CN115243269A

CN115243269A - Method and device for determining risk information, electronic equipment and storage medium

Info

Publication number: CN115243269A
Application number: CN202210866850.4A
Authority: CN
Inventors: 高永强; 郭烁; 石新凌
Original assignee: Beijing Xiaomi Mobile Software Co Ltd
Current assignee: Beijing Xiaomi Mobile Software Co Ltd
Priority date: 2022-07-22
Filing date: 2022-07-22
Publication date: 2022-10-25

Abstract

The disclosure relates to a method, an apparatus, an electronic device and a storage medium for determining risk information, the method comprising: acquiring current state information of the terminal equipment on a Trusted Execution Environment (TEE) layer of the terminal equipment; and determining risk information according to the current state information, wherein the risk information is used for representing whether the current state information has risks. In the method, the third party application obtains the current state information through a TEE layer at the bottom layer of the terminal equipment so as to ensure the safety in the process of obtaining the state information; and risk information can be obtained based on the current state information, so that risks can be found or monitored in time, and wind control measures can be taken in time.

Description

Method and device for determining risk information, electronic equipment and storage medium

Technical Field

The present disclosure relates to the field of communication authentication, and in particular, to a method and an apparatus for determining risk information, an electronic device, and a storage medium.

Background

With the rapid development of terminal devices and internet technologies, more and more third-party applications can be supported by the terminal devices, and more security problems are faced in the process of using the terminal devices. Therefore, a risk prevention and control system of the mobile terminal device is increasingly important, so as to effectively protect the privacy and security of the device and the user data in a diversified internet environment.

An effective risk monitoring method is also lacked in the related technology, and the problem that more equipment safety problems or user privacy disclosure problems are caused due to the fact that risks cannot be known in time is also solved.

Disclosure of Invention

To overcome the problems in the related art, the present disclosure provides a method, an apparatus, an electronic device, and a storage medium for determining risk information.

According to a first aspect of the embodiments of the present disclosure, a method for determining risk information is provided, which is applied to a third-party application, and the method includes:

acquiring current state information of the terminal equipment on a Trusted Execution Environment (TEE) layer of the terminal equipment;

and determining risk information according to the current state information, wherein the risk information is used for representing whether the current state information has risks.

In some possible embodiments, the determining risk information according to the current state information includes:

sending the current state information to a third party manufacturer server of the third party application;

and receiving risk information determined by the third-party manufacturer server based on the current state information.

In some possible embodiments, the method further comprises:

responding to the risk information representation that a risk exists, and sending the risk information to a third party manufacturer server;

and receiving the risk control measures determined by the third-party manufacturer server based on the risk information, and executing the risk control measures.

In some possible embodiments, the obtaining, at a TEE layer of a terminal device, current state information of the terminal device includes:

in response to the current service scene being a preset scene, calling a first wind control management service of the third-party application to send a request message to a security program of the terminal equipment; wherein the request message includes an application identifier of the third-party application;

and receiving the current state information sent by a second wind control TA in the terminal equipment through a first wind control TA corresponding to the third party application, wherein the first wind control TA and the second wind control TA operate in a Trusted Execution Environment (TEE) layer of the terminal equipment.

In some possible embodiments, in response to the current service scenario being a preset scenario, the method further includes:

and the first wind control TA is issued to the TEE layer of the terminal equipment on line through an equipment manufacturer server.

In some possible embodiments, the method further comprises:

in response to the third party application being uninstalled or cleaned, the first wind-controlled TA ends a lifecycle.

According to a second aspect of the embodiments of the present disclosure, a method for determining risk information is provided, which is applied to a terminal device, and the method includes:

determining current state information of the terminal equipment in response to the received request message of the third-party application; wherein the request message includes an application identifier of the third-party application;

and sending the current state information to the third-party application on the TEE layer, or sending the current state information to an equipment manufacturer server.

In some possible embodiments, the sending, at the TEE layer, the current state information to the third-party application includes:

and responding to the existence of a first wind control TA corresponding to the third-party application in the TEE layer, and sending the current state information to the third-party application through a second wind control TA of the TEE layer.

In some possible embodiments, the sending the current status information to the device vendor server includes:

encrypting the current state information through a second wind control TA, and sending first data obtained through encryption to a safety program; wherein the current state information includes: the security level is sequentially reduced to obtain first-level state information, second-level state information and third-level state information;

and sending the first data or the decrypted current state information to the equipment manufacturer server through the security program.

In some possible embodiments, the method further comprises:

and encrypting the device fingerprint of the terminal device and the application identifier of the third party application through the second wind control TA to obtain second data.

sending the first data and the second data to the device vendor server.

According to a third aspect of the embodiments of the present disclosure, a method for determining risk information is provided, which is applied to a device vendor server, and the method includes:

receiving current state information sent by terminal equipment;

determining risk information according to the current state information, wherein the risk information is used for representing whether the current state information has risks;

and sending the risk information and/or the risk control measures to a third party manufacturer server corresponding to the third party application.

In some possible embodiments, the receiving current status information sent by the terminal device includes:

and receiving first data and second data sent by the terminal equipment, wherein the first data is obtained by encrypting the current state information by a second wind control TA of the terminal equipment, and the second data is obtained by encrypting the equipment fingerprint of the terminal equipment and the application identifier of the third party application by the second wind control TA.

decrypting the second data to obtain a device fingerprint, and obtaining the current state information after the first data is decrypted according to the device fingerprint;

and determining risk information according to the current state information.

in response to the current state information being the same as the previous state information, determining that the current state information is safe;

determining that the current state information is at risk in response to the current state information being different from a previous state information.

In some possible embodiments, the determining that the current state information is at risk includes:

and determining the risk level according to the change degree of the current state information and the previous state information.

According to a fourth aspect of the embodiments of the present disclosure, a method for determining risk information is provided, where the method is applied to a third-party vendor server, and the method includes:

and receiving risk information sent by a third party application or receiving the risk information sent by a device manufacturer server.

In some possible embodiments, the method further comprises:

determining a risk control measure in a preset scene according to the risk information;

sending the risk control measure to the third party application.

According to a fifth aspect of the embodiments of the present disclosure, there is provided an apparatus for determining risk information, configured to a third-party application, the apparatus including:

the acquisition module is used for acquiring the current state information of the terminal equipment in a Trusted Execution Environment (TEE) layer of the terminal equipment;

and the first determining module is used for determining risk information according to the current state information, wherein the risk information is used for representing whether the current state information has risks.

According to a sixth aspect of the embodiments of the present disclosure, there is provided an apparatus for determining risk information, configured at a terminal device, the apparatus including:

the second determining module is used for determining the current state information of the terminal equipment in response to the received request message of the third-party application; wherein the request message includes an application identifier of the third-party application;

and the first sending module is used for sending the current state information to the third-party application on the TEE layer or sending the current state information to an equipment manufacturer server.

According to a seventh aspect of the embodiments of the present disclosure, there is provided an apparatus for determining risk information, configured on a device manufacturer server, the apparatus including:

the first receiving module is used for receiving the current state information sent by the terminal equipment;

a third determining module, configured to determine risk information according to the current state information, where the risk information is used to represent whether the current state information has a risk;

and the second sending module is used for sending the risk information and/or the risk control measures to a third party manufacturer server corresponding to the third party application.

According to an eighth aspect of the embodiments of the present disclosure, there is provided an apparatus for determining risk information, configured on a third party vendor server, the apparatus including:

and the second receiving module is used for receiving the risk information sent by the third-party application or receiving the risk information sent by the equipment manufacturer server.

According to a ninth aspect of an embodiment of the present disclosure, there is provided an electronic apparatus including:

a processor;

a memory for storing executable instructions of the processor;

wherein the processor is configured to perform the method of determining risk information as described in any of the above.

According to a tenth aspect of embodiments of the present disclosure, a non-transitory computer-readable storage medium is presented, in which instructions, when executed by a processor of an electronic device, enable the electronic device to perform the method of determining risk information as set forth in any of the above.

The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:

in the method, the third party application obtains the current state information through a TEE layer at the bottom layer of the terminal equipment so as to ensure the safety in the process of obtaining the state information; and risk information can be obtained based on the current state information, so that risks can be found or monitored in time, and wind control measures can be taken in time.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.

FIG. 1 is a schematic diagram illustrating an application scenario in accordance with an exemplary embodiment.

FIG. 2 is a flowchart illustrating a method according to an example embodiment.

FIG. 3 is an interaction diagram shown in accordance with an example embodiment.

FIG. 4 is a flowchart illustrating a method in accordance with an example embodiment.

FIG. 5 is an interaction diagram shown in accordance with an example embodiment.

FIG. 6 is a flow chart illustrating a method according to an example embodiment.

FIG. 7 is an interaction diagram shown in accordance with an example embodiment.

FIG. 8 is a flow chart illustrating a method according to an example embodiment.

Fig. 9 is a block diagram illustrating an apparatus according to an example embodiment.

Fig. 10 is a block diagram illustrating an apparatus according to another example embodiment.

Fig. 11 is a block diagram illustrating an apparatus according to another example embodiment.

Fig. 12 is a block diagram illustrating an apparatus according to another example embodiment.

FIG. 13 is a block diagram of an electronic device shown in accordance with an example embodiment.

Detailed Description

Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.

In the related art, the terminal device needs to send the device fingerprint to the third-party application, and the third-party application or a corresponding third-party manufacturer server indexes the device state information through the device fingerprint to complete information interaction in a set scene.

In this process, on one hand, the third party application or its corresponding third party vendor server may violate the user's private data due to the unique feature of the device fingerprint that enables unique location of the corresponding device. On the other hand, the attacker may tamper or falsify the device status information of the terminal device, and the third party application or the corresponding internet vendor cannot obtain the real device status information.

In order to solve the problems in the related art, an embodiment of the present disclosure provides a method for determining risk information, which is applied to a third-party application, and the method includes: acquiring current state information of the terminal equipment on a Trusted Execution Environment (TEE) layer of the terminal equipment; and determining risk information according to the current state information, wherein the risk information is used for representing whether the current state information has risks. In the method, the third-party application obtains the current state information through a TEE layer at the bottom layer of the terminal equipment so as to ensure the safety in the process of obtaining the state information; and risk information can be obtained based on the current state information, so that risks can be found or monitored in time, and wind control measures can be taken in time.

Fig. 1 is an architectural schematic diagram of a system for determining risk information of the present disclosure. As shown in fig. 1, the system includes: the terminal device 100, the third party application 200 installed in the terminal device 100, the third party vendor server 300 corresponding to the third party application 200, and the device vendor server 400 corresponding to the terminal device.

In the system, the terminal device 100 is, for example, a smart phone, a tablet computer, a notebook computer, an intelligent wearable device, an internet of vehicles device, or the like. The terminal device may be based on an Android (Android) operating system and have a Rich Execution Environment (REE) and an independent Trusted Execution Environment (TEE). The TEE is isolated from the REE, which is commonly referred to as a general purpose operating system. The program running at the TEE layer is a Trusted Application (TA), and the program running in the REE is a Client Application (CA).

TEE is a secure execution environment that can be used to implement key and TA management and handle the open trust protocol (OTrP).

The CA in the REE may access the device vendor server 400 through a Software Development Kit (SDK) provided by the device vendor. The REE Layer also comprises a proxy service node of an equipment manufacturer and a Hardware Abstraction Layer interface definition language (HIDL) service node, wherein the proxy service node is used for processing the forwarding of the OTrP protocol and the like, and the HIDL service node is used for forwarding the OTrP protocol message with the TEE.

In the system, the third-party application 200 may be installed in an application layer (app layer) in the operating system of the terminal device 100, and may be an app of a payment class, an authentication class, a consumer shopping class, a game class, or a social media class.

In this system, a third-party vendor Server (SP) 300 is a server implemented by the third-party application 200 and can access the device vendor server 400. And can realize the protocol communication between the terminal device 100 and the service end and the logic function of third party self-research by matching with the CA in the terminal device 100.

In the system, the device vendor server 400 may be a Trusted Application Management server (TAM server), or the device vendor server 400 is a server integrated with the TAM function, for example, the device vendor server 400 includes a TA issuing system. The device vendor server 400 is used to implement the logical processing of OTrP, the authentication of the third party vendor server 300, and the management of certificates and TAs.

In this system, a trust relationship between the TEE, the third party vendor server 300, and the device vendor server 400 may be established through a Certificate Authority (CA).

Based on the system, the method disclosed by the invention can be applied to a scene that the third-party application 200 needs to acquire the device state information of the terminal device 100, such as a mobile payment scene. The terminal device 100 involved in the implementation of the method of the present disclosure may be understood as an operating system of the terminal device 100.

It is understood that the flow illustrated by thin lines in fig. 1 corresponds to one embodiment of the present disclosure, and the flow illustrated by thick lines corresponds to another embodiment of the present disclosure, and specific reference may be made to the following description of examples.

In an exemplary embodiment, fig. 2 is a schematic diagram of a method for determining risk information according to an embodiment of the present disclosure. As shown in fig. 1, the method of the present embodiment is executed by the third party application 200 installed in the terminal device 100. As shown in fig. 2, the method of the present embodiment may include the following steps S210 to S220:

step S210, obtaining the current state information of the terminal device in a trusted execution environment TEE layer of the terminal device.

Step S220, determining risk information according to the current state information.

In step S210, in the running process of the third-party application 200, the step S210 may be triggered when the service scene is a preset scene. The preset scenario is, for example, a scenario in which a payment function or a user privacy data collection function of the third party application 200 is automatically invoked during a payment scenario or in a game scenario, for example, during use of some application programs. In a preset scenario, in conjunction with the flow shown in thin line of fig. 1, the third-party application 200 may request to acquire the current state information of the terminal device 100 by sending a request message to the terminal device 100. The current state information is used to represent device information or operation information of the terminal device 100, and the third-party application 200 learns the current state information and aims to determine whether the device state information of the terminal device 100 is risky according to the current state information, for example, whether the current state information is real or tampered.

In this step, the third party application 200 obtains the current state information on the TEE layer, and the security in the process of obtaining the current state information is ensured. For example, the third party application 200 configures a TA program of the third party application 200 trusted by the terminal device 100, such as the first TA202 shown in fig. 1, at the TEE layer of the terminal device 100.

In step S220, the risk information is used to characterize whether the current status information is risky or safe. For example, if the current state information is different from the state information of the terminal device 100 acquired last time, it is considered that the current state information is at risk and may be tampered. If the current state information is the same as the state information of the terminal device 100 obtained last time, the current state information is considered to be risk-free and is a safe state, and the service under the preset scene can be continued.

In this step, the current state information obtained by the third party application 200 in step S210 may be an unencrypted state; the current state information of the unencrypted state is subjected to risk analysis at the TEE layer (e.g., by the first wind-controlled TA 202) by the third-party application 200 to determine risk information. For example, after collecting the current state information, the terminal device 100 may send the current state information in an unencrypted state to the first wind-controlled TA202 of the third-party application 200 on the TEE layer, and set a usage right for the current state information. Setting the usage right may be at least one of: the time authority, namely the current state information is valid within the set duration; the use time authority, that is, the current state information is only valid at the current time; and using scene permission, namely using the current state information only for determining the risk information under the preset scene.

Or, the current state information is an encrypted and/or signed state, and the encrypted and/or signed state may be denoted as first data, where the first data includes the current state information. The first data can be decrypted and risk analyzed on a TEE layer through a first wind control TA202 of the third-party application 200, and risk information is determined; the first data can also be decrypted and risk analyzed by the third party vendor server 300 corresponding to the third party application 200 to determine risk information. The first wind-controlled TA202 may store or instantly receive a public key (devstatus _ pub) in a public-private key pair authorized by the device vendor server 400, and decrypt the first data through the public key.

In one example, step S220 in this example may include the following substeps S221 and S222:

step S221, sending the current status information to a third-party vendor server of the third-party application.

And step S222, receiving risk information determined by the third-party manufacturer server based on the current state information.

In step S221, after the terminal device 100 collects the current state information, the current state information and the random number may be encrypted by using a private key (devstatus _ pri) in a public and private key pair in the TEE layer, so as to obtain the first data. The terminal device 100 sends the first data to the first wind-controlled TA202 of the third party application 200 at the TEE layer. The first wind-control TA202 of the third-party application 200 can decrypt the first data by using the public key and send the decrypted current state information to the third-party manufacturer server; alternatively, first data containing current status information is sent to a third party vendor server.

In step S222, when the third party application 200 sends the decrypted current status information, the third party vendor server 300 may compare the current status information with the status information of the terminal device 100 obtained last time, and determine the risk information. When the third party application 200 sends the first data, the third party vendor server 300 may decrypt the first data and perform risk analysis on the current state information obtained by decryption; alternatively, the third party vendor server 300 obtains the decrypted current state information by means of communication with the device vendor server 400 and then performs risk analysis. It will be appreciated that the third party vendor server 300 stores or otherwise immediately obtains the key or temporary key required to encrypt the data.

In another example, as shown in fig. 3, the present example further includes the following steps S230 to S240 on the basis of steps S210 and S220:

and step S230, responding to the risk information representation that the risk exists, and sending risk information to a third party manufacturer server.

And step S240, receiving the risk control measures determined by the third-party manufacturer server based on the risk information, and executing the risk control measures.

In step S230, the first wind control TA202 of the third-party application 200 may perform risk analysis on the current state information in the unencrypted state to determine risk information; or the public key is used for decrypting the first data, risk analysis is carried out on the decrypted current state information, and risk information is determined.

In this step, when the risk information represents that the current state information has a risk, if the current state information is different from the previous device state information, the third-party application 200 may report the risk information to the third-party vendor server 300.

In step S240, after reporting the risk information, the third party vendor server 300 may issue a corresponding risk control measure, and the third party application 200 executes the risk control measure issued by the third party vendor server 300, and performs temporal prevention and control. Risk control measures include, but are not limited to: and pausing the preset scene, pausing the set service of the preset scene, and adding the related application calling the preset scene into a blacklist.

For example, in a scenario where the payment function or the user privacy data collection function of the third-party application 200 is automatically invoked during the use of the application program a, after the third-party application 200 reports the risk information, the risk control measure may include adding the application program a to a use blacklist of the third-party application 200, so that the application program a cannot invoke the third-party application 200 to perform payment or collect the user privacy data at present.

For another example, the third-party application 200 may also end the payment scenario or the user privacy data acquisition scenario according to the wind control measure or the wind control policy of the third-party vendor server 300, so as to implement risk avoidance.

In the embodiment of the present disclosure, the third-party application 200 obtains the current state information on the TEE layer of the terminal device 100, so as to ensure the security during the transmission process of the current state information. Risk information can be obtained based on the current state information, and risk holes can be found in time; and reporting the risk information in time, so that the wind control security policy can be updated rapidly in time through the third-party manufacturer server 300, and wind control measures can be taken in time.

In an exemplary embodiment, the method of the present embodiment may include steps S210 to S220 shown in fig. 2, wherein step S210 in the present embodiment may include the following sub-steps S2101 to S2102:

s2101, in response to the current service scene being a preset scene, calling a first wind control management service of a third-party application to send a request message to a security program of the terminal device; wherein, the request message includes the application identifier of the third party application.

S2102, receiving current state information sent by a second wind-controlled TA in the terminal device by applying a corresponding first wind-controlled TA by a third party, where the first wind-controlled TA and the second wind-controlled TA operate on a TEE layer of a trusted execution environment of the terminal device.

In step S2101, with reference to fig. 1, the wind control system of the third-party application 200 includes: the terminal equipment comprises a first wind control management service 201 and a first wind control TA202, wherein the first wind control management service 201 runs in an application layer of the terminal equipment 100, and the first wind control TA202 runs in a TEE layer of the terminal equipment 100. The wind control system of the terminal device 100 includes: the safety program 101 runs on an application layer, the second wind control management Service (SDK) 102 runs on an REE layer, and the second wind control TA103 runs on a TEE layer.

In this step, the preset scene is, for example, the aforementioned payment scene or a scene for acquiring the privacy information of the user. At the application layer, the first wind management service 201 of the third party application 200 communicates directly with the security program 101. In response to the trigger of the preset scenario, the first wind management service 201 sends a request message to the security program 101. Upon receiving the request message, the security program 101 may initiate an interaction with the underlying layers (e.g., the REE layer and the TEE layer) to collect status information of the terminal device.

In one example, the request message may include an application identification (UserId) of the third party application 200. UserId is a unique corresponding ID assigned by the device vendor to the third party application 200 for identifying the unique application program. The third party application 200 carries the UserId in the request message, so that the security program 101 of the terminal device or the device manufacturer server 400 can know the relevant information of the third party application 200 conveniently.

In step S2102, the current status information of the terminal device may be summarized in the second wind-controlled TA103 to ensure security. At the TEE layer, according to the request information, the second wind-controlled TA103 may send the current state information that is not encrypted to the first wind-controlled TA202; or, the second wind control TA103 encrypts the current state information to obtain first data, and sends the first data containing the current state information to the first wind control TA202. The security program 101 may also send the identity of the third party application 200 to the second wind-controlled TA103 through the second wind-controlled management service 102.

In one example, the current state information includes: the security level is sequentially reduced to first-level state information, second-level state information and third-level state information. Such as: the primary status information includes a device model, which is typically in the form of a vendor name plus letters or numbers, or a processor identification (cpu id), etc., for example, vendor a12, or vendor B note 11. The secondary state information includes a device unlock state or an international mobile equipment identity (imei), and the device unlock state includes, for example: bootloader unlocked state and bootloader unlocked state. The third-level state information includes whether a malicious application program or an illegal link exists in the terminal equipment or not.

In this example, after the terminal device 100 receives the request information, the security program 101 collects the three-level device state information with the lowest security level and confidence level, and sends the three-level device state information to the second wind control management service 102 in the REE layer. The second wind control management service 102 collects the second-level state information with the highest security level and credibility level, and sends the third-level state information and the received second-level state information to the second wind control TA103 of the TEE layer. The second wind-controlled TA103 acquires the primary state information with the highest security level and confidence level, and therefore the second wind-controlled TA103 includes the primary state information, the secondary state information, and the tertiary state information, that is, all the current state information is obtained, and the second wind-controlled TA103 can reserve the current state information in the memory of the terminal device. After obtaining all the current state information, the second wind-controlled TA103 may encrypt all the current state information with the private key devstatus _ pri, and send the encrypted first data to the first wind-controlled TA202.

In the embodiment of the present disclosure, the third-party application 200 obtains the current state information from the second wind-controlled TA103 through the first wind-controlled TA202 corresponding to the third-party application, and the data interaction obtaining process is based on the TEE layer of the terminal device 100, so that the security and reliability of the data interaction process are effectively ensured.

In an exemplary embodiment, the method of the present embodiment may include steps S210 to S230 as shown in fig. 2. In the embodiment of the present disclosure, the premise that the third-party application 200 safely obtains the current state information on the TEE layer is that: configuration of a first, wind-controlled TA202 trusted by the terminal device 100. The first TA202 may be a TA program self-developed by an internet manufacturer, and may be issued to the TEE layer of the operating system of the terminal device 100 by an authorized party via the device manufacturer server 400.

In one possible implementation, when the preset scenario is first triggered during the running of the third-party application 200, the device manufacturer server 400 issues the first wind-controlled TA202 to the TEE layer. Such an implementation may be performed when the preset scenario is triggered for the first time, and the preconfigured first wind control TA202 may be directly invoked when the preset scenario is triggered for the subsequent time.

In an embodiment of the present disclosure, when the current service scenario is a preset scenario, step S210 in this embodiment includes the following sub-steps S2100 to S2102:

step S2100, in response to the current service scenario being a preset scenario, issues the first wind control TA to the TEE layer of the terminal device on line through the device manufacturer server.

Step S2101, a first wind control management service of a third-party application is called to send a request message to a security program of the terminal equipment; wherein, the request message includes the application identifier of the third party application.

Step S2102 of receiving, by using a first wind control TA corresponding to a third party, current state information sent by a second wind control TA in the terminal device, where the first wind control TA and the second wind control TA operate on a TEE layer of a trusted execution environment of the terminal device.

The implementation of steps S2101 to S2102 can refer to the description of the foregoing embodiments, and is not repeated herein. Step S2100 is executed before step S2101.

In step S2100, the device manufacturer server 400 may authorize the first wind-controlled TA202 of the third-party application 200, and issue the first wind-controlled TA202 to the TEE layer on line in a preset scenario, so that the third-party application 200 obtains the trust of the terminal device 100 through the first wind-controlled TA202, and may safely obtain the current state information from the second wind-controlled TA103 on the basis of meeting the interface protocol defined by the device manufacturer.

In one example, the first, wind-controlled TA202 may perform key management and privacy calculations. For example, the first TA202 may encrypt or decrypt the public key, may encrypt or decrypt the current state information, or may encrypt or decrypt the first data using the public key.

In one example, the lifecycle of the first, wind-controlled TA202 is tied to the third-party application 200.

For example, the method of this example further includes the following step S250: in step S250, in response to the third party application being uninstalled or cleaned, the first wind control TA ends the life cycle. In this step, the first wind control TA is issued in a preset scene. When the third party application 200 is uninstalled, the terminal device 100 will uninstall the first wind-controlled TA202 bound to it, that is, the first wind-controlled TA202 ends the lifecycle. When the third-party application 200 is cleaned, i.e., killed, due to manual cleaning by a user or automatic background checking and killing by the terminal device 100, the corresponding first wind-controlled TA202 is also unloaded, and the life cycle is ended.

As another example, the first, programmatically-controlled TA202 dynamically upgrades with the upgrade of the third-party application 200. The first, wind-controlled TA202 may be online at the app store of the terminal device 100 after authorizing the signature via the device vendor server 400 so that the upgrade version information can be obtained in time.

For another example, the runtime of the first wind-controlled TA202 is bound to the third-party application 200, and does not affect other apps. When the first wind-controlled TA202 is abnormal, the normal operation of the terminal device 100 is not affected.

In one example, the memory occupied by the first gated TA202 of the third party application 200 may satisfy: the heap memory and stack memory occupancy of the first wind-controlled TA202 is less than or equal to 2M.

In the embodiment of the present disclosure, a plurality of rules are configured for the first TA202 of the third party application 200, and the third party application 200 can access the terminal device 100 by authorization on the basis of complying with the relevant rules. In addition, as described in the foregoing embodiment, the current state information acquired by the third-party application 200 through the first wind-controlled TA202 needs to be used under a certain authority.

For example, the current state information is only used to determine the risk information, and the device vendor server 400 may blacklist the third party application 200 when the third party application 200 performs an operation beyond the right using the current state information. The device vendor server 400 may monitor or manage the security of use of the current state information.

In the above embodiments shown in fig. 2 to 3, the third party application 200 accesses the wind control hierarchy inside the terminal device 100 through the wind control management service. The first, wind-controlled TA202 corresponding to the third party application 200 accesses the terminal device 100 by authorization from the device vendor server 400, so that the first, wind-controlled TA202 can obtain trust of the terminal device 100. The embodiment of the disclosure provides reasonable authority, interface capability and bottom layer driving capability for the third party application 200, and an internet manufacturer can develop the first wind-controlled TA202 according to the requirements of the internet manufacturer and the requirements of the equipment manufacturer server 400, so that the current state information can be safely obtained on the TEE layer, the risk can be timely monitored through the third party application 200, and the prevention and control can be timely performed, so that the safety can be improved, and the interests of all parties can be protected.

In a scenario where the third-party application 200 does not develop a corresponding first wind-controlled TA202, the embodiment of the present disclosure further provides an implementation manner for acquiring current state information through the terminal device 100 and performing risk analysis through the device manufacturer server 400.

In an exemplary embodiment, fig. 4 is a schematic diagram of a method for determining risk information according to an embodiment of the present disclosure. As shown in connection with fig. 1, the method of the present embodiment is performed by (the operating system of) the terminal device 100. As shown in fig. 4, the method of the present embodiment may include the following steps S410 to S420:

step S410, responding to the received request message of the third party application, determining the current state information of the terminal equipment; wherein, the request message includes the application identifier of the third party application.

Step S420, the current state information is sent to the third party application on the TEE layer, or the current state information is sent to the device manufacturer server.

In step S410, in combination with the foregoing embodiments corresponding to fig. 2 to fig. 3, the third-party application 200 may send the request information in a preset scenario. For example, at the application layer, the first wind management service 201 of the third-party application 200 calls the interprocess communication binder service, and sends the request message to the security program 101, and the security program 101 may sequentially transmit the application identifier (UserId) to the second wind management service 102 at the REE layer and the second wind TA103 at the TEE layer.

In this step, after receiving the request message, the security program 101, the second wind control management Service (SDK) 102, and the second wind control TA103 in the wind control system of the terminal device 100 respectively collect status information. It can be understood that the second wind control management service 102 does not use a public Application Program Interface (API) when collecting data, and has the advantages of anti-debugging, anti-injection, memory checking, and the like; the method has the characteristics of preventing replay attack and the like during data transmission.

In one example, the current state information includes first level state information, second level state information, and third level state information having successively lower security levels. For examples of the state information of each stage, reference may be made to the description of the foregoing embodiments, and details are not repeated here. After receiving the request information, the security program 101 collects the third-level device status information with the lowest security level and confidence level, and sends the third-level device status information to the second wind control management service 102 of the REE layer. The second wind control management service 102 collects the second-level state information with the highest security level and credibility level, and sends the third-level state information and the received second-level state information to the second wind control TA103 of the TEE layer. The second wind-controlled TA103 acquires the primary state information with the highest security level and confidence level, and therefore the second wind-controlled TA103 includes the primary state information, the secondary state information, and the tertiary state information, that is, all the current state information is obtained, and the second wind-controlled TA103 can reserve the current state information in the memory of the terminal device. After obtaining all current state information, the second wind-controlled TA103 may encrypt all current state information with the private key devstatus _ pri.

In step S420, according to different authorization conditions of the third-party application 200, the terminal device 100 may send current status information to the third-party application 200, and perform risk analysis through the third-party application 200 or the corresponding third-party vendor server 300. Alternatively, the terminal device 100 does not transmit the current state information to the third party application 200, but transmits the current state information to the device vendor server 400, and performs risk analysis through the device vendor server 400.

In a first example, step S420 in this example may include the following sub-steps S420-10:

and step S420-10, responding to the existence of a first wind control TA corresponding to the third-party application in the TEE layer, and sending the current state information to the third-party application through a second wind control TA of the TEE layer.

In this step, with reference to the foregoing description of the embodiment, the first wind-controlled TA202 is issued to the terminal device 100 after being authorized by the device manufacturer server 400. The second wind TA103 can thus send the current status information, e.g. send the encrypted first data, to the first wind TA202 at the TEE layer.

In this example, after the third-party application 200 obtains the current state information on the TEE layer of the terminal device, it may perform risk analysis by itself or through a third-party manufacturer server, determine the risk information, and perform risk prevention and control in a preset scene in time. The implementation can be seen in the foregoing embodiments, and is not described herein again.

In a second example, step S420 in this example may include the following substeps S420-21 to S420-22:

step S420-21, encrypting the current state information through a second wind control TA, and sending first data obtained through encryption to a safety program; wherein the current state information includes: the security level is sequentially reduced to obtain first-level state information, second-level state information and third-level state information;

step S420-22, the first data or the decrypted current status information is transmitted to the device vendor server through the security program.

In step S420-21, the second wind-control TA103 encrypts the primary state information, the secondary state information, and the tertiary state information together to obtain the first data. With reference to the description of the foregoing embodiment, the wind control system of the terminal device collects state information of each level, and collects the state information in the second wind control TA103, and the application identifier of the third-party application is also transmitted to the second wind control TA103.

In one example of this step, when the stage state information subsides layer by layer to the second wind-controlled TA103 of the REE layer, the second wind-controlled TA103 may generate a random number (random). The second wind-controlled TA103 encrypts the current state information, the first random number, and the device state version number (devstatus _ version) with a public key to obtain the first data. It will be appreciated that the device state version number, which is used to characterize different versions of device state information, may start at 0 and increment by 1 each time a change occurs. The device state version number may be incremented or not controlled by the device vendor server 400. In addition, the terminal device 100 and the device vendor server 400 may also agree to negotiate a version number of an encryption/decryption protocol and an encryption/decryption protocol, for example, the encryption/decryption protocol indicates a key involved in an encryption/decryption process and elements required for encryption. If the encryption and decryption protocol is not changed, the version number of the encryption and decryption protocol is always kept unchanged; when the encryption and decryption protocol changes, the protocol version number can be increased by 1 step by step according to the change times.

In this example, as shown in conjunction with the flow of fig. 7, the second TA103 may also use a random key to sign the first data. For example, the first data is signed with a random key (f key pri) in the terminal device 100, and a signature value obtained after the signature is recorded as encrypt _ sign _ devstatus. The first data signature can effectively ensure the authenticity and integrity of the first data in the transmission process so as to prevent the data from being tampered in the transmission process.

In step S420-22, the second wind TA103 may send the first data to the security program 101, and the security program 101 directly forwards the first data to the device vendor server 400; alternatively, the security program 101 decrypts the first data and transmits the decrypted data to the device vendor server 400. To ensure security, in the embodiment of the present disclosure, the security program 101 forwards the signature value encrypt _ sign _ devstatus corresponding to the first data to the device vendor server 400.

In the third example, the step S420 in the method of this example may further include the following steps S420-31 to S420-22:

and S420-31, encrypting the device fingerprint of the terminal device and the application identifier of the third party application through the second wind control TA to obtain second data.

Step S420-32, the first data and the second data are sent to the device vendor server.

Wherein, step S420 in this example may further include steps S420-21 to S420-22 in the foregoing example.

In step S420-31, the second pneumatic TA103 encrypts the device fingerprint (fid), the application identifier (UserId) and the generated random number (random) by using the public key (devstatus _ pub), and obtains the second data. As shown in connection with the flow chart of fig. 5, this second data is an anonymized device fingerprint, which may be denoted as anymizeddevicefingerprint. The device fingerprint is anonymized by adopting the random number, the random number can change when being encrypted for different times, and under the condition that elements involved in encryption are the same, the anonymized device fingerprint obtained by encryption for each time is not fixed and unchanged due to the variability of the random number, so that the reliability is further improved. Therefore, even if the third-party application or the third-party manufacturer server obtains the second data, the terminal equipment cannot be uniquely positioned, and the privacy safety of the user and the safety of the terminal equipment are effectively improved. It is understood that in the second data, the encryption element may further supplement a device status version number (devstatus _ version), that is, the second data is obtained by encrypting the device fingerprint (fid), the application identification (UserId), the random number (random), and the devstatus _ version.

In steps S420-32, as shown in the flowchart of fig. 5, the terminal device may send the signature value encrypt _ sign _ devstatus corresponding to the first data and the second data anonymous devicefingerprintin to the device vendor server 400. So that the device vendor server 400 obtains the device fingerprint and the current state information from the first data and the second data.

In the embodiment of the present disclosure, the terminal device 100 needs to ensure the privacy security of the user, and the security program 101 of the terminal device 100 is used as an entrance for providing the status information to the outside (e.g., the device manufacturer server 400). And the transmitted data is encrypted and signed data, so that the security in the transmission process is effectively ensured, and finally, the risk analysis is carried out on the current state information through the equipment manufacturer server 400.

In an exemplary embodiment, fig. 6 is a schematic diagram of a method for determining risk information according to an embodiment of the present disclosure. The method of the present embodiment is performed by the device vendor server 400 as shown in connection with FIG. 1. As shown in fig. 6, the method of the present embodiment may include the following steps S610 to S630:

step S610, receiving the current status information sent by the terminal device.

And S620, determining risk information according to the current state information, wherein the risk information is used for representing whether the current state information has risks.

Step S630, the risk information and/or the risk control measure is sent to the third party vendor server corresponding to the third party application.

Here, in step S610, the device vendor server 400 may receive the current state information transmitted by the security program 101 in the terminal device 100. In the embodiment of the present disclosure, the case where the security program 101 sends the current state information of the encryption state is described as an example.

In one example, the present step S610 may include the following step S611:

step S611, receiving first data and second data sent by the terminal device, where, with reference to the flowchart shown in fig. 7, the first data is obtained by encrypting, by a second wind-controlled TA of the terminal device, the current state information, and the second data is obtained by encrypting, by the second wind-controlled TA, the device fingerprint of the terminal device and the application identifier of the third-party application. In this step, in conjunction with the aforementioned embodiment, the device vendor server 400 receives the signature value encrypt _ sign _ devstatus and the second data anonymizedevicefingerprint corresponding to the first data. The first data includes current state information of the encryption state, a first random number, and a device state version number (devstatus _ version), and the second data includes a device fingerprint of the terminal device 100 in the encryption state, an application identifier (UserId) of the third party application 200, and a random number.

In step S620, the terminal device may continuously upload the device status information to the device vendor server 400, so that the device vendor server 400 may establish a history database to store multiple versions of the device status information of each terminal device in time series, and configure a corresponding device status version number (devstatus _ version) for each version of the device status information. The historical database may be cleared or updated periodically, such as every half year or year, to update to new device status information. It will be appreciated that the device fingerprint for each terminal device is different. When the device state information changes, the device state version number will change. For example, if the current status information is the same as the previous status information, the device status version numbers of the two are denoted as n. For another example, if the current state information is different from the previous state information, the device state version number of the previous state information is denoted as n, and the device state version number of the current state information is (n + 1).

In a scenario of receiving the first data and the second data, the step S620 may include the following sub-steps S621 to S622:

step S621, decrypt the second data to obtain the device fingerprint, and obtain the current state information of the decrypted first data according to the device fingerprint. In this step, in conjunction with the flowchart shown in fig. 7, the device vendor server 400 first decrypts the second data by using the private key devstatus _ pri to obtain the device fingerprint, the random number, the application identifier of the third party application, and devstatus _ version. The device manufacturer server 400 indexes the key used for signing the first data corresponding to the terminal device 100 according to the decrypted device fingerprint, verifies the signature by using the indexed key pair encrypt _ sign _ devstatus, decrypts the first data by using the private key devstatus _ pri after the signature verification is passed, and obtains current state information, a random number and devstatus _ version.

In this step, the device vendor server 400 may also perform security verification on the data. For example, the random numbers obtained by decrypting the first data and the second data twice are compared with devstatus _ version, the random numbers obtained by decrypting the first data and the second data twice are consistent, and the devstatus _ version obtained by decrypting the first data and the second data twice is consistent, and then the next step is performed, such as determining risk information. And if not, sending a rejection message.

In step S622, risk information is determined according to the current state information. In this step, with reference to the flowchart shown in fig. 7, after obtaining the current state information, the device manufacturer server 400 may compare the latest device state information corresponding to the terminal device in the history database (i.e., the previous state information of the current state information), so as to determine the risk information.

In an example, the current state information is determined to be safe in response to the current state information being the same as the previous state information. In this example, if the current state information is the same as the previous state information, it is considered that the device state information is not tampered, so that the service of the preset scene can be normally performed. In this example, device vendor server 400 may not send data to security program 101 or third party vendor server 300, or may send a secure notification message to security program 101, which security program 101 may forward to third party application 200.

In another example, the current state information is determined to be at risk in response to the current state information being different from the previous state information. In this example, when the current status information changes, the device vendor server 400 determines that there is a risk, and may send risk information to the security program 101 and the third party vendor server 300, respectively, to facilitate timely scheduling. For example, the risk information is sent to the security program 101, and the security program 101 executes a preset wind control policy, for example, suspending the service of a preset scene. As another example, the risk information may be sent to the third party vendor server 300 for indirect transmission to the third party application 200.

Step S620 in this example may further include the steps of: s6201, determining a risk level according to the change degree of the current state information and the previous state information. In this step, statistics may be performed on the data proportion that changes in the current state information, a high risk level is determined when the data proportion is greater than a first threshold, a medium risk level is determined when the data proportion is between the first threshold and a second threshold, and a low risk level is determined when the data proportion is less than the second threshold, which is beneficial to targeted wind control processing.

In step S630, in the embodiment where the device vendor server 400 sends the risk information to the third party vendor server 300, the third party vendor server 300 may determine the risk control measure according to the risk information. In the embodiment of the present disclosure, in combination with the flow illustrated by the thick line in fig. 1, the device vendor server 400 may determine the risk control measure according to the risk information, and send the determined risk control measure to the third party vendor server 300, so that the third party vendor server 300 may instruct the third party application 200 to execute the risk control measure.

In this step, the device vendor server 400 may send the risk information or the risk control measure to the third party vendor server 300 according to a negotiation agreement between the two parties. For example, the data is transmitted according to a data format (for example, json format) agreed by both parties, and the data can be transmitted by using an encrypted transmission method.

It will be appreciated that device vendor server 400 may assign a public-private key pair to each terminal device 100 for data encryption and decryption, where the public-private key pair includes public key devstatus _ pub and private key devstatus _ pri. The public key devstatus _ pub is in the terminal device 100 and the private key devstatus _ pri is in the device vendor server 400.

In the embodiment of the present disclosure, in conjunction with the flowchart shown in fig. 7, after the device manufacturer server 400 decrypts to obtain the current state information and the data is checked, the current state information may be stored or the device information of the terminal device 100 may be updated to the current state information.

In this embodiment, the device manufacturer server 400 may also feed back the received current status information to the terminal device 100. For example, the device vendor server 400 calculates a Hash-based Message Authentication Code (hmac) of a random number or devstatus _ version, and records the calculation result as rsp _ token. The device vendor server 400 sends the rsp _ token to the security program 101 of the terminal device 100 indicating that the receipt of the current status information has been confirmed. The security program 101 sequentially sends the rsp _ token to the second wind control management service 102 and the second wind control TA103.

If the second wind-controlled TA103 has not received the rsp _ token, the task device manufacturer server 400 does not receive the current state information and needs to retransmit the current state information.

In the embodiment of the present disclosure, the device manufacturer server 400 performs secure data transmission with the terminal device 100, so that the risk information can be determined by the device manufacturer server 400 without sending a device fingerprint to the third party application 200 or the third party manufacturer server 300, and therefore, the third party application 200 or the third party manufacturer server 300 cannot uniquely locate the terminal device, which is beneficial to ensuring the privacy security of the user.

In an exemplary embodiment, fig. 8 is a schematic diagram of a method for determining risk information according to an embodiment of the present disclosure. As shown in connection with FIG. 1, the method of the present embodiment is performed by a third party vendor server 300. As shown in fig. 8, the method of this embodiment may include the following step S810, or steps S810 to S830:

step S810, receiving the risk information sent by the third party application, or receiving the risk information sent by the device manufacturer server.

And step S820, determining a risk control measure in a preset scene according to the risk information.

Step S830, sending risk control measures to the third party application.

The implementation of steps S810 to S830 can refer to the description of the foregoing embodiments, and is not repeated herein.

In the embodiment of the present disclosure, the third party manufacturer server 300 performs risk control in time according to the risk information, so as to ensure the benefits of itself and the security of the terminal device.

In an exemplary embodiment, the embodiment of the present disclosure further provides an apparatus for determining risk information, configured to a third-party application. As shown in fig. 9, the apparatus of the present embodiment includes: an obtaining module 901 and a first determining module 902. The apparatus of the present embodiment is used to implement the method as shown in fig. 2 to 3. The obtaining module 901 is configured to obtain current state information of the terminal device in a trusted execution environment TEE layer of the terminal device. The first determining module 902 is configured to determine risk information according to the current state information, where the risk information is used to represent whether there is a risk in the current state information.

In an exemplary embodiment, an apparatus for determining risk information is further provided in this disclosed embodiment, and is configured to a terminal device. As shown in fig. 10, the apparatus of the present embodiment includes: a second determination module 1001 and a first transmission module 1002. The apparatus of the present embodiment is used to implement the method as shown in fig. 4 to 5. The second determining module 1001 is configured to determine, in response to receiving a request message of a third-party application, current state information of the terminal device; wherein the request message includes an application identifier of the third-party application. The first sending module 1002 is configured to send current status information to a third party application at the TEE layer, or send the current status information to a device manufacturer server.

In an exemplary embodiment, an apparatus for determining risk information is further provided in this disclosed embodiment, and is configured on a device vendor server, as shown in fig. 11, the apparatus of this embodiment includes: a first receiving module 1101, a third determining module 1102 and a second sending module 1103. The apparatus of the present embodiment is used to implement the method as shown in fig. 6 to 7. The first receiving module 1101 is configured to receive current state information sent by the terminal device. The third determining module 1102 is configured to determine risk information according to the current state information, where the risk information is used to represent whether the current state information has a risk. The second sending module 1103 is configured to send the risk information and/or the risk control measures to a third-party vendor server corresponding to the third-party application.

In an exemplary embodiment, the present disclosure further provides an apparatus for determining risk information, which is characterized by being configured in a third party vendor server. As shown in fig. 12, the apparatus of the present embodiment includes: a second receiving module 1201. The second receiving module 1201 is configured to receive risk information sent by a third-party application, or receive risk information sent by a device manufacturer server.

When the apparatus for determining risk information is a terminal device, the structure thereof can also be shown with reference to fig. 13. Fig. 13 is a block diagram of an electronic device. The present disclosure also provides for an electronic device, for example, the device 600 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, and the like.

Device 600 may include one or more of the following components: a processing component 602, a memory 604, a power component 606, a multimedia component 608, an audio component 610, an interface to input/output (I/O) 612, a sensor component 614, and a communication component 616.

The processing component 602 generally controls overall operation of the device 600, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing component 602 may include one or more processors 620 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 602 can include one or more modules that facilitate interaction between the processing component 602 and other components. For example, the processing component 602 can include a multimedia module to facilitate interaction between the multimedia component 608 and the processing component 602.

The memory 604 is configured to store various types of data to support operation at the device 600. Examples of such data include instructions for any application or method operating on device 600, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 604 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.

Power component 606 provides power to the various components of device 600. Power components 606 may include a power management system, one or more power sources, and other components associated with generating, managing, and distributing power for device 600.

The multimedia component 608 includes a screen that provides an output interface between the device 600 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 608 includes a front facing camera and/or a rear facing camera. The front camera and/or the rear camera may receive external multimedia data when the device 600 is in an operating mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.

The audio component 610 is configured to output and/or input audio signals. For example, the audio component 610 includes a Microphone (MIC) configured to receive external audio signals when the device 600 is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signal may further be stored in the memory 604 or transmitted via the communication component 616. In some embodiments, audio component 610 further includes a speaker for outputting audio signals.

The I/O interface 612 provides an interface between the processing component 602 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.

The sensor component 614 includes one or more sensors for providing various aspects of status assessment for the device 600. For example, the sensor component 614 may detect an open/closed state of the device 600, the relative positioning of the components, such as a display and keypad of the device 600, the sensor component 614 may also detect a change in position of the device 600 or a component of the device 600, the presence or absence of user contact with the device 600, orientation or acceleration/deceleration of the device 600, and a change in temperature of the apparatus 600. The sensor assembly 614 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 614 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 614 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

The communication component 616 is configured to facilitate communications between the device 600 and other devices in a wired or wireless manner. The device 600 may access a wireless network based on a communication standard, such as WiFi,2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 616 receives broadcast signals or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 616 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, and other technologies.

In an exemplary embodiment, the device 600 may be implemented by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.

A non-transitory computer readable storage medium, such as the memory 604, including instructions executable by the processor 620 of the device 600 to perform the method described above, is provided in another exemplary embodiment of the present disclosure. For example, the computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like. The instructions in the storage medium, when executed by a processor of the electronic device, enable the electronic device to perform the above-described method.

Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.

It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.

Claims

1. A method for determining risk information, applied to a third party application, the method comprising:

2. The method of determining risk information of claim 1, wherein determining risk information based on the current state information comprises:

3. The method of determining risk information of claim 1, further comprising:

4. The method for determining risk information according to claim 1, wherein the obtaining current state information of the terminal device at a Trusted Execution Environment (TEE) layer of the terminal device comprises:

and receiving the current state information sent by a second wind control TA in the terminal equipment by using a corresponding first wind control TA of the third party, wherein the first wind control TA and the second wind control TA operate on a Trusted Execution Environment (TEE) layer of the terminal equipment.

5. The method of determining risk information of claim 4, wherein in response to the current traffic scenario being a preset scenario, the method further comprises:

and issuing the first wind control TA to the TEE layer of the terminal equipment on line through an equipment manufacturer server.

6. The method of determining risk information of claim 4, further comprising:

7. A method for determining risk information is applied to a terminal device, and comprises the following steps:

and sending the current state information to the third-party application on a TEE layer, or sending the current state information to an equipment manufacturer server.

8. The method of claim 7, wherein sending the current state information to the third party application at a TEE layer comprises:

9. The method of claim 7, wherein sending the current state information to a device vendor server comprises:

10. The method of claim 9, further comprising:

11. The method of claim 10, wherein sending the current state information to a device vendor server comprises:

sending the first data and the second data to the device vendor server.

12. A method for determining risk information, applied to a device vendor server, the method comprising:

receiving current state information sent by terminal equipment;

determining risk information according to the current state information, wherein the risk information is used for representing whether the current state information has risks or not;

13. The method of claim 12, wherein the receiving the current state information sent by the terminal device comprises:

14. The method of determining risk information of claim 13, wherein determining risk information based on the current state information comprises:

and determining risk information according to the current state information.

15. The method of determining risk information according to claim 12 or 14, wherein determining risk information according to the current state information comprises:

16. The method of determining risk information of claim 15, wherein said determining that the current state information is at risk comprises:

17. A method for determining risk information, the method being implemented in a third party vendor server, the method comprising:

18. The method of determining risk information of claim 17, further comprising:

sending the risk control measure to the third party application.

19. An apparatus for determining risk information, configured for a third party application, the apparatus comprising:

20. An apparatus for determining risk information, configured at a terminal device, the apparatus comprising:

the second determination module is used for responding to the received request message of the third-party application and determining the current state information of the terminal equipment; wherein the request message includes an application identifier of the third-party application;

21. An apparatus for determining risk information, configured at a device vendor server, the apparatus comprising:

22. An apparatus for determining risk information, configured to be provided at a third party vendor server, the apparatus comprising:

23. An electronic device, comprising:

a processor;

a memory for storing executable instructions of the processor;

wherein the processor is configured to perform the method of determining risk information of any of claims 1 to 6, or any of claims 7 to 11, or any of claims 12 to 16, or any of claims 17 to 18.

24. A non-transitory computer readable storage medium, wherein instructions in the storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the method of determining risk information of any of claims 1 to 6, or any of claims 7 to 11, or any of claims 12 to 16, or any of claims 17 to 18.