CN115618327A - Security architecture system, security management method, computing device, and readable storage medium - Google Patents

Abstract

The application provides a security architecture system, a security management method, a computing device and a readable storage medium, which are beneficial to improving the processing speed and the system security. The security architecture system is loaded with a rich execution environment subsystem, a trusted execution environment subsystem and a secure element subsystem, wherein a trusted cryptographic service module is constructed in the security architecture system, the trusted cryptographic service module comprises a TCM service module and a TCM cryptographic module, the TCM service module and the TCM cryptographic module are separately arranged in different subsystems except the rich execution environment subsystem, and the trusted cryptographic service module is configured to: and receiving a service request initiated by an application program, responding to the service request, and obtaining an execution result.

Description

Security architecture system, security management method, computing device, and readable storage medium

Technical Field

The present application relates to the field of processor technologies, and in particular, to a security architecture system, a security management method, a computing device, and a readable storage medium.

Background

With the development of technology, people put higher and higher requirements on the security of systems, and therefore trusted computing technologies such as trusted cryptographic service modules appear. How to improve the flexibility of scheduling and the security of the system in the process of providing services by using the trusted cryptography service module is a problem which needs to be solved urgently at present.

Disclosure of Invention

The embodiment of the application provides a security architecture system, a security management method, a computing device and a readable storage medium, which are beneficial to improving the scheduling flexibility and the system security of a trusted computing platform.

In a first aspect, a secure architecture system is provided, where the secure architecture system is loaded with a rich execution environment subsystem, a trusted execution environment subsystem, and a secure element subsystem, and a trusted cryptography service module is built in the secure architecture system, where the trusted cryptography service module includes a TCM service module and a TCM cryptographic module, and the TCM service module and the TCM cryptographic module are separately disposed in different subsystems except the rich execution environment subsystem, and the trusted cryptography service module is configured to: and receiving a service request initiated by an application program, responding to the service request, and obtaining an execution result.

The trusted cryptographic service module can comprise a TCM service module and a TCM cryptographic module, and the trusted cryptographic service module and the TCM cryptographic module are separated, so that the flexibility of scheduling is improved.

In addition, the embodiment of the present application proposes that the trusted cryptography service module may be integrated in the security architecture system, or the trusted cryptography service module may be constructed in the security architecture system in the embodiment of the present application. Because the trusted password service module is integrated in the security architecture system, the time for providing the service by the trusted password service module can be shortened, and the processing speed can be improved. In addition, the security capability of the trusted cryptography service module can be independent of the security of the host system and can play a role autonomously, so that the security of the computer system can be improved.

The TCM service module and the TCM password module are built in different subsystems, so that the flexibility of system calling can be improved. For example, the TCM service module is built in the trusted execution environment subsystem, the TCM cryptographic module is built in the secure element subsystem, or the TCM service module is built in the secure element subsystem, the TCM cryptographic module is built in the trusted execution environment subsystem.

Because the trusted execution environment subsystem and the secure element subsystem have secure operating environments, the TCM service module and the TCM cryptographic module are built in the two subsystems, and the requirements of the TCM service module and the TCM cryptographic module on security can be met.

In some implementations, the TCM service module includes a service interface configured to: and receiving a service request initiated by the application program, and calling the TCM password module to execute service through the service interface to obtain an execution result.

The TCM service module and the TCM password module are combined to provide services for the application program, and the security of the system is improved.

In some implementations, the TCM service module is configured to: and receiving a service request initiated by the application program, and executing service based on the service request to obtain an execution result.

The TCM service module independently provides service for the application program, so that the speed of providing service for the application program by the trusted password service module can be improved.

In some implementations, the trusted cryptographic service module further includes a TCM driver module built in at least one of the rich execution environment subsystem, the trusted execution environment subsystem, and the secure element subsystem, the TCM driver module including a driver layer interface, the TCM driver module configured to receive a service request initiated by the application program and, in response to the service request, send a TCM service request to the TCM service module and/or the TCM cryptographic module through the driver layer interface to obtain an execution result; or the TCM driver module is configured to receive a service request initiated by the application program and execute service based on the service request to obtain an execution result.

By constructing the TCM driver module, the complexity of the application program for acquiring TCM services can be reduced. In addition, the TCM driver module can independently provide services for the application program, and can also provide services for the application program by combining the TCM service module and/or the TCM password module, thereby improving the flexibility of the system.

In some implementations, the TCM service module is built in the trusted execution environment subsystem, the TCM crypto module is built in the secure element subsystem, the TCM driver module is built in the rich execution environment subsystem, the rich execution environment subsystem is configured to send a first TCM service request to the trusted execution environment subsystem through the TCM driver module; the trusted execution environment subsystem is configured to invoke the TCM service module to execute TCM service based on the first TCM service request to obtain an execution result, or the trusted execution environment subsystem is configured to send a second TCM service request to the secure element subsystem based on the first TCM service request; the secure element subsystem is configured to invoke the TCM cryptographic module to execute TCM services based on the second TCM service request, resulting in an execution result.

The trusted execution environment subsystem can flexibly select a mode for providing service for the application program based on the service requirement of the application program, and is favorable for improving the flexibility of the system.

In some implementations, the TCM service module is built in the trusted execution environment subsystem, the TCM crypto module is built in the secure element subsystem, the TCM driver module is built in the rich execution environment subsystem, the rich execution environment subsystem is configured to send a third TCM service request to the secure element subsystem through the TCM driver module; the secure element subsystem is configured to invoke the TCM cryptographic module to execute TCM services based on the third TCM service request, resulting in an execution result.

The calling mode is a direct calling between the rich execution environment subsystem and the secure element subsystem, and does not pass through the trusted execution environment subsystem, namely a cross-level calling mode, so that the scheduling flexibility can be improved, the power consumption can be reduced, and the response speed can be improved.

In some implementations, the TCM service module is built in the trusted execution environment subsystem, the TCM cryptographic module is built in the secure element subsystem, the TCM driver module is built in the trusted execution environment subsystem, the rich execution environment subsystem is configured to send the application-initiated service request to the trusted execution environment subsystem; the trusted execution environment subsystem is configured to call the TCM driver module and/or the TCM service module to execute services based on a service request initiated by the application program, and obtain an execution result; or, the trusted execution environment subsystem is configured to send a fourth TCM service request to the secure element subsystem through the TCM driver module based on the application-initiated service request; the secure element subsystem is configured to invoke the TCM cryptographic module to execute TCM services based on the fourth TCM service request, resulting in an execution result.

The trusted execution environment subsystem can flexibly select a mode for providing service for the application program based on the service requirement of the application program, and is favorable for improving the flexibility of the system.

In some implementations, the TCM services module is implemented in the trusted execution environment subsystem, the TCM cryptography module is implemented in the secure element subsystem, the TCM drivers include a first TCM driver and a second TCM driver, the first TCM driver is implemented in the rich execution environment subsystem, and the second TCM driver is implemented in the trusted execution environment subsystem.

The TCM driver modules are constructed in both the rich execution environment subsystem and the trusted execution environment subsystem, so that the scheduling flexibility can be improved.

In some implementations, the rich execution environment subsystem is configured to send a fifth TCM service request to the secure element subsystem through the first TCM driver module or send the application-initiated service request to the trusted execution environment subsystem; the trusted execution environment subsystem is configured to call the second TCM driver module and/or the TCM service module to execute services based on a service request initiated by the application program, and obtain an execution result; the secure element subsystem is configured to invoke the TCM cryptographic module to execute TCM services based on the fifth TCM service request, resulting in an execution result.

The flexibility of the system can be improved by the application program autonomously selecting the calling mode.

In some implementations, the TCM services module is built in the secure element subsystem, the TCM cryptography module is built in the trusted execution environment subsystem, the TCM driver module is built in the rich execution environment subsystem, the rich execution environment subsystem is configured to send a sixth TCM services request to the trusted execution environment subsystem through the TCM driver module; the trusted execution environment subsystem is configured to invoke the TCM cryptographic module to execute TCM services based on the sixth TCM service request, and obtain an execution result.

When the application program in the embodiment of the application program has service requirements, the trusted execution environment subsystem can provide services, so that the response speed is improved, and the power consumption is reduced.

In some implementations, the TCM services module is built in the secure element subsystem, the TCM cryptography module is built in the trusted execution environment subsystem, the TCM driver module is built in the rich execution environment subsystem, the rich execution environment subsystem is configured to send a seventh TCM services request to the secure element subsystem through the TCM driver module; the secure element subsystem is configured to invoke the TCM service module to execute TCM services based on the seventh TCM service request, resulting in an execution result, or the secure element subsystem is configured to send an eighth TCM service request to the trusted execution environment subsystem based on the seventh TCM service request; the trusted execution environment subsystem is configured to invoke the TCM cryptographic module to execute TCM services based on the eighth TCM service request, and obtain an execution result.

The secure element subsystem can flexibly select a mode for providing services for the application program based on the service requirements of the application program, and is favorable for improving the flexibility of the system.

In some implementations, the TCM service module is built in the secure element subsystem, the TCM cryptographic module is built in the trusted execution environment subsystem, the TCM driver module is built in the trusted execution environment subsystem, the rich execution environment subsystem is configured to send the application-initiated service request to the trusted execution environment subsystem; the trusted execution environment subsystem is configured to invoke the TCM driver module and/or the TCM cryptographic module to execute services based on a service request initiated by the application program, and obtain an execution result.

When the application program in the embodiment of the application program has service requirements, the trusted execution environment subsystem can provide services, so that the response speed is improved, and the power consumption is reduced.

In some implementations, the TCM service module is implemented in the secure element subsystem, the TCM crypto module is implemented in the trusted execution environment subsystem, and the TCM driver modules include a third TCM driver module and a fourth TCM driver module, the third TCM driver module being implemented in the rich execution environment subsystem, and the fourth TCM driver module being implemented in the trusted execution environment subsystem.

The TCM driver modules are constructed in both the rich execution environment subsystem and the trusted execution environment subsystem, so that the scheduling flexibility can be improved.

In some implementations, the rich execution environment subsystem is configured to send a ninth TCM service request to the secure element subsystem through the third TCM driver module, or the rich execution environment subsystem is configured to send the application-initiated service request to the trusted execution environment subsystem; the trusted execution environment subsystem is configured to invoke the fourth TCM driver module and/or the TCM cryptographic module to execute a service based on a service request initiated by the application program, resulting in an execution result; the secure element subsystem is configured to invoke the TCM service module to execute TCM services based on the ninth TCM service request, resulting in an execution result.

The flexibility of the system can be improved by the application program automatically selecting the calling mode.

In a second aspect, a security management method is provided, where the method is applied to a secure architecture system that carries a rich execution environment subsystem, a trusted execution environment subsystem, and a secure element subsystem, where the secure architecture system is configured with a trusted cryptographic service module, where the trusted cryptographic service module includes a TCM service module and a TCM cryptographic module, and the TCM service module and the TCM cryptographic module are separately provided in different subsystems except for the rich execution environment subsystem, and the method includes: the trusted password service module receives a service request initiated by an application program, responds to the service request and obtains an execution result.

The embodiments of the present application propose that a trusted cryptography service module may be integrated in a security architecture system, or a trusted cryptography service module may be constructed in the security architecture system in the embodiments of the present application. Because the trusted password service module is integrated in the security architecture system, the time for providing the service by the trusted password service module can be shortened, and the processing speed can be improved. In addition, the security capability of the trusted cryptography service module can be independent of the security of the host system and can play a role autonomously, so that the security of the computer system can be improved.

The TCM service module and the TCM password module are built in different subsystems, so that the flexibility of system calling can be improved.

In some implementations, the TCM service module is implemented in the trusted execution environment subsystem, the TCM cryptographic module is implemented in the secure element subsystem, or the TCM service module is implemented in the secure element subsystem, the TCM cryptographic module is implemented in the trusted execution environment subsystem.

Because the trusted execution environment subsystem and the secure element subsystem have secure operating environments, the TCM service module and the TCM cryptographic module are built in the two subsystems, and the requirements of the TCM service module and the TCM cryptographic module on security can be met.

In some implementations, the TCM service module includes a service interface, and the trusted cryptography service module receives a service request initiated by an application program, and obtains an execution result in response to the service request, including: and the TCM service module receives a service request initiated by the application program, and calls the TCM cryptographic module to execute service through the service interface to obtain an execution result.

The TCM service module and the TCM password module are combined to provide services for the application program, and the security of the system is improved.

In some implementations, the receiving, by the trusted cryptography service module, a service request initiated by an application program, and obtaining an execution result in response to the service request includes: and the TCM service module receives a service request initiated by the application program, executes service based on the service request and obtains an execution result.

The TCM service module independently provides service for the application program, so that the speed of providing service for the application program by the trusted password service module can be improved.

In some implementations, the trusted cryptography service module further includes a TCM driver module, the TCM driver module being built in at least one of the rich execution environment subsystem, the trusted execution environment subsystem, and the secure element subsystem, the TCM driver module including a driver layer interface, the trusted cryptography service module receiving a service request initiated by an application program, and obtaining an execution result in response to the service request, including: the TCM driver module receives a service request initiated by the application program, and responds to the service request, and sends a TCM service request to the TCM service module and/or the TCM password module through the driver layer interface so as to obtain an execution result; or the TCM driver module receives a service request initiated by the application program and executes service based on the service request to obtain an execution result.

By constructing the TCM driver module, the complexity of the application program for acquiring TCM services can be reduced. In addition, the TCM driver module can independently provide services for the application program, and can also provide services for the application program by combining the TCM service module and/or the TCM password module, so that the flexibility of the system is improved.

In some implementations, the TCM service module is built in the trusted execution environment subsystem, the TCM cryptographic module is built in the secure element subsystem, the TCM driver module is built in the rich execution environment subsystem, and the trusted cryptographic service module receives a service request initiated by an application program and obtains an execution result in response to the service request, including: the rich execution environment subsystem sends a first TCM service request to the trusted execution environment subsystem through the TCM driver module; the trusted execution environment subsystem calls the TCM service module to execute TCM service based on the first TCM service request to obtain an execution result, or the trusted execution environment subsystem sends a second TCM service request to the secure element subsystem based on the first TCM service request; and the secure element subsystem calls the TCM cryptographic module to execute TCM service based on the second TCM service request to obtain an execution result.

The trusted execution environment subsystem can flexibly select a mode for providing service for the application program based on the service requirement of the application program, and is favorable for improving the flexibility of the system.

In some implementations, the TCM service module is built in the trusted execution environment subsystem, the TCM cryptographic module is built in the secure element subsystem, the TCM driver module is built in the rich execution environment subsystem, and the trusted cryptographic service module receives a service request initiated by an application program and obtains an execution result in response to the service request, including: the rich execution environment subsystem sends a third TCM service request to the secure element subsystem through the TCM driver module; and the secure element subsystem calls the TCM cryptographic module to execute TCM service based on the third TCM service request to obtain an execution result.

The calling mode is a direct calling between the rich execution environment subsystem and the secure element subsystem, and does not pass through the trusted execution environment subsystem, namely a cross-stage calling mode, so that the scheduling flexibility can be improved, the power consumption can be reduced, and the response speed can be improved.

In some implementations, the TCM service module is implemented in the trusted execution environment subsystem, the TCM cryptographic module is implemented in the secure element subsystem, the TCM driver module is implemented in the trusted execution environment subsystem, and the trusted cryptographic service module receives a service request initiated by an application program and obtains an execution result in response to the service request, including: the rich execution environment subsystem sends the service request initiated by the application program to the trusted execution environment subsystem; the trusted execution environment subsystem calls the TCM driver module and/or the TCM service module to execute services based on a service request initiated by the application program to obtain an execution result; or, the trusted execution environment subsystem sends a fourth TCM service request to the secure element subsystem through the TCM driver module based on the service request initiated by the application; and the secure element subsystem calls the TCM password module to execute TCM service based on the fourth TCM service request to obtain an execution result.

The trusted execution environment subsystem can flexibly select a mode for providing services for the application program based on the service requirements of the application program, and is favorable for improving the flexibility of the system.

In some implementations, the TCM services module is implemented in the trusted execution environment subsystem, the TCM cryptography module is implemented in the secure element subsystem, the TCM drivers include a first TCM driver and a second TCM driver, the first TCM driver is implemented in the rich execution environment subsystem, and the second TCM driver is implemented in the trusted execution environment subsystem.

The TCM driver modules are constructed in both the rich execution environment subsystem and the trusted execution environment subsystem, so that the scheduling flexibility can be improved.

In some implementations, the receiving, by the trusted cryptography service module, a service request initiated by an application, and obtaining an execution result in response to the service request includes: the rich execution environment subsystem sends a fifth TCM service request to the secure element subsystem through the first TCM driver module or sends the application-initiated service request to the trusted execution environment subsystem; the trusted execution environment subsystem calls the second TCM driver module and/or the TCM service module to execute service based on a service request initiated by the application program to obtain an execution result; and the secure element subsystem calls the TCM password module to execute TCM service based on the fifth TCM service request to obtain an execution result.

The flexibility of the system can be improved by the application program automatically selecting the calling mode.

In some implementations, the TCM service module is implemented in the secure element subsystem, the TCM cryptographic module is implemented in the trusted execution environment subsystem, the TCM driver module is implemented in the rich execution environment subsystem, and the trusted cryptographic service module receives a service request initiated by an application program, and obtains an execution result in response to the service request, including: the rich execution environment subsystem sends a sixth TCM service request to the trusted execution environment subsystem through the TCM driver module; and the trusted execution environment subsystem calls the TCM cryptographic module to execute TCM service based on the sixth TCM service request to obtain an execution result.

When the application program in the embodiment of the application program has service requirements, the trusted execution environment subsystem can provide services, so that the response speed is improved, and the power consumption is reduced.

In some implementations, the TCM service module is built in the secure element subsystem, the TCM cryptographic module is built in the trusted execution environment subsystem, the TCM driver module is built in the rich execution environment subsystem, and the trusted cryptographic service module receives a service request initiated by an application program and obtains an execution result in response to the service request, including: the rich execution environment subsystem sends a seventh TCM service request to the secure element subsystem through the TCM driver module; the secure element subsystem calls the TCM service module to execute TCM service based on the seventh TCM service request to obtain an execution result, or the secure element subsystem sends an eighth TCM service request to the trusted execution environment subsystem based on the seventh TCM service request; and the trusted execution environment subsystem calls the TCM cryptographic module to execute TCM service based on the eighth TCM service request to obtain an execution result.

The secure element subsystem can flexibly select a mode for providing services for the application program based on the service requirements of the application program, and is favorable for improving the flexibility of the system.

In some implementations, the TCM service module is built in the secure element subsystem, the TCM cryptographic module is built in the trusted execution environment subsystem, the TCM driver module is built in the trusted execution environment subsystem, and the trusted cryptographic service module receives a service request initiated by an application program and obtains an execution result in response to the service request, including: the rich execution environment subsystem sends the service request initiated by the application program to the trusted execution environment subsystem; and the trusted execution environment subsystem calls the TCM driver module and/or the TCM password module to execute service based on the service request initiated by the application program to obtain an execution result.

When the application program in the embodiment of the application program has service requirements, the trusted execution environment subsystem can provide services, so that the response speed is improved, and the power consumption is reduced.

In some implementations, the TCM service module is implemented in the secure element subsystem, the TCM crypto module is implemented in the trusted execution environment subsystem, and the TCM driver modules include a third TCM driver module and a fourth TCM driver module, the third TCM driver module being implemented in the rich execution environment subsystem, and the fourth TCM driver module being implemented in the trusted execution environment subsystem.

The TCM driver modules are constructed in both the rich execution environment subsystem and the trusted execution environment subsystem, so that the scheduling flexibility can be improved.

In some implementations, the receiving, by the trusted cryptography service module, a service request initiated by an application program, and obtaining an execution result in response to the service request includes: the rich execution environment subsystem sends a ninth TCM service request to the secure element subsystem through the third TCM driver module, or the rich execution environment subsystem sends the application-initiated service request to the trusted execution environment subsystem; the trusted execution environment subsystem calls the fourth TCM driver module and/or the TCM password module to execute services based on a service request initiated by the application program to obtain an execution result; and the secure element subsystem calls the TCM service module to execute the TCM service based on the ninth TCM service request to obtain an execution result.

The flexibility of the system can be improved by the application program automatically selecting the calling mode.

In a third aspect, a computing device is provided, the computing device comprising a security architecture system as described in the first aspect or any implementation manner of the first aspect.

In a fourth aspect, a computer-readable storage medium is provided, on which a program is stored, the program causing a computer to perform the method according to the first aspect or any one of the implementation manners of the first aspect.

Drawings

Fig. 1 is a schematic configuration diagram of a security architecture system in the related art.

Fig. 2 is a schematic block diagram of a homogeneous three-level architecture.

Fig. 3 is a schematic block diagram of a heterogeneous three-level architecture.

Fig. 4a and 4b are schematic structural diagrams of a security architecture system provided in an embodiment of the present application.

Fig. 5 is a schematic diagram of a step-by-step calling manner and a cross-step calling manner provided in the embodiment of the present application.

Fig. 6 is a schematic structural diagram of a construction manner of a trusted cryptography service module according to an embodiment of the present application.

Fig. 7 is a schematic structural diagram of another construction manner of a trusted cryptography service module according to an embodiment of the present application.

Fig. 8 is a schematic structural diagram of another construction manner of a trusted cryptography service module according to an embodiment of the present application.

Fig. 9 is a schematic structural diagram of another construction manner of a trusted cryptography service module according to an embodiment of the present application.

Fig. 10 is a schematic structural diagram of another construction manner of a trusted cryptography service module according to an embodiment of the present application.

Fig. 11 is a schematic structural diagram of another construction manner of a trusted cryptography service module according to an embodiment of the present application.

Fig. 12 is a schematic structural diagram of a computing device according to an embodiment of the present application.

Fig. 13 is a schematic flowchart of a security management method according to an embodiment of the present application.

Fig. 14 is a schematic structural diagram of a security processing apparatus according to an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments.

As the demand for security of computing devices increases, more and more security technologies are gradually applied to various computing devices, wherein the security chip technology has become an important technical means of a security architecture system in the computing devices, and a security element subsystem implementing the security chip technology becomes a key part of many security architecture systems. If the security and the stability of the data of the computing system cannot be guaranteed, the computing environment becomes very vulnerable, and important resources, such as important data associated with payment, are easily leaked due to factors such as software attack or physical attack.

Generally, a security architecture system of a computing device may include three types of subsystems, namely, a Rich Execution Environment (REE) subsystem, a Trusted Execution Environment (TEE) subsystem, and a Secure Element (SE) subsystem. The safety element subsystem is fused with a typical safety computing processor architecture through a safety chip technology, a safety enhanced processor three-level safety computing architecture is constructed together, and the safety of important resources is guaranteed. Wherein, the safety protection levels of the REE subsystem, the TEE subsystem and the SE subsystem are sequentially increased. That is, the SE subsystem has the highest security level, the TEE subsystem has the second highest security level, and the REE subsystem has the lowest security level.

Fig. 1 shows a schematic structural diagram of a security architecture system. The security architecture system 100 includes a REE subsystem, a TEE subsystem, and a SE subsystem. Generally, an application running in the REE subsystem may be called a Common Application (CA), which is low in security and is vulnerable to attack. The application in fig. 1 represents a CA. For example, the application running on the REE may be a program related to a payment scenario in which basic services such as browsing items, selecting items, submitting orders, etc. are implemented. Although many security measures such as device access control, device data encryption mechanism, isolation mechanism when an application runs, access control based on authority verification, etc. are taken in the REE, the security of important data in the application cannot be guaranteed.

Applications running in the TEE subsystem are generally called Trusted Applications (TAs), which are higher in security than CAs, and can be used in data-sensitive service scenarios, such as cardholder information and identity verification in payment services. Applications running in the SE may be referred to as secure trusted applications, the security of which is highest among the three types of subsystems. Compared with the rich execution environment subsystem REE and the trusted execution environment subsystem TEE, the security of the secure element subsystem SE is the highest, important resources such as root keys and other information are generally stored in the secure element subsystem SE, and the security of the important resources stored in the secure element subsystem SE is guaranteed through means of authority verification, cryptographic technology and the like. As an implementation, the secure element subsystem SE includes an execution engine, a static random-access memory (SRAM), a non-volatile memory, or may also include a Key Derivation Function (KDF). In this case, important resources such as root keys can be stored in a non-volatile memory within the secure element subsystem SE, and the secure element subsystem SE firmware or hardware ensures that the root keys do not have a software or hardware path to pass out of the secure element subsystem SE. Furthermore, the key derivation module KDF integrated within the secure element subsystem SE may be implemented, for example, as software or hardware and used for implementing the generation of the derived key based on the root key. For example, the key derivation module KDF may be a hash function, typically used to change a short password to a long password. In a safety architecture system, the three subsystems are matched with each other, and different safety protection requirements can be flexibly provided for computing data.

The REE subsystem may include a general Operating System (OS) or a Virtual Machine (VM) running on a general-purpose embedded processor, in which an application program is installed. Application 1 through application n are shown in FIG. 1, where n is a positive integer. For example, an application may be a program that relates to a payment scenario, where basic services such as browsing for goods, selecting goods, submitting an order, etc. are implemented. The REE subsystem may include a Unified Extensible Firmware Interface (UEFI), a universal Boot loader (U-Boot). Although many security measures such as device access control, device data encryption mechanism, isolation mechanism during application operation, access control based on authority verification and the like based on software implementation can be adopted in the REE subsystem, the security of important data in the application cannot be guaranteed.

The TEE subsystem may include a general purpose secure kernel, a Trusted User Interface (TUI), and a TEE OS, which are independent operating environments running outside of a general operating system. The TUI may provide an interface with input or output secure interaction capabilities for trusted applications and users within a trusted execution environment, for example, in a payment scenario, the TUI may be used for display of transaction information and Personal Identification Number (PIN) entry, and the like. The TEE may provide trusted services to, for example, the REE subsystem and be isolated from the REE subsystem, i.e., the REE subsystem and applications thereon may not have direct access to the TEE subsystem's hardware and software resources. For example, trusted applications, such as trusted application 1 to trusted application p shown in fig. 1, may be executed in the TEE subsystem, where p is a positive integer, and a trusted operating environment is provided for the REE subsystem through the trusted applications, and then end-to-end security is ensured through protection of confidentiality and integrity and control of data access rights. Further, the TEE subsystem may run in parallel with the REE subsystem. The TEE subsystem may interact with the REE subsystem, for example, through a secure Application Programming Interface (API).

The TEE subsystem provides a higher security level of execution than the REE subsystem, but does not provide a hardware isolation level of secure key storage and cryptographic related execution. Generally, the TEE subsystem may provide a lot of APIs for the REE subsystem, so that the REE subsystem calls resources of the TEE subsystem, the more APIs provided by the TEE subsystem for performing services, the greater the risk faced by the TEE subsystem, and it is difficult to ensure that the APIs do not have potential safety hazards, such as security holes, and further, resources such as keys in the TEE subsystem have security risks. Furthermore, various TAs are operated in the TEE subsystem, the TAs are completely dependent on an isolation mechanism provided by the TEE operating system, and there is no isolation at a hardware level, so that if security holes exist in the TAs themselves or the TAs themselves actively access keys or root keys corresponding to other TAs, a great security risk also exists in sensitive resources such as the keys.

Due to the above problems of the TEE subsystem, it is proposed to build a secure and trusted storage resource and computing environment based on SE. Generally, a software system in the SE subsystem is relatively simple and includes fewer hardware components, so that it is easy to establish physical protection and implement security assurance, thereby improving the security strength of the SE subsystem to serve a security system with higher security requirements. Therein, security applications, such as security application 1 through security application m shown in fig. 1, may be executed in the SE subsystem, where m is a positive integer.

The security architecture system in the embodiment of the application may be a homogeneous three-level architecture or a heterogeneous three-level architecture. These two architectures are described separately below.

Fig. 2 is a schematic diagram of an isomorphic three-level architecture according to an embodiment of the present disclosure. In the homogeneous three-level architecture, the trusted execution environment subsystem and the secure element subsystem both run on the same security level processor core (e.g., processor security core). Assuming that the trusted execution environment subsystem and the secure element subsystem run on the first processor core, the first processor core is capable of processing both programs or services in the trusted execution environment subsystem and programs or services in the secure element subsystem.

In the architecture shown in fig. 2, the rich execution environment subsystem may include an application core (AP-Cores), the trusted execution environment subsystem may include a Secure core (Secure-Cores), and the Secure element subsystem may include a cryptographic engine (or a cryptographic service module), a Secure storage medium, and a service interface (e.g., a Dynamic Random Access Memory (DRAM) interface) of the SE. The security engine may provide resources such as cryptographic operations.

Fig. 3 is a schematic diagram of a heterogeneous three-level architecture according to an embodiment of the present application. In the heterogeneous three-level architecture, the trusted execution environment subsystem and the secure element subsystem run on different processor cores, in other words, the secure element subsystem has independent processor cores. Assuming that the trusted execution environment subsystem runs on the second processor core and the secure element subsystem runs on the third processor core, the second processor core is responsible for processing programs or services in the trusted execution environment subsystem and the third processor core is responsible for processing programs or services in the secure element subsystem.

In the architecture shown in fig. 3, the rich execution environment subsystem may include an application core (AP-core), the trusted execution environment subsystem may include a Secure core (Secure-core), and the Secure element subsystem may include an SE-specific core, a cryptographic engine, a Secure storage medium, and a service interface (e.g., a Secure DRAM interface) of the SE.

In the heterogeneous three-level architecture, the secure element subsystem has a dedicated core, so the secure element subsystem has image-wise completeness and has a custom hardware secure execution unit. The tasks in the safe element subsystem are completely independent from the execution environment of other subsystems, so that higher safety and higher execution efficiency can be provided.

With the development of technology, in a wider network environment, people put higher demands on the security of the system, for example, people want any operation or process behavior of a remote entity to be predictable or controllable, and thus, a trusted computing technology is developed. One of the core goals of trust is to ensure the integrity of the system and applications (or software) to ensure that the system or application runs in a trusted state as desired by design goals. Trust is the basis for security, and any security scheme or security policy can further ensure the security design goal only if it is run in an untampered environment. In general, incorporating trusted verification in systems and applications can reduce the likelihood of attacks due to the use of unknown or tampered systems/software.

Trusted Computing (TC) is a technology that is pushed and developed by the Trusted Computing Group (TCG). One of the core goals of trust is to ensure the integrity of the system and applications, thereby determining the trusted state that the system or software is operating in as expected by design goals. Incorporating trusted verification in systems and applications can reduce the likelihood of attacks due to unknown or tampered systems/software being used. By way of example, personal Computer (PC) trust is that, in popular terms, trust is to detect the integrity and correctness of a Basic Input Output System (BIOS) and an operating system when each PC is started, so that it is ensured that a user does not tamper with a hardware configuration and an operating system when using a PC, and security measures and settings of all systems cannot be bypassed; after the application is started, all applications such as social software, music software, video software and the like can be monitored in real time, and damage-stopping measures are taken immediately if the applications are found to be tampered.

Credibility is mainly realized through technical means of measurement and verification. The measurement is to collect the state of the detected software or system, and the verification is to compare the measurement result with a reference value to see whether the measurement result is consistent with the reference value, if so, the verification is passed, and if not, the verification is failed. Trusted computing ensures trustworthiness by algorithms and keys embedded in trusted hardware by the chip vendor, and by measurement and verification of the software stack by an integrated dedicated microcontroller. According to the classification of the security chip and the Trusted Software base (Trusted Software Stack) running thereon, there are three main types of currently mainstream Trusted computing standards in the industry: a Trusted Platform Module (TPM), a Trusted Cryptography Module (TCM), and a Trusted Platform Control Module (TPCM).

In the market, TPM and TCM are generally implemented as a chip embedded inside a computing device to provide a root of trust for the computing device. The specification of the TPM chip is made by the TCG. The TCM is a domestic trusted computing technology, the function of the TCM corresponds to that of the TPM, and the difference is that the cryptographic technology in the TCM is independently developed by China, so that the national information security is guaranteed.

TPCM is a trusted standard (currently a corporate standard in China) proposed based on a localization idea. Relative to the TPM and the trusted cryptography service module, the TPCM makes a great change to a hardware and Trusted Software Stack (TSS) architecture. The TPCM has the greatest advantages of being capable of being used as an active measure and using a cipher algorithm independently developed by China. However, the TPCM is not commercially scaled and matured on a computing host.

The embodiment of the application is mainly introduced to the trusted password service module.

The functions that the trusted cryptography service module can implement may include the following three. 1. And calculating the integrity measurement value of the system platform by taking the credibility measurement root as a starting point, and establishing a trust chain of the computer system platform to ensure the credibility of the system platform. 2. Because the credible report root can identify the credibility of the platform identity and has uniqueness, the platform identity certification and the integrity report can be realized on the basis of the credible report root. 3. Based on the trusted storage root, the functions of key management and platform data security protection are realized, and corresponding cryptographic services are provided.

The trusted cryptography service module in the related art is usually disposed outside the processor chip, i.e., the trusted cryptography service module is disposed independently of the security architecture system. When the service provided by the trusted cryptography service module needs to be used, the processor needs to call the external trusted cryptography service module for processing, which is not beneficial to improving the processing speed.

In addition, the trusted cryptography service module is used as an external device of the computing device, functions through host software calling in a passive hooking mode, and only functions through host software calling, and the security capability of the trusted cryptography service module completely depends on the security of a host system, so that the active defense capability of the computer system cannot be substantially improved. Once the host is controlled by an attacker, the role of the trusted cryptographic service module is played. Therefore, the security of the computer system cannot be effectively improved by adopting the trusted password service module arranged in a plug-in mode.

In general, in the technical scheme of the external trusted cryptography service module, since information interaction between the processor and the external trusted cryptography service module needs to be realized, a situation that interaction information is stolen or leaked by a third party easily occurs, and the safety of the processor is greatly threatened. In addition, the technical scheme of the external trusted cryptographic service module is not beneficial to improving the processing speed.

Based on this, the embodiments of the present application propose that the trusted cryptography service module may be integrated in the security architecture system, or the trusted cryptography service module may be constructed in the security architecture system in the embodiments of the present application. For example, the trusted cryptography service module includes a TCM service module and a TCM cryptography module, and the TCM service module and the TCM cryptography module are separated, which is beneficial to improving the flexibility of scheduling. In some embodiments, the TCM service module is built in the trusted execution environment subsystem, the TCM cryptographic module is built in the secure element subsystem; in some embodiments, the TCM service module is implemented in the secure element subsystem and the TCM cryptographic module is implemented in the trusted execution environment subsystem. Because the trusted cryptographic service module is integrated in the security architecture system, the time for the trusted cryptographic service module to provide services can be shortened, and the processing speed can be improved. In addition, the security capability of the trusted cryptography service module can be independent of the security of the host system and can play a role autonomously, so that the security of the computer system can be improved.

The security architecture system in the embodiment of the application may be loaded with a rich execution environment subsystem, a trusted execution environment subsystem, and a secure element subsystem. The security architecture system may be the above-described homogeneous three-level architecture, or may be a heterogeneous three-level architecture. The descriptions of the rich execution environment subsystem, the trusted execution environment subsystem, and the secure element subsystem may be referred to the foregoing description, and for brevity, are not described in detail here.

The trusted password service module in the embodiment of the application can provide trusted service for the application program. For example, the trusted cryptographic service module may be configured to receive a service request initiated by an application and to obtain an execution result in response to the service request. For example, the trusted cryptographic service module may execute a service based on a service request initiated by an application, thereby obtaining an execution result.

The application program in the embodiment of the present application may be an application program running in the rich execution environment subsystem, and may also be a secure application running in the trusted execution environment subsystem.

The service request initiated by the application may be referred to as a secure service request. The service request may be for one or more of the following services: a trustworthiness metric, a trustworthiness report, and a trustworthiness store.

The trusted cryptography service module in the embodiment of the present application may include a TCM cryptography module and a TCM service module. The TCM service module and the TCM cryptographic module are combined to form a core technology or an important component of the trusted computing cryptography support service platform. The TCM cryptographic module and the TCM service module can together provide cryptographic support for the security measurement of the trusted computing platform.

The TCM cryptographic module may be a stand-alone module with protected memory space. The TCM cryptographic module may include trusted computing resources, that is, the TCM cryptographic module is capable of providing trusted computing resources for the trusted cryptographic service module. For example, the TCM cryptographic module may provide computing resources such as cryptographic operations, true Random Number Generators (TRNGs), trusted roots, storage, and the like for the trusted cryptographic service module. The only interface for the TCM cryptographic module to interact with the system is a set of standard interfaces, which are the chinese standards introduced by the chinese national code administration in conjunction with the Information Technology (IT) enterprise.

The TCM service module may include a service interface, in other words, the TCM service module may provide a service interface for a user (or an application) to call a resource in the TCM cryptographic module. In some embodiments, the TCM service module may call the TCM cryptographic module through the service interface, thereby providing security services such as trusted metrics, trusted reports, trusted storage, and the like for the application. In other embodiments, the TCM service module may also manage resources of the TCM cryptographic module, or the TCM service module may also hide complex functional commands in the TCM cryptographic module, thereby reducing complexity of using the TCM cryptographic module by the user. The interface standard of the TCM service module is also provided by the China national code administration in combination with the domestic information technology IT enterprise. Different manufacturers have different design implementations of TCM service modules.

In some embodiments, the TCM service module may provide services for the application by calling the TCM cryptographic module. For example, the TCM service module may be configured to receive a service request initiated by an application program, and call the TCM cryptographic module to perform a service through the service interface, so as to obtain an execution result. For example, for services such as trusted metrics, hardware resources (such as cryptographic operation resources) of the TCM cryptographic module are required to be used for execution, and therefore, if a service initiated by an application is a trusted metrics service, the TCM service module may call the TCM cryptographic module to execute the service. The TCM service module and the TCM password module are combined to provide services for the application program, and the security of the system is improved.

In other embodiments, the TCM service module may also provide services for the application program independently, so that the speed of the trusted cryptography service module providing services for the application program can be increased. For example, the TCM service module may be configured to receive a service request initiated by an application program and execute a service based on the service request, resulting in an execution result. For example, for services such as querying trusted reports, trusted storage, etc., the TCM service module may not need to call the TCM cryptographic module, but may perform the service independently.

In a general scenario, an application program needs to obtain a service through a service interface provided by a TCM service module. However, in some special application scenarios, the application program may also directly initiate a service request to the TCM cryptographic module without passing through the TCM service module. For example, the TCM cryptographic module may be configured to receive a service request initiated by an application program and execute a service based on the service request, resulting in an execution result.

The embodiment of the present application does not specifically limit the construction manner of the TCM service module and the TCM cryptographic module in the security architecture system. As one example, the TCM service module and TCM cryptographic module may be built in different subsystems other than the rich execution environment subsystem, as shown in fig. 4a and 4 b. The TCM service module and the TCM password module are built in different subsystems, so that the flexibility of system calling can be improved.

In some embodiments, the TCM service module may be built in a trusted execution environment subsystem and the TCM cryptographic module is built in a secure element subsystem, as shown in fig. 4 a. The TCM cryptographic module is built in the secure element subsystem, so that the TCM cryptographic module can multiplex hardware resources in the secure element subsystem, and cost reduction is facilitated. The secure element subsystem comprises computing hardware resources of the TCM cryptographic module and has the characteristics of high performance, low power consumption, quick response and the like. Software and hardware security architectures, such as Trustzone, software protection extensions (SGX) and other technologies, are applied in the trusted execution environment subsystem, and can provide additional security guarantee for the execution environment for the TCM service module placed therein.

In other embodiments, the TCM service module may be built in the secure element subsystem and the TCM cryptographic module may be built in the trusted execution environment subsystem, as shown in fig. 4 b. Software and hardware security architectures, such as Trustzone, SGX and other technologies, are applied in the trusted execution environment subsystem, and additional security guarantee of the execution environment can be provided for the TCM cryptographic module placed in the trusted execution environment subsystem. The secure element subsystem has a trusted and secure storage resource and a computing environment, and can provide additional security guarantee of an execution environment for the TCM service module placed in the secure element subsystem.

Because the trusted execution environment subsystem and the secure element subsystem have secure operating environments, the TCM service module and the TCM cryptographic module are built in the two subsystems, and the requirements of the TCM service module and the TCM cryptographic module on security can be met.

The trusted cryptography service module in the embodiment of the present application may further include a TCM driver module. The TCM driver module may include a driver layer interface. The application may initiate a service request through the driver layer interface. The TCM driver module may also be referred to as a user interface program or firmware TCM (firmware-TCM, fptcm). The TCM driver module may provide standard services for some or all of the trusted cryptography service modules. What services the TCM driver module can specifically provide can be flexibly designed according to actual needs. For example, some TCM driver modules may provide services for querying trusted reports, some TCM driver modules may provide services for trusted storage, and some TCM driver modules may provide standard services for all trusted cryptography service modules.

The TCM driving module may be constructed in various ways, and this is not particularly limited in the embodiment of the present application. As one example, the TCM driver module may be built in at least one of a rich execution environment subsystem, a trusted execution environment subsystem, and a secure element subsystem. For example, the TCM driver module may be built into a rich execution environment subsystem. As another example, the TCM driver module may be built into the trusted execution environment subsystem. The TCM driver module built in the trusted execution environment subsystem can use a general trusted core as a calculation carrier, and has the characteristics of high response speed and high safety. In addition, a software and hardware security architecture, such as Trustzone, SGX and other technologies, is applied in the trusted execution environment subsystem, and additional security guarantee of the execution environment can be provided for the TCM driver module placed therein. As another example, the TCM driver module may be built into the secure element subsystem. For another example, the TCM driver module may be implemented in the rich execution environment subsystem and the trusted execution environment subsystem, that is, the TCM driver module is implemented in both the rich execution environment subsystem and the trusted execution environment subsystem.

The TCM driver module can provide service for the application program by calling the TCM service module and/or the TCM password module, or the TCM driver module can also independently provide service for the application program. For example, the TCM driver module may be configured to receive a service request initiated by an application program and, in response to the service request, send a TCM service request to the TCM service module and/or the TCM cryptographic module over the driver layer interface to obtain an execution result. As another example, the TCM driver module may be configured to receive a service request initiated by an application program, and execute a service based on the service request, resulting in an execution result.

For convenience of description, a service request directly initiated by an application is hereinafter referred to as a secure service request, and a request initiated by the application through the TCM driver module is hereinafter referred to as a TCM service request. It should be noted that the security service request and the TCM service request are essentially application-initiated requests.

The following introduces a security scheduling process for different construction modes of the TCM service module, the TCM cryptographic module, and the TCM driver module.

Before introducing the security scheduling process, a security calling method in the embodiment of the present application is introduced. The safe calling mode in the embodiment of the application can be divided into two modes, one mode is a step-by-step calling mode, and the other mode is a cross-step calling mode.

The step-by-step calling modes may include REE → TEE → SE, and SE → TEE → REE, as illustrated by paths (1), (2), (3), (4) in FIG. 5. And service requests initiated by the application programs running in the rich execution environment subsystem are processed by the trusted execution environment subsystem and the safety element subsystem in sequence to obtain execution results. The execution result sequentially passes through the secure element subsystem and the trusted execution environment subsystem and finally returns to the rich execution environment subsystem. Because the calling mode needs to pass through the trusted execution environment subsystem and the secure element subsystem, both the trusted execution environment subsystem and the secure element subsystem have certain security protection measures, and an attacker needs to break the protection of the trusted execution environment subsystem and the secure element subsystem one by one, the calling mode can increase the attack difficulty and is beneficial to improving the security.

In some embodiments, the progressive calling mode may further include REE → TEE, and TEE → REE, as shown in paths (1), (4) of FIG. 5. This manner of invocation requires only the trusted execution environment subsystem to complete the service. And the service request initiated by the application program running in the rich execution environment subsystem is processed by the trusted execution environment subsystem to obtain an execution result. The trusted execution environment subsystem may send the execution results to the rich execution environment subsystem. The number of subsystems needing to be scheduled is small in the mode, and the processing speed is improved.

The cross-level calling patterns may include REE → SE, and SE → REE, as shown in paths (5) and (6) of FIG. 5. And the service request initiated by the application program running in the rich execution environment subsystem is processed by the safety element subsystem to obtain an execution result. The secure element subsystem may send the execution results to the rich execution environment subsystem. The number of subsystems needing to be scheduled is small, and the method is favorable for improving the processing speed. In addition, the security level of the secure element subsystem is relatively high, and the secure element subsystem executes services, so that the security of the system can be ensured to a certain extent.

The following describes a scheme in which the TCM service module is built in the trusted execution environment subsystem and the TCM cryptographic module is built in the secure element subsystem.

Example 1

As shown in fig. 6, the TCM service module is built in the trusted execution environment subsystem, the TCM cryptographic module is built in the secure element subsystem, and the TCM driver module is built in the rich execution environment subsystem.

In the construction shown in fig. 6, since the TCM driver module is built in the rich execution environment subsystem, an application running in the rich execution environment subsystem can request a service from the TCM service module and/or the TCM cryptographic module through the TCM driver module.

In some embodiments, the rich execution environment subsystem may be configured to send a first TCM service request to the trusted execution environment subsystem through the TCM driver module. The trusted execution environment subsystem may be configured to invoke the TCM service module to execute the TCM service based on the first TCM service request, resulting in an execution result. In some application scenarios, the TCM service module may also perform the service alone, for example, for the service of querying a trusted report, trusted storage, and the like, the TCM service module may not need to call the TCM cryptographic module, but may complete the service independently. Therefore, if the service request can be completed by the TCM service module alone, the trusted execution environment subsystem can directly call the TCM service module to execute the service, and obtain the execution result. The trusted execution environment subsystem may send the execution results to the rich execution environment subsystem.

The calling mode is a step-by-step calling mode. When the application program running in the rich execution environment subsystem has service requirements, the trusted execution environment subsystem can provide services, so that the response speed is improved, and the power consumption is reduced.

In other embodiments, the TCM service module may also perform the service by calling the TCM cryptographic module. For example, for services such as the trusted measurement, hardware resources (such as cryptographic operation resources) of the TCM cryptographic module are required to be used for execution, and therefore, if a service initiated by an application is a trusted measurement service, the TCM service module may call the TCM cryptographic module to execute the service. The TCM service module and the TCM password module are combined to provide services for the application program, and the security of the system is improved. The specific calling procedure is described below.

The rich execution environment subsystem may be configured to send a first TCM service request to the trusted execution environment subsystem. The trusted execution environment subsystem may be configured to send a second TCM service request to the secure element subsystem based on the first TCM service request. The secure element subsystem may be configured to invoke the TCM cryptographic module to perform the TCM service based on the second TCM service request, resulting in an execution result.

After receiving the first TCM service request, the trusted execution environment subsystem may determine whether the first TCM service request requires computing resource support of the TCM cryptographic module. If so, the trusted execution environment subsystem may send a second TCM service request to the secure element subsystem; the trusted execution environment subsystem may directly execute the service if not needed. The first TCM service request and the second TCM service request may be the same or different, and this is not specifically limited in this embodiment of the application.

For example, an application in the rich execution environment subsystem may send a first TCM service request to the trusted execution environment subsystem through the TCM driver module. After the trusted execution environment subsystem receives the first TCM service request from the rich execution environment subsystem, corresponding services can be provided through the TCM service module. If the task execution of the TCM service module requires the support of the computing resources of the TCM cryptographic module, the trusted execution environment subsystem sends a second TCM service request to the secure element subsystem. And after receiving a second TCM service request from the trusted execution environment subsystem, the secure element subsystem calls the TCM cryptographic module to execute service to obtain an execution result. The secure element subsystem returns the execution results to the trusted execution environment subsystem. The trusted execution environment subsystem forwards the execution results to the rich execution environment subsystem.

The calling mode is a step-by-step calling mode. Because the calling mode needs to pass through the trusted execution environment subsystem and the secure element subsystem, both the trusted execution environment subsystem and the secure element subsystem have certain security protection measures, and an attacker needs to break through the protection of the trusted execution environment subsystem and the secure element subsystem one by one, the calling mode can increase the attack difficulty and is beneficial to improving the security.

In other embodiments, the rich execution environment subsystem may be configured to send a third TCM service request to the secure element subsystem, and the secure element subsystem may be configured to invoke the TCM crypto module to execute the TCM service based on the third TCM service request, resulting in an execution result.

The calling mode is a direct calling between the rich execution environment subsystem and the secure element subsystem, and does not pass through the trusted execution environment subsystem, namely the cross-level calling mode described above, so that the scheduling flexibility can be improved, the power consumption can be reduced, and the response speed can be improved.

In this embodiment of the application, an application program running in the rich execution environment subsystem may determine whether to initiate a TCM service request to the trusted execution environment system or to initiate a TCM service request to the TCM cryptographic module according to a current application scenario, for example, according to a forwarding design of the TCM driver module for different service types.

Example two

As shown in fig. 7, the TCM service module is built in the trusted execution environment subsystem, the TCM password module is built in the secure element subsystem, and the TCM driver module is built in the trusted execution environment subsystem.

In the implementation shown in fig. 7, since the TCM driver module is not implemented in the rich execution environment subsystem, an application in the rich execution environment subsystem may initiate a security service request to the trusted execution environment subsystem. After receiving the security service request, the trusted execution environment subsystem may call the TCM driver module to execute a service to the TCM service module and/or the TCM cryptographic module.

The rich execution environment subsystem may be configured to send an application-initiated service request to the trusted execution environment subsystem. The trusted execution environment subsystem may be configured to invoke the TCM driver module and/or the TCM service module to perform the service based on the application-initiated service request, resulting in an execution result, or the trusted execution environment subsystem may be configured to send a fourth TCM service request to the secure element subsystem via the TCM driver module based on the application-initiated service request. The secure element subsystem may be configured to invoke the TCM cryptographic module to perform the TCM service based on the fourth TCM service request, resulting in an execution result. The trusted execution environment subsystem can flexibly select a mode for providing service for the application program based on the service requirement of the application program, and is favorable for improving the flexibility of the system.

When the application program running in the rich execution environment subsystem has service requirements, a security service request can be sent to the trusted execution environment subsystem. After the trusted execution environment subsystem receives the security service request, it can determine which modules are required to support the execution of the service according to the type of the security service request. If the security service request can be fulfilled by the TCM driver module, the trusted execution environment subsystem can call the TCM driver module to execute the service to obtain an execution result, and the trusted execution environment subsystem can send the execution result to the rich execution environment subsystem. If the security service request needs the support of the TCM driver module and the TCM service module, the trusted execution environment subsystem can call the TCM driver module and the TCM service module to execute the service, obtain an execution result, and send the execution result to the rich execution environment subsystem. If the secure service request requires support by a TCM cryptographic module, the rich execution environment subsystem may send a fourth TCM service request to the secure element subsystem. The secure element subsystem may perform a service based on the fourth TCM service request, resulting in a TCM service execution result. The secure element subsystem may send the TCM service execution results to the trusted execution environment subsystem. The trusted execution environment subsystem may execute the security service based on the TCM service execution result to obtain an execution result. The trusted execution environment subsystem may send the execution results to the rich execution environment subsystem.

Example three

As shown in fig. 8, the TCM service module is built in the trusted execution environment subsystem, the TCM password module is built in the secure element subsystem, and the TCM driver module includes a first TCM driver module and a second TCM driver module, the first TCM driver module is built in the rich execution environment subsystem, and the second TCM driver module is built in the trusted execution environment subsystem. That is, the TCM driver module is built in both the rich execution environment subsystem and the trusted execution environment subsystem. The TCM driver modules are constructed in both the rich execution environment subsystem and the trusted execution environment subsystem, so that the scheduling flexibility can be improved.

In some embodiments, the first TCM driver module and the second TCM driver module may provide different services. For example, a first TCM driver module is configured to provide trusted storage related services, and a second TCM driver module is configured to provide trusted metrics related services. In other embodiments, the first TCM driver module and the second TCM driver module may provide the same service.

In the implementation shown in fig. 8, the rich execution environment subsystem may be configured to send a fifth TCM service request to the secure element subsystem through the first TCM driver module, or the rich execution environment subsystem may be configured to send an application-initiated service request to the trusted execution environment subsystem. The trusted execution environment subsystem may be configured to invoke the second TCM driver module and/or the TCM service module to execute the service based on the service request initiated by the application program, resulting in an execution result. The secure element subsystem may be configured to invoke the TCM cryptographic module to execute the TCM service based on the fifth TCM service request, resulting in an execution result.

For specific execution procedures of the trusted execution environment subsystem and the secure element subsystem, reference may be made to the description of example one and example two, and details are not described here for brevity.

In other embodiments, the rich execution environment subsystem may be configured to send a TCM service request to the trusted execution environment subsystem through the first TCM driver module. The trusted execution environment subsystem may be configured to invoke the TCM service module to execute the service based on the TCM service request, resulting in an execution result. Alternatively, the trusted execution environment subsystem may be configured to send a TCM service request to the secure element subsystem. The secure element subsystem may execute the service based on the TCM service request from the trusted execution environment subsystem, resulting in an execution result. The implementation process is similar to that in example one, and the content not described in detail can be referred to the foregoing description.

The application program running in the rich execution environment subsystem can execute different operations according to different service types provided by the TCM driver module. For example, an application may select a TCM driver module for which service can be provided to initiate a service request. For example, if an application requests a service request for trusted storage, and a first TCM driver module is capable of providing trusted storage service, the application may initiate a TCM service request to the trusted execution environment subsystem through the first TCM driver module. For another example, if an application requests a service request for trusted metrics, and the second TCM driver module is capable of providing trusted metrics services, the application may initiate a security service request to the trusted execution environment subsystem. Of course, if the types of services that the first TCM driver module and the second TCM driver module can provide are the same, the application may select any one of the first TCM driver module and the second TCM driver module to perform the service.

The above describes a scheme in which the TCM service module is built in the trusted execution environment subsystem and the TCM cryptographic module is built in the secure element subsystem, and the following describes a scheme in which the TCM service module is built in the secure element subsystem and the TCM cryptographic module is built in the trusted execution environment subsystem.

Example four

As shown in fig. 9, the TCM service module is built in the secure element subsystem, the TCM cryptographic module is built in the trusted execution environment subsystem, and the TCM driver module is built in the rich execution environment subsystem.

In the construction shown in fig. 9, since the TCM driver module is built in the rich execution environment subsystem, an application running in the rich execution environment subsystem can request a service from the TCM service module and/or the TCM cryptographic module through the TCM driver module.

As one example, the rich execution environment subsystem may be configured to send a sixth TCM service request to the trusted execution environment subsystem through the TCM driver module. The trusted execution environment subsystem may be configured to invoke the TCM cryptographic module to execute the TCM service based on the sixth TCM service request, resulting in an execution result.

In some application scenarios, an application may directly initiate a service request to the TCM cryptographic module without going through the TCM service module. Therefore, when the application program in the embodiment of the application has a service requirement, the trusted execution environment subsystem can provide the service, so that the response speed is improved, and the power consumption is reduced.

As another example, the rich execution environment subsystem may be configured to send a seventh TCM service request to the secure element subsystem through the TCM driver module. The secure element subsystem may be configured to invoke the TCM service module to perform the service based on the seventh TCM service request, resulting in an execution result; alternatively, the secure element subsystem may be configured to send an eighth TCM service request to the trusted execution environment subsystem based on the seventh TCM service request. The trusted execution environment subsystem may be configured to invoke the TCM cryptographic module to execute the TCM service based on the eighth TCM service request, resulting in an execution result. The secure element subsystem can flexibly select a mode for providing services for the application program based on the service requirements of the application program, and is favorable for improving the flexibility of the system.

After receiving the seventh TCM service request, the secure element subsystem may determine whether the seventh TCM service request requires computing resource support of the TCM cryptographic module. If so, the secure element subsystem may send an eighth TCM service request to the trusted execution environment subsystem; the secure element subsystem may perform the service directly if not required. The seventh TCM service request and the eighth TCM service request may be the same or different, and this is not specifically limited in this embodiment of the application.

For example, an application in the rich execution environment subsystem may send a seventh TCM service request to the secure element subsystem through the TCM driver module. After the secure element subsystem receives the seventh TCM service request from the rich execution environment subsystem, the corresponding service can be provided through the TCM service module. If the task execution of the TCM service module requires the computing resource support of the TCM cryptographic module, the secure element subsystem sends an eighth TCM service request to the trusted execution environment subsystem. And after receiving the eighth TCM service request from the secure element subsystem, the trusted execution environment subsystem calls the TCM cryptographic module to execute service to obtain an execution result. The trusted execution environment subsystem returns execution results to the secure element subsystem. The secure element subsystem forwards the execution results to the rich execution environment subsystem.

Because the calling mode needs to pass through the trusted execution environment subsystem and the secure element subsystem, both the trusted execution environment subsystem and the secure element subsystem have certain security protection measures, and an attacker needs to break through the protection of the trusted execution environment subsystem and the secure element subsystem one by one, the calling mode can increase the attack difficulty and is beneficial to improving the security.

Example five

As shown in fig. 10, a TCM service module is built in the secure element subsystem, a TCM cryptographic module is built in the trusted execution environment subsystem, and a TCM driver module is built in the trusted execution environment subsystem.

In the implementation shown in fig. 10, since the TCM driver module is not implemented in the rich execution environment subsystem, an application in the rich execution environment subsystem may initiate a secure service request to the trusted execution environment subsystem. After receiving the security service request, the trusted execution environment subsystem may call one or more of the TCM driver module, the TCM service module, and the TCM cryptographic module to execute the service.

In some embodiments, the rich execution environment subsystem may be configured to send an application-initiated service request to the trusted execution environment subsystem, and the trusted execution environment subsystem may be configured to invoke the TCM driver module and/or the TCM crypto module to perform a service based on the application-initiated service request, resulting in an execution result. The trusted execution environment subsystem may send the execution results to the rich execution environment subsystem.

After the trusted execution environment subsystem receives the security service request sent by the rich execution environment subsystem, it can determine which modules to call to execute the service according to actual needs. If the service request can be completed only by the TCM driver module, the trusted execution environment subsystem can call the TCM driver module to execute the service. If the service request requires computational resource support by the TCM cryptographic module, the trusted execution environment subsystem may invoke the TCM driver module and the TCM cryptographic module to perform the service.

Of course, in some embodiments, the trusted execution environment subsystem may also send TCM service requests to the secure element subsystem through the TCM driver module. After receiving the TCM service request, the secure element subsystem can call the TCM service module to execute the service, and obtain an execution result. The secure element subsystem sends the execution result to the trusted execution environment subsystem. The trusted execution environment subsystem may forward the execution result to the rich execution environment subsystem.

Example six

As shown in fig. 11, the TCM service module is built in the secure element subsystem, the TCM crypto module is built in the trusted execution environment subsystem, and the TCM driver module includes a third TCM driver module and a fourth TCM driver module, the third TCM driver module is built in the rich execution environment subsystem, and the fourth TCM driver module is built in the trusted execution environment subsystem. That is, the TCM driver modules are built in both the rich execution environment subsystem and the trusted execution environment subsystem. The TCM driver modules are constructed in both the rich execution environment subsystem and the trusted execution environment subsystem, so that the scheduling flexibility can be improved.

In some embodiments, the third and fourth TCM driver modules may provide different services. For example, a third TCM driver module is configured to provide trusted storage related services, and a fourth TCM driver module is configured to provide trusted metrics related services. In other embodiments, the third TCM driver module and the fourth TCM driver module may provide the same service.

The rich execution environment subsystem may be configured to send a ninth TCM service request to the secure element subsystem through the third TCM driver module, or the rich execution environment subsystem may be configured to send an application-initiated service request to the trusted execution environment subsystem. In some embodiments, applications in the rich execution environment subsystem may perform different operations based on the type of service provided by the TCM driver module. The flexibility of the system can be improved by the application program automatically selecting the calling mode.

An application may select a TCM driver module for which service can be provided to initiate a service request. For example, if an application requests a service request for trusted storage and the third TCM driver module is capable of providing trusted storage service, the application may initiate a ninth TCM service request to the secure element subsystem through the third TCM driver module. For another example, if an application requests a service request for trusted metrics, and the fourth TCM driver module is capable of providing trusted metrics services, the application may initiate a security service request to the trusted execution environment subsystem. Of course, if the types of services that the third TCM driver module and the fourth TCM driver module can provide are the same, the application may select any one of the third TCM driver module and the fourth TCM driver module to perform the service.

After receiving the service request initiated by the application program, the trusted execution environment subsystem may call the fourth TCM driver module and/or the TCM cryptographic module to execute the service based on the service request initiated by the application program, so as to obtain an execution result. The trusted execution environment subsystem may send the execution results to the rich execution environment subsystem.

After receiving the ninth TCM service request from the rich execution environment subsystem, the secure element subsystem may invoke the TCM service module to execute the service based on the ninth TCM service request, and obtain an execution result. The secure element subsystem may send the execution results to the rich execution environment subsystem.

In some embodiments, the rich execution environment subsystem may also send a ninth TCM service request to the secure element subsystem through the trusted execution environment subsystem. The secure element subsystem may send the execution results to the rich execution environment subsystem through the trusted execution environment subsystem.

Fig. 12 is a schematic structural diagram of a computing device according to an embodiment of the present application. The computing device 1200 may include a secure architecture system 1210. The security architecture system 1210 may be any of the security architecture systems described above.

The embodiment of the present application does not specifically limit the specific form of the computing device. For example, the computing device may be a mobile terminal, a desktop computer, a tablet computer, a Personal Computer (PC), a Personal Digital Assistant (PDA), a smart watch, a netbook, a wearable electronic device, an Augmented Reality (AR) device, and so forth.

The apparatus embodiments of the present application are described in detail above with reference to fig. 1 to 12, and the method embodiments of the present application are described in detail below with reference to fig. 13. It is to be understood that the description of the method embodiments corresponds to the description of the apparatus embodiments, and therefore reference may be made to the preceding method embodiments for parts not described in detail.

Fig. 13 is a flowchart illustrating a security management method according to an embodiment of the present application. The method may be applied to any of the security architecture systems described above. The security architecture system is loaded with a rich execution environment subsystem, a trusted execution environment subsystem, and a secure element subsystem. The security architecture system is built with a trusted cryptographic service module, the trusted cryptographic service module comprises a TCM service module and a TCM cryptographic module, and the TCM service module and the TCM cryptographic module are built in different subsystems except the rich execution environment subsystem.

As shown in fig. 13, the method includes step S1310.

Step 1310: the trusted password service module receives a service request initiated by an application program, responds to the service request and obtains an execution result.

Optionally, in some embodiments, the TCM services module is implemented in the trusted execution environment subsystem, the TCM cryptography module is implemented in the secure element subsystem, or the TCM services module is implemented in the secure element subsystem, the TCM cryptography module is implemented in the trusted execution environment subsystem.

Optionally, in some embodiments, the TCM service module includes a service interface, and the trusted cryptography service module receives a service request initiated by an application program, and obtains an execution result in response to the service request, including: and the TCM service module receives a service request initiated by the application program, and calls the TCM cryptographic module to execute service through the service interface to obtain an execution result.

Optionally, in some embodiments, the receiving, by the trusted cryptography service module, a service request initiated by an application program, and obtaining an execution result in response to the service request includes: and the TCM service module receives a service request initiated by the application program, executes service based on the service request and obtains an execution result.

Optionally, in some embodiments, the trusted cryptography service module further includes a TCM driver module, the TCM driver module is built in at least one of the rich execution environment subsystem, the trusted execution environment subsystem, and the secure element subsystem, the TCM driver module includes a driver layer interface, and the trusted cryptography service module receives a service request initiated by an application program, and obtains an execution result in response to the service request, including: the TCM driver module receives a service request initiated by the application program, and responds to the service request, and sends a TCM service request to the TCM service module and/or the TCM password module through the driver layer interface so as to obtain an execution result; or the TCM driver module receives a service request initiated by the application program and executes service based on the service request to obtain an execution result.

Optionally, in some embodiments, the TCM service module is built in the trusted execution environment subsystem, the TCM cryptographic module is built in the secure element subsystem, the TCM driver module is built in the rich execution environment subsystem, and the trusted cryptographic service module receives a service request initiated by an application program, and obtains an execution result in response to the service request, including: the rich execution environment subsystem sends a first TCM service request to the trusted execution environment subsystem through the TCM driver module; the trusted execution environment subsystem calls the TCM service module to execute TCM service based on the first TCM service request to obtain an execution result, or the trusted execution environment subsystem sends a second TCM service request to the secure element subsystem based on the first TCM service request; and the secure element subsystem calls the TCM cryptographic module to execute TCM service based on the second TCM service request to obtain an execution result.

Optionally, in some embodiments, the TCM service module is built in the trusted execution environment subsystem, the TCM cryptographic module is built in the secure element subsystem, the TCM driver module is built in the rich execution environment subsystem, and the trusted cryptographic service module receives a service request initiated by an application program, and obtains an execution result in response to the service request, including: the rich execution environment subsystem sends a third TCM service request to the secure element subsystem through the TCM driver module; and the secure element subsystem calls the TCM cryptographic module to execute TCM service based on the third TCM service request to obtain an execution result.

Optionally, in some embodiments, the TCM service module is built in the trusted execution environment subsystem, the TCM cryptographic module is built in the secure element subsystem, the TCM driver module is built in the trusted execution environment subsystem, and the trusted cryptographic service module receives a service request initiated by an application program, and obtains an execution result in response to the service request, including: the rich execution environment subsystem sends the service request initiated by the application program to the trusted execution environment subsystem; the trusted execution environment subsystem calls the TCM driver module and/or the TCM service module to execute services based on a service request initiated by the application program to obtain an execution result; or, the trusted execution environment subsystem sends a fourth TCM service request to the secure element subsystem through the TCM driver module based on the service request initiated by the application; and the secure element subsystem calls the TCM cryptographic module to execute TCM service based on the fourth TCM service request to obtain an execution result.

Optionally, in some embodiments, the TCM service module is implemented in the trusted execution environment subsystem, the TCM crypto module is implemented in the secure element subsystem, and the TCM driver module includes a first TCM driver module and a second TCM driver module, the first TCM driver module being implemented in the rich execution environment subsystem, the second TCM driver module being implemented in the trusted execution environment subsystem.

Optionally, in some embodiments, the receiving, by the trusted cryptography service module, a service request initiated by an application program, and obtaining an execution result in response to the service request includes: the rich execution environment subsystem sends a fifth TCM service request to the secure element subsystem through the first TCM driver module or sends the application-initiated service request to the trusted execution environment subsystem; the trusted execution environment subsystem calls the second TCM driver module and/or the TCM service module to execute service based on a service request initiated by the application program to obtain an execution result; and the secure element subsystem calls the TCM password module to execute TCM service based on the fifth TCM service request to obtain an execution result.

Optionally, in some embodiments, the TCM service module is built in the secure element subsystem, the TCM cryptographic module is built in the trusted execution environment subsystem, the TCM driver module is built in the rich execution environment subsystem, and the trusted cryptographic service module receives a service request initiated by an application program, and obtains an execution result in response to the service request, including: the rich execution environment subsystem sends a sixth TCM service request to the trusted execution environment subsystem through the TCM driver module; and the trusted execution environment subsystem calls the TCM cryptographic module to execute TCM service based on the sixth TCM service request to obtain an execution result.

Optionally, in some embodiments, the TCM service module is built in the secure element subsystem, the TCM cryptographic module is built in the trusted execution environment subsystem, the TCM driver module is built in the rich execution environment subsystem, and the trusted cryptographic service module receives a service request initiated by an application program, and obtains an execution result in response to the service request, including: the rich execution environment subsystem sends a seventh TCM service request to the secure element subsystem through the TCM driver module; the secure element subsystem calls the TCM service module to execute TCM service based on the seventh TCM service request to obtain an execution result, or the secure element subsystem sends an eighth TCM service request to the trusted execution environment subsystem based on the seventh TCM service request; and the trusted execution environment subsystem calls the TCM cryptographic module to execute TCM service based on the eighth TCM service request to obtain an execution result.

Optionally, in some embodiments, the TCM service module is built in the secure element subsystem, the TCM cryptographic module is built in the trusted execution environment subsystem, the TCM driver module is built in the trusted execution environment subsystem, and the trusted cryptographic service module receives a service request initiated by an application program, and obtains an execution result in response to the service request, including: the rich execution environment subsystem sends the service request initiated by the application program to the trusted execution environment subsystem; and the trusted execution environment subsystem calls the TCM driver module and/or the TCM password module to execute services based on the service request initiated by the application program to obtain an execution result.

Optionally, in some embodiments, the TCM service module is implemented in the secure element subsystem, the TCM crypto module is implemented in the trusted execution environment subsystem, and the TCM driver module includes a third TCM driver module and a fourth TCM driver module, the third TCM driver module being implemented in the rich execution environment subsystem, and the fourth TCM driver module being implemented in the trusted execution environment subsystem.

Optionally, in some embodiments, the receiving, by the trusted cryptography service module, a service request initiated by an application program, and obtaining an execution result in response to the service request includes: the rich execution environment subsystem sends a ninth TCM service request to the secure element subsystem through the third TCM driver module, or the rich execution environment subsystem sends the application-initiated service request to the trusted execution environment subsystem; the trusted execution environment subsystem calls the fourth TCM driver module and/or the TCM password module to execute services based on a service request initiated by the application program to obtain an execution result; and the secure element subsystem calls the TCM service module to execute the TCM service based on the ninth TCM service request to obtain an execution result.

Fig. 14 is a schematic structural diagram of another security processing apparatus according to an embodiment of the present application. The apparatus 1400 may be used to implement the methods described in the method embodiments above. The apparatus 1400 may be a computer or any type of computing device.

The apparatus 1400 may include a memory 1410 and a processor 1420. The memory 1410 may be used to store instructions. The controller 1420 may be configured to perform the methods described in any of the embodiments above according to the instructions stored in the memory 1410.

The processor 1420 may be a general-purpose processor or a special-purpose processor. For example, the processor may be a Central Processing Unit (CPU). Alternatively, the processor may be another general-purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

An embodiment of the present application further provides a machine-readable storage medium for storing the program. The computer readable storage medium can be applied to the secure architecture system provided in the embodiments of the present application, and the program causes the computer to execute the method performed by the secure architecture system (such as the trusted cryptography service module) in the embodiments of the present application.

The embodiment of the application also provides a computer program product. The computer program product includes a program. The computer program product can be applied to the security architecture system provided in the embodiments of the present application, and the program enables the computer to execute the method performed by the security architecture system (such as the trusted cryptography service module) in the embodiments of the present application.

The embodiment of the application also provides a computer program. The computer program can be applied to the security architecture system provided in the embodiments of the present application, and the computer program enables the computer to execute the method performed by the security architecture system (such as the trusted cryptography service module) in the embodiments of the present application.

In the above embodiments, all or part of the implementation may be realized by software, hardware, firmware or any other combination. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The procedures or functions described in accordance with the embodiments of the disclosure are all or partially produced when the computer program instructions are loaded and executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., digital Video Disk (DVD)), or a semiconductor medium (e.g., solid State Disk (SSD)), among others.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.

In the several embodiments provided in the present disclosure, it should be understood that the disclosed system, apparatus, and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present disclosure may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.

The above description is only for the specific embodiments of the present disclosure, but the scope of the present disclosure is not limited thereto, and any person skilled in the art can easily think of the changes or substitutions within the technical scope of the present disclosure, and shall cover the scope of the present disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.

Claims (32)

1. A security architecture system is characterized in that the security architecture system is loaded with a rich execution environment subsystem, a trusted execution environment subsystem and a secure element subsystem, a trusted cryptographic service module is built in the security architecture system, the trusted cryptographic service module comprises a TCM service module and a TCM cryptographic module, the TCM service module and the TCM cryptographic module are separately arranged in different subsystems except the rich execution environment subsystem,

the trusted cryptographic service module is configured to:

and receiving a service request initiated by an application program, responding to the service request, and obtaining an execution result.

2. The security architecture system of claim 1, wherein the TCM service module is built in the trusted execution environment subsystem, the TCM cryptographic module is built in the secure element subsystem, or

The TCM service module is built in the secure element subsystem, and the TCM cryptographic module is built in the trusted execution environment subsystem.

3. The security architecture system of claim 1 or 2, wherein the TCM service module comprises a service interface, the TCM service module configured to:

and receiving a service request initiated by the application program, and calling the TCM password module to execute service through the service interface to obtain an execution result.

4. The security architecture system of claim 1 or 2, wherein the TCM service module is configured to:

and receiving a service request initiated by the application program, and executing service based on the service request to obtain an execution result.

5. The secure architecture system of claim 1 or 2, wherein the trusted cryptographic service module further comprises a TCM driver module, the TCM driver module being built into at least one of the rich execution environment subsystem, the trusted execution environment subsystem, and the secure element subsystem, the TCM driver module comprising a driver layer interface,

the TCM driver module is configured to receive a service request initiated by the application program and send a TCM service request to the TCM service module and/or the TCM password module through the driver layer interface in response to the service request so as to obtain an execution result; or

The TCM driver module is configured to receive a service request initiated by the application program and execute a service based on the service request to obtain an execution result.

6. The security architecture system of claim 5 wherein the TCM service module is built in the trusted execution environment subsystem, the TCM crypto module is built in the secure element subsystem, the TCM driver module is built in the rich execution environment subsystem, the rich execution environment subsystem is configured to send a first TCM service request to the trusted execution environment subsystem through the TCM driver module;

the trusted execution environment subsystem is configured to invoke the TCM service module to execute TCM service based on the first TCM service request to obtain an execution result, or the trusted execution environment subsystem is configured to send a second TCM service request to the secure element subsystem based on the first TCM service request;

the secure element subsystem is configured to invoke the TCM cryptographic module to execute TCM services based on the second TCM service request, and obtain an execution result.

7. The security architecture system of claim 5 wherein the TCM service module is built in the trusted execution environment subsystem, the TCM crypto module is built in the secure element subsystem, the TCM driver module is built in the rich execution environment subsystem, the rich execution environment subsystem is configured to send a third TCM service request to the secure element subsystem through the TCM driver module;

the secure element subsystem is configured to invoke the TCM cryptographic module to execute TCM services based on the third TCM service request, and obtain an execution result.

8. The security architecture system of claim 5 wherein the TCM service module is built in the trusted execution environment subsystem, the TCM crypto module is built in the secure element subsystem, the TCM driver module is built in the trusted execution environment subsystem, the rich execution environment subsystem is configured to send the application-initiated service request to the trusted execution environment subsystem;

the trusted execution environment subsystem is configured to invoke the TCM driver module and/or the TCM service module to execute services based on a service request initiated by the application program, so as to obtain an execution result; or, the trusted execution environment subsystem is configured to send a fourth TCM service request to the secure element subsystem through the TCM driver module based on the application-initiated service request;

the secure element subsystem is configured to invoke the TCM cryptographic module to execute TCM services based on the fourth TCM service request, resulting in an execution result.

9. The security architecture system of claim 5, wherein the TCM service module is built in the trusted execution environment subsystem, the TCM cryptographic module is built in the secure element subsystem,

the TCM driver modules comprise a first TCM driver module and a second TCM driver module, the first TCM driver module is built in the rich execution environment subsystem, and the second TCM driver module is built in the trusted execution environment subsystem.

10. The security architecture system of claim 9, wherein the rich execution environment subsystem is configured to send a fifth TCM service request to the secure element subsystem through the first TCM driver module or the application-initiated service request to the trusted execution environment subsystem;

the trusted execution environment subsystem is configured to invoke the second TCM driver module and/or the TCM service module to execute services based on a service request initiated by the application program, so as to obtain an execution result;

the secure element subsystem is configured to invoke the TCM cryptographic module to execute TCM services based on the fifth TCM service request, resulting in an execution result.

11. The security architecture system of claim 5, wherein the TCM service module is built in the secure element subsystem, the TCM crypto module is built in the trusted execution environment subsystem, the TCM driver module is built in the rich execution environment subsystem, and the rich execution environment subsystem is configured to send a sixth TCM service request to the trusted execution environment subsystem through the TCM driver module;

the trusted execution environment subsystem is configured to invoke the TCM cryptographic module to execute TCM services based on the sixth TCM service request, and obtain an execution result.

12. The security architecture system of claim 5, wherein the TCM service module is built in the secure element subsystem, the TCM crypto module is built in the trusted execution environment subsystem, the TCM driver module is built in the rich execution environment subsystem, and the rich execution environment subsystem is configured to send a seventh TCM service request to the secure element subsystem through the TCM driver module;

the secure element subsystem is configured to invoke the TCM service module to execute TCM services based on the seventh TCM service request, and obtain an execution result, or the secure element subsystem is configured to send an eighth TCM service request to the trusted execution environment subsystem based on the seventh TCM service request;

the trusted execution environment subsystem is configured to invoke the TCM cryptographic module to execute TCM services based on the eighth TCM service request, and obtain an execution result.

13. The security architecture system of claim 5, wherein the TCM service module is built in the secure element subsystem, the TCM crypto module is built in the trusted execution environment subsystem, the TCM driver module is built in the trusted execution environment subsystem, the rich execution environment subsystem is configured to send the application-initiated service request to the trusted execution environment subsystem;

the trusted execution environment subsystem is configured to invoke the TCM driver module and/or the TCM cryptographic module to execute services based on a service request initiated by the application program, and obtain an execution result.

14. The security architecture system of claim 5 wherein the TCM service module is built in the secure element subsystem, the TCM cryptographic module is built in the trusted execution environment subsystem,

the TCM driver modules include a third TCM driver module and a fourth TCM driver module, the third TCM driver module is built in the rich execution environment subsystem, and the fourth TCM driver module is built in the trusted execution environment subsystem.

15. The security architecture system of claim 14, wherein the rich execution environment subsystem is configured to send a ninth TCM service request to the secure element subsystem through the third TCM driver module, or the rich execution environment subsystem is configured to send the application-initiated service request to the trusted execution environment subsystem;

the trusted execution environment subsystem is configured to invoke the fourth TCM driver module and/or the TCM cryptographic module to execute a service based on a service request initiated by the application program, resulting in an execution result;

the secure element subsystem is configured to invoke the TCM service module to execute TCM services based on the ninth TCM service request, resulting in an execution result.

16. A security management method is applied to a security architecture system which is loaded with a rich execution environment subsystem, a trusted execution environment subsystem and a secure element subsystem, wherein a trusted cryptographic service module is constructed in the security architecture system, the trusted cryptographic service module comprises a TCM service module and a TCM cryptographic module, the TCM service module and the TCM cryptographic module are separately arranged in different subsystems except the rich execution environment subsystem,

the method comprises the following steps:

the trusted password service module receives a service request initiated by an application program, responds to the service request and obtains an execution result.

17. The method of claim 16, wherein the TCM service module is built in the trusted execution environment subsystem, the TCM cryptographic module is built in the secure element subsystem, or

The TCM service module is built in the secure element subsystem, and the TCM cryptographic module is built in the trusted execution environment subsystem.

18. The method according to claim 16 or 17, wherein the TCM service module includes a service interface, and the trusted cryptography service module receives a service request initiated by an application program, and obtains an execution result in response to the service request, including:

and the TCM service module receives a service request initiated by the application program, and calls the TCM password module to execute service through the service interface to obtain an execution result.

19. The method according to claim 16 or 17, wherein the trusted cryptography service module receives a service request initiated by an application program, and in response to the service request, obtains an execution result, and comprises:

and the TCM service module receives a service request initiated by the application program, executes service based on the service request and obtains an execution result.

20. The method of claim 16 or 17, wherein the trusted cryptographic service module further comprises a TCM driver module, the TCM driver module being built into at least one of the rich execution environment subsystem, the trusted execution environment subsystem, and the secure element subsystem, the TCM driver module comprising a driver layer interface,

the trusted cryptography service module receives a service request initiated by an application program, responds to the service request, and obtains an execution result, and the method comprises the following steps:

the TCM driver module receives a service request initiated by the application program, and responds to the service request, and sends a TCM service request to the TCM service module and/or the TCM password module through the driver layer interface so as to obtain an execution result; or

And the TCM driver module receives a service request initiated by the application program, executes service based on the service request and obtains an execution result.

21. The method of claim 20, wherein the TCM service module is implemented in the trusted execution environment subsystem, the TCM cryptographic module is implemented in the secure element subsystem, the TCM driver module is implemented in the rich execution environment subsystem, and the trusted cryptographic service module receives a service request initiated by an application program and obtains an execution result in response to the service request, including:

the rich execution environment subsystem sends a first TCM service request to the trusted execution environment subsystem through the TCM driver module;

the trusted execution environment subsystem calls the TCM service module to execute TCM service based on the first TCM service request to obtain an execution result, or the trusted execution environment subsystem sends a second TCM service request to the secure element subsystem based on the first TCM service request;

and the secure element subsystem calls the TCM cryptographic module to execute TCM service based on the second TCM service request to obtain an execution result.

22. The method of claim 20, wherein the TCM service module is built in the trusted execution environment subsystem, the TCM crypto module is built in the secure element subsystem, the TCM driver module is built in the rich execution environment subsystem,

the trusted cryptography service module receives a service request initiated by an application program, responds to the service request, and obtains an execution result, and the method comprises the following steps:

the rich execution environment subsystem sends a third TCM service request to the secure element subsystem through the TCM driver module;

and the secure element subsystem calls the TCM cryptographic module to execute TCM service based on the third TCM service request to obtain an execution result.

23. The method of claim 20, wherein the TCM service module is built in the trusted execution environment subsystem, the TCM crypto module is built in the secure element subsystem, the TCM driver module is built in the trusted execution environment subsystem,

the trusted cryptography service module receives a service request initiated by an application program, responds to the service request, and obtains an execution result, and the method comprises the following steps:

the rich execution environment subsystem sends the service request initiated by the application program to the trusted execution environment subsystem;

the trusted execution environment subsystem calls the TCM driver module and/or the TCM service module to execute service based on a service request initiated by the application program to obtain an execution result; or, the trusted execution environment subsystem sends a fourth TCM service request to the secure element subsystem through the TCM driver module based on the service request initiated by the application;

and the secure element subsystem calls the TCM cryptographic module to execute TCM service based on the fourth TCM service request to obtain an execution result.

24. The method of claim 20, wherein the TCM service module is built in the trusted execution environment subsystem, wherein the TCM cryptographic module is built in the secure element subsystem,

the TCM driver modules comprise a first TCM driver module and a second TCM driver module, the first TCM driver module is built in the rich execution environment subsystem, and the second TCM driver module is built in the trusted execution environment subsystem.

25. The method of claim 20, wherein the trusted cryptography service module receives a service request initiated by an application program, and in response to the service request, obtains an execution result, and comprises:

the rich execution environment subsystem sends a fifth TCM service request to the secure element subsystem through the first TCM driver module or sends the application-initiated service request to the trusted execution environment subsystem;

the trusted execution environment subsystem calls the second TCM driver module and/or the TCM service module to execute service based on a service request initiated by the application program to obtain an execution result;

and the secure element subsystem calls the TCM cryptographic module to execute TCM service based on the fifth TCM service request to obtain an execution result.

26. The method of claim 20, wherein the TCM service module is built in the secure element subsystem, the TCM crypto module is built in the trusted execution environment subsystem, the TCM driver module is built in the rich execution environment subsystem,

the trusted cryptography service module receives a service request initiated by an application program, responds to the service request, and obtains an execution result, and the method comprises the following steps:

the rich execution environment subsystem sends a sixth TCM service request to the trusted execution environment subsystem through the TCM driver module;

and the trusted execution environment subsystem calls the TCM cryptographic module to execute TCM service based on the sixth TCM service request to obtain an execution result.

27. The method of claim 20, wherein the TCM service module is built in the secure element subsystem, the TCM crypto module is built in the trusted execution environment subsystem, the TCM driver module is built in the rich execution environment subsystem,

the trusted cryptography service module receives a service request initiated by an application program, responds to the service request, and obtains an execution result, and the method comprises the following steps:

the rich execution environment subsystem sends a seventh TCM service request to the secure element subsystem through the TCM driver module;

the secure element subsystem calls the TCM service module to execute TCM service based on the seventh TCM service request to obtain an execution result, or the secure element subsystem sends an eighth TCM service request to the trusted execution environment subsystem based on the seventh TCM service request;

and the trusted execution environment subsystem calls the TCM password module to execute TCM service based on the eighth TCM service request to obtain an execution result.

28. The method of claim 20, wherein the TCM service module is built in the secure element subsystem, the TCM crypto module is built in the trusted execution environment subsystem, the TCM driver module is built in the trusted execution environment subsystem,

the trusted cryptography service module receives a service request initiated by an application program, responds to the service request, and obtains an execution result, and the method comprises the following steps:

the rich execution environment subsystem sends the service request initiated by the application program to the trusted execution environment subsystem;

and the trusted execution environment subsystem calls the TCM driver module and/or the TCM password module to execute services based on the service request initiated by the application program to obtain an execution result.

29. The method of claim 20, wherein the TCM service module is built in the secure element subsystem, the TCM cryptographic module is built in the trusted execution environment subsystem,

the TCM drive modules comprise a third TCM drive module and a fourth TCM drive module, the third TCM drive module is built in the rich execution environment subsystem, and the fourth TCM drive module is built in the trusted execution environment subsystem.

30. The method of claim 29, wherein the trusted cryptography service module receives a service request from an application program, and in response to the service request, obtains an execution result, and comprises:

the rich execution environment subsystem sends a ninth TCM service request to the secure element subsystem through the third TCM driver module, or the rich execution environment subsystem sends the application-initiated service request to the trusted execution environment subsystem;

the trusted execution environment subsystem calls the fourth TCM driver module and/or the TCM password module to execute service based on a service request initiated by the application program to obtain an execution result;

and the secure element subsystem calls the TCM service module to execute the TCM service based on the ninth TCM service request to obtain an execution result.

31. A computing device comprising the security architecture system of any one of claims 1-15.

32. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a program for causing a computer to execute the method according to any one of claims 16-30.

Images