WO2017092553A1 - 用户界面切换方法和终端 - Google Patents
用户界面切换方法和终端 Download PDFInfo
- Publication number
- WO2017092553A1 WO2017092553A1 PCT/CN2016/105159 CN2016105159W WO2017092553A1 WO 2017092553 A1 WO2017092553 A1 WO 2017092553A1 CN 2016105159 W CN2016105159 W CN 2016105159W WO 2017092553 A1 WO2017092553 A1 WO 2017092553A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- interface
- hardware device
- execution environment
- display
- terminal
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 230000004044 response Effects 0.000 claims description 81
- 238000012545 processing Methods 0.000 claims description 20
- 230000001960 triggered effect Effects 0.000 claims description 19
- 238000009966 trimming Methods 0.000 claims 2
- 230000006870 function Effects 0.000 description 19
- 238000010586 diagram Methods 0.000 description 12
- 230000008569 process Effects 0.000 description 9
- 230000011664 signaling Effects 0.000 description 8
- 238000004891 communication Methods 0.000 description 7
- 230000000694 effects Effects 0.000 description 4
- 238000012806 monitoring device Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 241000699666 Mus <mouse, genus> Species 0.000 description 1
- 241000699670 Mus sp. Species 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000010897 surface acoustic wave method Methods 0.000 description 1
- 239000000725 suspension Substances 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6281—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/83—Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/84—Protecting input, output or interconnection devices output devices, e.g. displays or monitors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/031—Protect user input by software means
Definitions
- the present invention relates to communications technologies, and in particular, to a user interface switching method and a terminal.
- the existing scheme for preventing malicious programs from intercepting user input operations is to set a random keyboard, specifically by randomly disturbing the key sequence on the keyboard when the user performs an input operation (ie, the keyboard for each input operation of the user is randomly sorted). To prevent malicious programs from stealing sensitive information such as user passwords and accounts.
- the present invention provides a user interface switching method and a terminal for improving the security of user input.
- an embodiment of the present invention provides a user interface switching method, where the method is used for a terminal, a client application CA is run on the terminal, and a complex execution environment and a trusted execution ring are deployed.
- the method includes: the terminal triggers the trusted user interface TUI display request of the CA according to the first operation of the user on the CA interface of the CA, and then switches the display environment of the CA from the complex execution environment to the trusted according to the TUI display request.
- the execution environment displays the trusted application TA interface of the CA in the trusted execution environment, so that the user can input sensitive information on the TA interface.
- the malicious program running in the REE cannot access the hardware device to obtain the input operation of the user in the TEE, thereby avoiding the possibility that the user's sensitive information is stolen when the user input operation is performed by the above method, and the effective improvement is effectively improved.
- User input operation security
- the terminal includes a hardware device related to the display, and the hardware device related to the display is used to display the CA interface and the TA interface, where the foregoing
- the CA's display environment switches from a complex execution environment to a trusted execution environment, including:
- the hardware control device in the complex execution environment controls the hardware device to exit the current non-secure mode, and the non-secure mode is the corresponding operation mode of the hardware device in the complex execution environment;
- the hardware device enters the security mode by the driver in the trusted execution environment, and the first switching information is used to indicate that the hardware device has exited the non-secure mode, and the security mode is that the hardware is in the trusted execution environment. Corresponding operating mode.
- the foregoing trusted application TA interface that displays the CA in the trusted execution environment includes:
- the TA interface is displayed in a trusted execution environment by invoking a hardware device in a secure mode.
- the method further includes: switching from a current TA interface to a response interface of a to-be-processed event in a complex execution environment according to the non-security event response message, Security event response messages are triggered by pending events in a complex execution environment;
- the TA interface is redisplayed according to the response feedback message, and the response feedback message indicates that the user of the terminal completes the processing of the non-secure event through the response interface.
- This method can process non-secure events in time during the TUI display process, and has high flexibility.
- the terminal includes a hardware device related to the display, and the hardware device related to the display is used to display the CA interface and the TA interface
- the foregoing responding to the non-security event response message from the current TA interface to the response interface of the to-be-processed event in the complex execution environment includes:
- the hardware device enters the non-secure mode by the driver in the complex execution environment, the second switching information is used to indicate that the hardware device has exited the security mode, and the non-secure mode is that the hardware corresponds to the complex execution environment.
- a response interface that displays pending events in a complex execution environment by calling a hardware device that switches to non-secure mode.
- the method further includes:
- the TUI display exit request switching from the current TA interface to the CA interface, the TUI display exit request is triggered by the user's second operation on the TA interface.
- the method implements switching from a secure display to a non-secure display, which facilitates the user to perform subsequent non-secure interface operations.
- the terminal includes a hardware device related to the display, and the foregoing is switched from the current TA interface according to the TUI display exit request.
- the CA interface specifically includes:
- the hardware device controls the hardware device to exit the current security mode in the trusted execution environment, and the security mode is a corresponding operation mode of the hardware device in the trusted execution environment;
- the hardware device enters the non-secure mode by the driver in the complex execution environment, the third switching information is used to indicate that the hardware device has exited the security mode, and the non-secure mode is that the hardware corresponds to the complex execution environment.
- the CA interface is displayed in a complex execution environment by calling a hardware device that switches to non-secure mode.
- an embodiment of the present invention provides a terminal, where a client application runs on the terminal.
- CA and deployed a complex execution environment and a trusted execution environment, the terminal includes:
- a triggering module configured to trigger a trusted user interface TUI display request of the CA according to the first operation of the user on the CA interface of the CA, where the CA interface is a user interface of the CA in a complex execution environment;
- a switching module configured to switch a display environment of the CA from a complex execution environment to a trusted execution environment according to the TUI display request;
- a display module is configured to display a trusted application TA interface of the CA in a trusted execution environment, and the TA interface is used by the user of the terminal to input personal information.
- an embodiment of the present invention provides a terminal, where a client application CA is run on the terminal, and the terminal deploys a complex execution environment and a trusted execution environment, where the terminal includes: a processor, a memory, and an interface for displaying the terminal.
- a hardware device that stores a program or instruction that is used by the processor to:
- the trusted user interface TUI display request of the CA is triggered according to the first operation of the user on the CA interface of the CA, and the CA interface is a user interface of the CA in the complex execution environment;
- the hardware device is controlled to display a trusted application TA interface of the CA in a trusted execution environment, and the TA interface is used by the user of the terminal to input personal information.
- the working principle of the processor in the terminal is similar to the foregoing embodiments of the first aspect.
- the working principle of the processor in the terminal is similar to the foregoing embodiments of the first aspect.
- the working principle of the processor in the terminal is similar to the foregoing embodiments of the first aspect.
- the working principle of the processor in the terminal is similar to the foregoing embodiments of the first aspect.
- the working principle of the processor in the terminal is similar to the foregoing embodiments of the first aspect.
- the working principle of the processor in the terminal is similar to the foregoing embodiments of the first aspect.
- the working principle of the processor in the terminal is similar to the foregoing embodiments of the first aspect.
- the user interface switching method and the terminal provided by the embodiment of the present invention, after triggering the TUI display request of the CA according to the first operation of the user on the CA interface, the terminal switches the display environment of the CA from the REE to the TEE according to the TUI display request, and then Displaying the TA interface of the CA in the TEE.
- the user can perform the input operation of the sensitive information on the TA interface, and the malicious program running in the REE cannot access the hardware device to obtain the input operation of the user in the TEE, thereby
- the method avoids the possibility of the user's sensitive information being stolen when performing user input operations. Effectively improves the security of user input operations.
- Figure 1 is a schematic view of the frame structure of REE and TEE
- Embodiment 1 of a user interface switching method provided by the present invention
- FIG. 3 is a schematic diagram of user interface switching of a terminal provided by the present invention.
- Embodiment 4 is a schematic flowchart of Embodiment 2 of a user interface switching method provided by the present invention.
- FIG. 5 is a schematic flowchart of Embodiment 3 of a user interface switching method according to the present invention.
- FIG. 6 is a schematic flowchart diagram of Embodiment 4 of a user interface switching method according to the present invention.
- FIG. 7 is a schematic flowchart of Embodiment 5 of a user interface switching method according to the present invention.
- FIG. 8 is a schematic flowchart of Embodiment 6 of a user interface switching method according to the present invention.
- FIG. 9 is a schematic structural diagram of Embodiment 1 of a terminal provided by the present invention.
- Embodiment 2 is a schematic structural diagram of Embodiment 2 of a terminal provided by the present invention.
- FIG. 11 is a schematic structural diagram of Embodiment 3 of a terminal provided by the present invention.
- the terminal in the embodiment of the present invention may be a mobile phone, a personal digital assistant (PDA), a tablet computer, or the like.
- the non-secure operating environment and the secure operating environment can be deployed on the terminal.
- the non-secure operating environment is the Rich Executable Environment (REE) on the terminal, running Android, iOS, Windows Phone and other operating systems.
- the secure operating environment is Trust Executable Environment (TEE), running a secure operating system.
- the software and hardware resources of the TEE are isolated from the REE.
- the software and hardware resources on the terminal can be identified as the two execution environment states.
- the software and hardware resources identified as the security execution state can only be accessed by the TEE execution environment.
- the hardware and software resources of the non-secure execution state can be accessed by both execution environments.
- TEE constructs a secure operating environment that is isolated from REE and provides a secure execution environment for authorized trusted software.
- the interface switching method and terminal of the terminal provided by the embodiment of the present invention are directed to solving the technical problem of using a random keyboard to prevent malicious programs from intercepting user input operations in the prior art.
- FIG. 1 is a schematic diagram of the frame structure of REE and TEE.
- various customer application CAs are installed in the REE, and a REE control module and a driver module are deployed; various trusted applications TA are installed in the TEE.
- the TEE control module and the driver module are deployed; the driver modules in the REE and the TEE can access the corresponding hardware devices.
- the CA may specifically be an application software such as Alipay, a bank client, or the like, which involves input of sensitive information such as an account number and a password; the TA is a security application corresponding to the CA, and is used for inputting sensitive information involved in the CA application.
- the CA can access the TA through the REE control module and the TEE control module to achieve corresponding security operations.
- the REE control module may invoke the driver module of the REE side to drive the hardware device to exit the non-secure working mode according to the access request of the CA; after the hardware device exits the non-secure working mode, the TEE control module may invoke the TEE according to the message sent by the REE control module.
- the driver module on the side drives the hardware device to switch the working mode to implement hardware isolation from the REE, and then the corresponding TA can be called to implement the access of the CA to the TA.
- the specific functions of the REE control module, the TEE control module and the drive modules in the two operating environments can be implemented by a processor in the terminal.
- FIG. 2 is a schematic flowchart of a first embodiment of a user interface switching method according to the present invention.
- the execution body of the method may be a terminal, where the client application CA is run, and REE and TEE are deployed.
- the method provided in this embodiment includes:
- Step S11 trigger a TUI display request of the CA according to the first operation of the user on the CA interface of the CA.
- the CA interface is a user interface of the CA in the REE.
- the first operation may be a click operation of the user on the touch screen, or the user may click on the mechanical keyboard.
- Step S12 Switching the display environment of the CA from the REE to the TEE according to the TUI display request.
- the TEE is a secure operating environment
- the terminal switches the display environment of the CA from the REE to the TEE according to the TUI display request, and the various application software (including some non-malware and malware) in the REE cannot access the hardware.
- the device acquires operations in the TEE to enable secure operation functions such as TUI display.
- the display environment may be the background running environment of the CA, or may be a software environment that displays the CA. That is, the CA may only switch the software environment that displays the CA, and the running environment of the background does not change. Switching the display environment of the CA from REE to TEE can be performed only by switching the software environment for displaying the CA interface on the terminal from REE to TEE, or by switching the system running environment where the CA is located on the terminal from REE to TEE.
- Step S13 Display the TA interface of the CA in the TEE.
- the TA interface is used by the user of the terminal to input personal information, and the TA is deployed in the TEE.
- the TA corresponding to the CA can be deployed in the TEE to implement the security operation function.
- the terminal After the terminal switches the display environment of the CA from REE to TEE according to the TUI display request, the terminal provides a secure execution environment for subsequent operations; then the terminal can invoke the TA to display the TA interface in the TEE for the user to be sensitive in the TA interface. Input operation of information.
- the user's sensitive information input operation is in a secure TEE, and non-secure applications in the REE (such as malware containing malicious programs) cannot obtain the user's input operation in the TA interface, thereby preventing the user's sensitive information from being malicious.
- the possibility of program theft increases the security of user input operations.
- the processing module in the terminal may acquire the identifier of the TA corresponding to the CA that performs the first operation, such as the ID number of the TA, while acquiring the TUI display request sent by the CA; the terminal may The TA identifies the corresponding TA.
- FIG. 3 is a schematic diagram of user interface switching of a terminal provided by the present invention.
- a user performs a mobile phone number transfer operation through a payment application (ie, CA).
- a payment application ie, CA
- the terminal switches the display environment from the REE to the TEE according to the first operation, and displays the virtual keyboard in the TEE.
- the application interface ie, the TA interface
- the user confirms the transfer information, performs a password input operation on the TA interface.
- the user's password input operation is in a safe operating environment (ie TEE)
- TEE safe operating environment
- REE non-secure operating environment
- the application cannot steal the password entered by the user in the TEE, which ensures the security of the user's password input operation.
- the terminal switches the display environment of the CA from the REE to the TEE according to the TUI display request, and then displays the CA in the The TA interface in the TEE, at this time, the user can perform the input operation of the sensitive information on the TA interface, and the malicious program running in the REE cannot access the hardware device to obtain the input operation of the user in the TEE, thereby performing the user through the above method.
- the input operation avoids the possibility of the user's sensitive information being stolen, and effectively improves the security of the user input operation.
- FIG. 4 is a schematic flowchart of a second embodiment of a user interface switching method according to the present invention.
- This embodiment is a specific implementation manner of step S12 and step S13 in the foregoing embodiment shown in FIG. 2 .
- the terminal includes a hardware device related to the display, and the hardware device is used to display the CA interface and the TA interface.
- the step S12 displays the request according to the TUI. Switching the display environment of the CA from REE to TEE, including:
- Step S121 According to the TUI display request of the CA, the hardware device controls the hardware device to exit the current non-secure mode by the driver in the REE.
- the hardware device related to the display may include a display memory, a display device, a touch screen or a mechanical keyboard, and may also include a fingerprint device, a Near Field Communication (NFC) device, a Security Element (SE), and the like.
- NFC Near Field Communication
- SE Security Element
- the access modes of these devices can be configured into two modes: safe mode and non-secure mode, wherein the security mode is corresponding to the hardware in the TEE.
- the operating mode, the non-secure mode is the corresponding operating mode of the hardware device in the REE.
- the terminal deploys a driver for the hardware device related to the display in the REE (ie, the driver module on the REE side in FIG. 1 above), and the REE control module in the terminal can drive the hardware device related to the display through the driver in the REE to exit the non- Safe mode configuration.
- the REE control module in the terminal may send a signaling message to the driver in the REE, indicating that the driver drives the hardware device to exit the non-secure mode configuration; the hardware device exits the non-secure mode configuration. After that, the driver can feed back the completed signaling to the REE control module.
- Step S122 Control the hardware device to enter the security mode by the driver of the hardware device in the TEE according to the first switching information.
- the REE control module in the terminal may send a first switching information to the TEE control module, indicating that the hardware device has exited the non-secure mode.
- the terminal also deploys a driver for the hardware device related to the display in the TEE (ie, the driver module on the TEE side in FIG. 1 above).
- the TEE control module can be driven by the driver in the TEE. Display related hardware devices into safe mode configuration.
- the TEE control module may send a signaling message to the driver in the TEE, instructing the driver to drive the hardware device into the safe mode configuration; after the hardware device enters the security mode configuration, the driver may feed back to the TEE control module. Signaling.
- the display environment of the CA is also switched from REE to TEE.
- the hardware device including the display memory, the display device, and the touch screen are exemplified, and the display drive, the general purpose input output (GPIO) driver, and the touch screen driver are deployed in the REE and the TEE.
- the display driver is used to drive the display mode of the display memory and the display device, and the GPIO driver and touch screen driver are used to drive the operation mode conversion of the touch screen.
- the terminal also includes other display-related hardware devices, the corresponding driver can be added to the REE and TEE.
- step S13 displays the TA interface of the CA in the TEE, and specifically includes:
- Step S131 running a TA corresponding to the CA in the TEE.
- the TEE control module in the terminal may invoke the TA or instruct other function modules related to the display to invoke the TA to run the application in the TEE.
- Step S132 Display the TA interface in the TEE by calling a hardware device in the secure mode.
- the terminal can invoke the hardware device in the security mode at the same time as the TA is invoked, so that the hardware device displays the TA interface in the TEE, so that the user can input the sensitive information in the TA interface.
- FIG. 5 is a schematic flowchart of a method for processing a user interface according to a third embodiment of the present invention.
- the embodiment is a specific process for processing a non-security event during a TUI display process in a TEE in the foregoing embodiment.
- the method in this embodiment further includes:
- Step S21 Switch from the current TA interface to the response interface of the to-be-processed event in the REE according to the non-security event response message.
- the terminal can pause the TUI display to handle non-secure events. Specifically, after the terminal monitors the pending event, a non-security event response message triggered by the pending event is generated. At this time, the terminal needs to switch the current TA interface to the response interface of the pending event in the REE, so that the user is in the REE.
- Non-security events are handled by applications corresponding to non-security events, such as phone and alarm applications.
- the terminal can listen to the non-secure event through the internal non-secure event monitoring device, and then generate a non-security event response message.
- Step S22 Redisplay the TA interface according to the response feedback message.
- the non-secure event monitoring device may send a response feedback message to the REE control module in the terminal, where the response feedback message indicates that the user of the terminal completes the processing of the non-security event through the response interface.
- the terminal switches the display environment of the terminal from REE to TEE, and calls the TA in the TEE to redisplay the TA interface (ie, performs TUI display).
- the terminal may call the TA again by the pre-stored TA identifier currently displayed by the TUI.
- the terminal switches from the current TA interface to the response interface of the to-be-processed event in the REE according to the non-security event response message; and then, after the non-security event processing in the REE is completed, according to the response feedback message
- the TA interface is redisplayed, so that non-security events can be processed in time during the TUI display, and the flexibility is high.
- FIG. 6 is a schematic flowchart of a fourth embodiment of a user interface switching method according to the present invention.
- This embodiment is a specific implementation manner of step S21 in the foregoing embodiment shown in FIG. 5.
- step S21 is switched from the current TA interface to the response interface of the to-be-processed event in the REE according to the non-security event response message, which specifically includes :
- Step S211 triggering the TUI to display a pause request according to the non-security event response message.
- the non-security event response message may be sent to the REE control module; the REE control module triggers the TUI to display the pause request according to the received non-security event response message, and then sends the message.
- the TEE control module is instructed to instruct the TEE control module to suspend the current TUI interface display.
- Step S212 Display a pause request according to the TUI, and control the hardware device to exit the current security mode by the driver of the hardware device in the TEE.
- the TEE control module in the terminal invokes the driver in the TEE to drive the display-related hardware device to exit the security mode configuration. Similar to the above embodiment, the TEE control module can instruct the driver to drive the hardware device to exit the secure mode configuration by sending a signaling message to the driver in the TEE.
- Step S213 Control the hardware device to enter the non-secure mode by the driver of the hardware device in the REE according to the second switching information.
- the TEE control module in the terminal may send the second switching information to the REE control module, to indicate that the hardware device has exited the security mode.
- the REE control module can drive the hardware device related to the display into the non-secure mode configuration through the driver in the REE, and provide a hardware foundation for the terminal to process the non-secure event. Similar to the above embodiment, the REE control module can send a signaling message to the driver in the REE, instructing the driver to drive the hardware device into the non-secure mode configuration. At this time, the display environment of the terminal is switched from REE to TEE.
- Step S214 Display a response interface of the to-be-processed event in the REE by calling a hardware device that switches to the non-secure mode.
- the display environment of the terminal is switched from the TEE to the REE.
- the terminal can invoke the hardware device in the non-secure mode through the REE control module to display the response interface of the pending event in the REE. For the user to handle non-secure events.
- the terminal After the user processes the non-security event, the terminal needs to switch the display environment back to the TEE to continue the TUI display.
- the terminal can learn the non-secure event processing completion message through the non-secure event monitoring device, and then send a response feedback message to the REE control module in the terminal. After receiving the message, the terminal displays the terminal display environment from the terminal. REE Switching to the TEE, the TA in the TEE is invoked to continue to display the TA interface.
- the specific processing is similar to the process in which the terminal switches the display environment of the CA from the REE to the TEE in the embodiment shown in FIG. 4, and details are not described herein again.
- FIG. 7 is a schematic flowchart of Embodiment 5 of a user interface switching method according to the present invention.
- This embodiment is a specific processing procedure after the terminal completes the TUI display.
- the method in this embodiment further includes:
- Step S14 Display an exit request according to the TUI, and switch from the current TA interface to the CA interface.
- the TUI display ends.
- the terminal can switch the display environment back to REE for the next CA operation.
- the TA may generate a TUI display exit request according to the second operation, and the request is used. The terminal is instructed to exit the TUI display.
- the terminal can exit the current TA interface according to the TUI display exit request, call the CA after switching the display environment of the CA from the REE to the TEE, and display the CA interface in the REE.
- the terminal invoking the CA may be implemented in the following two manners: First, the REE control module in the terminal may obtain the identifier of the CA for performing the first operation, such as the ID number of the CA, while obtaining the TUI display request. And storing the CA identifier; after the terminal exits the TUI display, the CA can be invoked according to the CA identifier.
- the second type the TEE control module in the terminal may obtain the identifier of the CA corresponding to the TA that performs the second operation by the user, and obtain the CA of the CA according to the CA identifier.
- the TUI interface display ends, and the terminal operates the operating environment according to the second operation.
- the TEE switches to the REE and displays the CA interface (not shown) containing the next operation in the REE, and the user can proceed to the next step on the CA interface.
- step S14 may also be performed after step S22.
- the terminal displays the exit request according to the TUI, and switches from the current TA interface to the CA interface, thereby implementing the cut from the secure display to the non-secure display. Change, convenient for users to carry out subsequent non-secure interface operations.
- FIG. 8 is a schematic flowchart of a sixth embodiment of a user interface switching method according to the present invention.
- This embodiment is a specific implementation manner of step S14 in the foregoing embodiment shown in FIG. 7.
- step S14 is performed to switch from the current TA interface to the CA interface according to the TUI display exit request, which specifically includes:
- Step S141 Display an exit request according to the TUI, and control the hardware device to exit the current security mode by the driver of the hardware device in the TEE.
- the TEE control module in the terminal may invoke the driver in the TEE to drive the hardware device related to the display to exit the security mode configuration. Similar to the above embodiment, the TEE control module can instruct the driver to drive the hardware device to exit the secure mode configuration by sending a signaling message to the driver in the TEE.
- Step S142 Control the hardware device to enter the non-secure mode by the driver of the hardware device in the REE according to the third switching information.
- the TEE control module in the terminal may send third switching information to the REE control module, to indicate that the hardware device has exited the security mode.
- the REE control module can drive the hardware device related to the display into the non-secure mode configuration through the driver in the REE, and provide a hardware foundation for the terminal to switch from TEE to REE. Similar to the above embodiment, the REE control module can send a signaling message to the driver in the REE, instructing the driver to drive the hardware device into the non-secure mode configuration.
- Step S143 Display the CA interface in the REE by calling a hardware device that switches to the non-secure mode.
- the display environment of the CA is switched from the TEE to the REE.
- the terminal can invoke the hardware device in the non-secure mode through the REE control module, and display the CA interface in the REE for the user. Do the next step on the CA interface.
- FIG. 9 is a schematic structural diagram of a first embodiment of a terminal according to the present invention.
- a client application CA is run on the terminal, and a complex execution environment and a trusted execution environment are deployed.
- the terminal 100 in this embodiment includes: The trigger module 110, the switching module 120, and the display module 130, wherein:
- the triggering module 110 is configured to trigger a trusted user interface TUI display request of the CA according to the first operation of the user on the CA interface of the CA, where the CA interface is a user interface of the CA in the REE;
- the switching module 120 is configured to switch the display environment of the CA from the complex execution environment to the trusted execution environment according to the TUI display request.
- the display module 130 is configured to display a trusted application TA interface of the CA in a trusted execution environment, and the TA interface is used by the user of the terminal to input personal information.
- the function of the triggering module 110 in this embodiment may be implemented by the input and output device and the processor in the terminal.
- the function of the switching module 120 may be implemented by a processor in the terminal.
- the function of the display module 130 may be specifically implemented in the terminal. Processor and display device implementation.
- the terminal provided in this embodiment can perform the foregoing method embodiments, and the implementation principles and technical effects are similar, and details are not described herein again.
- the switching module 120 in the embodiment shown in FIG. 9 is further refined.
- the terminal includes a hardware device related to the display, and the hardware device related to the display is used to display the CA interface and the TA interface.
- the switching module 120 specifically includes: a non-security control unit and a security control unit, where:
- the non-secure control unit is configured to control the hardware device to exit the current non-secure mode according to the TUI display request of the CA, and the non-secure mode is the corresponding operation mode of the hardware device in the REE;
- the security control unit is configured to control the hardware device to enter the security mode according to the first switching information sent by the non-security control unit, and the first switching information is used to indicate that the hardware device has exited the non-secure mode, and the security is controlled by the driver in the TEE.
- the mode is the corresponding operating mode of the hardware in the TEE.
- the switching module 120 specifically includes: a REE control module and a TEE control module, where:
- the REE control module is configured to control the hardware device to exit the current non-secure mode according to the TUI display request of the CA, and the non-secure mode is the corresponding operation mode of the hardware device in the REE;
- a TEE control module configured to control, according to the first switching information sent by the non-secure control unit, the hardware device to enter the security mode by the driver of the hardware device in the TEE, the first switching The information is used to indicate that the hardware device has exited the non-secure mode, and the security mode is the corresponding operating mode of the hardware in the TEE.
- the functions of the non-security control unit and the REE control module may be similar to the functions of the REE control module in FIG. 1 above, and the functions of the security control unit and the TEE control module may specifically be the same as the TEE control module in FIG. 1 above.
- the function is similar.
- the function of the driver may be integrated in the switching module 120 as part of the switching module 120, and may be specifically set as needed, and the embodiment is not particularly limited.
- the functions of the non-security control unit and the REE control module are similar, and the functions of the security control unit and the TEE control module are similar.
- the non-security control unit and the security control unit are directly used to explain the present invention. Technical solutions.
- the display module 130 is specifically configured to: run a TA corresponding to the CA in the TEE; invoke a hardware device in the secure mode, and display the TA interface in the TEE.
- the switching module 120 is further configured to switch the terminal from the current TA interface to the to-be-processed event in the REE through the display module 130 according to the non-security event response message. Responding to the interface, and then instructing the display module 130 to redisplay the TA interface according to the response feedback message, wherein the non-security event response message is triggered by the pending event in the REE, and the response feedback message indicates that the user of the terminal completes the non-security event through the response interface. deal with.
- the non-security control unit is configured to send a TUI display suspension request to the security control unit according to the non-security event response message;
- a security control unit configured to display a pause request according to the TUI, and the hardware device in the TEE controls the hardware device to exit the current security mode, where the security mode is a corresponding operation mode of the hardware device in the TEE;
- the non-secure control unit is further configured to control the hardware device to enter the non-secure mode by the driver of the hardware device in the REE according to the second switching information sent by the security control unit, and then instruct the display module 130 to invoke the hardware device that switches to the non-secure mode. , displays the response interface of the pending event in the REE.
- the second switching information is used to indicate that the hardware device has exited the security mode, and the non-secure mode is the corresponding operating mode of the hardware in the REE.
- the switching module 120 is further configured to: according to the TUI display exit request, instruct the display module 130 to switch from the current TA interface to the CA interface, and the TUI display exit request is triggered.
- Module 110 is triggered based on the user's second operation on the TA interface.
- the security control unit is configured to display the exit request according to the TUI, and the hardware device controls the hardware device to exit the current security mode by using the hardware device in the TEE.
- the security mode is the hardware device in the TEE. Corresponding operating mode;
- a non-security control unit configured to control the hardware device to enter the non-secure mode by the driver of the hardware device in the REE according to the third switching information sent by the security control unit, and then instruct the display module 130 to invoke the hardware device that switches to the non-secure mode,
- the CA interface is displayed in the REE.
- the third switching information is used to indicate that the hardware device has exited the security mode, and the non-secure mode is the corresponding operating mode of the hardware in the REE.
- the terminal provided by the embodiment of the present invention can perform the foregoing method embodiments, and the implementation principle and technical effects are similar, and details are not described herein again.
- the backend trigger module 110, the switch module 120, and the display module 130 may be executable by the processor in memory.
- the program or instructions are implemented (in other words, by a processor and a special instruction in a memory coupled to the processor); in another implementation, the backend trigger module 110, the switching module 120, and The display module 130 can also be implemented by a dedicated circuit.
- the backend triggering module 110, the switching module 120, and the display module 130 can also be used.
- the field-programmable gate array (FPGA) is implemented by a field-programmable gate array (FPGA).
- FPGA field-programmable gate array
- the present invention includes but is not limited to the foregoing implementation manner, and it should be understood that The solution of the idea is to fall within the scope protected by the embodiments of the present invention.
- the disclosed apparatus and method may be implemented in other manners.
- the device embodiments described above are merely illustrative.
- the division of the modules or units is only a logical function division.
- there may be another division manner for example, multiple units or components may be used. Combine or Can be integrated into another system, or some features can be ignored or not executed.
- the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
- the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
- each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
- the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
- FIG. 10 is a schematic structural diagram of a second embodiment of a terminal provided by the present invention.
- a client application CA is run on the terminal, and a complex execution environment and a trusted execution environment are deployed.
- the terminal 200 in this embodiment includes: At least one processor 210, memory 220, at least one network interface 230 or other user interface 240, at least one communication bus 250, hardware device 260 for displaying the interface of the terminal.
- the terminal device 200 optionally includes a user interface 240, including a display (eg, a touch screen, LCD, CRT, Holographic or Projector, etc.), a keyboard or a pointing device (eg, a mouse, a trackball) , touch panel or touch screen, etc.).
- a display eg, a touch screen, LCD, CRT, Holographic or Projector, etc.
- a keyboard or a pointing device eg, a mouse, a trackball
- touch panel or touch screen etc.
- Memory 220 can include read only memory and random access memory and provides instructions and data to processor 210.
- memory 220 stores elements, executable modules or data structures, or a subset thereof, or their extension set:
- the operating system 221 includes various system programs, such as the REE driver module, the TEE driver module, and the driver modules on both sides shown in FIG. 1 for implementing various basic services and processing hardware-based tasks;
- Application module 222 including various applications, such as CA and TA shown in FIG. Etc., used to implement various application services.
- the hardware device 260 for displaying the interface of the terminal may include a display memory, a display device, a touch screen, and the like.
- the processor 210 by calling a program or instruction stored in the memory 220, the processor 210 is configured to:
- the trusted user interface TUI display request of the CA is triggered according to the first operation of the user on the CA interface of the CA, and the CA interface is a user interface of the CA in the complex execution environment;
- the control hardware device 260 displays the trusted application TA interface of the CA in the trusted execution environment, and the TA interface is used by the user of the terminal to input personal information.
- the processor 210 is specifically configured to:
- the hardware control device in the complex execution environment controls the hardware device to exit the current non-secure mode, and the non-secure mode is the corresponding operation mode of the hardware device in the complex execution environment;
- the hardware device enters the security mode by the driver in the trusted execution environment, and the first switching information is used to indicate that the hardware device has exited the non-secure mode, and the security mode is that the hardware is in the trusted execution environment. Corresponding operating mode.
- the processor 210 is specifically configured to:
- the hardware device in safe mode is called and the TA interface is displayed in the trusted execution environment.
- the processor 210 is further configured to: switch the terminal from the current TA interface to the response interface of the to-be-processed event in the complex execution environment by using the hardware device 260 according to the non-security event response message, and then respond according to the response.
- the feedback message control hardware device 260 redisplays the TA interface; wherein the non-secure event response message is triggered by the pending event in the complex execution environment; the response feedback message indicates that the user of the terminal completes the processing of the non-secure event through the response interface.
- the processor 210 is specifically configured to:
- the hardware device enters the non-secure mode by the driver in the complex execution environment, and then calls the hardware device switched to the non-secure mode to display a response interface of the to-be-processed event in the complex execution environment;
- the second switching information is used to indicate that the hardware device has exited the security mode, and the non-secure mode is a corresponding operating mode of the hardware in the complex execution environment.
- the processor 210 is further configured to:
- the terminal is switched from the current TA interface to the CA interface by the hardware device 260, and the TUI display exit request is triggered by the trigger module according to the second operation of the user on the TA interface.
- the processor 210 is specifically configured to:
- the hardware device controls the hardware device to exit the current security mode in the trusted execution environment, and the security mode is a corresponding operation mode of the hardware device in the trusted execution environment;
- the hardware device enters the non-secure mode by the driver in the complex execution environment by the hardware device, and then calls the hardware device switched to the non-secure mode to display the CA interface in the complex execution environment; wherein, the third switch The information is used to indicate that the hardware device has exited the secure mode, and the non-secure mode is the corresponding operating mode of the hardware in the complex execution environment.
- the terminal provided in this embodiment can perform the foregoing method embodiments, and the implementation principles and technical effects are similar, and details are not described herein again.
- FIG. 11 is a schematic structural diagram of Embodiment 3 of a terminal provided by the present invention, where a terminal runs As shown in FIG. 11, the terminal 300 in this embodiment includes: a radio frequency (RF) circuit 310, a memory 320, an input unit 330, and a display unit. 340, sensor 350, audio circuit 360, wireless fidelity (WiFi) module 370, processor 380, and power supply 390 and the like.
- RF radio frequency
- terminal 300 Specific components of the terminal 300 will be specifically described below with reference to FIG.
- the processor 380 can implement the functions of the functional modules included in the terminal shown in FIG. 9 .
- the processor 380 is configured to:
- the trusted user interface TUI display request of the CA is triggered according to the first operation of the user on the CA interface of the CA, and the CA interface is a user interface of the CA in the complex execution environment;
- the control related hardware device displays the trusted application TA interface of the CA in the trusted execution environment, and the TA interface is used by the user of the terminal to input personal information.
- the processor 380 is specifically configured to:
- the hardware device in the complex execution environment is controlled to exit the current non-secure mode by the hardware device related to the display, and the non-secure mode is a corresponding operation mode of the hardware device in the complex execution environment;
- the hardware device enters the security mode by the driver in the trusted execution environment, and the first switching information is used to indicate that the hardware device has exited the non-secure mode, and the security mode is that the hardware is in the trusted execution environment. Corresponding operating mode.
- the processor 380 is specifically configured to:
- the hardware device in safe mode is called and the TA interface is displayed in the trusted execution environment.
- the hardware device related to the display includes the above-mentioned input unit 330, the display unit 340, and other display-related devices such as memory related to the display in the memory 320.
- the processor 380 is further configured to: switch the terminal from the current TA interface to the response interface of the to-be-processed event in the complex execution environment by using the hardware device according to the non-security event response message, and then respond to the response according to the response.
- the message control hardware device redisplays the TA interface; wherein the non-security event response message is triggered by the pending event in the complex execution environment; the response feedback message indicates that the user of the terminal completes the processing of the non-security event through the response interface.
- the processor 380 is specifically configured to:
- the hardware device enters the non-secure mode by the driver in the complex execution environment, and then calls the hardware device switched to the non-secure mode to display a response interface of the to-be-processed event in the complex execution environment;
- the second switching information is used to indicate that the hardware device has exited the security mode, and the non-secure mode is a corresponding operating mode of the hardware in the complex execution environment.
- the processor 380 is further configured to:
- the terminal is switched from the current TA interface to the CA interface by the hardware device, and the TUI display exit request is triggered by the trigger module according to the second operation of the user on the TA interface.
- the processor 380 is specifically configured to:
- the hardware device controls the hardware device to exit the current security mode in the trusted execution environment, and the security mode is a corresponding operation mode of the hardware device in the trusted execution environment;
- the hardware device enters the non-secure mode by the driver in the complex execution environment by the hardware device, and then calls the hardware device switched to the non-secure mode to display the CA interface in the complex execution environment; wherein, the third switch Information is used to indicate hardware devices The safe mode has been exited, and the non-secure mode is the corresponding operating mode of the hardware in the complex execution environment.
- the memory 320 can be the memory of the terminal 300 or the memory and external memory of the terminal 300.
- the memory 320 includes NVRAM nonvolatile memory, DRAM dynamic random access memory, SRAM static random access memory, flash memory, and a hard disk, an optical disk, a USB disk, a floppy disk, or a tape drive.
- the input unit 330 can be configured to receive input numeric or character information, such as a kanji string or a letter string input by a user, and generate a signal input related to user settings and function control of the terminal 300.
- the input unit 330 may include a touch panel 331.
- the touch panel 331 also referred to as a touch screen, can collect touch operations on or near the user (such as the user's operation on the touch panel 331 or the touch panel 331 by using any suitable object or accessory such as a finger, a stylus, or the like. ), and drive the corresponding connection device according to a preset program.
- the touch panel 331 can include two parts: a touch detection device and a touch controller.
- the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information.
- the processor 380 is provided and can receive commands from the processor 380 and execute them.
- the touch panel 331 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic waves.
- the input unit 330 may further include other input devices 332, which may include, but are not limited to, physical keyboards, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like. One or more of them.
- the terminal 300 may further include a display unit 340 that can be used to display information input by the user or information provided to the user and various menu interfaces of the terminal 300.
- the display unit 340 may include a display panel 341.
- the display may be configured in the form of a liquid crystal display (LCD) or an organic light-emitting diode (OLED). Panel 641.
- LCD liquid crystal display
- OLED organic light-emitting diode
- the touch panel 331 covers the display panel 641 to form a touch display screen.
- the touch display screen detects a touch operation on or near the touch display screen, the touch display screen transmits to the processor 380 to determine the type of the touch event.
- the processor 380 then provides a corresponding visual output on the touch display based on the type of touch event.
- the touch display screen includes an application interface display area and a common control display area.
- the arrangement manner of the application interface display area and the display area of the common control is not limited, and the arrangement manner of the two display areas can be distinguished by up-and-down arrangement, left-right arrangement, and the like.
- the application interface display area can be used to display the interface of the application. Each interface can contain at least one application interface and/or interface elements such as desktop controls.
- the application interface display area can also be an empty interface that does not contain any content.
- the common control display area is used to display controls with high usage, such as setting buttons, interface numbers, scroll bars, phone book icons, and the like.
- the processor 380 is a control center of the terminal 300, and connects various parts of the entire terminal by various interfaces and lines, and executes various kinds of the terminal 300 by running or executing software programs and/or modules and data stored in the memory 320.
- the function and processing data are used to perform overall monitoring of the terminal 300.
- the processor 380 can include one or more processing units.
- the terminal provided in this embodiment can perform the foregoing method embodiments, and the implementation principles and technical effects are similar, and details are not described herein again.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Mathematical Physics (AREA)
- Radar, Positioning & Navigation (AREA)
- Remote Sensing (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- User Interface Of Digital Computer (AREA)
- Telephone Function (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (21)
- 一种用户界面切换方法,所述方法用于终端,所述终端上运行有客户应用CA,其特征在于,所述终端部署了复杂执行环境和可信执行环境,所述方法包括:根据用户在所述CA的CA界面上的第一操作,触发所述CA的可信用户界面TUI显示请求,所述CA界面为所述CA在所述复杂执行环境中的用户界面;根据所述TUI显示请求,将所述CA的显示环境从所述复杂执行环境切换到所述可信执行环境;显示所述CA在所述可信执行环境中的可信应用TA界面,所述TA界面被所述终端的用户用于输入个人信息。
- 根据权利要求1所述的方法,其特征在于,所述终端包括与显示相关的硬件设备,所述与显示相关的硬件设备用于显示所述CA界面和所述TA界面,所述根据所述TUI显示请求,将所述CA的显示环境从所述复杂执行环境切换到所述可信执行环境,包括:根据所述CA的TUI显示请求,通过所述硬件设备在所述复杂执行环境中的驱动程序控制所述硬件设备退出当前的非安全模式,所述非安全模式为所述硬件设备在所述复杂执行环境中对应的运行模式;根据第一切换信息,通过所述硬件设备在所述可信执行环境中的驱动程序控制所述硬件设备进入安全模式,所述第一切换信息用于指示所述硬件设备已退出所述非安全模式,所述安全模式为所述硬件在所述可信执行环境中对应的运行模式。
- 根据权利要求2所述的方法,其特征在于,所述显示所述CA在所述可信执行环境中的可信应用TA界面,包括:在所述可信执行环境中运行与所述CA对应的TA;通过调用处于安全模式的所述硬件设备,在所述可信执行环境中显示所述TA界面。
- 根据权利要求1所述的方法,其特征在于,所述方法还包括:根据非安全事件响应消息从所述TA界面切换到所述复杂执行环境中的待处理事件的响应界面,所述非安全事件响应消息是由所述复杂执行 环境中的待处理事件触发的;根据响应反馈消息重新显示所述TA界面,所述响应反馈消息表示所述终端的用户通过所述响应界面完成所述非安全事件的处理。
- 根据权利要求4所述的方法,其特征在于,所述终端包括与显示相关的硬件设备,所述与显示相关的硬件设备用于显示所述CA界面和所述TA界面,所述根据非安全事件响应消息从所述TA界面切换到所述复杂执行环境中的待处理事件的响应界面,具体包括:根据所述非安全事件响应消息触发TUI显示暂停请求;根据所述TUI显示暂停请求,通过所述硬件设备在所述可信执行环境中的驱动程序控制所述硬件设备退出当前的安全模式,所述安全模式为所述硬件设备在所述可信执行环境中对应的运行模式;根据第二切换信息,通过所述硬件设备在所述复杂执行环境中的驱动程序控制所述硬件设备进入非安全模式,所述第二切换信息用于指示所述硬件设备已退出所述安全模式,所述非安全模式为所述硬件在所述复杂执行环境中对应的运行模式;通过调用切换到非安全模式的所述硬件设备,显示所述复杂执行环境中的待处理事件的响应界面。
- 根据权利要求1-5任一项所述的方法,其特征在于,所述方法还包括:根据TUI显示退出请求,从当前的TA界面切换到所述CA界面,所述TUI显示退出请求是由所述用户在所述TA界面上的第二操作触发的。
- 根据权利要求6所述的方法,其特征在于,所述终端包括与显示相关的硬件设备,所述与显示相关的硬件设备用于显示所述CA界面和所述TA界面,所述根据TUI显示退出请求,从当前的TA界面切换到所述CA界面,具体包括:根据所述TUI显示退出请求,通过所述硬件设备在所述可信执行环境中的驱动程序控制所述硬件设备退出当前的安全模式,所述安全模式为所述硬件设备在所述可信执行环境中对应的运行模式;根据第三切换信息,通过所述硬件设备在所述复杂执行环境中的驱动程序控制所述硬件设备进入非安全模式,所述第三切换信息用于指示 所述硬件设备已退出所述安全模式,所述非安全模式为所述硬件在所述复杂执行环境中对应的运行模式;通过调用切换到非安全模式的所述硬件设备,在所述复杂执行环境中显示所述CA界面。
- 一种终端,所述终端上运行有客户应用CA,其特征在于,所述终端部署了复杂执行环境和可信执行环境,所述终端包括:触发模块,用于根据用户在所述CA的CA界面上的第一操作,触发所述CA的可信用户界面TUI显示请求,所述CA界面为所述CA在所述复杂执行环境中的用户界面;切换模块,用于根据所述TUI显示请求,将所述CA的显示环境从所述复杂执行环境切换到所述可信执行环境;显示模块,用于显示所述CA在所述可信执行环境中的可信应用TA界面,所述TA界面被所述终端的用户用于输入个人信息。
- 根据权利要求8所述的终端,其特征在于,所述终端还包括与显示相关的硬件设备,在所述根据所述TUI显示请求,将所述CA的显示环境从所述复杂执行环境切换到所述可信执行环境的方面,所述切换模块,具体用于:根据所述CA的TUI显示请求,通过所述硬件设备在所述复杂执行环境中的驱动程序控制所述硬件设备退出当前的非安全模式,所述非安全模式为所述硬件设备在所述复杂执行环境中对应的运行模式;根据所述第一切换信息,通过所述硬件设备在所述可信执行环境中的驱动程序控制所述硬件设备进入安全模式,所述第一切换信息用于指示所述硬件设备已退出所述非安全模式,所述安全模式为所述硬件在所述可信执行环境中对应的运行模式。
- 根据权利要求9所述的终端,其特征在于,在所述显示所述CA在所述可信执行环境中的可信应用TA界面的方面,所述显示模块,具体用于:在所述可信执行环境中运行与所述CA对应的TA;调用处于安全模式的所述硬件设备,在所述可信执行环境中显示所述TA界面。
- 根据权利要求8所述的终端,其特征在于,所述切换模块,还用于根据非安全事件响应消息通过所述显示模块将所述终端从当前的TA界面切换到所述复杂执行环境中的待处理事件的响应界面,然后根据响应反馈消息指示所述显示模块重新显示所述TA界面;其中,所述非安全事件响应消息是由所述复杂执行环境中的待处理事件触发的;所述响应反馈消息表示所述终端的用户通过所述响应界面完成所述非安全事件的处理。
- 根据权利要求11所述的终端,其特征在于,所述终端包括与显示相关的硬件设备,所述与显示相关的硬件设备用于显示所述CA界面和所述TA界面,所述切换模块,具体用于:根据所述非安全事件响应消息触发TUI显示暂停请求;根据所述TUI显示暂停请求,通过所述硬件设备在所述可信执行环境中的驱动程序控制所述硬件设备退出当前的安全模式,所述安全模式为所述硬件设备在所述可信执行环境中对应的运行模式;根据所述第二切换信息,通过所述硬件设备在所述复杂执行环境中的驱动程序控制所述硬件设备进入非安全模式,然后指示所述显示模块调用切换到非安全模式的所述硬件设备,显示所述复杂执行环境中的待处理事件的响应界面;其中,所述第二切换信息用于指示所述硬件设备已退出所述安全模式,所述非安全模式为所述硬件在所述复杂执行环境中对应的运行模式。
- 根据权利要求8-12任一项所述的终端,其特征在于,所述切换模块,还用于:根据TUI显示退出请求,通过所述显示模块将所述终端从当前的TA界面切换到所述CA界面,所述TUI显示退出请求是所述触发模块根据所述用户在所述TA界面上的第二操作触发的。
- 根据权利要求13所述的终端,其特征在于,所述终端包括与显示相关的硬件设备,在所述根据TUI显示退出请求,从当前的TA界面切换到所述CA界面的方面,所述切换模块,具体用于:根据所述TUI显示退出请求,通过所述硬件设备在所述可信执行环境中的驱动程序控制所述硬件设备退出当前的安全模式,所述安全模式 为所述硬件设备在所述可信执行环境中对应的运行模式;根据所述第三切换信息,通过所述硬件设备在所述复杂执行环境中的驱动程序控制所述硬件设备进入非安全模式,然后指示所述显示模块调用切换到非安全模式的所述硬件设备,在所述复杂执行环境中显示所述CA界面;其中,所述第三切换信息用于指示所述硬件设备已退出所述安全模式,所述非安全模式为所述硬件在所述复杂执行环境中对应的运行模式。
- 一种终端,所述终端上运行有客户应用CA,其特征在于,所述终端部署了复杂执行环境和可信执行环境,所述终端包括:处理器、存储器和用于显示所述终端的界面的硬件设备,所述存储器存储程序或指令,所述处理器通过调用所述存储器存储的程序或指令,用于:根据用户在所述CA的CA界面上的第一操作,触发所述CA的可信用户界面TUI显示请求,所述CA界面为所述CA在所述复杂执行环境中的用户界面;根据所述TUI显示请求,将所述CA的显示环境从所述复杂执行环境切换到所述可信执行环境;控制所述硬件设备显示所述CA在所述可信执行环境中的可信应用TA界面,所述TA界面被所述终端的用户用于输入个人信息。
- 根据权利要求15所述的终端,其特征在于,在所述根据所述TUI显示请求,将所述CA的显示环境从所述复杂执行环境切换到所述可信执行环境的方面,所述处理器,具体用于:根据所述CA的TUI显示请求,通过所述硬件设备在所述复杂执行环境中的驱动程序控制所述硬件设备退出当前的非安全模式,所述非安全模式为所述硬件设备在所述复杂执行环境中对应的运行模式;根据所述第一切换信息,通过所述硬件设备在所述可信执行环境中的驱动程序控制所述硬件设备进入安全模式,所述第一切换信息用于指示所述硬件设备已退出所述非安全模式,所述安全模式为所述硬件在所述可信执行环境中对应的运行模式。
- 根据权利要求16所述的终端,其特征在于,在所述显示所述CA在所述可信执行环境中的可信应用TA界面的方面,所述处理器,具体用 于:在所述可信执行环境中运行与所述CA对应的TA;调用处于安全模式的所述硬件设备,在所述可信执行环境中显示所述TA界面。
- 根据权利要求15所述的终端,其特征在于,所述处理器,还用于根据非安全事件响应消息通过所述硬件设备将所述终端从当前的TA界面切换到所述复杂执行环境中的待处理事件的响应界面,然后根据响应反馈消息控制所述硬件设备重新显示所述TA界面;其中,所述非安全事件响应消息是由所述复杂执行环境中的待处理事件触发的;所述响应反馈消息表示所述终端的用户通过所述响应界面完成所述非安全事件的处理。
- 根据权利要求18所述的终端,其特征在于,所述处理器,具体用于:根据所述非安全事件响应消息触发TUI显示暂停请求;根据所述TUI显示暂停请求,通过所述硬件设备在所述可信执行环境中的驱动程序控制所述硬件设备退出当前的安全模式,所述安全模式为所述硬件设备在所述可信执行环境中对应的运行模式;根据所述第二切换信息,通过所述硬件设备在所述复杂执行环境中的驱动程序控制所述硬件设备进入非安全模式,然后调用切换到非安全模式的所述硬件设备,显示所述复杂执行环境中的待处理事件的响应界面;其中,所述第二切换信息用于指示所述硬件设备已退出所述安全模式,所述非安全模式为所述硬件在所述复杂执行环境中对应的运行模式。
- 根据权利要求15-19任一项所述的终端,其特征在于,所述处理器,还用于:根据TUI显示退出请求,通过所述硬件设备将所述终端从当前的TA界面切换到所述CA界面,所述TUI显示退出请求是所述触发模块根据所述用户在所述TA界面上的第二操作触发的。
- 根据权利要求20所述的终端,其特征在于,所述终端包括与显示相关的硬件设备,在所述根据TUI显示退出请求,从当前的TA界面切 换到所述CA界面的方面,所述处理器,具体用于:根据所述TUI显示退出请求,通过所述硬件设备在所述可信执行环境中的驱动程序控制所述硬件设备退出当前的安全模式,所述安全模式为所述硬件设备在所述可信执行环境中对应的运行模式;根据所述第三切换信息,通过所述硬件设备在所述复杂执行环境中的驱动程序控制所述硬件设备进入非安全模式,然后调用切换到非安全模式的所述硬件设备,在所述复杂执行环境中显示所述CA界面;其中,所述第三切换信息用于指示所述硬件设备已退出所述安全模式,所述非安全模式为所述硬件在所述复杂执行环境中对应的运行模式。
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
BR112018010716-6A BR112018010716B1 (pt) | 2015-11-30 | 2016-11-09 | Método de comutação de interface de usuário, terminal, mídia não transitória legível por computador, e produto de programa de computador |
EP19195771.1A EP3663954A1 (en) | 2015-11-30 | 2016-11-09 | User interface switching method and terminal |
EP16869863.7A EP3376425B1 (en) | 2015-11-30 | 2016-11-09 | User interface switching method and terminal |
US15/991,693 US11003745B2 (en) | 2015-11-30 | 2018-05-29 | User interface switching method and terminal |
US17/223,414 US11874903B2 (en) | 2015-11-30 | 2021-04-06 | User interface switching method and terminal |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510859719.5 | 2015-11-30 | ||
CN201510859719.5A CN105528554B (zh) | 2015-11-30 | 2015-11-30 | 用户界面切换方法和终端 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/991,693 Continuation US11003745B2 (en) | 2015-11-30 | 2018-05-29 | User interface switching method and terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017092553A1 true WO2017092553A1 (zh) | 2017-06-08 |
Family
ID=55770774
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2016/105159 WO2017092553A1 (zh) | 2015-11-30 | 2016-11-09 | 用户界面切换方法和终端 |
Country Status (4)
Country | Link |
---|---|
US (2) | US11003745B2 (zh) |
EP (2) | EP3376425B1 (zh) |
CN (2) | CN110059500A (zh) |
WO (1) | WO2017092553A1 (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11948233B2 (en) | 2019-10-24 | 2024-04-02 | Huawei Technologies Co., Ltd. | Image display method and electronic device |
CN117808474A (zh) * | 2024-03-01 | 2024-04-02 | 花瓣支付(深圳)有限公司 | 可信用户界面的显示方法、设备、可读存储介质及芯片 |
Families Citing this family (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110059500A (zh) * | 2015-11-30 | 2019-07-26 | 华为技术有限公司 | 用户界面切换方法和终端 |
CN105825128B (zh) * | 2016-03-15 | 2020-05-19 | 华为技术有限公司 | 一种数据输入方法、装置及用户设备 |
CN107451813B (zh) * | 2016-06-01 | 2021-05-18 | 华为终端有限公司 | 支付方法、支付设备和支付服务器 |
CN106506472B (zh) * | 2016-11-01 | 2019-08-02 | 黄付营 | 一种安全的移动终端电子认证方法及系统 |
CN106990972B (zh) * | 2017-04-13 | 2021-04-02 | 沈阳微可信科技有限公司 | 用于运行可信用户界面的方法和装置 |
WO2019028766A1 (zh) * | 2017-08-10 | 2019-02-14 | 福建联迪商用设备有限公司 | 智能终端信息安全输入的方法及其系统 |
CN107908957B (zh) * | 2017-11-03 | 2021-09-17 | 北京邮电大学 | 一种智能终端的安全运行管理方法及系统 |
CN110348252B (zh) * | 2018-04-02 | 2021-09-03 | 华为技术有限公司 | 基于信任区的操作系统和方法 |
CN108614968B (zh) * | 2018-05-04 | 2020-11-24 | 飞天诚信科技股份有限公司 | 一种在通用平台下安全交互的方法及智能终端 |
CN109214215B (zh) * | 2018-06-19 | 2021-10-26 | 中国银联股份有限公司 | 基于tee和ree的分离式切换方法及其系统 |
CN109766152B (zh) * | 2018-11-01 | 2022-07-12 | 华为终端有限公司 | 一种交互方法及装置 |
US11132440B2 (en) * | 2018-11-01 | 2021-09-28 | Foundation Of Soongsil University-Industry Cooperation | Hybrid trust execution environment based android security framework, android device equipped with the same and method of executing trust service in android device |
US11330317B2 (en) | 2018-12-28 | 2022-05-10 | Dish Network L.L.C. | Methods and systems for discovery of a processing offloader |
CN111383015B (zh) | 2018-12-29 | 2023-11-03 | 华为技术有限公司 | 交易安全处理方法、装置及终端设备 |
CN112307483A (zh) * | 2019-07-30 | 2021-02-02 | 华为技术有限公司 | 可信用户界面的显示方法及电子设备 |
CN113190869B (zh) * | 2021-05-27 | 2022-10-11 | 中国人民解放军国防科技大学 | 基于tee的强制访问控制安全增强框架性能评估方法及系统 |
CN115689553A (zh) * | 2021-07-27 | 2023-02-03 | 华为技术有限公司 | 一种支付方法、装置及终端设备 |
CN116484438B (zh) * | 2022-01-17 | 2024-07-02 | 荣耀终端有限公司 | 信息处理方法和装置 |
CN115618328B (zh) * | 2022-12-16 | 2023-06-13 | 飞腾信息技术有限公司 | 安全架构系统、安全管理方法、计算设备及可读存储介质 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140150104A1 (en) * | 2012-11-27 | 2014-05-29 | Oberthur Technologies | Electronic assembly comprising a disabling module |
CN104205112A (zh) * | 2012-04-16 | 2014-12-10 | 英特尔公司 | 可信用户交互 |
CN104376274A (zh) * | 2014-11-21 | 2015-02-25 | 北京奇虎科技有限公司 | 移动终端支付界面保护方法及装置 |
CN104424412A (zh) * | 2013-09-03 | 2015-03-18 | 北京三星通信技术研究有限公司 | 对智能终端中的信息进行保护的方法及智能终端、切换页面的方法 |
CN105528554A (zh) * | 2015-11-30 | 2016-04-27 | 华为技术有限公司 | 用户界面切换方法和终端 |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7783891B2 (en) * | 2004-02-25 | 2010-08-24 | Microsoft Corporation | System and method facilitating secure credential management |
US20100306076A1 (en) * | 2009-05-29 | 2010-12-02 | Ebay Inc. | Trusted Integrity Manager (TIM) |
DE102011012227A1 (de) * | 2011-02-24 | 2012-08-30 | Giesecke & Devrient Gmbh | Verfahren zum Datenaustausch in einer gesicherten Laufzeitumgebung |
US9183373B2 (en) * | 2011-05-27 | 2015-11-10 | Qualcomm Incorporated | Secure input via a touchscreen |
US20130145475A1 (en) * | 2011-12-02 | 2013-06-06 | Samsung Electronics Co., Ltd. | Method and apparatus for securing touch input |
KR101947651B1 (ko) * | 2012-03-21 | 2019-02-13 | 삼성전자주식회사 | 보안 모바일 웹 클라이언트 및 웹 서버 시스템 |
CN103745155A (zh) * | 2014-01-03 | 2014-04-23 | 东信和平科技股份有限公司 | 一种可信Key及其安全操作方法 |
CN104143065A (zh) | 2014-08-28 | 2014-11-12 | 北京握奇智能科技有限公司 | 安全智能终端设备、及信息处理方法 |
CN104318182B (zh) * | 2014-10-29 | 2017-09-12 | 中国科学院信息工程研究所 | 一种基于处理器安全扩展的智能终端隔离系统及方法 |
CN104392188B (zh) * | 2014-11-06 | 2017-10-27 | 三星电子(中国)研发中心 | 一种安全数据存储方法和系统 |
KR102281782B1 (ko) * | 2014-11-14 | 2021-07-27 | 삼성전자주식회사 | 무선 통신 시스템에서 단말의 어플리케이션을 원격으로 관리하는 방법 및 장치 |
CN104809413A (zh) * | 2015-05-13 | 2015-07-29 | 上海瓶钵信息科技有限公司 | 基于TrustZone技术的移动平台可信用户界面框架 |
US9842065B2 (en) * | 2015-06-15 | 2017-12-12 | Intel Corporation | Virtualization-based platform protection technology |
-
2015
- 2015-11-30 CN CN201910227682.2A patent/CN110059500A/zh active Pending
- 2015-11-30 CN CN201510859719.5A patent/CN105528554B/zh active Active
-
2016
- 2016-11-09 WO PCT/CN2016/105159 patent/WO2017092553A1/zh active Application Filing
- 2016-11-09 EP EP16869863.7A patent/EP3376425B1/en active Active
- 2016-11-09 EP EP19195771.1A patent/EP3663954A1/en not_active Withdrawn
-
2018
- 2018-05-29 US US15/991,693 patent/US11003745B2/en active Active
-
2021
- 2021-04-06 US US17/223,414 patent/US11874903B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104205112A (zh) * | 2012-04-16 | 2014-12-10 | 英特尔公司 | 可信用户交互 |
US20140150104A1 (en) * | 2012-11-27 | 2014-05-29 | Oberthur Technologies | Electronic assembly comprising a disabling module |
CN104424412A (zh) * | 2013-09-03 | 2015-03-18 | 北京三星通信技术研究有限公司 | 对智能终端中的信息进行保护的方法及智能终端、切换页面的方法 |
CN104376274A (zh) * | 2014-11-21 | 2015-02-25 | 北京奇虎科技有限公司 | 移动终端支付界面保护方法及装置 |
CN105528554A (zh) * | 2015-11-30 | 2016-04-27 | 华为技术有限公司 | 用户界面切换方法和终端 |
Non-Patent Citations (1)
Title |
---|
See also references of EP3376425A4 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11948233B2 (en) | 2019-10-24 | 2024-04-02 | Huawei Technologies Co., Ltd. | Image display method and electronic device |
CN117808474A (zh) * | 2024-03-01 | 2024-04-02 | 花瓣支付(深圳)有限公司 | 可信用户界面的显示方法、设备、可读存储介质及芯片 |
Also Published As
Publication number | Publication date |
---|---|
US11003745B2 (en) | 2021-05-11 |
CN110059500A (zh) | 2019-07-26 |
US20210224360A1 (en) | 2021-07-22 |
EP3376425B1 (en) | 2020-01-08 |
EP3376425A1 (en) | 2018-09-19 |
BR112018010716A8 (pt) | 2019-02-26 |
US11874903B2 (en) | 2024-01-16 |
CN105528554A (zh) | 2016-04-27 |
EP3663954A1 (en) | 2020-06-10 |
BR112018010716A2 (zh) | 2018-11-21 |
EP3376425A4 (en) | 2018-09-19 |
US20180276352A1 (en) | 2018-09-27 |
CN105528554B (zh) | 2019-04-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2017092553A1 (zh) | 用户界面切换方法和终端 | |
EP3764253B1 (en) | Method for quickly opening application or application function, and terminal | |
WO2018228199A1 (zh) | 一种授权方法以及相关设备 | |
WO2017152820A1 (zh) | 登录客户端的方法,装置及存储介质 | |
JP2020502657A (ja) | 認証されたログインのための方法およびデバイス | |
CN103136488A (zh) | 保护触摸输入的方法和装置 | |
WO2017157192A1 (zh) | 一种数据输入方法、装置及用户设备 | |
WO2015144066A1 (en) | Sensitive operation verification method, apparatus, and system | |
WO2017211205A1 (zh) | 一种白名单更新方法和装置 | |
CN105868617B (zh) | 一种应用程序加密方法和移动终端 | |
US20110131423A1 (en) | System and method for securing a user interface | |
WO2018082189A1 (zh) | 一种支付应用的隔离方法、装置及终端 | |
WO2016172944A1 (zh) | 终端的界面显示方法和终端 | |
CN108141497A (zh) | 一种信息交互的方法及设备 | |
WO2013149553A1 (zh) | 一种输入信息的方法、装置、终端及存储介质 | |
EP3757831B1 (en) | Fingerprint event processing method, apparatus, and terminal | |
JP6974620B2 (ja) | 通知メッセージ処理方法及び端末 | |
WO2019024882A1 (zh) | 一种自动加密短信的方法、存储设备及移动终端 | |
WO2023134376A1 (zh) | 信息处理方法和装置 | |
WO2014056319A1 (zh) | 触敏设备解锁的方法及触敏设备 | |
CN106874751A (zh) | 在系统保护模式下的输入方法、装置和移动终端 | |
US20230388110A1 (en) | Using attestation client code to attest health of a computing device | |
WO2023240436A1 (en) | Device access control | |
CN108566359B (zh) | 一种用于信息输入设备的信息输入加密方法及系统 | |
BR112018010716B1 (pt) | Método de comutação de interface de usuário, terminal, mídia não transitória legível por computador, e produto de programa de computador |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16869863 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: 112018010716 Country of ref document: BR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2016869863 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 112018010716 Country of ref document: BR Kind code of ref document: A2 Effective date: 20180525 |