CN116938463A - Application running environment credibility detection method, equipment and medium - Google Patents
Application running environment credibility detection method, equipment and medium Download PDFInfo
- Publication number
- CN116938463A CN116938463A CN202210351312.1A CN202210351312A CN116938463A CN 116938463 A CN116938463 A CN 116938463A CN 202210351312 A CN202210351312 A CN 202210351312A CN 116938463 A CN116938463 A CN 116938463A
- Authority
- CN
- China
- Prior art keywords
- signature
- information set
- application
- trusted
- terminal equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims description 15
- 238000000034 method Methods 0.000 claims abstract description 90
- 238000012795 verification Methods 0.000 claims description 50
- 150000003839 salts Chemical class 0.000 claims description 28
- 238000004590 computer program Methods 0.000 claims description 20
- 238000010586 diagram Methods 0.000 description 14
- 238000004891 communication Methods 0.000 description 13
- 230000007246 mechanism Effects 0.000 description 12
- 230000006870 function Effects 0.000 description 6
- 238000005192 partition Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000009434 installation Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000001680 brushing effect Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000013478 data encryption standard Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000013467 fragmentation Methods 0.000 description 1
- 238000006062 fragmentation reaction Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000011895 specific detection Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
- H04W12/106—Packet or message integrity
Abstract
The application provides a method, equipment and medium for detecting the credibility of an application running environment, and the technical scheme of the application utilizes the characteristic that codes and data in the credible execution environment cannot be cracked, modified and acquired by the outside, the credible application corresponding to the credible execution environment can acquire information related to the third party application running environment, the information is encrypted or signed by an asymmetric encryption algorithm and the like and then transmitted to a server, and the information can be verified only at the server, so that the probability of tampering the information is reduced, the credibility of the running environment of the third party application is detected based on the information more accurately, the running of the third party application under the credible running environment can be ensured finally, and the safety of the application running environment is improved.
Description
Technical Field
The embodiment of the application relates to the technical field of network security, in particular to a method, equipment and medium for detecting the credibility of an application running environment.
Background
The third party applications such as payment, finance, games and the like have higher credibility requirements on the running environment of the third party applications, and are mainly characterized in the following two aspects: on the one hand, in general, the terminal device may be attacked by root or malicious attack due to fragmentation, system loopholes and the like. When running an application on such a terminal device, an attacker may use tools such as hooks (hooks) or grabs packages to break the privacy of the user, confidential data of the application developer, game balance, etc. In other words, the terminal device where the third party application is located needs to have a certain reliability. On the other hand, however, since an attacker or adversary often has a higher authority on the terminal device, the third party application itself may also be attacked, in other words, the third party application itself needs to have a certain trust.
Based on the above, the method and the device for detecting the credibility of the application running environment, so as to ensure that the third party application runs in the credible running environment is a technical problem to be solved in the application.
Disclosure of Invention
The application provides a method, equipment and medium for detecting the credibility of an application running environment, so that the third party application can be ensured to run in the credible running environment.
In a first aspect, a method for detecting the credibility of an application running environment is provided, and the method includes: a third party application in the terminal equipment sends a request message to a mobile equipment integrity check module in the terminal equipment; the mobile device integrity checking module responds to the request message to acquire a first information set, wherein the first information set is used for detecting the credibility of the running environment of the third party application; the mobile equipment integrity checking module sends a first information set to a trusted application corresponding to a trusted execution environment in the terminal equipment; the trusted application generates a secondary certificate public-private key pair corresponding to the third party application; the trusted application acquires a second information set, wherein the second information set is used for detecting the credibility of the running environment; the trusted application signs the first information set and the second information set through a private key in a public-private key pair of the secondary certificate to obtain a first signature; the trusted application signs a first public key in a public-private key pair of the secondary certificate through a root certificate private key of the terminal equipment to obtain a second signature; the trusted application sends a first information set, a second information set, a first public key, a first signature and a second signature to an application server corresponding to the third party application through the mobile equipment integrity checking module and the third party application; the application server detects the legitimacy of the second signature; if the second signature is legal, the application server detects the validity of the first signature through the first public key; if the first signature is legal, the application server detects the legitimacy of each item of information in the first information set and the second information set; if all the information in the first information set and the second information set are legal, the application server determines that the running environment is credible; if the first signature is illegal, the second signature is illegal or at least one of the first information set and the second information set is illegal, the application server determines that the running environment is not trusted.
In a second aspect, a method for detecting the credibility of an application running environment is provided, including: a third party application in the terminal equipment sends a request message to a mobile equipment integrity check module in the terminal equipment; the mobile device integrity checking module responds to the request message to acquire a first information set, wherein the first information set is used for detecting the credibility of the running environment of the third party application; the mobile equipment integrity checking module sends a first information set to a trusted application corresponding to a trusted execution environment in the terminal equipment; the trusted application generates a secondary certificate public-private key pair corresponding to the third party application; the trusted application acquires a second information set, wherein the second information set is used for detecting the credibility of the running environment; the trusted application signs the first information set and the second information set through a private key in a public-private key pair of the secondary certificate to obtain a first signature; the trusted application signs a first public key in a public-private key pair of the secondary certificate through a root certificate private key of the terminal equipment to obtain a second signature; the trusted application sends the first information set, the second information set, the first public key, the first signature and the second signature to an application server corresponding to the third party application through the mobile equipment integrity checking module and the third party application, so that the application server detects the credibility of the running environment according to the first information set, the second information set, the first public key, the first signature and the second signature.
In a third aspect, a method for detecting the credibility of an application running environment is provided, and the method includes: the application server receives a first information set, a second information set and a first public key, a first signature and a second signature of a second-level certificate public-private key pair of the terminal equipment from a third-party application; the first information set and the second information set are both information sets for detecting the credibility of the running environment; the first signature is obtained by signing the first information set and the second information set by a trusted application corresponding to a trusted execution environment in the terminal equipment through a private key in a public-private key pair of a secondary certificate; the second signature is obtained by signing the first public key by the trusted application through a root certificate private key of the terminal equipment; the application server detects the legitimacy of the second signature; if the second signature is legal, the application server detects the validity of the first signature through the first public key; if the first signature is legal, the application server detects the legitimacy of each item of information in the first information set and the second information set; if all the information in the first information set and the second information set are legal, the application server determines that the running environment is credible; if the first signature is illegal, the second signature is illegal or at least one of the first information set and the second information set is illegal, the application server determines that the running environment is not trusted.
In a fourth aspect, a system for detecting the credibility of an application running environment is provided, including: terminal equipment and application server, terminal equipment includes: the mobile device comprises a third party application corresponding to an application server, a mobile device integrity checking module and a trusted application corresponding to a trusted execution environment; the third party application is used for sending a request message to the mobile device integrity checking module; the mobile device integrity checking module is used for responding to the request message to acquire a first information set and sending the first information set to the trusted application, wherein the first information set is used for detecting the credibility of the running environment of the third party application; trusted applications are used to: generating a second-level certificate public-private key pair corresponding to the third-party application; acquiring a second information set, wherein the second information set is used for detecting the credibility of the running environment; signing the first information set and the second information set through a private key in a public-private key pair of the second-level certificate to obtain a first signature; signing a first public key in a public-private key pair of the secondary certificate through a root certificate private key of the terminal equipment to obtain a second signature; transmitting a first information set, a second information set, a first public key, a first signature and a second signature to an application server corresponding to a third party application through a mobile equipment integrity checking module and the third party application; the application server is used for: detecting the legitimacy of the second signature; if the second signature is legal, detecting the validity of the first signature through the first public key; if the first signature is legal, detecting the legitimacy of each item of information in the first information set and the second information set; if all the information in the first information set and the second information set are legal, determining that the running environment is credible; if the first signature is illegal, the second signature is illegal or at least one item of information in the first information set and the second information set is illegal, determining that the running environment is not trusted.
In a fifth aspect, there is provided a terminal device, including: the mobile device comprises a third party application, a mobile device integrity checking module and a trusted application corresponding to a trusted execution environment; the third party application is used for sending a request message to the mobile device integrity checking module; the mobile device integrity checking module is used for responding to the request message to acquire a first information set and sending the first information set to the trusted application, wherein the first information set is used for detecting the credibility of the running environment of the third party application; trusted applications are used to: generating a second-level certificate public-private key pair corresponding to the third-party application; acquiring a second information set, wherein the second information set is used for detecting the credibility of the running environment; signing the first information set and the second information set through a private key in a public-private key pair of the second-level certificate to obtain a first signature; signing a first public key in a public-private key pair of the secondary certificate through a root certificate private key of the terminal equipment to obtain a second signature; and sending the first information set, the second information set, the first public key, the first signature and the second signature to an application server corresponding to the third party application through the mobile equipment integrity checking module and the third party application, so that the application server detects the credibility of the running environment according to the first information set, the second information set, the first public key, the first signature and the second signature.
In a sixth aspect, there is provided an application server comprising: the receiving module is used for receiving the first information set, the second information set and the first public key, the first signature and the second signature of the two-level certificate public-private key pair of the terminal equipment from the third party application; the first information set and the second information set are both information sets for detecting the credibility of the running environment; the first signature is obtained by signing the first information set and the second information set by a trusted application corresponding to a trusted execution environment in the terminal equipment through a private key in a public-private key pair of a secondary certificate; the second signature is obtained by signing the first public key by the trusted application through a root certificate private key of the terminal equipment; the detection module is used for: detecting the legitimacy of the second signature; if the second signature is legal, detecting the validity of the first signature through the first public key; if the first signature is legal, detecting the legitimacy of each item of information in the first information set and the second information set; if all the information in the first information set and the second information set are legal, determining that the running environment is credible; if the first signature is illegal, the second signature is illegal or at least one item of information in the first information set and the second information set is illegal, determining that the running environment is not trusted.
In a seventh aspect, there is provided an electronic device comprising: a processor and a memory for storing a computer program for invoking and running the computer program stored in the memory for performing the method as in any one of the first to third aspects or implementations thereof.
In an eighth aspect, a computer-readable storage medium is provided for storing a computer program, the computer program causing a computer to perform the method as in any one of the first to third aspects or implementations thereof.
A ninth aspect provides a computer program product comprising computer program instructions for causing a computer to perform the method as in any one of the first to third aspects or implementations thereof.
In a tenth aspect, there is provided a computer program that causes a computer to perform the method as in any one of the first to third aspects or implementations thereof.
By the technical scheme provided by the application, because the characteristics that codes and data in the trusted execution environment cannot be cracked, modified and acquired by the outside are utilized, the trusted application corresponding to the trusted execution environment can acquire the information related to the third party application operation environment, the information is encrypted or signed by using an asymmetric encryption algorithm and the like and then transmitted to the server, and the information can only be verified at the server, so that the probability of tampering of the information is reduced, and the reliability of detecting the third party application operation environment based on the information is more accurate. For payment type, finance type or game type applications, when the technical scheme provided by the application detects that the running environment of the third party application is not trusted, the user can be prompted to prohibit payment or illegal actions, so that the third party application can be ensured to run in the trusted running environment, and the user experience is further improved.
Meanwhile, the application provides a non-centralized detection method, namely, the application server only needs to go to the root certificate signing server to sign the second signature when the second signature is signed for the first time, and then the application server can finish signing the second signature according to the locally stored identification of the terminal equipment and the second public key of the second certificate, so that the business confidentiality of the application server itself, such as the data of the number of daily active users (Daily Active User, DAU) and the like of the third party application can be well protected.
Furthermore, in the application, the root certificate public-private key pair and the secondary certificate public-private key pair of the terminal equipment are realized on the basis of a one-machine one-secret mechanism, so that once the trusted execution environment of a certain terminal equipment is broken, other equipment of the same model and even all related equipment are not influenced in a large area, and the method has good safety. In addition, the anonymous identifier of the terminal equipment is generated based on a one-machine-type one-secret mechanism, so that the privacy security of the user is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 shows an application scenario diagram of the technical scheme of the present application;
FIG. 2 is an interactive flowchart of a method for detecting the credibility of an application running environment according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a first information set according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a signature verification packet according to an embodiment of the present application;
FIG. 5 is an interactive flowchart of another method for detecting the credibility of an application running environment according to an embodiment of the present application;
fig. 6 is a schematic diagram of a terminal device 600 according to an embodiment of the present application;
fig. 7 is a schematic diagram of an application server 700 according to an embodiment of the present application;
fig. 8 is a schematic diagram of a root certificate signing server 800 according to an embodiment of the present application;
fig. 9 is a schematic block diagram of an electronic device provided by an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Before introducing the technical scheme of the application, the following description will explain related knowledge of the technical scheme of the application:
trusted execution environment (Trusted Execution Environment, TEE): are commonly used for digital rights management (Digital Rights Management, DRM), mobile payment and sensitive data protection. Typically TEE is implemented on Android (Android) based on advanced reduced instruction set machine (Advanced RISC Machines, ARM) trusted area (trust zone). Safety characteristics: 1. under the protection of hardware mechanism, the application in the normal state can only communicate with the TEE through a specific portal. 2. In terms of a communication mechanism, the TEE can access a system in a common state, such as a memory of an Android operating system, and vice versa, such as that Android cannot directly access the memory in the TEE environment, and the like. 3. Certain hardware-based attacks can be resisted, and codes and data in the TEE cannot be cracked, modified and acquired by the outside in general.
Trusted application (Trusted Application, TA): which typically runs an application in a TEE environment.
A replay protection memory block (Replay Protected Memory Block, RPMB) to protect some system data from illegal deletion and access. The RPMB is directly subjected to security management by the TEE, only the TEE can access the content protected by the RPMB, and the storage of the RPMB to the data prevents replay attack by a built-in counter, a secret key and a Hash message authentication code (Hash-based Message Authentication Code, HMAC) checking mechanism, so that the data is ensured not to be maliciously overwritten or tampered.
One machine one cipher: each terminal device has a unique public-private key pair, and the public-private key pair of any other terminal device is different. A one-machine-to-one mechanism is such that even if one terminal device is attacked, the public-private key pair of that device is compromised, but the other terminal devices are not affected.
One-machine type one-key: the terminal equipment of the same model adopts the same public and private key pairs, and the public and private key pairs of the terminal equipment of different models are different.
Random salt: a random factor for preventing the hash value from being broken.
Application (APP) signature: when an application developer issues an application, the application developer needs to generate a signature key pair of the application developer and safely store a private key. When the self-application is released, the APP is signed by using the private key, the signature is attached to the APP installation package, and the public key is attached to the APP installation package. When an application is installed on a system, the system uses the public key in the application to verify that the signature of the application is legitimate. Typically, the signature of an APP is long, and a hash algorithm, such as secure hash algorithm 1 (Secure Hash Algorithm 1, sha-1), is used to calculate the signature and then serve as a representation of the signature.
A mobile device integrity check (Mobile Device Integrity Checker, MDIC) module, also known as a mobile device integrity check service, is primarily responsible for collecting or communicating information under system authority.
RSA: it is currently the most powerful public key encryption algorithm that is resistant to all cryptographic attacks known so far, and has been recommended by the international organization for standardization (International Organization for Standardization, ISO) as a public key data encryption standard. RSA is an asymmetric encryption algorithm, i.e. the encrypted key is different from the decrypted key, content encrypted using a private key can only be decrypted by a public key, content encrypted using a public key can only be decrypted by a private key.
SHA-256: for messages of arbitrary length, SHA256 generates a 256-bit hash value, called a message digest. This summary corresponds to an array of 32 bytes in length, typically represented by a hexadecimal string of length 64, where 1 byte = 8 bits and a hexadecimal character is 4 bits in length.
Device identification (Identity, ID): a series of serial numbers uniquely identifying a terminal device. It is generally necessary to ensure that the device IDs of any two devices are inconsistent and difficult to forge and modify, but since the device IDs can uniquely identify the user, once collected, it may cause an infringement on the privacy of the user.
Fig. 1 illustrates an application scenario diagram of the technical solution of the present application, as shown in fig. 1, a terminal device 110 may be installed with a third party application and a trusted application corresponding to a trusted execution environment, and has a mobile device integrity checking module, where communication between the mobile device integrity checking module and the third party application and the trusted application is implemented through an application program interface (Application Programming Interface, API). The application server 120 corresponding to the third party application may be in communication with the third party application, and the application server 120 may be in communication with the root certificate verification server 130.
Alternatively, the third party application may be a payment type, financial type, gaming type, etc. application, as the application is not limited in this regard.
Alternatively, the terminal device 110 and the application server 120 may be directly or indirectly connected through wired or wireless communication, which is not limited herein. For example: communication between the application server 120 and third party applications may be implemented based on a fifth generation (the 5th Generation,5G) communication system, a fourth generation (the 4th Generation,4G) communication system, a third generation (the 3th Generation,3G) communication system, wireless fidelity (Wireless Fidelity, wiFi), or other wireless communication technology.
Alternatively, the terminal device 110 may be a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a smart watch, a vehicle-mounted terminal, a smart television, or the like, but is not limited thereto.
Alternatively, the application server 120 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server that provides a cloud computing service.
Alternatively, the root certificate signing server 130 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server that provides a cloud computing service.
Optionally, when the user clicks the third party application, the method for detecting the credibility of the application running environment can be automatically triggered.
As described above, the third party applications such as payment, finance, gaming, etc. generally have a high requirement on the credibility of their own running environments, and based on this, the credibility of the application running environments is detected, so as to ensure that the third party applications run in the credible running environments is a technical problem to be solved in the present application.
In order to solve the technical problems, the method mainly utilizes the characteristic that codes and data in the trusted execution environment cannot be cracked, modified and acquired by the outside, the trusted application corresponding to the trusted execution environment can acquire information related to the third party application operation environment, the information is encrypted or signed by utilizing an asymmetric encryption algorithm and the like and then transmitted to a server, and the information can be verified only at the server.
The technical scheme of the application will be described in detail as follows:
fig. 2 is an interaction flow chart of a method for detecting credibility of an application running environment according to an embodiment of the present application, where an execution body involved in the method may include: terminal equipment and application server, this terminal equipment can include: the third party application, the mobile device integrity verification module and the trusted application corresponding to the trusted execution environment, as shown in fig. 2, the method comprises:
s201: the third party application sends a request message to the mobile device integrity checking module;
optionally, the request message is used to request the mobile device integrity check module to acquire the first information set.
Optionally, the third party application may obtain a first random salt corresponding to the third party application from the application server; accordingly, the request message may include: a first random salt. Since the random salt is a random factor introduced to prevent the hash value from being broken, the first random salt has an effect of preventing playback of the third party application based on this.
S202: the mobile equipment integrity checking module responds to the request message to acquire a first information set;
it should be appreciated that the first set of information is a set of information for detecting the trustworthiness of the operating environment.
Optionally, the first set of information includes at least one of, but is not limited to: the method comprises the steps of signing of the third party application, package name-version number of the third party application, first random salt and version number of an integrity check module of the mobile device.
Fig. 3 is a schematic diagram of a first information set according to an embodiment of the present application, where, as shown in fig. 3, the first information set includes: the method comprises the steps of signing of the third party application, package name-version number of the third party application, first random salt and version number of an integrity check module of the mobile device.
Alternatively, since the third party application may be signed using a HASH algorithm, the signature of the third party application may be referred to as the HASH signature of the third party application, denoted APP-HASH. The package name-version number of the third party application may include: the package name and VERSION number of the third party application are denoted APP-PKG-VERSION.
Optionally, the mobile device integrity verification module obtains the signature of the third party application and the packet name-version number of the third party application by adopting an inter-process communication mode.
In an Android system, when a third party application invokes a mobile device integrity check module, a daemon of the mobile device integrity check module can acquire a process number of the third party application by using getCallingPid, and further acquire a signature of the third party application and a package name-version number of the third party application according to the process number of the third party application.
It should be appreciated that, since the version number of the mobile device integrity check module is the version number of the mobile device integrity check module itself, the mobile device integrity check module may directly obtain the version number.
S203: the mobile equipment integrity checking module sends a first information set to the trusted application;
s204: the trusted application generates a secondary certificate public-private key pair corresponding to the third party application;
optionally, after the trusted application obtains the first information set, an RSA algorithm may be used to directly generate a public-private key pair of the second certificate of the third party application, where the RSA algorithm may be a 2048-bit RSA algorithm or a 4096-bit RSA algorithm, and the trusted application may also use an elliptic curve cryptography algorithm (Elliptic Curves Cryptography, ECC) or an elliptic curve public-key cryptography algorithm SM2 to generate a public-private key pair of the second certificate of the third party application.
Alternatively, the trusted application may store a second-level certificate public-private key pair of the third-party application into the RPMB, the second-level certificate public-private key pair having a correspondence with a signature and/or package name of the third-party application. Based on the above, the subsequent trusted application may not need to generate the second-level certificate public-private key pair of the third-party application, and only needs to obtain the second-level certificate public-private key pair of the third-party application from the RPMB according to the correspondence between the second-level certificate public-private key pair and the signature and/or package name of the third-party application.
S205: the trusted application obtains a second information set;
the second set of information is a set of information for detecting the trustworthiness of the operating environment of the third party application.
Optionally, the second set of information comprises at least one of: status information of the terminal device, identity of the terminal device, module-version number of the trusted execution environment; wherein the module-version number of the trusted execution environment includes: the model of the terminal equipment and the version number of the trusted execution environment.
Alternatively, the status information of the terminal device may include: information on whether a bootloader (bootloader) of the terminal device is unlocked. Wherein, when bootloader is unlocked, it indicates that the terminal device has a risk of being root, that is, the terminal device itself is not trusted. Further, the state information of the terminal device may further include: information whether the integrity information of the system partition of the terminal device is modified. Wherein, when the integrity information of the system partition is modified, it indicates that the terminal device has a root risk, that is, the terminal device itself is not trusted.
Optionally, in the Android system, the system partition may be a boot partition of the terminal device, and the integrity information may be information in a verification boot.
Alternatively, the identity of the terminal device comprised by the second set of information may be a real identity of the terminal device.
Because the root certificate public-private key pair of the terminal equipment is realized based on a one-machine-one-secret mechanism, in other words, one terminal equipment corresponds to the unique root certificate public-private key pair, when the subsequent server side performs signature verification on the second signature, the identification of the terminal equipment is required to be obtained, but when the trusted application provides the real identification of the terminal equipment, the user privacy problem can be caused, so the trusted application does not provide the real identification of the terminal equipment, but the anonymous identification.
Alternatively, the anonymous identifications of the terminal devices are generated based on a one-machine-type-one-secret mechanism, in other words, for terminal devices of the same machine type, the trusted application may apply the same encryption key to them to generate the respective anonymous identifications.
Alternatively, the anonymous identifier of the terminal device may be generated based on a multi-model one-key or one-vendor one-key mechanism, which is not limited in this aspect of the application.
Optionally, the real identity of the terminal device is stored in the trusted execution environment, for example in the RPMB of the trusted execution environment. When the identifier of the terminal equipment is an anonymous identifier of the terminal equipment, the trusted application can take out the real identifier of the terminal equipment from a trusted execution environment, such as RPMB, and determine the model of the terminal equipment; further determining an encryption key corresponding to the machine type; adding a second random salt to the real identifier of the terminal equipment to obtain an addition result; and encrypting the addition result through the encryption key to obtain the anonymous identifier of the terminal equipment.
Alternatively, the trusted application may encrypt the addition result using a preset symmetric encryption algorithm or an asymmetric encryption algorithm. The symmetric encryption algorithm may be an advanced encryption standard (Advanced Encryption Standard, AES) encryption algorithm, but is not limited thereto. The asymmetric encryption algorithm may be an encryption algorithm of RSA, ECC, SM, SM1, etc., but is not limited thereto.
S206: the trusted application signs the first information set and the second information set through a private key in a public-private key pair of the secondary certificate to obtain a first signature;
alternatively, the trusted application may implement signing by using sha256+rsa algorithm when signing the first information set and the second information set by the private key in the public-private key pair of the secondary certificate, but is not limited thereto.
For example, the trusted application may first apply SHA256 algorithm to the first information set and the second information set to obtain hash values corresponding to the first information set and the second information set, and then sign the hash values by using a private key in a public-private key pair of the second certificate to obtain the first signature.
S207: the trusted application signs a first public key in a public-private key pair of the secondary certificate through a root certificate private key of the terminal equipment to obtain a second signature;
Alternatively, when the trusted application signs the first public key in the public-private key pair of the secondary certificate through the root certificate private key of the terminal device, the sha256+rsa algorithm may be used to implement the signature, but is not limited thereto.
For example, the trusted application may first apply SHA256 algorithm to the first public key to obtain a hash value corresponding to the first public key, and then sign the first public key with the root certificate private key to obtain the second signature.
Alternatively, the public-private key pair of the root certificate of the terminal device may be generated using an RSA algorithm, which may be a 2048-bit, 4096-bit RSA algorithm, ECC, SM2, or the like, but is not limited thereto.
S208: the trusted application sends a first information set, a second information set, a first public key, a first signature and a second signature to the mobile device integrity check module;
it should be appreciated that the information package formed by the first information set, the second information set, the first public key, the first signature, and the second signature may be referred to as a signature verification information package.
Alternatively, the root certificate private key of the terminal device may be burned into the terminal device.
Fig. 4 is a schematic diagram of a signature verification information packet according to an embodiment of the present application, as shown in fig. 4, where the signature verification information packet includes: the method comprises the steps of signing a third party application, a package name-version number of the third party application, a first random salt, a version number of a mobile device integrity check module, state information of a terminal device, identification of the terminal device, a module-version number of a trusted execution environment, a first signature, a first public key and a second signature.
S209: the mobile device integrity checking module sends a first information set, a second information set, a first public key, a first signature and a second signature to a third party application;
s210: the mobile equipment integrity checking module sends a first information set, a second information set, a first public key, a first signature and a second signature to an application server corresponding to the third party application;
s211: the application server detects the legitimacy of the second signature;
s212: if the second signature is legal, the application server detects the validity of the first signature through the first public key;
s213: if the first signature is legal, the application server detects the legitimacy of each item of information in the first information set and the second information set;
s214: if all the information in the first information set and the second information set are legal, the application server determines that the running environment is credible;
s215: if the first signature is illegal, the second signature is illegal or at least one of the first information set and the second information set is illegal, the application server determines that the running environment is not trusted.
Optionally, after the application server acquires the first information set, the second information set, the first public key, the first signature and the second signature, detecting validity of the second signature and the first signature, and under the condition that both the first signature and the second signature are legal, explaining that the first information set and the second information set protected by the first public key are complete, further, detecting validity of the first information set and the second information set by the application server, and determining that the operation environment of the third party application is credible only when all information in the first information set and the second information set are legal; and if the first signature is illegal, the second signature is illegal or at least one item of information in the first information set and the second information set is illegal, determining that the running environment of the third party application is not trusted.
It should be understood that the detection method provided by the present application is a non-centralized detection method, in other words, it is not necessary to use the root certificate verification server to verify the second signature each time, which is specifically as follows:
fig. 5 is an interaction flow chart of another method for detecting the credibility of an application running environment according to an embodiment of the present application, where S211 includes:
s510: the application server detects whether the local of the application server stores the identifier of the terminal equipment or not and the second public key of the secondary certificate corresponding to the terminal equipment;
s520-a: if the identification of the local storage terminal equipment of the application server is consistent with the first public key and the second public key, the application server determines that the second signature is legal;
s520-b: if the local of the application server does not store the identification of the terminal equipment or the first public key is inconsistent with the second public key, the application server sends the identification of the terminal equipment, the first public key and the second signature to the root certificate signing server;
s530-b: the root certificate signing verification server detects the legitimacy of the second signature according to the identification of the terminal equipment, the first public key and the second signature;
s540-b: the application server receives an indication message from the root certificate signing server, wherein the indication message is used for indicating the validity of the second signature.
Optionally, for the first acquired identifier of the terminal device, the application server may send the identifier of the terminal device and the second signature to the root certificate signing server, where the root certificate signing server locally stores a root certificate public key of the terminal device, and because the root certificate public-private key pair of the terminal device is implemented based on a one-machine-one-secret mechanism, the root certificate signing server determines the root certificate public key according to the identifier of the terminal device, and signs the second label through the root certificate public key.
Optionally, the identifier of the terminal device acquired by the application server may be a real identifier of the terminal device or may be an anonymous identifier, and if the identifier is a real identifier of the terminal device, the root certificate verification server may directly determine the root certificate public key according to the real identifier of the terminal device, because the root certificate verification server locally stores a correspondence relationship between the real identifier of the terminal device and the root certificate public key. If the identifier is the anonymous identifier of the terminal equipment, the root certificate verification server needs to decrypt the anonymous identifier to obtain the real identifier of the terminal equipment, and further, the root certificate public key is determined according to the real identifier of the terminal equipment.
Optionally, the root certificate verification server stores a decryption key corresponding to the model of the terminal device, based on which, after the root certificate verification server obtains the anonymous identifier of the terminal device, the model of the terminal device can be determined, and the decryption key corresponding to the model of the terminal device is determined according to the correspondence between the locally stored model and the decryption key; and decrypting the anonymous identifier of the terminal equipment through the decryption key to obtain the real identifier of the terminal equipment.
Optionally, when the identifier of the terminal device is an anonymous identifier of the terminal device, the application server may send a module-version number of the trusted execution environment to the root certificate verification server, where the module-version number of the trusted execution environment includes a model of the terminal device, that is, the root certificate verification server may determine the model of the terminal device through the module-version number of the trusted execution environment, so as to determine a decryption key corresponding to the model, and further may decrypt the anonymous identifier of the terminal device, to obtain a real identifier of the terminal device.
It should be understood that if the trusted application employs a symmetric encryption algorithm for the real identification of the terminal device, the decryption key herein is the encryption key employed by the trusted application for the real identification of the terminal device. If the trusted application employs an asymmetric encryption algorithm for the real identity of the terminal device, then the decryption key here is the private key of a certain key pair employed by the trusted application for the real identity of the terminal device when the public key of that key pair is encrypted.
Optionally, if the second signature is obtained through sha256+rsa algorithm, the root certificate signing server may first sign the second signature through a root certificate private key to obtain a hash value, and then the root certificate signing server may sign the first public key by sha256 to obtain a hash value, compare the two hash values, if the two hash values are the same, then the second signature is legal, otherwise, the second signature is illegal.
Optionally, if the local application server does not store the identifier of the terminal device and the second public key, after the indication message indicates that the second signature is legal, the identifier of the terminal device and the first public key are stored locally. Based on this, in the subsequent process, if the identity of the local storage terminal device of the application server and the first public key and the second public key agree, the second signature is explained to be legal, because the second signature has already been signed by the root certificate signing server.
Optionally, if the first signature is obtained through sha256+rsa algorithm, the application server may first verify the first signature through the first public key to obtain a hash value, then the application server may sign the first information set and the second information set with sha256 to obtain a hash value, compare the two hash values, if the two hash values are the same, it is indicated that the first signature is legal, otherwise, it is indicated that the first signature is illegal.
Alternatively, the application server may detect validity of each item of information in the first information set and the second information set as follows, but is not limited thereto:
optionally, if the first information set includes: the signature of the third party application is generated by the application server under normal conditions, so that the application server can know the correct signature of the third party application, further, the correct signature of the third party application can be compared with the signature of the third party application included in the first information set, and if the two signatures are consistent, the signature of the third party application is legal. If the two are inconsistent, the signature of the third party application is not legal.
It should be appreciated that if the signature of the third party application is not legitimate, it is indicative that the third party application is not legitimate, thus indicating that the operating environment of the third party application is not trusted.
Optionally, if the first information set includes: the package name-version number of the third party application can be obtained by the application server, further, the package name-version number of the third party application with the vulnerability can be compared with the package name-version number of the third party application included in the first information set, and if the package name-version number of the third party application with the vulnerability is consistent with the package name-version number of the third party application, the package name-version number of the third party application is illegal. If the two are inconsistent, the package name-version number of the third party application is legal.
It should be understood that if the package name-version number of the third party application is not legal, it indicates that the third party application is not legal, thus indicating that the running environment of the third party application is not trusted.
Optionally, if the first information set includes: the first random salt is generated by the application server under normal conditions, so that the application server can know the correct random salt of the third party application, further, the correct random salt of the third party application can be compared with the first random salt included in the first information set, and if the two are consistent, the first random salt is legal. If the two are not identical, the first random salt is illegal.
It should be appreciated that if the first random salt is not legitimate, it is indicative that the third party application is not legitimate, thus indicating that the operating environment of the third party application is not trusted.
Optionally, if the first information set includes: the version number of the mobile equipment integrity check module can be obtained by the application server, and further, the version number of the mobile equipment integrity check module with the vulnerability can be compared with the version number of the mobile equipment integrity check module included in the first information set, and if the version number of the mobile equipment integrity check module with the vulnerability is consistent with the version number of the mobile equipment integrity check module included in the first information set, the version number of the mobile equipment integrity check module is illegal. If the two are inconsistent, the version number of the integrity check module of the mobile device is legal.
It should be understood that if the version number of the integrity check module of the mobile device is not legal, it indicates that the terminal device is not trusted, thus indicating that the running environment of the third party application is not trusted.
Optionally, if the second set of information includes: the state information of the terminal equipment, and the application server determines that the bootloader of the terminal equipment is unlocked through the state information of the terminal equipment, or the integrity information of the system partition of the terminal equipment is modified although the bootloader is not unlocked, so that the state information of the terminal equipment is illegal. If the application server determines that the bootloader of the terminal equipment is not unlocked through the state information of the terminal equipment, or the bootloader is unlocked, but the integrity information of the system partition of the terminal equipment is not modified, the state information of the terminal equipment is legal.
It should be understood that if the state information of the terminal device is not legal, it indicates that the terminal device is not trusted, thus indicating that the running environment of the third party application is not trusted.
Optionally, if the second set of information includes: the identity of the terminal device may be obtained by the application server, and further, the application server may compare the legal identity of the terminal device with the identity of the terminal device included in the second information set, and if the two identities are consistent, the identity of the terminal device is legal. If the two are inconsistent, the identification of the terminal equipment is illegal.
It should be understood that if the identity of the terminal device is not legal, it indicates that the terminal device is not trusted, thus indicating that the operating environment of the third party application is not trusted.
Optionally, if the second set of information includes: the application server can acquire the module-version number of the trusted execution environment with the vulnerability, further, can compare the module-version number of the trusted execution environment with the vulnerability with the module-version number of the trusted execution environment contained in the two information sets, and if the two information sets are consistent, the module-version number of the trusted execution environment is illegal. If the two are inconsistent, the module-version number representing the trusted execution environment is legal.
It should be understood that if the module-version number of the trusted execution environment is not legal, it indicates that the terminal device is not legal, thus indicating that the execution environment of the third party application is not trusted.
Alternatively, when the application server determines that both the third party application and the terminal device are trusted, the operating environment of the third party application is determined to be trusted, and conversely, when the application server determines that the third party application and/or the terminal device are not trusted, the operating environment of the third party application is determined to be not trusted.
In summary, in the application, because the characteristics that codes and data in the trusted execution environment cannot be cracked, modified and acquired by the outside are utilized, the trusted application corresponding to the trusted execution environment can acquire information related to the third party application running environment, the information is encrypted or signed by using an asymmetric encryption algorithm and the like and then transmitted to the server, and the information can only be verified at the server, so that the probability of tampering of the information is reduced, and the reliability of detecting the running environment of the third party application based on the information is more accurate. For payment type or financial type applications, when the technical scheme provided by the application detects that the running environment of the third party application is not trusted, the user can be prompted to prohibit payment, so that the third party application can be ensured to run in the trusted running environment. For game applications, bootloader of terminal equipment is unlocked due to illegal actions such as external hanging or resource brushing, so that the technical scheme provided by the application can detect that the running environment of the third party application is not credible, so that the illegal actions are forbidden, and the game experience of a normal player can be improved.
Meanwhile, the application provides a non-centralized detection method, namely, the application server only needs to go to the root certificate signing server to sign the second signature when the second signature is signed for the first time, and then the application server can finish signing the second signature according to the locally stored identification of the terminal equipment and the second public key of the second certificate, so that the business confidentiality of the application server itself, such as DAU and other data of third party application, can be well protected.
Furthermore, in the application, the root certificate public-private key pair and the secondary certificate public-private key pair of the terminal equipment are realized on the basis of a one-machine one-secret mechanism, so that once the trusted execution environment of a certain terminal equipment is broken, other equipment of the same model and even all related equipment are not influenced in a large area, and the method has good safety. In addition, the anonymous identifier of the terminal equipment is generated based on a one-machine-type one-secret mechanism, so that the privacy security of the user is improved.
It should be noted that, the present application may also use a centralized detection method, that is, after the application server obtains the signature verification information packet, the signature verification information packet may be sent to the root certificate signature verification server, where the root certificate signature verification server directly detects the validity of the second signature, the first signature, and the information in the first information set and the second information set, and the specific detection method may refer to the detection method of the application server.
The application also provides a system for detecting the credibility of the application running environment, which comprises the following steps: terminal equipment and application server, terminal equipment includes: the mobile device comprises a third party application corresponding to an application server, a mobile device integrity checking module and a trusted application corresponding to a trusted execution environment; the third party application is used for sending a request message to the mobile device integrity checking module; the mobile device integrity checking module is used for responding to the request message to acquire a first information set and sending the first information set to the trusted application, wherein the first information set is used for detecting the credibility of the running environment of the third party application; trusted applications are used to: generating a second-level certificate public-private key pair corresponding to the third-party application; acquiring a second information set, wherein the second information set is used for detecting the credibility of the running environment; signing the first information set and the second information set through a private key in a public-private key pair of the second-level certificate to obtain a first signature; signing a first public key in a public-private key pair of the secondary certificate through a root certificate private key of the terminal equipment to obtain a second signature; transmitting a first information set, a second information set, a first public key, a first signature and a second signature to an application server corresponding to a third party application through a mobile equipment integrity checking module and the third party application; the application server is used for: detecting the legitimacy of the second signature; if the second signature is legal, detecting the validity of the first signature through the first public key; if the first signature is legal, detecting the legitimacy of each item of information in the first information set and the second information set; if all the information in the first information set and the second information set are legal, determining that the running environment is credible; if the first signature is illegal, the second signature is illegal or at least one item of information in the first information set and the second information set is illegal, determining that the running environment is not trusted.
Optionally, the trusted application is further for: determining the real identification of the terminal equipment and the model of the terminal equipment; determining an encryption key corresponding to the machine type; adding a second random salt to the real identifier of the terminal equipment to obtain an addition result; encrypting the addition result through an encryption key to obtain an anonymous identifier of the terminal equipment; wherein the second set of information comprises an anonymous identification of the terminal device.
Optionally, the application server is specifically configured to: detecting whether the local of the application server stores the identifier of the terminal equipment or not and a second public key of a secondary certificate corresponding to the terminal equipment; if the identification of the local storage terminal equipment of the application server is consistent with the first public key and the second public key, determining that the second signature is legal; if the local of the application server does not store the identification of the terminal equipment or the first public key is inconsistent with the second public key, the identification of the terminal equipment, the first public key and the second signature are sent to the root certificate signing server; the root certificate signing verification server is used for detecting the legitimacy of the second signature according to the identification of the terminal equipment, the first public key and the second signature; the application server receives an indication message from the root certificate signing server, wherein the indication message is used for indicating the validity of the second signature.
Optionally, the application server is further configured to: if the local of the application server does not store the identifier of the terminal equipment and the second public key, after the indication message indicates that the second signature is legal, the identifier of the terminal equipment and the first public key are stored locally.
Optionally, the identity of the terminal device is an anonymous identity of the terminal device; correspondingly, the application server is also used for sending a module-version number of the trusted execution environment to the root certificate verification server; the root certificate signing server is specifically configured to: and detecting the legitimacy of the second signature according to the identification of the terminal equipment, the module-version number of the trusted execution environment, the first public key and the second signature.
Optionally, the root certificate signing server is specifically configured to: determining the model of the terminal equipment according to the module-version number of the trusted execution environment; determining a decryption key corresponding to the machine type; decrypting the anonymous identifier of the terminal equipment through the decryption key to obtain the real identifier of the terminal equipment; determining a root certificate public key of the terminal equipment according to the real identifier of the terminal equipment; the legitimacy of the second signature is detected by the root certificate public key and the first public key.
Optionally, the third party application is further configured to obtain a first random salt corresponding to the third party application from the application server; accordingly, the first set of information includes: a first random salt.
The system for detecting the credibility of the application running environment provided by the application can be used for the method embodiment, and is not repeated here for brevity.
Fig. 6 is a schematic diagram of a terminal device 600 according to an embodiment of the present application, as shown in fig. 6, the terminal device 600 includes: the third party application 610, the mobile device integrity verification module 620 and the trusted application 630 corresponding to the trusted execution environment, where the third party application 610 is configured to send a request message to the mobile device integrity verification module 620; the mobile device integrity check module 620 is configured to respond to the request message to obtain a first information set, and send the first information set to the trusted application, where the first information set is an information set for detecting the trustworthiness of the running environment of the third party application 610; trusted application 630 is to: generating a second-level certificate public-private key pair corresponding to the third party application 610; acquiring a second information set, wherein the second information set is used for detecting the credibility of the running environment; signing the first information set and the second information set through a private key in a public-private key pair of the second-level certificate to obtain a first signature; signing a first public key in a public-private key pair of the secondary certificate through a root certificate private key of the terminal equipment to obtain a second signature; the mobile device integrity verification module 620 and the third party application 610 send the first information set, the second information set, the first public key, the first signature and the second signature to an application server corresponding to the third party application 610; so that the application server detects the trustworthiness of the running environment of the third party application according to the first information set, the second information set, the first public key, the first signature and the second signature.
Optionally, the first set of information includes at least one of: the method comprises the steps of signing a third party application, a package name-version number of the third party application, a first random salt corresponding to the third party application and a version number of a mobile device integrity check module.
Optionally, the third party application 610 is further configured to: acquiring a first random salt from an application server before the third party application 610 sends a request message to the mobile device integrity check module 620; accordingly, the request message includes: a first random salt.
Optionally, the second set of information comprises at least one of: status information of the terminal device, identity of the terminal device, module-version number of the trusted execution environment; wherein the module-version number of the trusted execution environment includes: the model of the terminal equipment and the version number of the trusted execution environment.
Optionally, the identity of the terminal device is an anonymous identity of the terminal device; trusted application 630 is also for: determining the real identification of the terminal equipment and the model of the terminal equipment; determining an encryption key corresponding to the machine type; adding a second random salt to the real identifier of the terminal equipment to obtain an addition result; and encrypting the addition result through the encryption key to obtain the anonymous identifier of the terminal equipment.
It should be understood that apparatus embodiments and method embodiments may correspond with each other and that similar descriptions may refer to the method embodiments. To avoid repetition, no further description is provided here. Specifically, the terminal device 600 shown in fig. 6 may perform method steps corresponding to the terminal device in the above method embodiment, and the foregoing and other operations and/or functions of each module in the terminal device 600 are respectively for implementing method steps corresponding to the terminal device in the above method embodiment, which are not described herein for brevity.
The terminal device 600 of the embodiment of the present application is described above in terms of functional modules with reference to the accompanying drawings. It should be understood that the functional module may be implemented in hardware, or may be implemented by instructions in software, or may be implemented by a combination of hardware and software modules. Specifically, each step of the method embodiment in the embodiment of the present application may be implemented by an integrated logic circuit of hardware in a processor and/or an instruction in a software form, and the steps of the method disclosed in connection with the embodiment of the present application may be directly implemented as a hardware decoding processor or implemented by a combination of hardware and software modules in the decoding processor. Alternatively, the software modules may be located in a well-established storage medium in the art such as random access memory, flash memory, read-only memory, programmable read-only memory, electrically erasable programmable memory, registers, and the like. The storage medium is located in a memory, and the processor reads information in the memory, and in combination with hardware, performs the steps in the above method embodiments.
Fig. 7 is a schematic diagram of an application server 700 according to an embodiment of the present application, as shown in fig. 7, the application server 700 includes: the receiving module 710 and the detecting module 720, the receiving module 710 is configured to receive a first information set, a second information set, and a first public key, a first signature and a second signature of a second certificate public-private key pair of the terminal device from the third party application; the first information set and the second information set are both information sets for detecting the credibility of the running environment; the first signature is obtained by signing the first information set and the second information set by a trusted application corresponding to a trusted execution environment in the terminal equipment through a private key in a public-private key pair of a secondary certificate; the second signature is obtained by signing the first public key by the trusted application through a root certificate private key of the terminal equipment; the detection module 720 is configured to: detecting the legitimacy of the second signature; if the second signature is legal, detecting the validity of the first signature through the first public key; if the first signature is legal, detecting the legitimacy of each item of information in the first information set and the second information set; if all the information in the first information set and the second information set are legal, determining that the running environment is credible; if the first signature is illegal, the second signature is illegal or at least one item of information in the first information set and the second information set is illegal, determining that the running environment is not trusted.
Optionally, the first set of information includes at least one of: the method comprises the steps of signing a third party application, a package name-version number of the third party application, a first random salt corresponding to the third party application and a version number of a mobile device integrity check module.
Optionally, the second set of information comprises at least one of: status information of the terminal device, identity of the terminal device, module-version number of the trusted execution environment; wherein the module-version number of the trusted execution environment includes: the model of the terminal equipment and the version number of the trusted execution environment.
Optionally, the detection module 720 is specifically configured to: detecting whether the local of the application server stores the identifier of the terminal equipment or not and a second public key of a secondary certificate corresponding to the terminal equipment; if the identification of the local storage terminal equipment of the application server is consistent with the first public key and the second public key, determining that the second signature is legal; if the local of the application server does not store the identification of the terminal equipment or the first public key is inconsistent with the second public key, the identification of the terminal equipment, the first public key and the second signature are sent to the root certificate signing server; so that the root certificate signing verification server detects the legitimacy of the second signature according to the identification of the terminal equipment, the first public key and the second signature; the receiving module 710 is further configured to receive an indication message from the root certificate verification server, where the indication message is used to indicate validity of the second signature.
Optionally, the identity of the terminal device is an anonymous identity of the terminal device; the application server 700 further includes: and a sending module 730, configured to send the module-version number of the trusted execution environment to the root certificate signing server, so that the root certificate signing server detects validity of the second signature according to the identifier of the terminal device, the module-version number of the trusted execution environment, the first public key and the second signature.
Optionally, the application server 700 further includes: and the storage module 740 is configured to store the identifier of the terminal device and the first public key to the local area after the indication message indicates that the second signature is legal if the identifier of the terminal device and the second public key are not stored in the local area of the application server.
It should be understood that apparatus embodiments and method embodiments may correspond with each other and that similar descriptions may refer to the method embodiments. To avoid repetition, no further description is provided here. Specifically, the application server 700 shown in fig. 7 may execute method steps corresponding to the application server in the above method embodiment, and the foregoing and other operations and/or functions of each module in the application server 700 are respectively for implementing method steps corresponding to the application server in the above method embodiment, which are not repeated herein for brevity.
The application server 700 of the embodiment of the present application is described above in terms of functional modules with reference to the accompanying drawings. It should be understood that the functional module may be implemented in hardware, or may be implemented by instructions in software, or may be implemented by a combination of hardware and software modules. Specifically, each step of the method embodiment in the embodiment of the present application may be implemented by an integrated logic circuit of hardware in a processor and/or an instruction in a software form, and the steps of the method disclosed in connection with the embodiment of the present application may be directly implemented as a hardware decoding processor or implemented by a combination of hardware and software modules in the decoding processor. Alternatively, the software modules may be located in a well-established storage medium in the art such as random access memory, flash memory, read-only memory, programmable read-only memory, electrically erasable programmable memory, registers, and the like. The storage medium is located in a memory, and the processor reads information in the memory, and in combination with hardware, performs the steps in the above method embodiments.
Fig. 8 is a schematic diagram of a root certificate verification server 800 according to an embodiment of the present application, as shown in fig. 8, the root certificate verification server 800 includes: a receiving module 810 and a detecting module 820, wherein the receiving module 810 is configured to receive an identifier of a terminal device from an application server, a first public key and a second signature of a public-private key pair of a secondary certificate of the terminal device; the detection module 820 is configured to detect validity of the second signature according to the identifier of the terminal device, the first public key and the second signature; the second signature is obtained by signing the first public key through a root certificate private key of the terminal equipment by a trusted application corresponding to a trusted execution environment of the terminal equipment.
Optionally, the identity of the terminal device is an anonymous identity of the terminal device; correspondingly, the receiving module 810 is further configured to: receiving a module-version number of the trusted execution environment; the detection module 820 specifically is configured to: and detecting the legitimacy of the second signature according to the identification of the terminal equipment, the module-version number of the trusted execution environment, the first public key and the second signature.
Optionally, the detection module 820 is specifically configured to: determining the model of the terminal equipment according to the module-version number of the trusted execution environment; determining a decryption key corresponding to the machine type; decrypting the anonymous identifier of the terminal equipment through the decryption key to obtain the real identifier of the terminal equipment; determining a root certificate public key of the terminal equipment according to the real identifier of the terminal equipment; the legitimacy of the second signature is detected by the root certificate public key and the first public key.
It should be understood that apparatus embodiments and method embodiments may correspond with each other and that similar descriptions may refer to the method embodiments. To avoid repetition, no further description is provided here. Specifically, the root certificate verification server 800 shown in fig. 8 may perform method steps corresponding to the root certificate verification server in the above method embodiment, and the foregoing and other operations and/or functions of each module in the root certificate verification server 800 are respectively for implementing the method steps corresponding to the root certificate verification server in the above method embodiment, which are not described herein for brevity.
The root certificate signing server 800 of the embodiment of the present application is described above in terms of functional modules with reference to the accompanying drawings. It should be understood that the functional module may be implemented in hardware, or may be implemented by instructions in software, or may be implemented by a combination of hardware and software modules. Specifically, each step of the method embodiment in the embodiment of the present application may be implemented by an integrated logic circuit of hardware in a processor and/or an instruction in a software form, and the steps of the method disclosed in connection with the embodiment of the present application may be directly implemented as a hardware decoding processor or implemented by a combination of hardware and software modules in the decoding processor. Alternatively, the software modules may be located in a well-established storage medium in the art such as random access memory, flash memory, read-only memory, programmable read-only memory, electrically erasable programmable memory, registers, and the like. The storage medium is located in a memory, and the processor reads information in the memory, and in combination with hardware, performs the steps in the above method embodiments.
Fig. 9 is a schematic block diagram of an electronic device provided in an embodiment of the present application, where the electronic device may be a terminal device, an application server, or a root certificate verification server in the foregoing method embodiment.
As shown in fig. 9, the electronic device may include:
a memory 910 and a processor 920, the memory 910 being configured to store a computer program and to transfer the program code to the processor 920. In other words, the processor 920 may call and run a computer program from the memory 910 to implement the method in the embodiment of the present application.
For example, the processor 920 may be configured to perform the above-described method embodiments according to instructions in the computer program.
In some embodiments of the application, the processor 920 may include, but is not limited to:
a general purpose processor, digital signal processor (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate array (Field Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like.
In some embodiments of the application, the memory 910 includes, but is not limited to:
volatile memory and/or nonvolatile memory. The nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable EPROM (EEPROM), or a flash Memory. The volatile memory may be random access memory (Random Access Memory, RAM) which acts as an external cache. By way of example, and not limitation, many forms of RAM are available, such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (Double Data Rate SDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), and Direct memory bus RAM (DR RAM).
In some embodiments of the application, the computer program may be partitioned into one or more modules that are stored in the memory 910 and executed by the processor 920 to perform the methods provided by the present application. The one or more modules may be a series of computer program instruction segments capable of performing the specified functions, which are used to describe the execution of the computer program in the electronic device.
As shown in fig. 9, the electronic device may further include:
a transceiver 930, the transceiver 930 being connectable to the processor 920 or the memory 910.
The processor 920 may control the transceiver 930 to communicate with other devices, and in particular, may send information or data to other devices or receive information or data sent by other devices. Transceiver 930 may include a transmitter and a receiver. Transceiver 930 may further include antennas, the number of which may be one or more.
It will be appreciated that the various components in the electronic device are connected by a bus system that includes, in addition to a data bus, a power bus, a control bus, and a status signal bus.
The present application also provides a computer storage medium having stored thereon a computer program which, when executed by a computer, enables the computer to perform the method of the above-described method embodiments. Alternatively, embodiments of the present application also provide a computer program product comprising instructions which, when executed by a computer, cause the computer to perform the method of the method embodiments described above.
When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the application, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital subscriber line (digital subscriber line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a digital video disc (digital video disc, DVD)), or a semiconductor medium (e.g., a Solid State Disk (SSD)), or the like.
Those of ordinary skill in the art will appreciate that the various illustrative modules and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be additional divisions when actually implemented, for example, multiple modules or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or modules, which may be in electrical, mechanical, or other forms.
The modules illustrated as separate components may or may not be physically separate, and components shown as modules may or may not be physical modules, i.e., may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. For example, functional modules in various embodiments of the present application may be integrated into one processing module, or each module may exist alone physically, or two or more modules may be integrated into one module.
The above is only a specific embodiment of the present application, but the protection scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered by the protection scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (16)
1. The method for detecting the credibility of the application running environment is characterized by comprising the following steps of:
a third party application in the terminal equipment sends a request message to a mobile equipment integrity check module in the terminal equipment;
The mobile device integrity checking module responds to the request message to acquire a first information set, wherein the first information set is used for detecting the credibility of the running environment of the third-party application;
the mobile equipment integrity checking module sends the first information set to a trusted application corresponding to a trusted execution environment in the terminal equipment;
the trusted application generates a secondary certificate public-private key pair corresponding to the third party application;
the trusted application obtains a second information set, wherein the second information set is used for detecting the credibility of the running environment;
the trusted application signs the first information set and the second information set through a private key in the public-private key pair of the secondary certificate to obtain a first signature;
the trusted application signs a first public key in the public-private key pair of the secondary certificate through a root certificate private key of the terminal equipment to obtain a second signature;
the trusted application sends the first information set, the second information set, the first public key, the first signature and the second signature to an application server corresponding to the third party application through the mobile equipment integrity checking module and the third party application;
The application server detects the validity of the second signature;
if the second signature is legal, the application server detects the validity of the first signature through the first public key;
if the first signature is legal, the application server detects the legitimacy of each item of information in the first information set and the second information set;
if all the information in the first information set and the second information set are legal, the application server determines that the running environment is credible;
and if the first signature is illegal, the second signature is illegal or at least one piece of information in the first information set and the second information set is illegal, the application server determines that the running environment is not trusted.
2. The method as recited in claim 1, further comprising:
the trusted application determines the real identifier of the terminal equipment and the model of the terminal equipment;
the trusted application determines an encryption key corresponding to the machine type;
the trusted application adds a second random salt to the real identifier of the terminal equipment to obtain an addition result;
the trusted application encrypts the addition result through the encryption key to obtain the anonymous identifier of the terminal equipment;
Wherein the second set of information comprises an anonymous identification of the terminal device.
3. The method according to claim 1 or 2, wherein the application server detecting the legitimacy of the second signature comprises:
the application server detects whether the application server locally stores the identifier of the terminal equipment and a second public key of a secondary certificate corresponding to the terminal equipment;
if the local storage of the application server is used for identifying the terminal equipment and the first public key is consistent with the second public key, the application server determines that the second signature is legal;
if the local of the application server does not store the identifier of the terminal device or the first public key is inconsistent with the second public key, the application server sends the identifier of the terminal device, the first public key and the second signature to a root certificate signing server;
the root certificate signing verification server detects the legitimacy of the second signature according to the identification of the terminal equipment, the first public key and the second signature;
the application server receives an indication message from the root certificate verification server, wherein the indication message is used for indicating the validity of the second signature.
4. A method according to claim 3, further comprising:
if the identifier of the terminal device and the second public key are not stored in the local area of the application server, the application server stores the identifier of the terminal device and the first public key in the local area after the indication message indicates that the second signature is legal.
5. A method according to claim 3, characterized in that the identity of the terminal device is an anonymous identity of the terminal device; correspondingly, the method further comprises the steps of:
the application server sends a module-version number of the trusted execution environment to the root certificate verification server;
the root certificate signing verification server detects the validity of the second signature according to the identification of the terminal equipment, the first public key and the second signature, and the root certificate signing verification server comprises:
the root certificate signing verification server detects the validity of the second signature according to the identification of the terminal device, the module-version number of the trusted execution environment, the first public key and the second signature.
6. The method of claim 5, wherein the root certificate verification server detecting the legitimacy of the second signature from the identity of the terminal device, the module-version number of the trusted execution environment, the first public key and the second signature comprises:
The root certificate signing verification server determines the model of the terminal equipment according to the module-version number of the trusted execution environment;
the root certificate signing verification server determines a decryption key corresponding to the machine type;
the root certificate signing verification server decrypts the anonymous identifier of the terminal equipment through the decryption key to obtain the real identifier of the terminal equipment;
the root certificate signing verification server determines a root certificate public key of the terminal equipment according to the real identifier of the terminal equipment;
the root certificate signing verification server detects the legitimacy of the second signature through the root certificate public key and the first public key.
7. The method according to claim 1 or 2, characterized in that before the third party application in the terminal device sends a request message to the mobile device integrity check module in the terminal device, further comprising:
the third party application obtains a first random salt corresponding to the third party application from the application server;
correspondingly, the first information set includes: the first random salt.
8. The method for detecting the credibility of the application running environment is characterized by comprising the following steps of:
a third party application in the terminal equipment sends a request message to a mobile equipment integrity check module in the terminal equipment;
The mobile device integrity checking module responds to the request message to acquire a first information set, wherein the first information set is used for detecting the credibility of the running environment of the third-party application;
the mobile equipment integrity checking module sends the first information set to a trusted application corresponding to a trusted execution environment in the terminal equipment;
the trusted application generates a secondary certificate public-private key pair corresponding to the third party application;
the trusted application obtains a second information set, wherein the second information set is used for detecting the credibility of the running environment;
the trusted application signs the first information set and the second information set through a private key in the public-private key pair of the secondary certificate to obtain a first signature;
the trusted application signs a first public key in the public-private key pair of the secondary certificate through a root certificate private key of the terminal equipment to obtain a second signature;
the trusted application sends the first information set, the second information set, the first public key, the first signature and the second signature to an application server corresponding to the third party application through the mobile equipment integrity checking module and the third party application, so that the application server detects the credibility of the running environment according to the first information set, the second information set, the first public key, the first signature and the second signature.
9. The method as recited in claim 8, further comprising:
the trusted application determines the real identifier of the terminal equipment and the model of the terminal equipment;
the trusted application determines an encryption key corresponding to the machine type;
the trusted application adds a second random salt to the real identifier of the terminal equipment to obtain an addition result;
the trusted application encrypts the addition result through the encryption key to obtain the anonymous identifier of the terminal equipment;
wherein the second set of information comprises an anonymous identification of the terminal device.
10. The method for detecting the credibility of the application running environment is characterized by comprising the following steps of:
the application server receives a first information set, a second information set and a first public key, a first signature and a second signature of a second-level certificate public-private key pair of the terminal equipment from a third-party application; the first information set and the second information set are both information sets for detecting the credibility of the running environment of the third party application; the first signature is obtained by signing the first information set and the second information set through a private key in the public-private key pair of the secondary certificate by a trusted application corresponding to a trusted execution environment in the terminal equipment; the second signature is obtained by signing the first public key by the trusted application through a root certificate private key of the terminal equipment;
The application server detects the validity of the second signature;
if the second signature is legal, the application server detects the validity of the first signature through the first public key;
if the first signature is legal, the application server detects the legitimacy of each item of information in the first information set and the second information set;
if all the information in the first information set and the second information set are legal, the application server determines that the running environment is credible;
and if the first signature is illegal, the second signature is illegal or at least one piece of information in the first information set and the second information set is illegal, the application server determines that the running environment is not trusted.
11. The method of claim 10, wherein the application server detecting the legitimacy of the second signature comprises:
the application server detects whether the application server locally stores the identifier of the terminal equipment and a second public key of a secondary certificate corresponding to the terminal equipment;
if the local storage of the application server is used for identifying the terminal equipment and the first public key is consistent with the second public key, the application server determines that the second signature is legal;
If the local of the application server does not store the identifier of the terminal device or the first public key is inconsistent with the second public key, the application server sends the identifier of the terminal device, the first public key and the second signature to a root certificate signing server; so that the root certificate signing verification server detects the validity of the second signature according to the identification of the terminal equipment, the first public key and the second signature;
the application server receives an indication message from the root certificate verification server, wherein the indication message is used for indicating the validity of the second signature.
12. A system for detecting the trustworthiness of an application running environment, comprising: the terminal equipment and the application server, the terminal equipment comprises: the mobile device comprises a third party application corresponding to the application server, a mobile device integrity check module and a trusted application corresponding to a trusted execution environment;
the third party application is used for sending a request message to the mobile equipment integrity checking module;
the mobile equipment integrity checking module is used for responding to the request message to acquire a first information set and sending the first information set to the trusted application, wherein the first information set is used for detecting the credibility of the running environment of the third party application;
The trusted application is for:
generating a second-level certificate public-private key pair corresponding to the third-party application;
acquiring a second information set, wherein the second information set is used for detecting the credibility of the running environment;
signing the first information set and the second information set through a private key in the public-private key pair of the secondary certificate to obtain a first signature;
signing a first public key in the public-private key pair of the secondary certificate through a root certificate private key of the terminal equipment to obtain a second signature;
transmitting the first information set, the second information set, the first public key, the first signature and the second signature to an application server corresponding to the third party application through the mobile equipment integrity checking module and the third party application;
the application server is used for:
detecting the legitimacy of the second signature;
if the second signature is legal, detecting the validity of the first signature through the first public key;
if the first signature is legal, detecting the legitimacy of each item of information in the first information set and the second information set;
if all the information in the first information set and the second information set are legal, determining that the running environment is credible;
And if the first signature is illegal, the second signature is illegal or at least one piece of information in the first information set and the second information set is illegal, determining that the running environment is not trusted.
13. A terminal device, comprising: the mobile device comprises a third party application, a mobile device integrity checking module and a trusted application corresponding to a trusted execution environment;
the third party application is used for sending a request message to the mobile equipment integrity checking module;
the mobile equipment integrity checking module is used for responding to the request message to acquire a first information set and sending the first information set to the trusted application, wherein the first information set is used for detecting the credibility of the running environment of the third party application;
the trusted application is for:
generating a second-level certificate public-private key pair corresponding to the third-party application;
acquiring a second information set, wherein the second information set is used for detecting the credibility of the running environment;
signing the first information set and the second information set through a private key in the public-private key pair of the secondary certificate to obtain a first signature;
Signing a first public key in the public-private key pair of the secondary certificate through a root certificate private key of the terminal equipment to obtain a second signature;
and sending the first information set, the second information set, the first public key, the first signature and the second signature to an application server corresponding to the third party application through the mobile equipment integrity checking module and the third party application, so that the application server detects the credibility of the running environment according to the first information set, the second information set, the first public key, the first signature and the second signature.
14. An application server, comprising:
the receiving module is used for receiving the first information set, the second information set and the first public key, the first signature and the second signature of the second-level certificate public-private key pair of the terminal equipment from the third-party application; the first information set and the second information set are both information sets for detecting the credibility of the running environment of the third party application; the first signature is obtained by signing the first information set and the second information set through a private key in the public-private key pair of the secondary certificate by a trusted application corresponding to a trusted execution environment in the terminal equipment; the second signature is obtained by signing the first public key by the trusted application through a root certificate private key of the terminal equipment;
The detection module is used for:
detecting the legitimacy of the second signature;
if the second signature is legal, detecting the validity of the first signature through the first public key;
if the first signature is legal, detecting the legitimacy of each item of information in the first information set and the second information set;
if all the information in the first information set and the second information set are legal, determining that the running environment is credible;
and if the first signature is illegal, the second signature is illegal or at least one piece of information in the first information set and the second information set is illegal, determining that the running environment is not trusted.
15. An electronic device, comprising:
a processor and a memory for storing a computer program, the processor being for invoking and running the computer program stored in the memory to perform the method of any of claims 1 to 11.
16. A computer readable storage medium storing a computer program for causing a computer to perform the method of any one of claims 1 to 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210351312.1A CN116938463A (en) | 2022-04-02 | 2022-04-02 | Application running environment credibility detection method, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210351312.1A CN116938463A (en) | 2022-04-02 | 2022-04-02 | Application running environment credibility detection method, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116938463A true CN116938463A (en) | 2023-10-24 |
Family
ID=88392977
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210351312.1A Pending CN116938463A (en) | 2022-04-02 | 2022-04-02 | Application running environment credibility detection method, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116938463A (en) |
-
2022
- 2022-04-02 CN CN202210351312.1A patent/CN116938463A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109361668B (en) | Trusted data transmission method | |
| EP3382933B1 (en) | Using a trusted execution environment as a trusted third party providing privacy for attestation | |
| TWI735691B (en) | Data key protection method, device and system | |
| CN110138799B (en) | SGX-based secure cloud storage method | |
| CN110677418B (en) | Trusted voiceprint authentication method and device, electronic equipment and storage medium | |
| EP1415430B1 (en) | A method and a system for processing information in an electronic device | |
| CN110519309B (en) | Data transmission method, device, terminal, server and storage medium | |
| US20170208049A1 (en) | Key agreement method and device for verification information | |
| KR100702499B1 (en) | System and method for guaranteeing software integrity | |
| CN113014539B (en) | Internet of things equipment safety protection system and method | |
| JP2013516685A (en) | System and method for enforcing computer policy | |
| US20240031129A1 (en) | Data encryption method, data decryption method, terminal, and storage medium | |
| Shepherd et al. | EmLog: tamper-resistant system logging for constrained devices with TEEs | |
| Johnston et al. | Recommendations for securing Internet of Things devices using commodity hardware | |
| CN113259123B (en) | Block chain data writing and accessing method and device | |
| CN112311718A (en) | Method, device and equipment for detecting hardware and storage medium | |
| CN111614621A (en) | Internet of things communication method and system | |
| CN114662087A (en) | Multi-terminal verification security chip firmware updating method and device | |
| CN112152802A (en) | Data encryption method, electronic device and computer storage medium | |
| CN109302442B (en) | Data storage proving method and related equipment | |
| CN109784072B (en) | Security file management method and system | |
| CN116484379A (en) | System starting method, system comprising trusted computing base software, equipment and medium | |
| CN114553566B (en) | Data encryption method, device, equipment and storage medium | |
| KR20130100032A (en) | Method for distributting smartphone application by using code-signing scheme | |
| CN106971105B (en) | IOS-based application program defense method against false face attack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |