WO2018090201A1 - 一种安全的处理器芯片及终端设备 - Google Patents
一种安全的处理器芯片及终端设备 Download PDFInfo
- Publication number
- WO2018090201A1 WO2018090201A1 PCT/CN2016/105942 CN2016105942W WO2018090201A1 WO 2018090201 A1 WO2018090201 A1 WO 2018090201A1 CN 2016105942 W CN2016105942 W CN 2016105942W WO 2018090201 A1 WO2018090201 A1 WO 2018090201A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- processor
- application
- security
- secure
- execution environment
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/544—Buffers; Shared memory; Pipes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3227—Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/357—Cards having a plurality of specified features
- G06Q20/3576—Multiple memory zones on card
- G06Q20/35765—Access rights to memory zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/40—Security arrangements using identity modules
Definitions
- the present invention relates to the field of processor technologies, and in particular, to a secure processor chip and a terminal device.
- the operating system of the smart terminal device mainly focuses on the functional requirements. It is not from the perspective of security, and the openness, bulkiness and complexity of the entire system cannot eliminate the corresponding system vulnerabilities, causing some to exploit these vulnerabilities. The malicious program continues to appear, causing the application to be at risk. Although some software protection methods, such as firewalls and anti-virus software, can be used for corresponding protection, due to frequent system upgrades and new types of virus programs, protection through software protection does not prevent security risks.
- the invention provides a processor chip.
- the memory controller in the processor chip defines a secure area as a secure memory in the memory of the processor chip.
- the application processor of the processor chip When the application processor of the processor chip is to access the secure element, the application processor first enters a trusted execution environment, and in the trusted execution environment, the security application writes data to the Secure memory.
- the communications processor however, needs to extract data from the secure memory in a trusted execution environment and then forward the data to the secure element. Since the application processor and the communication processor need to be in a trusted execution environment when accessing the secure memory, and access the secure memory only through the secure application, the present invention
- the processor chip of the present invention can ensure the security of data transmitted between the application processor and the secure element.
- the secure element is integrated inside the processor chip.
- the memory controller only allows access requests with security attributes to access the secure memory.
- the application executed by the application processor is divided into a general application and a security application.
- the normal application causes the application processor to enter a trusted execution environment, and the application processor is in the trusted execution environment
- the security application is executed under.
- the normal application When the application processor needs to access the secure element in the process of executing the normal application, the normal application initiates an interrupt, and the interrupt causes the application processor to suspend the normal application and enter a trusted execution environment. And call the corresponding security application.
- the access request issued by the application processor for the secure memory in the trusted execution environment has a security attribute.
- the application processor executes a secure application and writes an instruction request for the secure element to the secure memory under a command of the secure application.
- the security application then initiates an interrupt.
- the interrupt causes the application processor to suspend the secure application and notify the communication processor to extract data from the secure memory.
- the communication processor may always be in a trusted execution environment, or may enter the trusted execution environment after receiving the interrupt initiated by the application processor after executing the security application. If the communication processor enters the trusted execution environment after receiving the interrupt, the communication processor exits the writing after writing the processing result of the secure element for the data to the secure memory Trusted execution environment.
- the communication processor can initiate an interrupt by a security application executed by it to notify the application processor to extract data from the secure memory.
- the interrupt can also be used to cause the communication processor to exit the trusted execution environment.
- both the application processor and the communication processor When the application processor and the communication processor initiate an access request to the secure memory in a trusted execution environment, both the application processor and the communication processor carry a security identifier in the access request.
- the security identifier is used to indicate that the access request has a security attribute.
- the communication processor is configured to perform format conversion on data according to requirements of various protocols, for example, For data to be transmitted through the wireless port, the communication processor formats the data in accordance with the requirements of the communication standard; for the data to be transmitted to the secure element, the communication processor is based on the system within the secure element The requirement is to format the data.
- the communication processor When the communication processor is to process a format conversion of a plurality of data, the communication processor preferentially processes the format conversion of the data transmitted by the secure application.
- the interrupt sent by the application processor and the communication processor to each other can be transmitted through a dedicated interrupt port or via a bus.
- the instruction request sent by the application processor to the secure element includes: identity verification, certificate update, extraction of random numbers, encryption and decryption, scrambling, descrambling or status recognition.
- the status identification refers to the confirmation of whether the secure element can meet the requirements of a security application.
- FIG. 1 is a schematic diagram of a security system according to an embodiment of the present invention.
- FIG. 2 is a schematic diagram showing a network transaction process under the security system according to an embodiment of the present invention.
- FIG. 3 is a schematic flowchart of a certificate downloading in a security system according to an embodiment of the present invention.
- FIG. 4 is a flowchart showing the operation of the communication processor in the embodiment of the present invention.
- the processor chip is the core device in the mobile terminal, which bears the most important function of the terminal device.
- the processor chip calls various data and processes the data according to the requirements of various applications.
- the malicious program or the attack steals the data, causing the leakage of the sensitive information of the user.
- the embodiments of the present invention aim to improve the security of the processor chip itself by hardware methods, thereby protecting the private information of the terminal device user.
- FIG. 1 is a schematic diagram of a security system according to an embodiment of the present invention.
- the security system includes applications The processor 12, the communication processor 14, the memory controller 15, the secure memory 16, and the security element 18 (SE).
- the application processor 12, the communication processor 14, and the memory controller 15 are integrated inside a processor chip.
- the memory controller delimits the area of the memory as a secure memory 16 and allows only the access request with the security attribute to read and write the secure memory 16.
- the secure element 18 is typically present as a peripheral to the terminal device and is communicatively coupled to the processor chip via a slot.
- at least one of the memory and the secure element may also be integrated inside the chip, which does not affect the implementation of the present invention.
- the application processor 12 is generally a CPU (Central Processing Unit) in the processor chip for calling an application in an application set to implement various functions. Based on security considerations, the application processor 12 is configured with two execution environments: a Rich Execution Environment (REE) and a Trusted Execution Environment (TEE).
- REE Rich Execution Environment
- TEE Trusted Execution Environment
- the hardware and software resources of the processor chip can be identified as belonging to one of two execution environment states. In this way, it is ensured that the hardware and software resources with security requirements are executed by the application processor in the trusted execution environment; the hardware and software resources without security requirements are executed by the application processor in the normal execution environment.
- a commonly used mobile operating system such as Android is run in a normal running environment, and a secure operating system is run in a trusted execution environment.
- the secure operating system can The function is simple, the code is small, closed and can be controlled by humans.
- This practice of ensuring the security of hardware and software resources in a trusted execution environment through the division of the common operating environment and the trusted execution environment has long precedent in the industry, such as the ARM division (ARM known as "Acorn RISC Machine”). Trustzone (security domain) technology, and Intel (Intel)'s multi-CPU technology.
- Trustzone security domain
- Intel Intel
- a secure application that is, an application with security requirements, such as a verification program in a transaction.
- Security application is only Deployed in a secure operating system in a trusted execution environment and provides security services for common applications deployed in mobile operating systems.
- a security interruption also known as Inter-Process Communication, IPC for short.
- the security interrupt suspends the normal application and causes the application processor to switch from the normal running environment to the trusted execution environment, and invokes and accesses the hardware and software resources in the trusted execution environment.
- IPC Inter-Process Communication
- Security element 18 contains an encryption, decryption or authentication program associated with the security application for providing encryption, decryption or authentication services to the data.
- the most common security component currently available is the SIM card (Subscriber Identification Module).
- the SIM card is usually issued by the operator, and the authentication system (such as U shield and user identification system) required by the operator service or network transaction is solidified therein, and the corresponding environment system (such as coprocessor, Java platform, etc.) is provided.
- the current security element is usually present as a peripheral device, and is received in a corresponding slot of the smart terminal through a special interface and is in communication with the processor chip.
- secure components are hardened as hardware within the smart terminal. In the chip industry, along with the increase in chip integration, security components are considered to be integrated into the chip.
- the communication processor 14 is used for format conversion of data. In the field of processor chips, it is generally called a modem, and is used for format conversion of data according to various protocols (such as 3G and 4G communication protocols). .
- the built-in system of the secure element 18 also has its own unique data format requirements. Thus, when the secure application executed by application processor 12 requires access to secure element 18, communication processor 14 provides format conversion for data between application processor 12 and secure element 18.
- the memory controller 15 is set to allow only the access request having the security attribute to read and write the secure memory 16.
- the access request with the security attribute means that the access request carries a feature that can be identified, such as an identifier or a feature code, and the feature can be recognized by the memory controller 15 as an access point.
- the application processor 12 when the application processor 12 needs to access the secure memory 16 in the process of executing the secure application in the trusted execution environment, the application processor 12 sends a response to the memory controller 15 via the bus.
- Security memory 16 access request The access request carries an identifier of the security state under the operation of the security application to identify that the access request has a security attribute.
- the security application being executed will initiate a security interrupt again.
- the security interrupt informs the communication processor 14 to suspend the application it is executing and, as a notification, causes the communication processor 14 to enter the trusted execution environment and read the data from the secure memory.
- the access request sent by the communication processor 14 entering the trusted execution environment carries an identification of the secure state such that the communication processor 14 can access the secure memory 16.
- the application processor 12 can fall back to the normal operating environment to continue executing the normal application.
- the communication processor 14 also initiates a secure interrupt to the application processor 12.
- the application processor 12 and the communication processor 14 are not required to mutually advertise the address of the data in the memory, but use a preset manner so that the application processor 12 and the communication processor 14 are to be accessed.
- the secure memory is 16
- the default address is targeted. This saves the program of sending data address information in secure memory.
- the address information of the data in the secure memory can also be transferred between the application processor 12 and the communication processor 14 using a bus or other interface.
- the communication processor 14 is also responsible for transmitting the data returned by the secure element to the application processor 12.
- the most common security element SIM card although configured with a coprocessor, is likely to have no ability to generate a secure interrupt.
- the communication processor 14 can be set that the communication processor 14 does not exit the trusted execution environment after entering the trusted execution environment and transmitting data to the secure element 18.
- the communication processor 14 exits the trusted execution environment after receiving the returned data from the secure element 18 and writing the returned data to the secure memory 16.
- the communication processor 14 can be configured to carry an identification of the security state in the access request to the secure memory 16 transmitted in the trusted execution environment.
- the communication processor 14 In order for the communication processor 14 to be in a trusted execution environment when accessing the secure memory 16, there are other ways, for example, that the communication processor 14 can remain in a trusted execution environment, ie, communicate, when the chip is powered up.
- the access request sent by the processor 14 always carries a security status identifier.
- the communication processor 14 After receiving the access request from the application processor 12, the communication processor 14 records the status of the access request, such as whether it has a security attribute, through a certain security application. If the access request is recorded as having a security attribute, when the communication processor 14 receives the processing result of the access request from the secure element 18, the communication processor 14 adds the processing result through the security application. Safety signs.
- the main function of the communication processing is to convert the data format according to the content of the protocol, the type of application that needs to be handled is much smaller than that of the application processor, and therefore, a set of applications that can be executed in the trusted execution environment are set for the communication processor, and Not too complicated, and most can be done by chip vendors.
- an application processor needs to handle a wide variety of applications that need to be executed in a trusted execution environment. It is difficult for the application provider to update the application according to the requirements of the trusted execution environment. Therefore, the application processor needs to switch between the trusted execution environment and the normal execution environment to handle the security application and the general application, and the communication processor 14 can always be in a trusted execution environment.
- the application processor is always in the trusted execution environment. possible.
- an application being executed needs to transmit sensitive information with firmware in the secure element, it is initiated by a security application in a trusted execution environment, and the application processor is passed through the secure memory. Information is communicated with the communication processor, and the communication with the secure element is performed by a communication processor in a trusted execution environment. In the whole process, no non-secure devices or paths are added, which effectively ensures the security of sensitive information.
- the security element is part of the security system. But because the security element is often used as a peripheral device that holds sensitive data. Therefore, from another perspective, the security system of the embodiment of the present invention can also be regarded as an application only.
- the processor, communications processor, secure memory, and memory controller are used to access sensitive data in the secure element.
- FIG. 2 is a schematic diagram of a network transaction process under the security system according to an embodiment of the present invention.
- a normal application such as a browser
- the normal application invokes a security application responsible for the transaction to initiate a financial transaction request.
- a verification message is first sent to verify the status of the current secure element, for example, to confirm whether the secure element can support the operation of the current secure application (ie, to obtain the current SE status, see S202, S203, S204).
- the verification information carries information about the security application.
- the verification message is received by the communication processor through the secure memory.
- the communication processor converts the verification message into a format that the secure element can recognize, such as an APDU format (Application Protocol Data Unit).
- APDU format Application Protocol Data Unit
- the communication processor transmits the converted verification message to the secure element.
- the security element maintains an application identification list (AID table) in which a list of applications supported by the secure element and corresponding status information such as a version number are recorded.
- the security element searches the AID table according to the security application information carried in the verification message, and determines whether it can meet the requirements of the security application, and generates a determination result.
- the judgment result is returned to the application processor via the communication processor and the secure memory (see S205, S206, S207).
- the security application confirms whether the secure element can support the transaction based on the determination result (S208). If the secure element is capable of supporting the transaction, the secure application also requires signature and verification information to the secure element via the secure memory (S209, S210, S211).
- the secure element returns the signature and verification information to the application processor via the secure memory.
- the security application will continue to execute the remaining transaction links, such as collecting transaction information such as the user's account information and password, through the signature and the school.
- the verification information encrypts the user's transaction information and sends it to the operator's side server.
- the secure element can be used to store bank certificate information for online transactions, using the security system of the embodiment of the present invention, and the certificate information can be downloaded or updated through the network.
- the download process of the bank certificate is recorded in FIG.
- the process of certificate downloading is basically carried out under the control of the security application: the security application is responsible for the completion and TSM (Trusted Service Management, The trusted application manages the data interaction of the server; the security application is responsible for obtaining the identity information of the secure component and sending it to the designated TSM server; the security application sends the write information sent by the TSM server to the communication processor through the secure memory. The rest of the work is done in communication processors and secure components in a trusted execution environment. During the entire download process, sensitive data is run in a secure environment without data leakage due to illegal program interference.
- TSM Trustet Service Management
- the security application and the TSM server can negotiate the communication key and the complete protection key to ensure that the security application and the TSM interaction data are confidential and complete.
- the communication key and the complete protection key can be negotiated after the security application and the TSM establish a connection successfully, and the password is stored in the security application with high security. This method can avoid download errors when data is sent to the secure element due to transmission link errors.
- the communication processor mentioned in the above embodiment is a wirelessly connected interface controller (such as Blue Tooth Crtl, that is, a Bluetooth controller).
- the interface controller needs to be set to be able to run in a trusted execution environment and have a corresponding security application.
- the interface controller integrated in the chip or installed in the terminal device enters the trusted execution environment under the control of the security interrupt, and obtains the sensitive data from the secure memory. .
- the interface controller formats the sensitive data and then transmits the Bluetooth to the secure element of the wireless connection via Bluetooth.
- FIG. 4 is a processing logic diagram of a communication processor upon receiving request data destined for a secure element.
- the communication processor first confirms whether the request data has a security attribute. If the request data has a security attribute, the communication processor determines whether the source of the request data is a security application under the application processor, and if so, the communication processor formats the security application Convert and send to the secure element. If the request data does not have a security attribute, the communication processor also performs format conversion on the request data, but reduces its processing priority, and first performs format conversion of the request data with security attributes.
- the communication processor sends an error message and does not forward the request data. This is because some common applications, such as expired applications, applications that do not follow security specifications, hacking programs, etc., will be common. Executing tasks with security requirements in the execution environment and adding security identifiers to the data obviously does not meet security requirements, so the communication processor will refuse to forward such request data.
- the disclosed system, apparatus, and method may be implemented in other manners.
- the device embodiments described above are merely illustrative.
- the division of the unit is only a logical function division.
- there may be another division manner for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed.
- the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
- the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
- each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
- the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Business, Economics & Management (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Mathematical Physics (AREA)
- Automation & Control Theory (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Power Engineering (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (10)
- 一种处理器芯片,其特征在于,包括应用处理器、通信处理器及内存控制器,所述内存控制器用于在内存中划定区域作为安全内存,并只允许具有安全属性的访问请求访问所述安全内存,所述应用处理器用于在普通执行环境下执行普通应用,在所述普通应用触发下进入可信执行环境,在所述可信执行环境下执行安全应用,以及,通过所述安全应用将针对安全元件的指令请求写入所述安全内存,其中,在所述可信执行环境下,所述应用处理器发送的针对所述安全内存的访问请求具有安全属性,所述通信处理器用于在可信执行环境下自所述安全内存中读取所述指令请求,将所述指令请求发送给所述安全元件。
- 如权利要求1所述的处理器芯片,其特征在于,在所述可信执行环境下,所述应用处理器和通信处理器用于在发出给所述安全内存的数据或请求中携带安全标识,所述安全标识用于指示所述安全属性。
- 如权利要求1或2所述的处理器芯片,其特征在于,当所述应用处理器将所述指令请求写入所述安全内存后,所述应用处理器用于向所述通信处理器发送中断,所述中断使所述通信处理器进入可信执行环境。
- 如权利要求3所述的处理器芯片,其特征在于,所述应用处理器在发出所述中断后,所述应用处理器用于挂起所述安全应用。
- 如权利要求1-4任一项所述的处理器芯片,其特征在于,所述通信处理器用于按照所述安全元件的要求对所述指令请求进行格式转换。
- 如权利要求1-5任一项所述的处理器芯片,其特征在于,所述应用处理器还用于当所述应用处理器向所述安全内存中写入所述指令请求之后,挂起所述安全应用并退出所述可信执行环境,当所述通信处理器将所述处理结果写入 所述安全内存后,所述通信处理器会向所述应用处理器发起中断,使得所述应用处理器再次进入所述可信执行环境。
- 如权利要求6所述的处理器芯片,其特征在于,再次进入可信执行环境后,所述应用处理器用于再次调用所述安全应用,并通过所述安全应用从所述安全内存中提取所述处理结果。
- 如权利要求1-7任一项所述的处理器芯片,其特征在于,所述安全元件被集成在所述处理器芯片内部。
- 如权利要求1-8任一项所述的处理器芯片,其特征在于,所述指令请求包括身份验证、证书更新、提取随机数、加解密、加扰、解扰或者状态识别。
- 一种终端设备,其特征在于,所述终端设备包括了如权利要求1-9任意一项中记述的处理器芯片,以及所述安全元件。
Priority Applications (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP16921992.0A EP3534583B1 (en) | 2016-11-15 | 2016-11-15 | Secure processor chip and terminal device |
KR1020197009011A KR20190039603A (ko) | 2016-11-15 | 2016-11-15 | 보안 프로세서 칩 및 단말 장치 |
BR112019005604A BR112019005604A2 (pt) | 2016-11-15 | 2016-11-15 | chip de processador e dispositivo terminal |
PCT/CN2016/105942 WO2018090201A1 (zh) | 2016-11-15 | 2016-11-15 | 一种安全的处理器芯片及终端设备 |
CN201680090854.0A CN109952751B (zh) | 2016-11-15 | 2016-11-15 | 一种安全的处理器芯片及终端设备 |
TW106139458A TW201820201A (zh) | 2016-11-15 | 2017-11-15 | 安全的處理器晶片及終端設備 |
US16/394,875 US11126753B2 (en) | 2016-11-15 | 2019-04-25 | Secure processor chip and terminal device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2016/105942 WO2018090201A1 (zh) | 2016-11-15 | 2016-11-15 | 一种安全的处理器芯片及终端设备 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/394,875 Continuation US11126753B2 (en) | 2016-11-15 | 2019-04-25 | Secure processor chip and terminal device |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2018090201A1 true WO2018090201A1 (zh) | 2018-05-24 |
Family
ID=62145029
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2016/105942 WO2018090201A1 (zh) | 2016-11-15 | 2016-11-15 | 一种安全的处理器芯片及终端设备 |
Country Status (7)
Country | Link |
---|---|
US (1) | US11126753B2 (zh) |
EP (1) | EP3534583B1 (zh) |
KR (1) | KR20190039603A (zh) |
CN (1) | CN109952751B (zh) |
BR (1) | BR112019005604A2 (zh) |
TW (1) | TW201820201A (zh) |
WO (1) | WO2018090201A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114499958A (zh) * | 2021-12-24 | 2022-05-13 | 东软睿驰汽车技术(沈阳)有限公司 | 控制方法及装置、车辆及存储介质 |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102605461B1 (ko) * | 2018-09-20 | 2023-11-23 | 삼성전자주식회사 | 보안 엘리먼트를 이용하여 서비스를 제공하는 전자 장치 및 그의 동작 방법 |
CN111045605B (zh) * | 2019-12-12 | 2023-10-20 | 海光信息技术股份有限公司 | 利用处理器缓存和安全处理器改进系统安全性的技术方案 |
US11436343B2 (en) * | 2019-12-31 | 2022-09-06 | Arm Limited | Device, system, and method of policy enforcement for rich execution environment |
CN113014539B (zh) * | 2020-11-23 | 2022-05-17 | 杭州安芯物联网安全技术有限公司 | 一种物联网设备安全保护系统及方法 |
CN113268353A (zh) * | 2021-06-11 | 2021-08-17 | 海光信息技术股份有限公司 | 一种提供可信内存的方法、装置、处理器芯片和电子设备 |
WO2023136531A1 (ko) * | 2022-01-14 | 2023-07-20 | 삼성전자 주식회사 | 보안 장치를 운영하기 위한 전자 장치 및 그의 동작 방법 |
CN114500054B (zh) * | 2022-01-27 | 2024-03-01 | 百度在线网络技术(北京)有限公司 | 服务访问方法、服务访问装置、电子设备以及存储介质 |
CN114911726B (zh) * | 2022-07-15 | 2022-10-04 | 飞腾信息技术有限公司 | 数据传输方法、相关装置、系统及计算机可读存储介质 |
CN114912107B (zh) * | 2022-07-15 | 2022-10-25 | 飞腾信息技术有限公司 | 访问管理方法、相关装置、系统及计算机可读存储介质 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009147548A2 (en) * | 2008-05-27 | 2009-12-10 | Nxp B.V. | Method for storing nfc applications in a secure memory device |
CN101840391A (zh) * | 2010-05-17 | 2010-09-22 | 深圳视融达科技有限公司 | 一种电子支付系统双处理器子系统间通信及其调用方法 |
CN104318182A (zh) * | 2014-10-29 | 2015-01-28 | 中国科学院信息工程研究所 | 一种基于处理器安全扩展的智能终端隔离系统及方法 |
CN105791284A (zh) * | 2016-02-29 | 2016-07-20 | 华为技术有限公司 | 一种数据安全传输装置及方法 |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4683442B2 (ja) * | 2000-07-13 | 2011-05-18 | 富士通フロンテック株式会社 | 処理装置および集積回路 |
US7426644B1 (en) | 2001-12-05 | 2008-09-16 | Advanced Micro Devices, Inc. | System and method for handling device accesses to a memory providing increased memory access security |
US20130139230A1 (en) * | 2006-09-24 | 2013-05-30 | Rfcyber Corporation | Trusted Service Management Process |
EP2377082A4 (en) * | 2008-12-23 | 2015-05-06 | Mtn Mobile Money Sa Pty Ltd | METHOD AND SYSTEM FOR SAFE PROCESSING OF TRANSACTIONS |
US10771448B2 (en) | 2012-08-10 | 2020-09-08 | Cryptography Research, Inc. | Secure feature and key management in integrated circuits |
CN107547571B (zh) | 2012-11-21 | 2021-06-22 | 苹果公司 | 用于管理访问控制的方法和访问控制客户端供应服务器 |
CN103942678A (zh) * | 2014-04-01 | 2014-07-23 | 武汉天喻信息产业股份有限公司 | 一种基于可信执行环境的移动支付系统及方法 |
CN103971067B (zh) * | 2014-05-30 | 2015-06-03 | 中国人民解放军国防科学技术大学 | 支持核内外实体的操作系统内核统一访问控制方法 |
CN104331329B (zh) * | 2014-09-30 | 2017-12-01 | 上海斐讯数据通信技术有限公司 | 支持域管理的移动办公安全系统及方法 |
CN104318135B (zh) * | 2014-10-27 | 2017-04-05 | 中国科学院信息工程研究所 | 一种基于可信执行环境的Java代码安全动态载入方法 |
CN104392188B (zh) * | 2014-11-06 | 2017-10-27 | 三星电子(中国)研发中心 | 一种安全数据存储方法和系统 |
CN105260663B (zh) * | 2015-09-15 | 2017-12-01 | 中国科学院信息工程研究所 | 一种基于TrustZone技术的安全存储服务系统及方法 |
-
2016
- 2016-11-15 WO PCT/CN2016/105942 patent/WO2018090201A1/zh unknown
- 2016-11-15 EP EP16921992.0A patent/EP3534583B1/en active Active
- 2016-11-15 KR KR1020197009011A patent/KR20190039603A/ko not_active Application Discontinuation
- 2016-11-15 BR BR112019005604A patent/BR112019005604A2/pt not_active Application Discontinuation
- 2016-11-15 CN CN201680090854.0A patent/CN109952751B/zh active Active
-
2017
- 2017-11-15 TW TW106139458A patent/TW201820201A/zh unknown
-
2019
- 2019-04-25 US US16/394,875 patent/US11126753B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009147548A2 (en) * | 2008-05-27 | 2009-12-10 | Nxp B.V. | Method for storing nfc applications in a secure memory device |
CN101840391A (zh) * | 2010-05-17 | 2010-09-22 | 深圳视融达科技有限公司 | 一种电子支付系统双处理器子系统间通信及其调用方法 |
CN104318182A (zh) * | 2014-10-29 | 2015-01-28 | 中国科学院信息工程研究所 | 一种基于处理器安全扩展的智能终端隔离系统及方法 |
CN105791284A (zh) * | 2016-02-29 | 2016-07-20 | 华为技术有限公司 | 一种数据安全传输装置及方法 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114499958A (zh) * | 2021-12-24 | 2022-05-13 | 东软睿驰汽车技术(沈阳)有限公司 | 控制方法及装置、车辆及存储介质 |
CN114499958B (zh) * | 2021-12-24 | 2024-02-09 | 东软睿驰汽车技术(沈阳)有限公司 | 控制方法及装置、车辆及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
BR112019005604A2 (pt) | 2019-07-02 |
CN109952751B (zh) | 2020-11-17 |
EP3534583B1 (en) | 2021-01-06 |
US11126753B2 (en) | 2021-09-21 |
US20190251298A1 (en) | 2019-08-15 |
TW201820201A (zh) | 2018-06-01 |
KR20190039603A (ko) | 2019-04-12 |
EP3534583A1 (en) | 2019-09-04 |
EP3534583A4 (en) | 2019-11-06 |
CN109952751A (zh) | 2019-06-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2018090201A1 (zh) | 一种安全的处理器芯片及终端设备 | |
US9210576B1 (en) | Extended trusted security zone radio modem | |
US11429950B2 (en) | Mobile payment apparatus and method | |
US9769854B1 (en) | Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system | |
US11743721B2 (en) | Protection of a communication channel between a security module and an NFC circuit | |
EP3050335B1 (en) | Systems and methods for nfc access control in a secure element centric nfc architecture | |
CN110414235B (zh) | 一种基于ARM TrustZone的主动免疫的双体系结构系统 | |
CN108140094B (zh) | 用于安全可信i/o访问控制的技术 | |
US9749294B1 (en) | System and method of establishing trusted operability between networks in a network functions virtualization environment | |
EP2973171B1 (en) | Context based switching to a secure operating system environment | |
US20110145592A1 (en) | Virtual Token for Transparently Self-Installing Security Environment | |
US9565168B1 (en) | System and method of a trusted computing operation mode | |
WO2019134494A1 (zh) | 验证信息处理方法、通信设备、业务平台及存储介质 | |
CN107209840B (zh) | 与所连接的外围设备的安全交易 | |
US20090217375A1 (en) | Mobile Data Handling Device | |
EP3048553A1 (en) | Method for distributing applets, and entities for distributing applets | |
JP2011034349A (ja) | 端末保護システム及び端末保護方法 | |
TWI657389B (zh) | 行動終端及其交易確認方法、裝置 | |
US20090172823A1 (en) | Management engine secured input | |
Tang et al. | Techniques for IoT System Security | |
EP3889865A1 (en) | Method for handling relay attack and secure element |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16921992 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 20197009011 Country of ref document: KR Kind code of ref document: A |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: 112019005604 Country of ref document: BR |
|
ENP | Entry into the national phase |
Ref document number: 2019522406 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2016921992 Country of ref document: EP Effective date: 20190529 |
|
ENP | Entry into the national phase |
Ref document number: 112019005604 Country of ref document: BR Kind code of ref document: A2 Effective date: 20190321 |