WO2016183870A1 - Security attribute switching method, security attribute switching apparatus and terminal - Google Patents

Security attribute switching method, security attribute switching apparatus and terminal Download PDF

Info

Publication number
WO2016183870A1
WO2016183870A1 PCT/CN2015/080398 CN2015080398W WO2016183870A1 WO 2016183870 A1 WO2016183870 A1 WO 2016183870A1 CN 2015080398 W CN2015080398 W CN 2015080398W WO 2016183870 A1 WO2016183870 A1 WO 2016183870A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
security
security attribute
bus
switcher
Prior art date
Application number
PCT/CN2015/080398
Other languages
French (fr)
Chinese (zh)
Inventor
徐玮
叶瑞权
Original Assignee
宇龙计算机通信科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 宇龙计算机通信科技(深圳)有限公司 filed Critical 宇龙计算机通信科技(深圳)有限公司
Publication of WO2016183870A1 publication Critical patent/WO2016183870A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode

Definitions

  • the present invention relates to the field of terminal technologies, and in particular, to a security attribute switching method, a security attribute switching device, and a terminal.
  • Existing terminals can be designed to have a TrustZone (secure domain) system and operating system.
  • the TrustZone peripheral bus is equipped with a fixed peripheral device TZPC (TrustZone Protection Controller) to control other peripheral devices.
  • Security attributes while TZPC's own security attributes are permanently set to "secure", TZPC can be controlled by the application in the security domain to change the output to the AXI-to-APB bridge (Advanced eXtensible Interface to Advanced Peripheral Bus bridge, The bus bridges the signal, thereby changing the security attributes of a particular peripheral device.
  • AXI-to-APB bridge is a bridge from advanced scalable interface to advanced peripheral bus, which is the bridge connecting system bus and peripheral bus.
  • the key devices on the bus for controlling security attributes are controlled by the application layer software, which has great security risks. Once the terminal has Trojans or malicious programs, the security and reliability of the application are worrying. At the same time, the TZPC needs to occupy one peripheral slot of the bus, which makes the peripheral slots on the bus itself less scarce.
  • the invention is based on the above problems, and proposes a new technical solution, which can increase the security and reliability of the security attribute switching while saving the peripheral slots on the bus.
  • an aspect of the present invention provides a security attribute switching method for a terminal having a TrustZone system and an operating system, including: from the TrustZone system of the terminal or the operating system to the terminal a safety attribute switcher transmitting a pulse, wherein an output of the safety attribute switcher is connected to an input of a bus bridge device of the terminal; controlling the safety attribute switcher to change the bus bridge device according to the pulse
  • the input signal is used to change the security attributes of the peripheral device connected to the terminal while switching the system.
  • TrustZone technology is a new architecture in the AMR core that provides the terminal with a security system that is isolated from the normal operating system. It is promoted by ARM and can be tightly integrated with the Cortex TM -A processor. The AXI bus and the specific TrustZone system IP block are expanded in the system. With hardware isolation, applications in the general operating system cannot access the contents of the security system, and can protect peripheral devices such as secure memory, encryption blocks, keyboards, and screens to ensure they are protected from software attacks, thereby improving terminal security. . For example, when performing a payment operation, the ordinary operating system can be switched to the security system for payment password input to ensure the security of the payment password.
  • the input signal of the port), the security attribute of the peripheral device keyboard that will be used to enter the password is changed from unsafe to secure.
  • the technical solution saves the peripheral slots on the bus, and avoids the use of the application layer software to control the insecure drawbacks caused by the key devices, thereby greatly improving the security of the terminal.
  • the peripheral devices include but are not limited to KMI, touch screen port, RTC (Real-Time Clock), Timers, DAC (Digital to Analog Converter), and the like.
  • the terminal is connected to one or more of the peripheral devices, and each of the peripheral devices is connected to the terminal through a corresponding port on a bus of the terminal.
  • a plurality of peripheral ports are disposed on the peripheral bus, and each peripheral port corresponds to a certain type of peripheral device.
  • the change command may be used to determine the need. Change the target peripheral device of the security attribute to send the changed input signal to the corresponding port.
  • the controlling the security attribute switcher to change an input signal to the bus bridge device according to the pulse further comprising: one or more of the A target peripheral device that needs to switch the security attribute is determined in the peripheral device.
  • each peripheral port on the peripheral bus corresponds to a certain type of peripheral device, and when it is required to change the security attribute of the peripheral device, the target peripheral that needs to change the security attribute can be determined according to the change command.
  • the device transmits the changed input signal to the corresponding port.
  • the controlling the security attribute switcher to change an input signal to the bus bridge device according to the pulse comprises: changing an output of the security attribute switch according to the pulse Level of the terminal; changing the input signal of the port corresponding to the output terminal corresponding to the target peripheral device according to the changed level of the output terminal, for modifying the target peripheral device The security attributes of the device.
  • the safety attribute switcher works like a pulse JK flip-flop.
  • the security attribute of KMI is "non-secure"
  • the signal of DECPROT[0] is "1"
  • DECPROT[0] is an input of AXI-to-APB Bridge. port.
  • the normal operating system wants to switch to the security domain, the normal operating system will give the security attribute switcher a pulse signal.
  • the signal of DECPROT[0] is reduced to "0".
  • the security attribute of KMI will be switched from "non-secure” to "safe” and can be used in the security domain.
  • the security attribute of the peripheral device includes security or non-security.
  • the security attributes of the peripheral device are classified into two types: security and non-security, which can be changed according to changes of the operating system.
  • the peripheral device can be changed by the security attribute switcher while switching the system.
  • the security attribute saves the peripheral slots on the bus, avoids the use of the application layer software to control the insecure drawbacks caused by the key devices, and greatly improves the security of the terminal.
  • a security attribute switching apparatus for a terminal having a TrustZone system and an operating system, including: a bus including a system bus and a peripheral bus, the system bus and the peripheral The bus is connected by a bus bridge device; an output of the security attribute switch is connected to an input of the bus bridge device for receiving a pulse from the TrustZone system or the operating system, and The pulse changes an input signal to the bus bridge device for modifying a security attribute of a peripheral device connected to the bus.
  • TrustZone technology is a new architecture in the AMR core that provides the terminal with a security system that is isolated from the normal operating system. It is promoted by ARM and can be tightly integrated with the Cortex TM -A processor. The AXI bus and the specific TrustZone system IP block are expanded in the system. With hardware isolation, applications in the general operating system cannot access the contents of the security system, and can protect peripheral devices such as secure memory, encryption blocks, keyboards, and screens to ensure they are protected from software attacks, thereby improving terminal security. . For example, when performing a payment operation, the ordinary operating system can be switched to the security system for payment password input to ensure the security of the payment password.
  • the input signal of the port), the security attribute of the peripheral device keyboard that will be used to enter the password is changed from unsafe to secure.
  • the technical solution saves the peripheral slots on the bus, and avoids the use of the application layer software to control the insecure drawbacks caused by the key devices, thereby greatly improving the security of the terminal.
  • the peripheral devices include but are not limited to KMI, touch screen port, RTC (Real-Time Clock), Timers, DAC (Digital to Analog Converter), and the like.
  • the peripheral bus is provided with a plurality of ports for the peripheral device to connect to the terminal through the corresponding port.
  • a plurality of peripheral ports are disposed on the peripheral bus, and each peripheral port corresponds to a certain type of peripheral device.
  • the change command may be used to determine the need. Change the target peripheral device of the security attribute to send the changed input signal to the corresponding port.
  • the security attribute switcher includes: a determining unit that determines, in one or more of the peripheral devices connected to the terminal, a target peripheral device that needs to switch the security attribute.
  • each peripheral port on the peripheral bus corresponds to a certain type of peripheral device, and when it is required to change the security attribute of the peripheral device, the target peripheral that needs to change the security attribute can be determined according to the change command.
  • the device transmits the changed input signal to the corresponding port.
  • the security attribute switcher is specifically configured to: according to the pulse, change a level of an output end of the security attribute switcher, and according to the changed level of the output end And changing the input signal of the port corresponding to the output end corresponding to the target peripheral device for modifying a security attribute of the target peripheral device.
  • the safety attribute switcher works like a pulse JK flip-flop.
  • the input terminal is kept low, the potential of the output terminal remains unchanged.
  • the input terminal obtains a pulse signal, the potential of the output terminal changes from low to low. It goes high or goes from high to low, further changing its input signal to the bus bridge.
  • the security attribute of KMI is "non-secure"
  • the signal of DECPROT[0] is "1"
  • DECPROT[0] is an input of AXI-to-APB Bridge. port.
  • the normal operating system When the normal operating system wants to switch to the security domain, the normal operating system will give the security attribute switcher a pulse signal, and then the security attribute switcher will reduce the signal of DECPROT[0] to "0".
  • the security attributes of KMI will be switched from “non-secure” to “secure” and can be used in the security domain.
  • the security attribute of the peripheral device includes security or non-security.
  • the security attributes of the peripheral device are classified into two types: security and non-security, which may be changed according to changes of the operating system.
  • the security attribute switcher changes the peripheral device while switching the system.
  • the security attribute saves the peripheral slots on the bus, avoids the insecure drawbacks caused by the application layer software to control the key devices, and greatly improves the security of the terminal.
  • An embodiment of the third aspect of the present invention provides a terminal having a TrustZone system and an operating system, the terminal including a communication bus, a transceiver, a memory, and a processor, wherein:
  • the communication bus is configured to implement connection communication between the transceiver device, the memory, and the processor;
  • the program stores a set of program codes, and the transceiver device and the processor call program code stored in the memory to perform the following operations:
  • the transceiver device is configured to send a pulse from the TrustZone system or the operating system of the terminal to a security attribute switcher of the terminal, where an output end of the security attribute switcher and a bus of the terminal Connecting the input ends of the bridge device;
  • the processor configured to control, by the security attribute switcher, an input signal to the bus bridge device according to the pulse sent by the transceiver device to change a security attribute of a peripheral device connected to the terminal .
  • the terminal is connected to one or more of the peripheral devices, Each of the peripheral devices is connected to the terminal through a corresponding port on a bus of the terminal.
  • the processor is further configured to: before the step of controlling the security attribute switcher to change an input signal to the bus bridge device according to the pulse:
  • the step of the processor controlling the security attribute switcher to change an input signal to the bus bridge device according to the pulse specifically includes:
  • the security attribute of the peripheral device includes security or non-security.
  • the security attribute switcher changes the security attributes of the peripheral device, which saves the peripheral slots on the bus, and at the same time, avoids the use of the application layer software to control the insecure drawbacks caused by the key devices, greatly improving The security of the terminal.
  • FIG. 1 shows a flow chart of a security attribute switching method in accordance with one embodiment of the present invention
  • FIG. 2 shows a block diagram of a security attribute switching device in accordance with one embodiment of the present invention
  • Figure 3 shows a block diagram of a terminal in accordance with one embodiment of the present invention
  • Figure 4 shows a schematic diagram of a bus connection in accordance with one embodiment of the present invention
  • FIG. 5 shows a block diagram of a terminal in accordance with another embodiment of the present invention.
  • FIG. 1 shows a flow chart of a security attribute switching method in accordance with one embodiment of the present invention.
  • a security attribute switching method is used for a terminal having a TrustZone system and an operating system, including:
  • Step 102 Send a pulse from the TrustZone system or operating system of the terminal to the security attribute switcher of the terminal, wherein the output of the security attribute switcher is connected to the input end of the bus bridge device of the terminal.
  • Step 104 The control security attribute switcher changes an input signal to the bus bridge device according to the pulse, so as to change the security attribute of the peripheral device connected to the terminal while switching the system.
  • TrustZone technology is a new architecture in the AMR core that provides the terminal with a security system that is isolated from the normal operating system. It is promoted by ARM and can be tightly integrated with the Cortex TM -A processor. The AXI bus and the specific TrustZone system IP block are expanded in the system. With hardware isolation, applications in the general operating system cannot access the contents of the security system, and can protect peripheral devices such as secure memory, encryption blocks, keyboards, and screens to ensure they are protected from software attacks, thereby improving terminal security. . For example, when performing a payment operation, the ordinary operating system can be switched to the security system for payment password input to ensure the security of the payment password.
  • the input signal of the port), the security attribute of the peripheral device keyboard that will be used to enter the password is changed from unsafe to secure.
  • the technical solution saves the peripheral slots on the bus and avoids the use of the application layer.
  • Software controls the insecure drawbacks of key devices, greatly improving the security of the terminal.
  • the peripheral devices include but are not limited to KMI, touch screen port, RTC (Real-Time Clock), Timers, DAC (Digital to Analog Converter), and the like.
  • the terminal is connected to one or more peripheral devices, and each peripheral device is connected to the terminal through a corresponding port on the bus of the terminal.
  • a plurality of peripheral ports are disposed on the peripheral bus, and each peripheral port corresponds to a certain type of peripheral device.
  • the change command may be used to determine the need. Change the target peripheral device of the security attribute to send the changed input signal to the corresponding port.
  • the method further includes: determining, in one or more peripheral devices connected to the terminal, a target peripheral device that needs to switch security attributes.
  • each peripheral port on the peripheral bus corresponds to a certain type of peripheral device, and when it is required to change the security attribute of the peripheral device, the target peripheral that needs to change the security attribute can be determined according to the change command.
  • the device transmits the changed input signal to the corresponding port.
  • the step 104 specifically includes: changing the level of the output end of the safety attribute switcher according to the pulse; and changing the port corresponding to the output end corresponding to the target peripheral device according to the level of the changed output end;
  • the input signal is used to change the security attributes of the target peripheral device.
  • the safety attribute switcher works like a pulse JK flip-flop.
  • the security attribute of KMI is "non-secure"
  • the signal of DECPROT[0] is "1"
  • DECPROT[0] is an input of AXI-to-APB Bridge. port.
  • the normal operating system wants to switch to the security domain, the normal operating system will give the security attribute switcher a pulse signal.
  • the signal of DECPROT[0] is reduced to "0".
  • the security attribute of KMI will be switched from "non-secure” to "safe” and can be used in the security domain.
  • the security attributes of the peripheral device include security or non-security.
  • the security attributes of the peripheral device are classified into two types: security and non-security, which can be changed according to changes of the operating system.
  • the peripheral device can be changed by the security attribute switcher while switching the system.
  • the security attribute saves the peripheral slots on the bus, avoids the use of the application layer software to control the insecure drawbacks caused by the key devices, and greatly improves the security of the terminal.
  • FIG. 2 shows a block diagram of a security attribute switching device in accordance with one embodiment of the present invention.
  • a security attribute switching apparatus 200 is used for a terminal having a TrustZone system and an operating system, including: a bus 202 including a system bus 2022 and a peripheral bus 2024, and a system bus 2022.
  • the peripheral bus 2024 is coupled to the bus bridge device 2026; the security attribute switch 204, the output of the security attribute switch 204 is coupled to the input of the bus bridge device 2026 for receiving pulses from the TrustZone system or operating system, and
  • the input signal to the bus bridge device 2026 is pulsed to change the security attributes of the peripheral device connected to the bus.
  • TrustZone technology is a new architecture in the AMR core that provides the terminal with a security system that is isolated from the normal operating system. It is promoted by ARM and can be tightly integrated with the Cortex TM -A processor. The AXI bus and the specific TrustZone system IP block are expanded in the system. With hardware isolation, applications in the general operating system cannot access the contents of the security system, and can protect peripheral devices such as secure memory, encryption blocks, keyboards, and screens to ensure they are protected from software attacks, thereby improving terminal security. . For example, when performing a payment operation, the ordinary operating system can be switched to the security system for payment password input to ensure the security of the payment password.
  • the existing technical solution of using TZPC as a peripheral device to switch the security attributes of other peripheral devices during system switching is abandoned, but a security is connected to the input end of the bus bridge device 2026 of the terminal.
  • the attribute switcher 204 (SNS, Secure Non-secure Switch) directly sends a pulse to the security attribute switcher 204 when the system is switched, so that the level of the output of the security attribute switch 204 is changed, thereby changing the pair.
  • the bus bridges the input signal to device 2026, which in turn changes the security attributes of the peripheral devices connected to the bus to match the changed system.
  • a pulse can be sent to the security attribute switcher 204 while the normal operating system issues a system switching command, and the level of the output terminal is changed, thereby changing the KMI (Keyboard and Mouse Interface) on the bus.
  • the input signal of the mouse port), the security attribute of the peripheral device keyboard that will be used to enter the password is changed from unsafe to secure.
  • the technical solution saves the peripheral slots on the bus, and avoids the use of the application layer software to control the insecure drawbacks caused by the key devices, thereby greatly improving the security of the terminal.
  • the peripheral devices include but are not limited to KMI, touch screen port, RTC (Real-Time Clock), Timers, DAC (Digital to Analog Converter), and the like.
  • the peripheral bus 2024 is provided with a plurality of ports for the peripheral device to connect to the terminal through the corresponding port.
  • the peripheral bus 2024 is provided with a plurality of peripheral ports, each of which corresponds to a certain type of peripheral device.
  • the change command may be determined according to the change command.
  • the target peripheral device that needs to change the security attribute sends the changed input signal to the corresponding port.
  • the security attribute switcher 204 includes: a determining unit 2042 that determines a target peripheral device that needs to switch security attributes in one or more peripheral devices connected to the terminal.
  • each peripheral port on the peripheral bus 2024 corresponds to a certain type of peripheral device.
  • the change command may be used to determine that the target of the security attribute needs to be changed. Set the device to send the changed input signal to the corresponding port.
  • the security attribute switcher 204 is specifically configured to: change the level of the output end of the security attribute switcher 204 according to the pulse, and change the corresponding target peripheral device according to the level of the changed output end.
  • the safety attribute switcher 204 itself works like a pulse JK flip-flop.
  • the input terminal is kept low, the potential of the output terminal remains unchanged.
  • the input terminal obtains a pulse signal, the potential of the output terminal is low. It goes high or goes from high to low, further changing its input signal to the bus bridge device 2026.
  • the security attribute of KMI is "non-secure"
  • the signal of DECPROT[0] is "1"
  • DECPROT[0] is an input of AXI-to-APB Bridge. port.
  • the normal operating system When the normal operating system wants to switch to the security domain, the normal operating system will give the security attribute switcher 204 a pulse signal, and then the security attribute switcher 204 will lower the signal of DECPROT[0] to "0". At this time, the security attributes of KMI will be switched from “non-secure” to "secure” and can be used in the security domain.
  • the security attributes of the peripheral device include security or non-security.
  • the security attributes of the peripheral device are classified into two types: security and non-security, which may be changed according to changes of the operating system.
  • the peripheral device is changed by the security attribute switch 204 while switching the system.
  • the security attribute saves the peripheral slots on the bus, avoids the use of the application layer software to control the insecure drawbacks caused by the key devices, and greatly improves the security of the terminal.
  • Figure 3 shows a block diagram of a terminal in accordance with one embodiment of the present invention.
  • a terminal 300 has a TrustZone system and an operating system, and further includes: a security attribute switching device 302 (corresponding to the security attribute switching device 200 in the embodiment shown in FIG. 2) And transmitting a pulse from the TrustZone system or the operating system of the terminal to the security attribute switcher of the terminal according to the received security attribute switching command, wherein the output of the security attribute switcher is connected to the input end of the bus bridge device of the terminal. And controlling the safety attribute switcher to change the input signal to the bus bridge device according to the pulse, so as to change the security attribute of the peripheral device connected to the terminal while switching the system.
  • TrustZone technology is a new architecture in the AMR core that provides the terminal with a security system that is isolated from the normal operating system. It is promoted by ARM and can be tightly integrated with the Cortex TM -A processor. The AXI bus and the specific TrustZone system IP block are expanded in the system. With hardware isolation, applications in the normal operating system cannot access the contents of the security system, and can protect peripheral devices such as secure memory, encryption blocks, keyboards, and screens to ensure they are protected from software attacks, thereby improving terminal security. . For example, when performing a payment operation, the ordinary operating system can be switched to the security system for payment password input to ensure the security of the payment password.
  • the input signal of the port), the security attribute of the peripheral device keyboard that will be used to enter the password is changed from unsafe to secure.
  • the technical solution saves the peripheral slots on the bus, and avoids the use of the application layer software to control the insecure drawbacks caused by the key devices, thereby greatly improving the security of the terminal.
  • the peripheral devices include but are not limited to KMI, touch screen port, RTC (Real-Time Clock), Timers, DAC (Digital to Analog Converter), and the like.
  • FIG. 4 shows a schematic diagram of a bus connection in accordance with one embodiment of the present invention.
  • TrustZone's ARMCore (ARM processor) is connected to the AXI Bus (system bus), AXI Bus is connected to the peripheral bus APB Bus through the AXI-to-APB Bridge, and ARMCore is also connected to the Memory via AXI Bus.
  • Adaptor reader
  • SRAM Static RAM
  • the SNS itself works like a pulsed JK flip-flop.
  • the potential at the output remains the same.
  • the input receives a Switch Signal, the potential at the output changes from low to high or high. It becomes low.
  • TrustZon's peripheral bus Peripheral devices such as KMI, touch screen ports, RTC, Timers, DAC, etc.
  • the security attributes of the KMI peripheral device are "non-secure” and the signal of DECPROT[0] is "1".
  • the system will give the SNS a Switch Signal, and then the SNS will reduce the signal of DECPROT[0] to "0".
  • the security attribute of the KMI will be "non-secure”. Switch to "secure” and use it in the security domain.
  • FIG. 5 is a block diagram showing the structure of a terminal according to another embodiment of the present invention.
  • the terminal may include at least one transceiver 503, at least one processor 501, such as a CPU, a memory 504, and at least one communication bus 502.
  • the communication bus 502 is configured to connect the transceiver 503, the processor 501, and the memory 504.
  • the above memory 504 may be a high speed RAM memory or a non-volatile memory such as a disk memory.
  • the memory 504 is further configured to store a set of program codes, and the transceiver 503 and the processor 501 are configured to call the program code stored in the memory 504, and perform the following operations:
  • the transceiver device 503 is configured to send a pulse from the TrustZone system or the operating system of the terminal to a security attribute switcher of the terminal, where an output end of the security attribute switcher and the terminal The input ends of the bus bridge devices are connected;
  • the processor 501 is configured to control the security attribute switcher to change an input signal to the bus bridge device according to the pulse sent by the transceiver device, to change the security of the peripheral device connected to the terminal. Attributes.
  • the terminal is connected to one or more of the peripheral devices, Each of the peripheral devices is connected to the terminal through a corresponding port on a bus of the terminal.
  • the processor 501 is further configured to: before the step of controlling the security attribute switcher to change an input signal to the bus bridge device according to the pulse:
  • the step of the processor 501 controlling the security attribute switcher to change an input signal to the bus bridge device according to the pulse specifically includes:
  • the security attribute of the peripheral device includes security or non-security.
  • the security attribute switcher changes the security attributes of the peripheral device, which saves the peripheral slots on the bus, and at the same time, avoids the disadvantages of using the application layer software to control the insecure of the key device, and greatly improves The security of the terminal.
  • the term "plurality” means two or more; the terms “connected”, “connected” and the like are to be understood broadly, and may be, for example, a fixed connection, a detachable connection, or an integral Connections; they can be connected directly or indirectly through intermediate media.
  • the specific meanings of the above terms in the present invention can be understood on a case-by-case basis.
  • the security attribute of the peripheral device is changed by the security attribute switcher while the system is switched, thereby saving the peripheral slot on the bus. It avoids the disadvantages of using the application layer software to control the insecure of key devices, and greatly improves the security of the terminal.

Abstract

Provided are a security attribute switching method, a security attribute switching apparatus and a terminal. The security attribute switching method comprises: sending a pulse from a Trust Zone system or an operating system of the terminal to a security attribute switcher of the terminal, wherein an output end of the security attribute switcher is connected to an input end of a bus bridge apparatus of the terminal; and controlling the security attribute switcher to change an input signal to the bus bridge apparatus according to the pulse so as to change the security attribute of a peripheral device connected to the terminal. By means of the technical solution of the present invention, a peripheral slot on the bus is saved, the drawback of lack of security brought about by using application layer software to control a critical device is avoided, and the security of the terminal is greatly improved.

Description

安全属性切换方法、安全属性切换装置和终端Security attribute switching method, security attribute switching device and terminal
本申请要求于2015年5月20日提交中国专利局、申请号为201510259961.9,发明名称为“安全属性切换方法、安全属性切换装置和终端”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to Chinese Patent Application No. 201510259961.9, entitled "Safety Attribute Switching Method, Security Attribute Switching Device and Terminal", which is filed on May 20, 2015, the entire contents of which are incorporated by reference. In this application.
技术领域Technical field
本发明涉及终端技术领域,具体而言,涉及一种安全属性切换方法、一种安全属性切换装置和一种终端。The present invention relates to the field of terminal technologies, and in particular, to a security attribute switching method, a security attribute switching device, and a terminal.
背景技术Background technique
现有的终端可以设计成具有TrustZone(安全域)系统和操作系统,TrustZone外设总线设置有一个固定的外设设备TZPC(TrustZone Protection Controller,TrustZone保护控制器),用来控制其他外设设备的安全属性,而TZPC自身的安全属性则被永久地设置为“安全”,TZPC能够被安全域里的应用进行实时控制来改变输出到AXI-to-APB bridge(Advanced eXtensible Interface to Advanced Peripheral Bus bridge,总线桥接装置)的信号,从而改变某个特定的外设设备的安全属性。其中,AXI-to-APB bridge是高级可扩展接口到高级外设总线的桥接,是连接系统总线和外设总线的桥梁。Existing terminals can be designed to have a TrustZone (secure domain) system and operating system. The TrustZone peripheral bus is equipped with a fixed peripheral device TZPC (TrustZone Protection Controller) to control other peripheral devices. Security attributes, while TZPC's own security attributes are permanently set to "secure", TZPC can be controlled by the application in the security domain to change the output to the AXI-to-APB bridge (Advanced eXtensible Interface to Advanced Peripheral Bus bridge, The bus bridges the signal, thereby changing the security attributes of a particular peripheral device. Among them, AXI-to-APB bridge is a bridge from advanced scalable interface to advanced peripheral bus, which is the bridge connecting system bus and peripheral bus.
然而,总线上用于控制安全属性的关键设备由应用层的软件来控制,具有很大的安全隐患,一旦终端中了木马或者恶意程序,应用的安全性与可靠性都让人担忧。同时,TZPC需要占用总线的一个外设槽位,这让总线上本身就不多的外设槽位显得更加紧缺。However, the key devices on the bus for controlling security attributes are controlled by the application layer software, which has great security risks. Once the terminal has Trojans or malicious programs, the security and reliability of the application are worrying. At the same time, the TZPC needs to occupy one peripheral slot of the bus, which makes the peripheral slots on the bus itself less scarce.
因此需要一种新的技术方案,可以在节省总线上的外设槽位的同时增加安全属性切换的安全性与可靠性。Therefore, a new technical solution is needed to increase the security and reliability of the security attribute switching while saving the peripheral slots on the bus.
发明内容Summary of the invention
本发明正是基于上述问题,提出了一种新的技术方案,可以在节省总线上的外设槽位的同时增加安全属性切换的安全性与可靠性。 The invention is based on the above problems, and proposes a new technical solution, which can increase the security and reliability of the security attribute switching while saving the peripheral slots on the bus.
有鉴于此,本发明的一方面提出了一种安全属性切换方法,用于具有TrustZone系统和操作系统的终端,包括:从所述终端的所述TrustZone系统或所述操作系统向所述终端的安全属性切换器发送脉冲,其中,所述安全属性切换器的输出端与所述终端的总线桥接装置的输入端相连;控制所述安全属性切换器根据所述脉冲更改对所述总线桥接装置的输入信号,以供在切换系统的同时更改与所述终端相连的外设设备的安全属性。In view of this, an aspect of the present invention provides a security attribute switching method for a terminal having a TrustZone system and an operating system, including: from the TrustZone system of the terminal or the operating system to the terminal a safety attribute switcher transmitting a pulse, wherein an output of the safety attribute switcher is connected to an input of a bus bridge device of the terminal; controlling the safety attribute switcher to change the bus bridge device according to the pulse The input signal is used to change the security attributes of the peripheral device connected to the terminal while switching the system.
TrustZone技术是AMR内核中的一种新型架构,为终端提供了与普通操作系统相隔离的安全系统,由ARM公司推广,可以与CortexTM-A处理器紧密集成,并通过
Figure PCTCN2015080398-appb-000001
AXI总线和特定的TrustZone系统IP块在系统中进行扩展。由于具有硬件隔离措施,普通操作系统中的应用无法访问安全系统中的内容,可以保护安全内存、加密块、键盘和屏幕等外设设备,确保它们免遭软件攻击,从而提升了终端的安全性。比如,在进行支付操作时,可以由普通操作系统切换至安全系统中进行支付密码输入,以保证支付密码的安全。TrustZone technology is a new architecture in the AMR core that provides the terminal with a security system that is isolated from the normal operating system. It is promoted by ARM and can be tightly integrated with the Cortex TM -A processor.
Figure PCTCN2015080398-appb-000001
The AXI bus and the specific TrustZone system IP block are expanded in the system. With hardware isolation, applications in the general operating system cannot access the contents of the security system, and can protect peripheral devices such as secure memory, encryption blocks, keyboards, and screens to ensure they are protected from software attacks, thereby improving terminal security. . For example, when performing a payment operation, the ordinary operating system can be switched to the security system for payment password input to ensure the security of the payment password.
在该技术方案中,摒弃了现有的在进行系统切换时采用TZPC作为外设设备来切换其他外设设备的安全属性的技术方案,而是在终端的总线桥接装置的输入端连接一个安全属性切换器(SNS,Secure Non-secure Switch),在需要进行安全属性切换时,直接向安全属性切换器发送一个脉冲,使安全属性切换器的输出端的电平发生改变,从而改变对总线桥接装置的输入信号,进而更改总线上连接的外设设备的安全属性,使其与更改的系统相配合。比如,在进行支付操作时,可以在普通操作系统发出系统切换命令的同时,向安全属性切换器发送一个脉冲,更改其输出端的电平,进而更改总线上的KMI(Keyboard and Mouse Interface,键盘鼠标端口)的输入信号,将用来输入密码的外设设备键盘的安全属性由不安全更改为安全。通过该技术方案,节省了总线上的外设槽位,避免了使用应用层的软件控制关键设备带来的不安全的弊端,大大提升了终端的安全性。其中,外设设备包括但不限于KMI、触屏端口、RTC(Real-Time Clock,实时时钟)、Timers(定时器)、DAC(Digital to analog converter,数字模拟转换器)等。 In this technical solution, the existing technical solution of using TZPC as a peripheral device to switch the security attributes of other peripheral devices during system switching is abandoned, and a security attribute is connected to the input of the terminal bus bridge device. SNS (Secure Non-secure Switch), when a security attribute switch is required, directly sends a pulse to the security attribute switcher to change the level of the output of the security attribute switcher, thereby changing the bus bridge device. The input signal, which in turn changes the security properties of the peripheral devices connected to the bus, to match the changed system. For example, when performing a payment operation, a normal operating system can issue a system switching command, send a pulse to the security attribute switcher, change the level of its output, and then change the KMI (Keyboard and Mouse Interface) on the bus. The input signal of the port), the security attribute of the peripheral device keyboard that will be used to enter the password is changed from unsafe to secure. The technical solution saves the peripheral slots on the bus, and avoids the use of the application layer software to control the insecure drawbacks caused by the key devices, thereby greatly improving the security of the terminal. The peripheral devices include but are not limited to KMI, touch screen port, RTC (Real-Time Clock), Timers, DAC (Digital to Analog Converter), and the like.
在上述技术方案中,优选地,所述终端连接有一个或多个所述外设设备,每个所述外设设备通过所述终端的总线上的对应的端口连接至所述终端。In the above technical solution, preferably, the terminal is connected to one or more of the peripheral devices, and each of the peripheral devices is connected to the terminal through a corresponding port on a bus of the terminal.
在该技术方案中,外设总线上设置有多个外设端口,每个外设端口对应某种类型的外设设备,当需要更改外设设备的安全属性时,可以根据更改命令,确定需要更改安全属性的目标外设设备,从而将改变后的输入信号发送至对应的端口。In the technical solution, a plurality of peripheral ports are disposed on the peripheral bus, and each peripheral port corresponds to a certain type of peripheral device. When the security attribute of the peripheral device needs to be changed, the change command may be used to determine the need. Change the target peripheral device of the security attribute to send the changed input signal to the corresponding port.
在上述技术方案中,优选地,在所述控制所述安全属性切换器根据所述脉冲更改对所述总线桥接装置的输入信号之前,还包括:在所述终端连接的一个或多个所述外设设备中确定需要切换所述安全属性的目标外设设备。In the above technical solution, preferably, before the controlling the security attribute switcher to change an input signal to the bus bridge device according to the pulse, further comprising: one or more of the A target peripheral device that needs to switch the security attribute is determined in the peripheral device.
在该技术方案中,外设总线上的每个外设端口对应某种类型的外设设备,当需要更改外设设备的安全属性时,可以根据更改命令,确定需要更改安全属性的目标外设设备,从而将改变后的输入信号发送至对应的端口。通过该技术方案,可以根据用户的实际需求只为用到的外设设备改变安全属性,既增加了安全属性更改的安全性,也节省了能耗,避免了终端性能降低,不做无用功。In this technical solution, each peripheral port on the peripheral bus corresponds to a certain type of peripheral device, and when it is required to change the security attribute of the peripheral device, the target peripheral that needs to change the security attribute can be determined according to the change command. The device transmits the changed input signal to the corresponding port. Through this technical solution, the security attributes can be changed only for the used peripheral devices according to the actual needs of the user, which not only increases the security of the security attribute change, but also saves energy consumption, avoids the performance degradation of the terminal, and does not useless work.
在上述技术方案中,优选地,所述控制所述安全属性切换器根据所述脉冲更改对所述总线桥接装置的输入信号,具体包括:根据所述脉冲,更改所述安全属性切换器的输出端的电平;根据更改后的所述输出端的所述电平,更改所述目标外设设备对应的与所述输出端相连的所述端口的所述输入信号,以供更改所述目标外设设备的安全属性。In the above technical solution, preferably, the controlling the security attribute switcher to change an input signal to the bus bridge device according to the pulse comprises: changing an output of the security attribute switch according to the pulse Level of the terminal; changing the input signal of the port corresponding to the output terminal corresponding to the target peripheral device according to the changed level of the output terminal, for modifying the target peripheral device The security attributes of the device.
在该技术方案中,安全属性切换器本身工作原理类似于脉冲JK触发器,当输入端保持低电平时,输出端的电位保持不变,当输入端获得一个脉冲信号时,输出端的电位由低变为高或由高变为低,从而进一步改变其向总线桥接装置的输入信号。比如,当系统运行在普通操作系统的时候,KMI的安全属性是“非安全”,并且DECPROT[0]的信号是“1”,其中,DECPROT[0]为AXI-to-APB Bridge的一个输入端口。当普通操作系统要切换到安全域的一瞬间,普通操作系统会给安全属性切换器一个脉冲信号, 紧接着安全属性切换器就会把DECPROT[0]的信号降为“0”,此时,KMI的安全属性就会由“非安全”切换为“安全”,可以在安全域里使用了。In this technical solution, the safety attribute switcher works like a pulse JK flip-flop. When the input terminal is kept low, the potential of the output terminal remains unchanged. When the input terminal obtains a pulse signal, the potential of the output terminal changes from low to low. It goes high or goes from high to low, further changing its input signal to the bus bridge. For example, when the system is running on a normal operating system, the security attribute of KMI is "non-secure", and the signal of DECPROT[0] is "1", where DECPROT[0] is an input of AXI-to-APB Bridge. port. When the normal operating system wants to switch to the security domain, the normal operating system will give the security attribute switcher a pulse signal. Immediately after the security attribute switcher, the signal of DECPROT[0] is reduced to "0". At this time, the security attribute of KMI will be switched from "non-secure" to "safe" and can be used in the security domain.
在上述技术方案中,优选地,所述外设设备的所述安全属性包括安全或非安全。In the above technical solution, preferably, the security attribute of the peripheral device includes security or non-security.
在该技术方案中,外设设备的安全属性分为安全和非安全两种,可根据操作系统的改变而改变,通过本技术方案,可以在切换系统的同时由安全属性切换器更改外设设备的安全属性,节省了总线上的外设槽位,避免了使用应用层的软件控制关键设备带来的不安全的弊端,大大提升了终端的安全性。In the technical solution, the security attributes of the peripheral device are classified into two types: security and non-security, which can be changed according to changes of the operating system. With the technical solution, the peripheral device can be changed by the security attribute switcher while switching the system. The security attribute saves the peripheral slots on the bus, avoids the use of the application layer software to control the insecure drawbacks caused by the key devices, and greatly improves the security of the terminal.
本发明的另一方面提出了一种安全属性切换装置,用于具有TrustZone系统和操作系统的终端,包括:总线,所述总线包括系统总线和外设总线,所述系统总线和所述外设总线通过总线桥接装置相连;安全属性切换器,所述安全属性切换器的输出端连接至所述总线桥接装置的输入端,用于接收来自所述TrustZone系统或所述操作系统的脉冲,并根据所述脉冲更改对所述总线桥接装置的输入信号,以供更改与所述总线相连的外设设备的安全属性。Another aspect of the present invention provides a security attribute switching apparatus for a terminal having a TrustZone system and an operating system, including: a bus including a system bus and a peripheral bus, the system bus and the peripheral The bus is connected by a bus bridge device; an output of the security attribute switch is connected to an input of the bus bridge device for receiving a pulse from the TrustZone system or the operating system, and The pulse changes an input signal to the bus bridge device for modifying a security attribute of a peripheral device connected to the bus.
TrustZone技术是AMR内核中的一种新型架构,为终端提供了与普通操作系统相隔离的安全系统,由ARM公司推广,可以与CortexTM-A处理器紧密集成,并通过
Figure PCTCN2015080398-appb-000002
AXI总线和特定的TrustZone系统IP块在系统中进行扩展。由于具有硬件隔离措施,普通操作系统中的应用无法访问安全系统中的内容,可以保护安全内存、加密块、键盘和屏幕等外设设备,确保它们免遭软件攻击,从而提升了终端的安全性。比如,在进行支付操作时,可以由普通操作系统切换至安全系统中进行支付密码输入,以保证支付密码的安全。TrustZone technology is a new architecture in the AMR core that provides the terminal with a security system that is isolated from the normal operating system. It is promoted by ARM and can be tightly integrated with the Cortex TM -A processor.
Figure PCTCN2015080398-appb-000002
The AXI bus and the specific TrustZone system IP block are expanded in the system. With hardware isolation, applications in the general operating system cannot access the contents of the security system, and can protect peripheral devices such as secure memory, encryption blocks, keyboards, and screens to ensure they are protected from software attacks, thereby improving terminal security. . For example, when performing a payment operation, the ordinary operating system can be switched to the security system for payment password input to ensure the security of the payment password.
在该技术方案中,摒弃了现有的在进行系统切换时采用TZPC作为外设设备来切换其他外设设备的安全属性的技术方案,而是在终端的总线桥接装置的输入端连接一个安全属性切换器(SNS,Secure Non-secure Switch),在进行系统切换时,直接向安全属性切换器发送一个脉冲,使安全属性切换器的输出端的电平发生改变,从而改变对总线桥接装置的输 入信号,进而更改总线上连接的外设设备的安全属性,使其与更改的系统相配合。比如,在进行支付操作时,可以在普通操作系统发出系统切换命令的同时,向安全属性切换器发送一个脉冲,更改其输出端的电平,进而更改总线上的KMI(Keyboard and Mouse Interface,键盘鼠标端口)的输入信号,将用来输入密码的外设设备键盘的安全属性由不安全更改为安全。通过该技术方案,节省了总线上的外设槽位,避免了使用应用层的软件控制关键设备带来的不安全的弊端,大大提升了终端的安全性。其中,外设设备包括但不限于KMI、触屏端口、RTC(Real-Time Clock,实时时钟)、Timers(定时器)、DAC(Digital to analog converter,数字模拟转换器)等。In this technical solution, the existing technical solution of using TZPC as a peripheral device to switch the security attributes of other peripheral devices during system switching is abandoned, and a security attribute is connected to the input of the terminal bus bridge device. SNS (Secure Non-secure Switch), when performing system switching, directly sends a pulse to the security attribute switcher to change the level of the output of the security attribute switcher, thereby changing the input to the bus bridge device. The incoming signal changes the security attributes of the peripheral devices connected to the bus to match the changed system. For example, when performing a payment operation, a normal operating system can issue a system switching command, send a pulse to the security attribute switcher, change the level of its output, and then change the KMI (Keyboard and Mouse Interface) on the bus. The input signal of the port), the security attribute of the peripheral device keyboard that will be used to enter the password is changed from unsafe to secure. The technical solution saves the peripheral slots on the bus, and avoids the use of the application layer software to control the insecure drawbacks caused by the key devices, thereby greatly improving the security of the terminal. The peripheral devices include but are not limited to KMI, touch screen port, RTC (Real-Time Clock), Timers, DAC (Digital to Analog Converter), and the like.
在上述技术方案中,优选地,所述外设总线上设置有多个端口,以供所述外设设备通过对应的所述端口连接至所述终端。In the above technical solution, preferably, the peripheral bus is provided with a plurality of ports for the peripheral device to connect to the terminal through the corresponding port.
在该技术方案中,外设总线上设置有多个外设端口,每个外设端口对应某种类型的外设设备,当需要更改外设设备的安全属性时,可以根据更改命令,确定需要更改安全属性的目标外设设备,从而将改变后的输入信号发送至对应的端口。In the technical solution, a plurality of peripheral ports are disposed on the peripheral bus, and each peripheral port corresponds to a certain type of peripheral device. When the security attribute of the peripheral device needs to be changed, the change command may be used to determine the need. Change the target peripheral device of the security attribute to send the changed input signal to the corresponding port.
在上述技术方案中,优选地,所述安全属性切换器包括:确定单元,在所述终端连接的一个或多个所述外设设备中确定需要切换所述安全属性的目标外设设备。In the above technical solution, preferably, the security attribute switcher includes: a determining unit that determines, in one or more of the peripheral devices connected to the terminal, a target peripheral device that needs to switch the security attribute.
在该技术方案中,外设总线上的每个外设端口对应某种类型的外设设备,当需要更改外设设备的安全属性时,可以根据更改命令,确定需要更改安全属性的目标外设设备,从而将改变后的输入信号发送至对应的端口。通过该技术方案,可以根据用户的实际需求只为用到的外设设备改变安全属性,既增加了安全属性更改的安全性,也节省了能耗,避免了终端性能降低,不做无用功。In this technical solution, each peripheral port on the peripheral bus corresponds to a certain type of peripheral device, and when it is required to change the security attribute of the peripheral device, the target peripheral that needs to change the security attribute can be determined according to the change command. The device transmits the changed input signal to the corresponding port. Through this technical solution, the security attributes can be changed only for the used peripheral devices according to the actual needs of the user, which not only increases the security of the security attribute change, but also saves energy consumption, avoids the performance degradation of the terminal, and does not useless work.
在上述技术方案中,优选地,所述安全属性切换器具体用于:根据所述脉冲,更改所述安全属性切换器的输出端的电平,以及根据更改后的所述输出端的所述电平,更改所述目标外设设备对应的与所述输出端相连的所述端口的所述输入信号,以供更改所述目标外设设备的安全属性。 In the above technical solution, preferably, the security attribute switcher is specifically configured to: according to the pulse, change a level of an output end of the security attribute switcher, and according to the changed level of the output end And changing the input signal of the port corresponding to the output end corresponding to the target peripheral device for modifying a security attribute of the target peripheral device.
在该技术方案中,安全属性切换器本身工作原理类似于脉冲JK触发器,当输入端保持低电平时,输出端的电位保持不变,当输入端获得一个脉冲信号时,输出端的电位由低变为高或由高变为低,从而进一步改变其向总线桥接装置的输入信号。比如,当系统运行在普通操作系统的时候,KMI的安全属性是“非安全”,并且DECPROT[0]的信号是“1”,其中,DECPROT[0]为AXI-to-APB Bridge的一个输入端口。当普通操作系统要切换到安全域的一瞬间,普通操作系统会给安全属性切换器一个脉冲信号,紧接着安全属性切换器就会把DECPROT[0]的信号降为“0”,此时,KMI的安全属性就会由“非安全”切换为“安全”,可以在安全域里使用了。In this technical solution, the safety attribute switcher works like a pulse JK flip-flop. When the input terminal is kept low, the potential of the output terminal remains unchanged. When the input terminal obtains a pulse signal, the potential of the output terminal changes from low to low. It goes high or goes from high to low, further changing its input signal to the bus bridge. For example, when the system is running on a normal operating system, the security attribute of KMI is "non-secure", and the signal of DECPROT[0] is "1", where DECPROT[0] is an input of AXI-to-APB Bridge. port. When the normal operating system wants to switch to the security domain, the normal operating system will give the security attribute switcher a pulse signal, and then the security attribute switcher will reduce the signal of DECPROT[0] to "0". The security attributes of KMI will be switched from "non-secure" to "secure" and can be used in the security domain.
在上述技术方案中,优选地,所述外设设备的所述安全属性包括安全或非安全。In the above technical solution, preferably, the security attribute of the peripheral device includes security or non-security.
在该技术方案中,外设设备的安全属性分为安全和非安全两种,可根据操作系统的改变而改变,通过本技术方案,在切换系统的同时由安全属性切换器更改外设设备的安全属性,节省了总线上的外设槽位,避免了使用应用层的软件控制关键设备带来的不安全的弊端,大大提升了终端的安全性。In this technical solution, the security attributes of the peripheral device are classified into two types: security and non-security, which may be changed according to changes of the operating system. With the technical solution, the security attribute switcher changes the peripheral device while switching the system. The security attribute saves the peripheral slots on the bus, avoids the insecure drawbacks caused by the application layer software to control the key devices, and greatly improves the security of the terminal.
本发明的第三方面的实施例提出了一种终端,具有TrustZone系统和操作系统,所述终端包括通信总线、收发装置、存储器以及处理器,其中:An embodiment of the third aspect of the present invention provides a terminal having a TrustZone system and an operating system, the terminal including a communication bus, a transceiver, a memory, and a processor, wherein:
所述通信总线,用于实现所述收发装置、所述存储器以及所述处理器之间的连接通信;The communication bus is configured to implement connection communication between the transceiver device, the memory, and the processor;
所述存储器中存储一组程序代码,且所述收发装置和所述处理器调用存储器中存储的程序代码,用于执行以下操作:The program stores a set of program codes, and the transceiver device and the processor call program code stored in the memory to perform the following operations:
所述收发装置,用于从所述终端的所述TrustZone系统或所述操作系统向所述终端的安全属性切换器发送脉冲,其中,所述安全属性切换器的输出端与所述终端的总线桥接装置的输入端相连;The transceiver device is configured to send a pulse from the TrustZone system or the operating system of the terminal to a security attribute switcher of the terminal, where an output end of the security attribute switcher and a bus of the terminal Connecting the input ends of the bridge device;
所述处理器,用于控制所述安全属性切换器根据所述收发装置发送的所述脉冲更改对所述总线桥接装置的输入信号,以供更改与所述终端相连的外设设备的安全属性。The processor, configured to control, by the security attribute switcher, an input signal to the bus bridge device according to the pulse sent by the transceiver device to change a security attribute of a peripheral device connected to the terminal .
在上述技术方案中,优选地,所述终端连接有一个或多个所述外设设备, 每个所述外设设备通过所述终端的总线上的对应的端口连接至所述终端。In the above technical solution, preferably, the terminal is connected to one or more of the peripheral devices, Each of the peripheral devices is connected to the terminal through a corresponding port on a bus of the terminal.
在上述技术方案中,优选地,所述处理器在所述控制所述安全属性切换器根据所述脉冲更改对所述总线桥接装置的输入信号步骤之前,还用于:In the above technical solution, preferably, the processor is further configured to: before the step of controlling the security attribute switcher to change an input signal to the bus bridge device according to the pulse:
在所述终端连接的一个或多个所述外设设备中确定需要切换所述安全属性的目标外设设备。Determining, in one or more of the peripheral devices connected to the terminal, a target peripheral device that needs to switch the security attribute.
在上述技术方案中,优选地,所述处理器控制所述安全属性切换器根据所述脉冲更改对所述总线桥接装置的输入信号的步骤具体包括:In the above technical solution, preferably, the step of the processor controlling the security attribute switcher to change an input signal to the bus bridge device according to the pulse specifically includes:
根据所述脉冲,更改所述安全属性切换器的输出端的电平;Changing the level of the output of the safety attribute switcher according to the pulse;
根据更改后的所述输出端的所述电平,更改所述目标外设设备对应的与所述输出端相连的所述端口的所述输入信号,以供更改所述目标外设设备的安全属性。Changing the input signal of the port connected to the output terminal corresponding to the target peripheral device to change a security attribute of the target peripheral device according to the changed level of the output terminal .
在上述技术方案中,优选地,所述外设设备的所述安全属性包括安全或非安全。In the above technical solution, preferably, the security attribute of the peripheral device includes security or non-security.
通过以上技术方案,由安全属性切换器更改外设设备的安全属性,节省了总线上的外设槽位,同时,避免了使用应用层的软件控制关键设备带来的不安全的弊端,大大提升了终端的安全性。Through the above technical solution, the security attribute switcher changes the security attributes of the peripheral device, which saves the peripheral slots on the bus, and at the same time, avoids the use of the application layer software to control the insecure drawbacks caused by the key devices, greatly improving The security of the terminal.
附图说明DRAWINGS
图1示出了根据本发明的一个实施例的安全属性切换方法的流程图;1 shows a flow chart of a security attribute switching method in accordance with one embodiment of the present invention;
图2示出了根据本发明的一个实施例的安全属性切换装置的框图;2 shows a block diagram of a security attribute switching device in accordance with one embodiment of the present invention;
图3示出了根据本发明的一个实施例的终端的框图;Figure 3 shows a block diagram of a terminal in accordance with one embodiment of the present invention;
图4示出了根据本发明的一个实施例的总线连接示意图;Figure 4 shows a schematic diagram of a bus connection in accordance with one embodiment of the present invention;
图5示出了根据本发明的另一个实施例的终端的框图。FIG. 5 shows a block diagram of a terminal in accordance with another embodiment of the present invention.
具体实施方式detailed description
为了能够更清楚地理解本发明的上述目的、特征和优点,下面结合附图和具体实施方式对本发明进行进一步的详细描述。需要说明的是,在不冲突的情况下,本申请的实施例及实施例中的特征可以相互组合。The present invention will be further described in detail below with reference to the drawings and specific embodiments. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
在下面的描述中阐述了很多具体细节以便于充分理解本发明,但是, 本发明还可以采用其他不同于在此描述的其他方式来实施,因此,本发明的保护范围并不受下面公开的具体实施例的限制。In the following description, numerous specific details are set forth in order to provide a thorough understanding of the invention. The present invention may be embodied in other specific forms than those described herein. Therefore, the scope of the present invention is not limited by the specific embodiments disclosed below.
图1示出了根据本发明的一个实施例的安全属性切换方法的流程图。FIG. 1 shows a flow chart of a security attribute switching method in accordance with one embodiment of the present invention.
如图1所示,根据本发明的一个实施例的安全属性切换方法,用于具有TrustZone系统和操作系统的终端,包括:As shown in FIG. 1, a security attribute switching method according to an embodiment of the present invention is used for a terminal having a TrustZone system and an operating system, including:
步骤102,从终端的TrustZone系统或操作系统向终端的安全属性切换器发送脉冲,其中,安全属性切换器的输出端与终端的总线桥接装置的输入端相连。Step 102: Send a pulse from the TrustZone system or operating system of the terminal to the security attribute switcher of the terminal, wherein the output of the security attribute switcher is connected to the input end of the bus bridge device of the terminal.
步骤104,控制安全属性切换器根据脉冲更改对总线桥接装置的输入信号,以供在切换系统的同时更改与终端相连的外设设备的安全属性。Step 104: The control security attribute switcher changes an input signal to the bus bridge device according to the pulse, so as to change the security attribute of the peripheral device connected to the terminal while switching the system.
TrustZone技术是AMR内核中的一种新型架构,为终端提供了与普通操作系统相隔离的安全系统,由ARM公司推广,可以与CortexTM-A处理器紧密集成,并通过
Figure PCTCN2015080398-appb-000003
AXI总线和特定的TrustZone系统IP块在系统中进行扩展。由于具有硬件隔离措施,普通操作系统中的应用无法访问安全系统中的内容,可以保护安全内存、加密块、键盘和屏幕等外设设备,确保它们免遭软件攻击,从而提升了终端的安全性。比如,在进行支付操作时,可以由普通操作系统切换至安全系统中进行支付密码输入,以保证支付密码的安全。TrustZone technology is a new architecture in the AMR core that provides the terminal with a security system that is isolated from the normal operating system. It is promoted by ARM and can be tightly integrated with the Cortex TM -A processor.
Figure PCTCN2015080398-appb-000003
The AXI bus and the specific TrustZone system IP block are expanded in the system. With hardware isolation, applications in the general operating system cannot access the contents of the security system, and can protect peripheral devices such as secure memory, encryption blocks, keyboards, and screens to ensure they are protected from software attacks, thereby improving terminal security. . For example, when performing a payment operation, the ordinary operating system can be switched to the security system for payment password input to ensure the security of the payment password.
在该技术方案中,摒弃了现有的在进行系统切换时采用TZPC作为外设设备来切换其他外设设备的安全属性的技术方案,而是在终端的总线桥接装置的输入端连接一个安全属性切换器(SNS,Secure Non-secure Switch),在需要进行安全属性切换时,直接向安全属性切换器发送一个脉冲,使安全属性切换器的输出端的电平发生改变,从而改变对总线桥接装置的输入信号,进而更改总线上连接的外设设备的安全属性,使其与更改的系统相配合。比如,在进行支付操作时,可以在普通操作系统发出系统切换命令的同时,向安全属性切换器发送一个脉冲,更改其输出端的电平,进而更改总线上的KMI(Keyboard and Mouse Interface,键盘鼠标端口)的输入信号,将用来输入密码的外设设备键盘的安全属性由不安全更改为安全。通过该技术方案,节省了总线上的外设槽位,避免了使用应用层的 软件控制关键设备带来的不安全的弊端,大大提升了终端的安全性。其中,外设设备包括但不限于KMI、触屏端口、RTC(Real-Time Clock,实时时钟)、Timers(定时器)、DAC(Digital to analog converter,数字模拟转换器)等。In this technical solution, the existing technical solution of using TZPC as a peripheral device to switch the security attributes of other peripheral devices during system switching is abandoned, and a security attribute is connected to the input of the terminal bus bridge device. SNS (Secure Non-secure Switch), when a security attribute switch is required, directly sends a pulse to the security attribute switcher to change the level of the output of the security attribute switcher, thereby changing the bus bridge device. The input signal, which in turn changes the security properties of the peripheral devices connected to the bus, to match the changed system. For example, when performing a payment operation, a normal operating system can issue a system switching command, send a pulse to the security attribute switcher, change the level of its output, and then change the KMI (Keyboard and Mouse Interface) on the bus. The input signal of the port), the security attribute of the peripheral device keyboard that will be used to enter the password is changed from unsafe to secure. The technical solution saves the peripheral slots on the bus and avoids the use of the application layer. Software controls the insecure drawbacks of key devices, greatly improving the security of the terminal. The peripheral devices include but are not limited to KMI, touch screen port, RTC (Real-Time Clock), Timers, DAC (Digital to Analog Converter), and the like.
在上述技术方案中,优选地,终端连接有一个或多个外设设备,每个外设设备通过终端的总线上的对应的端口连接至终端。In the above technical solution, preferably, the terminal is connected to one or more peripheral devices, and each peripheral device is connected to the terminal through a corresponding port on the bus of the terminal.
在该技术方案中,外设总线上设置有多个外设端口,每个外设端口对应某种类型的外设设备,当需要更改外设设备的安全属性时,可以根据更改命令,确定需要更改安全属性的目标外设设备,从而将改变后的输入信号发送至对应的端口。In the technical solution, a plurality of peripheral ports are disposed on the peripheral bus, and each peripheral port corresponds to a certain type of peripheral device. When the security attribute of the peripheral device needs to be changed, the change command may be used to determine the need. Change the target peripheral device of the security attribute to send the changed input signal to the corresponding port.
在上述技术方案中,优选地,在步骤104之前,还包括:在终端连接的一个或多个外设设备中确定需要切换安全属性的目标外设设备。In the above technical solution, preferably, before step 104, the method further includes: determining, in one or more peripheral devices connected to the terminal, a target peripheral device that needs to switch security attributes.
在该技术方案中,外设总线上的每个外设端口对应某种类型的外设设备,当需要更改外设设备的安全属性时,可以根据更改命令,确定需要更改安全属性的目标外设设备,从而将改变后的输入信号发送至对应的端口。通过该技术方案,可以根据用户的实际需求只为用到的外设设备改变安全属性,既增加了安全属性更改的安全性,也节省了能耗,避免了终端性能降低,不做无用功。In this technical solution, each peripheral port on the peripheral bus corresponds to a certain type of peripheral device, and when it is required to change the security attribute of the peripheral device, the target peripheral that needs to change the security attribute can be determined according to the change command. The device transmits the changed input signal to the corresponding port. Through this technical solution, the security attributes can be changed only for the used peripheral devices according to the actual needs of the user, which not only increases the security of the security attribute change, but also saves energy consumption, avoids the performance degradation of the terminal, and does not useless work.
在上述技术方案中,优选地,步骤104具体包括:根据脉冲,更改安全属性切换器的输出端的电平;根据更改后的输出端的电平,更改目标外设设备对应的与输出端相连的端口的输入信号,以供更改目标外设设备的安全属性。In the above technical solution, preferably, the step 104 specifically includes: changing the level of the output end of the safety attribute switcher according to the pulse; and changing the port corresponding to the output end corresponding to the target peripheral device according to the level of the changed output end; The input signal is used to change the security attributes of the target peripheral device.
在该技术方案中,安全属性切换器本身工作原理类似于脉冲JK触发器,当输入端保持低电平时,输出端的电位保持不变,当输入端获得一个脉冲信号时,输出端的电位由低变为高或由高变为低,从而进一步改变其向总线桥接装置的输入信号。比如,当系统运行在普通操作系统的时候,KMI的安全属性是“非安全”,并且DECPROT[0]的信号是“1”,其中,DECPROT[0]为AXI-to-APB Bridge的一个输入端口。当普通操作系统要切换到安全域的一瞬间,普通操作系统会给安全属性切换器一个脉冲信号, 紧接着安全属性切换器就会把DECPROT[0]的信号降为“0”,此时,KMI的安全属性就会由“非安全”切换为“安全”,可以在安全域里使用了。In this technical solution, the safety attribute switcher works like a pulse JK flip-flop. When the input terminal is kept low, the potential of the output terminal remains unchanged. When the input terminal obtains a pulse signal, the potential of the output terminal changes from low to low. It goes high or goes from high to low, further changing its input signal to the bus bridge. For example, when the system is running on a normal operating system, the security attribute of KMI is "non-secure", and the signal of DECPROT[0] is "1", where DECPROT[0] is an input of AXI-to-APB Bridge. port. When the normal operating system wants to switch to the security domain, the normal operating system will give the security attribute switcher a pulse signal. Immediately after the security attribute switcher, the signal of DECPROT[0] is reduced to "0". At this time, the security attribute of KMI will be switched from "non-secure" to "safe" and can be used in the security domain.
在上述技术方案中,优选地,外设设备的安全属性包括安全或非安全。In the above technical solution, preferably, the security attributes of the peripheral device include security or non-security.
在该技术方案中,外设设备的安全属性分为安全和非安全两种,可根据操作系统的改变而改变,通过本技术方案,可以在切换系统的同时由安全属性切换器更改外设设备的安全属性,节省了总线上的外设槽位,避免了使用应用层的软件控制关键设备带来的不安全的弊端,大大提升了终端的安全性。In the technical solution, the security attributes of the peripheral device are classified into two types: security and non-security, which can be changed according to changes of the operating system. With the technical solution, the peripheral device can be changed by the security attribute switcher while switching the system. The security attribute saves the peripheral slots on the bus, avoids the use of the application layer software to control the insecure drawbacks caused by the key devices, and greatly improves the security of the terminal.
图2示出了根据本发明的一个实施例的安全属性切换装置的框图。2 shows a block diagram of a security attribute switching device in accordance with one embodiment of the present invention.
如图2所示,根据本发明的一个实施例的安全属性切换装置200,用于具有TrustZone系统和操作系统的终端,包括:总线202,总线包括系统总线2022和外设总线2024,系统总线2022和外设总线2024通过总线桥接装置2026相连;安全属性切换器204,安全属性切换器204的输出端连接至总线桥接装置2026的输入端,用于接收来自TrustZone系统或操作系统的脉冲,并根据脉冲更改对总线桥接装置2026的输入信号,以供更改与总线相连的外设设备的安全属性。As shown in FIG. 2, a security attribute switching apparatus 200 according to an embodiment of the present invention is used for a terminal having a TrustZone system and an operating system, including: a bus 202 including a system bus 2022 and a peripheral bus 2024, and a system bus 2022. The peripheral bus 2024 is coupled to the bus bridge device 2026; the security attribute switch 204, the output of the security attribute switch 204 is coupled to the input of the bus bridge device 2026 for receiving pulses from the TrustZone system or operating system, and The input signal to the bus bridge device 2026 is pulsed to change the security attributes of the peripheral device connected to the bus.
TrustZone技术是AMR内核中的一种新型架构,为终端提供了与普通操作系统相隔离的安全系统,由ARM公司推广,可以与CortexTM-A处理器紧密集成,并通过
Figure PCTCN2015080398-appb-000004
AXI总线和特定的TrustZone系统IP块在系统中进行扩展。由于具有硬件隔离措施,普通操作系统中的应用无法访问安全系统中的内容,可以保护安全内存、加密块、键盘和屏幕等外设设备,确保它们免遭软件攻击,从而提升了终端的安全性。比如,在进行支付操作时,可以由普通操作系统切换至安全系统中进行支付密码输入,以保证支付密码的安全。TrustZone technology is a new architecture in the AMR core that provides the terminal with a security system that is isolated from the normal operating system. It is promoted by ARM and can be tightly integrated with the Cortex TM -A processor.
Figure PCTCN2015080398-appb-000004
The AXI bus and the specific TrustZone system IP block are expanded in the system. With hardware isolation, applications in the general operating system cannot access the contents of the security system, and can protect peripheral devices such as secure memory, encryption blocks, keyboards, and screens to ensure they are protected from software attacks, thereby improving terminal security. . For example, when performing a payment operation, the ordinary operating system can be switched to the security system for payment password input to ensure the security of the payment password.
在该技术方案中,摒弃了现有的在进行系统切换时采用TZPC作为外设设备来切换其他外设设备的安全属性的技术方案,而是在终端的总线桥接装置2026的输入端连接一个安全属性切换器204(SNS,Secure Non-secure Switch),在进行系统切换时,直接向安全属性切换器204发送一个脉冲,使安全属性切换器204的输出端的电平发生改变,从而改变对 总线桥接装置2026的输入信号,进而更改总线上连接的外设设备的安全属性,使其与更改的系统相配合。比如,在进行支付操作时,可以在普通操作系统发出系统切换命令的同时,向安全属性切换器204发送一个脉冲,更改其输出端的电平,进而更改总线上的KMI(Keyboard and Mouse Interface,键盘鼠标端口)的输入信号,将用来输入密码的外设设备键盘的安全属性由不安全更改为安全。通过该技术方案,节省了总线上的外设槽位,避免了使用应用层的软件控制关键设备带来的不安全的弊端,大大提升了终端的安全性。其中,外设设备包括但不限于KMI、触屏端口、RTC(Real-Time Clock,实时时钟)、Timers(定时器)、DAC(Digital to analog converter,数字模拟转换器)等。In this technical solution, the existing technical solution of using TZPC as a peripheral device to switch the security attributes of other peripheral devices during system switching is abandoned, but a security is connected to the input end of the bus bridge device 2026 of the terminal. The attribute switcher 204 (SNS, Secure Non-secure Switch) directly sends a pulse to the security attribute switcher 204 when the system is switched, so that the level of the output of the security attribute switch 204 is changed, thereby changing the pair. The bus bridges the input signal to device 2026, which in turn changes the security attributes of the peripheral devices connected to the bus to match the changed system. For example, when the payment operation is performed, a pulse can be sent to the security attribute switcher 204 while the normal operating system issues a system switching command, and the level of the output terminal is changed, thereby changing the KMI (Keyboard and Mouse Interface) on the bus. The input signal of the mouse port), the security attribute of the peripheral device keyboard that will be used to enter the password is changed from unsafe to secure. The technical solution saves the peripheral slots on the bus, and avoids the use of the application layer software to control the insecure drawbacks caused by the key devices, thereby greatly improving the security of the terminal. The peripheral devices include but are not limited to KMI, touch screen port, RTC (Real-Time Clock), Timers, DAC (Digital to Analog Converter), and the like.
在上述技术方案中,优选地,外设总线2024上设置有多个端口,以供外设设备通过对应的端口连接至终端。In the above technical solution, preferably, the peripheral bus 2024 is provided with a plurality of ports for the peripheral device to connect to the terminal through the corresponding port.
在该技术方案中,外设总线2024上设置有多个外设端口,每个外设端口对应某种类型的外设设备,当需要更改外设设备的安全属性时,可以根据更改命令,确定需要更改安全属性的目标外设设备,从而将改变后的输入信号发送至对应的端口。In the technical solution, the peripheral bus 2024 is provided with a plurality of peripheral ports, each of which corresponds to a certain type of peripheral device. When the security attribute of the peripheral device needs to be changed, the change command may be determined according to the change command. The target peripheral device that needs to change the security attribute sends the changed input signal to the corresponding port.
在上述技术方案中,优选地,安全属性切换器204包括:确定单元2042,在终端连接的一个或多个外设设备中确定需要切换安全属性的目标外设设备。In the above technical solution, preferably, the security attribute switcher 204 includes: a determining unit 2042 that determines a target peripheral device that needs to switch security attributes in one or more peripheral devices connected to the terminal.
在该技术方案中,外设总线2024上的每个外设端口对应某种类型的外设设备,当需要更改外设设备的安全属性时,可以根据更改命令,确定需要更改安全属性的目标外设设备,从而将改变后的输入信号发送至对应的端口。通过该技术方案,可以根据用户的实际需求只为用到的外设设备改变安全属性,既增加了安全属性更改的安全性,也节省了能耗,避免了终端性能降低,不做无用功。In this technical solution, each peripheral port on the peripheral bus 2024 corresponds to a certain type of peripheral device. When the security attribute of the peripheral device needs to be changed, the change command may be used to determine that the target of the security attribute needs to be changed. Set the device to send the changed input signal to the corresponding port. Through this technical solution, the security attributes can be changed only for the used peripheral devices according to the actual needs of the user, which not only increases the security of the security attribute change, but also saves energy consumption, avoids the performance degradation of the terminal, and does not useless work.
在上述技术方案中,优选地,安全属性切换器204具体用于:根据脉冲,更改安全属性切换器204的输出端的电平,以及根据更改后的输出端的电平,更改目标外设设备对应的与输出端相连的端口的输入信号,以供更改目标外设设备的安全属性。 In the above technical solution, preferably, the security attribute switcher 204 is specifically configured to: change the level of the output end of the security attribute switcher 204 according to the pulse, and change the corresponding target peripheral device according to the level of the changed output end. The input signal to the port connected to the output for changing the security attributes of the target peripheral device.
在该技术方案中,安全属性切换器204本身工作原理类似于脉冲JK触发器,当输入端保持低电平时,输出端的电位保持不变,当输入端获得一个脉冲信号时,输出端的电位由低变为高或由高变为低,从而进一步改变其向总线桥接装置2026的输入信号。比如,当系统运行在普通操作系统的时候,KMI的安全属性是“非安全”,并且DECPROT[0]的信号是“1”,其中,DECPROT[0]为AXI-to-APB Bridge的一个输入端口。当普通操作系统要切换到安全域的一瞬间,普通操作系统会给安全属性切换器204一个脉冲信号,紧接着安全属性切换器204就会把DECPROT[0]的信号降为“0”,此时,KMI的安全属性就会由“非安全”切换为“安全”,可以在安全域里使用了。In this technical solution, the safety attribute switcher 204 itself works like a pulse JK flip-flop. When the input terminal is kept low, the potential of the output terminal remains unchanged. When the input terminal obtains a pulse signal, the potential of the output terminal is low. It goes high or goes from high to low, further changing its input signal to the bus bridge device 2026. For example, when the system is running on a normal operating system, the security attribute of KMI is "non-secure", and the signal of DECPROT[0] is "1", where DECPROT[0] is an input of AXI-to-APB Bridge. port. When the normal operating system wants to switch to the security domain, the normal operating system will give the security attribute switcher 204 a pulse signal, and then the security attribute switcher 204 will lower the signal of DECPROT[0] to "0". At this time, the security attributes of KMI will be switched from "non-secure" to "secure" and can be used in the security domain.
在上述技术方案中,优选地,外设设备的安全属性包括安全或非安全。In the above technical solution, preferably, the security attributes of the peripheral device include security or non-security.
在该技术方案中,外设设备的安全属性分为安全和非安全两种,可根据操作系统的改变而改变,通过本技术方案,在切换系统的同时由安全属性切换器204更改外设设备的安全属性,节省了总线上的外设槽位,避免了使用应用层的软件控制关键设备带来的不安全的弊端,大大提升了终端的安全性。In this technical solution, the security attributes of the peripheral device are classified into two types: security and non-security, which may be changed according to changes of the operating system. With the technical solution, the peripheral device is changed by the security attribute switch 204 while switching the system. The security attribute saves the peripheral slots on the bus, avoids the use of the application layer software to control the insecure drawbacks caused by the key devices, and greatly improves the security of the terminal.
图3示出了根据本发明的一个实施例的终端的框图。Figure 3 shows a block diagram of a terminal in accordance with one embodiment of the present invention.
如图3所示,根据本发明的一个实施例的终端300,具有TrustZone系统和操作系统,以及还包括:安全属性切换装置302(相当于图2示出的实施例中的安全属性切换装置200),用于根据接收到的安全属性切换命令,从终端的TrustZone系统或操作系统向终端的安全属性切换器发送脉冲,其中,安全属性切换器的输出端与终端的总线桥接装置的输入端相连,以及控制安全属性切换器根据脉冲更改对总线桥接装置的输入信号,以供在切换系统的同时更改与终端相连的外设设备的安全属性。As shown in FIG. 3, a terminal 300 according to an embodiment of the present invention has a TrustZone system and an operating system, and further includes: a security attribute switching device 302 (corresponding to the security attribute switching device 200 in the embodiment shown in FIG. 2) And transmitting a pulse from the TrustZone system or the operating system of the terminal to the security attribute switcher of the terminal according to the received security attribute switching command, wherein the output of the security attribute switcher is connected to the input end of the bus bridge device of the terminal. And controlling the safety attribute switcher to change the input signal to the bus bridge device according to the pulse, so as to change the security attribute of the peripheral device connected to the terminal while switching the system.
TrustZone技术是AMR内核中的一种新型架构,为终端提供了与普通操作系统相隔离的安全系统,由ARM公司推广,可以与CortexTM-A处理器紧密集成,并通过
Figure PCTCN2015080398-appb-000005
AXI总线和特定的TrustZone系统IP块在系统中进行扩展。由于具有硬件隔离措施,普通操作系统中的应用无法访问安全系统中的内容,可以保护安全内存、加密块、键盘和屏幕等外设设备, 确保它们免遭软件攻击,从而提升了终端的安全性。比如,在进行支付操作时,可以由普通操作系统切换至安全系统中进行支付密码输入,以保证支付密码的安全。TrustZone technology is a new architecture in the AMR core that provides the terminal with a security system that is isolated from the normal operating system. It is promoted by ARM and can be tightly integrated with the Cortex TM -A processor.
Figure PCTCN2015080398-appb-000005
The AXI bus and the specific TrustZone system IP block are expanded in the system. With hardware isolation, applications in the normal operating system cannot access the contents of the security system, and can protect peripheral devices such as secure memory, encryption blocks, keyboards, and screens to ensure they are protected from software attacks, thereby improving terminal security. . For example, when performing a payment operation, the ordinary operating system can be switched to the security system for payment password input to ensure the security of the payment password.
在该技术方案中,摒弃了现有的在进行系统切换时采用TZPC作为外设设备来切换其他外设设备的安全属性的技术方案,而是在终端的总线桥接装置的输入端连接一个安全属性切换器(SNS,Secure Non-secure Switch),在需要进行安全属性切换时,直接向安全属性切换器发送一个脉冲,使安全属性切换器的输出端的电平发生改变,从而改变对总线桥接装置的输入信号,进而更改总线上连接的外设设备的安全属性,使其与更改的系统相配合。比如,在进行支付操作时,可以在普通操作系统发出系统切换命令的同时,向安全属性切换器发送一个脉冲,更改其输出端的电平,进而更改总线上的KMI(Keyboard and Mouse Interface,键盘鼠标端口)的输入信号,将用来输入密码的外设设备键盘的安全属性由不安全更改为安全。通过该技术方案,节省了总线上的外设槽位,避免了使用应用层的软件控制关键设备带来的不安全的弊端,大大提升了终端的安全性。其中,外设设备包括但不限于KMI、触屏端口、RTC(Real-Time Clock,实时时钟)、Timers(定时器)、DAC(Digital to analog converter,数字模拟转换器)等。In this technical solution, the existing technical solution of using TZPC as a peripheral device to switch the security attributes of other peripheral devices during system switching is abandoned, and a security attribute is connected to the input of the terminal bus bridge device. SNS (Secure Non-secure Switch), when a security attribute switch is required, directly sends a pulse to the security attribute switcher to change the level of the output of the security attribute switcher, thereby changing the bus bridge device. The input signal, which in turn changes the security properties of the peripheral devices connected to the bus, to match the changed system. For example, when performing a payment operation, a normal operating system can issue a system switching command, send a pulse to the security attribute switcher, change the level of its output, and then change the KMI (Keyboard and Mouse Interface) on the bus. The input signal of the port), the security attribute of the peripheral device keyboard that will be used to enter the password is changed from unsafe to secure. The technical solution saves the peripheral slots on the bus, and avoids the use of the application layer software to control the insecure drawbacks caused by the key devices, thereby greatly improving the security of the terminal. The peripheral devices include but are not limited to KMI, touch screen port, RTC (Real-Time Clock), Timers, DAC (Digital to Analog Converter), and the like.
另外,由于安全属性切换装置302相当于图2示出的实施例中的安全属性切换装置200,因此,终端300具有和上述技术方案中任一项所述的安全属性切换装置200相同的技术效果,在此不再赘述。图4示出了根据本发明的一个实施例的总线连接示意图。In addition, since the security attribute switching device 302 corresponds to the security attribute switching device 200 in the embodiment shown in FIG. 2, the terminal 300 has the same technical effect as the security attribute switching device 200 according to any one of the above aspects. , will not repeat them here. Figure 4 shows a schematic diagram of a bus connection in accordance with one embodiment of the present invention.
如图4所示,TrustZone的ARMCore(ARM处理器)与AXI Bus(系统总线)相连,AXI Bus通过AXI-to-APB Bridge与外设总线APB Bus相连,另外,ARMCore还通过AXI Bus连接至Memory Adaptor(读卡器),以读取SRAM(Static RAM,静态随机存储器)。As shown in Figure 4, TrustZone's ARMCore (ARM processor) is connected to the AXI Bus (system bus), AXI Bus is connected to the peripheral bus APB Bus through the AXI-to-APB Bridge, and ARMCore is also connected to the Memory via AXI Bus. Adaptor (reader) to read SRAM (Static RAM).
SNS本身工作原理类似于脉冲JK触发器,当输入端保持低电平时,输出端的电位保持不变,当输入端获得一个Switch Signal(脉冲信号)时,输出端的电位由低变为高或由高变为低。TrustZon的外设总线上设置有多 个外设设备,如KMI、触屏端口、RTC、Timers、DAC等。The SNS itself works like a pulsed JK flip-flop. When the input is held low, the potential at the output remains the same. When the input receives a Switch Signal, the potential at the output changes from low to high or high. It becomes low. There are many settings on TrustZon's peripheral bus. Peripheral devices such as KMI, touch screen ports, RTC, Timers, DAC, etc.
当某个外设设备(比如KMI)需要实时切换安全属性时,其安全属性由AXI-to-APB Bridge上的DECPROT[0]信号端口控制,“1”表示非安全,“0”表示安全。将SNS的输出端与AXI-to-APB Bridge的DECPROT[0]输入端口连接。如果输入一个Switch Signal进入SNS,其输出端的电位马上由“0”变为“1”或者由“1”变为“0”,信号由DECPROT[0]输入到AXI-to-APB Bridge,如此外设设备的安全属性便会从“安全”变为“非安全”或者从“非安全”变为“安全”。When a peripheral device (such as KMI) needs to switch security attributes in real time, its security attribute is controlled by the DECPROT[0] signal port on the AXI-to-APB Bridge. "1" means non-secure and "0" means security. Connect the output of the SNS to the DECPROT[0] input port of the AXI-to-APB Bridge. If a Switch Signal is input into the SNS, the potential at the output of the switch immediately changes from "0" to "1" or from "1" to "0", and the signal is input to the AXI-to-APB Bridge by DECPROT[0]. Let the security attributes of the device change from "safe" to "non-secure" or from "non-secure" to "safe".
比如,当系统运行在普通域的时候,KMI外设设备的安全属性是“非安全”,并且DECPROT[0]的信号是“1”。当系统要切换到安全域的一瞬间,系统会给SNS一个Switch Signal,紧接着SNS就会把DECPROT[0]的信号降为“0”,此时KMI的安全属性就会由“非安全”切换为“安全”,并且可以在安全域里使用了。For example, when the system is running in a normal domain, the security attributes of the KMI peripheral device are "non-secure" and the signal of DECPROT[0] is "1". When the system wants to switch to the security domain, the system will give the SNS a Switch Signal, and then the SNS will reduce the signal of DECPROT[0] to "0". At this time, the security attribute of the KMI will be "non-secure". Switch to "secure" and use it in the security domain.
图5示出了根据本发明的另一个实施例的终端的结构示意图。如图5所示,所述终端可以包括:至少一个收发装置503,至少一个处理器501,例如CPU,存储器504和至少一个通信总线502。FIG. 5 is a block diagram showing the structure of a terminal according to another embodiment of the present invention. As shown in FIG. 5, the terminal may include at least one transceiver 503, at least one processor 501, such as a CPU, a memory 504, and at least one communication bus 502.
其中,上述通信总线502用于连接上述收发装置503、处理器501和存储器504。The communication bus 502 is configured to connect the transceiver 503, the processor 501, and the memory 504.
上述存储器504可以是高速RAM存储器,也可为非不稳定的存储器(non-volatile memory),例如磁盘存储器。上述存储器504还用于存储一组程序代码,上述收发装置503和处理器501用于调用存储器504中存储的程序代码,执行如下操作:The above memory 504 may be a high speed RAM memory or a non-volatile memory such as a disk memory. The memory 504 is further configured to store a set of program codes, and the transceiver 503 and the processor 501 are configured to call the program code stored in the memory 504, and perform the following operations:
所述收发装置503,用于从所述终端的所述TrustZone系统或所述操作系统向所述终端的安全属性切换器发送脉冲,其中,所述安全属性切换器的输出端与所述终端的总线桥接装置的输入端相连;The transceiver device 503 is configured to send a pulse from the TrustZone system or the operating system of the terminal to a security attribute switcher of the terminal, where an output end of the security attribute switcher and the terminal The input ends of the bus bridge devices are connected;
所述处理器501,用于控制所述安全属性切换器根据所述收发装置发送的所述脉冲更改对所述总线桥接装置的输入信号,以供更改与所述终端相连的外设设备的安全属性。The processor 501 is configured to control the security attribute switcher to change an input signal to the bus bridge device according to the pulse sent by the transceiver device, to change the security of the peripheral device connected to the terminal. Attributes.
在上述技术方案中,优选地,所述终端连接有一个或多个所述外设设备, 每个所述外设设备通过所述终端的总线上的对应的端口连接至所述终端。In the above technical solution, preferably, the terminal is connected to one or more of the peripheral devices, Each of the peripheral devices is connected to the terminal through a corresponding port on a bus of the terminal.
在上述技术方案中,优选地,所述处理器501在所述控制所述安全属性切换器根据所述脉冲更改对所述总线桥接装置的输入信号步骤之前,还用于:In the above technical solution, preferably, the processor 501 is further configured to: before the step of controlling the security attribute switcher to change an input signal to the bus bridge device according to the pulse:
在所述终端连接的一个或多个所述外设设备中确定需要切换所述安全属性的目标外设设备。Determining, in one or more of the peripheral devices connected to the terminal, a target peripheral device that needs to switch the security attribute.
在上述技术方案中,优选地,所述处理器501控制所述安全属性切换器根据所述脉冲更改对所述总线桥接装置的输入信号的步骤具体包括:In the above technical solution, preferably, the step of the processor 501 controlling the security attribute switcher to change an input signal to the bus bridge device according to the pulse specifically includes:
根据所述脉冲,更改所述安全属性切换器的输出端的电平;Changing the level of the output of the safety attribute switcher according to the pulse;
根据更改后的所述输出端的所述电平,更改所述目标外设设备对应的与所述输出端相连的所述端口的所述输入信号,以供更改所述目标外设设备的安全属性。Changing the input signal of the port connected to the output terminal corresponding to the target peripheral device to change a security attribute of the target peripheral device according to the changed level of the output terminal .
在上述技术方案中,优选地,所述外设设备的所述安全属性包括安全或非安全。In the above technical solution, preferably, the security attribute of the peripheral device includes security or non-security.
通过该技术方案,由安全属性切换器更改外设设备的安全属性,节省了总线上的外设槽位,同时,避免了使用应用层的软件控制关键设备带来的不安全的弊端,大大提升了终端的安全性。Through this technical solution, the security attribute switcher changes the security attributes of the peripheral device, which saves the peripheral slots on the bus, and at the same time, avoids the disadvantages of using the application layer software to control the insecure of the key device, and greatly improves The security of the terminal.
在本发明中,术语“多个”表示两个或两个以上;术语“相连”、“连接”等均应做广义理解,例如,可以是固定连接,也可以是可拆卸连接,或一体地连接;可以是直接相连,也可以通过中间媒介间接相连。对于本领域的普通技术人员而言,可以根据具体情况理解上述术语在本发明中的具体含义。In the present invention, the term "plurality" means two or more; the terms "connected", "connected" and the like are to be understood broadly, and may be, for example, a fixed connection, a detachable connection, or an integral Connections; they can be connected directly or indirectly through intermediate media. For those skilled in the art, the specific meanings of the above terms in the present invention can be understood on a case-by-case basis.
以上结合附图详细说明了本发明的技术方案,通过本发明的技术方案,在切换系统的同时由安全属性切换器更改外设设备的安全属性,节省了总线上的外设槽位,同时,避免了使用应用层的软件控制关键设备带来的不安全的弊端,大大提升了终端的安全性。The technical solution of the present invention is described in detail above with reference to the accompanying drawings. By the technical solution of the present invention, the security attribute of the peripheral device is changed by the security attribute switcher while the system is switched, thereby saving the peripheral slot on the bus. It avoids the disadvantages of using the application layer software to control the insecure of key devices, and greatly improves the security of the terminal.
以上仅为本发明的优选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保 护范围之内。 The above are only the preferred embodiments of the present invention, and are not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and principles of the present invention shall be included in the protection of the present invention. Within the scope of protection.

Claims (15)

  1. 一种安全属性切换方法,用于具有TrustZone系统和操作系统的终端,其特征在于,包括:A security attribute switching method for a terminal having a TrustZone system and an operating system, comprising:
    从所述终端的所述TrustZone系统或所述操作系统向所述终端的安全属性切换器发送脉冲,其中,所述安全属性切换器的输出端与所述终端的总线桥接装置的输入端相连;Transmitting a pulse from the TrustZone system or the operating system of the terminal to a security attribute switcher of the terminal, wherein an output end of the security attribute switcher is connected to an input end of a bus bridge device of the terminal;
    控制所述安全属性切换器根据所述脉冲更改对所述总线桥接装置的输入信号,以供更改与所述终端相连的外设设备的安全属性。Controlling the security attribute switcher to change an input signal to the bus bridge device based on the pulse for modifying a security attribute of a peripheral device connected to the terminal.
  2. 根据权利要求1所述的安全属性切换方法,其特征在于,所述终端连接有一个或多个所述外设设备,每个所述外设设备通过所述终端的总线上的对应的端口连接至所述终端。The security attribute switching method according to claim 1, wherein the terminal is connected to one or more of the peripheral devices, and each of the peripheral devices is connected through a corresponding port on a bus of the terminal. To the terminal.
  3. 根据权利要求2所述的安全属性切换方法,其特征在于,在所述控制所述安全属性切换器根据所述脉冲更改对所述总线桥接装置的输入信号之前,还包括:The security attribute switching method according to claim 2, further comprising: before the controlling the security attribute switcher to change an input signal to the bus bridge device according to the pulse,
    在所述终端连接的一个或多个所述外设设备中确定需要切换所述安全属性的目标外设设备。Determining, in one or more of the peripheral devices connected to the terminal, a target peripheral device that needs to switch the security attribute.
  4. 根据权利要求3所述的安全属性切换方法,其特征在于,所述控制所述安全属性切换器根据所述脉冲更改对所述总线桥接装置的输入信号,具体包括:The security attribute switching method according to claim 3, wherein the controlling the security attribute switcher to change an input signal to the bus bridge device according to the pulse comprises:
    根据所述脉冲,更改所述安全属性切换器的输出端的电平;Changing the level of the output of the safety attribute switcher according to the pulse;
    根据更改后的所述输出端的所述电平,更改所述目标外设设备对应的与所述输出端相连的所述端口的所述输入信号,以供更改所述目标外设设备的安全属性。Changing the input signal of the port connected to the output terminal corresponding to the target peripheral device to change a security attribute of the target peripheral device according to the changed level of the output terminal .
  5. 根据权利要求1至4中任一项所述的安全属性切换方法,其特征在于,所述外设设备的所述安全属性包括安全或非安全。The security attribute switching method according to any one of claims 1 to 4, characterized in that the security attribute of the peripheral device comprises security or non-security.
  6. 一种安全属性切换装置,用于具有TrustZone系统和操作系统的终端,其特征在于,包括:A security attribute switching device for a terminal having a TrustZone system and an operating system, comprising:
    总线,所述总线包括系统总线和外设总线,所述系统总线和所述外设 总线通过总线桥接装置相连;a bus including a system bus and a peripheral bus, the system bus and the peripheral The bus is connected by a bus bridge device;
    安全属性切换器,所述安全属性切换器的输出端连接至所述总线桥接装置的输入端,用于接收来自所述TrustZone系统或所述操作系统的脉冲,并根据所述脉冲更改对所述总线桥接装置的输入信号,以供更改与所述总线相连的外设设备的安全属性。a security attribute switcher having an output coupled to an input of the bus bridge device for receiving a pulse from the TrustZone system or the operating system and modifying the pulse according to the pulse The bus bridges the input signal of the device for modifying the security attributes of the peripheral device connected to the bus.
  7. 根据权利要求6所述的安全属性切换装置,其特征在于,所述外设总线上设置有多个端口,以供所述外设设备通过对应的所述端口连接至所述终端。The security attribute switching device according to claim 6, wherein a plurality of ports are disposed on the peripheral bus for the peripheral device to connect to the terminal through the corresponding port.
  8. 根据权利要求7所述的安全属性切换装置,其特征在于,所述安全属性切换器包括:The security attribute switching device according to claim 7, wherein the security attribute switcher comprises:
    确定单元,在所述终端连接的一个或多个所述外设设备中确定需要切换所述安全属性的目标外设设备。And determining, by the one or more of the peripheral devices connected to the terminal, a target peripheral device that needs to switch the security attribute.
  9. 根据权利要求8所述的安全属性切换装置,其特征在于,所述安全属性切换器具体用于:The security attribute switching device according to claim 8, wherein the security attribute switcher is specifically configured to:
    根据所述脉冲,更改所述安全属性切换器的输出端的电平,以及根据更改后的所述输出端的所述电平,更改所述目标外设设备对应的与所述输出端相连的所述端口的所述输入信号,以供更改所述目标外设设备的安全属性。Changing a level of an output of the safety attribute switch according to the pulse, and changing the corresponding to the output end corresponding to the target peripheral device according to the changed level of the output end The input signal of the port for modifying the security attributes of the target peripheral device.
  10. 根据权利要求6至9中任一项所述的安全属性切换装置,其特征在于,所述外设设备的所述安全属性包括安全或非安全。The security attribute switching device according to any one of claims 6 to 9, wherein the security attribute of the peripheral device comprises security or non-security.
  11. 一种终端,具有TrustZone系统和操作系统,其特征在于,所述终端包括通信总线、收发装置、存储器以及处理器,其中:A terminal having a TrustZone system and an operating system, wherein the terminal comprises a communication bus, a transceiver, a memory, and a processor, wherein:
    所述通信总线,用于实现所述收发装置、所述存储器以及所述处理器之间的连接通信;The communication bus is configured to implement connection communication between the transceiver device, the memory, and the processor;
    所述存储器中存储一组程序代码,且所述收发装置和所述处理器调用存储器中存储的程序代码,用于执行以下操作:The program stores a set of program codes, and the transceiver device and the processor call program code stored in the memory to perform the following operations:
    所述收发装置,用于从所述终端的所述TrustZone系统或所述操作系统向所述终端的安全属性切换器发送脉冲,其中,所述安全属性切换器的输出端与所述终端的总线桥接装置的输入端相连; The transceiver device is configured to send a pulse from the TrustZone system or the operating system of the terminal to a security attribute switcher of the terminal, where an output end of the security attribute switcher and a bus of the terminal Connecting the input ends of the bridge device;
    所述处理器,用于控制所述安全属性切换器根据所述收发装置发送的所述脉冲更改对所述总线桥接装置的输入信号,以供更改与所述终端相连的外设设备的安全属性。The processor, configured to control, by the security attribute switcher, an input signal to the bus bridge device according to the pulse sent by the transceiver device to change a security attribute of a peripheral device connected to the terminal .
  12. 根据权利要求11所述终端,其特征在于,所述终端连接有一个或多个所述外设设备,每个所述外设设备通过所述终端的总线上的对应的端口连接至所述终端。The terminal according to claim 11, wherein said terminal is connected to one or more of said peripheral devices, each of said peripheral devices being connected to said terminal through a corresponding port on a bus of said terminal .
  13. 根据权利要求12所述终端,其特征在于,所述处理器在所述控制所述安全属性切换器根据所述脉冲更改对所述总线桥接装置的输入信号步骤之前,还用于:The terminal according to claim 12, wherein said processor is further configured to: before said step of controlling said security attribute switcher to change an input signal to said bus bridge device according to said pulse;
    在所述终端连接的一个或多个所述外设设备中确定需要切换所述安全属性的目标外设设备。Determining, in one or more of the peripheral devices connected to the terminal, a target peripheral device that needs to switch the security attribute.
  14. 根据权利要求13所述终端,其特征在于,所述处理器控制所述安全属性切换器根据所述脉冲更改对所述总线桥接装置的输入信号的步骤具体包括:The terminal according to claim 13, wherein the step of the processor controlling the security attribute switch to change an input signal to the bus bridge device according to the pulse comprises:
    根据所述脉冲,更改所述安全属性切换器的输出端的电平;Changing the level of the output of the safety attribute switcher according to the pulse;
    根据更改后的所述输出端的所述电平,更改所述目标外设设备对应的与所述输出端相连的所述端口的所述输入信号,以供更改所述目标外设设备的安全属性。Changing the input signal of the port connected to the output terminal corresponding to the target peripheral device to change a security attribute of the target peripheral device according to the changed level of the output terminal .
  15. 根据权利要求11-14任一项所述终端,其特征在于,所述外设设备的所述安全属性包括安全或非安全。 The terminal according to any one of claims 11 to 14, wherein the security attribute of the peripheral device comprises security or non-security.
PCT/CN2015/080398 2015-05-20 2015-05-29 Security attribute switching method, security attribute switching apparatus and terminal WO2016183870A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510259961.9A CN105631364A (en) 2015-05-20 2015-05-20 Security property switching method, security property switching apparatus and terminal
CN201510259961.9 2015-05-20

Publications (1)

Publication Number Publication Date
WO2016183870A1 true WO2016183870A1 (en) 2016-11-24

Family

ID=56046284

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/080398 WO2016183870A1 (en) 2015-05-20 2015-05-29 Security attribute switching method, security attribute switching apparatus and terminal

Country Status (2)

Country Link
CN (1) CN105631364A (en)
WO (1) WO2016183870A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB201806465D0 (en) 2018-04-20 2018-06-06 Nordic Semiconductor Asa Memory-access controll
GB201810662D0 (en) 2018-06-28 2018-08-15 Nordic Semiconductor Asa Peripheral Access On A Secure-Aware Bus System
GB201810653D0 (en) * 2018-06-28 2018-08-15 Nordic Semiconductor Asa Secure peripheral interconnect
GB201810659D0 (en) 2018-06-28 2018-08-15 Nordic Semiconductor Asa Secure-Aware Bus System

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102063592A (en) * 2011-01-07 2011-05-18 北京工业大学 Credible platform and method for controlling hardware equipment by using same
CN102769846A (en) * 2011-05-04 2012-11-07 中国银联股份有限公司 User terminal and payment system
CN103136488A (en) * 2011-12-02 2013-06-05 三星电子株式会社 Method and apparatus for securing touch input
US20150113642A1 (en) * 2005-12-23 2015-04-23 Texas Instruments Incorporated Method and system for preventing unauthorized processor mode switches

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7290284B1 (en) * 1999-01-11 2007-10-30 Myspace Ab System for data processing a security critical activity
CN1220951C (en) * 2002-08-30 2005-09-28 联想(北京)有限公司 Realizing method of universal serial bus equipment safety switch on
CN1278248C (en) * 2004-04-29 2006-10-04 上海交通大学 Data isolation switching transmission method based on extended data bus of embedded system
CN103049715A (en) * 2013-01-04 2013-04-17 上海瑞达安全集成电路有限公司 Computer capable of controlling enabling of peripherals
CN104125216B (en) * 2014-06-30 2017-12-15 华为技术有限公司 A kind of method, system and terminal for lifting credible performing environment security

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150113642A1 (en) * 2005-12-23 2015-04-23 Texas Instruments Incorporated Method and system for preventing unauthorized processor mode switches
CN102063592A (en) * 2011-01-07 2011-05-18 北京工业大学 Credible platform and method for controlling hardware equipment by using same
CN102769846A (en) * 2011-05-04 2012-11-07 中国银联股份有限公司 User terminal and payment system
CN103136488A (en) * 2011-12-02 2013-06-05 三星电子株式会社 Method and apparatus for securing touch input

Also Published As

Publication number Publication date
CN105631364A (en) 2016-06-01

Similar Documents

Publication Publication Date Title
US10515208B2 (en) Isolation and presentation of untrusted data
EP3198516B1 (en) Method for privileged mode based secure input mechanism
US9699216B2 (en) System and method for remotely managing security and configuration of compute devices
US9178884B2 (en) Enabling access to remote entities in access controlled networks
US8863260B2 (en) Enhancing password protection
CN107431694B (en) Encryption key retrieval
US11061832B2 (en) Hacking-resistant computer design
DE112016002895T5 (en) Authentication of a multi-protocol connection
US8954747B2 (en) Protecting keystrokes received from a keyboard in a platform containing embedded controllers
WO2016183870A1 (en) Security attribute switching method, security attribute switching apparatus and terminal
CN112528257B (en) Secure debugging method and device, electronic equipment and storage medium
US20150302201A1 (en) Device and method for processing transaction request in processing environment of trust zone
KR20150045488A (en) System control
WO2014081834A2 (en) Security bypass environment for circumventing a security application in a computing environment
US20100211687A1 (en) Systems and methods for logging user input data for subsequent retrieval
BRPI0903816A2 (en) secret code protection process and a computing device
EP3044721B1 (en) Automatic pairing of io devices with hardware secure elements
US8973145B2 (en) Antivirus computing system
CN107451490B (en) TrustZone-based security authentication method, device, system and storage medium
CN202103700U (en) Double network isolation system
EP2499777B1 (en) Virtual host security profiles
JP2020508499A (en) Hacking resistant computer design
KR101098382B1 (en) System for network duplication and method thereof
CN108337240B (en) Office method, terminal and system for confidentiality work
CN104460943A (en) Energy saving computer system and application method thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15892249

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 11.04.2018)

122 Ep: pct application non-entry in european phase

Ref document number: 15892249

Country of ref document: EP

Kind code of ref document: A1