WO2017148083A1 - 一种数据安全传输装置及方法 - Google Patents
一种数据安全传输装置及方法 Download PDFInfo
- Publication number
- WO2017148083A1 WO2017148083A1 PCT/CN2016/091603 CN2016091603W WO2017148083A1 WO 2017148083 A1 WO2017148083 A1 WO 2017148083A1 CN 2016091603 W CN2016091603 W CN 2016091603W WO 2017148083 A1 WO2017148083 A1 WO 2017148083A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- data
- communication signal
- processor
- dedicated communication
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/16—Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
- G06F15/163—Interprocessor communication
- G06F15/167—Interprocessor communication using a common memory, e.g. mailbox
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/12—Messaging; Mailboxes; Announcements
- H04W4/14—Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
Definitions
- the present invention relates to the field of system security technologies, and in particular, to a data security transmission apparatus and method.
- the operating system of a mobile terminal (also called a terminal device) is designed to meet certain functional requirements, not to meet a high degree of security, and because the operating system is more open, larger, and more Complex and difficult to eliminate the corresponding system vulnerabilities, causing some malicious programs that exploit system vulnerabilities to attack the application software or intercept the information of the application software, so that the security of the application software is reduced.
- the application software can be protected by firewalls, anti-virus software, etc., due to frequent system updates and the emergence of malicious programs, the application software cannot be completely protected.
- a solution is to divide the execution environment of a mobile terminal into two independent execution environments by using, for example, Trustzone technology and a central processing unit (CPU) technology: a rich execution environment.
- REE Rived Execution Environment
- TEE Trusted Execution Environment
- REE runs the currently used mobile operating system (for example, Android).
- TEE runs a secure operating system with simple functions, small code size, closed and humanized audit control, and client applications with low security requirements (Client).
- Application (CA) runs in the REE.
- the security-critical Trusted Application (TA) runs in the TEE and provides security services for the CA deployed in the mobile operating system. For example, the user is using mobile.
- the CA sends a request to the TA, and after the TA receives the request, performs a verification operation related to the payment (for example, verifying that the password is correct), and the verification succeeds.
- the result is returned to the CA, which continues the subsequent steps to prevent data (eg, the above password) from leaking.
- the TEE technology can guarantee the security of the data stored in the TEE and the security of the TA.
- the TA can actually implement the same functions as the CA. In the actual operation process, there is no big difference between the TA and the CA, and the TA Security is higher than CA.
- both TEE software and REE software run on the Application Processor (AP)
- the current TA function is only limited to providing security services to CAs, but for mobile terminals.
- the communication function is particularly important, most of the user's data needs to interact with the AP through peripherals such as modems, screens and keyboards, although the communication modem has a separate operating environment and closed software code, the screen and keyboard Can be set to secure mode, but the data transmission channel between the AP and the communication modem is also open and non-secure. Therefore, the malicious program can still intercept relevant data when transmitting data between the AP and the communication modem, causing user data leakage. Reduce the security of mobile terminals.
- Embodiments of the present invention provide a data security transmission apparatus and method for improving the security of the apparatus.
- a data security transmission apparatus includes: a dedicated communication signal processor and an application processor; and the dedicated communication signal processor is configured to send the application processor a security interrupt; the application processor for running REE software, the REE software comprising a CA running in the REE, and running TEE software under the trigger of the first security interrupt, the TEE software comprising a TA running in the TEE, and acquiring, under the driving of the TA, the dedicated communication signal processor in a shared memory of the dedicated communication signal processor and the application processor according to the first safety interrupt
- the first information to be delivered to the application processor, the security of the TEE software is higher than the REE software; the dedicated communication signal processor is further configured to receive a second security interrupt sent by the application processor Obtaining, in the shared memory, the second information that the application processor needs to pass to the dedicated communication signal processor according to the second security interrupt; the application processor is further used in the TA The second security interrupt is sent to the dedicated communication signal processor under driving.
- the device further includes: the shared memory.
- the application processor is further configured to start the TEE according to a TEE startup parameter including a value of an address used by the dedicated communication signal processor and the application processor in the shared memory.
- the device further includes: a read only memory ROM; the ROM is configured to store a startup program of the data security transmission device; and the application processor is further configured to be configured during the startup program loading process The TEE startup parameter.
- this optional method can prevent the value of the address in the shared memory used by the dedicated communication signal processor and the application processor from being leaked.
- the second information is configuration information for a parameter of the dedicated communication signal processor, and the configuration information that is transmitted by the application processor to the dedicated communication signal processor under the driving of the TA
- the priority is higher than the priority of the configuration information that the application processor communicates to the dedicated communication signal processor under the drive of the CA.
- the first information is indication information, feedback information, or first data information
- the first information is used to indicate that the application processor is configured according to the The content in the indication information performs an action corresponding to the indication information
- the first information is used to feed back the dedicated communication signal processor pair to the application processor The processing result of the second information
- the application processor is capable of processing the first data information according to the type of the first data information.
- the first data information is short message data or voice data.
- the second information is indication information, feedback information, or second data information; when the second information is indication information, the second information is used to indicate that the dedicated communication signal processor is configured according to the The content in the indication information performs an action corresponding to the indication information; when the second information is feedback information, the second information is used to feed back the application processor to the dedicated communication signal processor The processing result of the first information; when the second information is the second data information, the dedicated communication signal processor is capable of processing the second data information according to the type of the second data information.
- the second data information is lock network or lock card configuration information, data connection configuration information, or phone number information.
- the device is a portable electronic device or mobile terminal or chip or chipset.
- a second aspect provides a data security transmission method, including: a dedicated communication signal processor storing first information that needs to be transmitted to an application processor in a shared memory of the dedicated communication signal processor and the application processor;
- the dedicated communication signal processor sends a first security interrupt to the application processor; running a TEE in the application processor triggered by the first security interrupt, the TEE including running in the TEE TA, the application processor also runs REE software, the REE software includes a CA running in the REE, the security of the TEE software is higher than the REE software;
- the application processor is in the TA Driving the first information in the shared memory according to the first security interrupt; the application processor, under the driving of the TA, to transmit the second information to the dedicated communication signal processor Storing in the shared memory and transmitting a second secure interrupt to the dedicated communication signal processor;
- the dedicated communication signal processor is in the sharing according to the received second security interrupt sent by the application processor The second information is obtained in the memory.
- the application processor and the dedicated communication signal processor are both data security transmission devices, and the read-only memory ROM of the data security transmission device includes a startup program of the data security transmission device, and the method The method further includes: the application processor configuring a TEE startup parameter including a value of an address of the shared memory used by the dedicated communication signal processor and the application processor during the startup program loading process; the application The processor starts the TEE according to the TEE boot parameters.
- this optional method can prevent the value of the address in the shared memory used by the dedicated communication signal processor and the application processor from being leaked.
- the second information is configuration information for a parameter of the dedicated communication signal processor, and the configuration information that is transmitted by the application processor to the dedicated communication signal processor under the driving of the TA
- the priority is higher than the priority of the configuration information that the application processor communicates to the dedicated communication signal processor under the drive of the CA.
- the first information is the indication information, the feedback information, or the first data information.
- the first information is used to indicate that the application processor is configured according to the indication information.
- the content in the execution performs an action corresponding to the indication information;
- the first information is feedback information, the first information is used to feed back the dedicated communication signal processor to the second application to the application processor
- the processing result of the information when the first information is the first data information, the application processor is capable of processing the first data information according to the type of the first data information.
- the first data information is short message data or voice data.
- the second information is indication information, feedback information, or second data information; when the second information is indication information, the second information is used to indicate the dedicated communication signal processing. And performing, according to the content in the indication information, an action corresponding to the indication information; when the second information is feedback information, the second information is used to feed back the application processing to the dedicated communication signal processor The processing result of the first information by the device; when the second information is the second data information, the dedicated communication signal processor is capable of processing the second data information according to the type of the second data information .
- the second data information is lock network or lock card configuration information, data connection configuration information, or phone number information.
- the dedicated communication signal processor and the application processor can store information through the shared memory, and the information stored in the shared memory can be obtained by sending a security interrupt between the dedicated communication signal processor and the application processor. Therefore, a secure channel is established between the dedicated communication signal processor and the application processor, so that the dedicated communication signal processor can safely transmit data to the application processor, thereby improving the security of the terminal device.
- FIG. 1 is a schematic structural diagram of a terminal device in the prior art
- FIG. 2 is a schematic structural diagram of a data security transmission apparatus according to an embodiment of the present invention.
- FIG. 3 is a schematic structural diagram of still another data security transmission apparatus according to an embodiment of the present disclosure.
- FIG. 4 is a schematic diagram of connection between an AP, a shared memory, and a dedicated communication signal processor according to an embodiment of the present invention
- FIG. 5 is a flowchart of a data security transmission method according to an embodiment of the present invention.
- FIG. 6 is a flowchart of still another method for data security transmission according to an embodiment of the present invention.
- FIG. 7 is a flowchart of still another method for data security transmission according to an embodiment of the present invention.
- FIG. 8 is a flowchart of still another method for data security transmission according to an embodiment of the present invention.
- FIG. 9 is a flowchart of still another method for data security transmission according to an embodiment of the present invention.
- FIG. 10 is a flowchart of still another method for data security transmission according to an embodiment of the present invention.
- the AP in the embodiment of the present invention may be a CPU, and the AP may also include a CPU and a CPU peripheral hardware, and the REE software and the TEE software run on the AP.
- FIG. 1 shows a terminal device in which an EPE software and REE software are run in an AP, and the terminal device further includes a microphone, a screen, a keyboard, and dedicated communication signal processing.
- a peripheral such as a device, a TA or CA running on the AP can access the peripheral through an interface with the peripheral. It should be noted that when the TA accesses the peripheral, it triggers the peripheral to enter the safe mode.
- the terminal device also includes some necessary REE hardware and TEE hardware, etc., is not shown in the figure.
- the security of the TEE software or environment is higher than that of the REE software or environment, so the security level of the TA is much higher than that of the CA.
- Most of the APP (Application) software or APK (AndroidPackage) software that the user usually installs is CA, which is installed in the REE software environment.
- the TEE software environment is strictly limited and cannot be accessed by ordinary CAs. Therefore TEE software and REE software There is security isolation to ensure the security of the TEE software and CA.
- the embodiment of the present invention provides a data security transmission device 20, as shown in FIG. 2, comprising: a dedicated communication signal processor 201 and an application processor 202;
- the application processor 202 is configured to run a rich execution environment REE software, the REE software includes a client application CA running in the REE, and running a trusted execution environment TEE triggered by the first security interrupt Software, the TEE software including a trusted application TA running in the TEE, and the dedicated communication signal processor 201 and the application processor 202 according to the first security interrupt driven by the TA Obtaining first information in the shared memory, where the first information is information that the dedicated communication signal processor 201 needs to pass to the application processor 202, and the security of the TEE software is higher than the REE software;
- the dedicated communication signal processor 201 is further configured to receive a second security interrupt sent by the application processor 202, and acquire second information, the second information, in the shared memory according to the second security interrupt. Information that needs to be passed to the dedicated communication signal processor 201 by the application processor 202;
- the application processor 202 is further configured to send the second security interrupt to the dedicated communication signal processor 201 under the driving of the TA.
- the application processor 202 runs the TEE software under the trigger of the first security interrupt, and may enter the normal working state TEE environment from the low power state TEE environment. That is to say, the original TEE software or environment exists, but in a low-power state of sleep or hibernation, although the TEE environment is not completely shut down, some of its functions are disabled or unavailable. For example, at least some of the TA functions are not available. Further, the TEE software or environment may be triggered to enter the normal operation by the first security interrupt to implement various functions related to the TA.
- the data security transmission device 20 may be a terminal device, and may be a mobile phone or a tablet computer.
- the data security transmission device 20 is used as a terminal device as an example to describe the method provided by the embodiment of the present invention.
- the physical attribute of the shared memory is a secure open state
- the dedicated communication signal processor 201 is in a secure mode.
- the physical property of the shared memory is a secure open state
- only the application processor under the TA drive or the dedicated communication signal processor in the secure mode can access the shared memory through the bus. That is to say, only the TEE and the TA running by the AP can access the shared memory, and the normal REE environment and the CA running by the AP cannot access the shared memory.
- the physical property of the shared memory is a non-secure open state, that is, a normal state
- the common REE environment and the CA run by the AP can also access the shared memory.
- the data security transmission device 20 further includes: the shared memory 203.
- FIG. 4 is a schematic diagram of a connection relationship between an application processor 202, a dedicated communication signal processor 201, and a shared memory 203, wherein a memory management unit (MMU) and an application are used.
- the processor 202 and the dedicated communication signal processor 201 are connected by a bus, and the shared memory 203 is connected to the bus through the MMU.
- Both the dedicated communication signal processor 201 in the secure mode and the application processor 202 in the TA mode can access.
- the physical attribute is the shared memory 203 in a secure open state.
- the physical attribute of the shared memory 203 may be set to a secure open state in the MMU, and when the physical attribute of the shared memory 203 is a secure open state, only the application processor driven by the TA
- the shared communication signal processor 201, 202 or in the secure mode, can access the shared memory 203 over the bus.
- the dedicated communication signal processor 201 is a communication modem (Modem), a Bluetooth processor, a Wireless-Fidelity (WiFi) processor, or a voice processor.
- the communication modem can be a 2G, 3G or 4G wireless communication modem
- the voice processor can be a codec or a language including a voice function.
- HiFi (high fidelity) processor such as a sound compression section.
- the dedicated communication signal processor 201 and the application processor 202 herein can be a separate processor or a part of the processor. Functional circuit.
- the dedicated communication signal processor 201 can send the application processor 202 to the application processor 202 through an Interprocessor Communication (IPC) mechanism between the dedicated communication signal processor 201 and the application processor 202.
- IPC Interprocessor Communication
- the transmission of the security interrupt sent by the receiver may trigger the receiver to enter the security mode.
- the number of application processors 202 involved in the present application may be one or more. That is, multiple application processors 202 can run the REE software and TEE software together.
- the operation mode may include: a part of the application processors 202 running the REE software, and another part of the application processor 202 running the TEE software; or the plurality of application processors 202 running the REE software and the TEE software.
- the first information is indication information, feedback information, or first data information.
- the first information is indication information
- the first information is used to indicate that the application processor 202 is configured according to the indication.
- the content in the information performs an action corresponding to the indication information; when the first information is feedback information, the first information is used to feed back the dedicated communication signal processor 201 to the application processor 202.
- the processing result of the second information; when the first information is the first data information, the application processor 202 can process the first data information according to the type of the first data information.
- the first data information is short message data or voice data.
- the type of the short message data is a short message type, and the application processor 202 performs security display on the short message data, when the first data information is used.
- the voice data is voice data
- the type of the voice data is a voice type, and the application processor 202 securely plays the voice data or encrypts the voice data.
- the second information is indication information, feedback information, or second data information; when the second information is indication information, the second information is used to indicate that the dedicated communication signal processor 201 is configured according to the The content in the indication information performs an action corresponding to the indication information; when the second information is feedback information, the second information is used to feed back the application processor 202 to the dedicated communication signal processor 201 a result of processing the first information; when the second information is second data information, the dedicated communication signal processor 201 is capable of processing the second data information according to a type of the second data information .
- the second data information is lock network or lock card configuration information, data connection configuration information, or phone number information.
- the dedicated communication signal processor 201 parses and saves the data of the type.
- the application processor 202 is further configured to start the TEE according to a TEE startup parameter, where the TEE startup parameter includes the dedicated communication signal processor 201 and the application processor 202 in the shared memory 203. The value of the address used.
- the data security transmission device 20 further includes: a Read-Only Memory (ROM) 204;
- ROM Read-Only Memory
- the ROM 204 is configured to store an startup program of the data security transmission device
- the application processor 202 is further configured to configure the TEE startup parameter during the startup program loading process.
- the value of the address used by the dedicated communication signal processor 201 and the application processor 202 in the shared memory 203 can be made in the startup program in the ROM in a pre-declared manner (for example, a manner of macro definition), in data security.
- the startup program in the ROM loads the fastboot program, and the fastboot program configures the TEE startup parameters including the addresses used by the dedicated communication signal processor 201 and the application processor 202 in the shared memory 203.
- the value, TEE is started according to the startup parameters of the TEE. Since the program in the ROM cannot be rewritten, the shared memory can be prevented by the optional method. The value of the address was leaked.
- the second information is configuration information for parameters of the dedicated communication signal processor 201, and the application processor 202 transmits the information to the dedicated communication signal processor 201 under the driving of the TA.
- the configuration information has a higher priority than the configuration information that the application processor 202 transmits to the dedicated communication signal processor 201 under the driving of the CA.
- the configuration information transmitted by the application processor 202 to the dedicated communication signal processor 201 under the driving of the TA is not overwritten by the CA, and in addition, some malicious programs are in the dedicated communication signal processor 201 to the application processor 202.
- the configuration information transmitted to the dedicated communication signal processor 201 under the drive of the TA is rewritten, and the data security transmission device 20 still operates according to the configuration information transmitted by the application processor 202 to the dedicated communication signal processor 201 under the driving of the TA, thereby The security of the data secure transmission device 20 is further improved.
- the parameter includes an Internet Protocol (IP) type, an Access Point Name (APN), a username, a password, an authentication type, and a Quality of Service (QOS). At least one of them.
- IP Internet Protocol
- API Access Point Name
- QOS Quality of Service
- the dedicated communication signal processor and the application processor can store information through the shared memory, and the information stored in the shared memory can be obtained by sending the security interrupt between the dedicated communication signal processor and the application processor, thereby A secure channel is established between the dedicated communication signal processor and the application processor, so that the dedicated communication signal processor can safely transfer data to the application processor, thereby improving the security of the terminal device.
- the embodiment of the invention further provides a data security transmission method, as shown in FIG. 5, the method includes:
- the dedicated communication signal processor stores the first information in a shared memory of the dedicated communication signal processor and the application processor.
- the first information is that the dedicated communication signal processor needs to be delivered to the application.
- Processor information The physical property of the shared memory is a secure open state, and the dedicated communication signal processor is in a secure mode.
- the dedicated communication signal processor is a communication modem, a Bluetooth processor, a WiFi processor, or a voice processor.
- the communication modem may be a 2G, 3G or 4G wireless communication modem
- the voice processor may be a HiFi processor including a codec or a voice compression part that can implement a voice function.
- the dedicated communication signal processor and the application processor can also be integrated into one processor.
- the dedicated communication signal processor and the application processor herein can be a separate processor or a partial functional circuit within the processor.
- the number of application processors involved in this application may be one or more. That is to say, multiple application processors can run REE software and TEE software together.
- the operation mode may include: some application processors of the plurality of application processors run REE software, another part of the application processor runs the TEE software; or multiple application processors run the REE software and the TEE software.
- the first data information is short message data or voice data.
- the first information may be data in a message sent by an external network received by the dedicated communication signal processor, in which case the external communication network processor receives the external network when the dedicated communication signal processor is a different type of processor.
- the transmitted message can also be a different message, for example, when the dedicated communication signal processor is a communication modem, the communication modem receives
- the message sent by the external network may be a short message.
- the dedicated communication signal processor is a voice processor
- the message sent by the external network received by the voice processor may be a voice message; the first information may also be a dedicated communication signal processor.
- the first information may also be other information (eg, instruction information), which is compared in the embodiment of the present invention. No restrictions are imposed.
- the dedicated communication signal processor sends a first security interrupt to the application processor.
- the dedicated communication signal processor can send a security interrupt to the application processor through an IPC mechanism between the dedicated communication signal processor and the application processor.
- the transmission of the security interrupt sent by the receiver may trigger the receiver to enter the security mode.
- the application processor runs the trusted execution environment TEE in the application processor under the trigger of the first security interrupt.
- the TEE includes a trusted application TA running in the TEE, the application processor also runs a rich execution environment REE software, and the REE software includes a client application CA running in the REE, The security of the TEE software is higher than that of the REE software.
- the application processor acquires the first information in the shared memory according to the first security interrupt, driven by the TA.
- the TA acquires the first information in the shared memory.
- the TA performs an action corresponding to the type of the first data information according to the first data information.
- the TA uses the screen to display the short message data.
- the TA uses the microphone to play the voice data.
- the peripherals such as the screen and the microphone used by the TEE need to be in a safe mode, so that the TEE can access the peripheral when the REE is Unable to visit Ask peripherals to improve data security.
- the TA may determine the dedicated communication signal according to the first information. Whether the processor successfully performed the action.
- the application processor needs to transmit the second information to the dedicated communication signal processor.
- the method further includes:
- the application processor stores the second information in the shared memory under the driving of the TA and sends a second security interrupt to the dedicated communication signal processor.
- the second information is information that the application processor needs to deliver to the dedicated communication signal processor.
- the second information is indication information, feedback information, or second data information; when the second information is indication information, the second information is used to indicate that the dedicated communication signal processor is configured according to the The content in the indication information performs an action corresponding to the indication information; when the second information is feedback information, the second information is used to feed back the application processor to the dedicated communication signal processor The processing result of the first information; when the second information is the second data information, the dedicated communication signal processor is capable of processing the second data information according to the type of the second data information.
- the second data information is lock network or lock card configuration information, data connection configuration information, or phone number information.
- the dedicated communication signal processor acquires the second information in the shared memory according to the received second security interrupt sent by the application processor.
- the second safety interrupt can also trigger the dedicated communication signal processor to enter the safe mode, so that the dedicated communication signal processor can acquire the second information in the shared memory.
- the second information may be a list of numbers including respective bank numbers
- the indication information is information indicating that the dedicated communication signal processor securely transmits the data in the short message of the sender in the number list
- the dedicated communication signal processor stores the list of numbers in the second information, and when receiving the short message of the number in the list of the number, the data in the short message is stored in the shared memory and is applied to the application processor A secure interrupt is sent to cause the application processor to obtain data in the short message.
- the user needs to perform secure display on any received short message.
- the second information may be instruction information, where the instruction information indicates that the dedicated communication signal processor sends the data in the received short message to the application processor.
- the dedicated communication signal processor receives the short message, the data in the short message is stored in the shared memory, and a security interrupt is sent to the application processor, so that the application processor acquires the data in the short message.
- first and second in the first security interrupt and the second security interrupt are only for distinguishing different security interrupts. (or data information), not a limitation on it.
- the security interrupt in this embodiment may be a hardware interrupt or a software interrupt, and the comparison of the embodiments of the present invention is not limited.
- the application processor and the dedicated communication signal processor are both data security transmission devices, and the ROM of the data security transmission device includes an activation program of the data security transmission device, and the method further includes:
- the application processor configures a TEE startup parameter during the startup program loading process, where the TEE startup parameter includes a value of an address in the shared memory used by the dedicated communication signal processor and the application processor;
- the application processor starts the TEE according to the TEE startup parameter.
- the value of the address used by the dedicated communication signal processor and the application processor in the shared memory can be started in the booting program in the ROM in a pre-declared manner (for example, a macro definition manner) in the data secure transmission device.
- the boot program in the ROM loads the fastboot program
- the fastboot program configures the TEE boot parameters
- the TEE boot parameters Including the value of the address in the shared memory that is used by the dedicated communication signal processor and the application processor, the TEE is started according to the startup parameters of the TEE. Since the program in the ROM cannot be rewritten, the optional method can prevent the value of the address of the shared memory from being leaked.
- the second information is configuration information for a parameter of the dedicated communication signal processor, and the configuration information that is transmitted by the application processor to the dedicated communication signal processor under the driving of the TA
- the priority is higher than the priority of the configuration information that the application processor communicates to the dedicated communication signal processor under the drive of the CA.
- the configuration information transmitted by the TA to the dedicated communication signal processor is not overwritten by the CA.
- some malicious programs rewrite the configuration information transmitted by the CA to the dedicated communication signal processor in the dedicated communication signal processor, The terminal device still works according to the configuration information transmitted by the TA to the dedicated communication signal processor, thereby further improving the security of the terminal device.
- the parameter includes at least one of an IP type, an APN, a username, a password, an authentication type, and a QOS.
- the dedicated communication signal processor and the application processor can store information through the shared memory, and the information stored in the shared memory can be obtained by sending the security interrupt between the dedicated communication signal processor and the application processor, thereby A secure channel is established between the dedicated communication signal processor and the application processor, so that the dedicated communication signal processor can safely transfer data to the application processor, thereby improving the security of the terminal device.
- the voice data sent by the terminal device needs to be encrypted, and the received voice data is decrypted.
- the dedicated communication signal is processed.
- the device is a voice processor. As shown in FIG. 7, the above method includes:
- the CA sends an initialization request for the encrypted voice data to the TA.
- the CA may be a dialing application (ie, an application capable of dialing a phone number), and the triggering condition of step 701 may be that the user dials a certain phone number through the CA, or the terminal device sends the encrypted voice to the TA after the terminal device is powered on.
- Initialization request for data ie, an application capable of dialing a phone number
- the initialization request includes request information for requesting the TA to determine an encryption algorithm, a decryption algorithm, and a key.
- the TA receives an initialization request for the encrypted voice data sent by the CA, and determines, according to the initialization request, an encryption algorithm that encrypts the voice data, a decryption algorithm corresponding to the encryption algorithm, and an encryption key and a decryption key.
- the encryption algorithm may be an Advanced Encryption Standard (AES) algorithm, a Data Encryption Standard (DES) algorithm, or other encryption algorithm, which is not specifically limited in this embodiment of the present invention.
- AES Advanced Encryption Standard
- DES Data Encryption Standard
- the encryption algorithm may be an encryption algorithm determined by the TA and the CA, or may be an encryption algorithm determined by the TA itself, for example, an encryption algorithm randomly selected by a random algorithm in multiple encryption algorithms.
- the TA stores the indication information in a shared memory of the AP and the voice processor.
- the indication information is used to instruct the voice processor to securely transmit the voice data that needs to be sent or received to the AP.
- the TA sends a security interrupt 1 to the voice processor.
- the voice processor can be a high fidelity processor, or other voice processor.
- steps 706-710 are performed, where the uplink voice data refers to the voice data that the terminal device sends to the network device.
- the voice processor receives the analog uplink voice data input by the user through the microphone, and simulates the uplink voice data as a voice.
- the decoding is converted into a quantized digital speech signal, which is the uplink speech data.
- the voice processor stores the received uplink voice data (data from the user) in a shared memory of the voice processor and the AP.
- the voice processor sends a security interrupt 2 to the AP.
- the AP runs the TEE in the AP triggered by the security interrupt 2.
- the TEE environment of the AP may have no tasks for a preset period of time, it can automatically enter the low-power state.
- the TEE software or environment can be triggered by the interrupt 2 to enter the normal working state.
- the TEE After detecting the security interruption 2, the TEE notifies the TA to process the security interrupt 2, and the TA acquires the uplink voice data stored in the shared memory of the voice processor and the AP.
- the TA encrypts the obtained uplink voice data according to the encryption key and the encryption algorithm, and transmits the encrypted uplink voice data to the voice processor, so that the voice processor sends the encrypted uplink to the network device through the communication modem. Voice data.
- the voice processor transmits the uplink voice data to the communication modem in the terminal device, and the communication modem sends the uplink voice data to the network device.
- the voice processor receives the downlink voice data transmitted from the communication modem, performing steps 711-715, the downlink voice data refers to the voice data sent by the network device to the terminal device, and specifically, the communication modem receives the downlink voice data from the network device and Passed to the speech processor.
- the voice processor stores the received downlink voice data in a shared memory of the voice processor and the AP.
- the voice processor sends a security interrupt 3 to the AP.
- the AP runs the TEE in the AP under the trigger of the security interrupt 3.
- the TEE environment of the AP may have no tasks for a preset period of time, it can automatically enter the low-power state.
- the TEE software or environment can be triggered by the interrupt 2 to enter the normal working state.
- the TEE After detecting the security interruption 3, the TEE notifies the TA to process the security interrupt 3, and the TA acquires the downlink voice data stored in the shared memory of the voice processor and the AP.
- the TA decrypts the acquired downlink voice data according to the decryption algorithm and the decryption key, and delivers the decrypted downlink voice data to the voice processor, so that the voice processor plays the downlink voice data.
- data transmitted between the TA and the voice processor can be transferred through the shared memory.
- the CA may also send a request to the TA to clear the data for the TA to instruct the voice processor to clear the data associated with the voice call.
- the voice processor After receiving the voice data, the voice processor transmits the voice data to the CA, and the CA requests the TA to encrypt and decrypt the voice data. Because the data transmission channel between the voice processor and the CA is not secure, therefore, The voice data may be leaked.
- the method provided in the present application can improve the security of the voice data because the voice data is directly transmitted through the secure data transmission channel between the TA and the voice processor.
- the dedicated communication signal processor is a communication modem, such as As shown in FIG. 8, the above method includes:
- the CA sends an initialization request for the short message data to the TA.
- the CA may be a short message application (that is, an application capable of transmitting a short message), and the terminal device sends an initialization request for the short message data to the TA after the terminal device is powered on.
- a short message application that is, an application capable of transmitting a short message
- the TA receives an initialization request of the short message data sent by the CA, and determines a sender number list according to the initialization request.
- the short message sent by the number in the sender number list requires a secure transmission and display of the short message.
- the CA may directly carry the number in the sender number list in the initialization request, or the TA may instruct the user to input the relevant number under the trigger of the initialization request.
- the number in the sender number list may be the number of each bank, or the number in the sender number list may be some number preset by the user.
- the TA stores the sender number list and the indication information in a shared memory of the AP and the communication modem.
- the indication information is used to instruct the communication modem to securely transmit the short message sent by the received number in the sender number list to the TA.
- the TA sends a security interrupt 1 to the communication modem.
- the communication modem receives the security interrupt 1 sent by the TA, and obtains a sender number list and indication information in the shared memory of the AP and the communication modem according to the security interrupt 1, and stores the sender number list.
- the communication modem When the communication modem receives an SMS message, determine whether the sender number of the SMS message is a number in the sender number list.
- steps 807 to 811 are performed, and if not, the short message is displayed by using the method in the prior art (that is, the short message is displayed by the CA).
- the communication modem stores the short message data in the received short message in the shared memory of the communication modem and the AP.
- the communication modem sends a security interrupt 2 to the AP.
- the AP runs the TEE in the AP triggered by the security interrupt 2.
- the TEE environment of the AP may have no tasks for a preset period of time, it can automatically enter the low-power state.
- the TEE software or environment can be triggered by the interrupt 2 to enter the normal working state.
- the TEE After detecting the security interruption 2, the TEE notifies the TA to process the security interrupt 2, and the TA acquires the short message data stored in the shared memory of the communication modem and the AP.
- the TA displays the short message data on the display screen through the display screen of the terminal device.
- the CA may also send a request to the TA to clear the data for the TA to instruct the communication modem to clear the sender number list and other information.
- the communication modem transmits the short message data to the CA, and the CA requests the TA to display the short message data securely, because the data transmission between the communication modem and the CA is performed.
- the channel is not secure, and therefore, the short message data may be leaked.
- the method provided in the present application can improve the security of the short message data because the short message data is directly transmitted through the secure data transmission channel between the TA and the communication modem.
- the foregoing method includes:
- the TA configures the lock network (or lock card) information.
- the terminal device may perform step 901 every time the power is turned on.
- the dedicated communication signal processor is a communication modem.
- the configuration information of the lock network may specifically include information such as a locked network (or a Subscriber Identity Module (SIM) card).
- SIM Subscriber Identity Module
- the TA stores the lock network (or lock card) information in the shared memory of the AP and the communication modem.
- the TA sends a security interrupt 1 to the communication modem.
- the communication modem receives the security interrupt 1 sent by the TA, and obtains the lock network (or lock card) information in the shared memory of the AP and the communication modem according to the security interrupt 1.
- the communication modem After obtaining the lock network (or lock card) information, the communication modem identifies the network (or SIM card) used or to be used by the user according to the lock network (or lock card) information, if the network used by the user or is about to be used ( Different from the lock network (or lock card) information, the service is not provided, that is, the user is prohibited from using the corresponding network (or SIM card).
- the communication modem stores the feedback information in a shared memory of the communication modem and the AP.
- the feedback information is used to inform the TA communication modem that the lock network (or lock card) information has been successfully obtained.
- the communication modem sends a security interrupt 2 to the AP.
- the AP runs the TEE in the AP under the trigger of the security interrupt 2.
- the TEE environment of the AP may have no tasks for a preset period of time, it can automatically enter the low-power state.
- the TEE software or environment can be triggered by the interrupt 2 to enter the normal working state.
- the TA After the TEE detects the security interrupt 2, the TA is notified to process the security interrupt 2, and the TA acquires the feedback information stored in the shared memory of the communication modem and the AP.
- the method further includes:
- the CA sends an unlock password to the TA.
- the TA receives the unlock password sent by the CA, and determines whether the unlock password is the same as the actual unlock password.
- TA closes the lock network (or lock card) function, and stores the indication information in the shared memory of the communication modem and the AP.
- the indication information is used to instruct the communication modem to clear the lock network (or lock card) information.
- the TA sends a security interrupt 3 to the communication modem.
- the communication modem receives the security interrupt 3 sent by the TA, and obtains the indication information in the shared memory of the communication modem and the AP according to the security interrupt 3, and clears the lock network (or lock card) information according to the indication information.
- the configuration of the lock network (or lock card) is completed in the communication modem. Since the security of the communication modem is relatively low relative to the security of the TA, the information of the lock network (or lock card) is established in the TA. Configuration can improve the security of the lock network (or lock card) information.
- the TA in order to ensure the security and correctness of data transmitted between the terminal device and the external network, the TA needs to establish a secure dial-up connection, so that the TEE needs to establish a secure data channel with the communication modem.
- the dedicated communication signal processor is a communication modem, as shown in FIG. 10, the method includes:
- the CA sends a data connection initialization request to the TA.
- the triggering condition of step 1001 may be that the terminal device is connected to the network.
- the TA configures the data connection information according to the initialization request sent by the CA.
- the data connection information may be a server address, a server port number, or a domain name system (DNS) address.
- DNS domain name system
- the TA stores the configuration information of the data connection in the shared memory of the AP and the communication modem.
- the TA sends a security interrupt 1 to the communication modem.
- the communication modem receives the security interrupt 1 sent by the TA, and obtains configuration information of the data connection in the shared memory of the AP and the communication modem according to the security interrupt 1.
- the communication modem parses and saves the configuration information of the data connection.
- the communication modem stores the feedback information in the communication modem and the AP.
- Enjoy in memory
- the feedback information is used to inform the TA communication modem that the configuration information of the data connection has been successfully obtained.
- the communication modem sends a security interrupt 2 to the AP.
- the AP runs the TEE in the AP triggered by the security interrupt 2.
- the TEE environment of the AP may have no tasks for a preset period of time, it can automatically enter the low-power state.
- the TEE software or environment can be triggered by the interrupt 2 to enter the normal working state.
- the TA After the TEE detects the security interrupt 2, the TA is notified to process the security interrupt 2, and the TA acquires the feedback information stored in the shared memory of the communication modem and the AP.
- the CA sends a data connection establishment request to the communication modem, where the data connection establishment request includes a request parameter.
- the communication modem receives the data connection establishment request sent by the CA, and replaces the request parameter in the data connection establishment request with the parameter in the configuration information delivered by the TA.
- the request parameter in the data connection establishment request sent by the CA may be illegal or incorrect, replacing the request parameter with the parameter in the configuration information delivered by the TA may improve the security of the data connection.
- the communication modem performs a data connection according to the data connection establishment request after the replacement request parameter.
- the configuration information is sent by the CA to the communication modem. Since the data transmission channel between the communication modem and the CA is insecure, the configuration information may be intercepted or illegally modified. In this application, the TA is transmitted to the communication modem. The configuration information is sent to improve the security of the configuration information. At the same time, the request parameter sent by the CA to the communication modem is replaced with the configuration information because the request parameter in the data connection establishment request sent by the CA may be illegal or incorrect. The parameters in the data can improve the security of the data connection.
- the shared memory or a portion of the memory for sharing the data or information can only be accessed by the TEE environment or TA of the AP, but not by REE or CA, thus ensuring security.
- the physical property of the shared memory at this time is a safe open state, that is, a high security level state.
- the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
- each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
- the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
- the integrated unit if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium.
- a computer readable storage medium A number of instructions are included to cause a computer device (which may be a personal computer, server, or network device, etc.) or a processor to perform all or part of the steps of the methods described in various embodiments of the present application.
- the foregoing storage medium includes: a U disk, a mobile hard disk, a ROM, a random access memory (RAM), a magnetic disk, or an optical disk, and the like, which can store program codes.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Telephone Function (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
本发明实施例公开了一种数据安全传输装置及方法,涉及系统安全技术领域,用以提高该装置的安全性。该数据安全传输装置包括:专用通信信号处理器,用于向应用处理器发送第一安全中断;应用处理器,用于运行富执行环境REE软件,以及在第一安全中断的触发下运行可信执行环境TEE软件,TEE软件包括运行在TEE中的可信应用TA,且在TA的驱动下根据第一安全中断在专用通信信号处理器与应用处理器的共享内存中获取第一信息;专用通信信号处理器,还用于接收应用处理器发送的第二安全中断,并根据第二安全中断在共享内存中获取第二信息;应用处理器,还用于在TA的驱动下向专用通信信号处理器发送第二安全中断。
Description
本申请要求于2016年02月29日提交中国专利局、申请号为201610113629.6、发明名称为“一种数据安全传输装置及方法”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
本发明涉及系统安全技术领域,尤其涉及一种数据安全传输装置及方法。
随着移动网络和移动终端的高速发展,应用软件涉及的领域扩大到各行各业中,应用软件的种类也越来越多,而诸如与电子支付业务相关的金融应用软件、内容版权保护应用软件以及云计算下瘦终端的安全应用软件等软件由于关乎着用户的切身利益,安全性要求较高。
然而,移动终端(也叫终端设备)的操作系统在设计时的出发点主要是为了满足某些功能性的要求,而不是为了满足高度的安全性,同时由于操作系统较开放、较庞大、且较复杂而很难杜绝相应的系统漏洞,致使一些利用系统漏洞的恶意程序对应用软件进行攻击或截取应用软件的信息,使得应用软件的安全性降低。目前,虽然可以通过防火墙、杀毒软件等对应用软件进行保护,但由于频繁的系统更新以及恶意程序的层出不穷,导致无法完全对应用软件进行保护。
基于该问题,一种解决方案为:采用例如Trustzone技术、多中央处理器(Central Processing Unit,简称CPU)技术等,将一个移动终端的执行环境划分为两种相互独立的执行环境:富执行环境(Rich Execution Environment,简称REE)和可信执行环境(Trusted Execution Environment,
简称TEE),REE运行目前常用的移动操作系统(例如,Android),TEE运行一个功能简单、代码量小、封闭并且可人为审核控制的安全操作系统,安全性要求不高的客户端应用(Client Application,简称CA)运行在REE中,安全性要求较高的安全应用(Trusted Application,简称TA)运行在TEE中,并为部署在移动操作系统中的CA提供安全服务,例如,用户在使用移动终端中的CA过程中,若遇到电子支付等敏感操作,CA会向TA发送请求,TA接收到请求之后执行与支付相关的验证操作(例如,验证密码是否正确),并将验证成功后的结果向CA返回,CA继续执行后续步骤,从而防止数据(例如,上述密码)泄露。
TEE技术可以保证存储在TEE中的数据的安全性和TA的安全性,TA实际上可以实现与CA一样的功能,用户在实际操作过程中,TA和CA之间并无太大差别,并且TA在安全性上高于CA,但是,由于TEE软件和REE软件均运行在应用处理器(Application Processor,简称AP)上,目前TA的功能还是仅仅局限在对CA提供安全服务,而对于移动终端来说,通信功能尤为重要,用户的大部分数据都需要通过通信调制解调器(Modem)、屏幕以及键盘等外设与AP进行交互,虽然通信调制解调器具备独立的运行环境和封闭的软件代码,屏幕以及键盘也可以设置成安全模式,但AP与通信调制解调器之间的数据传输通道也是开放的、非安全的,因此,恶意程序仍然可以在AP与通信调制解调器之间传输数据时截获相关数据,造成用户数据泄露,降低移动终端的安全性。
发明内容
本发明的实施例提供一种数据安全传输装置及方法,用以提高该装置的安全性。
为达到上述目的,本发明的实施例采用如下技术方案:
第一方面,提供一种数据安全传输装置,包括:专用通信信号处理器和应用处理器;所述专用通信信号处理器,用于向所述应用处理器发送第
一安全中断;所述应用处理器,用于运行REE软件,所述REE软件包括运行在所述REE中的CA,以及在所述第一安全中断的触发下运行TEE软件,所述TEE软件包括运行在所述TEE中的TA,且在所述TA的驱动下根据所述第一安全中断在所述专用通信信号处理器与所述应用处理器的共享内存中获取所述专用通信信号处理器需要传递给所述应用处理器的第一信息,所述TEE软件的安全性高于所述REE软件;所述专用通信信号处理器,还用于接收所述应用处理器发送的第二安全中断,并根据所述第二安全中断在所述共享内存中获取所述应用处理器需要传递给所述专用通信信号处理器的第二信息;所述应用处理器,还用于在所述TA的驱动下向所述专用通信信号处理器发送所述第二安全中断。
可选的,所述装置还包括:所述共享内存。
可选的,所述应用处理器还用于根据包括所述共享内存中被所述专用通信信号处理器和所述应用处理器使用的地址的值的TEE启动参数启动所述TEE。
可选的,所述装置还包括:只读存储器ROM;所述ROM,用于存储所述数据安全传输装置的启动程序;所述应用处理器,还用于在所述启动程序加载过程中配置所述TEE启动参数。
由于ROM中的程序不可以被改写,因此,该可选的方法,能够防止共享内存中被专用通信信号处理器和应用处理器使用的地址的值被泄露。
可选的,所述第二信息是针对所述专用通信信号处理器的参数的配置信息,所述应用处理器在所述TA的驱动下向所述专用通信信号处理器传递的所述配置信息优先级高于所述应用处理器在所述CA的驱动下向所述专用通信信号处理器传递的配置信息的优先级。
可选的,所述第一信息为指示信息、反馈信息或第一数据信息;当所述第一信息为指示信息时,所述第一信息用于指示所述应用处理器根据所
述指示信息中的内容执行与所述指示信息相应的动作;当所述第一信息为反馈信息时,所述第一信息用于向所述应用处理器反馈所述专用通信信号处理器对所述第二信息的处理结果;当所述第一信息为第一数据信息时,所述应用处理器能够根据所述第一数据信息的类型对所述第一数据信息进行处理。
可选的,所述第一数据信息为短信数据或语音数据。
可选的,所述第二信息为指示信息、反馈信息或第二数据信息;当所述第二信息为指示信息时,所述第二信息用于指示所述专用通信信号处理器根据所述指示信息中的内容执行与所述指示信息相应的动作;当所述第二信息为反馈信息时,所述第二信息用于向所述专用通信信号处理器反馈所述应用处理器对所述第一信息的处理结果;当所述第二信息为第二数据信息时,所述专用通信信号处理器能够根据所述第二数据信息的类型对所述第二数据信息进行处理。
可选的,所述第二数据信息为锁网或锁卡配置信息、数据连接配置信息或电话号码信息。
可选地,所述装置是一个便携式电子设备或移动终端或芯片或芯片组。
第二方面,提供一种数据安全传输方法,包括:专用通信信号处理器将需要传递给应用处理器的第一信息存储在所述专用通信信号处理器与所述应用处理器的共享内存中;所述专用通信信号处理器向所述应用处理器发送第一安全中断;在所述第一安全中断的触发下运行所述应用处理器中的TEE,所述TEE包括运行在所述TEE中的TA,所述应用处理器还运行REE软件,所述REE软件包括运行在所述REE中的CA,所述TEE软件的安全性高于所述REE软件;所述应用处理器在所述TA的驱动下根据所述第一安全中断在所述共享内存中获取所述第一信息;所述应用处理器在所述TA的驱动下将需要传递给所述专用通信信号处理器的第二信息
存储在所述共享内存中并向所述专用通信信号处理器发送第二安全中断;所述专用通信信号处理器根据接收到的所述应用处理器发送的所述第二安全中断在所述共享内存中获取所述第二信息。
可选的,所述应用处理器和所述专用通信信号处理器均属于数据安全传输装置,所述数据安全传输装置的只读存储器ROM中包括所述数据安全传输装置的启动程序,所述方法还包括:所述应用处理器在所述启动程序加载过程中配置包括所述共享内存中被所述专用通信信号处理器和所述应用处理器使用的地址的值的TEE启动参数;所述应用处理器根据所述TEE启动参数启动所述TEE。
由于ROM中的程序不可以被改写,因此,该可选的方法,能够防止共享内存中被专用通信信号处理器和应用处理器使用的地址的值被泄露。
可选的,所述第二信息是针对所述专用通信信号处理器的参数的配置信息,所述应用处理器在所述TA的驱动下向所述专用通信信号处理器传递的所述配置信息优先级高于所述应用处理器在所述CA的驱动下向所述专用通信信号处理器传递的配置信息的优先级。
可选的,所述第一信息为指示信息、反馈信息或第一数据信息;当所述第一信息为指示信息时,所述第一信息用于指示所述应用处理器根据所述指示信息中的内容执行与所述指示信息相应的动作;当所述第一信息为反馈信息时,所述第一信息用于向所述应用处理器反馈所述专用通信信号处理器对所述第二信息的处理结果;当所述第一信息为第一数据信息时,所述应用处理器能够根据所述第一数据信息的类型对所述第一数据信息进行处理。
可选的,所述第一数据信息为短信数据或语音数据。
可选的,所述第二信息为指示信息、反馈信息或第二数据信息;当所述第二信息为指示信息时,所述第二信息用于指示所述专用通信信号处理
器根据所述指示信息中的内容执行与所述指示信息相应的动作;当所述第二信息为反馈信息时,所述第二信息用于向所述专用通信信号处理器反馈所述应用处理器对所述第一信息的处理结果;当所述第二信息为第二数据信息时,所述专用通信信号处理器能够根据所述第二数据信息的类型对所述第二数据信息进行处理。
可选的,所述第二数据信息为锁网或锁卡配置信息、数据连接配置信息或电话号码信息。
本发明实施例提供的装置及方法,专用通信信号处理器和应用处理器可以通过共享内存存储信息,并且专用通信信号处理器和应用处理器之间可以通过发送安全中断获取共享内存中存储的信息,从而在专用通信信号处理器和应用处理器之间建立了一条安全通道,使得专用通信信号处理器可以安全的将数据传递给应用处理器,提高了终端设备的安全性。
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。
图1为现有技术中的一种终端设备的组成示意图;
图2为本发明实施例提供的一种数据安全传输装置的组成示意图;
图3为本发明实施例提供的又一种数据安全传输装置的组成示意图;
图4为本发明实施例提供的一种AP、共享内存与专用通信信号处理器的连接示意图;
图5为本发明实施例提供的一种数据安全传输方法的流程图;
图6为本发明实施例提供的又一种数据安全传输方法的流程图;
图7为本发明实施例提供的又一种数据安全传输方法的流程图;
图8为本发明实施例提供的又一种数据安全传输方法的流程图;
图9为本发明实施例提供的又一种数据安全传输方法的流程图;
图10为本发明实施例提供的又一种数据安全传输方法的流程图。
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。
需要说明的是,本发明实施例中的AP可以为CPU,AP也可以包括CPU及CPU外围硬件,REE软件和TEE软件运行在AP上。示例性的,如图1所示,图1示出了一种终端设备,该终端设备中的AP中运行TEE软件和REE软件,该终端设备中还包括传声器、屏幕、键盘以及专用通信信号处理器等外设,运行在AP上的TA或CA可以通过与外设之间的接口访问外设。需要说明的是,当TA访问外设时,会触发外设进入安全模式,该情况下,外设只能被TA所访问,而不能被CA所访问,终端设备还包括一些必要的REE硬件以及TEE硬件等,图中未示出。所述TEE软件或环境的安全性高于REE软件或环境的安全性,因此TA的安全级别远高于CA。用户通常安装的大部分APP(Application)软件或APK(AndroidPackage)软件即CA,被安装于REE软件环境下。TEE软件环境是严格受限的,无法被普通CA所访问。因此TEE软件和REE软件之
间存在安全隔离以保证TEE软件和CA的安全性。
本发明实施例提供一种数据安全传输装置20,如图2所示,包括:专用通信信号处理器201和应用处理器202;
所述专用通信信号处理器201,用于向所述应用处理器202发送第一安全中断;
所述应用处理器202,用于运行富执行环境REE软件,所述REE软件包括运行在所述REE中的客户端应用CA,以及在所述第一安全中断的触发下运行可信执行环境TEE软件,所述TEE软件包括运行在所述TEE中的可信应用TA,且在所述TA的驱动下根据所述第一安全中断在所述专用通信信号处理器201与所述应用处理器202的共享内存中获取第一信息,所述第一信息为所述专用通信信号处理器201需要传递给所述应用处理器202的信息,所述TEE软件的安全性高于所述REE软件;
所述专用通信信号处理器201,还用于接收所述应用处理器202发送的第二安全中断,并根据所述第二安全中断在所述共享内存中获取第二信息,所述第二信息为所述应用处理器202需要传递给所述专用通信信号处理器201的信息;
所述应用处理器202,还用于在所述TA的驱动下向所述专用通信信号处理器201发送所述第二安全中断。
所述应用处理器202在所述第一安全中断的触发下运行TEE软件,可以是从低功耗状态的TEE环境进入正常工作状态的TEE环境。也就是说,本来的TEE软件或环境虽然存在,但处于一种睡眠或休眠的低功耗状态,虽然TEE环境没有被完全关闭,但其部分功能是被去使能或不可用的。比如其中的至少部分TA功能不可用。进一步地,TEE软件或环境可以受到所述第一安全中断的触发进入正常运行,以实现TA相关的各类功能。
其中,数据安全传输装置20可以为终端设备,具体可以为手机、平板电脑等,本文中均以数据安全传输装置20为终端设备为例对本发明实施例提供的方法进行说明。
需要说明的是,共享内存的物理属性为安全打开状态,专用通信信号处理器201处于安全模式。当共享内存的物理属性为安全打开状态时,只有在TA驱动下的应用处理器或处于安全模式的专用通信信号处理器才可以通过总线对该共享内存进行访问。也就是说只有AP运行的TEE和TA能够访问该共享内存,AP运行的普通的REE环境和CA是不能访问该共享内存的。当共享内存的物理属性为非安全打开状态,即普通状态,则AP运行的普通的REE环境和CA也可以访问该共享内存。
可选的,如图3所示,数据安全传输装置20还包括:所述共享内存203。
示例性的,如图4所示,图4为一种应用处理器202、专用通信信号处理器201和共享内存203的连接关系示意图,其中,内存管理单元(Memory Management Unit,简称MMU)、应用处理器202和专用通信信号处理器201之间通过总线两两连接,共享内存203通过MMU与总线连接,处于安全模式的专用通信信号处理器201和在TA驱动下的应用处理器202均可以访问物理属性为安全打开状态的共享内存203。
具体的,在本发明的各个实施例中,可以在MMU中设置共享内存203的物理属性为安全打开状态,当共享内存203的物理属性为安全打开状态时,只有在TA驱动下的应用处理器202或处于安全模式的专用通信信号处理器201才可以通过总线对该共享内存203进行访问。
可选的,所述专用通信信号处理器201为通信调制解调器(Modem)、蓝牙处理器、无线保真(Wireless-Fidelity,简称WiFi)处理器或语音处理器。具体的,通信调制解调器可以为2G、3G或4G无线通信调制解调器,语音处理器可以为包括可实现语音功能的编解码器(Codec)或语
音压缩部分等的HiFi(高保真)处理器。可以理解,专用通信信号处理器201和应用处理器202也可以集成在一个处理器内,本文中的专用通信信号处理器201和应用处理器202可以是一个独立的处理器或处理器内的部分功能电路。
具体的,如图4所示,专用通信信号处理器201可以通过专用通信信号处理器201与应用处理器202之间的处理器内部通讯(Inter Processor Communication,简称IPC)机制向应用处理器202发送安全中断。
其中,当接收方本身处于非安全模式时,发送方向接收方发送的安全中断可以触发接收方进入安全模式。
需注意,本申请中涉及的应用处理器202的数量可以是一个或多个。也就是说,多个应用处理器202可以共同运行所述REE软件和TEE软件。运行方式可以包括:多个应用处理器202中的一部分应用处理器202运行REE软件,另一部分应用处理器202运行TEE软件;或者多个应用处理器202均运行REE软件和TEE软件。
可选的,所述第一信息为指示信息、反馈信息或第一数据信息;当所述第一信息为指示信息时,所述第一信息用于指示所述应用处理器202根据所述指示信息中的内容执行与所述指示信息相应的动作;当所述第一信息为反馈信息时,所述第一信息用于向所述应用处理器202反馈所述专用通信信号处理器201对所述第二信息的处理结果;当所述第一信息为第一数据信息时,所述应用处理器202能够根据所述第一数据信息的类型对所述第一数据信息进行处理。
具体的,所述第一数据信息为短信数据或语音数据,当第一数据信息为短信数据时,短信数据的类型为短信类型,应用处理器202对短信数据进行安全显示,当第一数据信息为语音数据时,语音数据的类型为语音类型,应用处理器202对语音数据进行安全播放或对语音数据进行加密。
可选的,所述第二信息为指示信息、反馈信息或第二数据信息;当所述第二信息为指示信息时,所述第二信息用于指示所述专用通信信号处理器201根据所述指示信息中的内容执行与所述指示信息相应的动作;当所述第二信息为反馈信息时,所述第二信息用于向所述专用通信信号处理器201反馈所述应用处理器202对所述第一信息的处理结果;当所述第二信息为第二数据信息时,所述专用通信信号处理器201能够根据所述第二数据信息的类型对所述第二数据信息进行处理。
具体的,所述第二数据信息为锁网或锁卡配置信息、数据连接配置信息或电话号码信息。当第二数据信息的类型为配置类型时,专用通信信号处理器201对该类型的数据进行解析并保存。
可选的,所述应用处理器202还用于根据TEE启动参数启动所述TEE,所述TEE启动参数包括所述共享内存203中被所述专用通信信号处理器201和所述应用处理器202使用的地址的值。
可选的,如图3所示,数据安全传输装置20还包括:只读存储器(Read-Only Memory,简称ROM)204;
所述ROM204,用于存储所述数据安全传输装置的启动程序;
所述应用处理器202,还用于在所述启动程序加载过程中配置所述TEE启动参数。
具体的,可以通过预先声明的方式(例如,宏定义的方式)使得共享内存203中被专用通信信号处理器201和应用处理器202使用的地址的值在ROM中的启动程序中,在数据安全传输装置20启动的过程中,ROM中的启动程序加载fastboot程序,fastboot程序对TEE启动参数进行配置,TEE启动参数包括共享内存203中被专用通信信号处理器201和应用处理器202使用的地址的值,TEE根据TEE的启动参数启动。由于ROM中的程序不可以被改写,因此,通过该可选的方法,可以防止共享内存203
的地址的值被泄露。
可选的,所述第二信息是针对所述专用通信信号处理器201的参数的配置信息,所述应用处理器202在所述TA的驱动下向所述专用通信信号处理器201传递的所述配置信息优先级高于所述应用处理器202在所述CA的驱动下向所述专用通信信号处理器201传递的配置信息的优先级。
该情况下,应用处理器202在TA的驱动下向专用通信信号处理器201传递的配置信息不会被CA改写,另外,即使一些恶意程序在专用通信信号处理器201中对应用处理器202在TA的驱动下向专用通信信号处理器201传递的配置信息进行了改写,数据安全传输装置20仍然按照应用处理器202在TA的驱动下向专用通信信号处理器201传递的配置信息进行工作,从而进一步提高了数据安全传输装置20的安全性。
可选的,所述参数包括网络协议(Internet Protocol,IP)类型,接入点名称(Access Point Name,简称APN),用户名,密码,鉴权类型和服务质量(Quality of Service,简称QOS)中的至少一项。
本发明实施例提供的装置,专用通信信号处理器和应用处理器可以通过共享内存存储信息,并且专用通信信号处理器和应用处理器之间可以通过发送安全中断获取共享内存中存储的信息,从而在专用通信信号处理器和应用处理器之间建立了一条安全通道,使得专用通信信号处理器可以安全的将数据传递给应用处理器,提高了终端设备的安全性。
本发明实施例还提供一种数据安全传输方法,如图5所示,该方法包括:
501、专用通信信号处理器将第一信息存储在所述专用通信信号处理器与应用处理器的共享内存中。
其中,所述第一信息为所述专用通信信号处理器需要传递给所述应用
处理器的信息。所述共享内存的物理属性为安全打开状态,所述专用通信信号处理器处于安全模式。
可选的,所述专用通信信号处理器为通信调制解调器、蓝牙处理器、WiFi处理器或语音处理器。具体的,通信调制解调器可以为2G、3G或4G无线通信调制解调器,语音处理器可以为包括可实现语音功能的编解码器(Codec)或语音压缩部分等的HiFi处理器。可以理解,专用通信信号处理器和应用处理器也可以集成在一个处理器内,本文中的专用通信信号处理器和应用处理器可以是一个独立的处理器或处理器内的部分功能电路。
需注意,本申请中涉及的应用处理器的数量可以是一个或多个。也就是说,多个应用处理器可以共同运行REE软件和TEE软件。运行方式可以包括:多个应用处理器中的一部分应用处理器运行REE软件,另一部分应用处理器运行TEE软件;或者多个应用处理器均运行REE软件和TEE软件。
具体的,所述第一信息为指示信息、反馈信息或第一数据信息;当所述第一信息为指示信息时,所述第一信息用于指示所述应用处理器根据所述指示信息中的内容执行与所述指示信息相应的动作;当所述第一信息为反馈信息时,所述第一信息用于向所述应用处理器反馈所述专用通信信号处理器对所述第二信息的处理结果;当所述第一信息为第一数据信息时,所述应用处理器能够根据所述第一数据信息的类型对所述第一数据信息进行处理。
可选的,所述第一数据信息为短信数据或语音数据。
第一信息可以为专用通信信号处理器接收到的外部网络发送的消息中的数据,该情况下,当专用通信信号处理器为不同类型的处理器时,专用通信信号处理器接收到的外部网络发送的消息也可以为不同的消息,例如,当专用通信信号处理器为通信调制解调器时,通信调制解调器接收到
的外部网络发送的消息可以为短信消息,当专用通信信号处理器为语音处理器时,语音处理器接收到的外部网络发送的消息可以为语音消息;第一信息也可以为专用通信信号处理器在接收到应用处理器传递的信息、并根据该信息执行相应的动作之后,向应用处理器反馈的信息;当然,第一信息也可以为其他信息(例如,指令信息),本发明实施例对比不进行限制。
502、专用通信信号处理器向所述应用处理器发送第一安全中断。
具体的,专用通信信号处理器可以通过专用通信信号处理器与应用处理器之间的IPC机制向应用处理器发送安全中断。
其中,当接收方本身处于非安全模式时,发送方向接收方发送的安全中断可以触发接收方进入安全模式。
503、应用处理器在所述第一安全中断的触发下运行所述应用处理器中的可信执行环境TEE。
其中,所述TEE包括运行在所述TEE中的可信应用TA,所述应用处理器还运行富执行环境REE软件,所述REE软件包括运行在所述REE中的客户端应用CA,所述TEE软件的安全性高于所述REE软件。
504、应用处理器在所述TA的驱动下根据所述第一安全中断在所述共享内存中获取所述第一信息。
具体的,TEE运行之后,会检测未处理的消息,并通知CA进行处理,具体的,TEE通知TA处理第一安全中断后,TA即在共享内存中获取第一信息。
具体的,当第一信息为第一数据信息时,TA根据第一数据信息执行与第一数据信息的类型对应的动作,当第一数据信息为短信数据,TA使用屏幕将短信数据进行显示,当第一数据信息为语音数据时,TA使用传声器将语音数据进行播放,需要说明的是,TEE使用的屏幕、传声器等外设都需要处于安全模式,这样才能够使得TEE访问外设时,REE无法访
问外设,提高数据的安全性。当第一信息为专用通信信号处理器在接收到应用处理器传递的信息、并根据该信息执行相应的动作之后,向应用处理器反馈的信息时,TA可以根据该第一信息确定专用通信信号处理器是否成功执行了该动作。
在一种应用场景下,应用处理器需要向专用通信信号处理器传递第二信息,该情况下,如图6所示,上述方法还包括:
601、应用处理器在所述TA的驱动下将第二信息存储在所述共享内存中并向所述专用通信信号处理器发送第二安全中断。
其中,所述第二信息为所述应用处理器需要传递给所述专用通信信号处理器的信息。
可选的,所述第二信息为指示信息、反馈信息或第二数据信息;当所述第二信息为指示信息时,所述第二信息用于指示所述专用通信信号处理器根据所述指示信息中的内容执行与所述指示信息相应的动作;当所述第二信息为反馈信息时,所述第二信息用于向所述专用通信信号处理器反馈所述应用处理器对所述第一信息的处理结果;当所述第二信息为第二数据信息时,所述专用通信信号处理器能够根据所述第二数据信息的类型对所述第二数据信息进行处理。
具体的,所述第二数据信息为锁网或锁卡配置信息、数据连接配置信息或电话号码信息。
602、专用通信信号处理器根据接收到的所述应用处理器发送的所述第二安全中断在所述共享内存中获取所述第二信息。
具体的,当专用通信信号处理器处于非安全模式时,第二安全中断还可以触发专用通信信号处理器进入安全模式,这样专用通信信号处理器才可以在共享内存中获取第二信息。
示例性的,用户需要对各个银行发送的短信进行安全显示,该情况下,
第二信息可以为包括各个银行号码的号码列表以及指示信息,该指示信息为指示专用通信信号处理器安全传输发送方为该号码列表中的号码的短信消息中的数据的信息,该情况下,专用通信信号处理器存储第二信息中的号码列表,并在接收到发送方为该号码列表中的号码的短信消息时,将该短信消息中的数据存储在共享内存中,并向应用处理器发送安全中断,以使得应用处理器获取短信消息中的数据。再例如,用户需要对接收到的任意短信消息进行安全显示,该情况下,第二信息可以为指令信息,该指令信息指示专用通信信号处理器将接收到的短信消息中的数据向应用处理器安全传递,则专用通信信号处理器在接收到短信消息时,将该短信消息中的数据存储在共享内存中,并向应用处理器发送安全中断,以使得应用处理器获取短信消息中的数据。
需要说明的是,本实施例中的第一安全中断和第二安全中断(或第一数据信息和第二数据信息)中的“第一”和“第二”仅仅是为了区分不同的安全中断(或数据信息),并非对其进行的限制。本实施例中的安全中断可以为硬件中断或者软件中断,本发明实施例对比不进行限制。
可选的,所述应用处理器和所述专用通信信号处理器均属于数据安全传输装置,所述数据安全传输装置的ROM中包括所述数据安全传输装置的启动程序,所述方法还包括:
所述应用处理器在所述启动程序加载过程中配置TEE启动参数,所述TEE启动参数包括所述共享内存中被所述专用通信信号处理器和所述应用处理器使用的地址的值;
所述应用处理器根据所述TEE启动参数启动所述TEE。
具体的,可以通过预先声明的方式(例如,宏定义的方式)使得共享内存中被专用通信信号处理器和应用处理器使用的地址的值在ROM中的启动程序中,在数据安全传输装置启动的过程中,ROM中的启动程序加载fastboot程序,fastboot程序对TEE启动参数进行配置,TEE启动参数
包括共享内存中被专用通信信号处理器和应用处理器使用的地址的值,TEE根据TEE的启动参数启动。由于ROM中的程序不可以被改写,因此,通过该可选的方法,可以防止共享内存的地址的值被泄露。
可选的,所述第二信息是针对所述专用通信信号处理器的参数的配置信息,所述应用处理器在所述TA的驱动下向所述专用通信信号处理器传递的所述配置信息优先级高于所述应用处理器在所述CA的驱动下向所述专用通信信号处理器传递的配置信息的优先级。
该情况下,TA向专用通信信号处理器传递的配置信息不会被CA改写,另外,即使一些恶意程序在专用通信信号处理器中对CA向专用通信信号处理器传递的配置信息进行了改写,终端设备仍然按照TA向专用通信信号处理器传递的配置信息进行工作,从而进一步提高了终端设备的安全性。
可选的,所述参数包括IP类型,APN,用户名,密码,鉴权类型和QOS中的至少一项。
本发明实施例提供的方法,专用通信信号处理器和应用处理器可以通过共享内存存储信息,并且专用通信信号处理器和应用处理器之间可以通过发送安全中断获取共享内存中存储的信息,从而在专用通信信号处理器和应用处理器之间建立了一条安全通道,使得专用通信信号处理器可以安全的将数据传递给应用处理器,提高了终端设备的安全性。
在一种应用场景下,为了保证终端设备发送或接收的语音数据的安全性,需要对终端设备发送的语音数据进行加密,接收到的语音数据进行解密,在该应用场景下,专用通信信号处理器为语音处理器,如图7所示,上述方法包括:
701、CA向TA发送加密语音数据的初始化请求。
其中,CA可以是拨号应用(即能够实现拨打电话号码的应用程序),步骤701的触发条件可以为用户通过CA拨打了某个电话号码,或者,终端设备在开机之后CA即向TA发送加密语音数据的初始化请求。
该初始化请求中包括请求TA确定加密算法、解密算法以及密钥的请求信息。
702、TA接收CA发送的加密语音数据的初始化请求,并根据该初始化请求确定对语音数据进行加密的加密算法、与该加密算法对应的解密算法以及加密密钥和解密密钥。
其中,加密算法可以为高级加密标准(Advanced Encryption Standard,简称AES)算法、数据加密标准(Data Encryption Standard,简称DES)算法或其他加密算法,本发明实施例对此不做具体限定。
具体的,加密算法可以为TA与CA协商确定的加密算法,也可以为TA自行确定的加密算法,例如,在多个加密算法中通过随机算法随机选择出的加密算法。
703、TA将指示信息存储在AP与语音处理器的共享内存中。
具体的,该指示信息用于指示语音处理器将需要发送或接收到的语音数据安全的传递给AP。
704、TA向语音处理器发送安全中断1。
语音处理器可以为高保真处理器,或其他的语音处理器。
705、语音处理器接收TA发送的安全中断1,并根据安全中断1在AP与语音处理器的共享内存中获取指示信息。
当语音处理器接收到上行语音数据时,执行步骤706-710,上行语音数据是指终端设备向网络设备发送的语音数据。例如,语音处理器接收到用户通过麦克风输入的模拟上行语音数据,将模拟上行语音数据做语音编
解码转化为量化的数字语音信号,该数字语音信号即上行语音数据。
706、语音处理器将接收到的上行语音数据(来自用户的数据)存储在语音处理器与AP的共享内存中。
707、语音处理器向AP发送安全中断2。
708、AP在安全中断2的触发下运行AP中的TEE。此前由于AP的TEE环境可能在预设的一段时间内没有任务,能够自动进入低功耗状态,此时TEE软件或环境可以受到中断2的触发进入正常工作状态。
709、TEE检测到安全中断2之后,通知TA处理安全中断2,TA获取语音处理器与AP的共享内存中存储的上行语音数据。
710、TA根据加密密钥和加密算法对获取到的上行语音数据进行加密,并将加密后的上行语音数据传递给语音处理器,以使得语音处理器通过通信调制解调器向网络设备发送加密后的上行语音数据。
具体的,语音处理器会将上行语音数据传输至终端设备内的通信调制解调器,由通信调制解调器将上行语音数据发送给网络设备。
当语音处理器接收到来自通信调制解调器传递的下行语音数据时,执行步骤711-715,下行语音数据是指网络设备向终端设备发送的语音数据,具体的,通信调制解调器从网络设备接收下行语音数据并传递给该语音处理器。
711、语音处理器将接收到的下行语音数据存储在语音处理器与AP的共享内存中。
712、语音处理器向AP发送安全中断3。
713、AP在安全中断3的触发下运行AP中的TEE。此前由于AP的TEE环境可能在预设的一段时间内没有任务,能够自动进入低功耗状态,此时TEE软件或环境可以受到中断2的触发进入正常工作状态。
714、TEE检测到安全中断3之后,通知TA处理安全中断3,TA获取语音处理器与AP的共享内存中存储的下行语音数据。
715、TA根据解密算法和解密密钥对获取到的下行语音数据进行解密,并将解密后的下行语音数据传递给语音处理器,以使得语音处理器播放该下行语音数据。
具体的,TA与语音处理器之间传递的数据均可以通过共享内存进行传递。
当语音通话停止时或者终端设备关机时,在步骤715之后,CA还可以向TA发送清除数据的请求,用于TA指示语音处理器清除与该次语音通话相关的数据。
现有技术中,语音处理器接收到语音数据之后,将该语音数据传递给CA,CA再请求TA对语音数据进行加解密,由于语音处理器与CA之间的数据传输通道不安全,因此,可能导致语音数据泄露,本申请中提供的方法,由于语音数据直接通过TA与语音处理器之间的安全的数据传输通道传输,因此,能够提高语音数据的安全性。
在另一种应用场景下,为了防止某些发送方发送的短信数据泄露,发送方的短信数据需要在终端设备上进行安全传输和显示,该情况下,专用通信信号处理器为通信调制解调器,如图8所示,上述方法包括:
801、CA向TA发送短信数据的初始化请求。
其中,CA可以是短信应用(即能够实现发送短信消息的应用程序),终端设备在开机之后CA即向TA发送短信数据的初始化请求。
802、TA接收CA发送的短信数据的初始化请求,并根据该初始化请求确定发送方号码列表。
其中,发送方号码列表中的号码发送的短信消息即需要安全传输和显示的短信消息。
具体的,CA可以直接将发送方号码列表中的号码携带在初始化请求中,也可以TA在初始化请求的触发下指示用户输入相关号码。
示例性的,发送方号码列表中的号码可以为各个银行的号码,或者,发送方号码列表中的号码可以为用户预设的某些号码。
803、TA将发送方号码列表及指示信息存储在AP与通信调制解调器的共享内存中。
具体的,该指示信息用于指示通信调制解调器将接收到的发送方号码列表中的号码发送的短信消息安全的传输给TA。
804、TA向通信调制解调器发送安全中断1。
805、通信调制解调器接收TA发送的安全中断1,并根据安全中断1在AP与通信调制解调器的共享内存中获取发送方号码列表及指示信息,并存储该发送方号码列表。
806、当通信调制解调器接收到一个短信消息时,判断该短信消息的发送方号码是否为发送方号码列表中的号码。
若是,执行步骤807至811,若否,采用现有技术中的方法显示短信(即通过CA显示短信)。
807、通信调制解调器将接收到的短信消息中的短信数据存储在通信调制解调器与AP的共享内存中。
808、通信调制解调器向AP发送安全中断2。
809、AP在安全中断2的触发下运行AP中的TEE。此前由于AP的TEE环境可能在预设的一段时间内没有任务,能够自动进入低功耗状态,此时TEE软件或环境可以受到中断2的触发进入正常工作状态。
810、TEE检测到安全中断2之后,通知TA处理安全中断2,TA获取通信调制解调器与AP的共享内存中存储的短信数据。
811、TA通过终端设备的显示屏幕将短信数据显示在显示屏幕上。
当终端设备关机时,在步骤811之后,CA还可以向TA发送清除数据的请求,用于TA指示通信调制解调器清除发送方号码列表等信息。
现有技术中,为了保证短信数据的安全性,通信调制解调器接收到短信数据之后,将该短信数据传递给CA,CA再请求TA对短信数据进行安全显示,由于通信调制解调器与CA之间的数据传输通道不安全,因此,可能导致短信数据泄露,本申请中提供的方法,由于短信数据直接通过TA与通信调制解调器之间的安全的数据传输通道传输,因此,能够提高短信数据的安全性。
在另一种应用场景下,为了防止终端设备的锁网(或锁卡)功能失效,损害运营商的利益,如图9所示,上述方法包括:
901、TA对锁网(或锁卡)信息进行配置。
具体的,终端设备可以在每次开机时就执行步骤901。
该情况下,专用通信信号处理器为通信调制解调器。
锁网(或锁卡)的配置信息具体可以包括锁定的网络(或锁定的客户识别模块(Subscriber Identity Module,简称SIM)卡)等信息。
902、TA将锁网(或锁卡)信息存储在AP与通信调制解调器的共享内存中。
903、TA向通信调制解调器发送安全中断1。
904、通信调制解调器接收TA发送的安全中断1,并根据安全中断1在AP与通信调制解调器的共享内存中获取锁网(或锁卡)信息。
通信调制解调器在获取到锁网(或锁卡)信息之后,根据锁网(或锁卡)信息对用户使用或即将使用的网络(或SIM卡)进行识别,若用户使用的或即将使用的网络(或SIM卡)与锁网(或锁卡)信息不同,则不提供服务,即禁止用户使用相应网络(或SIM卡)。
905、通信调制解调器将反馈信息存储在通信调制解调器与AP的共享内存中。
其中,反馈信息用于告知TA通信调制解调器已成功获取锁网(或锁卡)信息。
906、通信调制解调器向AP发送安全中断2。
907、AP在安全中断2的触发下运行AP中的TEE。此前由于AP的TEE环境可能在预设的一段时间内没有任务,能够自动进入低功耗状态,此时TEE软件或环境可以受到中断2的触发进入正常工作状态。
908、TEE检测到安全中断2之后,通知TA处理安全中断2,TA获取通信调制解调器与AP的共享内存中存储的反馈信息。
在步骤908之后,若用户发起锁网(或锁卡)的解锁校验时,该方法还包括:
909、CA向TA发送解锁密码。
910、TA接收CA发送的解锁密码,并判断该解锁密码与实际解锁密码是否相同。
若是,执行步骤911-913,若否,TA向CA返回解锁失败的信息。
911、TA关闭锁网(或锁卡)功能,并将指示信息存储在通信调制解调器与AP的共享内存中。
具体的,该指示信息用于指示通信调制解调器清除锁网(或锁卡)信息。
912、TA向通信调制解调器发送安全中断3。
913、通信调制解调器接收TA发送的安全中断3,并根据安全中断3在通信调制解调器与AP的共享内存中获取该指示信息,并根据该指示信息清除锁网(或锁卡)信息。
现有技术中,锁网(或锁卡)的配置在通信调制解调器中完成,由于通信调制解调器的安全性相对于TA的安全性较低,因此,通过在TA中对锁网(或锁卡)信息进行配置可以提高锁网(或锁卡)信息的安全性。
在另一种应用场景下,为了保证终端设备与外部网络之间传输的数据的安全性和正确性,TA需要建立安全拨号连接,这样TEE就需要和通信调制解调器之间建立安全的数据通道,该情况下,专用通信信号处理器为通信调制解调器,如图10所示,该方法包括:
1001、CA向TA发送数据连接初始化请求。
具体的,步骤1001的触发条件可以为终端设备连接网络。
1002、TA根据CA发送的初始化请求对数据连接的信息进行配置。
具体的,数据连接的信息可以为服务器地址、服务器端口号或域名系统(Domain Name System,简称DNS)地址等信息。
1003、TA将数据连接的配置信息存储在AP与通信调制解调器的共享内存中。
1004、TA向通信调制解调器发送安全中断1。
1005、通信调制解调器接收TA发送的安全中断1,并根据安全中断1在AP与通信调制解调器的共享内存中获取数据连接的配置信息。
1006、通信调制解调器对数据连接的配置信息进行解析并保存。
1007、通信调制解调器将反馈信息存储在通信调制解调器与AP的共
享内存中。
其中,反馈信息用于告知TA通信调制解调器已成功获取数据连接的配置信息。
1008、通信调制解调器向AP发送安全中断2。
1009、AP在安全中断2的触发下运行AP中的TEE。此前由于AP的TEE环境可能在预设的一段时间内没有任务,能够自动进入低功耗状态,此时TEE软件或环境可以受到中断2的触发进入正常工作状态。
1010、TEE检测到安全中断2之后,通知TA处理安全中断2,TA获取通信调制解调器与AP的共享内存中存储的反馈信息。
1011、CA向通信调制解调器发送数据连接建立请求,该数据连接建立请求包括请求参数。
1012、通信调制解调器接收CA发送的数据连接建立请求,并将数据连接建立请求中的请求参数替换为TA下发的配置信息中的参数。
其中,由于CA发送的数据连接建立请求中的请求参数有可能是非法的或者错误的,将请求参数替换为TA下发的配置信息中的参数可以提高数据连接的安全性。
1013、通信调制解调器根据替换请求参数后的数据连接建立请求进行数据连接。
现有技术中,配置信息由CA向通信调制解调器下发,由于通信调制解调器与CA之间的数据传输通道不安全,因此,配置信息有可能被截获或非法修改,本申请中,通过TA向通信调制解调器下发配置信息,可以提高配置信息的安全性,同时,由于CA发送的数据连接建立请求中的请求参数有可能是非法的或者错误的,将CA向通信调制解调器下发的请求参数替换为配置信息中的参数,可以提高数据连接的安全性。
在本发明所提及的各个实施例,可选地,当AP在TEE环境下与专用通信信号处理器交互数据的时候,该共享内存或该内存中用于共享所述数据或信息的部分地址实际上只能被AP的TEE环境或TA所访问,而不能被REE或CA访问,从而保证安全性。或者说此时的共享内存的物理属性为安全打开状态,即高安全级别状态。
在本申请所提供的几个实施例中,应该理解到,所揭露的装置和方法,可以通过其它的方式实现,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)或处理器(processor)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、ROM、随机存取存储器(Random Access Memory,简称RAM)、磁碟或者光盘等各种可以存储程序代码的介质。
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以权利要求的保护范围为准。
Claims (20)
- 一种数据安全传输装置,其特征在于,包括:专用通信信号处理器和应用处理器;所述专用通信信号处理器,用于向所述应用处理器发送第一安全中断;所述应用处理器,用于运行富执行环境REE软件,所述REE软件包括运行在所述REE中的客户端应用CA,以及在所述第一安全中断的触发下运行可信执行环境TEE软件,所述TEE软件包括运行在所述TEE中的可信应用TA,且在所述TA的驱动下根据所述第一安全中断在所述专用通信信号处理器与所述应用处理器的共享内存中获取第一信息,所述第一信息为所述专用通信信号处理器需要传递给所述应用处理器的信息,所述TEE软件的安全性高于所述REE软件;所述专用通信信号处理器,还用于接收所述应用处理器发送的第二安全中断,并根据所述第二安全中断在所述共享内存中获取第二信息,所述第二信息为所述应用处理器需要传递给所述专用通信信号处理器的信息;所述应用处理器,还用于在所述TA的驱动下向所述专用通信信号处理器发送所述第二安全中断。
- 根据权利要求1所述的数据安全传输装置,其特征在于,还包括:所述共享内存。
- 根据权利要求1或2所述的数据安全传输装置,其特征在于,所述应用处理器还用于根据TEE启动参数启动所述TEE,所述TEE启动参数包括所述共享内存中被所述专用通信信号处理器和所述应用处理器使用的地址的值。
- 根据权利要求3所述的数据安全传输装置,其特征在于,还包括:只读存储器ROM;所述ROM,用于存储所述数据安全传输装置的启动程序;所述应用处理器,还用于在所述启动程序加载过程中配置所述TEE启动参数。
- 根据权利要求1-4任一项所述的数据安全传输装置,其特征在于,所述第二信息是针对所述专用通信信号处理器的参数的配置信息,所述应用处理器在所述TA的驱动下向所述专用通信信号处理器传递的所述配置信息优先级高于所述应用处理器在所述CA的驱动下向所述专用通信信号处理器传递的配置信息的优先级。
- 根据权利要求5所述的数据安全传输装置,其特征在于,所述参数包括网络协议IP类型,接入点名称APN,用户名,密码,鉴权类型和服务质量QOS中的至少一项。
- 根据权利要求1-6任一项所述的数据安全传输装置,其特征在于,所述专用通信信号处理器为通信调制解调器Modem、蓝牙处理器、无线保真WiFi处理器或语音处理器。
- 根据权利要求1-7任一项所述的数据安全传输装置,其特征在于,所述第一信息为指示信息、反馈信息或第一数据信息;当所述第一信息为指示信息时,所述第一信息用于指示所述应用处理器根据所述指示信息中的内容执行与所述指示信息相应的动作;当所述第一信息为反馈信息时,所述第一信息用于向所述应用处理器反馈所述专用通信信号处理器对所述第二信息的处理结果;当所述第一信息为第一数据信息时,所述应用处理器能够根据所述第一数据信息的类型对所述第一数据信息进行处理。
- 根据权利要求8所述的数据安全传输装置,其特征在于,所述第一数据信息为短信数据或语音数据。
- 根据权利要求1-7任一项所述的数据安全传输装置,其特征在于,所述第二信息为指示信息、反馈信息或第二数据信息;当所述第二信息为指示信息时,所述第二信息用于指示所述专用通信信号处理器根据所述指示信息中的内容执行与所述指示信息相应的动作;当所述第二信息为反馈信息时,所述第二信息用于向所述专用通信信号处理器反馈所述应用处理器对所述第一信息的处理结果;当所述第二信息为第二数据信息时,所述专用通信信号处理器能够根据所述第二数据信息的类型对所述第二数据信 息进行处理。
- 根据权利要求10所述的数据安全传输装置,其特征在于,所述第二数据信息为锁网或锁卡配置信息、数据连接配置信息或电话号码信息。
- 一种数据安全传输方法,其特征在于,包括:专用通信信号处理器将第一信息存储在所述专用通信信号处理器与应用处理器的共享内存中,所述第一信息为所述专用通信信号处理器需要传递给所述应用处理器的信息;所述专用通信信号处理器向所述应用处理器发送第一安全中断;所述应用处理器在所述第一安全中断的触发下运行所述应用处理器中的可信执行环境TEE,所述TEE包括运行在所述TEE中的可信应用TA,所述应用处理器还运行富执行环境REE软件,所述REE软件包括运行在所述REE中的客户端应用CA,所述TEE软件的安全性高于所述REE软件;所述应用处理器在所述TA的驱动下根据所述第一安全中断在所述共享内存中获取所述第一信息;所述应用处理器在所述TA的驱动下将第二信息存储在所述共享内存中并向所述专用通信信号处理器发送第二安全中断,所述第二信息为所述应用处理器需要传递给所述专用通信信号处理器的信息;所述专用通信信号处理器根据接收到的所述应用处理器发送的所述第二安全中断在所述共享内存中获取所述第二信息。
- 根据权利要求12所述的方法,其特征在于,所述应用处理器和所述专用通信信号处理器均属于数据安全传输装置,所述数据安全传输装置的只读存储器ROM中包括所述数据安全传输装置的启动程序,所述方法还包括:所述应用处理器在所述启动程序加载过程中配置TEE启动参数,所述TEE启动参数包括所述共享内存中被所述专用通信信号处理器和所述应用处理器使用的地址的值;所述应用处理器根据所述TEE启动参数启动所述TEE。
- 根据权利要求12或13所述的方法,其特征在于,所述第二信息是针对所述专用通信信号处理器的参数的配置信息,所述应用处理器在所述TA的驱动下向所述专用通信信号处理器传递的所述配置信息优先级高于所述应用处理器在所述CA的驱动下向所述专用通信信号处理器传递的配置信息的优先级。
- 根据权利要求14所述的方法,其特征在于,所述参数包括网络协议IP类型,接入点名称APN,用户名,密码,鉴权类型和服务质量QOS中的至少一项。
- 根据权利要求12-15任一项所述的方法,其特征在于,所述专用通信信号处理器为通信调制解调器Modem、蓝牙处理器、无线保真WiFi处理器或语音处理器。
- 根据权利要求12-16任一项所述的方法,其特征在于,所述第一信息为指示信息、反馈信息或第一数据信息;当所述第一信息为指示信息时,所述第一信息用于指示所述应用处理器根据所述指示信息中的内容执行与所述指示信息相应的动作;当所述第一信息为反馈信息时,所述第一信息用于向所述应用处理器反馈所述专用通信信号处理器对所述第二信息的处理结果;当所述第一信息为第一数据信息时,所述应用处理器能够根据所述第一数据信息的类型对所述第一数据信息进行处理。
- 根据权利要求17所述的方法,其特征在于,所述第一数据信息为短信数据或语音数据。
- 根据权利要求12-16任一项所述的方法,其特征在于,所述第二信息为指示信息、反馈信息或第二数据信息;当所述第二信息为指示信息时,所述第二信息用于指示所述专用通信信号处理器根据所述指示信息中的内容执行与所述指示信息相应的动作;当所述第二信息为反馈信息时,所述第二信息用于向所述专用通信信号处理器反馈所述应用处理器对所述第一信息的处理结果;当所述第二信息为第二数据信息时,所述专用通信信号处理器能够根据所述第二数据信息的类型对所述第二数据信息进行处 理。
- 根据权利要求19所述的方法,其特征在于,所述第二数据信息为锁网或锁卡配置信息、数据连接配置信息或电话号码信息。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP16892271.4A EP3410756B1 (en) | 2016-02-29 | 2016-07-25 | Secure data transmission device and method |
US16/115,464 US10531289B2 (en) | 2016-02-29 | 2018-08-28 | Secure data transmission apparatus and method |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610113629.6 | 2016-02-29 | ||
CN201610113629.6A CN105791284B (zh) | 2016-02-29 | 2016-02-29 | 一种数据安全传输装置及方法 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/115,464 Continuation US10531289B2 (en) | 2016-02-29 | 2018-08-28 | Secure data transmission apparatus and method |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017148083A1 true WO2017148083A1 (zh) | 2017-09-08 |
Family
ID=56386546
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2016/091603 WO2017148083A1 (zh) | 2016-02-29 | 2016-07-25 | 一种数据安全传输装置及方法 |
Country Status (4)
Country | Link |
---|---|
US (1) | US10531289B2 (zh) |
EP (1) | EP3410756B1 (zh) |
CN (2) | CN109871717A (zh) |
WO (1) | WO2017148083A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111353162A (zh) * | 2020-03-26 | 2020-06-30 | 中国人民解放军国防科技大学 | 基于TrustZone分核异步执行的主动可信计算方法及系统 |
Families Citing this family (38)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105611409B (zh) * | 2016-01-04 | 2019-12-27 | 京东方科技集团股份有限公司 | 一种广告机控制系统及其控制方法和广告机 |
CN109871717A (zh) | 2016-02-29 | 2019-06-11 | 华为技术有限公司 | 一种数据安全传输装置及方法 |
CN107786951A (zh) * | 2016-08-24 | 2018-03-09 | 中国移动通信有限公司研究院 | 一种信息处理方法及终端设备 |
CN106354687B (zh) * | 2016-08-29 | 2020-01-03 | 珠海市魅族科技有限公司 | 一种数据传输方法及系统 |
CN106548077B (zh) * | 2016-10-19 | 2019-03-15 | 沈阳微可信科技有限公司 | 通信系统和电子设备 |
CN106547633B (zh) * | 2016-10-19 | 2019-12-31 | 沈阳微可信科技有限公司 | 多通道通信系统和电子设备 |
CN106547618B (zh) * | 2016-10-19 | 2019-10-29 | 沈阳微可信科技有限公司 | 通信系统和电子设备 |
WO2018090201A1 (zh) * | 2016-11-15 | 2018-05-24 | 华为技术有限公司 | 一种安全的处理器芯片及终端设备 |
CN106603498B (zh) * | 2016-11-15 | 2020-01-10 | 华为技术有限公司 | 事件上报方法及装置 |
CN106791152B (zh) * | 2016-12-30 | 2019-08-27 | Oppo广东移动通信有限公司 | 一种通信方法及移动终端 |
CN106919847B (zh) * | 2017-03-02 | 2020-02-07 | 成都三零瑞通移动通信有限公司 | 一种基于android智能终端的加密通信防旁路方法 |
WO2019028766A1 (zh) * | 2017-08-10 | 2019-02-14 | 福建联迪商用设备有限公司 | 智能终端信息安全输入的方法及其系统 |
CN108040122B (zh) * | 2017-12-26 | 2020-06-19 | 迈普通信技术股份有限公司 | 文件传输方法及装置 |
CN108540442A (zh) * | 2018-02-08 | 2018-09-14 | 北京豆荚科技有限公司 | 一种访问可信执行环境的控制方法 |
CN110247877B (zh) * | 2018-03-07 | 2020-10-09 | 华为技术有限公司 | 一种离线管理指令的管理方法和终端 |
CN110321736A (zh) * | 2018-03-30 | 2019-10-11 | 厦门雅迅网络股份有限公司 | 双系统硬件设备共享方法及计算机可读存储介质 |
CN108595964A (zh) * | 2018-04-27 | 2018-09-28 | 北京可信华泰信息技术有限公司 | 一种基于固件的可信平台控制模块实现方法 |
CN108596598A (zh) * | 2018-04-27 | 2018-09-28 | 北京可信华泰信息技术有限公司 | 一种可信软件列表的更新方法 |
CN108614975A (zh) * | 2018-04-27 | 2018-10-02 | 北京可信华泰信息技术有限公司 | 一种基于完整性检测的安全验证方法 |
CN108664772A (zh) * | 2018-04-27 | 2018-10-16 | 北京可信华泰信息技术有限公司 | 一种保证系统安全性的方法 |
CN112655186B (zh) * | 2018-09-12 | 2021-10-22 | 华为技术有限公司 | 可信dns解析设备和方法 |
CN111046383B (zh) * | 2018-10-12 | 2023-10-13 | 华为技术有限公司 | 终端攻击防御方法、装置、终端及云服务器 |
CN111383015B (zh) | 2018-12-29 | 2023-11-03 | 华为技术有限公司 | 交易安全处理方法、装置及终端设备 |
WO2020150892A1 (zh) * | 2019-01-22 | 2020-07-30 | 深圳市汇顶科技股份有限公司 | 生物特征识别系统、方法和终端设备 |
CN109922056B (zh) | 2019-02-26 | 2021-09-10 | 创新先进技术有限公司 | 数据安全处理方法及其终端、服务器 |
CN110427274B (zh) * | 2019-07-16 | 2020-07-17 | 阿里巴巴集团控股有限公司 | Tee系统中的数据传输方法和装置 |
US11003785B2 (en) | 2019-07-16 | 2021-05-11 | Advanced New Technologies Co., Ltd. | Data transmission method and apparatus in tee systems |
CN110399235B (zh) | 2019-07-16 | 2020-07-28 | 阿里巴巴集团控股有限公司 | Tee系统中的多线程数据传输方法和装置 |
CN110442462B (zh) | 2019-07-16 | 2020-07-28 | 阿里巴巴集团控股有限公司 | Tee系统中的多线程数据传输方法和装置 |
US10699015B1 (en) | 2020-01-10 | 2020-06-30 | Alibaba Group Holding Limited | Method and apparatus for data transmission in a tee system |
CN110442463B (zh) * | 2019-07-16 | 2020-07-07 | 阿里巴巴集团控股有限公司 | Tee系统中的数据传输方法和装置 |
CN111148070B (zh) * | 2019-12-31 | 2021-06-15 | 华为技术有限公司 | V2x通信方法、装置及车辆 |
CN113192237B (zh) * | 2020-01-10 | 2023-04-18 | 阿里巴巴集团控股有限公司 | 支持tee和ree的物联网设备以及实现tee和ree间通信的方法 |
US11239874B2 (en) * | 2020-01-30 | 2022-02-01 | Deeyook Location Technologies Ltd. | System, apparatus, and method for providing wireless communication and a location tag |
CN112446042A (zh) * | 2020-12-14 | 2021-03-05 | 中国科学院信息工程研究所 | 加密方法和装置、解密方法和装置、移动终端和存储介质 |
CN112765085A (zh) * | 2020-12-29 | 2021-05-07 | 紫光展锐(重庆)科技有限公司 | 数据传输方法及相关装置 |
CN113486355B (zh) * | 2021-06-29 | 2023-03-14 | 北京紫光展锐通信技术有限公司 | 一种信息保存装置、方法、通信装置、芯片及其模组设备 |
CN113868673B (zh) * | 2021-12-06 | 2022-04-19 | 荣耀终端有限公司 | 漏洞检测方法和装置 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105022970A (zh) * | 2014-04-29 | 2015-11-04 | 晨星半导体股份有限公司 | 计算装置及计算装置的处理安全服务的方法 |
CN105307163A (zh) * | 2015-12-01 | 2016-02-03 | 恒宝股份有限公司 | 一种安全通信方法及装置 |
CN105791284A (zh) * | 2016-02-29 | 2016-07-20 | 华为技术有限公司 | 一种数据安全传输装置及方法 |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140075502A1 (en) * | 2012-09-11 | 2014-03-13 | Selim Aissi | Resource management of execution environments |
US9170957B2 (en) * | 2013-08-29 | 2015-10-27 | Qualcomm Incorporated | Distributed dynamic memory management unit (MMU)-based secure inter-processor communication |
CN103761123B (zh) * | 2013-12-31 | 2018-10-12 | 广州华多网络科技有限公司 | 功能启动方法、装置及终端 |
DE102014001843B3 (de) * | 2014-02-11 | 2015-05-13 | Giesecke & Devrient Gmbh | Mikroprozessorsystem |
CN103927170A (zh) * | 2014-04-09 | 2014-07-16 | 可牛网络技术(北京)有限公司 | 获取和提供软件服务的方法、装置及系统 |
US11107047B2 (en) * | 2015-02-27 | 2021-08-31 | Samsung Electronics Co., Ltd. | Electronic device providing electronic payment function and operating method thereof |
CN104778794B (zh) | 2015-04-24 | 2017-06-20 | 华为技术有限公司 | 移动支付装置和方法 |
-
2016
- 2016-02-29 CN CN201910110984.1A patent/CN109871717A/zh not_active Withdrawn
- 2016-02-29 CN CN201610113629.6A patent/CN105791284B/zh active Active
- 2016-07-25 WO PCT/CN2016/091603 patent/WO2017148083A1/zh active Application Filing
- 2016-07-25 EP EP16892271.4A patent/EP3410756B1/en active Active
-
2018
- 2018-08-28 US US16/115,464 patent/US10531289B2/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105022970A (zh) * | 2014-04-29 | 2015-11-04 | 晨星半导体股份有限公司 | 计算装置及计算装置的处理安全服务的方法 |
CN105307163A (zh) * | 2015-12-01 | 2016-02-03 | 恒宝股份有限公司 | 一种安全通信方法及装置 |
CN105791284A (zh) * | 2016-02-29 | 2016-07-20 | 华为技术有限公司 | 一种数据安全传输装置及方法 |
Non-Patent Citations (1)
Title |
---|
See also references of EP3410756A4 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111353162A (zh) * | 2020-03-26 | 2020-06-30 | 中国人民解放军国防科技大学 | 基于TrustZone分核异步执行的主动可信计算方法及系统 |
CN111353162B (zh) * | 2020-03-26 | 2022-06-07 | 中国人民解放军国防科技大学 | 基于TrustZone分核异步执行的主动可信计算方法及系统 |
Also Published As
Publication number | Publication date |
---|---|
CN105791284B (zh) | 2019-04-05 |
US10531289B2 (en) | 2020-01-07 |
CN109871717A (zh) | 2019-06-11 |
EP3410756A4 (en) | 2018-12-05 |
CN105791284A (zh) | 2016-07-20 |
US20180367989A1 (en) | 2018-12-20 |
EP3410756B1 (en) | 2019-12-25 |
EP3410756A1 (en) | 2018-12-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2017148083A1 (zh) | 一种数据安全传输装置及方法 | |
US10614212B1 (en) | Secure software containers | |
TWI489315B (zh) | 用於電子裝置之暫時安全開機流程之系統與方法 | |
US9698988B2 (en) | Management control method, apparatus, and system for virtual machine | |
EP2348442B1 (en) | Trusted graphics rendering for safer browsing on mobile devices | |
KR102157560B1 (ko) | 전자 디바이스의 무결성을 검증하기 위한 시스템 및 방법 | |
US8301119B2 (en) | Method and apparatus for validating integrity of a mobile communication device | |
US20160119143A1 (en) | User identity authenticating method, terminal, and server | |
US20200026882A1 (en) | Methods and systems for activating measurement based on a trusted card | |
US10045212B2 (en) | Method and apparatus for providing provably secure user input/output | |
US9113499B2 (en) | Multiple domain smartphone | |
US20090217375A1 (en) | Mobile Data Handling Device | |
KR20130031435A (ko) | 휴대용 단말의 암호화 키 생성 및 관리 방법 및 그 장치 | |
EP3720042B1 (en) | Method and device for determining trust state of tpm, and storage medium | |
KR20180081998A (ko) | 모바일 클라우드를 위한 안전 실행 환경 제공 장치 및 방법 | |
CN113127844A (zh) | 一种变量访问方法、装置、系统、设备和介质 | |
CN109450899B (zh) | 密钥管理方法及装置、电子设备、存储介质 | |
WO2018092289A1 (ja) | 情報処理装置 | |
KR20130041033A (ko) | 휴대용 단말의 암호화 키 생성 및 관리 방법 및 그 장치 | |
CN113434865A (zh) | 一种用于移动端的安全检测方法、装置、设备及存储介质 | |
Sharma | Onboard credentials: Hardware assisted secure storage of credentials | |
WO2024118799A1 (en) | Methods and systems for secure software delivery | |
KR20130110331A (ko) | 시큐어 os를 이용한 모바일 디바이스의 사용자 인증 시스템 및 사용자 인증 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 2016892271 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2016892271 Country of ref document: EP Effective date: 20180828 |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16892271 Country of ref document: EP Kind code of ref document: A1 |