TW202001661A - Communication device and security service control element and security service control method - Google Patents

Abstract

A communication device, a security service control element and a security service control method are disclosed. The security service control element stores a security service operation rule for a security service process between the communication device and the security service control element. The security service control element receives a security service operation instruction related to the security service process from the communication device, and determines whether to admit the security service operation instruction according to the security service operation rule.

Description

Communication device, safety service control element and safety service control method

The present disclosure relates to a communication device, a security service control element and a security service control method. More specifically, the present disclosure relates to a communication device, a security service control element, and a security service control method that can prevent abnormal security service operations.

When the main processor of a communication device is compromised by an attacker, the attacker can arbitrarily access the main processor to perform various attacks, such as stealing or modifying data of the communication device. For improvement, alert data related to security service processes (such as boot security check, data encryption, etc.) and security calculations (such as: Critical Security Parameters (CSPs), keys, cryptographic operations, etc. ) It is stored in an independent and unbreakable or difficult-to-break secure element to protect the smart data, so that the main processor must obtain the smart data by performing the security service process with the secure element to avoid communication The device suffers from the attack. However, in this case, the master processor and the secure element still belong to the master-slave relationship, that is, the security service process is dominated by the master processor, and the secure element is only based on The instructions sent by the host processor passively provide the alert information. Therefore, once the main processor is hacked by an attacker, the attacker can still control the main processor to lead the security service process (for example: transmit malicious or abnormal security service operation instructions), thereby stealing or Modify the alert data stored in the secure element. In view of this, how to detect and prevent malicious or abnormal security service operations from the main processor of the communication device will be a technical problem that needs to be solved in the technical field to which the present invention belongs.

In order to solve at least the above problems, embodiments of the present invention provide a security service control element for a communication device. The security service control element may include a storage, a transceiver electrically connected to the processor of the communication device, and a processor electrically connected to the storage and the transceiver. The storage can be used to store a security service operation rule for a security service process between the security service control element and a processor of the communication device. The transceiver can be used to receive a security service operation instruction related to the security service process from the processor of the communication device. The processor of the security service control element may be used to determine whether to allow the security service operation instruction according to the security service operation rule.

In order to solve at least the above problems, embodiments of the present invention also provide a communication device. The communication device may include a processor and a security service control element electrically connected to the processor. The security service control element may be used to store a security service operation rule for a security service flow between the security service control element and the processor; receiving a security related to the security service flow from the processor A service operation instruction; and judging whether to allow the security service operation instruction according to the security service operation rule.

In order to solve at least the above problems, the embodiments of the present invention also provide a security service control method for a communication device. The communication device may include a security service control element and a processor. The security service control method may include the following steps: the security service control element receives a security service operation instruction from the processor, wherein the security service operation instruction and the security service control element and the processor Related to a security service process; and the security service control element determines whether to allow the security service operation instruction according to a pre-stored security service operation rule.

In the present disclosure, the security service control element may determine whether the security service operation command from the processor of the communication device is abnormal or malicious according to the pre-stored security service operation rules. If the security service operation instruction does not comply with the security service operation rule, the security service control element will block and refuse to execute the security service operation instruction. Therefore, by pre-setting and pre-storing the security service operation rules, the security service control element can effectively prevent and refuse to execute abnormal or malicious security service operation instructions from the processor of the communication device . For example, if an attacker controls the processor to send a key access command during the power-on security check process, the security service control element can determine the key access command according to the security service operation rules It is not an instruction required for the power-on security check, thereby preventing and refusing to execute the instruction.

The above content is not intended to limit the present invention, but only briefly describes the technical problems that can be solved by the present invention, the technical means that can be used, and the technical effects that can be achieved, so that those with ordinary knowledge in the technical field of the present invention can initially understand this invention. Based on the attached drawings and the contents described in the following embodiments, those with ordinary knowledge in the technical field to which the present invention belongs will be able to further understand various embodiments of the present invention.

As follows:

1‧‧‧Communication device

11‧‧‧ Security Service Control Element

111‧‧‧ processor

113‧‧‧Transceiver

115‧‧‧Storage

13‧‧‧ processor

2‧‧‧ Security Service Operation Rules

3‧‧‧ Security service control method

301, 303‧‧‧ steps

OP_01, OP_02, OP_0N, OP_11, OP_12‧‧‧‧Content

RQ‧‧‧ Security service process request

SSOI‧‧‧Security Service Operation Instructions

TK‧‧‧Verification code

UUID_0, UUID_1‧‧‧Identification code

Figure 1 illustrates in some embodiments of the invention, a communication device and the security service control element contained therein.

FIG. 2 illustrates a storage type of a security service operation rule in some embodiments of the present invention.

FIG. 3 illustrates a method of security service control used in a communication device in some embodiments of the present invention.

Hereinafter, the present invention will be described through multiple embodiments, but these embodiments are not intended to limit the present invention to implementation based on the operation, environment, application, structure, process, or steps. For ease of explanation, in the drawings, elements not directly related to the present invention have been omitted. In the drawings, the size of each element and the ratio between each element are only examples, not intended to limit the present invention. Unless otherwise specified, in the following, the same (or substantially the same) element symbol may correspond to the same (or substantially the same) element.

Figure 1 illustrates in some embodiments of the invention, a communication device and the security service control element contained therein. The content shown in FIG. 1 is only to illustrate the embodiments of the present invention, not to limit the present invention.

Referring to FIG. 1, the communication device 1 may include a security service control element 11 and a processor 13. In some embodiments, the security service control element 11 and the processor 13 are both provided in the communication device 1. The security service control element 11 may include a processor 111, a transceiver 113 electrically connected to the processor 111, and a storage 115 electrically connected to the processor 11. The transceiver 113 can be electrically connected to the processor 13 of the communication device 1. It should be noted that the "electrical connection" means that the two connected can be a direct electrical connection (that is, not connected to each other through other components) or an indirect electrical connection (that is, connected to each other through other components ).

In some embodiments, the security service control element 11 may not be provided in the communication device 1 but independently provided outside the communication device 1, but the transceiver 113 of the security service control element 11 is still electrically connected to the The processor 13 in the communication device 1.

According to different requirements, the communication device 1 can be applied to, for example but not limited to, Internet of Things (IoT), Narrow Band-IoT (NB-IoT), enhanced machine type communication (enhanced Machine -Type Communication (eMTC), Massive Machine-Type Communications (mMTC), Wireless Personal Area Network (WPAN), Wireless Local Area Network (WLAN), Wireless Metropolis Network (Wireless Metropolitan Area Network, WMAN), wireless wide area network (Wireless Wide Area Network, WWAN) and other communication systems. The communication device 1 may be, for example, but not limited to, a mobile phone, a wearable electronic device, a portable computer, an Internet of Things product, an IoV product, a router, a relay hub (hub), a network switch (network switch), Communication devices such as gateways, network servers, desktop computers, etc. For example, assuming that the communication device 1 is applied to an IoT communication system, the communication device 1 may be an IoT terminal, an IoT gateway, or a management server.

The processor 111 of the security service control element 11 and the processor 13 of the communication device 1 may each include various processing units, such as a microprocessor or a microcontroller, to control the security service control element 11 and the communication device Perform various calculation programs in 1. The microprocessor or microcontroller is a special programmable integrated circuit, which has the capabilities of operation, storage, output/input, etc., and can accept and process various encoded instructions, so as to perform various logical operations and arithmetic operations, and output The corresponding operation result.

The transceiver 113 may be composed of a transmitter and a receiver. The transmitter is used to transmit instructions or data to the processor 13, and the receiver is used to receive instructions or data from the processor 13. The communication interface between the transceiver 113 and the processor 13 may be, for example but not limited to, an integrated circuit bus (Inter-Integrated Circuit, I ² C), a serial peripheral interface (SPI), or the like.

The storage 115 may be a non-volatile memory (NVM). The non-volatile memory may be, for example, but not limited to, read-only memory (ROM), programmable read-only memory (PROM), electronically rewritable read-only memory ( electrically alterable read only memory (EAROM), erasable programmable read only memory (EPROM), electronic erasable programmable read only memory (EEPROM) or fast Flash memory (flash memory) and so on.

In some embodiments, the security service control element 11 may be a hardware root of trust (HRoT) of the communication device 1. In other words, the security service control element 11 may be an independent integrated circuit (IC) with a hardware anti-counterfeiting function, and is used to perform various security service processes together with the processor 13 of the communication device 1. The security service process may involve, for example, but not limited to, password calculation, key authentication, data encryption, and boot security check.

The transceiver 113 can be used to receive the security service operation instruction SSOI related to a security service process from the processor 13 of the communication device 1. The security service process refers to the completion of a certain security service between the security service control element 11 and the processor 13 of the communication device 1 (for example: boot security check, data encryption, or various types known in the technical field to which the present invention belongs Security service) One or more security service operations performed. The security service operation instruction SSOI is an instruction for instructing to perform one of the one or more security service operations.

For example, assuming that the security service is a power-on security check of the communication device 1, the security service process may include, for example, but not limited to, the following operations: (1) integrity test (integrity test); (2) signature Signature verification initial; (3) signature verification update; and (4) signature verification final. At this time, the security service operation instruction SSOI related to this security service process may be an instruction for instructing to perform one of the above operations.

FIG. 2 illustrates a storage type of a security service operation rule in some embodiments of the present invention. The content shown in FIG. 2 is only to illustrate the embodiments of the present invention, not to limit the present invention.

As shown in FIG. 2, the storage 115 stores the security service operation rule 2 in the form of a table. However, in some embodiments, the storage 115 may also store the security service operation rule 2 into other types, such as, but not limited to, arrays, strings, chain links, and so on.

Referring to FIGS. 1 and 2, the storage 115 may be used to pre-store a security service operation rule 2 for one or more security service processes performed between the security service control element 11 and the processor 13 of the communication device 1. After the transceiver 113 receives the security service operation instruction SSOI related to a certain security service process from the processor 13 of the communication device 1, the processor 111 of the security service control element 11 judges according to the security service operation rule 2 The security service operation instruction SSOI is allowed. If not allowed, the processor 111 of the security service control element 11 will block and refuse to execute the security service operation instruction SSOI.

The security service operation rule 2 may pre-establish one or more restrictions on the security service operation instruction SSOI sent by the processor 13 of the communication device 1. For example, the security service operation rule 2 may limit the ordinal number and/or content of the security service operation instruction SSOI sent by the processor 13 of the communication device 1, wherein the ordinal number of the security service operation instruction SSOI can be used to determine the corresponding security service The sequence of operations in the security service process is correct, and the content of the security service operation instruction SSOI can be used to determine whether it corresponds to the correct security service operation. In this case, the processor 111 can determine whether the sequence number and/or content of the security service operation instruction SSOI conforms to the security service operation instruction 2 according to the security service operation rule 2 to decide whether to allow the security service operation instruction SSOI. In addition to the ordinal number and the content, in other embodiments, the security service operation rule 2 may further establish other restrictions on the security service operation instruction SSOI sent by the processor 13 of the communication device 1.

Referring to FIG. 2, for each security service process, such as the boot security check process and data encryption process shown in FIG. 2, the security service operation rule 2 may restrict the transceiver 113 to receive N security service operation commands in sequence SSOI, and limit the contents of these security service operation instructions SSOI in the order of 1~N should be OP_01, OP_02, ..., OP_0N.

For example, assume that the processor 13 of the communication device 1 intends to perform a security service process with the security service control component 11 is a power-on security check process, and the processor 13 sends the first security to the transceiver 113 of the security service control component 11 If the content of the service operation instruction SSOI is OP_01, the processor 111 of the security service control element 11 will allow the security service operation instruction SSOI because the content and ordinal number of the security service operation instruction SSOI conform to the security service operation rule 2. However, if one of the content and ordinal number of the security service operation instruction SSOI does not comply with the security service operation rule 2, for example, the first security service operation instruction SSOI sent by the processor 13 to the transceiver 113 of the security service control element 11 If the content is not OP_01, the processor 111 of the security service control element 11 will block and refuse to execute the security service operation instruction SSOI.

In some embodiments, the format of the content of each security service operation instruction SSOI (for example: OP_01, OP_02, ..., OP_0N, etc.) may be composed of the instruction type (CLA), instruction code (INS), parameter (P1) It consists of four items with parameters (P2). In other embodiments, the content of each security service operation instruction SSOI may also be in other formats.

In some embodiments, if the processor 13 of the communication device 1 and the security service control element 11 perform more than one security service process, an identification mechanism is required to operate on the processor 13 of the communication device 1 and the security service control element 11. For example, an identification code can be defined for each security service process, and the identification code corresponding to each security service can be stored in the storage 115 of the security service control element 11 and the communication device 1 for the communication device 1 to The processor 13 and the security service control element 11 identify the current security service process. In this case, the processor 13 can transmit the corresponding identification code together with the security service operation instruction SSOI to the transceiver 113 of the security service control element 11, and the processor 111 of the security service control element 11 can The identification code identifies to which security service process the security service operation instruction SSOI corresponds. The identification code may be, for example, but not limited to, a universally unique identification code (Universally Unique Identifier, UUID). Taking Figure 2 as an example, the identification codes are UUID_0, UUID_1, ....

In some embodiments, the security service operation rule 2 may be pre-established by a specific administrator and stored in the storage 115 of the security service control element 11. The specific manager must log in to the security service control component 11 with the processor 13 of the communication device 1 using specific permissions, and then the security service operation rules 2 to the security service control component 11 can be created and stored for one or more security service processes Storage 115. After the specific manager establishes and stores the security service operation rule 2 to the storage 115 of the security service control element 11, the security service operation rule 2 cannot be added, deleted, or modified. For example, all the modification mechanisms of the security service operation rule 2 can be removed by the specific administrator by restricting everyone from logging in to the security service control element 11 again by deleting the specific authority. After the specific manager establishes and stores the security service operation rule 2 to the storage 115 of the security service control element 11, the transceiver 113 of the security service control element 11 can send the identification code corresponding to each security service to the communication device 1 store.

Continuing to refer to FIG. 1, in some embodiments, when the processor 13 of the communication device 1 intends to perform a certain security service process with the security service control element 11, it must first transmit a security service process request RQ to the security service control The transceiver 113 of the component 11, and the processor 111 of the security service control component 11 can be used to generate a verification code TK in response to the RQ request of the security service process, and send it back to the processor 13 through the transceiver 113.

Next, the processor 13 of the communication device 1 must send the verification code TK together with the security service operation instruction SSOI to the transceiver 113 of the security service control element 11. After the verification code TK received by the transceiver 113, the processor 111 of the security service control element 11 will verify whether the verification code TK is valid (ie, verify whether the verification code TK is the processor 111 due to the security Service process request RQ). Only when the verification code TK is valid, the processor 111 determines whether to allow the corresponding security service operation instruction SSOI according to the security service operation rule 2.

In some embodiments, each verification code TK may be an integer generated by the processor 111 in a random random number manner. In some embodiments, the first verification code TK may be an integer generated by the processor 111 in a random random number manner, and the subsequent verification code TK changes based on the integer, for example, but not limited to, Increase, decrease, etc.

FIG. 3 illustrates a method of security service control used in a communication device in some embodiments of the present invention. The content shown in FIG. 3 is only to illustrate the embodiments of the present invention, not to limit the present invention.

Referring to FIG. 3, a security service control method 3 used in a communication device is disclosed, wherein the communication device may include a security service control element and a processor, and the security service control method 3 may include the following steps: The security service control element receives a security service operation instruction from the processor, wherein the security service operation instruction is related to a security service process between the security service control element and the processor (labeled 301); and The security service control element determines whether to allow the security service operation instruction (marked as 303) according to a pre-stored security service operation rule.

In some embodiments of the security service control method 3, if the ordinal number and content of the security service operation instruction comply with the security service operation rule, the security service control element may allow the security service operation instruction.

In some embodiments of the security service control method 3, in addition to steps 301 and 303, the security service control method 3 may further include the following steps: the security service control element may be identified according to an identification code of one of the security service processes The security service operation instruction.

In some embodiments of the security service control method 3, in addition to step 301 and step 303, the security service control method 3 may further include the following step: the security service control element may receive a verification code from the processor. In addition, the security service control element determines whether to permit the security service operation instruction according to the security service operation rule after verifying that the verification code is valid.

In some embodiments of the security service control method 3, in addition to step 301 and step 303, the security service control method 3 may further include the following steps: before receiving the security service operation instruction, the security service control element may The processor receives one of the requests for the security service process; and in response to the request, the security service control element may generate the verification code and transmit the verification code to the processor.

In some embodiments, all the above steps of the security service control method 3 may be performed by the communication device 1 and the security service control element 11. In some embodiments, in addition to the above steps, the security service control method 3 may further include other steps corresponding to all of the above-described embodiments of the communication device 1 and the security service control element 11. Those with ordinary knowledge in the technical field to which the present invention pertains can understand these other steps of the security service control method 3 according to the above descriptions of the communication device 1 and the security service control element 11, so they will not be repeated here.

The above embodiments are only examples to illustrate the present invention, not to limit the present invention. Any other embodiments resulting from modifications, changes, adjustments, and integrations to the above-mentioned embodiments, as long as it is not difficult for those with ordinary knowledge in the technical field to which the present invention belongs, are covered within the protection scope of the present invention. The protection scope of the present invention is subject to the scope of patent application.

3‧‧‧ Security service control method

301, 303‧‧‧ steps

Claims (15)

A security service control element for a communication device includes: a storage for storing a security service operation rule for a security service flow between the security service control element and a processor of the communication device; A transceiver for electrically connecting with the processor of the communication device, and receiving a security service operation instruction related to the security service process from the processor of the communication device; and a processor , Used to be electrically connected to the storage and the transceiver, and used to determine whether to allow the security service operation instruction according to the security service operation rule. The security service control element according to claim 1, wherein the processor of the security service control element allows the security service operation if the ordinal number and content of the security service operation instruction comply with the security service operation rule instruction. The security service control element of claim 1, wherein the processor of the security service control element is further used to identify the security service operation instruction according to an identification code of the security service process. The security service control element of claim 1, wherein the transceiver is further used to receive a verification code from the processor of the communication device, and the processor of the security service control element is verifying After the verification code is valid, it is determined whether to allow the security service operation instruction according to the security service operation rule. The security service control element according to claim 4, wherein the transceiver is further configured to receive the security service from the processor of the communication device before the transceiver receives the security service operation instruction One of the processes requests, and in response to the request, the processor of the security service control element is also used to generate the verification code, and the transceiver is also used to transmit the verification code to the communication device The processor. A communication device, including: a processor; and a security service control element, electrically connected to the processor, and used to: store a security service process between the security service control element and the processor Security service operation rules; receiving a security service operation instruction related to the security service process from the processor; and judging whether to allow the security service operation instruction according to the security service operation rules. The communication device according to claim 6, wherein if the ordinal number and content of the security service operation instruction comply with the security service operation rule, the security service control element allows the security service operation instruction. The communication device according to claim 6, wherein the security service control element is further used to identify the security service operation instruction according to an identification code of the security service process. The communication device according to claim 6, wherein the security service control element is further used to receive a verification code from the processor, and the security service control element does not verify the verification code until it is valid. The security service operation rule determines whether to allow the security service operation instruction. The communication device according to claim 9, wherein before the security service control element receives the security service operation instruction, the security service control element is further configured to receive a request from the processor for one of the security service processes, And in response to the request, the security service control element is also used to generate the verification code and transmit the verification code to the processor. A security service control method for a communication device, the communication device includes a security service control element and a processor, the security service control method includes: the security service control element receives a security service from the processor Operation instructions, the security service operation instructions are related to a security service process between the security service control element and the processor; and the security service control element determines whether to allow the security service operation rules according to a pre-stored security service operation rule Security service operation instructions. The security service control method according to claim 11, wherein if the ordinal number and content of the security service operation instruction comply with the security service operation rule, the security service control element allows the security service operation instruction. The security service control method according to claim 11, further comprising: the security service control element identifying the security service operation instruction according to an identification code of one of the security service processes. The security service control method according to claim 11, further comprising: the security service control element receives a verification code from the processor; wherein the security service control element does not verify the verification code until it is valid The security service operation rule determines whether the security service operation instruction is allowed. The security service control method according to claim 14, further comprising: before receiving the security service operation instruction, the security service control element receives one request of the security service process from the processor; and responding to In the request, the security service control element generates the verification code and transmits the verification code to the processor.

Images