CN117492634A

CN117492634A - Data storage method and electronic equipment

Info

Publication number: CN117492634A
Application number: CN202210878228.5A
Authority: CN
Inventors: 李忠月
Original assignee: Honor Device Co Ltd
Current assignee: Honor Device Co Ltd
Priority date: 2022-07-25
Filing date: 2022-07-25
Publication date: 2024-02-02

Abstract

The embodiment of the application is applicable to the technical field of data processing, and provides a data storage method and electronic equipment, which are applied to electronic equipment comprising at least two TEEs, wherein the at least two TEEs comprise a first TEE and a second TEE, the first TEE is a TEE which does not store a security key, the second TEE is a TEE which stores the security key, and the method comprises the following steps: the second TA sends a security key to the first TA, the first TA refers to a trusted application running on the first TEE, the second TA refers to a trusted application running in the second TEE, then the first TA obtains a first data packet according to the security key and data to be stored, the first TA sends the first data packet to the RPMB, and the RPMB stores the data to be stored based on the first data packet. That is, the function that an application running in each TEE in the multi-TEE architecture can write data to the RPMB can be implemented.

Description

Data storage method and electronic equipment

Technical Field

The present application relates to the field of data processing, and more particularly, to a data storage method and an electronic device.

Background

Replay protected memory block (Replay Protected Memory Block, RPMB) generally refers to a separate physical partition in memory that is often used to store sensitive data such as keys. The memory may include, among other things, a universal file memory (Universal Flash Storage, UFS) and an embedded multimedia memory card (Embedded Multi Media Card, eMMC).

With the continuous advancement of terminal technology, the multi-trusted execution environment (Trustedexecution environment, TEE) architecture becomes a common architecture. Typically, the Secure Key can only be stored in one TEE. Under the condition that the terminal equipment adopts a multi-TEE framework, because the Secure Key can only be stored in one TEE, other TEEs can not call the Secure Key to calculate data to obtain first authentication data, so that the RPMB can not finish authentication of data to be written, the RPMB can not store the data to be written, and the function that each TEE can not write the data into the RPMB can not be realized.

Based on this, how to implement how each TEE in the multi-TEE framework can write data to RPMB is a problem to be solved.

Disclosure of Invention

The application provides a data storage method which can realize the function that each TEE in a multi-TEE framework can write data into an RPMB.

In a first aspect, a data storage method is provided, where the method is applied to an electronic device, the electronic device includes at least two trusted execution environments TEE, the at least two TEE includes a first TEE and a second TEE, the first TEE refers to a TEE that does not store a security key, the second TEE refers to a TEE that stores a security key, and the security key refers to a key that verifies stored data by replaying a protection memory block RPMB; comprising the following steps:

The second trusted application TA sends a security key to the first trusted application TA, the first TA being a trusted application running on the first TEE, the second TA being a trusted application running in the second TEE;

the first TA obtains a first data packet according to the security key and the data to be stored;

the first TA sends a first data packet to the RPMB;

the RPMB stores data to be stored based on the first data packet.

The data storage method provided in the embodiment of the application is applied to an electronic device including at least two TEEs, wherein the at least two TEEs include a first TEE and a second TEE, the first TEE is a TEE which does not store a security key, and the second TEE is a TEE which stores a security key, and the method includes: the second TA sends a security key to the first TA, the first TA refers to a trusted application running on the first TEE, the second TA refers to a trusted application running in the second TEE, then the first TA obtains a first data packet according to the security key and data to be stored, the first TA sends the first data packet to the RPMB, and the RPMB stores the data to be stored based on the first data packet. That is, in the embodiment of the present application, since the security key is not stored in the first TEE, if the first TA running in the first TEE needs to store the data to be stored in the RPMB, the first TA cannot acquire the security key to perform authentication calculation on the data to be stored, so that the first TA cannot directly store the data to be stored in the RPMB; in the scheme of the application, since the security key is stored in the second TEE, the second TA in the second TEE can send the security key to the first TA running in the first TEE which does not store the security key, and then the first TA performs authentication calculation on the data to be stored according to the security key to obtain the first data packet, so that after the first data packet is received by the RPMB, the first data packet can be calculated and authenticated by the security key, and the data to be stored in the first data packet is stored under the condition that the authentication passes, and therefore the function that the application program running in each TEE in the multi-TEE architecture can write the data into the RPMB is realized.

With reference to the first aspect, in some implementation manners of the first aspect, the obtaining, by the first TA, a first data packet according to a security key and data to be stored includes:

when the counter is in an idle state, the first TA acquires a first count value, wherein the first count value is the count value of the counter at the current moment;

the first TA obtains a first data packet according to the first count value, the security key and the data to be stored.

The data storage method provided in the embodiment of the application is applied to an electronic device including at least two TEEs, wherein the at least two TEEs include a first TEE and a second TEE, the first TEE is a TEE which does not store a security key, and the second TEE is a TEE which stores a security key, and the method includes: the second TA sends the security key to the first TA, then the first TA determines whether the counter is in an idle state, acquires the count value of the counter when the counter is in the idle state, waits for acquiring the count value when the counter is in a busy state until the counter is in the idle state, and acquires the count value. And the first TA performs authentication calculation on the count value and the data to be stored by adopting the security key to obtain first authentication data, then obtains a first data packet according to the count value, the first authentication data and the data to be stored, and sends the first data packet to the RPMB. In this way, the count value adopted by the first authentication data in the first data packet sent by the first TA to the RPMB is the same as the count value adopted by the second authentication data obtained by checking the RPMB. The condition that the RPMB transmits a count value to the first TA operated in the first TEE in the process that the RPMB stores data transmitted by the second TA operated in the second TEE is avoided, and then the updated count value is adopted to verify the first data packet transmitted by the first TA after the RPMB stores the data transmitted by the second TA is caused. That is, by adopting the data storage method provided by the embodiment of the application, the situation that the count value adopted by the first TA to obtain the first authentication data is different from the count value adopted by the RPMB to verify the first data, and further the authentication is not passed due to the difference, and the RPMB cannot store the data to be stored sent by the first TA is avoided.

With reference to the first aspect, in certain implementations of the first aspect, the counter being in an idle state includes an RPMB currently being in a state of not storing data.

It should be understood that when the counter is in the idle state and the first TA obtains the count value from the counter, the counter may send the count value at the current time to the first TA, so that the first TA obtains the first authentication data by using the count value at the current time, and generates the first data packet sent to the RPMB according to the first authentication data, the count value at the current time and the data to be stored.

With reference to the first aspect, in some implementation manners of the first aspect, the obtaining, by the first TA, a first data packet according to a security key and data to be stored, further includes:

when the counter is in a busy state, the first TA is in a state of waiting for the first count value to be acquired, and the busy state includes a state in which the RPMB is currently storing data of the second TA.

It should be understood that the busy state includes a state where the RPMB is currently storing data of other TAs.

Illustratively, as shown in fig. 1, the process of RPMB storing data may include at least 3 steps, wherein, starting from returning the count value (i.e., the second step), the counter starts to be in a busy state until after the RPMB completes storing the data to be stored (corresponding to the third step shown in fig. 1), the state of the counter changes from the busy state to the idle state.

With reference to the first aspect, in some implementations of the first aspect, the first data packet further includes first authentication data, where the first authentication data is data obtained by performing authentication calculation on data to be stored by using a security key by a first TA, and the RPMB stores the data to be stored based on the first data packet, including:

the RPMB adopts a security key to carry out authentication calculation on the data to be stored in the first data packet to obtain second authentication data;

in case the second authentication data matches the first authentication data, the RPMB stores the data to be stored.

The data storage method provided in the embodiment of the application is applied to an electronic device including at least two TEEs, wherein the at least two TEEs include a first TEE and a second TEE, the first TEE is a TEE which does not store a security key, and the second TEE is a TEE which stores a security key, and the method includes: the second TA sends the security key to the first TA, then the first TA determines whether the counter is in an idle state, acquires the count value of the counter when the counter is in the idle state, and waits for acquiring the count value when the counter is in a busy state until the count value is acquired. The first TA uses the security key to carry out authentication calculation on the returned count value and the data to be stored to obtain first authentication data, then obtains a first data packet according to the count value, the first authentication data and the data to be stored, and sends the first data packet to the RPMB. And after the RPMB receives the first data packet, carrying out authentication calculation on the data to be stored in the first data packet by adopting a security key to obtain second authentication data, and storing the data to be stored under the condition that the second authentication data is matched with the first authentication data. Therefore, the data stored in the RPMB are all data passing the RPMB verification, and the safety of the data stored in the RPMB is improved.

With reference to the first aspect, in certain implementations of the first aspect, the authentication computation includes a hash HMAC computation.

In the embodiment of the application, the first TA performs authentication calculation on the data to be stored by adopting the secure key through hash operation to obtain the first authentication data, and because the hash operation is widely applied at present and is subjected to encryption algorithms of various forms of attacks, the first authentication data obtained through the hash operation is more reliable encryption data, and the security of a first data packet obtained according to the first authentication data and the data to be stored is improved.

With reference to the first aspect, in some implementations of the first aspect, the data to be stored calls, for the first TA, data acquired by the first sensor.

In the data storage method provided in the embodiment of the present application, the data to be stored may refer to data acquired by calling the first sensor by the first TA, where the sensor generally needs to be called by the corresponding TA, so, in the case that the TEE where the first TA corresponding to the first sensor is located does not store the security key, the data acquired by the first sensor may be stored in the RPMB by using the data storage method provided in the embodiment of the present application, so that security of the data acquired by the first sensor is improved.

With reference to the first aspect, in certain implementations of the first aspect, the first sensor includes a fingerprint sensor.

According to the data storage method provided by the embodiment of the application, as the first sensor comprises the fingerprint collector, the first TA calls the fingerprint collector to collect the data to be stored as fingerprint data. Also, since fingerprint data is generally used for encryption, it is data having a relatively high security level, and thus needs to be stored in RPMB. Under the condition that a security key is not stored in the TEE where the trusted application connected with the fingerprint sensor is located, the data storage method provided by the embodiment of the application can be adopted to store fingerprint data in the RPMB, so that the security of the fingerprint data is improved.

In a second aspect, there is provided a data storage device comprising means for performing any of the methods of the first aspect. The device can be a terminal device or a chip in the terminal device. The apparatus may include an acquisition unit and a processing unit.

When the apparatus is a terminal device, the processing unit may be a processor, and the input unit may be a communication interface; the terminal device may further comprise a memory for storing computer program code which, when executed by the processor, causes the terminal device to perform any of the methods of the first aspect.

When the device is a chip in the terminal device, the processing unit may be a processing unit inside the chip, and the input unit may be an output interface, a pin, a circuit, or the like; the chip may also include memory, which may be memory within the chip (e.g., registers, caches, etc.), or memory external to the chip (e.g., read-only memory, random access memory, etc.); the memory is for storing computer program code which, when executed by the processor, causes the chip to perform any of the methods of the first aspect.

In one possible implementation, the memory is used to store computer program code; a processor executing the computer program code stored in the memory, the processor, when executed, configured to perform: the second trusted application TA sends a security key to the first trusted application TA, the first TA being a trusted application running on the first TEE, the second TA being a trusted application running in the second TEE; the first TA obtains a first data packet according to the security key and the data to be stored; the first TA sends a first data packet to the RPMB; the RPMB stores data to be stored based on the first data packet.

In a third aspect, there is provided a computer readable storage medium storing computer program code which, when executed by data storage means, causes the data storage means to perform any one of the data storage methods of the first aspect.

In a fourth aspect, there is provided a computer program product comprising: computer program code which, when run by a data storage device, causes the data storage device to perform any of the device methods of the first aspect.

Drawings

FIG. 1 is a schematic flow chart of RPMB write data;

FIG. 2 is a schematic diagram of a hardware system suitable for use with the electronic device of the present application;

FIG. 3 is a schematic diagram of a software system suitable for use with the electronic device of the present application;

fig. 4 is a schematic diagram of an application scenario provided in an embodiment of the present application;

FIG. 5 is a schematic diagram of an electronic device for data storage according to an embodiment of the present application;

FIG. 6 is a schematic flow chart of a data storage method according to an embodiment of the present disclosure;

FIG. 7 is a schematic diagram of another electronic device for data storage provided by embodiments of the present application;

FIG. 8 is a flowchart of another data storage method according to an embodiment of the present disclosure;

FIG. 9 is a schematic diagram of another electronic device for data storage provided by embodiments of the present application;

FIG. 10 is a flowchart of another data storage method according to an embodiment of the present disclosure;

FIG. 11 is a schematic diagram of an electronic device for data storage provided herein;

fig. 12 is a schematic diagram of an electronic device for data storage provided herein.

Detailed Description

The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application. Wherein, in the description of the embodiments of the present application, "/" means or is meant unless otherwise indicated, for example, a/B may represent a or B; "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In addition, in the description of the embodiments of the present application, "plurality" means two or more than two.

The terms "first," "second," "third," and the like, are used below for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first", "a second", or a third "may explicitly or implicitly include one or more such feature.

For ease of understanding, the description of the concepts related to the embodiments of the present application is given in part by way of example for reference.

1、RPMB

RPMB refers to an independent physical partition in memory, and is generally used to store data required for preventing illegal tampering, such as public keys, serial numbers, etc. related to fingerprint payment on a mobile phone. Typically, the RPMB will authenticate the write operation, but the read operation does not require authentication.

It will be appreciated that during the production of electronic devices, a unique security key is generated for each electronic device and programmed into the OTP area in the memory of the electronic device. The OTP area refers to an area that can be written only once. While the Host of the electronic device will store the secure key in a secure execution environment (e.g., TEE). The security key may be used by the RPMB to authenticate when the Host writes data to the RPMB.

Illustratively, the writing of data to a Device (e.g., UFS) by a Host (trusted application TA in TEE) is illustrated.

As shown in fig. 1, the Host sends a read count value Write Cnt request and a random number to the Device to obtain a count value Write Cnt in the Device. After receiving a request for reading the count value Write Cnt, the Device calculates the count value Write Cnt and the random number by adopting the security key to generate a first MAC, and then fills the Write Cnt, the random number and the first MAC into a corresponding area of the RPMB data packet to generate the RPMB data packet, and sends the RPMB data packet to a Host. When the Host receives the RPMB data packet, performing HMAC calculation on the Write Cnt and the random number in the RPMB data packet by adopting a security key to obtain a second MAC, comparing whether the values of the first MAC and the second MAC are consistent, comparing whether the random number sent to the Device by the Host is consistent with the random number in the RPMB data packet when the values of the first MAC and the second MAC are consistent, and determining the Write Cnt trust in the RPMB data packet when the random number sent to the Device by the Host is consistent with the random number in the RPMB data packet.

Further, the Host uses the security key to perform HMAC calculation on the destination address of the data to be stored, the data to be stored and the Write Cnt to obtain a third MAC, and fills the third MAC into the MAC area in the RPMB data packet to obtain an updated RPMB data packet, and then sends the updated RPMB data packet to the Device. And (3) carrying out HMAC calculation on the destination address of the data to be stored, the data to be stored and the Write Cnt by using the security key to obtain a fourth MAC, comparing the fourth MAC with the third MAC, comparing whether the Write Cnt in the updated RPMB data packet is consistent with the Write Cnt in the Device under the condition that the fourth MAC is consistent with the third MAC, and storing the data to be stored in the updated RPMB data packet into the destination address corresponding to the data to be stored under the condition that the Write Cnt in the updated RPMB data packet is consistent with the Write Cnt in the Device, and carrying out 1 adding operation on the Write Cnt in the Device to obtain the updated Write Cnt.

2. Trusted execution environment (Trusted execution environment, TEE)

TEE refers to a separate secure operating environment in the terminal device, typically a logically isolated operating environment from the rich execution environment (Rich execution environment, REE). Strict protection measures are defined on the TEE, and the TEE can resist the software attack of easy operation of the conventional REE side. TEE is therefore commonly used to handle high security level tasks.

3. Rich execution environment (Rich execution environment, REE)

The REEs generally refer to general operating environments on terminal devices, which are operating environments without specific security functions. For example, the Andorid system, the IOS system, all belong to REEs.

The TEE and the REEs are isolated from each other, and usually the REEs cannot directly access hardware and software resources of the TEE and can only interact through authorized application programming interfaces.

4. Trusted application (Trusted Application, TA)

TA generally refers to an application running on a TEE. Security services can be provided for applications running outside the TEE.

5. Client application program (Client Application, CA)

CA generally refers to an application running on a REE.

6、Hypervisor

Hypervisor refers to an intermediate software layer running between the underlying physical server and the operating system through which all physical devices on the electronic device, including disks and memory, can be accessed. Hypervisor coordinates hardware resource access and protection between virtual machines. After the server is started, the Hypervisor loads the operating systems of all the virtual machine clients, and allocates memory, disks, networks and the like for the virtual machines. Based on the Hypervisor mechanism, the electronic device may support multiple TEEs to run simultaneously.

7、ATF

ATF(ARMFirmware) is a target +.>The bottom layer of open source firmware code given by the chip. The firmware divides the whole system into four operation levels, namely: EL0, EL1, EL2, and EL3. The running level of the application program is ELO, the running level of the driver is EL1, the running level of the Hypervisor module is EL2, and the running level of the ATF module is EL3.

The data storage method provided by the embodiment of the application can be applied to electronic equipment. Optionally, the electronic device includes a terminal device, which may also be referred to as a terminal (terminal), a User Equipment (UE), a Mobile Station (MS), a Mobile Terminal (MT), and so on. The terminal device may be a mobile phone, a smart television, a wearable device, a tablet (Pad), a computer with wireless transceiving function, a Virtual Reality (VR) terminal device, an augmented reality (augmented reality, AR) terminal device, a wireless terminal in industrial control (industrial control), a wireless terminal in unmanned driving (self-driving), a wireless terminal in teleoperation (remote medical surgery), a wireless terminal in smart grid (smart grid), a wireless terminal in transportation safety (transportation safety), a wireless terminal in smart city (smart city), a wireless terminal in smart home (smart home), or the like. The embodiment of the application does not limit the specific technology and the specific equipment form adopted by the terminal equipment.

By way of example, fig. 2 shows a schematic structural diagram of the electronic device 100. The electronic device 100 may include a processor 110, an external memory interface 120, an internal memory 121, a universal serial bus (universal serial bus, USB) interface 130, a charge management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2, a mobile communication module 150, a wireless communication module 160, an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, a sensor module 180, keys 190, a motor 191, an indicator 192, a camera 193, a display 194, and a subscriber identity module (subscriber identification module, SIM) card interface 195, etc. The sensor module 180 may include a pressure sensor 180A, a gyro sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, an ambient light sensor 180L, a bone conduction sensor 180M, and the like.

It is to be understood that the structure illustrated in the embodiments of the present application does not constitute a specific limitation on the electronic device 100. In other embodiments of the present application, electronic device 100 may include more or fewer components than shown, or certain components may be combined, or certain components may be split, or different arrangements of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.

The processor 110 may include one or more processing units, such as: the processor 110 may include an application processor (application processor, AP), a modem processor, a graphics processor (graphics processing unit, GPU), an image signal processor (image signal processor, ISP), a controller, a memory, a video codec, a digital signal processor (digital signal processor, DSP), a baseband processor, and/or a neural network processor (neural-network processing unit, NPU), etc. Wherein the different processing units may be separate devices or may be integrated in one or more processors.

The controller may be a neural hub and a command center of the electronic device 100, among others. The controller can generate operation control signals according to the instruction operation codes and the time sequence signals to finish the control of instruction fetching and instruction execution.

A memory may also be provided in the processor 110 for storing instructions and data. In some embodiments, the memory in the processor 110 is a cache memory. The memory may hold instructions or data that the processor 110 has just used or recycled. If the processor 110 needs to reuse the instruction or data, it can be called directly from the memory. Repeated accesses are avoided and the latency of the processor 110 is reduced, thereby improving the efficiency of the system.

The fingerprint sensor 180H is used to collect a fingerprint. The electronic device 100 may utilize the collected fingerprint feature to unlock the fingerprint, access the application lock, photograph the fingerprint, answer the incoming call, etc.

Optionally, the memory in the electronic device comprises eMMC and universal file storage (Universal File Store, UFS). Wherein RPMB in memory is typically used to store data with security requirements. When writing data into RPMB, authentication encryption by a pre-stored security key is required. The RPMB verifies the written data with the security key stored thereon, and after verification passes, the written data is stored on the RPMB.

It should be noted that any of the electronic devices mentioned in the embodiments of the present application may include more or fewer modules in the electronic device 100.

The software system of the electronic device 100 may employ a layered architecture, an event driven architecture, a microkernel architecture, a microservice architecture, or a cloud architecture. In this embodiment, taking an Android system with a layered architecture as an example, a software structure of the electronic device 100 is illustrated.

Fig. 3 is a software configuration block diagram of the electronic device 100 according to the embodiment of the present application.

The layered architecture of the electronic device 100 divides the software into several layers, each with a distinct role and division of labor. The layers communicate with each other through a software interface. In some embodiments, the Android system is divided into four layers, from top to bottom, an application layer, an application framework layer, an Zhuoyun row (Android run) and system libraries, and a kernel layer, respectively.

The application layer may include a series of application packages.

As shown in fig. 3, the application package may include applications for cameras, gallery, calendar, phone calls, maps, navigation, WLAN, bluetooth, music, video, short messages, etc.

The application framework layer provides an application programming interface (application programming interface, API) and programming framework for application programs of the application layer. The application framework layer includes a number of predefined functions.

As shown in FIG. 3, the application framework layer may include a window manager, a content provider, a view system, a telephony manager, a resource manager, a notification manager, and the like.

The window manager is used for managing window programs. The window manager can acquire the size of the display screen, judge whether a status bar exists, lock the screen, intercept the screen and the like.

The content provider is used to store and retrieve data and make such data accessible to applications. The data may include video, images, audio, calls made and received, browsing history and bookmarks, phonebooks, etc.

The view system includes visual controls, such as controls to display text, controls to display pictures, and the like. The view system may be used to build applications. The display interface may be composed of one or more views. For example, a display interface including a text message notification icon may include a view displaying text and a view displaying a picture.

The telephony manager is used to provide the communication functions of the electronic device 100. Such as the management of call status (including on, hung-up, etc.).

The resource manager provides various resources for the application program, such as localization strings, icons, pictures, layout files, video files, and the like.

The notification manager allows the application to display notification information in a status bar, can be used to communicate notification type messages, can automatically disappear after a short dwell, and does not require user interaction. Such as notification manager is used to inform that the download is complete, message alerts, etc. The notification manager may also be a notification in the form of a chart or scroll bar text that appears on the system top status bar, such as a notification of a background running application, or a notification that appears on the screen in the form of a dialog window. For example, a text message is prompted in a status bar, a prompt tone is emitted, the electronic device vibrates, and an indicator light blinks, etc.

Android run time includes a core library and virtual machines. Android run time is responsible for scheduling and management of the Android system.

The core library consists of two parts: one part is a function which needs to be called by java language, and the other part is a core library of android.

The application layer and the application framework layer run in a virtual machine. The virtual machine executes java files of the application program layer and the application program framework layer as binary files. The virtual machine is used for executing the functions of object life cycle management, stack management, thread management, security and exception management, garbage collection and the like.

The system library may include a plurality of functional modules. For example: surface manager (surface manager), media Libraries (Media Libraries), three-dimensional graphics processing Libraries (e.g., openGL ES), 2D graphics engines (e.g., SGL), etc.

The surface manager is used to manage the display subsystem and provides a fusion of 2D and 3D layers for multiple applications.

Media libraries support a variety of commonly used audio, video format playback and recording, still image files, and the like. The media library may support a variety of audio video encoding formats, such as: MPEG4, h.264, MP3, AAC, AMR, JPG, PNG, etc.

The three-dimensional graphic processing library is used for realizing three-dimensional graphic drawing, image rendering, synthesis, layer processing and the like.

The 2D graphics engine is a drawing engine for 2D drawing.

The kernel layer is a layer between hardware and software. The kernel layer at least comprises a display driver, a camera driver, an audio driver, a sensor driver, a Wi-Fi driver and the like.

It should be noted that, the electronic device according to the embodiment of the present application may include more or fewer modules in the electronic device.

The application scenario provided by the embodiment of the application is described below with reference to the accompanying drawings.

With the continuous development of terminal technology, the multi-TEE architecture becomes a common architecture. Illustratively, as shown in fig. 4, the terminal device includes two TEEs and RPMBs, which are a first TEE, a second TEE, and an RPMB, respectively. The first TEE stores no security key, and the second TEE stores the security key. Under the condition that the first TA running in the first TEE needs to write data into the RPMB, the first TA running in the first TEE can acquire a security key stored in the second TEE from a first channel between the first TEE and the second TEE, then obtain a first data packet according to the security key and the data to be stored, and send the first data to the RPMB so that the RPMB stores the data to be stored based on the first data.

The data to be stored may be data acquired by the first TA calling the first sensor. Illustratively, the first sensor is a fingerprint sensor, and the data to be stored may refer to fingerprint data collected by the first TA calling the fingerprint sensor.

Typically the fingerprint data is used for encrypting and decrypting in the terminal device, so that the fingerprint data needs to be stored in a secure area, e.g. RPMB. In the case that the first TA does not store the security key in the RPMB for verifying the data written in the RPMB, the first TA may acquire the security key through a data channel between the first TEE and the second TEE.

It should be understood that the foregoing is illustrative of an application scenario, and is not intended to limit the application scenario of the present application in any way.

The data storage method provided in the embodiment of the present application is described in detail below with reference to fig. 5 to 11.

For example, as shown in fig. 5, the electronic device includes a first TEE, which refers to a TEE that does not store a security key, and a second TEE, which refers to a TEE that stores a security key, between which there is a first channel for transmitting the security key.

A data storage method applied to the electronic device shown in fig. 5 is described in detail below with reference to fig. 6.

Fig. 6 is a flow chart of a data storage method according to an embodiment of the present application, and as shown in fig. 6, the method is applied to the electronic device shown in fig. 5. The method comprises the following steps:

s101, the second TA sends a security key to the first TA.

It should be appreciated that during the production of the electronic device, the security key may be programmed into a memory (e.g., RPMB) in the electronic device, and at the same time, written into the TEE, so that the TA running in the TEE may invoke the security key to encrypt the data to be stored when writing the data into the RPMB. In case the electronic device comprises at least two TEEs, the security key will typically only be written in one TEE.

It should be understood that the security key may be stored in any of the at least two TEEs.

Illustratively, the at least two TEEs include a first TEE, which refers to a TEE that does not store the security key, and a second TEE, which refers to a TEE that stores the security key. In the case where the first TA running in the first TEE needs to write data into the RPMB, the security key is not stored in the first TEE. Therefore, the first TA cannot invoke the security key to perform authentication calculation on the data to be stored (i.e., the first data to be stored), so that the first TA cannot directly send the data to be stored to the RPMB for storage. In this case, the second TA may transmit the security key stored in the second TEE to the first TA through the first channel between the first TEE and the second TEE.

It should be understood that the first TA refers to a trusted application running on a first TEE and the second TA refers to a trusted application running in a second TEE.

It should be appreciated that the Hypervisor module has the function of accessing all physical devices on the electronic device, including disk and memory. After the server is started, the Hypervisor module loads operating systems (including a first TEE and a second TEE) of all virtual machine clients, and allocates memory, disks and networks for the virtual machines. Therefore, the Hypervisor module can directly allocate data interfaces for the first TEE and the second TEE, so that data can be transmitted between the first TEE and the second TEE. The first channel may refer to the data interface allocated by the Hypervisor module.

S102, the first TA obtains a first data packet according to the security key and the data to be stored.

The data to be stored may refer to data acquired by the first TA on the first TEE.

Illustratively, the first TA in the first TEE is an application that requires encryption and decryption of fingerprint data. The data to be stored may refer to fingerprint data acquired by the first TA through the fingerprint acquirer.

Illustratively, the first TA in the first TEE is an application that requires encryption and decryption of sound data. The data to be stored may refer to sound data acquired by the first TA through the microphone.

Illustratively, the first TA in the first TEE is an application that requires a character password for encryption and decryption. The data to be stored may refer to character data obtained by the first TA through receiving a click operation of the user on the display screen.

Illustratively, the first TA in the first TEE is an application that requires encryption and decryption of the eye print data. The data to be stored may refer to eye pattern data acquired by the first TA through the camera.

The first TA in the first TEE is an application program that requires encryption and decryption of a face. The data to be stored may refer to face data acquired by the first TA through the camera.

The first TA may also be an application program that provides security services to the CA, and the data to be stored may refer to password data sent by the CA to the first TA, including, but not limited to, fingerprint data, voice data, character data, eye print data, and face data, as described above.

Optionally, the process of performing authentication calculation on the data to be stored by the first TA by using the security key may be that a count value of a counter in the RPMB is obtained, then authentication calculation is performed on the data to be stored and the count value by using the security key to obtain first authentication data, and then the first authentication data, the data to be stored and the count value are packaged to obtain the first data packet.

S103, the first TA sends a first data packet to the RPMB.

S104, the RPMB stores data to be stored based on the first data packet.

It should be understood that, after receiving the first data packet, the RPMB may first check the first data packet in order to ensure the security of the data stored in the RPMB, and store the data to be stored in the first data packet after the check passes.

For example, when the RPMB stores the data to be stored, the security key is required to be used for calculating the data to be stored to obtain second authentication data, and under the condition that the first authentication data and the second authentication data are the same, the authentication of the first data packet is determined to pass, and the data to be stored is stored.

By adopting the data storage method provided by the embodiment of the application, the first TA running in the first TEE and the second TA running in the second TEE can both write data into the RPMB. It should be appreciated that an application typically needs to obtain the count value of the current time of the counter in the RPMB when writing data to the RPMB. Illustratively, in the process of writing data into the RPMB, the first TA sends a write request to the RPMB through the kernel to obtain the count value of the counter in the RPMB. The kernel confirms the state of the counter first, and returns the count value of the current moment to the application program when the state of the counter is in an idle state. And the application program adopts the security key to carry out authentication calculation on the count value at the current moment and the data to be stored to obtain first authentication data, then generates a first data packet according to the first authentication data and the data to be stored, and sends the first data packet to the RPMB. After the RPMB receives the first data packet, checking the first authentication data, and storing the data to be stored after the first authentication data passes the check, wherein the count value of the counter is increased by one. When the RPMB stores data next time, the count value after adding one is returned to the application program, so that the application program performs authentication calculation according to the returned count value after adding one. Under the condition that both a first TA running in a first TEE and a second TA running in a second TEE can write data into an RPMB, when the first TA writes data into the RPMB, the second TA requests to write data into the RPMB, at the moment, the count value of a counter is not updated yet, the count value of the counter sent to the second TA may be the count value which is not updated yet, and thus the second TA performs authentication calculation by adopting the count value which is not updated yet, and the obtained authentication data is wrong. In order to avoid the situation that the authentication data is wrong due to the fact that the count value is not updated, in the process of writing data to the RPMB by one TA, the other TA can be in a state of waiting for the request of writing data to the RPMB. Therefore, the situation that the other TA performs authentication calculation by adopting the count value which is not updated yet and the obtained authentication data is wrong can be effectively avoided. The following is a description of fig. 7 to 10.

Fig. 7 is a schematic structural diagram of an electronic device suitable for use in an embodiment of the present application, and as shown in fig. 7, the electronic device includes a first TEE, a second TEE, a kernel, and an RPMB. The first TEE refers to a TEE which does not store a security key, and the second TEE refers to a TEE which stores a security key. The kernel includes a Hypervisor module. A counter is included in RPMB.

A data storage method applied to the electronic device shown in fig. 7 is described in detail below with reference to fig. 8.

Fig. 8 is a flowchart of a data storage method according to an embodiment of the present application, where the method is applied to the electronic device shown in fig. 7. As shown in fig. 8, the method includes:

s201, the second TA sends the security key to the first TA.

S202, the first TA determines that the counter is in an idle state or a busy state. If so, executing S204; if the busy state is the busy state, S203 is executed.

It should be understood that, during the process of storing data by the RPMB, the counter sends the count value of the current time to the TA writing data into the RPMB, and then after the RPMB completes the data storage this time, the count value of the counter is incremented by one to obtain the updated count value. The counter is in a busy state during the process of storing data in the RPMB, and is in an idle state when the RPMB stops storing data.

As can be seen from fig. 1, the process of RPMB storing data may include at least 3 steps, wherein from the return of the count value (i.e., the second step), the counter starts to be in a busy state until after the RPMB completes the storage of the data to be stored (corresponding to the third step shown in fig. 1), the state of the counter changes from the busy state to the idle state.

Optionally, the counter being in an idle state includes the RPMB currently being in a state of not storing data.

Illustratively, in the case where the first TA sends a write request to the kernel, the counter is in a busy state when the RPMB is currently in a state to store data written by the second TA (i.e., the other TA).

Illustratively, in the case where the second TA sends a write request to the kernel, the counter is in a busy state when the RPMB is currently in a state to store data written by the first TA (i.e., the other TA).

S203, the first TA is in a state of waiting for acquiring the count value until the counter is in an idle state.

S204, the first TA acquires a count value (corresponding to the first count value) of the counter at the current time.

It should be appreciated that, since the embodiment of the present application is that the count value of the counter is obtained when the counter is in the idle state. When the counter is in an idle state and the RPMB is in a state where data is not stored, the count value of the counter does not change. In this case, the following case does not occur, resulting in a case where RPMB authentication is not passed:

Illustratively, the counter returns a count value N to the first TA through the kernel, and the first TA performs authentication calculation by using the count value N to obtain first authentication data. And the RPMB updates the count value N+1 of the counter due to the stored data, so that the RPMB performs authentication calculation on the data to be stored sent by the first TA by adopting the count value (N+1) to obtain second authentication data. Since the first authentication data and the second authentication data are obtained by adopting different count values to authenticate the same data to be stored. Thus, there is no match between the first authentication data and the second authentication data. That is, the RPMB refuses to store the data to be stored sent by the first TA because the authentication is not passed.

In one possible case, when the first TA sends a write request to the kernel during the process of writing data to the RPMB, and the kernel requests the RPMB to acquire the count value of the counter, the RPMB is storing the data to be stored sent by the first TA, which is equivalent to that the counter in the RPMB is in a busy state. After the first TA needs to wait for the completion of the process of writing data into the RPMB, the updated counter value is returned to the second TA.

Illustratively, the first TA sends a write request to the RPMB, wherein the write request is to request the count value of the counter to be obtained. After receiving the writing request, the kernel determines whether the state of the counter is an idle state, if so, modifies the state of the counter into a busy state, acquires the count value of the counter, and returns the count value of the counter to the first TA. At this time, if the second TA running in the second TEE sends a write request to the kernel. The kernel determines that the counter is in a busy state and begins waiting for the counter to be in an idle state. And meanwhile, the first TA uses the security key to perform hash calculation on the data to be stored and the count value to obtain first authentication data. The first TA further obtains a first data packet according to the first authentication data, the count value and the data to be stored, and sends the first data packet to the kernel. After the kernel sends the first packet to the RPMB, the first TA reads the result of writing the kernel to the RPMB. If the RPMB has successfully written the data to be stored, the state of the counter is set to an idle state, and a message that the writing has succeeded is returned to the first TA, where the message that the writing has succeeded includes an updated count value (for example, the count value is added with one to obtain an updated count value). The first TA determines that the data to be stored has been successfully written to the RPMB based on the returned message. At this time, the state of the counter is changed to the idle state, and the kernel returns the updated count value of the counter to the second TA.

It should be appreciated that after the counter returns a count value to the first TA, the state of the counter is typically set to a busy state. In the case where the state of the counter is a busy state, the TA running on the other TEE cannot acquire the count value. Therefore, in the process of writing data into the RPMB by the first TA, the TAs running on other TEEs cannot acquire the count value, and then the data cannot be written into the RPMB, namely, the situation that the count value conflicts caused by the fact that the TAs running on other TEEs and the first TA write the data into the RPMB simultaneously is avoided.

It should be appreciated that the embodiments herein are described with reference to the first TA storing data to the RPMB, and when the second TA stores data to the RPMB, it is also necessary to determine whether the counter is currently in an idle state or a busy state, similar to the first TA.

Illustratively, the second TA determines that the counter is in an idle state or a busy state. If the state is idle, acquiring the count value of the counter at the current moment; if the counter is in the busy state, the second TA is in a state of waiting to acquire the count value until the counter changes from the busy state to the idle state, for example, the first TA completes the data storage to the RPMB.

S205, the first TA obtains a first data packet according to the count value, the security key and the data to be stored at the current moment.

In one possible scenario, the first TA may perform authentication calculation on the data to be stored using the security key, obtain first authentication data, and then generate the first data packet according to the first authentication data.

The first TA may perform authentication calculation on the data to be stored and the count value at the current time by using the security key to obtain first authentication data, and then package the first authentication data, the data to be stored, and the count value at the current time to obtain a first data package.

Illustratively, the first TA may calculate the data to be stored by using a secure key through a Hash-message authentication code (Hash-based Message Authentication Code, HMAC) to obtain the first authentication data. The HMAC is a method for authenticating messages based on a Hash function and a secret key, is a mode for providing authentication services selected by many security protocols at present, has wide application, for example, in internet security protocols (Internet Protocol Security, IPSec) and other network protocols (e.g. SSL), has wide application, and is resistant to various attacks. Based on this, HMACs may also be referred to as existing Internet security standards.

Illustratively, the first TA may also calculate the data to be stored with a secure key via a cipher block chaining message authentication code (Cipher Block Chaining-Message Authentication Code, CMAC) to obtain first authentication data.

S206, the first TA sends a first data packet to the RPMB.

S207, the RPMB adopts a security key to carry out authentication calculation on the data to be stored in the first data packet, and second authentication data is obtained.

It should be appreciated that the security key stored in RPMB is the same as the security key stored in the second TEE.

It should be appreciated that the counter does not update the count value after the RPMB returns the count value of the current time to the first TA. Therefore, when the RPMB receives the first packet, the count value of the counter is the same as the count value at the current time of returning the first TA.

The step of performing authentication calculation on the data to be stored in the first data packet by using the secure key by using the RPMB to obtain the second authentication data may be that the step of performing authentication calculation on the data to be stored in the first data packet and the count value at the current time by using the secure key by using the RPMB to obtain the second authentication value.

Since the first TA performs authentication calculation, the data to be stored may be calculated using a Hash-operation message authentication code (Hash-based Message Authentication Code, HMAC), or may be calculated using a cipher block chaining message authentication code (Cipher Block Chaining-Message Authentication Code, CMAC). Thus, the RPMB performs authentication calculation on the data to be stored in the first data packet using the security key, and generally uses the same authentication calculation as the first TA.

For example, the first TA calculates the data to be stored by using the hash operation message authentication code to obtain first authentication data, and the RPMB also calculates the data to be stored by using the hash operation message authentication code to obtain second authentication data.

For example, the first TA calculates the data to be stored by using the cipher block link message verification code to obtain first authentication data, and then the RPMB also calculates the data to be stored by using the cipher block link message verification code to obtain second authentication data.

S208, in a case where the second authentication data matches the first authentication data, the RPMB stores the data to be stored.

As can be seen from the above description, the first authentication data and the second authentication data are obtained by performing authentication calculation on the same count value and the data to be stored by using the same authentication calculation. Thus, in the case where the first authentication data and the second authentication data match, it is stated that the first data packet is a secure data packet that the first TA sends to the RPMB for storage, and not a data packet that attacks the RPMB.

It should be understood that the matching of the first authentication data and the second authentication data may refer to that the first authentication data and the second authentication data are identical, or may refer to that part of data in the first authentication data and part of data in the second authentication data are identical, where a duty ratio of the identical data is greater than a preset threshold.

In one possible case, the data to be stored may be data acquired by a fingerprint sensor.

The method includes the steps that the CA in the Android system operates, under the condition that a fingerprint registration request initiated by a user is received, the fingerprint registration request is sent to a fingerprint TA (first TA) in the first TEE, the fingerprint TA calls a fingerprint sensor based on the fingerprint registration request, fingerprint data are collected, and the collected fingerprint data are sent to the fingerprint TA. How the fingerprint TA stores the fingerprint data acquired by the fingerprint sensor in RPMB is described in detail below with reference to fig. 9 and 10.

It should be understood that the electronic device may be divided into four operational levels, EL0, EL1, EL2, and EL3, respectively. The operation level of the application program is EL0, the operation level of the driver is EL1, the operation level of the Hypervisor module is EL2, and the operation level of the ATF module is EL3.

The data storage method provided by the embodiment of the application can be applied to an electronic device as shown in fig. 9. Wherein, applications with encryption requirements in the Android system (equivalent to REE), such as(fingerprint CA). The first TEE (corresponding to the first TEE) has a fingerprint TA, a first proxy TA, and a first RPMB service module (corresponding to the first TA) running therein. It should be appreciated that the first TA may be a plurality of applications including a fingerprint TA, a first proxy TA, and a first RPMB service module. A second proxy TA and a second RPMB service module (corresponding to a second TA) are running in a second TEE (corresponding to a second TEE). It should be appreciated that the second TA may be a plurality of applications including a second proxy TA and a second RPMB service module. The second RPMB service module stores a security key therein. It should be appreciated that the fingerprint CA, fingerprint TA, first RPMB service module, first agent TA, second agent TA, and second RPMB service module operate at an EL0 level. The kernel includes a Hypervisor module and an ATF module, Wherein, the operation level of the Hypervisor module is EL2, and the operation level of the ATF module is EL3. As shown in fig. 9, android (re), a first TEE, in which a security key is not stored, and a second TEE, in which a security key is stored, are run in the electronic device. The first proxy TA running in the second TEE sends the security key to the first proxy TA running in the first TEE.

The data storage method applied to the electronic device shown in fig. 9 will be described in detail with reference to fig. 10.

Fig. 10 is a flowchart of another data storage method according to an embodiment of the present application, where the method is applied to the electronic device shown in fig. 9, and includes:

s301, a second RPMB service module (corresponding to a second TA) running in a second TEE (second TEE) sends a security key to a second proxy TA (corresponding to a second TA).

S302, the second agent TA sends the security key to the ATF module in the kernel.

And S303, the ATF module in the kernel sends the security key to the first proxy TA running in the first TEE.

S304, the fingerprint CA running in Android (REE) responds to fingerprint registration operation.

S305, the fingerprint CA sends a fingerprint registration request to a first TEE tz driving module in the kernel.

S306, the first TEE tz driving module sends a fingerprint registration request to the hypervisor module.

S307, the hypervisor module sends a fingerprint registration request to a fingerprint TA (first TA) running in the first TEE (first TEE).

S308, responding to a fingerprint registration request by the fingerprint TA, calling a fingerprint sensor, and collecting fingerprint data (data to be stored).

S309, the fingerprint TA sends the fingerprint data and the RPMB write request type to the first RPMB service module in the first TEE.

S310, a first RPMB service module in the first TEE calls a security key in the first proxy TA to perform authentication calculation on the fingerprint data and the RPMB writing request, and first authentication data is obtained.

S311, the first RPMB service module generates a first data packet according to the first authentication data, the count value of the counter and the fingerprint data.

S312, the first RPMB service module sends the first data packet to a hypervisor module in the kernel.

S313, the hypervisor module sends the first data packet to a first TEE tz driver in kernel.

And S314, the first TEE tz driving module in the kernel sends the first data packet to the storage device driving module in the Android.

The memory device driver module refers to an eMMC driver module, for example.

Illustratively, the storage device drive module refers to a UFS drive module.

And S315, the storage device driving module sends the first data packet to the RPMB.

In the embodiment of the application, the second proxy TA running in the second TEE sends the security key to the first proxy TA running in the first TEE, so that the fingerprint TA running in the first TEE can send the fingerprint data to the first RPMB service module, the first RPMB service module calls the security key in the first proxy TA to perform authentication calculation on the fingerprint data to obtain first authentication data, and generates a first data packet according to the first authentication data and the fingerprint data, and then sends the first data packet to the RPMB, so that the first TEE without storing the security key can also store the fingerprint data in the RPMB, that is, by adopting the data storage method provided by the embodiment of the application, the function that the application running in each TEE in the multi-TEE architecture can write data into the RPMB is realized.

It should be understood that, although the steps in the flowcharts in the above embodiments are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least a portion of the steps in the flowcharts may include a plurality of sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, the order in which the sub-steps or stages are performed is not necessarily sequential, and may be performed in turn or alternately with at least a portion of the sub-steps or stages of other steps or other steps.

Fig. 11 is a schematic structural diagram of an electronic device according to an embodiment of the present application.

It should be understood that the electronic device may perform the data storage method shown in fig. 6 to 10, where the electronic device includes at least two trusted execution environments TEEs, and the at least two TEEs include a first TEE and a second TEE, the first TEE being a TEE that does not store a security key, the second TEE being a TEE that stores a security key, the security key being a key that verifies stored data by the replay protection memory block RPMB; an electronic device includes: an acquisition unit 610 and a processing unit 620.

The processing unit 620 is configured to control the second trusted application TA to send the security key to the first trusted application TA, where the first TA is a trusted application running on the first TEE, and the second TA is a trusted application running in the second TEE;

the processing unit 620 is configured to control the first TA to obtain a first data packet according to the security key and the data to be stored;

the processing unit 620 is configured to control the first TA to send the first data packet to the RPMB;

the processing unit 620 is configured to control the RPMB to store data to be stored based on the first data packet.

Optionally, as an embodiment, the processing unit 620 is configured to control the first TA to obtain a first count value when the counter is in an idle state, where the first count value is a count value of the counter at a current time; the first TA obtains a first data packet according to the first count value, the security key and the data to be stored.

Optionally, as an embodiment, the counter being in an idle state includes the RPMB currently being in a state of not storing data.

Optionally, as an embodiment, the processing unit 620 is configured to control the first TA to be in a state waiting to acquire the first count value when the counter is in a busy state, where the busy state includes a state where the RPMB is currently storing data of the second TA.

Optionally, as an embodiment, the processing unit 620 is configured to further include first authentication data for the first data packet, where the first authentication data is data obtained by performing authentication calculation on data to be stored by using a security key by the first TA, and the processing unit 620 is specifically configured to control the RPMB to perform authentication calculation on the data to be stored in the first data packet by using the security key, so as to obtain second authentication data; in case the second authentication data matches the first authentication data, the RPMB stores the data to be stored.

Optionally, as an embodiment, the authentication calculation includes a hash HMAC calculation.

Optionally, as an embodiment, the data to be stored is data acquired by calling the first sensor for the first TA.

Optionally, as an embodiment, the first sensor includes a fingerprint collector.

The data storage device provided in this embodiment is configured to perform the data storage method in the foregoing embodiment, and the technical principles and technical effects are similar and are not described herein again.

The electronic device described above is embodied in the form of a functional unit. The term "unit" herein may be implemented in software and/or hardware, without specific limitation.

For example, a "unit" may be a software program, a hardware circuit or a combination of both that implements the functions described above. The hardware circuitry may include application specific integrated circuits (application specific integrated circuit, ASICs), electronic circuits, processors (e.g., shared, proprietary, or group processors, etc.) and memory for executing one or more software or firmware programs, merged logic circuits, and/or other suitable components that support the described functions.

Thus, the elements of the examples described in the embodiments of the present application can be implemented in electronic hardware, or in a combination of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

It will be appreciated that in order to achieve the above-described functionality, the electronic device comprises corresponding hardware and/or software modules that perform the respective functionality. The steps of an algorithm for each example described in connection with the embodiments disclosed herein may be embodied in hardware or a combination of hardware and computer software. Whether a function is implemented as hardware or computer software driven hardware depends upon the particular application and design constraints imposed on the solution. Those skilled in the art may implement the described functionality using different approaches for each particular application in conjunction with the embodiments, but such implementation is not to be considered as outside the scope of this application.

The embodiment of the application may divide the functional modules of the electronic device according to the above method example, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one module. It should be noted that, in the embodiment of the present application, the division of the modules is schematic, which is merely a logic function division, and other division manners may be implemented in actual implementation. It should be noted that, in the embodiment of the present application, the names of the modules are schematic, and the names of the modules are not limited in actual implementation.

Fig. 12 shows a schematic structural diagram of an electronic device provided in the present application. The dashed line in fig. 12 indicates that the unit or the module is optional. The electronic device 700 may be used to implement the data storage methods described in the method embodiments above.

The electronic device 700 includes one or more processors 701, which one or more processors 701 may support the electronic device 700 to implement the data storage method in the method embodiments. The processor 701 may be a general-purpose processor or a special-purpose processor. For example, the processor 701 may be a central processing unit (central processing unit, CPU), digital signal processor (digital signal processor, DSP), application specific integrated circuit (application specific integrated circuit, ASIC), field programmable gate array (field programmable gate array, FPGA), or other programmable logic device such as discrete gates, transistor logic, or discrete hardware components.

The processor 701 may be used to control the electronic device 700, execute a software program, and process data of the software program. The electronic device 700 may further comprise a communication unit 705 for enabling input (reception) and output (transmission) of signals.

For example, the electronic device 700 may be a chip, the communication unit 705 may be an input and/or output circuit of the chip, or the communication unit 705 may be a communication interface of the chip, which may be an integral part of a terminal device or other electronic device.

For another example, the electronic device 700 may be a terminal device, the communication unit 705 may be a transceiver of the terminal device, or the communication unit 705 may be a transceiver circuit of the terminal device.

The electronic device 700 may include one or more memories 702 having a program 704 stored thereon, the program 704 being executable by the processor 701 to generate instructions 703 such that the processor 701 performs the impedance matching method described in the above method embodiments according to the instructions 703.

Optionally, the memory 702 may also have data stored therein. Alternatively, processor 701 may also read data stored in memory 702, which may be stored at the same memory address as program 704, or which may be stored at a different memory address than program 704.

The processor 701 and the memory 702 may be provided separately or may be integrated together; for example, integrated on a System On Chip (SOC) of the terminal device.

Illustratively, the memory 702 may be used to store a related program 704 of the data storage method provided in the embodiments of the present application, and the processor 701 may be used to invoke the related program 704 of the data storage method stored in the memory 702 when performing data storage, to execute the data storage method of the embodiments of the present application; comprising the following steps: the second trusted application TA sends a security key to the first trusted application TA, the first TA being a trusted application running on the first TEE, the second TA being a trusted application running in the second TEE; the first TA obtains a first data packet according to the security key and the data to be stored; the first TA sends a first data packet to the RPMB; the RPMB stores data to be stored based on the first data packet.

The present application also provides a computer program product which, when executed by the processor 701, implements the data storage method of any of the method embodiments of the present application.

The computer program product may be stored in the memory 702, for example, the program 704, and the program 704 is finally converted into an executable object file capable of being executed by the processor 701 through preprocessing, compiling, assembling, and linking.

The present application also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a computer, implements a data storage method according to any of the method embodiments of the present application. The computer program may be a high-level language program or an executable object program.

Such as memory 702. The memory 702 may be volatile memory or nonvolatile memory, or the memory 702 may include both volatile and nonvolatile memory. The nonvolatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. The volatile memory may be random access memory (random access memory, RAM) which acts as an external cache. By way of example, and not limitation, many forms of RAM are available, such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), synchronous DRAM (SLDRAM), and direct memory bus RAM (DR RAM).

In the present application, "at least one" means one or more, and "a plurality" means two or more. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural.

It should be understood that, in various embodiments of the present application, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present application.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.

In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the device embodiments described above are merely illustrative; for example, the division of the units is only one logic function division, and other division modes can be adopted in actual implementation; for example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.

The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. The data storage method is characterized in that the method is applied to electronic equipment, the electronic equipment comprises at least two Trusted Execution Environments (TEEs), the at least two TEEs comprise a first TEE and a second TEE, the first TEE is a TEE which does not store a security key, the second TEE is a TEE which stores the security key, and the security key is a key for checking stored data by a Replay Protection Memory Block (RPMB); the method comprises the following steps:

a second trusted application TA sends the security key to a first trusted application TA, wherein the first TA refers to a trusted application running on the first TEE, and the second TA refers to a trusted application running in the second TEE;

the first TA sends the first data packet to the RPMB;

the RPMB stores the data to be stored based on the first data packet.

2. The method of claim 1, wherein the first TA obtains a first data packet according to the security key and the data to be stored, including:

when a counter is in an idle state, the first TA acquires a first count value, wherein the first count value refers to the count value of the counter at the current moment;

and the first TA obtains the first data packet according to the first count value, the security key and the data to be stored.

3. The method of claim 2, wherein the counter being in an idle state comprises the RPMB currently being in a state of not storing data.

4. A method according to claim 2 or 3, wherein the first TA obtains a first data packet according to the security key and the data to be stored, and further comprising:

when the counter is in a busy state, the first TA is in a state of waiting to acquire the first count value, and the busy state includes a state that the RPMB is currently storing data of the second TA.

5. The method according to any one of claims 1 to 4, wherein the first data packet further includes first authentication data, the first authentication data being data obtained by performing authentication calculation on the data to be stored by the first TA using the security key, and the RPMB storing the data to be stored based on the first data packet, including:

the RPMB adopts the security key to carry out the authentication calculation on the data to be stored in the first data packet to obtain second authentication data;

and the RPMB stores the data to be stored under the condition that the second authentication data is matched with the first authentication data.

6. The method of claim 5, wherein the authentication computation comprises a hash HMAC computation.

7. The method according to any one of claims 1 to 6, wherein the data to be stored is data acquired by a first sensor called by the first TA.

8. The method of claim 7, wherein the first sensor comprises a fingerprint collector.

9. A chip comprising a processor which, when executing instructions, performs the method of any of claims 1 to 8.

10. An electronic device comprising a processor for coupling with a memory and reading instructions in the memory and, in accordance with the instructions, causing the electronic device to perform the method of any one of claims 1 to 8.

11. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program, which when executed by a processor causes the processor to perform the method of any of claims 1 to 8.