CN116881901A - Service processing method and related device - Google Patents

Service processing method and related device Download PDF

Info

Publication number
CN116881901A
CN116881901A CN202310508051.4A CN202310508051A CN116881901A CN 116881901 A CN116881901 A CN 116881901A CN 202310508051 A CN202310508051 A CN 202310508051A CN 116881901 A CN116881901 A CN 116881901A
Authority
CN
China
Prior art keywords
service
execution environment
trusted execution
processing request
trusted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310508051.4A
Other languages
Chinese (zh)
Inventor
张朋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Honor Device Co Ltd
Original Assignee
Honor Device Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Honor Device Co Ltd filed Critical Honor Device Co Ltd
Priority to CN202310508051.4A priority Critical patent/CN116881901A/en
Publication of CN116881901A publication Critical patent/CN116881901A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

The method and the related device for processing the business provided by the embodiment of the application run a plurality of trusted execution environments on the terminal equipment to process the business with different security requirements, so that the execution environments of the business with different security can be effectively isolated, and the business access security is further ensured.

Description

Service processing method and related device
The present application is a divisional application, the application number of which is 202111335712.5, the application date of which is 2021, 11/11, and the entire contents of which are incorporated herein by reference.
Technical Field
The present application relates to the field of security technologies, and in particular, to a method and an apparatus for service processing.
Background
With the development of mobile technology, terminal devices can support the processing of different types of services. When the terminal equipment processes the services, the services are easy to attack due to system loopholes, and the security of the services is not guaranteed.
With the development of trusted execution environment (also called TEE) technology, building a trusted execution environment in a terminal device to process a service becomes an implementation way for solving the potential safety hazard of service operation. In the prior art, a trusted execution environment provides an access interface for various service applications initiated by a rich execution environment (also called REE) of a terminal device and opens part of access rights to finish the service processing.
Disclosure of Invention
The embodiment of the application provides a method and a related device for processing a service, so as to improve the security of the service.
In a first aspect, an embodiment of the present application provides a method for service processing, where the method is applied to a terminal device, and a first trusted execution environment and a second trusted execution environment are running in the terminal device; the terminal equipment also comprises an evaluation unit;
the method comprises the following steps:
the evaluation unit acquires a service processing request initiated by a client application CA; the evaluation unit performs security evaluation on the service requested by the service processing request to obtain a security score of the service; according to the security score of the service, the terminal equipment adopts a first trusted execution environment or a second trusted execution environment to process the service processing request; when the security score of the service is greater than a threshold value, a first trusted execution environment is adopted to process the service processing request; and when the security score of the service is smaller than the threshold value, adopting a second trusted execution environment to process the service processing request.
Therefore, by running a plurality of trusted execution environments on the terminal equipment to be used for respectively processing the services with different security scores, the effect of effectively isolating the execution environments of the services with different security requirements is achieved, and the security of service access is ensured.
Optionally, the first trusted execution environment is operated with a first trusted application TA, the second trusted execution environment is operated with a second trusted application TA, and the first trusted application TA and the second trusted application TA provide the same application function; when the terminal equipment adopts a first trusted execution environment or a second trusted execution environment to process the service processing request, the first trusted application TA or the second trusted application TA processes the acquired service processing request to obtain a processing result; the terminal device returns the processing result to the client application CA.
In this way, the client application CA can obtain the processing result of the service processing request, and the client application CA has no sense of the selection process of the trusted execution environment.
Optionally, the terminal device further includes a trust zone, a virtual machine and a security Monitor, wherein the virtual machine includes a virtual machine manager; the first trusted execution environment runs in a trust zone TrustZone; the second trusted execution environment is running in the virtual machine.
Optionally, when the terminal device adopts the first trusted execution environment to process the service processing request, the terminal device sends the service processing request to the first trusted execution environment through the security Monitor; processing the service processing request by a first trusted application TA in a first trusted execution environment to obtain a processing result; the first trusted execution environment returns the processing result to the client application CA through the security Monitor Secure Monitor.
Optionally, when the terminal device adopts the second trusted execution environment to process the service processing request, the terminal device sends the service processing request to the second trusted execution environment through the Hypervisor; processing the service processing request by a second trusted application TA in a second trusted execution environment to obtain a processing result; the second trusted execution environment returns the processing result to the client application CA through the virtual machine manager Hypervisor.
In this way, the terminal equipment comprises the trust zone and the virtual machine, and the first trusted execution environment is operated in the trust zone, and the second trusted execution environment is operated in the virtual machine, so that the host-level hardware isolation is formed among the plurality of trusted execution environments, the relative isolation of different security services in execution is realized, and the service processing security is further improved.
Optionally, the terminal device further includes a virtual machine, and the virtual machine further includes a virtual machine manager Hypervisor; wherein the first trusted execution environment and the second trusted execution environment both run in a virtual machine.
Optionally, when the terminal device adopts the first trusted execution environment to process the service processing request, the terminal device sends the service processing request to the first trusted execution environment through a Hypervisor; processing the service processing request by a first trusted application TA in a first trusted execution environment to obtain a processing result; the first trusted execution environment returns the processing result to the client application CA through the virtual machine manager Hypervisor.
Optionally, when the terminal device adopts the second trusted execution environment to process the service processing request, the terminal device sends the service processing request to the second trusted execution environment through the Hypervisor; processing the service processing request by the second trusted application TA in the second trusted execution environment to obtain a processing result; the second trusted execution environment returns the processing result to the client application CA through the virtual machine manager Hypervisor.
In this way, the terminal equipment comprises the virtual machine, and the first trusted execution environment and the second trusted execution environment form resource isolation of a container level in the virtual machine by utilizing a virtualization technology, so that the relative isolation of different security services in execution is realized, and the service processing security is further improved.
Optionally, the terminal device further includes an operating system kernel driver; when the terminal equipment processes the service processing request by adopting a first trusted execution environment or a second trusted execution environment according to the security score of the service, the evaluation unit sends the environment identifier of the first trusted execution environment or the environment identifier of the second trusted execution environment to the kernel driver of the operating system according to the security score of the service; the kernel driver of the operating system sends the service processing request to the first trusted execution environment or the second trusted execution environment corresponding to the environment identifier according to the received environment identifier.
In this way, the kernel driver of the operating system can directly send the service processing request to the corresponding trusted execution environment after receiving the environment identifier of the trusted execution environment, so as to realize the distribution processing of the service processing request.
Optionally, in the process that the evaluation unit performs security evaluation on the service requested by the service processing request to obtain the security score of the service, the evaluation unit obtains CA information of the service requested by the service processing request, and performs security evaluation on the service according to the CA information to obtain the security score of the service.
Optionally, the CA information includes at least one of the following information items: signature type, service type, CA source information, trusted application specification information, abnormal performance information and equipment state information.
Optionally, in the process that the evaluation unit performs security evaluation on the service according to the CA information to obtain a security score of the service, the evaluation unit calculates a risk coefficient of each information item in the CA information, and calculates the security score of the service according to the risk coefficient of each information item.
Therefore, the risk coefficients of the service under a plurality of information items can be calculated by using the evaluation unit additionally arranged on the terminal equipment, so that the determination of the security score of the service is realized, and the subsequent distribution and processing of the service processing request are facilitated.
In a second aspect, an embodiment of the present application provides a terminal device, which may also be referred to as a terminal (terminal), a User Equipment (UE), a Mobile Station (MS), a Mobile Terminal (MT), or the like. The terminal device may be a mobile phone, a smart television, a wearable device, a tablet (Pad), a computer with wireless transceiving function, a Virtual Reality (VR) terminal device, an augmented reality (augmented reality, AR) terminal device, a wireless terminal in industrial control (industrial control), a wireless terminal in unmanned driving (self-driving), a wireless terminal in teleoperation (remote medical surgery), a wireless terminal in smart grid (smart grid), a wireless terminal in transportation safety (transportation safety), a wireless terminal in smart city (smart city), a wireless terminal in smart home (smart home), or the like.
The terminal device comprises a processor for invoking a computer program in memory to perform the method as described in the first aspect.
In a third aspect, embodiments of the present application provide a computer readable storage medium storing computer instructions that, when run on a terminal device, cause the terminal device to perform a method as described in the first aspect.
In a fourth aspect, an embodiment of the application provides a chip comprising a processor for invoking a computer program in a memory to perform a method as described in the first aspect.
It should be understood that the second to fourth aspects of the present application correspond to the technical solutions of the first aspect of the present application, and the advantages obtained by each aspect and the corresponding possible embodiments are similar, and are not repeated.
Drawings
FIG. 1 is a schematic diagram of a frame of a terminal device;
fig. 2 is a schematic diagram of a first interaction flow of a terminal device;
FIG. 3 is a schematic diagram of a frame of another prior art terminal device;
fig. 4 is a schematic diagram of a second interaction flow of a terminal device in the prior art;
fig. 5A is a schematic structural diagram of a terminal device applicable to an embodiment of the present application;
fig. 5B is a software architecture block diagram of a terminal device to which the embodiment of the present application is applicable;
fig. 5C is a block diagram of another software structure of a terminal device applicable to the embodiment of the present application;
fig. 5D is a block diagram of another software structure of a terminal device to which the embodiment of the present application is applicable;
fig. 6A is a flowchart of a method for service processing according to an embodiment of the present application;
Fig. 6B is a schematic view of an application scenario provided by the present application;
fig. 7 is a schematic diagram of a frame of a terminal device according to the present application;
fig. 8 is a schematic diagram of a third interaction flow in a terminal device according to the present application;
fig. 9 is a schematic diagram of a fourth interaction flow in a terminal device according to the present application;
fig. 10 is a schematic diagram of a frame of another terminal device according to the present application;
fig. 11 is a schematic diagram of a fifth interaction flow in a terminal device according to the present application;
fig. 12 is a schematic diagram of a sixth interaction flow in a terminal device according to the present application;
fig. 13 is a schematic hardware structure of a service processing device according to an embodiment of the present application.
Detailed Description
In order to clearly describe the technical solution of the embodiments of the present application, in the embodiments of the present application, the words "first", "second", etc. are used to distinguish the same item or similar items having substantially the same function and effect. For example, the first chip and the second chip are merely for distinguishing different chips, and the order of the different chips is not limited. It will be appreciated by those of skill in the art that the words "first," "second," and the like do not limit the amount and order of execution, and that the words "first," "second," and the like do not necessarily differ.
It should be noted that, in the embodiments of the present application, words such as "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "for example" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
In the embodiments of the present application, "at least one" means one or more, and "a plurality" means two or more. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: a alone, a and B together, and B alone, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural.
The business processing method provided by the embodiment of the application can be applied to the terminal equipment provided with the trusted execution environment. The terminal device may also be referred to as a terminal (terminal), a User Equipment (UE), a Mobile Station (MS), a Mobile Terminal (MT), etc. The terminal device may be a mobile phone, a smart television, a wearable device, a tablet (Pad), a computer with wireless transceiving function, a Virtual Reality (VR) terminal device, an augmented reality (augmented reality, AR) terminal device, a wireless terminal in industrial control (industrial control), a wireless terminal in unmanned driving (self-driving), a wireless terminal in teleoperation (remote medical surgery), a wireless terminal in smart grid (smart grid), a wireless terminal in transportation safety (transportation safety), a wireless terminal in smart city (smart city), a wireless terminal in smart home (smart home), or the like. The embodiment of the application does not limit the specific technology and the specific equipment form adopted by the terminal equipment.
In order to better understand the embodiments of the present application, the following description is given of a technical framework related to the embodiments of the present application:
Trust Zone (Trust Zone) technology is a security extension technology implemented based on a processor architecture that can provide a secure environment for real hardware support for client applications. Fig. 1 is a schematic diagram of a framework of a terminal device, and fig. 2 is a schematic diagram of a first interaction flow of the terminal device. As can be seen in connection with fig. 1 and 2, the framework includes a relatively independent operating environment: TEE trusted execution environment and reerich execution environment.
Where the REEs are rich execution environments in the terminal device, the client application 11 (client application, CA) and the rich execution environment operating system 12 (Rich Execution Environment operating system, reeos) may be run in the REEs. The CA11 includes therein an application that can provide a trusted application for the user.
ARM (Advanced RISC Machines) integrating trust zone technology with the Coretex-a processor provides a platform capable of supporting a fully trusted execution environment TEE, i.e. TEE as a trusted execution environment in an electronic device, and security aware applications and security services, providing trusted applications for the REE side. The TEE is built in a trust zone (trust zone). Running the trusted application 21 (trust application, TA) and the trusted execution environment operating system 22 (trusted execution environment operating system, TEE OS) in the trusted zone's independent environment ensures that both the confidentiality and integrity of code and data loaded in the TEE are protected.
The TEE OS communicates with the REEs OS by invoking a trusted execution environment internal application programming interface to provide trusted application support.
When a trusted application needs to be invoked, the REE OS11 communicates with the trusted execution environment operating system TEE OS12 through a client application programming interface (application programming interface, API), requesting trusted application support. The REE OS11 includes a kernel driver for supporting data transfer between the system and the hardware device, and for supporting the interworking of trusted applications between REEs and TEEs.
Also included in the framework is ARM trusted firmware 31 (ARM trusted firmware, ATF) in which a Secure Monitor is located. On the other hand, the ARM also provides Virtualization Extension technology (virtualization extension technology) for supporting hardware virtualization of the ARM platform, so that isolation of hardware for different running environments can be realized in a normal running environment. In addition, ARMv8 starts to support four ELs (Exception levels), from EL0 to EL3, respectively, and the greater the number following the Exception Level, the higher the security Level. Generally, applications run at the EL0 layer, the system kernel (referred to as the operating system in some embodiments) runs at the EL1 layer, the hypevisor runs at the EL2 layer, and the Secure Monitor runs at the EL3 layer. The development of these technologies has enabled virtual machine-based TEE environments to implement more complex security scenarios.
For example, in the above-described framework diagram, where the trusted application 21 and the client application 11 are located at the EL0 layer in the framework, the trusted execution environment operating system 22 and the rich execution environment operating system 12 are located at the EL1 layer in the framework, and the ARM trusted firmware 31 is located at the EL3 layer in the framework.
Based on the structure shown in fig. 1, a specific flow of invoking the trusted application TA by the client application CA is indicated in fig. 2 by an arrow and reference numerals (1) to (8).
(1) When the client application CA11 in the re needs to call the trusted application TA21 in the TEE, the client application CA11 issues a request to the re OS12 by calling an API interface (not shown) in the re.
(2) The kernel driver in the REEs OS12 sends the request of the CA to the ATF31 by invoking SMC (Secure Monitor Call) instruction.
(3) The ATF31 parses the SMC instruction and sends the parsed request to the TEE OS22 in the trusted zone TEE.
(4) TEE OS22 distributes the request of the CA to send the request of the CA to the corresponding TA21.
(5) After processing the received request, TA21 sends the processing result to TEE OS22 by calling an interface (not shown) of the trusted execution environment TEE.
(6) The TEE OS22 returns the processing result to the ATF31 by calling the SMC instruction.
(7) The ATF31 analyzes the SMC instruction, and returns the processing result obtained after the analysis to the re OS12.
(8) The REEs OS12 returns the processing result to the CA11.
Through the steps of the above-mentioned reference numerals (1) to (8), the client application CA11 in the re completes the call to the trusted application TA21 in the TEE, and obtains the processing result.
Unlike the framework shown in fig. 1, the virtualization technology is a technology for running multiple operating systems on the same terminal device at the same time, and by using the virtualization technology, the construction of a trusted execution environment can also be realized. Fig. 3 is a schematic diagram of a frame of another terminal device in the prior art. In the framework diagram, a REE environment and a VM TEE environment are included.
The VM TEE environment is a trusted execution environment implemented based on a virtual machine (i.e., EL2 layer in ARM framework). The VM TEE is a trusted execution environment based on virtual machine implementation in the terminal equipment, and the structure is similar to the TEE, and the VM TEE can also provide trusted application for the REE side. The REEs remain a common execution environment in the terminal device. Client applications 11 (client application, CA) and rich execution environment operating system 12 (Rich Execution Environment operating system, re OS) may be run in the re. The CA11 includes therein an application that can provide a trusted application for the user.
Unlike the TEE built in trust zone (trust zone) shown in fig. 1 and 2 described above, the VM TEE and REEs are built on the same virtual machine, which enables interaction through a virtual machine manager 43 (hypervisor).
Fig. 4 is a schematic diagram of a second interaction flow of a terminal device in the prior art. On the basis of the framework shown in fig. 3, a specific flow of invoking the trusted application TA41 by the client application CA11 is indicated in fig. 4 by an arrow and reference numerals (1) to (8).
(1) When the client application CA11 needs to call the trusted application TA41, the client application CA11 issues a request to the REEs OS12 by calling an API interface (not shown) in the REEs.
(2) The kernel in the REE OS12 then sends a CA request to the virtual machine manager 43hypervisor by invoking HVC (hypervisor call) instructions.
(3) The virtual machine manager 43hypervisor processes the HVC instruction-based CA request to send the request to the VM TEE OS42.
(4) The VM TEE OS42 distributes the CA request to send the CA request to the corresponding TA41.
(5) After the TA41 processes the received request, the processing result is sent to the VM TEE OS42 by calling an interface (not shown) of the trusted execution environment VM TEE.
(6) The VM TEE OS42 returns the processing result to the hypervisor43 by calling the HVC instruction.
(7) Hypervisor43 parses the HVC instruction, and returns the processing result obtained after parsing to REE OS12.
(8) The REEs OS12 returns the processing result to the CA11.
In some examples, the terminal device further includes a hardware platform for supporting the operation of the terminal device, where the hardware platform includes some security hardware. For example, the secure hardware may include: and the safety memory, the safety keyboard, the camera and other entity hardware.
Based on the framework and the technology of the two possible trusted execution environments, the client application CA of the terminal equipment REE can finish the access to the trusted application TA in the trusted execution environment TEE or the VM TEE, and a processing result is obtained.
Although the framework provided by the two modes can construct a trusted execution environment and realize service processing by using a CA in a rich execution environment to access a TA in the trusted execution environment, service operation safety can be improved to a certain extent, but the safety has uncertainty, as described in detail below.
Illustratively, for invoking this trusted application TA for face recognition, it may be employed in multiple CA-initiated service requests, such as:
when an access request of a certain CA comes from the payment software, the CA calls the TA to perform facial recognition processing on the user by using the TA, and returns a recognition result of 'recognition passing' or 'recognition failing' to the CA so as to enable the CA to execute a payment flow according to the recognition result. For another example, when the access request of another CA is from the video software, the CA will call the same TA to perform facial recognition processing on the user by using the same TA, and return the recognition result of "pass recognition" or "fail recognition" to the CA, so that the CA executes the account login procedure of the video software according to the recognition result.
Since the above frameworks all run a unique trusted execution environment, and the unique trusted execution environment needs to process CA access requests from different services. This can lead to the occurrence of: when the CA of the video software of the REE is attacked after issuing the access, the credibility and security of the trusted execution environment where the TA executing the access is located correspondingly decrease. When the TA subsequently responds to an access issued by the payment class CA, there will be an uncertainty in its environmental security.
Based on this, some embodiments of the present application take into account the characteristic that the security requirement of the CA from the payment software for the TA running environment is higher than the security requirement of the CA from the video software for the TA running environment, by constructing a plurality of trusted execution environments on the terminal device and assigning different security (security level) to the different trusted execution environments, so that when the CA of the terminal device initiates access to the TA, the CA can select the trusted execution environment corresponding to the security based on the security of the service initiated by the CA to process the service.
The service execution environment with high security requirement is relatively isolated from the service execution environment with low security requirement, which is beneficial to guaranteeing the service access security, in particular to the access security of high security service.
The structure and framework according to the embodiment of the present application will be described below.
First, the structure of the terminal device according to the embodiment of the present application will be described: fig. 5A is a schematic structural diagram of a terminal device applicable to an embodiment of the present application.
As shown in fig. 5A, the terminal device 100 may include: processor 110, external memory interface 120, internal memory 121, universal serial bus (universal serial bus, USB) interface 130, charge management module 140, power management module 141, battery 142, antenna 1, antenna 2, mobile communication module 150, wireless communication module 160, audio module 170, speaker 170A, receiver 170B, microphone 170C, headset interface 170D, sensor 180, keys 190, motor 191, indicator 192, camera 193, display 194, and subscriber identity module (subscriber identification module, SIM) card interface 195, etc. It is to be understood that the configuration illustrated in the present embodiment does not constitute a specific limitation on the terminal device 100. In other embodiments of the application, terminal device 100 may include more or less components than illustrated, or certain components may be combined, or certain components may be split, or different arrangements of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
The processor 110 may include one or more processing units, such as: the processor 110 may include an application processor (application processor, AP), a modem processor, a graphics processor (graphics processing unit, GPU), an image signal processor (image signal processor, ISP), a controller, a video codec, a digital signal processor (digital signal processor, DSP), a baseband processor, a display processing unit (display process unit, DPU), and/or a neural-network processor (neural-network processing unit, NPU), etc. Wherein the different processing units may be separate devices or may be integrated in one or more processors. In some embodiments, the terminal device 100 may also include one or more processors 110. The processor may be a neural hub and a command center of the terminal device 100. The processor can generate operation control signals according to the instruction operation codes and the time sequence signals to finish the control of instruction fetching and instruction execution. A memory may also be provided in the processor 110 for storing instructions and data. In some embodiments, the memory in the processor 110 is a cache memory. The memory may hold instructions or data that the processor 110 uses or recycles. If the processor 110 needs to reuse the instruction or data, it can be called directly from the memory. This avoids repeated accesses and reduces the latency of the processor 110, thereby improving the efficiency of the terminal device 100.
In some embodiments of the application, the operating environment of processor 110 may include: a REE, and at least two trusted execution environments (one TEE and at least one VM TEE, or at least two VM TEEs).
The TEE runs a trusted application and a TEE OS, the VM TEE runs a trusted application and a VM TEE OS, and the REE runs a client application and a REE OS. The REE is used for receiving a trusted application request initiated by a user through the client application, calling a trusted application TA in the TEE or the HTEE according to the trusted application request, and returning a corresponding result by the TA.
Fig. 5B is a block diagram illustrating a software structure of a terminal device according to an embodiment of the present application. This fig. 5B shows a software layering architecture in the rich execution environment REE. The layered architecture divides the software into several layers, each with distinct roles and branches. The layers communicate with each other through a software interface. In some embodiments, the Android system is divided into four layers, from top to bottom, an application layer, an application framework layer, an Zhuoyun row (Android run) and system libraries, and a kernel layer, respectively.
Fig. 5C is a block diagram illustrating another software structure of a terminal device to which the embodiment of the present application is applicable. FIG. 5C illustrates a software layering architecture of the trusted execution environment TEE. At least one trusted application, such as a fingerprinting application TA, a facial recognition reference TA, and a payment application TA, is typically included in the hierarchical architecture of the TEE, as shown in fig. 5C. These trusted application TAs may interact with the trusted execution environment operating system TEE OS through interface APIs inside the TEE. The operating system TEE OS of the trusted execution environment further comprises a TEE communication agent, a trusted kernel framework, a trusted driver and other programs. These programs will cooperate to support the running of the trusted execution application TA.
Fig. 5D is a further software structural block diagram of a terminal device applicable to the embodiment of the present application, which shows a fingerprint software Framework on Android, in this example, mainly divided into APP, framework, HAL and linux kernel in the re environment. The APP is mainly responsible for fingerprint entry unlocking call logic, the Framework is mainly responsible for callback of HAL layer related functions, and the HAl layer is responsible for interaction with hardware and fingerprint TA. The TEE is mainly a fingerprint TA, which is responsible for controlling the fingerprint sensor and executing the fingerprint algorithm related functions.
In order to realize the processing of the service request in the application, based on the foregoing conception, a plurality of trusted execution environments are arranged in the framework of the terminal equipment of the application.
The method for processing the service provided by the application will be described by taking the number of trusted execution environments as two as an example. Of course, the following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments.
Based on the foregoing concept, fig. 6A is a schematic flow chart of a method for service processing according to an embodiment of the present application. As shown in fig. 6A, the method for service processing in the present application may include:
S601, an evaluation unit acquires a service processing request initiated by a client application CA.
Specifically, the service processing request may be generated after the terminal device responds to a preset operation triggered by a user. The preset operation may include an operation of controlling the client application CA to enter the business processing flow, such as a touch operation instruction, a voice operation instruction, or a somatosensory operation instruction. In general, the preset operations triggering the service processing requests initiated by the different types of client applications CA are different.
S602, the evaluation unit performs security evaluation on the service requested by the service processing request to obtain a security score of the service.
Specifically, after the service processing request is obtained, the evaluation unit performs security evaluation on the service according to a set evaluation mode to calculate a security score of the service, where the security score of the service may be used to reflect an operation risk of the service.
In an alternative implementation, the security assessment may be implemented based on CA information. Specifically, the evaluation unit may acquire CA information of the service requested by the service processing request; and then, the evaluation unit evaluates the security of the service requested by the service processing request according to the CA information to obtain the security score of the service.
Illustratively, the CA information includes information items of at least one of: signature type, service type, CA source information, trusted application specification information, abnormal performance information and equipment state information.
Wherein the signature type is used to reflect the originating source that triggered the business process request, including but not limited to: an operating system, a platform and three parties;
a service type reflecting the application type of the client application CA that originated the service processing request, including but not limited to: payment class, identity authentication class, multimedia class;
CA sources for reflecting traffic sources including, but not limited to: trusted entities and others;
TA specifications for reflecting the level of system permissions required to run a service, including, but not limited to: high, medium, low;
abnormal behavior, which reflects the behavior of a business on abnormal behavior at historical runtime, includes, but is not limited to: excellent, good and bad;
device state information reflecting the device state of the terminal device at the time of acquisition of the service processing request by the evaluation unit, including but not limited to: normal, abnormal and lost.
In an alternative implementation manner, the evaluation unit may calculate the risk coefficient of each information item in the CA information first; and then calculating the security score of the business according to the risk coefficient of each information item.
For risk factors, the degree of harm when traffic is attacked can be understood. For the information item of the service type, the degree of harm generated by the attack of the payment service is larger than the degree of harm generated by the attack of the identity authentication service, and the degree of harm generated by the attack of the identity authentication service is larger than the degree of harm generated by the attack of the video service.
The risk factor is assumed to be in the range of 1-3, wherein the risk is lowest when the risk factor is 1, and the risk is highest when the risk factor is 3. Then, when the information item of the service type is reflected as a payment service, the risk factor thereof is identified as 3; when the information item of the service type is reflected as an identity authentication service, the risk coefficient is identified as 2; when the service type is reflected as a video type service, the risk factor is identified as 1.
By using the above optional manner, the evaluation unit may perform security evaluation on the service requested by the service processing request, and calculate the risk coefficient of the service on each information item.
And then, the evaluation unit integrates the risk coefficients to a certain extent to calculate the overall risk condition of the business, and the security score is obtained.
For example, in calculating the security score, each risk coefficient may be weighted, so that the weighted result is used as the security score of the service. .
For example, when calculating the security score, a preset risk assessment model may be further applied to perform model operation processing on each risk coefficient, so as to use the result of the model operation processing as the security score of the service.
S603, according to the security score of the service, the terminal equipment processes the service processing request by adopting a first trusted execution environment or adopting a second trusted execution environment;
when the security score of the service is greater than a threshold value, a first trusted execution environment is adopted to process the service processing request; and when the security score of the service is smaller than the threshold value, adopting a second trusted execution environment to process the service processing request.
In addition, when the security score of the service is equal to the threshold value, the first trusted execution environment or the second trusted execution environment can be adopted to process the service processing request according to the actual requirement.
It is noted that the threshold may be a preset fixed value or an empirical value, and the scope of the threshold is not limited by the present application.
The calculation principle based on the aforementioned security score is that when the security score of the service is high, the service is more harmful when being attacked, and vice versa; when the security score of the service is low, the damage degree of the service is low when the service is attacked.
By means of the comparison result between the threshold value and the security score of the service, the service processing requests can be distributed to different trusted execution environments to operate, so that the service processing requests of the service with the security score being greater than the threshold value are all concentrated to operate in the first trusted execution environment, and the service processing requests of the service with the security score being less than or equal to the threshold value are all concentrated to operate in the second trusted execution environment, and further the execution environments of the service requests with different security are subjected to environment isolation, and service access security is guaranteed.
Fig. 6B is a schematic view of an application scenario provided by the present application, as shown in fig. 6B, in which a trusted execution environment is to be used for supporting various applications based on face recognition. After the application in the REE initiates the face authentication request, the REE calls the face recognition service request trusted execution environment to process the request. In a trusted execution environment, the face recognition TA performs a plurality of processing procedures including face image acquisition, feature extraction, living body detection and feature ratio and the like, and the obtained processing results are returned to the application for use.
On the basis of the trusted execution environment construction principle based on the Trust Zone technology and the virtualization technology, the method for processing the service provided by the application is further described below by combining with the framework of the terminal equipment:
In one of the framework structures, the Trust Zone technology and the virtualization technology are combined, so that the layout requirement of a plurality of trusted execution environments in the terminal equipment can be realized.
Fig. 7 is a schematic diagram of a framework of a terminal device provided by the present application, where Trust Zone technology and virtualization technology are simultaneously applied in the framework as shown in fig. 7, so as to respectively construct multiple trusted execution environments.
Wherein the framework comprises a relatively independent running environment: a first trusted execution environment TEE, a second trusted execution environment VM TEE, and a rich execution environment REE.
In the framework, considering the environment safety of the trusted execution environment constructed based on the trust zone technology, the environment safety is higher than that of the trusted execution environment constructed based on the virtualization technology. Therefore, the trusted execution environment running in the Trust Zone is used as a first trusted execution environment TEE for executing high-risk services; and taking the trusted execution environment running in the virtual machine as a second trusted execution environment VM TEE for executing the low-risk service.
A first trusted application TA is running in the first trusted execution environment TEE and a second trusted application TA is running in the second trusted execution environment VM TEE. The first trusted application TA and the second trusted application TA may perform the same trusted application function, e.g., both the first trusted application TA and the second trusted application TA may invoke the photographing component to implement the facial recognition function.
In addition, in order to make the respective execution environments communicable, the virtual machine of the EL2 layer includes a virtual machine manager Hypervisor, the EL3 layer is provided with a security Monitor, and the evaluation unit is to be provided with an EL0 layer in the terminal device REE.
Fig. 8 is a schematic diagram of a third interaction flow in a terminal device according to the present application, fig. 8 illustrates a service processing flow when a security score of a service is greater than a threshold by taking a service processing request as an example of a payment request, where reference numerals (1) to (9) illustrate processing flows of the payment request in the terminal device.
As shown in fig. 8, the payment type application CA51 in the re generates a payment request in response to a user-triggered payment operation.
(1) The payment class application CA51 sends the payment request to the evaluation unit 52, and the evaluation unit 52 performs security evaluation on the payment service requested by the payment request.
(2) After the evaluation unit 52 calculates the security score for the payment service, the payment request should be sent to the first trusted execution environment TEE for processing because the security score is greater than the threshold value. At this point, the evaluation unit will call the API interface 53 in the REE and send the payment request and the environment identification of the first trusted execution environment to the operating system kernel driver REE OS54 of the rich execution environment.
(3) Since the first trusted execution environment is implemented based on the Trust Zone, the operating system kernel driver in the REEs OS54 needs to invoke SMC (Secure Monitor Call) instructions to compile the payment request after receiving the environment identifier of the first trusted execution environment, and sends the compiled SMC instructions to the security Monitor91 located in the EL3 layer.
(4) The security Monitor91 parses the SMC instruction and sends the parsed payment request to the operating system TEE OS73 of the first trusted execution environment.
(5) The operating system TEE OS73 of the first trusted execution environment distributes the payment request and sends the payment request to the trusted application TA71 of the facial recognition.
(6) The trusted application TA71 for face recognition starts based on the payment request and collects, compares and analyzes the user face image, obtains the processing result, and returns the processing result of "face recognition pass" or "face recognition fail" to the operating system TEE OS73 of the first trusted execution environment by calling the interface 72 of the first trusted execution environment TEE.
(7) The operating system TEE OS73 of the first trusted execution environment returns the processing result to the security Monitor91 by calling an SMC instruction.
(8) The security Monitor91 parses the SMC instruction, and returns the processing result obtained after the parsing to the re OS54.
(9) The REE OS54 returns the processing result of "face recognition pass" or "face recognition fail" to the payment class application CA51.
It is known that, after the reference number (9), the process of executing the payment processing or rejecting the support processing by the payment application CA51 according to the processing result is further included, and the following steps are not described in detail in this embodiment.
Fig. 9 is a schematic diagram of a fourth interaction flow in a terminal device according to the present application, where fig. 9 illustrates a service processing flow when a security score of a service is less than or equal to a threshold by taking a service processing request as an account login request as an example, and reference numerals (1) to (9) illustrate a processing flow of the account login request in the terminal device terminal.
As shown in fig. 9, the video class application CA55 in the re generates an account login request in response to an account login operation triggered by the user.
(1) The video application CA55 sends the account login request to the evaluation unit 52, and the evaluation unit 52 performs security evaluation on the video service corresponding to the account login request.
(2) After the evaluation unit 52 calculates the security score of the video traffic, the account login request should be sent to the second trusted execution environment VM TEE for processing because the security score is less than the threshold value. At this point, the evaluation service will call the API interface 53 in the REE and send the account login request and the environment identification of the second trusted execution environment-one to the operating system kernel driver REE OS54 of the rich execution environment.
(3) Because the second trusted execution environment is implemented based on a virtual machine, the operating system kernel driver in the REEs OS54 needs to invoke HVC (hypervisor call) instructions to compile the account login request after receiving the environment identifier of the second trusted execution environment, and sends the compiled HVC instructions to the hypervisor81 located in the EL2 layer virtual machine manager.
(4) The virtual machine manager hypervisor81 analyzes the HVC, and sends an account login request obtained by analysis to the operating system VM TEE OS63 of the second trusted execution environment.
(5) The operating system VM TEE OS63 of the second trusted execution environment distributes account login requests to send account login requests to the face-identified second trusted application TA61 in the second trusted execution environment.
(6) The trusted application TA61 for face recognition starts based on the account login request, collects, compares and analyzes the facial image of the user, obtains a processing result, and returns a processing result of "pass facial recognition" or "fail facial recognition" to the operating system VM TEE OS63 of the second trusted execution environment by calling the interface 62 of the second trusted execution environment TEE.
(7) The operating system VM TEE OS63 of the second trusted execution environment returns the processing result to the hypervisor81 by calling the HVC instruction.
(8) The hypervisor81 analyzes the HVC instruction, and returns the processing result obtained after the analysis to the reeos 54.
(9) The REE OS54 returns the processing result of "face recognition pass" or "face recognition fail" to the video class application CA55.
It can be known that after the reference number (9), the method further includes that the video application CA executes an account login process according to the processing result, and the following steps are not described in detail in this embodiment.
While in another framework, the terminal device will implement multiple trusted execution environments using virtualization techniques.
Fig. 10 is a schematic diagram of a framework of another terminal device provided by the present application, where, as shown in fig. 10, a trusted execution environment is built by using a virtualization technology. Wherein the framework comprises a relatively independent running environment: a first trusted execution environment VM TEE 1, a second trusted execution environment VM TEE 2, and a rich execution environment REE.
Specifically, the terminal device further comprises a virtual machine, and the virtual machine further comprises a virtual machine manager Hypervisor arranged on the EL2 layer; while both the first trusted execution environment VM TEE 1 and the second trusted execution environment VM TEE 2 are running in virtual machines.
Similar to the architecture described above, the EL0 layer in the terminal equipment REE is also provided with an evaluation unit which can determine its corresponding trusted execution environment in connection with the above-mentioned scheme after acquisition of the service processing request initiated by the client application CA.
Fig. 11 is a schematic diagram of a fifth interaction flow in a terminal device according to the present application, where fig. 11 illustrates a service processing flow when a security score of a service is greater than a threshold value, by taking a service processing request as an example of a payment request, and reference numerals (1) to (9) illustrate processing flows of the payment request in the terminal device.
As shown in fig. 11, the payment type application CA in the re generates a payment request in response to a user-triggered payment operation.
(1) The payment type application CA51 sends the payment request to the evaluation unit 52, and the evaluation unit 52 performs security evaluation on the payment service of this time.
(2) After the evaluation unit 52 calculates the security score for the payment service, the payment request should be sent to the first trusted execution environment TEE for processing because the security score is greater than the threshold value. At this point, the evaluation unit 52 will call the API interface 53 in the REE and send the payment request and the context identification of the first trusted execution environment to the operating system kernel driver REE OS54 of the rich execution environment.
(3) Because the first trusted execution environment VM TEE 1 is implemented based on a virtual machine, the operating system kernel driver in the REEs OS64 needs to invoke HVC (hypervisor call) instructions to compile the payment request after receiving the environment identifier of the first trusted execution environment, and sends the compiled HVC instructions to the hypervisor81 located in the EL2 layer virtual machine manager.
(4) The virtual machine manager hypervisor81 analyzes the HVC, and sends an account login request obtained by analysis to the operating system VM TEE 1OS631 of the first trusted execution environment.
(5) The operating system VM TEE 1OS631 of the first trusted execution environment distributes the payment request and sends the payment request to the face identified first trusted application TA611 in VM TEE 1.
(6) The first trusted application TA611 for face recognition starts based on the payment request and collects, compares and analyzes the facial image of the user, obtains a processing result, and returns the processing result of "pass facial recognition" or "fail facial recognition" to the operating system VM TEE 1OS631 of the first trusted execution environment by calling the interface 621 of the first trusted execution environment VM TEE 1.
(7) The operating system VM TEE 1OS631 of the first trusted execution environment returns the processing result to the hypervisor81 by calling the HVC instruction.
(8) Hypervisor81 parses the HVC instruction and returns the processing result obtained after parsing to REE OS54.
(9) The REE OS54 returns the processing result of "face recognition pass" or "face recognition fail" to the payment class application CA51.
It is known that, after the reference number (9), the process of executing the payment processing or rejecting the support processing by the payment application CA according to the processing result is further included, and the following steps are not described in detail in this embodiment.
Fig. 12 is a schematic diagram of a sixth interaction flow in a terminal device according to the present application, in which fig. 12 illustrates a service processing flow when a security score of a service is less than or equal to a threshold by taking a service processing request as an account login request as an example, and reference numerals (1) to (9) illustrate processing flows of the account login request in the terminal device.
As shown in fig. 12, the video application CA in the re generates an account login request in response to an account login operation triggered by the user.
(1) The video application CA55 sends the account login request to the evaluation unit 52, and the evaluation unit 52 performs security evaluation on the video service corresponding to the account login request.
(2) After the evaluation unit 52 calculates the security score of the video traffic, the account login request should be sent to the second trusted execution environment VM TEE 2 for processing because the security score is smaller than the threshold value. At this point, the evaluation service will call the API interface 53 in the REE and send the account login request and the environment identification of the second trusted execution environment-one to the operating system kernel driver REE OS54 of the rich execution environment.
(3) Because the second trusted execution environment is implemented based on a virtual machine, the operating system kernel driver in the REEs OS54 needs to invoke HVC (hypervisor call) instructions to compile the account login request after receiving the environment identifier of the second trusted execution environment, and sends the compiled HVC instructions to the hypervisor81 located in the EL2 layer virtual machine manager.
(4) The virtual machine manager hypervisor81 parses the HVC, and sends the account login request obtained by parsing to the operating system VM TEE 2OS632 of the second trusted execution environment.
(5) The operating system VM TEE 2OS632 of the second trusted execution environment distributes account login requests to send account login requests to the face-identified second trusted application TA612 in the second trusted execution environment.
(6) The trusted application TA612 for face recognition starts based on the account login request, collects, compares and analyzes facial images of the user, obtains processing results, and returns processing results of "pass facial recognition" or "fail facial recognition" to the operating system VM TEE 2OS632 of the second trusted execution environment by calling the interface 622 of the second trusted execution environment TEE.
(7) The operating system VM TEE 2OS632 of the second trusted execution environment returns the processing results to hypervisor81 by invoking HVC instructions.
(8) The hypervisor81 analyzes the HVC instruction, and returns the processing result obtained after the analysis to the reeos 54.
(9) The REE OS54 returns the processing result of "face recognition pass" or "face recognition fail" to the video class application CA55.
It can be known that after the reference number (9), the method further includes that the video application CA executes an account login process according to the processing result, and the following steps are not described in detail in this embodiment.
Fig. 13 is a schematic hardware structure of a service processing device according to an embodiment of the present application. Referring to fig. 13, the apparatus includes: memory 1301, processor 1302, and interface circuit 1303. Wherein the memory 1301, the processor 1302, the interface circuit 1303 may communicate; the memory 1301, the processor 1302, and the interface circuit 1303 may communicate through a communication bus, where the memory 1301 is configured to store computer execution instructions, and the processor 1302 controls the execution, and the interface circuit 1303 performs the communication, so as to implement the method for service processing provided by the embodiment of the present application.
Optionally, the interface circuit 1303 may also include a transmitter and/or a receiver. Alternatively, the processor 1302 may include one or more CPUs, but may be other general purpose processors, digital signal processors (digital signal processor, DSP), application specific integrated circuits (application specific integrated circuit, ASIC), or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present application may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in a processor for execution.
In a possible implementation manner, the computer-executed instructions in the embodiment of the present application may also be referred to as application program code, which is not limited in particular by the embodiment of the present application.
The service processing device provided in the embodiment of the present application is used for executing the service processing method in the above embodiment, and the technical principle and the technical effect are similar, and are not repeated here.
The embodiment of the application provides terminal equipment. The memory of the terminal device may be configured to store at least one program instruction, and the processor is configured to execute the at least one program instruction, so as to implement the technical solution of the foregoing method embodiment. The implementation principle and technical effects are similar to those of the related embodiments of the method, and are not repeated here.
The embodiment of the application provides a chip. The chip comprises a processor for invoking a computer program in a memory to perform the technical solutions in the above embodiments. The principle and technical effects of the present application are similar to those of the above-described related embodiments, and will not be described in detail herein.
An embodiment of the present application provides a computer program product, which when executed on a terminal device, causes the terminal device to execute the technical solution in the foregoing embodiment. The principle and technical effects of the present application are similar to those of the above-described related embodiments, and will not be described in detail herein.
The foregoing detailed description of the invention has been presented for purposes of illustration and description, and it should be understood that the foregoing is by way of illustration and description only, and is not intended to limit the scope of the invention.

Claims (18)

1. A method for processing service, characterized in that the method is applied to a terminal device, and a first trusted execution environment and a second trusted execution environment are operated in the terminal device;
the method comprises the following steps:
the terminal equipment acquires a first service processing request initiated by a first client application CA;
responding to the first service processing request, and determining to process the first service processing request by adopting the first trusted execution environment by the terminal equipment;
the terminal equipment acquires a second service processing request initiated by a second client application CA; the second service processing request and the first service processing request are requests aiming at the same type of service;
responding to the second service processing request, the terminal equipment determines to process the second service processing request by adopting the second trusted execution environment, and the security of the first trusted execution environment is higher than that of the second trusted execution environment;
The terminal equipment further comprises a trust zone TrustZone, a virtual machine and a security Monitor, wherein the virtual machine comprises a virtual machine manager Hypervisor, the first trusted execution environment operates in the trust zone TrustZone, and the second trusted execution environment operates in the virtual machine;
or alternatively; the terminal equipment further comprises a virtual machine, the virtual machine further comprises a virtual machine manager Hypervisor, and the first trusted execution environment and the second trusted execution environment are both operated in the virtual machine.
2. The method of claim 1, wherein the first trusted execution environment has a first trusted application TA running therein and the second trusted execution environment has a second trusted application TA running therein, the first trusted application TA and the second trusted application TA providing the same application functionality.
3. The method of claim 2, wherein the terminal device determining to process the first service processing request with the first trusted execution environment comprises:
the first trusted application TA processes the acquired first service processing request to obtain a first processing result;
And the terminal equipment returns the first processing result to the first client application CA.
4. The method of claim 2, wherein the terminal device processing the second service processing request using the second trusted execution environment comprises:
the second trusted application TA processes the acquired second service processing request to obtain a second processing result;
and the terminal equipment returns the second processing result to the second client application CA.
5. The method of claim 1, wherein the terminal device processes the first service processing request using the first trusted execution environment, the method further comprising:
the terminal equipment sends the first service processing request to the first trusted execution environment through the security Monitor;
the first trusted application TA in the first trusted execution environment processes the first service processing request to obtain a first processing result;
and the first trusted execution environment returns the first processing result to the first client application CA through the security Monitor.
6. The method of claim 1, wherein the terminal device processes the second service processing request using the second trusted execution environment, the method further comprising:
the terminal equipment sends the second service processing request to the second trusted execution environment through the virtual machine manager Hypervisor;
processing the second service processing request by a second trusted application TA in the second trusted execution environment to obtain a second processing result;
and the second trusted execution environment returns the second processing result to the second client application CA through the virtual machine manager Hypervisor.
7. The method of claim 1, wherein the terminal device processes the first service processing request using the first trusted execution environment, the method further comprising:
the terminal equipment sends the first service processing request to the first trusted execution environment through the virtual machine manager;
the first trusted application TA in the first trusted execution environment processes the first service processing request to obtain a first processing result;
And the first trusted execution environment returns the first processing result to the first client application CA through the virtual machine manager Hypervisor.
8. The method of claim 1, wherein the terminal device processes the second service processing request using the second trusted execution environment, the method further comprising:
the terminal equipment sends the second service processing request to the second trusted execution environment through the virtual machine manager Hypervisor;
processing the second service processing request by a second trusted application TA in the second trusted execution environment to obtain a second processing result;
and the second trusted execution environment returns the second processing result to the second client application CA through the virtual machine manager Hypervisor.
9. The method of any of claims 1-8, wherein the terminal device further comprises an operating system kernel driver; the terminal equipment also comprises an evaluation unit;
before the terminal device determines to process the first service processing request by adopting the first trusted execution environment, the method further comprises:
The evaluation unit performs security evaluation on the first service requested by the first service processing request to obtain a security score of the first service;
the evaluation unit sends the environment identifier of the first trusted execution environment to the kernel driver of the operating system according to the security score of the first service;
and the operating system kernel driver sends the first service processing request to the first trusted execution environment corresponding to the environment identifier according to the received environment identifier.
10. The method according to any of claims 1-8, wherein the terminal device further comprises an operating system kernel driver, and wherein the terminal device further comprises an evaluation unit;
before the terminal device adopts the second trusted execution environment to process the second service processing request, the method further comprises:
the evaluation unit performs security evaluation on the second service requested by the second service processing request to obtain a security score of the second service;
the evaluation unit sends the environment identifier of the second trusted execution environment to the kernel driver of the operating system according to the security score of the second service;
And the operating system kernel driver sends the second service processing request to the second trusted execution environment corresponding to the environment identifier according to the received environment identifier.
11. The method according to claim 9, wherein the evaluating unit performs security evaluation on the first service requested by the first service processing request to obtain a security score of the first service, including:
the evaluation unit acquires CA information of the first service requested by the first service processing request;
and the evaluation unit evaluates the security of the first service requested by the first service processing request according to the CA information of the first service to obtain the security score of the first service.
12. The method according to claim 10, wherein the evaluating unit performs security evaluation on the second service requested by the second service processing request, and obtains a security score of the second service, including:
the evaluation unit acquires CA information of the second service requested by the second service processing request;
and the evaluation unit evaluates the security of the second service requested by the second service processing request according to the CA information of the second service to obtain the security score of the second service.
13. The method according to claim 10 or 11, wherein the CA information comprises at least one of the following items of information:
signature type, service type, CA source information, trusted application specification information, abnormal performance information and equipment state information.
14. The method according to claim 11, wherein the evaluating unit performs security evaluation on the first service requested by the first service processing request according to CA information of the first service, to obtain a security score of the first service, including:
the evaluation unit calculates a risk coefficient of each information item in the CA information of the first service;
the evaluation unit calculates a security score of the first business according to the risk coefficient of each information item.
15. The method according to claim 12, wherein the evaluating unit performs security evaluation on the second service requested by the second service processing request according to CA information of the second service, to obtain a security score of the second service, including:
the evaluation unit calculates a risk coefficient of each information item in the CA information of the second service;
the evaluation unit calculates a security score of the second service according to the risk coefficient of each information item.
16. A terminal device, characterized in that the terminal device comprises a processor for invoking a computer program in memory for performing the method according to any of claims 1-15.
17. A computer readable storage medium storing computer instructions which, when run on a terminal device, cause the terminal device to perform the method of any of claims 1-15.
18. A chip comprising a processor for invoking a computer program in memory to perform the method of any of claims 1-15.
CN202310508051.4A 2021-11-11 2021-11-11 Service processing method and related device Pending CN116881901A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310508051.4A CN116881901A (en) 2021-11-11 2021-11-11 Service processing method and related device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202310508051.4A CN116881901A (en) 2021-11-11 2021-11-11 Service processing method and related device
CN202111335712.5A CN115017486B (en) 2021-11-11 2021-11-11 Service processing method and related device

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN202111335712.5A Division CN115017486B (en) 2021-11-11 2021-11-11 Service processing method and related device

Publications (1)

Publication Number Publication Date
CN116881901A true CN116881901A (en) 2023-10-13

Family

ID=83064555

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202310508051.4A Pending CN116881901A (en) 2021-11-11 2021-11-11 Service processing method and related device
CN202111335712.5A Active CN115017486B (en) 2021-11-11 2021-11-11 Service processing method and related device

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN202111335712.5A Active CN115017486B (en) 2021-11-11 2021-11-11 Service processing method and related device

Country Status (1)

Country Link
CN (2) CN116881901A (en)

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2746981A1 (en) * 2012-12-19 2014-06-25 ST-Ericsson SA Trusted execution environment access control rules derivation
CN103927477B (en) * 2014-04-28 2017-03-08 上海新储集成电路有限公司 A kind of safe mainboard and its application process
CN105809036B (en) * 2016-04-01 2019-05-10 中国银联股份有限公司 A kind of TEE access control method and the mobile terminal for realizing this method
CN107870788B (en) * 2016-09-26 2020-10-02 展讯通信(上海)有限公司 Starting method of terminal equipment under multiple trusted execution environments and terminal equipment
EP3644569B1 (en) * 2017-07-13 2021-09-29 Huawei Technologies Co., Ltd. Method and terminal for controlling trusted application access
CN109086100B (en) * 2018-07-26 2020-03-31 中国科学院信息工程研究所 High-security credible mobile terminal security system architecture and security service method
CN109522754B (en) * 2018-11-28 2021-11-19 中国科学院信息工程研究所 Core control method for trusted isolation environment of mobile terminal
CN111859457A (en) * 2020-07-31 2020-10-30 联想(北京)有限公司 Intelligent contract setting method and system
CN113138845A (en) * 2021-04-25 2021-07-20 北京小米移动软件有限公司 Fingerprint identification method, fingerprint identification device, terminal and storage medium

Also Published As

Publication number Publication date
CN115017486A (en) 2022-09-06
CN115017486B (en) 2023-05-23

Similar Documents

Publication Publication Date Title
US11461146B2 (en) Scheduling sub-thread on a core running a trusted execution environment
US9280655B2 (en) Application authentication method and electronic device supporting the same
US11106328B1 (en) Private control interfaces for extended reality
US11295008B2 (en) Graphics processing unit accelerated trusted execution environment
US20220114014A1 (en) Methods and system for on-device ai model parameter run-time protection
CN113821803B (en) Security architecture system, security management method and computing device
CN113032766B (en) Application authority management method and device
WO2014084914A1 (en) Secure environment for graphics processing units
CN107111511B (en) Access control method, device and system
CN111598573B (en) Equipment fingerprint verification method and device
WO2021120794A1 (en) Facial image transmission method, numerical value transfer method and apparatus, and electronic device
KR20140114263A (en) Application authentication method and electronic device implementing the same
CN115017486B (en) Service processing method and related device
CN115640116B (en) Service processing method and related device
US20140259155A1 (en) Process authentication method and electronic device implementing the same
CN116049813A (en) Touch screen data processing method, device and storage medium based on trusted execution environment
CN116415247A (en) Method and device for checking safety of container
CN113760090A (en) Business process execution method based on trusted execution environment and electronic equipment
CN115016886B (en) Service processing method and device
CN116051565B (en) Contact net defect target detection method and device based on structured light 3D point cloud
CN114154163B (en) Vulnerability detection method and device
CN116661584B (en) Resource scheduling method and related equipment
US20210359867A1 (en) Capability Enabling Method and Apparatus
CN117492634A (en) Data storage method and electronic equipment
CN116127475A (en) Method and device for protecting data in process

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination