teaching, voice or video communication, etc. may be performed in the REE environment. Generally, TEE is called Secure World and REE is called Normal World. Applications that can be run or used in the TEE are Trusted Applications (TAs). The Application that can be run or used in the REE is a Client Application (CA) or a regular Application. The TA and CA are communicable, communicating through Application Program Interfaces (APIs) provided for them in the REE and TEE. The TEE has its own execution space, that is, in the TEE environment and the REE environment, each having one operating system, the TA and CA can communicate with each other based on the two operating systems. Among them, the operating system in the TEE environment has a higher security level than the operating system Rich OS (normal or ordinary operating system) in the REE environment. Software and Hardware resources (such as Hardware Hardware) which can be accessed under the TEE environment are separated from software and Hardware resources which can be accessed under the Rich OS operating system. Illustratively, the storage space used in the TEE environment may be physically isolated from the storage space used in the REE environment. The storage space used in the TEE environment can be used for storing information such as fingerprints, passwords and keys required by behaviors with higher security requirements, and the information can be stored in the TEE environment, so that the information can be used by a TA (trusted application) in the TEE environment and cannot be used by a CA (certificate Authority) in the REE environment, and the information security is ensured. The TEE environment provides a safe execution environment for TA execution, and ensures the confidentiality, integrity and access authority of TA resources and data. In the starting process, in order to ensure the credibility of the TEE environment, the TEE is verified and kept isolated from the Rich OS in the REE environment during the secure starting process. The applications running on the operating system of the TEE environment are TAs, each TA in the TEE also needs authorization and runs independently of each other, as well as authorization if they need to access each other. The TAs that can access each other through a communication interface set for the two. The specific authorization process and the setting process of the communication interface are not described in the present disclosure.
In the embodiment of the present disclosure, any reasonable function of the intelligent security device may be implemented by interaction between applications in the REE environment and the TEE environment. For example, the CA in the REE environment may request the TA in the TEE environment to adjust the volume of the speaker set on the smart security device, and the TA determines whether to adjust the volume of the speaker according to a reasonable or legal analysis result of the request adjustment instruction, so as to avoid inconvenience caused by erroneous adjustment and ensure safety. For the unlocking request from the REE environment, the unlocking event of the intelligent security equipment is considered as an event with higher requirement on safety, and for the TA, under the condition that the TA receives the unlocking request instruction, the TA determines whether to respond to the unlocking request instruction according to reasonable or legal analysis of the request instruction, so that economic loss caused by mistaken unlocking can be avoided, and the safety and intelligence of security are ensured.
Fig. 2 is a schematic view illustrating a first implementation flow of a security control method in a TEE according to an embodiment of the present disclosure. The method is applied to intelligent security equipment, the intelligent security equipment can operate a TEE and an REE, a TA is operated in the TEE, a client application CA is operated in the REE, and the method comprises the following steps:
s (step) 101: obtaining a target request instruction transmitted by a CA of the REE to a TA of the TEE through an application program interface between the CA and the TA;
in this step, the application program interface may be the API in fig. 1. The CA in the REE may transmit the target request instruction to the TA in the TEE through the API. The target request instruction can be an instruction for adjusting the volume of the loudspeaker, an instruction for requesting unlocking and the like, and can also be any other reasonable instruction, such as an instruction for adjusting the display resolution of a display screen arranged on the intelligent door and the like.
S102: obtaining at least first reference data, wherein the first reference data is data related to the attribute of a target request instruction;
in this step, the attributes of the instruction include, but are not limited to, the following: the target request instruction is an instruction for allowing the TA to respond, the target request instruction is an instruction for not allowing the TA to respond, the target request instruction is transmitted from the REE environment to a channel used in the TEE environment and is a safe transmission channel or not, and the CA requested to the TA in the REE environment is a CA authorized by the TA or not.
S103: analyzing the reasonability or legality of the target request instruction according to the first reference data to obtain a first analysis result;
the step is to analyze whether the target request instruction is a reasonable or legal instruction according to the first reference data.
S104: and determining whether to respond to the target request instruction or not according to the first analysis result.
In this step, when the first analysis result indicates that the target request instruction is a reasonable or legal instruction, the TA responds to the target request instruction. And when the first analysis result represents that the unlocking request instruction is an unreasonable or illegal instruction, the TA discards the target request instruction and does not respond.
The execution subjects of S101-S104 are TA in TEE.
In S101-S104, when the TA receives the target request instruction, first reference data is obtained, the reasonability or the legality of the target request instruction is analyzed according to the obtained first reference data, and whether the target request instruction is responded or not is determined according to an analysis result. Compared with the scheme that the Internet of things equipment directly responds to the command in the related technology, the scheme can ensure the accuracy of the response to the target request command through reasonable or legal analysis of the target request command, avoid inconvenience or loss caused by wrong response to a user, and improve the safety and the intelligence. In addition, the TEE environment provides a safe execution environment for the execution of the TA, and the confidentiality and the integrity of the execution of the foregoing process by the TA are guaranteed.
The intelligent security equipment can be accessed to an Internet of things network constructed in a home environment. The intelligent security equipment can be any reasonable equipment, device or device in an intelligent security scene, such as an intelligent door, a safe, an intelligent cat eye, a vehicle and the like; but also any equipment with a lock, such as an intelligent door, an intelligent wardrobe, an intelligent drawer and the like. In practical applications, since the execution security in the REE environment is weaker than that in the TEE environment, whether to unlock the door lock is determined by the TA in the TEE environment for the unlocking operation of the device. Aiming at an unlocking request instruction generated by a CA under the REE environment, the CA sends the unlocking request instruction to a TA in the TEE environment to request the TA to unlock the door lock. In the embodiment of the disclosure, for the unlocking request instruction from the REE environment, the TA running in the TEE does not directly respond, but determines whether to respond to the unlocking request instruction according to an analysis result of whether the unlocking request instruction is reasonable or legal based on the first reference data, so as to avoid economic loss caused by the fact that the unlocking request instruction from the REE environment is an unsafe unlocking request instruction, such as a pseudo-unlocking instruction simulated and generated by a hacker invading the REE environment, and ensure security and intelligence of security. For an instruction generated by the CA in the REE environment to adjust the loudspeaker volume, the CA sends the instruction to the TA in the TEE environment to request the TA to adjust the loudspeaker volume. In the embodiment of the disclosure, for the request volume adjustment instruction from the REE environment, the TA running in the TEE does not directly respond, but determines whether to respond to the request volume adjustment instruction according to an analysis result that whether the request instruction is reasonable or legal based on the first reference data, so as to avoid economic loss caused by the request instruction from the REE environment being an unsafe request volume adjustment instruction, such as a dummy instruction simulated and generated by a hacker invading the REE environment, and ensure security and intelligence of security.
The following mainly takes the intelligent security device as the intelligent door device and the target request instruction as the unlocking request instruction as an example to further explain the scheme of the disclosure. The content of the target request command, which is a command for requesting adjustment of the speaker volume, is illustrated as being interspersed therein.
Fig. 3 is a schematic diagram of an implementation flow of a security control method in a TEE according to an embodiment of the present disclosure. As shown in fig. 3, the method includes:
s201: obtaining an unlock request instruction transmitted by a CA in the REE to a TA in the TEE through an application program interface between the CA and the TA;
in this step, the application program interface may be the API in fig. 1. The CA in the REE can transmit an unlocking request instruction to the TA in the TEE through the API so as to request the TA to unlock the door lock of the intelligent door, and the TA receives the unlocking request instruction.
S202: acquiring first reference data, wherein the first reference data is data related to the attribute of an unlocking request instruction;
in this step, the attributes of the instruction include, but are not limited to, the following: the unlocking request instruction is an instruction for allowing the TA to respond, the unlocking request instruction is an instruction for not allowing the TA to respond, the channel used for transmitting the unlocking request instruction from the REE environment to the TEE environment is a safe transmission channel or not, and the CA requesting unlocking from the TA in the REE environment is the CA authorized by the TA or not.
S203: analyzing the reasonability or legality of the unlocking request instruction according to the first reference data to obtain a first analysis result;
the step is to analyze whether the unlocking request instruction is a reasonable or legal instruction or not according to the first reference data.
S204: and determining whether to respond to the unlocking request instruction or not according to the first analysis result.
In this step, when the first analysis result represents that the unlocking request instruction is a reasonable or legal instruction, the TA generates an unlocking instruction, and the unlocking instruction can be used for controlling the door lock of the intelligent door to be unlocked. And when the first analysis result represents that the unlocking request instruction is an unreasonable or illegal instruction, the TA discards the unlocking request instruction and does not respond to the unlocking request instruction.
The execution subject of S201-S204 is TA in TEE.
It can be seen from S201 to S204 that, when the TA in the TEE obtains the unlocking request instruction from the CA in the REE environment, the TA obtains the first reference data, analyzes whether the unlocking request instruction is reasonable or legal according to the first reference data, and determines whether to respond to the unlocking request instruction according to the analysis result. The TA obtains the first reference data and determines whether to unlock the door lock according to an analysis result whether the unlocking request instruction is reasonable or legal or unreasonable or illegal, namely the TA has a set of own safety mechanism and can determine whether to unlock the door lock according to the first reference data through the analysis on the reasonability or the legality of the unlocking request instruction received by the TA. In the embodiment of the disclosure, the TA adopts a scheme that a certain security mechanism is adopted to determine whether to unlock, so that an incorrect response to an unlocking request instruction can be greatly avoided, an unlocking event under the condition that the lock should not be unlocked is avoided, economic loss caused by responding to a pseudo-unlocking instruction simulated and generated by a hacker invading into an REE environment is avoided, and the security of security is improved.
Wherein, under the condition that the request instruction of unblanking is legal or reasonable, can realize the automation of intelligent door and unblank, realize independently unblanking of door, improved the intelligence and the reliability of security protection. The autonomous unlocking of the smart door (or the autonomy of door unlocking) in the embodiment of the present disclosure means that the unlocking is performed by the door itself without the control of an external device such as a smart phone. So, even the user does not carry smart mobile phone and also can get into the family door for the function of intelligence door is more diversified, has promoted user's experience. In addition, in two environments in which the intelligent door equipment operates, the TA in the TEE environment with higher safety responds to the unlocking request to be instructed, so that the unlocking operation can be safer.
Since the unlocking request instruction is originated from the CA in the REE, and the process of analyzing the unlocking request instruction and determining whether to unlock is implemented by the TA in the TEE, the solution of the embodiment of the present disclosure can be implemented by the interaction between the application CA in the REE and the TA in the TEE. It will be appreciated that in both environments of smart door operation, the first reference data may be preset and stored in the REE, or stored in the TEE. If the data is stored in the storage space opened up for the TEE, the TA can be directly read out from the storage space when the data is used. If stored in the REE, the TA may request the first reference data stored in the REE, e.g., send a message requesting the first reference data to a designated CA, such as CA1, in the REE, which CA1 receives, reads and feeds back the first reference data to the TA through an API interface between CA1 and the TA.
As a first implementation manner, the first reference data may be a preset white list, and the white list records a request for allowing the TA in the TEE to respond. In this case, the foregoing S203 is: and determining whether an unlocking request instruction exists in the white list. If so, whether the unlocking request instruction appears in a white list is judged. If the unlocking request instruction appears, determining that the unlocking request instruction exists in the white list; and if the unlocking request instruction does not appear, determining that the unlocking request instruction does not exist in the white list. Under the condition that the unlocking request instruction exists in the white list, the unlocking request instruction is an instruction which needs TA to respond, the instruction which needs TA to respond is generally regarded as a reasonable or legal instruction by the TA, a first analysis result that the unlocking request instruction is the reasonable or legal instruction is generated, and according to the first analysis result, the TA generates an unlocking instruction and the door lock of the intelligent door is unlocked. Under the condition that the unlocking request instruction does not exist in the white list, the unlocking request instruction is an instruction which does not need TA to respond, the instruction which does not need TA to respond is generally considered as an unreasonable or illegal instruction by the TA, a first analysis result that the unlocking request instruction is the unreasonable or illegal instruction is generated, and the TA discards the unlocking request instruction and does not respond according to the first analysis result. The scheme for analyzing whether the unlocking request instruction is reasonable or legal by utilizing the white list is one of the safety mechanisms adopted by the TA, and the reasonable unlocking of the intelligent door lock can be ensured by utilizing the safety mechanism, so that the reliability and the safety of security and protection are improved.
For the above-mentioned CA requesting the TA in the TEE environment to adjust the volume of the speaker set on the smart gate, the TA may not directly respond to it, but may determine whether it is recorded in the white list. If the instruction is recorded in the white list, the instruction is an instruction which needs TA to respond, and the TA automatically adjusts the volume of the loudspeaker according to the request. If it is not recorded in the white list, the TA does not need to respond to it. The filtering of the instructions needing to be responded is carried out according to the white list, so that the correct response to the instructions can be ensured, and the problem of insufficient safety caused by response under the condition that the response is not carried out is solved.
As a second implementation, the first reference data may be a preset blacklist. The blacklist records a request for prohibiting the TA from responding. In this case, the foregoing S203 is: and determining whether an unlocking request instruction exists in the blacklist. If so, whether the unlocking request instruction appears in the blacklist is judged. If the unlocking request instruction appears, determining that the unlocking request instruction exists in the blacklist; and if the unlocking request instruction does not appear, determining that the unlocking request instruction does not exist in the blacklist. Under the condition that the unlocking request instruction exists in the blacklist, the unlocking request instruction is an instruction which does not need TA to respond, the instruction which does not need TA to respond is generally considered as an unreasonable or illegal instruction by the TA, a first analysis result that the unlocking request instruction is the unreasonable or illegal instruction is generated, and the TA discards the unlocking request instruction and does not respond according to the first analysis result. And under the condition that the unlocking request instruction does not exist in the blacklist, generating a first analysis result that the unlocking request instruction is a reasonable or legal instruction, and generating an unlocking instruction by the TA according to the first analysis result so that the door lock of the intelligent door is unlocked. The scheme for analyzing whether the unlocking request instruction is reasonable or legal by using the blacklist is one of the safety mechanisms adopted by the TA, and the reasonable unlocking of the intelligent door lock can be ensured by using the safety mechanism, so that the reliability and the safety of security and protection are improved.
Aiming at the instruction that the CA requests the TA in the TEE environment to adjust the volume of the loudspeaker arranged on the intelligent door, if the instruction is not recorded in a blacklist, the instruction is an instruction that the TA is required to respond, and the TA automatically adjusts the volume of the loudspeaker according to the request. If the instruction is recorded in the blacklist, the instruction is indicated as an instruction which does not need the TA to respond, and the TA discards the instruction. The filtering of the instruction which does not need TA response is carried out according to the blacklist, the correct response of the TA to the instruction can be ensured, and the problem of insufficient safety caused by response under the condition that the response is not carried out is solved.
As a third implementation, the first reference data includes preset first data. The first data is used to record the identification of CAs capable of communicating with the TA authorized in the REE by the TA in the TEE that received the unlock request instruction. In this case, the foregoing S203 is: the TA obtains an identifier, such as an Identity (Identity) number, of the CA in the REE that sent the unlocking request instruction, and determines whether the CA that sent the unlocking request instruction is a CA that is authorized by the TA and can communicate with the CA based on the ID of the CA and the first data. That is, it is determined whether the application ID of the CA that transmitted the unlock request command appears in the first data. If present in the first data, the CA that sent the unlock request instruction is a CA that the TA authorizes to be communicable with, and if not present in the first data, the CA that sent the unlock request instruction is not a CA that can be communicated with the TA. If the CA sending the unlocking request instruction is the CA authorized by the TA and capable of communicating with the CA, generating a first analysis result that the unlocking request instruction is a reasonable or legal instruction, and aiming at the first analysis result, the TA generates an unlocking instruction and the door lock of the intelligent door is unlocked. If the CA sending the unlocking request instruction is not the CA capable of communicating with the TA, generating a first analysis result of the unlocking request instruction which is an unreasonable or illegal instruction, and discarding the unlocking request instruction by the TA and not responding to the first analysis result. The scheme of analyzing whether the unlocking request instruction is reasonable or legal by using the identification of the CA sending the unlocking request instruction in the REE environment and the first data is one of the safety mechanisms adopted by the TA, and the safety mechanism can ensure the reasonable opening of the intelligent door lock and improve the reliability and safety of security protection.
And if the CA sending the adjusting instruction is not the CA capable of communicating with the TA, generating a first analysis result of the request instruction being an unreasonable or illegal instruction, and discarding the request adjusting instruction by the TA according to the first analysis result and not responding. If the CA sending the adjusting instruction is the CA which can communicate with the TA, generating a first analysis result of which the request instruction is a reasonable or legal instruction, and responding to the request adjusting instruction by the TA aiming at the first analysis result to automatically adjust the volume of the loudspeaker. The filtering of the instruction is carried out according to the first data and the identification of the CA, so that the correct response of the TA to the instruction can be ensured, and the problem of insufficient safety caused by response under the condition that the response is not carried out is solved.
As a fourth implementation, the first reference data includes second data set in advance. The second data record is the identification of a secure transmission channel established between the TA which receives the unlocking request instruction and the application which can communicate with the TA in the REE. In this case, the foregoing S203 is: the TA obtains the identification of the CA of the unlocking request instruction sent, such as the ID of the application and the identification of the transmission channel used by the unlocking request instruction in the REE to the TEE, and determines whether the application ID and the identification of the transmission channel are present in the second data. That is, it is determined whether the application ID and the identification of the transmission channel are present in the second data. If the application ID and the identification of the transmission channel are judged to be both in the second data, the CA sending the unlocking request instruction is the application which can communicate with the TA in the REE, and the transmission channel used for transmitting the unlocking request instruction from the REE to the TEE is a preset safe transmission channel. And if the application ID is judged to be in the second data and the identification of the transmission channel is not in the second data, the unlocking request instruction is transmitted from the CA in the REE to the TA in the TEE without using a preset safe transmission channel. If the identification of the transmission channel is judged to be present in the second data and the application ID is not present in the second data, the transmission channel used by the unlocking request instruction is a preset safe transmission channel but is not originated from the CA capable of communicating with the TA. In order to avoid the problem that the unlocking request instruction is not originated from the specified CA and is not transmitted to the TA through the specified safe transmission channel, the instruction information is unsafe, in the embodiment, only if the application ID and the identification of the transmission channel, which send the unlocking request, in the REE are both in the second data, the first analysis result that the unlocking request instruction is a reasonable or legal instruction is generated, and according to the first analysis result, the TA generates the unlocking instruction and the door lock of the intelligent door is opened. And if only one of the application ID and the identification of the transmission channel appears in the second data or neither appears in the second data, generating a first analysis result that the unlocking request instruction is an unreasonable or illegal instruction, and discarding the unlocking request instruction by the TA according to the first analysis result to be unresponsive. The scheme that whether the unlocking request instruction is reasonable or legal is analyzed through the CA identification, the transmission channel identification and the second data, and one of the safety mechanisms adopted by the TA is adopted, so that the unlocking request instruction can be prevented from being sourced from an unreasonable CA (the CA with which the TA does not expect to communicate) and being transmitted to the TA from an unspecified transmission channel, reasonable unlocking of the intelligent door lock is guaranteed, and reliability and safety of security and protection are improved.
And if only one of the ID of the CA sending the adjusting instruction and the identification of the transmission channel is present in the second data or neither of the two information is present in the second data, generating a first analysis result that the unlocking request instruction is an unreasonable or illegal instruction, and discarding the request instruction by the TA for the first analysis result to not respond. And only if the application ID sending the volume adjustment request in the REE and the identification of the transmission channel are both in the second data, generating a first analysis result that the volume adjustment request instruction is a reasonable or legal instruction, and generating an adjustment instruction by the TA according to the first analysis result to adjust the volume of the loudspeaker arranged on the intelligent door.
The first implementation manner to the fourth implementation manner may be considered as a scheme of filtering the unlocking request instruction or the request adjustment instruction in the REE by using at least one of the white list, the black list, the first data and the second data, filtering out a reasonable or legal instruction, and the TA responding to the reasonable or legal instruction. For filtered out non-legitimate or non-legitimate instructions, the TA discards and does not respond. The scheme can ensure that the command which is not responded is prevented from being responded, the loss is avoided, and the good security and protection experience is improved for the user. In the foregoing first implementation manner to the fourth implementation manner, each of the implementation manners may be used as an independent solution, and any two or more of the solutions may also be used in combination to implement the safety control method in the TEE of the embodiment of the present disclosure. When any two or more than two schemes are combined for use, the TA can generate the unlocking instruction only when the analysis result that the unlocking request instruction is a reasonable or legal instruction is obtained under each scheme, so that reasonable unlocking of the intelligent door lock is ensured, and the problem of economic damage caused by false response due to the fact that the unlocking request instruction is a false instruction tampered by a hacker is solved.
Fig. 4 is a schematic view illustrating a third implementation flow of the security control method in the TEE according to the embodiment of the present disclosure. As shown in fig. 4, the method includes:
s301: obtaining an unlock request instruction transmitted by a CA in the REE to a TA in the TEE through an application program interface between the CA and the TA;
s302: obtaining first reference data and second reference data, wherein the first reference data is data related to the attribute of an unlocking request instruction; the second reference data is characterized by identity information of an object appearing in the monitoring information collected by the intelligent door equipment;
in this step, as compared with the feature that the TEE environment has high security, the security under the REE environment is weak, and the unlocking request instruction generated by the CA in the REE environment may be a reasonable instruction, such as a true person requesting to unlock outdoors, or a false unlocking instruction generated by a hacker invading the REE environment to tamper with the program. To avoid responding to the pseudo-unlocking command, the TA may determine whether to respond to the unlocking request from the REE environment according to the aforementioned first reference data such as the white list and the black list. Furthermore, in the scheme shown in fig. 4, it is also possible to avoid a response to an instruction that does not respond, such as a dummy instruction, from the viewpoint of monitoring the identity of an object appearing in the information. It can be understood that if the (monitoring) object is present in the monitoring information, it can be considered that someone really requests to unlock the door, the unlocking request instruction from the REE environment is not a pseudo unlocking instruction, but the TA needs to respond to the unlocking request instruction, and it is also necessary to refer to the description of the subsequent schemes.
It can be understood that the environment outside the intelligent door can be regarded as a monitoring environment, at least one information acquisition device is arranged on the intelligent door, and the information acquisition device can monitor the monitoring environment to obtain monitoring information. The identification information of the object appearing in the monitoring information may be a face ID (identification number), a fingerprint ID, a voiceprint ID, an eye mask ID, an iris ID, or the like.
In the embodiment of the disclosure, the intelligent door device can acquire the monitoring information of the monitoring environment outside the intelligent door through the information acquisition device. The number of the information acquisition devices is one or two or more. In practical application, the monitoring of the environment outside the intelligent door can be monitored from the aspects of images, sounds and the like, so the information acquisition device used in the present disclosure can be divided into three types: image acquisition device, sound collection system, fingerprint collection system. Correspondingly, the monitoring information obtained by the three types of information acquisition devices is image information, sound information and fingerprint information respectively. For convenience of description, the fingerprint is described as a special image information. In practical applications, all the information collecting devices may be all image collecting devices such as cameras, all the sound collecting devices such as microphones, all the fingerprint collecting devices, or a mixture of at least two of the three information collecting devices.
Under the condition that the information acquisition device is an image acquisition device, at least one camera arranged on the intelligent door acquires images of a monitoring area outside the intelligent door at the position of the camera, and the obtained monitoring information is a monitoring picture. It can be understood that the target information of the user, such as a face image, a human eye mask, an iris of a human eye, and the like, can be presented in the monitoring picture. If the monitoring information obtained by the TA in the TEE is a monitoring picture acquired by the camera, the TA can identify the identity of the person appearing in the monitoring picture by utilizing at least one target information of a face image appearing in the monitoring picture, an eye mask of the person, an iris of the person and the like.
Under the condition that the image acquisition device is a sound acquisition device, at least one microphone arranged on the intelligent door acquires sound generated outside the intelligent door at the position where the microphone is located, and the obtained monitoring information is audio information. And under the condition that the monitoring information is the audio, the sound of the person appearing in the monitored audio is the target information in the monitoring information. If the monitoring information obtained by the TA in the TEE is the audio information collected by the microphone, the TA in the TEE can identify the person appearing in the monitoring picture by using the monitored sound information.
Set up a fingerprint collection panel on the intelligence door, as a fingerprint collection device, can be used to supply the user to input fingerprint information to the panel. In the case where the information collecting device is a fingerprint collecting device, the monitoring information obtained by the fingerprint collecting device is fingerprint information. It will be appreciated that if the monitoring information obtained by the TA in the TEE is fingerprint information, it may identify the user using a fingerprint entered by the user into the fingerprint collection panel.
The three types of information collecting devices in the embodiments of the present disclosure can respectively collect monitoring information in an REE environment. The CA in the REE environment can transmit the monitoring information acquired by each information acquisition device in the REE environment to the TA in the TEE environment, which needs to use the monitoring information, through the API. In this case, the scheme of the embodiment of the present disclosure may be regarded as a scheme implemented based on the interaction between the CA in the REE and the TA in the TEE. The three types of information collection devices in the embodiments of the present disclosure may also perform respective collections of monitoring information in a TEE environment. The TAs operating in the TEE environment, which need to use the monitoring information, can read or receive the monitoring information collected by these several types of information collection devices. The above description can be regarded as two ways for the TA to obtain the monitoring information obtained by the information acquisition device monitoring the monitoring environment, and which way to use can be selected according to the actual use condition. Of course, the three types of information acquisition devices respectively acquire the monitoring information in the TEE environment, the monitoring information obtained in the TEE environment is not easy to be tampered, and the safety of the acquired monitoring information can be ensured. The information acquisition device acquires monitoring information in an REE environment or in a TEE environment, depending on the specific situation. The three types of information acquisition devices respectively acquire information in the REE environment, so that the resource processing burden in the TEE environment can be effectively reduced, and the processing efficiency of the application in the TEE environment can be improved.
In the scheme of adopting at least two information acquisition devices for monitoring information acquisition, the identities of objects appearing in the monitoring information can be respectively identified based on the monitoring information obtained from different information acquisition devices, and whether the identified identities are consistent or not is compared. If the comparison is consistent, if the identities of the self-family are all identified, the process is continued. If the comparison result is inconsistent, whether the recognized identity is the identity of the self-family person is also required to be judged, and if so, the process can be continued. If not, the flow may end. Illustratively, the person such as dad who appears in the monitored area is recognized by a face image obtained from the image pickup device, and the person who appears in the monitored area is recognized not by the person but by a stranger by voice information obtained from the voice pickup device, and the flow is ended. Or, the person such as dad and mom appearing in the monitored area is identified by the face image obtained from the image acquisition device, and the person appearing in the monitored area is only mom (only mom is speaking outdoors, dad is not speaking) and is the person who is self-owned by the voice information obtained from the voice acquisition device, so that the flow can be continued.
In the scheme of collecting the monitoring information by adopting at least two information collecting devices, the identity of the object appearing in the monitoring information can be identified based on the monitoring information obtained from the image collecting device, and the identity identified by the monitoring information collected by other types of information collecting devices, such as a fingerprint collecting device and/or a sound collecting device, can be further confirmed. Illustratively, in the case where the monitoring information collected by the image collecting device identifies the user, a prompt for the user to input voice is output, the user speaks under the prompt, the voice collecting device collects voice information of the user, a voiceprint of the user is identified from the voice information, and the identity information of the user is determined based on the voiceprint information. In addition, when the monitoring information collected by the image collecting device identifies the user, a prompt for inputting the fingerprint by the user is output, the fingerprint collecting panel collects the fingerprint of the user, the fingerprint of the user is identified from the fingerprint information, and the identity information of the user is determined based on the fingerprint information. It can be understood that because the voiceprint information and the fingerprint information of each person have uniqueness, under the condition that the identity of the object appearing in the monitoring information is identified by the monitoring information obtained from the image acquisition device, the identity is identified by utilizing the voiceprint information and the fingerprint information, so that misjudgment can be avoided, double judgment of the identity information is realized, and the identity identification accuracy is ensured.
In the scheme for prompting the user to speak, the sound acquisition device can acquire the sound information of the user appearing outdoors in a mode of acquiring the conversation between the user appearing outdoors and the audio output module of the intelligent door. The dialog content may be reasonable content appearing in practical application, for example, the audio output module outputs "who is you," and people appearing outdoors answer "i is zhang san," so that the sound collection device collects sound information of a user appearing outdoors. The content output by the audio output module can simulate the speaking modes of the family, such as tone, intonation, speed and the like, so that people appearing outdoors can listen to the scene like the family, and illegal people such as thieves can be prevented from stealing. The content output by the audio output module can be manually set or changed, and can be flexibly output according to the speaking habits of the family members. Illustratively, in real life, when a person knocks out outdoors, mom is used for saying 'which position', dad is used for saying 'please wait a little bit', and the processor on the intelligent door can learn the speaking habit of each person according to the conversation habit of each person at home in the weekdays and imitate each person according to the speaking habit. For example, the audio output module can imitate mom's speaking habit to output "which position", or imitate dad's speaking habit to output "please wait a little". If a child or an old man is at home when someone knocks outside the door, and the child or the old man gives certain feedback on the fact that the child or the old man knocks outside the door, such as ' please feel a little ' and the like ', the sound of the child or the old man can be processed into the sound of young and middle-aged people through sound effect processing by the processor, and the sound is output by the audio output module so as to avoid the theft.
S303: analyzing the reasonability or legality of the unlocking request instruction according to the first reference data to obtain a first analysis result;
s304: analyzing the reasonability or legality of the unlocking request instruction according to the second reference data to obtain a second analysis result;
in this step, the rationality or validity of the unlocking request instruction is analyzed according to the identity information of the object appearing in the monitoring information acquired by the information acquisition device and obtained by the TA, and a second analysis result is obtained.
S303 and S304 have no strict sequence and can also be carried out simultaneously.
S305: and determining whether to respond to the unlocking request instruction or not according to the first analysis result and the second analysis result.
In this step, when the first analysis result and the second analysis result both represent that the unlocking request instruction is a reasonable or legal instruction, the TA generates an unlocking instruction, and the unlocking instruction can be used for controlling the door lock of the intelligent door to be unlocked. When at least one of the first analysis result and the second analysis result represents that the unlocking request instruction is an unreasonable or illegal instruction, the TA discards the unlocking request instruction and does not respond to the unlocking request instruction.
The execution subjects of S301-S305 are TA in TEE. For the same points in S301-S305 as in S201-S204, please refer to the related description of S201-S204, and the repeated points are not repeated.
It can be seen from S301 to S305 that, when the TA in the TEE obtains an unlocking request instruction from the CA in the REE environment, the TA obtains two reference data (a first reference data and a second reference data), analyzes the rationality or the validity of the unlocking request instruction according to the two reference data, and determines whether to respond to the unlocking request instruction according to the two analysis results. The reasonability or legality of the unlocking request instruction is analyzed according to the first reference data and the second reference data, namely the unlocking request instruction is analyzed from the two aspects of the attribute of the instruction and the identity of a monitored object appearing in the monitoring environment, and the unlocking request instruction sent to the TA by the CA in the REE environment is an instruction generated under a reasonable condition (such as a real person requesting to open a door) to a certain extent and is not an instruction generated by illegally tampering a program by a hacker in the REE environment by analyzing the identity of the monitored object appearing in the monitoring environment. Whether the unlocking request instruction is responded or not is determined according to the two analysis results, and correct unlocking can be achieved to a certain extent. The TA adopts the safety mechanism to determine whether to unlock, so that the wrong response to the unlocking request instruction can be greatly avoided, the unlocking event under the condition that the unlocking is not required can be avoided, the economic loss caused by responding to the pseudo unlocking instruction simulated and generated by a hacker invading into the REE environment can be avoided, and the reliability of security and protection can be improved.
It is understood that, the scheme of determining whether to respond to the unlocking request instruction according to the first and second analysis results may adopt the flow shown in S301-S305, and may also be: under the condition that the first analysis result represents that the unlocking request instruction obtained according to the first reference data is a reasonable or legal instruction, second reference data are obtained, and the reasonability or the legality of the unlocking request instruction is analyzed according to the second reference data to obtain a second analysis result; and determining whether the TA responds to the unlocking request instruction or not according to the second analysis result and the first analysis result which is characterized as reasonable or legal of the unlocking request instruction.
In the two schemes of determining whether to respond to the unlocking request instruction according to the first analysis result and the second analysis result, the wrong response to the unlocking request instruction can be avoided, and the economic loss caused by responding to the pseudo-unlocking instruction simulated and generated by a hacker invading into the REE environment is avoided. As an implementation manner, the scheme for obtaining the second reference data is as follows: the TA obtains monitoring information acquired by the information acquisition device in the REE or the TEE, wherein target information exists in the monitoring information, and the target information comprises at least one of the following information: face image, fingerprint, voice, iris and eye mask information; the TA extracts physiological characteristic information of the object appearing in the monitoring information from the target information; identifying, based on the physiological characteristic information, identity information of the subject appearing in the monitoring information. The identity recognition of the object is carried out based on the physiological characteristic information of the object appearing in the monitoring information, so that the accuracy of the identity recognition can be ensured.
Wherein the TA extracts physiological characteristic information of the subject appearing in the monitoring information from the target information; based on the physiological characteristic information, the technical scheme for identifying the identity information of the object appearing in the monitoring information can be realized by the following two ways:
the first mode is as follows: the TA calls a stored deep neural network model to enable the deep neural network model to extract the physiological characteristic information based on the target information and predict the identity of the object appearing in the monitoring information based on the physiological characteristic information to obtain the identity information of the object;
the execution subject of the first mode is TA. The deep neural network model may be pre-trained, and the training process may occur in the REE and also in the TEE. The trained deep neural network model may be stored in memory space open for TEE or in memory space open for REE. The memory space opened up for TEE and the memory space opened up for REE are physically separated, e.g. stored in different memories or in different memory addresses of the same memory. When needed, either the TA is called from the memory space opened up for the TEE, or the TA requests the model from a CA in the REE, such as CA1, and receives the model fed back by CA 1. As shown in fig. 7, the deep neural network model generally includes an input layer, a convolutional layer, and an output layer. The number of the convolution layers may be one, or two or more. Further, pooling layers may also be present between convolutional layers for dimensionality reduction of the data to reduce the computational workload of the neurons, which may be one, or two or more. Wherein the input layer is used for receiving the target information. The convolutional layer is used for extracting physiological characteristic information in the target information. The extracted physiological characteristic information is a multi-dimensional matrix with high dimensionality, and the pooling layer is used for reducing the dimensionality of the extracted physiological characteristic information so as to reduce the calculation workload. The output layer is used for predicting whether the identity of the person appearing in the monitoring information is the identity of the person and outputting a prediction result based on the physiological characteristic information extracted from the target information. If the output layer comprises a discriminator, the discriminator is used for predicting the probability that the identity of the person appearing in the monitoring information is each person in the family, and the probability is compared with the set probability threshold value, and the output is carried out according to the comparison result. Illustratively, the probability of predicting dad is 0.2, the probability of predicting mom is 0.7, the probability of predicting child is 0.1, and the probability of predicting mom is greater than a predetermined probability threshold of 0.6, the output layer outputs the prediction result-the identity of the person appearing in the monitoring information is the identity ID of mom. The probability of predicting father is 0.2, the probability of predicting mom is 0.3, the probability of predicting child is 0.1, and all probabilities are less than the probability threshold, then the output layer outputs the prediction result, namely the person appearing in the monitoring information is not a family person or a stranger. Because the deep neural network model has strong robustness and robustness, the accuracy of the identity information identified according to the deep neural network model is higher.
The deep neural network model in the embodiment of the disclosure may be a neural network model capable of recognizing a human face, a neural network model capable of recognizing a fingerprint, a neural network model capable of recognizing a voiceprint, or a neural network model capable of recognizing an eye mask or an iris. And if the monitoring information shows a face image, calling a neural network model capable of identifying the face to identify. And if fingerprint information appears in the monitoring information, calling a neural network model capable of recognizing the fingerprint to perform identity recognition. And if the monitoring information shows voice information, calling a neural network model capable of recognizing the voiceprint to perform identity recognition. And if the eye membrane or iris information appears in the monitoring information, calling a neural network model capable of identifying the eye membrane or iris for identity identification.
The deep neural network model in the embodiments of the present disclosure may be any reasonable model that can identify the user identity, such as a multitasking convolutional neural network (MTCNN), a residual neural network (ResNet), a twin convolutional neural network model, a Convolutional Neural Network (CNN), a deep convolutional network (DNN), and the like. The above model, if any reasonable variation is made on the basis of the model shown in fig. 7, is also within the scope of the embodiments of the present disclosure.
In the second mode, the stored physiological characteristic information is called; performing similarity matching on the physiological characteristic information extracted from the target information and the stored physiological characteristic information; and determining the identity information according to the matching result.
The second mode is executed mainly by TA. The face feature, fingerprint feature, voiceprint feature, iris feature, eye mask feature, and the like of each family are stored in advance in a storage space opened for the TEE or the REE, as physiological feature information stored in the TEE. Until use, it is read out from the storage space opened up for the TEE, or the TA requests the physiological characteristic information from a CA in the REE, such as CA1, and receives the physiological characteristic information fed back by CA 1. Physiological characteristic information of a person appearing in the monitored environment is extracted from the target information, and the similarity between the extracted physiological characteristic information and the read physiological characteristic of the family is judged to be higher than a preset similarity, such as 90%. And if the similarity between the extracted face features and the face features of dad is higher than 90%, determining that the person who is currently out of the door is a self-family person and dad, and determining that the identity ID of the person who is currently out of the door is the identity ID of dad. And if the similarity between the physiological characteristic information of the person appearing in the monitoring environment and the read physiological characteristics of all the family members is smaller than the preset similarity, the person appearing in the monitoring environment is considered to be not the family member but a stranger. The method can ensure the identification accuracy of the identity of the person appearing in the monitoring information through the similarity matching.
In an optional embodiment, the identification of the identity information may be performed in the foregoing two manners at the same time, and it is determined whether the identity information obtained in the two manners is consistent, and if so, the TA continues to execute the process to determine whether the identified identity information is the identity information of the predetermined object. If not, the flow ends. The loss brought to the user by mistake unlocking is avoided, and the user experience is improved.
In the foregoing two modes, if the target information is a face image, the extracted physiological features may be face features, eye mask features, and iris features. The face features include contour, color, size, face edge features, and the like. The ophthalmic or iris features include the contour, color, size, edge features, etc. of the ophthalmic or iris. If the target information is a fingerprint image, the extracted physiological characteristics can be the trend, the texture and the like of the fingerprint. If the target information is a sound, the extracted physiology may be voiceprint information such as the frequency and amplitude of the fluctuation of the sound. Because the physiological characteristics of each person have uniqueness, the uniqueness is used for identifying the identity of the person, and the accuracy of identity identification can be ensured.
In the two modes, whether the deep neural network model and the physiological characteristic information are stored in the TEE or the REE is set according to specific conditions. If stored in the REE, the TA may need to make a request for model and physiological characteristic information to the CA in the REE, the solution of the embodiments of the present disclosure may be considered as a solution implemented based on the interaction between the CA in the REE and the TA in the TEE. As an implementation manner, the analyzing the reasonability or the legality of the unlocking request instruction according to the second reference data to obtain the second analysis result may be implemented by: determining whether the identity information of the object is identity information of a predetermined object; when the identity information of the object is determined to be the identity information of the preset object, obtaining a second analysis result that the unlocking request instruction is reasonable or legal; and when the identity information of the object is determined not to be the identity information of the preset object, obtaining a second analysis result that the unlocking request instruction is unreasonable or illegal. Can ensure correct unlocking and avoid the loss caused by incorrect unlocking.
It is understood that determining whether the identification information of the object is the identification information of the predetermined object may be determining whether the identification information of the object is the identification information of the own person, or determining not only the identification information of the own person but also the identification information of who is among the own persons. Illustratively, the identity ID of the family is pre-stored in a storage space opened for the TEE, and the determination of whether the identity information of the object is the identity information of the family is intended to judge whether the identity information of the object appears in the storage space opened for the TEE, if so, the person standing outdoors is considered as the family, and if not, the person is considered as the stranger. In addition, when the person currently appearing in the monitoring information is identified as a self-family person, the identified ID may be matched with the ID of each family person one by one, and the identified ID may be determined to be the same ID as the ID of the family person who is among all the family persons. Not only is a conclusion made as to whether the person currently standing outdoors is a person of his or a stranger, but also identification information of who is the person of his or her own can be recognized in the case of making the conclusion.
And under the condition that the TA receives an unlocking request instruction sent by a CA in the REE, obtaining first reference data and second reference data, and analyzing whether the unlocking request instruction is a reasonable or legal instruction or an unreasonable or illegal instruction according to the first reference data and the second reference data to obtain respective analysis results. The process of analyzing the unlocking request instruction according to the first reference data to obtain the analysis result is described in the foregoing related description, and repeated details are omitted.
Now, referring to fig. 8, a process of obtaining the second reference data and analyzing whether the unlocking request instruction is a reasonable or legal instruction or an unreasonable or illegal instruction according to the second reference data to obtain a second analysis result will be further described.
In fig. 8, taking the example that the smart door device includes a camera (camera 1), a fingerprint collection panel, and a microphone, the camera 2 may be disposed on a house, or may be disposed at a position different from the position of the camera 1 on the smart door, so that the two cameras monitor the environment outside the smart door at the respective positions. It can be understood that, in the case that someone outside the smart door requests to open the door, at least one of the face, the eye mask and the iris appears in the monitoring picture collected by at least the camera 1 and/or the camera 2. In some scenarios, voice information and/or fingerprint information may also be collected. For example, if the person requesting to open the door is a family person, the microphone may collect voice information and the fingerprint collection panel may collect fingerprint information, in addition to the cameras 1 and 2 being capable of collecting at least one of human face, eye membrane and iris.
When the TA receives an unlocking request instruction or a first analysis result sent by a CA in the REE, which indicates that the unlocking request instruction is reasonable or legal (see the related description above for a specific process of obtaining the first analysis result indicating that the unlocking request instruction is reasonable or legal), the TA reads the monitoring information collected by the information collection device from at least one information collection device or receives the monitoring information transmitted by the information collection device. Taking reading as an example, the TA may only read the monitoring picture shot by the camera 1 or the camera 2, may only read the sound information collected by the microphone, and may only read the fingerprint information collected by the fingerprint collection panel. Or, the monitoring information collected by two or three information collecting devices is read. If the monitoring information acquired by the information acquisition device is read, identifying the object appearing in the monitoring information according to at least one of the two methods for acquiring the identity information to acquire the identity information, and continuing to execute the process. If the monitoring information acquired by two or more information acquisition devices is read, the object appearing in each monitoring information needs to be identified by at least one of the two methods for acquiring the identity information aiming at each monitoring information, the identity identification results are compared in a consistent manner, and if the identity information identified by each monitoring information is the same identity information, such as the identity ID of the same person, the process can be continuously executed. And if the identity IDs of different persons are found through consistency comparison, reading the monitoring information and identifying the identity, or ending the process.
And under the condition that the identity ID of the object appearing in the monitoring information is identified, determining whether the identity ID is the identity information of the own person, if so, generating a second analysis result that the unlocking request instruction is reasonable or legal, and if not, generating a second analysis result that the unlocking request instruction is unreasonable or illegal. And combining the first analysis result and the second analysis result, and if the two analysis results both represent that the unlocking request instruction is reasonable or legal, the TA generates an unlocking instruction and unlocks the door lock. If at least one of the two analysis results represents that the unlocking request instruction is unreasonable or illegal, the TA discards the unlocking request instruction and does not respond. Whether the unlocking request instruction is responded or not is determined according to the first analysis result and the second analysis result, the unlocking accuracy can be guaranteed, mistaken unlocking is avoided, the security reliability and safety are improved, and good experience is brought to users.
Fig. 5 is a schematic diagram of an implementation flow of the security control method in the TEE according to the embodiment of the present disclosure. As shown in fig. 5, the method includes:
s401: obtaining an unlock request instruction transmitted by a CA in the REE to a TA in the TEE through an application program interface between the CA and the TA;
s402: obtaining first reference data and third reference data, wherein the first reference data is data related to the attribute of an unlocking request instruction; the third reference data is characterized by the distance between the position of the reasonable use user of the intelligent door device and the position of the intelligent door device;
s403: analyzing the reasonability or legality of the unlocking request instruction according to the first reference data to obtain a first analysis result;
s404: analyzing the reasonability or legality of the unlocking request instruction according to the third reference data to obtain a third analysis result;
s405: and determining whether to respond to the unlocking request instruction or not according to the first analysis result and the third analysis result.
In this step, when the first analysis result and the third analysis result both represent that the unlocking request instruction is a reasonable or legal instruction, the TA generates an unlocking instruction, and the unlocking instruction can be used for controlling the door lock of the intelligent door to be unlocked. When at least one of the first analysis result and the third analysis result represents that the unlocking request instruction is an unreasonable or illegal instruction, the TA does not respond to the unlocking request instruction and discards the unlocking request instruction.
The execution subjects of S401 to S405 are TA in TEE. For the same points in S401-S405 as in S201-S204, refer to the related descriptions of S201-S204, and the repeated points are not repeated.
It can be seen from S401 to S405 that, when the TA in the TEE obtains an unlocking request instruction from the CA in the REE environment, the TA obtains two reference data (a first reference data and a third reference data), analyzes the rationality or the validity of the unlocking request instruction according to the two reference data, and determines whether to respond to the unlocking request instruction according to the two analysis results. The reasonability or legality of the unlocking request instruction is analyzed according to the first reference data and the third reference data, namely the unlocking request instruction is analyzed from the aspects of the attribute of the instruction and the distance between a reasonable use user of the intelligent door and the intelligent door, and the analysis from the aspect of the distance between the reasonable use user and the intelligent door can ensure that the unlocking request instruction sent to the TA by the CA in the REE environment is an instruction generated under a reasonable condition (if a person requests to open the door) and is not a pseudo instruction generated by illegal tampering of a program by a hacker in the REE environment to a certain extent. Whether the unlocking request instruction is responded or not is determined according to the two analysis results, and correct unlocking can be achieved to a certain extent. The TA adopts the safety mechanism to determine whether to unlock, so that the wrong response to the unlocking request instruction can be greatly avoided, the unlocking event under the condition that the unlocking is not required can be avoided, the economic loss caused by responding to the pseudo unlocking instruction simulated and generated by a hacker invading into the REE environment can be avoided, and the safety and the reliability of security and protection can be improved.
It is understood that, the scheme of determining whether to respond to the unlocking request instruction according to the first and third analysis results may adopt the flow shown in S401-S405, and may also be: under the condition that the first analysis result represents that the unlocking request instruction obtained according to the first reference data is a reasonable or legal instruction, third reference data is obtained, and the reasonability or the legality of the unlocking request instruction is analyzed according to the third reference data to obtain a third analysis result; and determining whether the TA responds to the unlocking request instruction or not according to the third analysis result and the first analysis result which is characterized as reasonable or legal of the unlocking request instruction.
In the two schemes of determining whether to respond to the unlocking request instruction according to the first analysis result and the third analysis result, the wrong response to the unlocking request instruction can be avoided, and the economic loss caused by responding to the pseudo-unlocking instruction simulated and generated by a hacker invading into the REE environment is avoided. As an implementation manner, the scheme for obtaining the third reference data includes: the TA obtains the position information of the terminal of the reasonable use user and the position information of the intelligent door, and calculates the distance between the terminal and the intelligent door equipment according to the position information of the terminal and the position information of the intelligent door equipment; and regarding the distance between the terminal and the intelligent door device as the distance between the position of the reasonable use user of the intelligent door device and the position of the intelligent door device. Correspondingly, according to the third reference data, analyzing the reasonability or legality of the unlocking request instruction to obtain a third analysis result, including: and determining whether the distance between the position of the reasonable use user of the intelligent door equipment and the position of the intelligent door equipment is within a distance threshold, if so, generating a third analysis result that the unlocking request instruction is reasonable or legal, and if not, generating a third analysis result that the unlocking request instruction is unreasonable or illegal. Based on the position of the reasonable user of the intelligent door equipment when the TA receives the unlocking request instruction and the judgment whether the distance between the intelligent door equipment and the position of the reasonable user of the intelligent door equipment is within the distance threshold value, the accurate unlocking of the door lock can be realized, and the reliability of security and protection is improved.
It can be understood that the position of the reasonable user of the intelligent door device can be obtained when the TA receives the unlocking request instruction, or obtained when the unlocking request instruction is analyzed to be a reasonable or legal instruction based on the first reference data. The scheme for obtaining the position information of the terminal of the reasonable use user and the position information of the intelligent door by the TA can be realized by any one of the following two ways:
the first scheme is as follows: and the TA sends request positioning information to the terminal of the reasonable user and receives the position information of the terminal fed back by the terminal according to the request positioning information.
The first solution corresponds to the TA running in the TEE directly requesting the terminal of the incumbent user for its location information. The reasonable use user of the intelligent door is the self-owned person, and the terminal identification of the self-owned person, such as a mobile phone number, is stored in the storage space opened up for the TEE environment in advance. Under the condition that the TA obtains an unlocking request instruction or obtains a first analysis result which is characterized in that the unlocking request instruction is reasonable or legal, the TA reads the stored mobile phone number of the self-family from the storage space, sends request positioning information (requesting the current position of the terminal) to the terminal with the mobile phone number, and the terminal receives the request information and feeds back the current position information of the terminal to the TA. And the TA calculates the distance between the current position of the terminal and the position of the intelligent door equipment according to the current position of the terminal and the position of the intelligent door equipment.
The second scheme is as follows: the TA generates and sends the notification message to a target application running in the REE, the target application requests the terminal of the reasonable use user for the position information of the target application based on the notification message, and the TA receives the position information of the terminal fed back by the target application aiming at the notification message.
The second solution is equivalent to that the TA running in the TEE indirectly obtains the positioning information of the family's terminal through the target CA running in the REE. In this case, the scheme of the embodiment of the present disclosure may be regarded as a scheme implemented based on the interaction between the CA in the REE and the TA in the TEE. The target application may be a CA, such as CA1, that is pre-designated to run in the REE. The TA generates a notification message and sends the notification message and the identifier of the terminal of the family found in the storage space to CA1 operating in the REE, CA1 receives the notification message and sends a message requesting the location of the terminal to the terminal with the identifier, the terminal of the family receives the message and feeds back the current location of the terminal to CA1, and CA1 receives the location of the terminal and sends the location to the TA. And the TA calculates the distance between the position of the family and the intelligent door equipment according to the current position of the terminal of the family and the position of the intelligent door equipment.
In the two schemes, the distance between the terminal of the family and the intelligent door device can be regarded as the distance between the family and the intelligent door device when the TA receives the unlocking request instruction or obtains the first analysis result that the unlocking request instruction is reasonable or legal.
It is understood that the family member may be a single person, or may be two or more persons, in the first scheme, the TA may send the request for the location information to the terminal of each family member, and the terminal of each family member feeds back the current location information to the TA. In the second scheme, the target CA may send request positioning information to the terminal of each family, the terminal of each family feeds back the current position information to the CA, and the CA feeds back the received position information of each terminal to the TA. And the TA calculates the distance between the terminal of each family and the intelligent door equipment. And judging whether a terminal with the distance between the terminal and the intelligent door equipment within a distance threshold value, such as 0.2m (meter) exists in all the terminals, if so, judging that an unlocking request instruction sent to the TA by the CA in the REE is generated because a family outside the door requests to unlock and is not a pseudo instruction generated by intrusion of a hacker into the REE, and generating a third analysis result that the unlocking request instruction is reasonable or legal. If the unlocking request instruction does not exist, the fact that the family does not request to unlock the door does not exist, the unlocking request instruction sent to the TA by the CA in the REE is probably a fake instruction, and a third analysis result that the unlocking request instruction is unreasonable or illegal is generated possibly when a stranger requests to unlock the door.
In an alternative embodiment, the distance calculation may be performed by both schemes, and the difference between the distances obtained by the two schemes is compared to a tolerable range. If it is within the tolerable range, TA 1 continues the process. If not, the flow ends. The loss brought to the user by mistake unlocking is avoided, and the user experience is improved.
The two implementation modes are simple and feasible in engineering, and the calculation accuracy of the distance between the position of the family terminal and the position of the intelligent door device can be ensured under the condition that the TA receives the unlocking request instruction or obtains the first analysis result that the unlocking request instruction is a reasonable or legal instruction, so that the family terminal can be effectively unlocked under the condition that the family terminal stands outdoors, and the safety of home security is improved.
Fig. 6 is a schematic diagram of an implementation flow of the safety control method in the TEE according to the embodiment of the present disclosure. As shown in fig. 6, the method includes:
s501: obtaining an unlock request instruction transmitted by a CA in the REE to a TA in the TEE through an application program interface between the CA and the TA;
s502: obtaining first reference data, second reference data and third reference data, wherein the first reference data is data related to the attribute of an unlocking request instruction; the second reference data is characterized by identity information of an object appearing in the monitoring information collected by the intelligent door equipment; the third reference data is characterized by the distance between the position of the reasonable use user of the intelligent door device and the position of the intelligent door device;
s503: analyzing the reasonability or legality of the unlocking request instruction according to the first reference data to obtain a first analysis result;
s504: analyzing the reasonability or legality of the unlocking request instruction according to the second reference data to obtain a second analysis result;
s505: analyzing the reasonability or legality of the unlocking request instruction according to the third reference data to obtain a third analysis result;
s506: and determining whether the TA responds to the unlocking request instruction or not according to the first analysis result and a target analysis result, wherein the target analysis result is at least one of the first analysis result and the second analysis result.
In this step, when the first analysis result, the second analysis result and the third analysis result all represent that the unlocking request instruction is a reasonable or legal instruction, the TA responds to the unlocking request instruction to generate an unlocking instruction, and the unlocking instruction can be used for controlling the door lock of the intelligent door to be unlocked. When the first analysis result represents that the unlocking request instruction is reasonable or legal, but at least one analysis result of the second analysis result and the third analysis result represents that the unlocking request instruction is unreasonable or illegal, the TEE discards the unlocking request instruction and does not respond to the unlocking request instruction, and the unlocking operation of the intelligent door equipment corresponding to the unlocking request instruction is forbidden. Such a scheme, in which the request instruction is derived from the second reference data and/or the third reference data is not reasonable or not legal even if the request instruction is derived from the first reference data, may be regarded as the influence of the analysis result derived from the second reference data and/or the third reference data on whether or not to finally respond is larger than the influence of the analysis result derived from the first reference data on whether or not to finally respond. That is, in the result of the response to the non-response, the second reference data and the third reference data are more important than the first reference data, so that a correct response can be achieved and an unnecessary response is avoided.
The execution subjects of S501-S506 are TA in TEE. For the same points in S501-S506 as in S201-S204, please refer to the related descriptions of S201-S204, and the repeated points are not repeated.
It can be seen from S501 to S506 that, when the TA in the TEE obtains the unlocking request instruction from the CA in the REE environment, the TA obtains three reference data (first to third reference data), analyzes the rationality or validity of the unlocking request instruction according to the three reference data, and determines whether to respond to the unlocking request instruction according to the three analysis results. The reasonability or legality of the unlocking request instruction is analyzed according to the first reference data, the reasonability or legality of the unlocking request instruction is analyzed from the aspects of the attribute of the instruction, the identity information of an object appearing in the monitoring information and the distance between a reasonable use user of the intelligent door and the intelligent door, and the analysis from the aspects of the identity information, the distance between the reasonable use user of the intelligent door and the like can ensure that the unlocking request instruction sent to the TA by the CA in the REE environment is an instruction generated under a reasonable condition (if a person requests to open the door) to a certain extent and is not a pseudo instruction generated by illegally tampering a program by a hacker in the REE environment. Whether the unlocking request instruction is responded or not is determined according to the three analysis results, and correct unlocking can be achieved to a certain extent. The TA adopts the safety mechanism to determine whether to unlock, so that the false response to the unlocking request instruction can be greatly avoided, the occurrence of unlocking events under the condition that the unlocking is not required is avoided, the economic loss caused by responding to the pseudo-unlocking instruction simulated and generated by a hacker invading into the REE environment is avoided, the reliability of security protection is improved, and the security protection safety is ensured.
It is understood that, the scheme of determining whether to respond to the unlocking request instruction according to the three analysis results of the first, second and third may adopt the flow shown in S501-S506, and may also be: under the condition that the first analysis result represents that the unlocking request instruction obtained according to the first reference data is a reasonable or legal instruction, second reference data are obtained, and the reasonability or the legality of the unlocking request instruction is analyzed according to the second reference data to obtain a second analysis result; under the condition that the second analysis result represents that the unlocking request instruction obtained according to the second reference data is a reasonable or legal instruction, third reference data is obtained, and the reasonability or the legality of the unlocking request instruction is analyzed according to the third reference data to obtain a third analysis result; and determining whether the TA responds to the unlocking request instruction or not according to the first analysis result, the second analysis result and the third analysis result. And when the first analysis result, the second analysis result and the third analysis result all represent that the unlocking request instruction is a reasonable or legal instruction, the TA responds to the unlocking request instruction to generate an unlocking instruction, and the door lock is unlocked. Therefore, the door lock can be correctly opened, and the reliability, safety and intelligence of security are improved.
In the foregoing solution, the analysis of the at least one reference datum and the solution of determining whether to unlock is both implemented in a single TA in the TEE, and the solution of fig. 2 to 6 as described above is implemented by a first TA (e.g., TA 1 of fig. 1) in the TEE. In addition, the process of obtaining the target request instruction, obtaining and analyzing the at least one reference datum may be implemented in a first TA of the TEE, and the scheme of determining whether to respond to the instruction may be implemented in a second TA (e.g., TA 2 of fig. 1) of the TEE. That is, the first TA may transmit a first analysis result obtained by analyzing the rationality or validity of the target request command, such as the unlock request command, according to the first reference data to the second TA through a communication interface between the first TA and the second TA, where the first analysis result may be used by the second TA to determine whether to respond to the unlock request command. Or, the first TA may transmit a first analysis result and a second analysis result obtained by analyzing the rationality or the validity of the target request instruction, such as the unlock request instruction, according to the first reference data and the second reference data to the second TA through a communication interface between the first TA and the second TA, where the first analysis result and the second analysis result may be used by the second TA to determine whether to respond to the target request instruction, such as the unlock request instruction. Or the first TA may transmit a first analysis result, a second analysis result, and a third analysis result, which are obtained by analyzing the rationality or the validity of the unlocking request instruction according to the first reference data, the second reference data, and the third reference data, to the second TA through a communication interface between the first TA and the second TA, where the first analysis result, the second analysis result, and the third analysis result may be used by the second TA to determine whether to respond to the target request instruction, such as the unlocking request instruction. In short, TA 1 transmits the analyzed result to TA 2 through the communication interface between TA 1 and TA 2, and TA 2 determines whether to unlock the lock according to the analyzed result obtained by TA 1. The scheme that TA 2 determines whether to unlock according to the analysis result obtained by TA 1 is similar to the scheme that TA 1 determines whether to unlock according to the analysis result, and is not described in detail.
The two execution process parts of analyzing and determining whether to respond to unlocking, such as unlocking, are put into the two TAs, so that the problem that the TA 1 cannot unlock in time due to slow execution progress of the two process parts can be avoided. In addition, the TA 2 in the embodiment of the present disclosure may also obtain the second reference data and/or the third reference data, and obtain a corresponding analysis result according to the second reference data and/or the third reference data, that is, the TA 2 itself may also analyze whether the unlocking request instruction received by the TA 1 is reasonable or legal according to the second reference data and/or the third reference data, the distance between the intelligent door device and the terminal of the home, and the identity of the person appearing in the monitoring information, as in the case of the TA 1, to obtain an analysis result of itself. And the TA 2 combines the analysis result obtained by the received TA 1 with the analysis result obtained by the TA 2 to determine whether to unlock the lock. For example, the TA 2 generates the unlocking instruction to unlock the door lock only when the analysis result obtained by the TA 1 and the analysis result obtained by the TA 2 both indicate that the unlocking request instruction is reasonable or legal. Therefore, the unlocking safety can be greatly guaranteed, and the reliability and the intelligence of security and protection are improved. The process of obtaining the second reference data by TA 2 is similar to the process of obtaining the second reference data by TA 1, and the monitoring information can be read from only one information acquisition device and identify the identity of a person appearing in the monitoring information, or the monitoring information can be read from two or more information acquisition devices and identify the identity of the person. If the monitoring information is read from two or more than two information acquisition devices and the identities of people are identified, whether the identity information of people identified from the monitoring information obtained from each information acquisition device is consistent or not can be judged, and if the identity information is consistent, whether the unlocking request instruction received by the TA 1 is reasonable or legal or not is continuously analyzed. If not, the flow ends. Under the condition that the TA 1 and the TA 2 recognize the identity information of the person based on the respective read monitoring information, the identity information of the person recognized by the TA 1 and the identity information of the person recognized by the TA 2 need to be compared in a consistent manner, and if the comparison result is consistent, the process is continued. The TA 1 and the TA 2 are subjected to identity recognition, so that the condition that the TA 1 identity recognition is wrong can be avoided. Under the condition that the identities identified by the two TAs are consistent, whether the lock is unlocked or not is determined according to the reasonable or legal analysis of the unlocking request instruction, so that the accurate unlocking of the door lock can be ensured, the reliability and intelligence of security and protection are improved, and the safety is ensured.
It can be understood that in the related art, for example, in an intelligent security scene of a home, the unlocking of the door lock is realized by adopting a mode of sending an unlocking instruction to the door from an intelligent terminal of a user, such as a smart phone. The mode is unlocking realized by controlling the external device, namely the smart phone. According to the scheme, for people with illegal attempts such as hackers, the mobile phone can be invaded by illegal means and a pseudo instruction for unlocking the door is simulated, if the family door of a user receives the pseudo instruction, the pseudo instruction is responded to realize unlocking, the situation that the property in the family is stolen can occur, economic loss is brought to the user, and the security is insufficient. By means of the scheme, the problems can be solved, security safety is guaranteed, and intelligence can be improved.
An embodiment of the present disclosure provides a safety control device in a TEE, as shown in fig. 9, the device includes:
a first obtaining unit 801, configured to obtain a target request instruction, where the target request instruction is transmitted to a trusted application TA in a trusted execution environment TEE in a rich execution environment REE in which an intelligent security device operates, through an application program interface between the CA and the TA;
a second obtaining unit 802, configured to obtain at least first reference data, where the first reference data is data related to an attribute of a target request instruction;
an analyzing unit 803, configured to analyze the rationality or validity of the target request instruction according to the first reference data to obtain a first analysis result;
a determining unit 804, configured to determine whether the TA responds to the target request instruction according to the first analysis result.
In one embodiment, the second obtaining unit 802 is configured to: obtaining second reference data and/or third reference data; the second reference data is characterized by identity information of an object appearing in the monitoring information collected by the intelligent security equipment; the third reference data is characterized by the distance between the position of a reasonable user of the intelligent security equipment and the position of the intelligent security equipment; correspondingly, the analysis unit 803 is configured to analyze the rationality or the validity of the target request instruction according to the second reference data to obtain a second analysis result; and/or analyzing the reasonability or legality of the target request instruction according to third reference data to obtain a third analysis result; the determining unit 804 is configured to determine whether the TA responds to the target request instruction according to the first analysis result and a target analysis result, where the target analysis result is at least one of the first analysis result and the second analysis result.
In one embodiment, the intelligent security equipment comprises an information acquisition device, and the information acquisition device acquires monitoring information in the monitoring environment of the intelligent security equipment in the REE; the second obtaining unit 802 is configured to: acquiring monitoring information acquired by the information acquisition device in the REE, wherein target information exists in the monitoring information, and the target information comprises at least one of the following information: face image, fingerprint, voice, iris and eye mask information; extracting physiological characteristic information of the subject appearing in the monitoring information from the target information; identifying, based on the physiological characteristic information, identity information of the subject appearing in the monitoring information.
In one embodiment, the second obtaining unit 802 is configured to: generating and sending the notification message to a target application running in an REE, the target application requesting a terminal of the reasonable-use user for position information thereof based on the notification message, and receiving the position information of the terminal fed back by the target application for the notification message; and/or sending request positioning information to the terminal of the reasonable user and receiving the position information of the terminal fed back by the terminal according to the request positioning information; acquiring position information of intelligent security equipment, and calculating the distance between the terminal and the intelligent security equipment according to the position information of the terminal and the position information of the intelligent security equipment; and regarding the distance between the terminal and the intelligent security equipment as the distance between the position of the reasonable user of the intelligent security equipment and the position of the intelligent security equipment.
In one embodiment, the analysis unit 803 is configured to: determining whether the identity information of the object is identity information of a predetermined object; when the identity information of the object is determined to be the identity information of the preset object, obtaining a second analysis result that the target request instruction is reasonable or legal; and when the identity information of the object is determined not to be the identity information of the preset object, obtaining a second analysis result that the target request instruction is unreasonable or illegal.
In one embodiment, the analysis unit 803 is configured to: determining whether the distance between the position of the reasonable user of the intelligent security equipment and the position of the intelligent security equipment is within a distance threshold value; when the distance between the position of the reasonable user of the intelligent security equipment and the position of the intelligent security equipment is within a distance threshold value, obtaining a third analysis result that the target request instruction is reasonable or legal; and when the distance between the position of the reasonable user of the intelligent security equipment and the position of the intelligent security equipment is not within the distance threshold value, obtaining a third analysis result that the target request instruction is unreasonable or illegal.
In one embodiment, the second obtaining unit 802 is configured to: calling the stored deep neural network model to enable the deep neural network model to extract the physiological characteristic information based on the target information and predict the identity of the object appearing in the monitoring information based on the physiological characteristic information to obtain the identity information of the object; and/or, recall the stored physiological characteristic information; performing similarity matching on the physiological characteristic information extracted from the target information and the stored physiological characteristic information; and determining the identity information of the object according to the matching result.
In one embodiment, the determining unit 804 is configured to: when the first analysis result representation analyzes that the target request instruction is reasonable or legal according to the first reference data, but the second analysis result representation analyzes that the target request instruction is unreasonable or illegal according to the second reference data and/or the third analysis result representation analyzes that the target request instruction is unreasonable or illegal according to the third reference data, not responding to the target request instruction; and responding to the target request instruction under the conditions that the first analysis result representation analyzes that the target request instruction is reasonable or legal according to the first reference data, the second analysis result representation analyzes that the target request instruction is reasonable or legal according to the second reference data, and the third analysis result representation analyzes that the target request instruction is reasonable or legal according to the third reference data.
In the foregoing solution, the target request instruction may be an unlocking request instruction, may be an instruction for adjusting the volume of the horn, or may be any other reasonable instruction. The intelligent security equipment is preferably intelligent door equipment.
It should be noted that, in the safety control device in the TEE in the embodiment of the present disclosure, since a principle of the safety control device in the TEE for solving the problem is similar to the safety control method in the TEE, both the implementation process and the implementation principle of the safety control device in the TEE can be described by referring to the implementation process and the implementation principle of the method, and repeated details are not repeated.
The embodiment of the disclosure provides an intelligent security device, the intelligent security device can operate a trusted execution environment TEE and a rich execution environment REE, a trusted application TA is operated in the TEE, a client application CA is operated in the REE, and the intelligent security device comprises the security control device in the TEE. Because the principle of solving the problems of the intelligent security equipment is similar to that of the safety control method in the TEE, the implementation process and the implementation principle of the intelligent security equipment can be described by referring to the implementation process and the implementation principle of the method, and repeated parts are not described again. The intelligent security equipment is preferably intelligent door equipment.
It should be noted that, in the embodiment of the present disclosure, the division of each functional unit is schematic, and is only one logical functional division, and there may be another division manner in actual implementation. Each functional unit in the embodiments of the present disclosure may be integrated into one processing unit, each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present disclosure may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method provided by the embodiments of the present disclosure. And the aforementioned storage medium includes: u disk, removable hard disk, read only memory, random access memory, magnetic or optical disk, etc. for storing program codes.
Fig. 10 is a block diagram of an intelligent security device according to an embodiment of the present disclosure. As shown in fig. 10, the intelligent security device includes: a memory 910 and a processor 920, the memory 910 having stored therein computer programs operable on the processor 920. The number of the memory 910 and the processor 920 may be one or more. The memory 910 may store one or more computer programs that, when executed by the smart security device, cause the smart security device to perform the methods provided by the above-described method embodiments.
This intelligent security equipment still includes: and a communication interface 930 for communicating with an external device to perform data interactive transmission. If the memory 910, the processor 920 and the communication interface 930 are implemented independently, the memory 910, the processor 920 and the communication interface 930 may be connected to each other through a bus and perform communication with each other. The bus may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 10, but this is not intended to represent only one bus or type of bus. Optionally, in an implementation, if the memory 910, the processor 920 and the communication interface 930 are integrated on a chip, the memory 910, the processor 920 and the communication interface 930 may complete communication with each other through an internal interface.
The embodiment of the present disclosure also provides a computer-readable storage medium, which stores computer instructions, and when the computer instructions are run on a computer, the computer is caused to execute the method provided by the above method embodiment. The embodiment of the present disclosure further provides a computer program product, where the computer program product is used to store a computer program, and when the computer program is executed by a computer, the computer may implement the method provided by the above method embodiment. The embodiment of the disclosure also provides a chip, which is coupled with the memory, and is used for implementing the method provided by the embodiment of the method.
It should be understood that the processor may be a Central Processing Unit (CPU), other general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or any conventional processor or the like. It is noted that the processor may be a processor supporting an Advanced reduced instruction set machine (ARM) architecture.
The memory may include read only memory and random access memory, and may also include non-volatile random access memory. The memory may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile Memory may include a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory. Volatile Memory can include Random Access Memory (RAM), which acts as external cache Memory. By way of example, and not limitation, many forms of RAM are available. For example, Static Random Access Memory (Static RAM, SRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic Random Access Memory (SDRAM), Double Data rate Synchronous Dynamic Random Access Memory (DDR SDRAM), Enhanced SDRAM (ESDRAM), SLDRAM (SLDRAM), and Direct RAMBUS RAM (DR RAM).
In the above embodiments, the implementation may be wholly or partly realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the disclosure to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL), or wireless (e.g., infrared, bluetooth, microwave, etc.), the computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device including one or more integrated servers, data centers, etc., the available medium may be magnetic medium (e.g., floppy disk, hard disk, magnetic tape), optical medium (e.g., Digital Versatile disk, DVD)) or semiconductor media (e.g.: solid State Disk (SSD)), etc. Notably, the computer-readable storage media referred to in this disclosure may be non-volatile storage media, in other words, non-transitory storage media.
Various embodiments or examples and features of various embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction. In the description of the embodiments of the present disclosure, "/" indicates an OR meaning, for example, A/B may indicate A or B; "and/or" herein is merely an association describing an associated object, and means that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In the description of the embodiments of the present disclosure, the terms "first" and "second" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. The above description is only exemplary of the present disclosure and is not intended to limit the present disclosure, and any modification, equivalent replacement, or improvement made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.

Claims (14)

1. A security control method in TEE is characterized in that the security control method is applied to intelligent security equipment, the intelligent security equipment can run with a trusted execution environment TEE and a rich execution environment REE, a trusted application TA runs in the TEE, a client application CA runs in the REE, and the method comprises the following steps:
obtaining a target request instruction transmitted by a CA of the REE to a TA of the TEE through an application program interface between the CA and the TA;
obtaining first reference data, wherein the first reference data is data related to the attribute of a target request instruction;
analyzing the reasonability or legality of the target request instruction according to the first reference data to obtain a first analysis result;
obtaining third reference data, wherein the third reference data represents the distance between the position of a reasonable user of the intelligent security equipment and the position of the intelligent security equipment;
analyzing the reasonability or legality of the target request instruction according to the third reference data to obtain a third analysis result;
determining whether to respond to the target request instruction according to the first analysis result and the third analysis result; wherein the content of the first and second substances,
analyzing the reasonability or legality of the target request instruction according to the third reference data to obtain a third analysis result, wherein the third analysis result comprises the following steps: determining whether the distance between the position of the reasonable user of the intelligent security equipment and the position of the intelligent security equipment is within a distance threshold value; responding to the fact that the distance between the position of the reasonable user of the intelligent security equipment and the position of the intelligent security equipment is located within a distance threshold value, and obtaining a third analysis result that the target request instruction is reasonable or legal; and responding to the fact that the distance between the position of the reasonable use user of the intelligent security equipment and the position of the intelligent security equipment is not within the distance threshold value, and obtaining a third analysis result that the target request instruction is unreasonable or illegal; the distance between the terminal of the reasonable user of the intelligent security equipment and the intelligent security equipment is used as the distance between the position of the reasonable user of the intelligent security equipment and the position of the intelligent security equipment; and
determining whether to respond to the target request instruction according to the first analysis result and the third analysis result, wherein the determining comprises:
responding to the first analysis result representation that the target request instruction is reasonable or legal according to the first reference data analysis, and responding to the target request instruction according to the third analysis result representation that the target request instruction is reasonable or legal according to the third reference data analysis; and
and responding to the first analysis result representation that the target request instruction is reasonable or legal when being analyzed according to the first reference data, responding to the third analysis result representation that the target request instruction is unreasonable or illegal when being analyzed according to the third reference data, and not responding to the target request instruction.
2. The method of claim 1, further comprising:
obtaining second reference data, and analyzing the reasonability or legality of the target request instruction according to the second reference data to obtain a second analysis result; the second reference data represents identity information of an object appearing in the monitoring information collected by the intelligent security equipment; and
the determining whether to respond to the target request instruction according to the first analysis result and the third analysis result includes:
and determining whether to respond to the target request instruction according to the first analysis result, the third analysis result and the second analysis result.
3. The method according to claim 2, wherein the smart security device comprises an information acquisition device, and the information acquisition device acquires monitoring information in the monitoring environment of the smart security device in the REE or the TEE;
the obtaining of the second reference data comprises:
acquiring monitoring information acquired by the information acquisition device in the REE or the TEE, wherein target information exists in the monitoring information, and the target information comprises at least one of the following information: face image, fingerprint, voice, iris and eye mask information;
extracting physiological characteristic information of the subject appearing in the monitoring information from the target information; identifying, based on the physiological characteristic information, identity information of the subject appearing in the monitoring information.
4. The method of claim 1, wherein the obtaining third reference data comprises:
generating and sending a notification message to a target application running in an REE, the target application requesting location information of a terminal of the reasonable-use user based on the notification message, and receiving the location information of the terminal fed back by the target application for the notification message; andor, sending request positioning information to the terminal, and receiving the position information of the terminal fed back by the terminal according to the request positioning information;
acquiring position information of intelligent security equipment, and calculating the distance between the terminal and the intelligent security equipment according to the position information of the terminal and the position information of the intelligent security equipment; and regarding the distance between the terminal and the intelligent security equipment as the distance between the position of the reasonable user of the intelligent security equipment and the position of the intelligent security equipment.
5. The method according to claim 2 or 3, wherein the analyzing the reasonableness or legality of the target request instruction according to the second reference data to obtain a second analysis result comprises:
determining whether the identity information of the object is identity information of a predetermined object;
when the identity information of the object is determined to be the identity information of the preset object, obtaining a second analysis result that the target request instruction is reasonable or legal;
and when the identity information of the object is determined not to be the identity information of the preset object, obtaining a second analysis result that the target request instruction is unreasonable or illegal.
6. The method according to claim 3, wherein the extracting physiological characteristic information of the subject appearing in the monitoring information from the target information; identifying identity information of a subject present in the monitoring information based on the physiological characteristic information, including:
calling the stored deep neural network model to enable the deep neural network model to extract the physiological characteristic information based on the target information and predict the identity of the object appearing in the monitoring information based on the physiological characteristic information to obtain the identity information of the object; and/or
Calling the stored physiological characteristic information; performing similarity matching on the physiological characteristic information extracted from the target information and the stored physiological characteristic information; and determining the identity information of the object according to the matching result.
7. The method of claim 2, wherein determining whether the TA responds to the target request instruction based on the first analysis result, the third analysis result, and the second analysis result comprises:
when the first analysis result representation analyzes that the target request instruction is reasonable or legal according to the first reference data, and the second analysis result representation analyzes that the target request instruction is unreasonable or illegal according to the second reference data, the target request instruction is not responded;
and responding to the target request instruction under the conditions that the first analysis result representation analyzes that the target request instruction is reasonable or legal according to the first reference data, the second analysis result representation analyzes that the target request instruction is reasonable or legal according to the second reference data, and the third analysis result representation analyzes that the target request instruction is reasonable or legal according to the third reference data.
8. The method of claim 1, wherein the TA is a first TA operating in the TEE, the TEE also operating with a second TA; wherein:
determining whether to respond to the target request instruction at least according to the first analysis result is performed by the first TA; or
And the first TA at least transmits a first analysis result obtained by analyzing the reasonability or the legality of the target request instruction according to the first reference data to the second TA through a communication interface between the first TA and the second TA, and the first analysis result can be used for the second TA to determine whether to respond to the target request instruction.
9. The method according to claim 1, wherein the first reference data comprises at least one preset information of: the data processing method comprises the steps of white list, black list, first data and second data;
wherein a white list records a request for allowing the TA to respond, a black list records a request for forbidding the TA to respond, the first data is used for recording the identification of the applications authorized by the TA in the TEE to communicate with the TA in the REE, and the second data records the identification of a secure transmission channel established between the TA and the applications capable of communicating with the TA in the REE; and
analyzing the reasonability or legality of the target request instruction according to the first reference data to obtain a first analysis result, wherein the first analysis result comprises the following steps:
determining to obtain a first analysis result that the target request instruction is not reasonable or legal when at least one of:
determining that the target request instruction does not exist in the white list;
determining that the target request instruction exists in the blacklist;
determining, from the first data and the identity of the CA, that the CA is not an application authorized by the TEE;
and determining that the target request instruction is not received through a secure transmission channel established between the TA and the CA according to the second data and the identification of the transmission channel used by the target request instruction transmitted from the REE to the TEE.
10. A safety control device in a TEE, the device comprising:
the system comprises a first obtaining unit, a second obtaining unit and a third obtaining unit, wherein the first obtaining unit is used for obtaining a target request instruction, and the target request instruction is transmitted to a Trusted Application (TA) in a Trusted Execution Environment (TEE) by a Client Application (CA) in a Rich Execution Environment (REE) operated by the intelligent security equipment through an application program interface between the CA and the TA;
a second obtaining unit, configured to obtain first reference data, where the first reference data is data related to an attribute of a target request instruction; obtaining third reference data, wherein the third reference data represents the distance between the position of the reasonable user of the intelligent security equipment and the position of the intelligent security equipment;
the analysis unit is used for analyzing the reasonability or the legality of the target request instruction according to the first reference data to obtain a first analysis result; analyzing the reasonability or legality of the target request instruction according to the third reference data to obtain a third analysis result;
a determining unit, configured to determine whether the TA responds to the target request instruction according to the first analysis result and the third analysis result; wherein
The analysis unit is used for determining whether the distance between the position of the reasonable user of the intelligent security equipment and the position of the intelligent security equipment is within a distance threshold value; responding to the fact that the distance between the position of the reasonable user of the intelligent security equipment and the position of the intelligent security equipment is located within a distance threshold value, and obtaining a third analysis result that the target request instruction is reasonable or legal; and responding to the fact that the distance between the position of the reasonable use user of the intelligent security equipment and the position of the intelligent security equipment is not within the distance threshold value, and obtaining a third analysis result that the target request instruction is unreasonable or illegal; the distance between the terminal of the reasonable user of the intelligent security equipment and the intelligent security equipment is used as the distance between the position of the reasonable user of the intelligent security equipment and the position of the intelligent security equipment; and
the determining unit is used for responding to the target request instruction in response to the first analysis result representation that the target request instruction is analyzed to be reasonable or legal according to the first reference data and the third analysis result representation that the target request instruction is analyzed to be reasonable or legal according to the third reference data; and responding to the first analysis result representation that the target request instruction is reasonable or legal when being analyzed according to the first reference data, and responding to the third analysis result representation that the target request instruction is unreasonable or illegal when being analyzed according to the third reference data without responding to the target request instruction.
11. The apparatus of claim 10,
the second obtaining unit is used for obtaining second reference data; the second reference data is characterized by identity information of an object appearing in the monitoring information collected by the intelligent security equipment;
the analysis unit is used for analyzing the reasonability or legality of the target request instruction according to the second reference data to obtain a second analysis result;
the determining unit is configured to determine whether the TA responds to the target request instruction according to the first analysis result, the third analysis result, and the second analysis result.
12. An intelligent security device, wherein the intelligent security device is capable of running a trusted execution environment TEE and a rich execution environment REE, wherein the TEE runs a trusted application TA, and the REE runs a client application CA, and the intelligent security device comprises the security control apparatus in the TEE of claim 10 or claim 11.
13. The utility model provides an intelligent security equipment which characterized in that includes:
one or more processors;
a memory communicatively coupled to the one or more processors;
one or more computer programs, wherein the one or more computer programs are stored in the memory, which when executed, cause the apparatus to perform the method of any of the preceding claims 1 to 9.
14. A computer-readable storage medium storing computer instructions which, when executed on a computer, cause the computer to perform the method of any one of the preceding claims 1 to 9.
CN202111189397.XA 2021-10-13 2021-10-13 Security control method, device and equipment in TEE and storage medium Active CN113645045B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111189397.XA CN113645045B (en) 2021-10-13 2021-10-13 Security control method, device and equipment in TEE and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111189397.XA CN113645045B (en) 2021-10-13 2021-10-13 Security control method, device and equipment in TEE and storage medium

Publications (2)

Publication Number Publication Date
CN113645045A CN113645045A (en) 2021-11-12
CN113645045B true CN113645045B (en) 2022-01-04

Family

ID=78426460

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111189397.XA Active CN113645045B (en) 2021-10-13 2021-10-13 Security control method, device and equipment in TEE and storage medium

Country Status (1)

Country Link
CN (1) CN113645045B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111835689A (en) * 2019-04-22 2020-10-27 华为技术有限公司 Identity authentication method of digital key, terminal device and medium
CN112262402A (en) * 2018-05-25 2021-01-22 三星电子株式会社 Electronic device and method for controlling external electronic device

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10115256B2 (en) * 2014-04-07 2018-10-30 Videx, Inc. Remote administration of an electronic key to facilitate use by authorized persons
US10275962B2 (en) * 2015-12-14 2019-04-30 Afero, Inc. Apparatus and method for internet of things (IOT) security lock and notification device
US10062048B2 (en) * 2016-09-29 2018-08-28 Walmart Apollo, Llc Systems and methods to distribute and authenticate product delivery lockers
CN107370597A (en) * 2017-07-11 2017-11-21 深圳市雪球科技有限公司 Safety certifying method and security certification system based on Internet of Things
CN107888589A (en) * 2017-11-10 2018-04-06 恒宝股份有限公司 A kind of method and its system for calling trusted application
CN108171063A (en) * 2018-01-11 2018-06-15 深圳市金立通信设备有限公司 Method, terminal and the computer readable storage medium of access safety element
CN113192237B (en) * 2020-01-10 2023-04-18 阿里巴巴集团控股有限公司 Internet of things equipment supporting TEE and REE and method for realizing communication between TEE and REE
CN112819475A (en) * 2021-02-09 2021-05-18 中国银联股份有限公司 Information processing method, information processing device, electronic equipment, server and medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112262402A (en) * 2018-05-25 2021-01-22 三星电子株式会社 Electronic device and method for controlling external electronic device
CN111835689A (en) * 2019-04-22 2020-10-27 华为技术有限公司 Identity authentication method of digital key, terminal device and medium

Also Published As

Publication number Publication date
CN113645045A (en) 2021-11-12

Similar Documents

Publication Publication Date Title
US11783018B2 (en) Biometric authentication
KR101997371B1 (en) Identity authentication method and apparatus, terminal and server
US9712526B2 (en) User authentication for social networks
US11095678B2 (en) Mobile security countermeasures
US11176231B2 (en) Identifying and authenticating users based on passive factors determined from sensor data
CN107800672B (en) Information verification method, electronic equipment, server and information verification system
CN106506442A (en) A kind of smart home multi-user identification and its Rights Management System
US11711215B2 (en) Methods, systems, and media for secure authentication of users based on a biometric identifier and knowledge-based secondary information
US20180012005A1 (en) System, Method, and Apparatus for Personal Identification
WO2018040045A1 (en) Monitoring method, apparatus and electronic device
JP2023549934A (en) Method and apparatus for user recognition
CN114267105A (en) Doorbell control method, intelligent doorbell and related equipment
US20190158496A1 (en) System, Method, and Apparatus for Personal Identification
CN113645045B (en) Security control method, device and equipment in TEE and storage medium
CN107371160B (en) Method and equipment for carrying out wireless connection pre-authorization on user equipment
US20230139161A1 (en) Systems and methods for verifying user activity using behavioral models
KR102060563B1 (en) Method and apparatus for providing authentication using voice and facial data
CN113645255B (en) Communication method between trusted application TAs, related device and equipment, and storage medium
CN111414601A (en) Continuous identity authentication method, system and medium for kylin mobile operating system
KR102593260B1 (en) Method and device for managing seat departure using biometric template
US11416594B2 (en) Methods and systems for ensuring a user is permitted to use an object to conduct an activity
CN117315818A (en) Intelligent door lock alarm control method and device and electronic equipment
CN116881887A (en) Application program login method, device, equipment, storage medium and program product
KR20140083208A (en) User outhenticaion system, apparatus and method for user outhenticaion in the system
CN113239334A (en) Big data security access control system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: Room 410-1, floor 4, building 1, courtyard 10, North Longyu street, Changping District, Beijing 100085

Patentee after: Beijing chuangmizhihui IOT Technology Co.,Ltd.

Patentee after: Shanghai chuangmi Shulian Intelligent Technology Development Co.,Ltd.

Address before: Room 410-1, floor 4, building 1, courtyard 10, North Longyu street, Changping District, Beijing 100085

Patentee before: Beijing chuangmizhihui IOT Technology Co.,Ltd.

Patentee before: SHANGHAI CHUANGMI TECHNOLOGY Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230607

Address after: Room 001a, 11 / F, building 1, 588 Zixing Road, Minhang District, Shanghai, 200241

Patentee after: Shanghai chuangmi Shulian Intelligent Technology Development Co.,Ltd.

Address before: Room 410-1, floor 4, building 1, courtyard 10, North Longyu street, Changping District, Beijing 100085

Patentee before: Beijing chuangmizhihui IOT Technology Co.,Ltd.

Patentee before: Shanghai chuangmi Shulian Intelligent Technology Development Co.,Ltd.