CN114692228A - Security monitoring method, device, equipment and readable storage medium - Google Patents

Security monitoring method, device, equipment and readable storage medium Download PDF

Info

Publication number
CN114692228A
CN114692228A CN202210233154.XA CN202210233154A CN114692228A CN 114692228 A CN114692228 A CN 114692228A CN 202210233154 A CN202210233154 A CN 202210233154A CN 114692228 A CN114692228 A CN 114692228A
Authority
CN
China
Prior art keywords
state
pin
chip
monitoring
monitored
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210233154.XA
Other languages
Chinese (zh)
Inventor
曹有彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Realme Mobile Telecommunications Shenzhen Co Ltd
Original Assignee
Realme Mobile Telecommunications Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Realme Mobile Telecommunications Shenzhen Co Ltd filed Critical Realme Mobile Telecommunications Shenzhen Co Ltd
Priority to CN202210233154.XA priority Critical patent/CN114692228A/en
Publication of CN114692228A publication Critical patent/CN114692228A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Alarm Systems (AREA)

Abstract

The application relates to a safety monitoring method, a device, equipment and a readable storage medium, wherein terminal equipment reads a pin monitoring state of a chip to be monitored in the terminal equipment; then, under the condition that the pin monitoring state is not matched with the corresponding pin reference state, locking a chip to be monitored, and sending an abnormal attack report to a safety monitoring background; the pin reference state is a state parameter of a pin of the chip to be monitored in a safe operation state, and includes a high-level state, a low-level state or a suspended state. By adopting the method, the use safety of the terminal equipment can be improved.

Description

Security monitoring method, device, equipment and readable storage medium
Technical Field
The present application relates to the field of device security technologies, and in particular, to a security monitoring method, apparatus, device, and readable storage medium.
Background
With the wide application of terminal devices such as mobile phones, users have raised higher demands on the use safety of the terminal devices.
In the conventional technology, a main control chip and a plurality of slave chips can be arranged in the terminal device, and the main control chip is used for acquiring abnormal information reported when each chip runs and determining whether the terminal device is attacked or not.
However, the monitoring performance of the method for reverse reading Flash and other physical attacks is poor.
Disclosure of Invention
The embodiment of the application provides a safety monitoring method, a safety monitoring device, a safety monitoring equipment and a readable storage medium, and can improve the use safety of terminal equipment.
In a first aspect, a security monitoring method includes:
reading a pin monitoring state of a chip to be monitored in terminal equipment;
under the condition that the pin monitoring state is not matched with the corresponding pin reference state, locking a chip to be monitored; the pin reference state is a state parameter of a pin of the chip to be monitored in a safe operation state, and comprises a high level state, a low level state or a suspension state;
and sending an abnormal attack report to a security monitoring background.
In one embodiment, a pin state file is preset in the terminal equipment, and the pin state file comprises a pin reference state; each chip to be monitored corresponds to one pin state file.
In one embodiment, in the case that the pin monitoring state does not match with the corresponding pin reference state, the method further includes:
and writing the pin monitoring state into a pin state file corresponding to the chip to be monitored to obtain an updated pin state file.
In one embodiment, after sending the abnormal attack report to the security monitoring background, the method further includes:
receiving attack prompt information returned by a security monitoring background based on the abnormal attack report;
after confirming that the attack prompting information prompts false attacks, sending a repair application to a security monitoring background; the repair application is used for repairing the pin state file;
and initializing the pin state file after receiving and authenticating a repair instruction returned by the security monitoring background.
In one embodiment, the chip to be monitored is at least one of a master chip and a slave chip connected with the master chip.
In one embodiment, the control chip is connected with the security chip, and performs service interaction with the security monitoring background through the security chip; the security chip is used for storing security data and operating an encryption and decryption algorithm; the security data comprises a key, a security certificate and a pin reference state of the main control chip.
In one embodiment, the main control chip and the security chip are disposed in the same package.
In a second aspect, a security monitoring method includes:
receiving an abnormal attack report sent by terminal equipment; the abnormal attack report is sent to a safety monitoring background after a terminal device reads a pin monitoring state of a chip to be monitored, and the pin monitoring state is locked with a corresponding pin reference state under the condition that the pin monitoring state is not matched with the corresponding pin reference state; the pin reference state is a state parameter of a pin of the chip to be monitored in a safe operation state, and comprises a high level state, a low level state or a suspended state;
and returning attack prompt information to the terminal equipment based on the abnormal attack report.
In a third aspect, a security monitoring device includes:
the reading module is used for reading a pin monitoring state of a chip to be monitored in the terminal equipment;
the locking module is used for locking the chip to be monitored under the condition that the pin monitoring state is not matched with the corresponding pin reference state; the pin reference state is a state parameter of a pin of the chip to be monitored in a safe operation state, and comprises a high level state, a low level state or a suspension state;
and the sending module is used for sending an abnormal attack report to the security monitoring background.
In a fourth aspect, a security monitoring device includes:
the receiving module is used for receiving an abnormal attack report sent by the terminal equipment; the abnormal attack report is sent to a safety monitoring background after a terminal device reads a pin monitoring state of a chip to be monitored, and the pin monitoring state is locked with a corresponding pin reference state under the condition that the pin monitoring state is not matched with the corresponding pin reference state; the pin reference state is a state parameter of a pin of the chip to be monitored in a safe operation state, and comprises a high level state, a low level state or a suspended state;
and the prompt module is used for returning attack prompt information to the terminal equipment based on the abnormal attack report.
In a fifth aspect, a terminal device comprises a memory and a processor, wherein the memory stores a computer program, and the computer program, when executed by the processor, causes the processor to perform the steps of the method of the first aspect.
In a sixth aspect, a server comprises a memory and a processor, wherein the memory stores a computer program, and the computer program, when executed by the processor, causes the processor to perform the steps of the method of the second aspect.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of the above-mentioned security monitoring method.
According to the safety monitoring method, the safety monitoring device, the safety monitoring equipment and the readable storage medium, the terminal equipment reads the pin monitoring state of the chip to be monitored in the terminal equipment; then, under the condition that the pin monitoring state is not matched with the corresponding pin reference state, locking a chip to be monitored, and sending an abnormal attack report to a safety monitoring background; the pin reference state is a state parameter of a pin of the chip to be monitored in a safe operation state, and includes a high level state, a low level state or a suspended state. The pin reference state is set in the terminal equipment, so that after the terminal equipment reads the key monitoring state of the chip to be monitored, the pin monitoring state can be matched with the pin reference state to identify whether the terminal equipment is subjected to physical attacks such as jumper wire and reverse reading Flash, and physical protection based on hardware is realized; furthermore, the terminal device locks the chip to be monitored under the condition that the pin monitoring state is determined to be not matched with the corresponding pin reference state, and sends an abnormal attack report to the monitoring background, so that data leakage under the condition of physical attack can be avoided, and the use safety of the terminal device is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a diagram of an application environment of a security monitoring method according to an embodiment of the present application;
FIG. 2 is a flow diagram of a security monitoring method in one embodiment of the present application;
FIG. 3 is a flow diagram of a security monitoring method in one embodiment of the present application;
FIG. 4 is a flow diagram of a security monitoring method in one embodiment of the present application;
FIG. 5 is a schematic diagram of a security monitoring method according to an embodiment of the present application;
FIG. 6 is a flow diagram of a security monitoring method in one embodiment of the present application;
FIG. 7 is a block diagram of a security monitoring device according to an embodiment of the present application;
FIG. 8 is a block diagram of a security monitoring device in an embodiment of the present application;
FIG. 9 is a block diagram of a security monitoring device according to an embodiment of the present application;
FIG. 10 is a block diagram of a security monitoring device according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of a terminal device in an embodiment of the present application;
fig. 12 is a schematic structural diagram of a server according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
Fig. 1 is a schematic application environment diagram of a security monitoring method in one embodiment. As shown in fig. 1, the application environment includes a terminal 102 and a server 104. Wherein the terminal 102 communicates with the server 104 via a network. The data storage system may store data that the server 104 needs to process. The data storage system may be integrated on the server 104, or may be located on the cloud or other network server. The terminal 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, internet of things devices and portable wearable devices, and the internet of things devices may be smart speakers, smart televisions, smart air conditioners, smart car-mounted devices, and the like. The portable wearable device can be a smart watch, a smart bracelet, a head-mounted device, and the like. The server 104 may be implemented as a stand-alone server or as a server cluster comprised of multiple servers.
FIG. 2 is a flow diagram of a security monitoring method in one embodiment. The security monitoring method in this embodiment is described by taking the example of the method running on the terminal in fig. 1. As shown in fig. 2, the security monitoring method includes:
s202, reading a pin monitoring state of a chip to be monitored in the terminal equipment.
The chip to be monitored may be one chip or a plurality of chips in the terminal device. The chip to be monitored may be used to execute service communication in the terminal device, and may also be a chip for other purposes, which is not limited herein. Optionally, the chip to be monitored may be at least one of a master chip and a slave chip connected to the master chip. The master control chip can control the slave chip through the connection; the slave chip can assist the main control chip to carry out service communication under the control of the main control chip. For example, the master chip may be a Central Processing Unit (CPU) in the mobile phone, and the slave chip may be a Global Positioning System (GPS) chip, a bluetooth processor, and the like in the mobile phone.
The terminal device can read the pin monitoring state of the chip to be monitored through the main control chip. The pin monitoring state is the pin state of the chip to be monitored, which is read by the main control chip through an instruction when the terminal equipment runs. The pin monitoring states may be a high level state, a floating state, and a low level state. For the same chip to be monitored, the monitoring states of the pins corresponding to different pins can be the same or different.
The terminal device may randomly read the pin monitoring state of the chip to be monitored, may also read the pin monitoring state according to a preset monitoring period, and may also read the pin monitoring state under the condition of receiving an abnormal log report, and the like, and the monitoring time of the pin monitoring state is not limited herein.
For the same chip to be monitored, the terminal device may read pin monitoring states of all pins of the chip to be monitored, and may also read pin monitoring states of some pins of the chip to be monitored, which is not limited herein. Optionally, a corresponding relationship between the chip to be monitored and the pin to be monitored may be preset in the terminal device, and each chip to be monitored in the corresponding relationship may correspond to one or more pins to be monitored. In the above corresponding relationship, the chip to be monitored may be represented by a bit number identifier of the chip to be monitored in the terminal device, or may be represented by a model of the chip to be monitored, which is not limited herein. In the above correspondence, the pin to be monitored corresponding to the chip to be monitored can be identified by the pin number of the chip to be monitored, such as pin 1, pin 2, etc.; or may be represented by a pin name, which is not limited herein.
The pin to be monitored may be a part of pins of which the pin level changes when the terminal device is under physical attack. The physical attack may be to perform jumper on the chip to be monitored to read the transmission data of the chip to be monitored, or to perform Flash reverse reading operation on the chip to be monitored, and the type of the physical attack is not limited herein. The terminal equipment can improve the efficiency of safety monitoring and reduce the resource consumption of the main control chip by monitoring part of pins.
Under the condition that the terminal equipment carries out safety monitoring on a plurality of chips to be monitored, the monitoring time corresponding to different chips to be monitored can be the same or different. For example, different chips to be monitored can set different read cycles of the state of the custody reference.
The terminal device may read the pin monitoring states of the multiple chips to be monitored simultaneously, and may also perform polling reading on the pin monitoring states of the multiple chips to be monitored, which is not limited herein.
S204, locking the chip to be monitored under the condition that the pin monitoring state is not matched with the corresponding pin reference state; the pin reference state is a state parameter of a pin of the chip to be monitored in a safe operation state, and comprises a high level state, a low level state or a suspension state.
After the terminal device reads the pin monitoring state, the pin reference state corresponding to the pin monitoring state can be obtained. The pin reference state is a state parameter of a pin of the chip to be monitored in a safe operation state, and can be a high-level state, a low-level state or a suspended state.
The pin monitoring state described above may be stored in the terminal device in different ways. In an implementation manner, a corresponding relationship between a pin monitoring state and a pin of a chip to be monitored may be preset in a terminal device, where the corresponding relationship may include a plurality of chips to be monitored, each chip to be monitored may include a plurality of pins to be monitored, and each pin to be monitored corresponds to a pin reference state, which may be shown in the following table.
Figure BDA0003539384620000071
The pin monitoring state may be set in factory settings of the terminal device, and stored in the terminal device during a production process of the terminal device. In a factory testing stage of the terminal device, the terminal device can perform self-checking on the pin monitoring state.
After reading a pin monitoring state, the terminal equipment can match the pin monitoring state with a corresponding pin reference state to determine whether the pin monitoring state is matched with the pin reference state; or, the terminal device may generate one or more pin monitoring files after reading the pin monitoring state corresponding to one or more chips to be monitored, and then perform matching with the pin monitoring state based on the pin monitoring files; the matching method is not limited herein.
When the pin monitoring state is matched with the pin reference state, the pin monitoring state may be the same as the corresponding pin reference state, or the pin monitoring state may be one of the corresponding pin reference states. For example, the pin reference state of pin 1 is a high level state; and if the pin monitoring state of the pin is a high level state, determining that the pin monitoring state is matched with the pin monitoring state. Or the pin reference state of the pin is a high level state or a suspension state, and if the pin monitoring state of the pin is the high level state, the pin monitoring state is determined to be matched with the pin monitoring state; and if the pin monitoring state of the pin is a low level state, determining that the pin monitoring state is matched with the pin monitoring state.
If the pin monitoring states of all chips to be monitored currently monitored by the terminal device are matched with the pin reference states, the terminal device can be considered not to be physically attacked. If one pin monitoring state in the chip to be monitored currently monitored by the terminal device is not matched with the corresponding pin reference state, the terminal device can be considered to be possibly attacked physically. Under the condition that the terminal device is determined to be possibly attacked by physics, the terminal device can lock the chip to be monitored, so that the chip to be monitored is in a dormant state or a closed state and cannot send data outwards.
And S206, sending an abnormal attack report to a security monitoring background.
Under the condition that the terminal equipment is determined to be possibly attacked physically, the terminal equipment can generate an abnormal attack report and send the abnormal attack report to a security monitoring background.
The abnormal attack report may include that the terminal device may be attacked, and may also include a type of a chip to be monitored in the terminal device for monitoring the abnormality, or a type or a number of pins to be monitored in the terminal device for monitoring the abnormality, and the type of the abnormal attack report is not limited herein.
Optionally, the electronic device may further analyze the chip to be monitored for monitoring abnormality, determine the type of physical attack that the terminal device may be subjected to, and send the type of physical attack that may be subjected to the security monitoring background.
In the safety monitoring method, the terminal equipment reads the pin monitoring state of the chip to be monitored in the terminal equipment; then, under the condition that the pin monitoring state is not matched with the corresponding pin reference state, locking a chip to be monitored, and sending an abnormal attack report to a safety monitoring background; the pin reference state is a state parameter of a pin of the chip to be monitored in a safe operation state, and includes a high level state, a low level state and a suspension state. The pin reference state is set in the terminal equipment, so that after the terminal equipment reads the key monitoring state of the chip to be monitored, the pin monitoring state can be matched with the pin reference state to identify whether the terminal equipment is subjected to physical attacks such as jumper wire and reverse reading Flash, and physical protection based on hardware is realized; furthermore, the terminal device locks the chip to be monitored under the condition that the pin monitoring state is determined to be not matched with the corresponding pin reference state, and sends an abnormal attack report to the monitoring background, so that data leakage under the condition of physical attack can be avoided, and the use safety of the terminal device is improved.
In one embodiment, the method relates to a preset mode of the pin reference state in the terminal equipment. Presetting a pin state file in the terminal equipment, wherein the pin state file comprises a pin reference state; each chip to be monitored corresponds to one pin state file.
That is to say, in the terminal device, under the condition that the chip to be monitored includes the master chip and the plurality of slave chips connected to the master chip, the terminal device may store one pin status file for each of the master chip and the slave chips. The pin state file can be written into the terminal equipment at the factory stage of the terminal equipment.
The terminal equipment can perform safety monitoring on the chips to be monitored in a targeted manner by respectively setting a pin state file for each chip to be monitored, reduces the size of the file when the pin reference state is read in the safety monitoring process, and improves the safety monitoring efficiency.
In one embodiment, the method relates to the implementation mode when the terminal equipment performs pin state matching. On the basis of the above embodiment, the terminal device may write the pin monitoring state into the pin state file corresponding to the chip to be monitored, and obtain the updated pin state file, when determining that the pin monitoring state is not matched with the pin reference state. Through the operation, the terminal equipment can directly update the key state file corresponding to the chip without generating an additional pin monitoring state file, so that the number of files stored in the terminal equipment is reduced, steps of the terminal equipment during safety monitoring can be reduced, and the safety monitoring efficiency is further improved.
Fig. 3 is a schematic flow diagram of a security monitoring method in an embodiment, where this embodiment designs an implementation manner of performing state recovery by a terminal device, and on the basis of the foregoing embodiment, as shown in fig. 3, the method further includes:
and S302, receiving attack prompt information returned by the security monitoring background based on the abnormal attack report.
After receiving the abnormal attack report, the security monitoring background can send attack prompt information to the terminal device, so that a user can know that the used terminal device is likely to be attacked at present based on the attack prompt information. For example, the attack prompting message may include "may be physically attacked currently" or "please confirm whether the terminal device is normally used" or other messages.
The attack prompting message may be sent to the terminal device by the security monitoring background through a short message, or may be sent to the terminal device by the security monitoring background through a notification message of the application program, and the sending mode of the attack prompting message is not limited herein.
S304, after confirming that the attack prompting information prompts false attacks, sending a repair application to a safety monitoring background; the repair application is used to repair the pin status file.
After receiving the attack prompt information, the user may input authentication information based on the guidance of the terminal device. The verification information can be used for confirming that the attack is a valid attack or a false attack. For example, when the terminal device used by the user is lost, or an application program or an operating system of the terminal device sends an exception report, the user may return verification information to the security monitoring background through the terminal device, and the verification information is determined to be an effective attack. When the terminal equipment used by the user is normal, the user can return verification information to the security monitoring background through the terminal equipment, and the attack is determined to be a false attack.
The user may send the verification information in a short message reply manner, or may perform an operation on an interface of an application program to return the verification information, which is not limited herein.
After the security monitoring background receives the verification information, if the terminal device is determined to receive the effective attack through the verification information, the chip to be monitored of the terminal device can be kept in a locked state, or the terminal device can be kept in the locked state.
Under the condition that the current attack is determined to be the false attack, the terminal equipment can send the verification information to the terminal equipment and can send a repair application to the terminal equipment so as to repair the pin state file, and the terminal equipment can be recovered to be in a normal use state.
And S306, initializing the pin state file after receiving and authenticating the repair instruction returned by the safety monitoring background.
And after the safety monitoring background receives the repair application, a repair instruction can be sent to the terminal equipment. After the terminal equipment receives the repair instruction, the repair instruction is authenticated, and whether the safety monitoring background has the repair authority of modifying the pin state file or not is determined. If the authentication is passed, the updated pin state file can be initialized to the pin state file in factory setting based on the repair instruction.
When initializing the pin state file, the terminal device can delete the updated pin state file and directly set the backup factory-set pin state file as the current pin state file; alternatively, the terminal device may return the pin state file before updating according to the update log of the pin state file. The initialization method is not limited herein.
According to the security monitoring method, the terminal device can repair the pin state file through the repair instruction, so that the terminal device can repair the pin state file in time to recover the use state and improve the user experience under the condition that the abnormal attack report of the security monitoring corresponds to the false attack; furthermore, the repair reliability of the pin state file can be improved by authenticating the safety monitoring background.
In an embodiment, on the basis of the above embodiment, the main control chip in the terminal device may be connected to a security chip, and perform service interaction with the security monitoring background through the security chip. The security chip can be used for storing security data and operating encryption and decryption algorithms; the security data may include a key of the main control chip, a security certificate, and a pin reference state.
Because the security prevention and control level of the security chip is high, the security chip is not easy to be attacked by the outside, and therefore the security data can be ensured not to be maliciously obtained by storing the key of the main control chip, the security certificate, the pin reference state and other security parameters in the security chip. In addition, the security chip is responsible for operating the encryption and decryption algorithm, so that the security of data involved in the encryption and decryption algorithm can be improved, and the data in the operation process of the encryption and decryption algorithm is not easy to maliciously obtain.
The main control chip can be externally connected with the security chip, for example, the main control chip controls the security chip through wiring connection. In another implementation manner, the main control chip and the security chip are disposed in the same package. The main control chip and the safety chip are sealed together, so that data can be prevented from being attacked from the connecting pin of the main control chip and the safety chip to obtain data, and the use safety of the terminal equipment is further improved.
In one embodiment, a security monitoring method is provided, which is applied to the server in fig. 1, where the server may be a security monitoring backend, as shown in fig. 4, and the method includes:
s402, receiving an abnormal attack report sent by terminal equipment; the abnormal attack report is sent to a safety monitoring background after the pin monitoring state of the chip to be monitored is locked under the condition that the terminal device reads the pin monitoring state of the chip to be monitored and the pin monitoring state is not matched with the corresponding pin reference state; the pin reference state is a state parameter of a pin of the chip to be monitored in a safe operation state, and comprises a high level state, a low level state or a suspension state.
And S404, returning attack prompt information to the terminal equipment based on the abnormal attack report.
The implementation principle and technical effect of the security monitoring method can be seen in the embodiment of the terminal device side, which is not described herein again.
In one embodiment, as shown in fig. 5, the terminal device includes a master chip, a slave chip, and a security chip. The main control chip is externally connected with the plurality of slave chips and internally connected in the same package in which the security chip is arranged. The above-mentioned main control chip can realize the steps of the security monitoring method under the cooperation of the security chip, as shown in fig. 6, including:
s501, the terminal device reads a pin monitoring state of a chip to be monitored.
S502, the terminal equipment determines whether the pin monitoring state is matched with the corresponding pin reference state; if not, executing S503, if yes, waiting for the next round of monitoring.
S503, the terminal equipment locks the chip to be monitored.
S504, the terminal device writes the pin monitoring state into a pin state file corresponding to the chip to be monitored, and an updated pin state file is obtained.
And S505, the terminal equipment sends an abnormal attack report to the security monitoring background.
And S506, the security monitoring background returns attack prompt information to the terminal equipment.
S507, the terminal equipment determines whether the information prompted by the attack prompting information is a false attack or not; if yes, go to S508.
And S508, the terminal equipment sends a repair application to the safety monitoring background.
S509, the safety monitoring background sends a repair instruction to the terminal device.
S510, the terminal equipment determines whether the repair instruction passes the authentication; if yes, S511 is performed.
And S511, initializing a pin state file.
The implementation principle and technical effect of the security monitoring method can be seen in the above embodiments, which are not described herein.
It should be understood that although the various steps in the flow charts of fig. 2-6 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not limited to being performed in the exact order illustrated and, unless explicitly stated herein, may be performed in other orders. Moreover, at least some of the steps in fig. 2-6 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternating with other steps or at least some of the sub-steps or stages of other steps.
Fig. 7 is a block diagram of a safety monitoring device according to an embodiment. As shown in fig. 7, the above apparatus includes:
a reading module 110, configured to read a pin monitoring state of a chip to be monitored in a terminal device;
a locking module 120, configured to lock a chip to be monitored when the pin monitoring state does not match the corresponding pin reference state; the pin reference state is a state parameter of a pin of the chip to be monitored in a safe operation state, and comprises a high level state, a low level state or a suspension state;
and the sending module 130 is configured to send an abnormal attack report to the security monitoring background.
In an embodiment, on the basis of the above embodiment, a pin state file is preset in the terminal device, and the pin state file includes a pin reference state; each chip to be monitored corresponds to one pin state file.
In an embodiment, on the basis of the above embodiment, as shown in fig. 8, the apparatus further includes an updating module 140 configured to: and writing the pin monitoring state into a pin state file corresponding to the chip to be monitored to obtain an updated pin state file.
In an embodiment, on the basis of the above embodiment, as shown in fig. 9, the apparatus further includes a repair module 150 for: receiving attack prompt information returned by a security monitoring background based on the abnormal attack report; after confirming that the attack prompting information prompts false attacks, sending a repair application to a security monitoring background; the repair application is used for repairing the pin state file; and initializing the pin state file after receiving and authenticating a repair instruction returned by the security monitoring background.
In one embodiment, on the basis of the above embodiments, the chip to be monitored is at least one of a master chip and a slave chip connected to the master chip.
In one embodiment, on the basis of the above embodiment, the main control chip is connected with the security chip, and performs service interaction with the security monitoring background through the security chip; the security chip is used for storing security data and operating an encryption and decryption algorithm; the security data comprises a key of the main control chip, a security certificate and a pin reference state.
In one embodiment, on the basis of the above embodiments, the main control chip and the security chip are disposed in the same package.
In one embodiment, there is provided a safety monitoring device, as shown in fig. 10, the device comprising:
a receiving module 210, configured to receive an abnormal attack report sent by a terminal device; the abnormal attack report is sent to a safety monitoring background after the pin monitoring state of the chip to be monitored is locked under the condition that the terminal device reads the pin monitoring state of the chip to be monitored and the pin monitoring state is not matched with the corresponding pin reference state; the pin reference state is a state parameter of a pin of the chip to be monitored in a safe operation state, and comprises a high level state, a low level state or a suspension state;
and the prompt module 220 is configured to return an attack prompt message to the terminal device based on the abnormal attack report.
The implementation principle and technical effect of the safety monitoring device are referred to the method embodiment, and are not described herein.
The division of the modules in the security monitoring apparatus is merely for illustration, and in other embodiments, the security monitoring apparatus may be divided into different modules as needed to complete all or part of the functions of the security monitoring apparatus.
For the specific definition of the safety monitoring device, reference may be made to the above definition of the safety monitoring method, which is not described herein again. The modules in the security monitoring device may be implemented in whole or in part by software, hardware, and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
Fig. 11 is a schematic diagram of an internal structure of a terminal device in one embodiment. The electronic device may be any terminal device such as a mobile phone, a tablet computer, a notebook computer, a desktop computer, a PDA (Personal Digital Assistant), a POS (Point of Sales), a vehicle-mounted computer, and a wearable device. The terminal device includes a processor and a memory connected by a system bus. The processor may include one or more processing units, among others. The processor may be a CPU (Central Processing Unit), a DSP (Digital Signal processor), or the like. The memory may include a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The computer program can be executed by a processor for implementing a security monitoring method provided in the following embodiments. The internal memory provides a cached execution environment for the operating system computer programs in the non-volatile storage medium.
Fig. 12 is a schematic diagram of the internal structure of the server in one embodiment. The server includes a processor and a memory connected by a system bus. The processor may be a CPU (Central Processing Unit), a DSP (Digital Signal processor), or the like. The memory may include a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The computer program can be executed by a processor for implementing a security monitoring method provided in the following embodiments. The internal memory provides a cached operating environment for operating system computer programs in the non-volatile storage medium. The server may be implemented as a stand-alone server or as a server cluster consisting of a plurality of servers. It will be appreciated by those skilled in the art that the configurations shown in the figures are block diagrams of only some of the configurations relevant to the present application, and do not constitute a limitation on the servers to which the present application applies, and that a particular server may include more or fewer components than shown, or some components may be combined, or have a different arrangement of components.
The implementation of each module in the security monitoring apparatus provided in the embodiment of the present application may be in the form of a computer program. The computer program may be run on a terminal or a server. Program modules constituted by such computer programs may be stored on the memory of the electronic device. Which when executed by a processor, performs the steps of the method described in the embodiments of the present application.
The embodiment of the application also provides a computer readable storage medium. One or more non-transitory computer-readable storage media containing computer-executable instructions that, when executed by one or more processors, cause the processors to perform the steps of the security monitoring method.
Embodiments of the present application also provide a computer program product containing instructions that, when run on a computer, cause the computer to perform a security monitoring method.
Any reference to memory, storage, database, or other medium used herein may include non-volatile and/or volatile memory. The nonvolatile Memory may include a ROM (Read-Only Memory), a PROM (Programmable Read-Only Memory), an EPROM (Erasable Programmable Read-Only Memory), an EEPROM (Electrically Erasable Programmable Read-Only Memory), or a flash Memory. Volatile Memory can include RAM (Random Access Memory), which acts as external cache Memory. By way of illustration and not limitation, RAM is available in many forms, such as SRAM (Static Random Access Memory), DRAM (Dynamic Random Access Memory), SDRAM (Synchronous Dynamic Random Access Memory), Double Data Rate DDR SDRAM (Double Data Rate Synchronous Random Access Memory), ESDRAM (Enhanced Synchronous Dynamic Random Access Memory), SLDRAM (Synchronous Link Dynamic Random Access Memory), RDRAM (Random Dynamic Random Access Memory), and DRmb DRAM (Dynamic Random Access Memory).
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present application. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (11)

1. A security monitoring method, comprising:
reading a pin monitoring state of a chip to be monitored in terminal equipment;
locking the chip to be monitored under the condition that the pin monitoring state is not matched with the corresponding pin reference state; the pin reference state is a state parameter of a pin of the chip to be monitored in a safe operation state, and comprises a high level state, a low level state or a suspended state;
and sending an abnormal attack report to a security monitoring background.
2. The method according to claim 1, characterized in that a pin state file is preset in the terminal device, and the pin reference state is included in the pin state file; each chip to be monitored corresponds to one pin state file.
3. The method according to claim 2, wherein in case the pin monitoring state does not match the corresponding pin reference state, the method further comprises:
and writing the pin monitoring state into a pin state file corresponding to the chip to be monitored to obtain an updated pin state file.
4. The method of claim 3, wherein after sending the report of the abnormal attack to the security monitoring background, further comprising:
receiving attack prompt information returned by the security monitoring background based on the abnormal attack report;
after confirming that the attack prompting information prompts false attacks, sending a repair application to the safety monitoring background; the repair application is used for repairing the pin state file;
and initializing the pin state file after receiving and authenticating the repair instruction returned by the safety monitoring background.
5. The method according to any one of claims 1 to 4, wherein the chip to be monitored is at least one of a master chip and a slave chip connected to the master chip.
6. The method according to claim 5, wherein the main control chip is connected with a security chip, and performs service interaction with the security monitoring background through the security chip; the security chip is used for storing security data and operating an encryption and decryption algorithm; the security data comprises a key of the main control chip, a security certificate and the pin reference state.
7. The method of claim 6, wherein the main control chip and the security chip are disposed in a same package.
8. A security monitoring method, the method comprising:
receiving an abnormal attack report sent by terminal equipment; the abnormal attack report is sent to a safety monitoring background after a terminal device reads a pin monitoring state of a chip to be monitored, and the pin monitoring state is locked with a corresponding pin reference state under the condition that the pin monitoring state is not matched with the corresponding pin reference state; the pin reference state is a state parameter of a pin of the chip to be monitored in a safe operation state, and comprises a high level state, a low level state or a suspended state;
and returning attack prompt information to the terminal equipment based on the abnormal attack report.
9. A security monitoring device, comprising:
the reading module is used for reading a pin monitoring state of a chip to be monitored in the terminal equipment;
the locking module is used for locking the chip to be monitored under the condition that the pin monitoring state is not matched with the corresponding pin reference state; the pin reference state is a state parameter of a pin of the chip to be monitored in a safe operation state, and comprises a high level state, a low level state or a suspended state;
and the sending module is used for sending an abnormal attack report to the security monitoring background.
10. A terminal device comprising a memory and a processor, the memory having stored thereon a computer program, characterized in that the computer program, when executed by the processor, causes the processor to carry out the steps of the method according to any one of claims 1 to 7.
11. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 8.
CN202210233154.XA 2022-03-09 2022-03-09 Security monitoring method, device, equipment and readable storage medium Pending CN114692228A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210233154.XA CN114692228A (en) 2022-03-09 2022-03-09 Security monitoring method, device, equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210233154.XA CN114692228A (en) 2022-03-09 2022-03-09 Security monitoring method, device, equipment and readable storage medium

Publications (1)

Publication Number Publication Date
CN114692228A true CN114692228A (en) 2022-07-01

Family

ID=82139447

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210233154.XA Pending CN114692228A (en) 2022-03-09 2022-03-09 Security monitoring method, device, equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN114692228A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115454517A (en) * 2022-11-11 2022-12-09 山东云海国创云计算装备产业创新中心有限公司 Multi-medium secure startup method, system, storage medium, device and chip

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115454517A (en) * 2022-11-11 2022-12-09 山东云海国创云计算装备产业创新中心有限公司 Multi-medium secure startup method, system, storage medium, device and chip

Similar Documents

Publication Publication Date Title
CN109656778B (en) Data acquisition method and device, computer equipment and storage medium
CN110688662A (en) Sensitive data desensitization and inverse desensitization method and electronic equipment
CN112035472B (en) Data processing method, device, computer equipment and storage medium
CN111314172B (en) Block chain-based data processing method, device, equipment and storage medium
CN109144487B (en) Method, device, computer equipment and storage medium for developing business of parts
CN109347865B (en) User data authentication and evidence storage method and system based on block chain technology
CN108366132B (en) Method and device for managing service between servers, computer equipment and storage medium
CN114640503A (en) Application system verification method and device, computer equipment and storage medium
CN115952552A (en) Remote data destruction method, system and equipment
CN114692228A (en) Security monitoring method, device, equipment and readable storage medium
CN114637611A (en) Information processing method and device based on message queue and computer equipment
CN114462096A (en) Block chain-based Internet of things equipment control method and device, computer equipment and storage medium
CN111652720B (en) Cloud evidence obtaining method and device, computer equipment and storage medium
CN111597537B (en) Block chain network-based certificate issuing method, related equipment and medium
CN116010926A (en) Login authentication method, login authentication device, computer equipment and storage medium
CN115935414A (en) Block chain based data verification method and device, electronic equipment and storage medium
CN111914311B (en) Hard disk password management method and device, electronic equipment and storage medium
CN113392062B (en) Data storage method and device, electronic equipment and computer readable storage medium
CN115242608A (en) Method, device and equipment for generating alarm information and storage medium
CN109688158B (en) Financial execution chain authentication method, electronic device and storage medium
CN114692124A (en) Data reading and writing method and device and electronic equipment
CN114745173A (en) Login verification method, login verification device, computer equipment, storage medium and program product
CN113569289A (en) Data desensitization method and device
CN114244519B (en) Password verification method, password verification device, computer equipment and storage medium
CN110750808B (en) Bill processing method and device and storage medium device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination