WO2020088323A1 - Capability exposure method and device - Google Patents

Capability exposure method and device Download PDF

Info

Publication number
WO2020088323A1
WO2020088323A1 PCT/CN2019/112731 CN2019112731W WO2020088323A1 WO 2020088323 A1 WO2020088323 A1 WO 2020088323A1 CN 2019112731 W CN2019112731 W CN 2019112731W WO 2020088323 A1 WO2020088323 A1 WO 2020088323A1
Authority
WO
WIPO (PCT)
Prior art keywords
tee
session
security
attribute information
security certificate
Prior art date
Application number
PCT/CN2019/112731
Other languages
French (fr)
Chinese (zh)
Inventor
王思善
赵晓娜
常新苗
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN201811478516.1A external-priority patent/CN111125705B/en
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to EP19879640.1A priority Critical patent/EP3866385A4/en
Priority to US17/290,497 priority patent/US20210359867A1/en
Publication of WO2020088323A1 publication Critical patent/WO2020088323A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • This application relates to the technical field of terminal security verification, and in particular, to a capability opening method and device.
  • TEE + SE security architecture passes the SE with a higher security level Cooperate with the TEE whose security level is lower than the SE to perform the business with higher security requirements in the terminal.
  • the SE and TEE cooperate to execute the business. Since the security level of the TEE is lower than the SE, in this way, in the case of a security vulnerability in the TEE, it may cause The security of business execution through the TEE + SE security architecture cannot be guaranteed.
  • the embodiments of the present application provide a capability opening method and device to solve the problem that the security of executing services through the TEE + SE security architecture in the prior art cannot be guaranteed.
  • the embodiments of the present application provide a capability opening method, which can be executed by the SE or a device (such as a chip system) capable of supporting the SE to implement the method.
  • the method executed by the SE is described as an example .
  • the method includes: the SE and the TEE establish a session for communication, and the SE sends the TEE an acquisition instruction for acquiring the security certificate of the TEE through the session. After that, a security certificate is generated based on the TEE attribute information, and the generated security certificate is sent to the SE through the session.
  • the SE receives the security certificate sent by the TEE through the session, the SE determines that the TEE is in accordance with the security certificate and the preset security policy.
  • the SE opens the first capability to the third-party service in the SE, where the first capability is implemented based on the second capability of the TEE.
  • the SE when the business is executed through the TEE + SE security architecture, the SE can establish a communication session with the TEE before executing the business, and can obtain the TEE security certificate through the session request, and then the TEE security certificate and the The security policy established determines that TEE is in a safe state, and after determining that TEE is in a safe state, the first capability is opened to third-party services in the SE. In this way, the ability to open is only allowed when the TEE itself is in a safe state.
  • the third-party business within the SE can ensure the security of the business executed under the TEE + SE security architecture.
  • TEE can use the key to perform digital signature or message authentication code (MAC) operation on the TEE attribute information to generate a security certificate.
  • the generated security certificate may include TEE attribute information.
  • the key may include a private key of TEE, a pre-configured key, or a key negotiated by TEE and SE.
  • the TEE security certificate may include TEE attribute information.
  • the SE can determine that the TEE is in a safe state by determining that the TEE attribute information satisfies the preset security policy. In this way, the condition that the TEE is in a safe state can be set by the SE itself, so that the TEE can open the first capability realized based on the second capability of the TEE to a third party in the SE only when the TEE meets the safe status recognized by the SE Business can improve the security of business execution.
  • the second capability of TEE is not limited.
  • the second capability of TEE may include a trusted user interface (TUI) capability.
  • the attribute information of TEE may include TEE platform attribute information and / or TUI capability Attribute information.
  • the TEE platform attribute information may include but not limited to at least one of the following: TEE logo, TEE supplier or developer logo, TEE operating system version, TEE startup status, TEE life cycle status, TEE application Interface API version information, TEE's anti-rollback level, or version information of the interactive application in TEE.
  • the interactive application is a trusted application in TEE that communicates with the SE.
  • the attribute information of the TUI capability includes the peripheral type of TUI and / or the peripheral attribute of TUI.
  • the establishment of a communication session between the SE and the TEE may be initiated by the SE or established by the TEE.
  • This application focuses on the method for the SE to initiate the establishment of the session.
  • the SE actively initiates the establishment of a session for communication with the TEE.
  • the SE sends a session establishment request message to the TEE.
  • the session establishment request message is used to request to establish a session with the TEE.
  • the SE receives the session establishment response message sent by the TEE.
  • the session establishment response message is used to indicate confirmation to establish the session.
  • the SE actively initiates the process of establishing a session, and can establish a session with the TEE when the SE has a communication requirement, which can avoid unnecessary waste of communication resources.
  • the SE may also trigger an interrupt signal through the communication module.
  • the interrupt signal is used to instruct the TEE to receive the session establishment request message.
  • the SE can trigger an interrupt signal before initiating the session establishment, and the interrupt signal is used to instruct the TEE to receive the session establishment request message that the SE is about to send, so that the TEE can receive the session establishment request message more accurately.
  • the SE before determining that the TEE is in a safe state according to the security certificate and the preset security policy, the SE can also authenticate the security certificate and determine that the security certificate is generated by the TEE and has not been tampered with. In this way, the SE must verify the security certificate sent by the TEE to ensure that the security certificate is generated by the TEE and has not been tampered with. Through this method, double security verification of TEE is realized, so that the verification result of TEE is more accurate.
  • the SE may include the TEE attribute identifier in the acquisition instruction sent to the TEE.
  • the acquisition instruction is used to instruct the TEE to use the TEE attribute identifier corresponding to the TEE attribute identifier to generate a security certificate.
  • TEE can use the key to digitally sign or MAC the TEE attribute corresponding to the TEE attribute ID to generate a security certificate.
  • the SE carries the TEE attribute identifier in the acquisition instruction sent to the TEE, which can indicate the attributes of the TEE that the SE needs to verify, without the TEE sending all of its attribute information, which can save signaling overhead.
  • the SE after the SE determines that the TEE is in a safe state, it can also negotiate a communication key with the TEE, and the negotiated communication key is bound to the state of the TEE.
  • the communication key is used for the SE to communicate with the TEE.
  • the SE determines that the TEE is restarted or the attributes of the TEE are changed, the communication key is deleted.
  • the SE After verifying that TEE is in a safe state, the SE negotiates a communication key for communication with the TEE, which is bound to the state of the TEE, that is, as long as the state of the TEE has not changed, the TEE and the SE
  • the communication key is always used for communication, and SE does not need to verify the security status of TEE every communication, which can improve communication efficiency.
  • the SE determines that the TEE status has changed, it can delete the communication key, use the method provided in this application to perform security verification on the TEE again, and renegotiate the communication key.
  • an embodiment of the present application provides a capability opening device, the device having a function of implementing the SE behavior in the method example of the first aspect described above.
  • the function can be realized by hardware, or can also be realized by hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the above functions.
  • the device includes a communication module and a processing module, and in some possible implementations, a storage module may also be included. These modules may perform the corresponding functions in the method examples in the first aspect above. For details, see the method examples The detailed description is not repeated here.
  • the structure of the device includes a processor, a memory, and a transceiver, wherein the processor, the memory, and the transceiver may be connected through a bus; the processor calls storage The instructions in the memory execute the above method.
  • an embodiment of the present application provides a capability opening device, the device having a function of implementing the TEE behavior in the method example of the first aspect described above.
  • the function can be realized by hardware, or can also be realized by hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the above functions.
  • the device includes a communication module and a processing module, and in some possible implementations, a storage module may also be included. These modules may perform the corresponding functions in the method examples in the first aspect above. For details, see the method examples The detailed description is not repeated here.
  • the structure of the device includes a processor, a memory, and a transceiver, wherein the processor, the memory, and the transceiver may be connected through a bus; the processor calls storage The instructions in the memory execute the above method.
  • an embodiment of the present application further provides a computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, the computer is caused to execute the first aspect or any of the first aspect A method provided by design.
  • a computer program product is also provided in an embodiment of the present application, where the computer program product stores instructions that, when run on a computer, cause the computer to execute the first aspect or any one of the first aspects Design the method provided.
  • Figure 1 is a schematic diagram of an existing capability opening architecture
  • FIG. 3 is a schematic structural diagram of an embodiment provided by this application.
  • FIG. 5 is a schematic structural diagram of a capability opening device provided by an embodiment of the present application.
  • FIG. 6 is a schematic structural diagram of another capability opening device provided by an embodiment of the present application.
  • Terminal which can be a device that provides users with voice and / or data connectivity, also known as user equipment (UE), mobile station (MS), mobile terminal (MT) Wait.
  • UE user equipment
  • MS mobile station
  • MT mobile terminal
  • some examples of terminals are: mobile phones, tablets, laptops, PDAs, mobile Internet devices (MID), wearable devices, virtual reality (VR) devices, and augmented reality (augmented reality, AR) equipment, wireless terminals in industrial control, wireless terminals in self-driving, self-driving wireless terminals, wireless terminals in remote medical surgery, and smart grids Wireless terminals, wireless terminals in transportation safety, wireless terminals in smart cities, wireless terminals in smart homes, etc.
  • Rich execution environment refers to the operating environment that does not have specific security functions in the terminal.
  • the Android operating system is a rich execution environment.
  • a trusted execution environment (trusted execution environment) TEE is an operating environment that coexists in a terminal with a common execution environment (or rich execution environment (REE)).
  • TEE has security capabilities and can meet certain security requirements, and can achieve an operating mechanism isolated from REE.
  • TEE has its own operating space and defines strict protection measures, so it has a higher security level than REE, and can protect assets (such as data, software, etc.) in TEE from software attacks and resist specific types of security threats. Only authorized security software can be executed in TEE, and it also protects the confidentiality of security software resources and data. Compared with REE, TEE can better protect the security of data and resources due to its protection mechanisms such as isolation and permission control.
  • Trusted application refers to an application running in TEE, which can provide security-related services for client applications (CA) running outside TEE.
  • Client application usually refers to an application running in REE, but in the case of some TA calling TA, the TA that initiates the call can also serve as CA.
  • the CA can call the TA through the client application programming interface (API) and make the TA perform corresponding security operations.
  • API client application programming interface
  • Security unit refers to a hardware unit with anti-tampering and anti-hardware attack capabilities, with an independent processor that can provide security for applets or third-party services running in it Operating environment, and can guarantee the security and confidentiality of the assets stored in it.
  • Common security units are embedded security unit (embedded security element (eSE), inSE integrated into mobile phone system-on-chip (SoC), universal integrated circuit card (UICC), etc.).
  • Trusted user interface is a security function provided by the TEE operating system. It can be understood as a secure display interface controlled by TEE and can provide trust for each TA running in TEE.
  • the user interaction interface ensures that when used by the TA, the content cannot be obtained by REE or even other TAs, which can improve the security of the business.
  • the global platform organization (global platform) has standardized the common APIs of TUI, which is convenient for TA developers to use these APIs to develop TUI. Through TUI, the three most basic safe user interaction functions of safe display, safe input and safe indication mark can be realized. Businesses developed under the TEE + SE-based security architecture usually provide TUI capabilities. For example, in the financial field, the central bank's mobile phone shield specifications clearly require TUI to ensure the security of the interface for displaying secret passwords and signing content.
  • Root of trust refers to the computing engine, code and some data that may coexist on the same platform, which can provide security services. No other entity can provide credible proof (in summary or other form) for the initial state of code and data in the root of trust. In a more common understanding, some codes or hardware have been hardened enough to be unlikely to be destroyed, or cannot be modified at all, or cannot be modified without password credentials, so these codes or hardware can be used as The basis of trust, the relevant field is called the root of trust.
  • the root of trust is generally the first piece of code that is loaded into random access memory (RAM) after the device is started or directly runs in the chip.
  • RAM random access memory
  • a chain of trust can be extended-the root of trust holds the signature of the next module / boot code (bootloader), and the code in the root of trust before running the next module during the boot process First verify the signature of the next module (ensure that only authorized and tampered code can be executed), and the next module is allowed to execute after verification; in the same way, the verified module continues to verify the signature of its next-level module, This step by step verification until the system is fully started.
  • the startup process starts from the root of trust and extends a chain of trust for secure startup.
  • Security services that can be provided based on the root of trust include authentication, authorization, encryption, identification, integrity verification, measurement, measurement, reporting, and update , Or verification, etc.
  • metrics can provide a capability to reliably generate platform characteristics.
  • the report can report platform features in an undeniable way. Combining measurement and reporting allows the device to generate a security certificate.
  • the remote server can verify the status and credibility of the device's software, hardware, and firmware by verifying the security certificate reported by the device.
  • Trusted execution environment (TEE) + security unit (SE) security architecture refers to the architecture that provides security services for applications through the combination of TEE and SE.
  • Mobile phone shield is a product or application that uses a mobile phone to implement the USB key function of the bank.
  • the mobile phone shield adopts the TEE + SE security architecture.
  • the SE of the mobile phone can provide the mobile phone shield with a high security environment required for all functions such as cryptographic operations and CA digital certificates.
  • the mobile phone shield provides cryptographic computing support for mobile Internet applications and is used for identity authentication, electronic signatures, and data protection.
  • the mobile shield business is taken as an example to introduce the business execution process under the existing TEE + SE security architecture.
  • the mobile phone shield signature key is stored in the SE, and all signature operations are performed in the SE, thereby ensuring that the signing process reaches financial-level security.
  • the user can perform some large-value transactions or other highly sensitive operations on the mobile phone.
  • the signature information is sent to TEE, displayed through the TUI and confirmed by the user.
  • TUI has two important functions: 1. To ensure the security of the user's PIN input, only the mobile phone shield can be accessed, and the applications on the REE side and other applications in TEE cannot pass the screen reading, reading Obtain user input through keyboard and other methods to ensure that the PIN will not be leaked, and also ensure that the PIN is entered in real time. 2. Ensure that "seeing is what you sign" (or vice versa "signing what you see"), that is, the transaction information sent to the mobile phone shield for signature through TUI will not be tampered with or replaced. After confirming that the transaction information is correct, the information sent to the SE for signature is the information confirmed by the user.
  • FIG. 1 is a schematic diagram of an existing capability opening architecture.
  • the architecture includes three parts, namely SE, TEE and REE.
  • SE can be run in REE
  • TA can be run in TEE
  • third-party services also called third parties
  • SE can be run in SE.
  • Applet in addition, REE can also include SE access interface, SE access interface can be used to access the third-party business in SE, TEE can also include SE driver, SE driver to achieve communication capabilities with SE, TEE It can also include the TEE operating system (TEE OS).
  • TEE OS is used to manage and maintain the operation of TEE.
  • TEE OS can provide some TEE functions for the SE, for example, it can provide TUI capabilities, and the SE can also include a communication module.
  • SE can cooperate with TEE to execute the business.
  • TEE mainly provides TUI capabilities, and SE mainly performs security or cryptography-related operations.
  • the SE driver returns the interaction result to the SE communication module.
  • the SE directly executes the interaction result after receiving the interaction result through the communication module.
  • the security level is lower than the SE. In this way, in the case of a security hole in TEE itself, the security of executing business through the TEE + SE security architecture may not be guaranteed.
  • this application provides a capability opening method to solve the problem that the security of executing services through the TEE + SE security architecture in the prior art cannot be guaranteed.
  • FIG. 2 is an implementation flowchart of a capability opening method provided by an embodiment of the present application.
  • the method includes:
  • S101 The SE and TEE establish a session for communication.
  • the SE and the TEE establish a communication session, which may be initiated by the SE or established by the TEE.
  • TEE can actively establish a session with the SE through the SE driver, send a session establishment request to the SE, and the SE passively responds to the request
  • the method for actively establishing the session initiated by TEE will not be described in detail. This application focuses on the method for actively establishing the session initiated by the SE.
  • the SE When the SE initiates the establishment of a session for communication with the TEE, the SE sends a session establishment request message to the TEE.
  • the session establishment request message is used to request a session establishment with the TEE.
  • the TEE After receiving the session establishment request message, the TEE sends the session establishment request message to the SE A session establishment response message, which is used to indicate confirmation of the establishment of the session, and the SE receives the session establishment response message sent by the TEE to complete the session establishment with the TEE.
  • the SE actively initiates the process of establishing a session, and can establish a session with the TEE when the SE has communication needs, which can avoid unnecessary waste of communication resources.
  • the above-mentioned process for the SE to initiate the establishment of the session can be in the process of initializing the SE's operating environment (which can be understood as the power-on startup process of the SE), or after the SE's operating environment is initialized Execute after a period of time.
  • the SE may also trigger an interrupt signal through the communication module.
  • the interrupt signal is used to instruct the TEE to receive the session establishment request message. It can be understood that the interrupt signal can be used as a signal for the SE to initiate session establishment actively.
  • both SE and TEE can learn that the SE is about to initiate session establishment actively, and then can complete the session For the establishment of preparation, the upper layer of SE and TEE realizes the interaction of instructions through the standard API interface of TEE and SE interaction, which can make TEE receive the session establishment request message more accurately.
  • the above communication module for triggering the interrupt signal may be an inter-core communication (IPC) module or other underlying hardware modules.
  • IPC inter-core communication
  • the session establishment request message sent by the SE to the TEE may be an IPC instruction specifically set for the SE to initiate a session establishment, and the flag bit of the IPC instruction may be used to instruct the SE to establish a session with the TEE.
  • TEE receives the IPC instruction through the mailbox, it executes to receive the session establishment request message sent by the SE.
  • a TUI agent (TUI agent) can be set up specifically in the SE.
  • an application module SE -TA, as shown in Figure 3. See the description below for specific functions.
  • the SE and the TEE establish a session for communication.
  • the TUI agent in the SE and the SE-TA in the TEE can establish the session through the standard API for interaction between the TEE and the SE.
  • the SE driver in the TEE (which can act as the communication agent of the SE) parses the interrupt signal after obtaining the interrupt signal , And trigger the SE-TA in TEE to establish a session with the TUI agent in SE through the API between TEE and SE.
  • the client API (client API) communication module is set / implemented in the SE, and the TUI agent in the SE passes the standard The TA access interface, as a client, actively sends a command to establish a session to the SE-TA in the TEE.
  • the SE driver in the TEE acts as the communication agent of the SE after obtaining the interrupt signal, and the SE driver acts as the client Establish a session with the SE-TA in the TEE through the client API.
  • S102 The SE sends an acquisition instruction for acquiring the security certificate of the TEE to the TEE through the session, and the TEE receives the acquisition instruction from the SE through the session.
  • the SE may send the acquisition instruction to the SE-TA in the TEE through the TUI agent in the SE, and the TEE receives the acquisition instruction through the SE-TA in the TEE.
  • the SE-TA in the TEE can verify the identification information of the TUI agent, and obtain the attribute information of the TEE after the verification is passed to generate a security certificate.
  • the TEE attribute information may include TEE platform attribute information and / or TUI capability attribute information.
  • the TEE platform attribute information may include but not limited to at least one of the following: TEE logo, TEE supplier or developer logo, TEE operating system version, TEE startup status, TEE life cycle status, TEE application Interface API version information, TEE's anti-rollback level, or version information of the interactive application in TEE.
  • the interactive application is a trusted application in TEE that communicates with the SE.
  • the attribute information of the TUI capability may include the peripheral type of TUI and / or the peripheral attribute of TUI.
  • the TEE logo is used to uniquely identify the TEE.
  • the TEE supplier or developer logo is used to uniquely identify the TEE supplier or developer.
  • the TEE platform attribute information may also include SE-TA version information, device certificate, SE-TA application certificate, and so on.
  • the start state of TEE may include TEE safe start or TEE unsafe start.
  • the peripheral attributes of TUI can include TEE control (TEE controllable) or TEE exclusive (TEE owned).
  • TEE control TEE controllable
  • TEE exclusive TEE owned
  • TUI peripheral attribute TEE controllable
  • the TUI peripheral can be used by both TEE and REE, but controlled by TEE.
  • the peripheral attribute of the TUI is TEE ownable
  • the peripheral of the TUI is exclusively owned by TEE.
  • the acquisition instruction may include a TEE attribute identifier.
  • the acquisition instruction is used to instruct TEE to use the TEE attribute identifier corresponding to the TEE attribute identifier to generate a security certificate.
  • the TEE attribute identifier may be determined by the SE according to a preset security policy. For example, if the preset security policy includes that the operating system version of the TEE needs to be a version above a certain version, the attribute identification of the TEE may include the identification of the operating system version of the TEE.
  • the TEE After receiving the acquisition instruction, the TEE generates a security certificate according to the attribute information of the TEE.
  • the acquisition instruction does not include the TEE attribute identifier.
  • the TEE generates a security certificate based on all attribute information that can be acquired by itself or preset attribute information. Specifically, TEE uses a key to perform digital signature or message authentication code (MAC) operation on the TEE attribute information to generate a security certificate. TEE uses a key to perform MAC operations on TEE's attribute information. It can be understood that TEE uses a key to generate a MAC and ensure the integrity of TEE's attribute information through the MAC.
  • MAC message authentication code
  • the security certificate includes the attribute information of TEE, and the key includes the private key of TEE, the pre-configured key, or the key negotiated by TEE and SE.
  • the key can be a symmetric key or an asymmetric key.
  • the acquisition instruction includes a TEE attribute identifier.
  • the TEE generates a security certificate according to the TEE attribute corresponding to the TEE attribute identifier included in the acquisition instruction. Specifically, the TEE queries / obtains the TEE attributes corresponding to the attribute identifier, and arranges them according to a preset format, and uses the key to digitally sign or MAC the TEE attributes corresponding to the TEE attribute identifier to generate a security certificate.
  • the security certificate includes the TEE attribute information corresponding to the TEE attribute identifier.
  • TEE can also use the root of trust (RoT) service interfaces (such as metrics and reports) provided by TEE to generate TEE security certificates.
  • RoT root of trust
  • TEE can generate a security certificate through SE-TA within TEE.
  • S104 The TEE sends the generated security certificate to the SE through the session, and the SE receives the security certificate sent by the TEE through the session.
  • the TEE can send the generated security certificate to the TUI agent in the SE through the SE-TA in the TEE.
  • S105 After the SE receives the security certificate sent by the TEE through the session, the SE determines that the TEE is in a safe state according to the security certificate and the preset security policy.
  • the security certificate includes the TEE attribute information.
  • the SE determines that the TEE attribute information satisfies the preset security policy, the SE determines that the TEE is in a safe state.
  • the number of security policies may be one or more. When the number of security policies is multiple, the SE determines that the TEE is in a safe state when it determines that the TEE attribute information satisfies all security policies.
  • the SE can determine that the TEE is in a safe state through the TUI agent in the SE.
  • the following describes how the SE determines the TEE is in a safe state according to the TEE attribute information and the preset security policy through the TUI agent in the SE.
  • the security strategy preset by the TUI agent in the SE is to determine TEE security only when the TUI peripheral attribute is TEE ownable. In this way, when the SE determines that the TUI peripheral attribute is TEE exclusive, it can be determined that the TEE is in a safe state.
  • the preset security policy of the TUI agent in the SE is to determine the TEE security when the operating system version of the TEE is 20180101xxx or higher. In this way, when the SE determines that the operating system version of the TEE is 20180101xxx or higher, it can be determined that the TEE is in a safe state.
  • the SE After the SE determines that the TEE is in a safe state, the SE opens the first capability to third-party services in the SE.
  • the first capability is implemented based on the second capability of TEE, which can be understood as the first capability is obtained based on the second capability encapsulation.
  • the second capability of TEE is not limited, and the second capability of TEE may include a TUI capability.
  • the SE may also notify the TEE to complete the authentication process.
  • the SE can register the first capability (which can be called the TUI service of the SE within the SE) based on the TEE capability of the SE as the SE Global service (global service) is open to third-party services within the SE.
  • the SE may send a broadcast to a third-party service that needs to use the global service for registration.
  • the SE may also store the security certificate.
  • the security certificate can be sent to the third-party service at the same time.
  • the third-party service can also set some security policies to determine whether to use the global service.
  • the SE when the business is executed through the TEE + SE security architecture, the SE can establish a communication session with the TEE before executing the business, and can obtain the TEE security certificate through the session request, and then the TEE security certificate and the The security policy established determines that TEE is in a safe state, and after determining that TEE is in a safe state, the first capability is opened to third-party services in the SE. In this way, the ability to open is only allowed when the TEE itself is in a safe state.
  • the third-party business within the SE can ensure the security of the business executed under the TEE + SE security architecture.
  • the SE before determining that the TEE is in a safe state according to the security certificate and the preset security policy, the SE can also authenticate the security certificate to determine that the security certificate is generated by the TEE and has not been tampered with. It can be understood that the SE certifies the safety certificate to ensure that the safety certificate comes from a legal TEE.
  • the TUI agent can call a preset verification key to verify the security certificate and ensure that the security certificate comes from a legal or trusted TEE.
  • the SE must verify the security certificate sent by the TEE to ensure that the security certificate is generated by the TEE and has not been tampered with, that is, to ensure the integrity and authenticity of the security certificate, It is also necessary to determine that the TEE is in a safe state recognized by the SE based on the security strategy. This method realizes double security verification of the TEE, which enables the SE to use and open the TEE capability for higher security.
  • the SE after the SE determines that the TEE is in a safe state, it can also negotiate a communication key with the TEE, and the negotiated communication key is bound to the state of the TEE, and the communication key is used by the SE to subsequently use the second capability process
  • the encryption is performed during the process, and when the SE determines that the TEE is restarted or the attributes of the TEE are changed, the communication key is deleted.
  • the SE After verifying that TEE is in a safe state, the SE negotiates a communication key for communication with the TEE, which is bound to the state of the TEE, that is, as long as the state of the TEE has not changed, the TEE and the SE
  • the communication key is always used for communication, and SE does not need to verify the security status of TEE every communication, which can improve communication efficiency.
  • the SE determines that the TEE status has changed, it can delete the communication key, use the method provided in this application to perform security verification on the TEE again, and renegotiate the communication key.
  • the communication key may include a session key derived based on the communication key.
  • the SE can obtain the security certificates of multiple TEEs, and verify the security certificates of multiple TEEs respectively to determine multiple TEEs that meet the security policy. After multiple TEEs satisfying the security policy are determined, the corresponding first capabilities can also be implemented based on the TUI capabilities of the TEEs satisfying the security policy, respectively.
  • the SE opens the first capability to the third-party service in the SE, it can display that multiple first capabilities realized by TEE-based TUI capabilities are available, and the third-party service selects which first capability to use.
  • the embodiments of the present application provide a method for performing security verification on the TEE at the SE, but the application is not limited to performing security verification on the TEE at the SE.
  • the SE may send the preset security policy to TEE, complete the TEE certification of the SE at the TEE, and send the certification result to the SE. If the verification result is verified, that is, the attributes of the TEE satisfy the SE With the preset security policy, after receiving the authentication result, the SE may open the first capability to the third-party service in the SE.
  • FIG. 3 is a schematic diagram of an architecture provided by an embodiment of the present application.
  • the architecture in FIG. 3 also includes the initiative to initiate session establishment by the SE and use TUI , You can set up a TUI agent (TUI agent) in the SE.
  • TUI agent TUI agent
  • SE-TA dedicated application module
  • the same module in the architecture as in Figure 1 also functions The same, no longer repeat. It should be understood that only some of the modules are shown in the architecture shown in FIG. 3, and the architecture may also include more or fewer modules in actual applications.
  • FIG. 3 is only for illustration, not for limitation.
  • Embodiments of the present application The following provides a method for implementing embodiments of the present application based on the architecture shown in FIG. 3.
  • FIG. 4 which is a flowchart of another capability opening method provided by an embodiment of the present application
  • the capability opening method provided by the present application is implemented by SE through the TUI agent in the SE and TEE through the SE-TA in the TEE For example.
  • the method shown in Figure 4 includes the following steps:
  • the TUI agent establishes a communication session with the SE-TA.
  • TUI agents involved in this application refer to the TUI agents in the SE
  • SE-TAs involved refer to the SE-TAs in the TEE.
  • the following uses the TUI agent to initiate session establishment as an example.
  • the SE can also trigger an interrupt signal through the communication module.
  • the interrupt signal is used to instruct the TUI agent to initiate session establishment actively. For details on how to trigger, please refer to the related description in FIG. 2, which will not be repeated here.
  • the TUI agent sends the SE-TA an acquisition instruction for acquiring the TEE security certificate through the established session, and the SE-TA receives the acquisition instruction through the established session.
  • the acquisition instruction may include a TEE attribute identifier.
  • the acquisition instruction is used to instruct TEE to use the TEE attribute identifier corresponding to the TEE attribute identifier to generate a security certificate.
  • the SE-TA After receiving the acquisition instruction, the SE-TA can verify the identification information of the TUI agent, and after the verification is passed, the attribute information of the TUI capability and the platform attribute information of the TEE can be acquired.
  • the SE-TA may obtain TUI capability attribute information through the TUI query interface provided by the TEE operating system, and obtain TEE platform attribute information through the platform attribute query interface provided by the TEE operating system.
  • SE-TA after SE-TA obtains TUI capability attribute information and TEE platform attribute information, it can also send the acquired TUI capability attribute information and TEE platform attribute information to the TEE operating system.
  • the operating system generates a security certificate based on the TEE platform attribute information and the TUI capability attribute information.
  • the TEE operating system generates the security certificate and sends the security certificate to the SE-TA, see S205-S207.
  • S205 The SE-TA sends TUI capability attribute information and TEE platform attribute information to the TEE operating system.
  • TEE operating system generates a security certificate according to TEE platform attribute information and TUI capability attribute information.
  • S207 The TEE operating system sends the security certificate to the SE-TA.
  • S208 The SE-TA sends a security certificate to the TUI agent through the session, and the TUI agent receives the security certificate through the session.
  • the TUI agent can call a preset verification key to verify the security certificate, to ensure that the security certificate comes from a legal or trusted TEE.
  • the TUI agent determines that the TEE is in a safe state according to the security certificate and the preset security policy. For details, please refer to the description in the method shown in FIG. 2 above.
  • the TUI agent After determining that the TEE is in a safe state, the TUI agent opens the first capability to the third-party service in the SE.
  • the TUI agent can send broadcasts to third-party services that need to use the global service.
  • the broadcast can also be sent to SE-TA, see S212 of FIG. 4.
  • the TUI agent may also negotiate a communication key with the TEE, and the negotiated communication key is bound to the state of the TEE, and the communication key is used by the SE to subsequently use the second capability
  • the encryption is performed during the process, and when the SE determines that the TEE is restarted or the attributes of the TEE are changed, the communication key is deleted.
  • the process please refer to S213 in FIG. 4.
  • the SE when executing a business through the TEE + SE security architecture, the SE can establish a communication session with the TEE before performing the business, and can obtain the TEE security certificate through the session request, and then can be based on the TEE security Proof and pre-defined security strategy to determine that TEE is in a safe state, and after determining that TEE is in a safe state, the first capability is opened to third-party services within the SE, so that only when the TEE itself is guaranteed to be in a safe state Opening up capabilities to third-party services within the SE can ensure the security of business execution under the TEE + SE security architecture.
  • an embodiment of the present application also provides a capability opening device.
  • the capability opening device includes a hardware structure and / or a software module corresponding to each function.
  • FIG. 5 shows a possible structural schematic diagram of a capability opening device according to an embodiment of the present application.
  • the capability opening device 500 may exist in the form of software, or may be an SE in a terminal.
  • the capability opening device 500 includes a processing module 501 and a communication module 502.
  • the communication module 502 is used to support the interaction between the capability opening device 500 and other devices or modules, and the processing module 501 is used to control and manage the actions of the capability opening device 500.
  • the processing module 501 can be used to perform the technical processes such as S105-S106 in FIG. 2, and can also be used to perform the technical processes such as S208-S210 in FIG.
  • the capability opening device 500 may further include a storage module 503 for storing program codes and data of the capability opening device 500.
  • FIG. 6 shows another possible structural schematic diagram of a capability opening device according to an embodiment of the present application.
  • the capability opening device 600 may exist in the form of software, or may be a TEE in a terminal.
  • the capability opening device 600 includes a processing module 601 and a communication module 602.
  • the communication module 602 is used to support the interaction between the capability opening device 600 and other devices or modules, and the processing module 601 is used to control and manage the actions of the capability opening device 600.
  • the processing module 601 can be used to perform the technical processes such as S103 in FIG. 2, can also be used to perform the technical processes such as S203 and S205 in FIG.
  • the capability opening device 600 may further include a storage module 603 for storing program codes and data of the capability opening device 600.
  • each unit in the device can be implemented in the form of software calling through processing elements; they can also be implemented in the form of hardware; some units can also be implemented in software through processing elements, and some units can be implemented in hardware.
  • each unit can be a separate processing element, or it can be integrated in a chip of the device.
  • it can also be stored in the memory in the form of a program, which is called and executed by a processing element of the device.
  • all or part of these units can be integrated together or can be implemented independently.
  • each step of the above method or each unit above may be implemented by an integrated logic circuit of hardware in a processor element or in the form of software invoking through a processing element.
  • the unit in any of the above devices may be one or more integrated circuits configured to implement the above method, for example: one or more specific integrated circuits (application specific integrated circuits, ASIC), or, one or Multiple microprocessors (DSPs), or one or more field programmable gate arrays (FPGAs), or a combination of at least two of these integrated circuit forms.
  • ASIC application specific integrated circuits
  • DSPs Multiple microprocessors
  • FPGAs field programmable gate arrays
  • the unit in the device can be implemented in the form of a processing element scheduling program
  • the processing element may be a general-purpose processor, such as a central processing unit (CPU) or other processor that can call a program.
  • CPU central processing unit
  • these units can be integrated together and implemented in the form of a system-on-a-chip (SOC).
  • a computer storage medium stores computer-executable instructions.
  • the computer-executable instructions When the computer-executable instructions are called by a computer, the computer The specific process of each of the method embodiments provided above is performed.
  • the computer-readable storage medium is not limited, for example, it may be RAM (random-access memory), ROM (read-only memory).
  • a computer program product is also provided in an embodiment of the present application, where the computer program product stores instructions that, when run on the computer, cause the computer to perform any of the above possible designs The method provided in.
  • the embodiments of the present application may be provided as methods, systems, or computer program products. Therefore, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware. Moreover, the present application may take the form of a computer program product implemented on one or more computer usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer usable program code.
  • computer usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • These computer program instructions can be provided to the processor of a general-purpose computer, special-purpose computer, embedded processing machine, or other programmable data processing device to produce a machine that enables the generation of instructions executed by the processor of the computer or other programmable data processing device
  • These computer program instructions may also be stored in a computer-readable memory that can guide a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including an instruction device, the instructions The device implements the functions specified in one block or multiple blocks of the flowchart one flow or multiple flows and / or block diagrams.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device, so that a series of operating steps are performed on the computer or other programmable device to produce computer-implemented processing, which is executed on the computer or other programmable device
  • the instructions provide steps for implementing the functions specified in one block or multiple blocks of the flowchart one flow or multiple flows and / or block diagrams.

Abstract

A capability exposure method and a device, able to solve the problem in the prior art that the security of a service executed by means of a TEE+SE security framework cannot be guaranteed. In the present application, an SE and a TEE establish a session used for communications. The SE, by means of said session, sends an acquisition instruction used to acquire a security certificate of the TEE to the TEE. The TEE receives the acquisition instruction from the SE by means of the session. After receiving the acquisition instruction, the TEE, on the basis of attribute information of the TEE, generates a security certificate, and by means of the session, sends the generated security certificate to the SE. The SE receives, by means of the session, the security certificate sent by the TEE, and then, on the basis of the security certificate and a preset security policy, determines that the TEE is in a secure state. After determining that the TEE is in a secure state, the SE exposes a first capability to a third party service in the SE, the first capability being implemented on the basis of a second capability of the TEE.

Description

一种能力开放方法及装置Ability opening method and device
本申请要求于2018年11月1日提交中国国家知识产权局、申请号为201811297353.7、申请名称为“一种SE验证TEE并激活TUI能力的方法”的中国专利申请和2018年12月5日提交中国专利局、申请号为201811478516.1、申请名称为“一种能力开放方法及装置”的优先权,其全部内容通过引用结合在本申请中。This application requires a Chinese patent application submitted to the State Intellectual Property Office of China on November 1, 2018, with the application number 201811297353.7, and the application name is "a method for SE to validate TEE and activate TUI capabilities" and filed on December 5, 2018 China Patent Office, the application number is 201811478516.1, the priority of the application name is "a capability opening method and device", the entire content of which is incorporated by reference in this application.
技术领域Technical field
本申请涉及终端安全验证技术领域,尤其涉及一种能力开放方法及装置。This application relates to the technical field of terminal security verification, and in particular, to a capability opening method and device.
背景技术Background technique
为保证终端执行业务的安全性,在终端中引入了可信执行环境(trusted execution environment,TEE)+安全单元(secure element,SE)安全架构,该TEE+SE安全架构通过安全级别较高的SE配合安全级别低于该SE的TEE执行终端中对安全性要求较高的业务。In order to ensure the security of the terminal's execution of services, a trusted execution environment (TEE) + security unit (SE) security architecture is introduced into the terminal. The TEE + SE security architecture passes the SE with a higher security level Cooperate with the TEE whose security level is lower than the SE to perform the business with higher security requirements in the terminal.
现有技术中,当通过TEE+SE安全架构执行业务时,SE与TEE配合执行该业务,由于该TEE的安全级别低于该SE,这样,在TEE自身存在安全漏洞的情况下,可能会导致通过TEE+SE安全架构执行业务的安全性不能得到保证。In the prior art, when a business is executed through the TEE + SE security architecture, the SE and TEE cooperate to execute the business. Since the security level of the TEE is lower than the SE, in this way, in the case of a security vulnerability in the TEE, it may cause The security of business execution through the TEE + SE security architecture cannot be guaranteed.
发明内容Summary of the invention
本申请实施例提供一种能力开放方法及装置,用以解决现有技术中通过TEE+SE安全架构执行业务的安全性不能得到保证的问题。The embodiments of the present application provide a capability opening method and device to solve the problem that the security of executing services through the TEE + SE security architecture in the prior art cannot be guaranteed.
第一方面,本申请实施例提供一种能力开放方法,该方法可由SE或能够支持SE实现该方法的装置(例如芯片系统)执行,在本申请中,以由SE执行该方法为例进行描述。该方法包括:SE与TEE建立用于通信的会话,SE通过该会话向TEE发送用于获取TEE的安全证明的获取指令,TEE通过该会话接收来自SE的该获取指令,TEE接收到该获取指令后,根据TEE的属性信息生成安全证明,并通过该会话向SE发送生成的安全证明,SE通过该会话接收TEE发送的安全证明后,SE根据该安全证明以及预设的安全策略,确定TEE处于安全状态,SE在确定TEE处于安全状态之后,SE将第一能力开放给SE内的第三方业务,其中,第一能力基于TEE的第二能力实现。In the first aspect, the embodiments of the present application provide a capability opening method, which can be executed by the SE or a device (such as a chip system) capable of supporting the SE to implement the method. In this application, the method executed by the SE is described as an example . The method includes: the SE and the TEE establish a session for communication, and the SE sends the TEE an acquisition instruction for acquiring the security certificate of the TEE through the session. After that, a security certificate is generated based on the TEE attribute information, and the generated security certificate is sent to the SE through the session. After the SE receives the security certificate sent by the TEE through the session, the SE determines that the TEE is in accordance with the security certificate and the preset security policy. In the safe state, after the SE determines that the TEE is in a safe state, the SE opens the first capability to the third-party service in the SE, where the first capability is implemented based on the second capability of the TEE.
通过上述方法,当通过TEE+SE安全架构执行业务时,SE可以在执行业务之前与TEE建立用于通信的会话,可通过该会话请求获取TEE的安全证明,进而可根据TEE的安全证明以及预设的安全策略,确定TEE处于安全状态,并在确定TEE处于安全状态之后,将第一能力开放给SE内的第三方业务,这样,在保证TEE自身处于安全状态的情况下,才开放能力给SE内的第三方业务,可以保证在TEE+SE安全架构下执行业务的安全性。Through the above method, when the business is executed through the TEE + SE security architecture, the SE can establish a communication session with the TEE before executing the business, and can obtain the TEE security certificate through the session request, and then the TEE security certificate and the The security policy established determines that TEE is in a safe state, and after determining that TEE is in a safe state, the first capability is opened to third-party services in the SE. In this way, the ability to open is only allowed when the TEE itself is in a safe state. The third-party business within the SE can ensure the security of the business executed under the TEE + SE security architecture.
在一种可能的设计中,TEE可以使用密钥对TEE的属性信息进行数字签名或消息认证码(message authentication code,MAC)操作,生成安全证明。生成的安全证明 中可以包括TEE的属性信息。密钥可以包括TEE的私钥、预先配置的密钥或者TEE与SE协商的密钥。In a possible design, TEE can use the key to perform digital signature or message authentication code (MAC) operation on the TEE attribute information to generate a security certificate. The generated security certificate may include TEE attribute information. The key may include a private key of TEE, a pre-configured key, or a key negotiated by TEE and SE.
在一种可能的设计中,TEE的安全证明中可以包括TEE的属性信息。在这种设计中,SE可以通过确定TEE的属性信息满足预设的安全策略,来确定TEE处于安全状态。这样,可以由SE自身设定TEE处于安全状态的条件,使得TEE在满足SE认定的安全状态的情况下,SE才能够将基于TEE的第二能力实现的第一能力开放给SE内的第三方业务,可提高业务执行的安全性。In a possible design, the TEE security certificate may include TEE attribute information. In this design, the SE can determine that the TEE is in a safe state by determining that the TEE attribute information satisfies the preset security policy. In this way, the condition that the TEE is in a safe state can be set by the SE itself, so that the TEE can open the first capability realized based on the second capability of the TEE to a third party in the SE only when the TEE meets the safe status recognized by the SE Business can improve the security of business execution.
本申请实施例中,对TEE的第二能力不做限定。在一种可能的设计中,TEE的第二能力可以包括可信用户界面(trusted user interface,TUI)能力,在该种设计中,TEE的属性信息可以包括TEE的平台属性信息和/或TUI能力的属性信息。其中,TEE的平台属性信息可以包括但不限于以下至少一项:TEE的标识、TEE的供应商或开发者标识、TEE的操作系统版本、TEE的启动状态、TEE的生命周期状态、TEE应用程序接口API版本信息、TEE的防回滚等级或TEE中交互应用的版本信息,交互应用为TEE中用于与SE进行通信的可信应用。TUI能力的属性信息包括TUI的外设类型和/或TUI的外设属性。In the embodiment of the present application, the second capability of TEE is not limited. In a possible design, the second capability of TEE may include a trusted user interface (TUI) capability. In this design, the attribute information of TEE may include TEE platform attribute information and / or TUI capability Attribute information. Among them, the TEE platform attribute information may include but not limited to at least one of the following: TEE logo, TEE supplier or developer logo, TEE operating system version, TEE startup status, TEE life cycle status, TEE application Interface API version information, TEE's anti-rollback level, or version information of the interactive application in TEE. The interactive application is a trusted application in TEE that communicates with the SE. The attribute information of the TUI capability includes the peripheral type of TUI and / or the peripheral attribute of TUI.
本申请实施例中,SE与TEE建立用于通信的会话,可以是由SE主动发起建立,也可以是由TEE主动发起建立。本申请着重说明由SE主动发起建立该会话的方法。In the embodiment of the present application, the establishment of a communication session between the SE and the TEE may be initiated by the SE or established by the TEE. This application focuses on the method for the SE to initiate the establishment of the session.
在一种可能的设计中,由SE主动发起建立用于与TEE通信的会话。SE向TEE发送会话建立请求消息,会话建立请求消息用于请求与TEE建立会话,SE接收TEE发送的会话建立响应消息,会话建立响应消息用于指示确认建立该会话。通过该方法,由SE主动发起建立会话的过程,可以在SE有通信需求的情况下与TEE建立会话,可避免不必要的通信资源的浪费。In one possible design, the SE actively initiates the establishment of a session for communication with the TEE. The SE sends a session establishment request message to the TEE. The session establishment request message is used to request to establish a session with the TEE. The SE receives the session establishment response message sent by the TEE. The session establishment response message is used to indicate confirmation to establish the session. With this method, the SE actively initiates the process of establishing a session, and can establish a session with the TEE when the SE has a communication requirement, which can avoid unnecessary waste of communication resources.
在一种可能的设计中,若由SE主动发起会话建立,则在SE向TEE发送会话建立请求消息之前,SE还可以通过通信模块触发中断信号,中断信号用于指示TEE接收会话建立请求消息。通过该方法,SE在发起会话建立之前,可以触发一个中断信号,通过该中断信号来指示TEE接收SE即将发送的会话建立请求消息,可使TEE更准确的接收该会话建立请求消息。In a possible design, if the SE actively initiates the session establishment, before the SE sends the session establishment request message to the TEE, the SE may also trigger an interrupt signal through the communication module. The interrupt signal is used to instruct the TEE to receive the session establishment request message. With this method, the SE can trigger an interrupt signal before initiating the session establishment, and the interrupt signal is used to instruct the TEE to receive the session establishment request message that the SE is about to send, so that the TEE can receive the session establishment request message more accurately.
在一种可能的设计中,SE在根据安全证明以及预设的安全策略确定TEE处于安全状态之前,还可以对安全证明进行认证,确定安全证明是由TEE生成,且未被篡改。这样,SE既要对TEE发送的安全证明进行安全验证,保证该安全证明是由该TEE生成,且未被篡改,即,保证该安全证明的完整性和安全性,还要确定TEE处于安全状态,通过该方法实现对TEE的双重安全验证,使得对TEE的验证结果更准确。In a possible design, before determining that the TEE is in a safe state according to the security certificate and the preset security policy, the SE can also authenticate the security certificate and determine that the security certificate is generated by the TEE and has not been tampered with. In this way, the SE must verify the security certificate sent by the TEE to ensure that the security certificate is generated by the TEE and has not been tampered with. Through this method, double security verification of TEE is realized, so that the verification result of TEE is more accurate.
在一种可能的设计中,SE在向TEE发送的获取指令中可以包括TEE的属性标识,该获取指令用于指示TEE使用TEE的属性标识对应的TEE属性生成安全证明。在该种设计中,TEE可以使用密钥对TEE的属性标识对应的TEE属性进行数字签名或MAC操作,生成安全证明。通过该方法,SE在向TEE发送的获取指令中携带TEE的属性标识,可以指示SE需要验证的TEE的属性,而不需要TEE发送其全部的属性信息,可节省信令开销。In a possible design, the SE may include the TEE attribute identifier in the acquisition instruction sent to the TEE. The acquisition instruction is used to instruct the TEE to use the TEE attribute identifier corresponding to the TEE attribute identifier to generate a security certificate. In this design, TEE can use the key to digitally sign or MAC the TEE attribute corresponding to the TEE attribute ID to generate a security certificate. With this method, the SE carries the TEE attribute identifier in the acquisition instruction sent to the TEE, which can indicate the attributes of the TEE that the SE needs to verify, without the TEE sending all of its attribute information, which can save signaling overhead.
在一种可能的设计中,SE确定TEE处于安全状态之后,还可以与TEE协商通信 密钥,协商的该通信密钥与TEE的状态绑定,该通信密钥用于SE与TEE进行通信,当SE确定TEE重新启动或TEE的属性改变时,删除通信密钥。通过该方法,SE在验证TEE处于安全状态之后,与TEE协商用于通信的通信密钥,该通信密钥与TEE的状态绑定,也就是说,只要TEE的状态未发生改变,TEE与SE的通信一直使用该通信密钥,SE不需要每次通信都去验证TEE的安全状态,可提高通信效率。此外,当SE确定TEE状态改变时,可以删除通信密钥,再次使用本申请提供的方法对TEE进行安全验证,并重新协商通信密钥。In a possible design, after the SE determines that the TEE is in a safe state, it can also negotiate a communication key with the TEE, and the negotiated communication key is bound to the state of the TEE. The communication key is used for the SE to communicate with the TEE. When the SE determines that the TEE is restarted or the attributes of the TEE are changed, the communication key is deleted. Through this method, after verifying that TEE is in a safe state, the SE negotiates a communication key for communication with the TEE, which is bound to the state of the TEE, that is, as long as the state of the TEE has not changed, the TEE and the SE The communication key is always used for communication, and SE does not need to verify the security status of TEE every communication, which can improve communication efficiency. In addition, when the SE determines that the TEE status has changed, it can delete the communication key, use the method provided in this application to perform security verification on the TEE again, and renegotiate the communication key.
第二方面,本申请实施例提供一种能力开放装置,所述装置具有实现上述第一方面方法示例中SE行为的功能。所述功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。所述硬件或软件包括一个或多个与上述功能相对应的模块。In a second aspect, an embodiment of the present application provides a capability opening device, the device having a function of implementing the SE behavior in the method example of the first aspect described above. The function can be realized by hardware, or can also be realized by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above functions.
在一种可能的设计中,所述装置包括通信模块以及处理模块,在一些可能的实现中还可以包括存储模块,这些模块可以执行上述第一方面中方法示例中相应功能,具体参见方法示例中的详细描述,此处不做赘述。In a possible design, the device includes a communication module and a processing module, and in some possible implementations, a storage module may also be included. These modules may perform the corresponding functions in the method examples in the first aspect above. For details, see the method examples The detailed description is not repeated here.
在另一种可能的设计中,所述装置的结构中包括处理器、存储器以及收发器,其中,所述处理器、所述存储器以及所述收发器可以通过总线连接;所述处理器调用存储在所述存储器中的指令,执行上述方法。In another possible design, the structure of the device includes a processor, a memory, and a transceiver, wherein the processor, the memory, and the transceiver may be connected through a bus; the processor calls storage The instructions in the memory execute the above method.
第三方面,本申请实施例提供一种能力开放装置,所述装置具有实现上述第一方面方法示例中TEE行为的功能。所述功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。所述硬件或软件包括一个或多个与上述功能相对应的模块。In a third aspect, an embodiment of the present application provides a capability opening device, the device having a function of implementing the TEE behavior in the method example of the first aspect described above. The function can be realized by hardware, or can also be realized by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above functions.
在一种可能的设计中,所述装置包括通信模块以及处理模块,在一些可能的实现中还可以包括存储模块,这些模块可以执行上述第一方面中方法示例中相应功能,具体参见方法示例中的详细描述,此处不做赘述。In a possible design, the device includes a communication module and a processing module, and in some possible implementations, a storage module may also be included. These modules may perform the corresponding functions in the method examples in the first aspect above. For details, see the method examples The detailed description is not repeated here.
在另一种可能的设计中,所述装置的结构中包括处理器、存储器以及收发器,其中,所述处理器、所述存储器以及所述收发器可以通过总线连接;所述处理器调用存储在所述存储器中的指令,执行上述方法。In another possible design, the structure of the device includes a processor, a memory, and a transceiver, wherein the processor, the memory, and the transceiver may be connected through a bus; the processor calls storage The instructions in the memory execute the above method.
第四方面,本申请实施例中还提供一种计算机可读存储介质,其上存储有计算机程序,所述程序被处理器执行时,使所述计算机执行上述第一方面或第一方面的任意一种设计提供的方法。According to a fourth aspect, an embodiment of the present application further provides a computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, the computer is caused to execute the first aspect or any of the first aspect A method provided by design.
第五方面,本申请实施例中还提供一种计算机程序产品,所述计算机程序产品中存储有指令,当其在计算机上运行时,使得计算机执行上述第一方面或第一方面的任意一种设计提供的方法。In a fifth aspect, a computer program product is also provided in an embodiment of the present application, where the computer program product stores instructions that, when run on a computer, cause the computer to execute the first aspect or any one of the first aspects Design the method provided.
附图说明BRIEF DESCRIPTION
图1为现有的一种能力开放架构示意图;Figure 1 is a schematic diagram of an existing capability opening architecture;
图2为本申请实施例提供的一种能力开放方法的实施流程图;2 is an implementation flowchart of a capability opening method provided by an embodiment of this application;
图3为本申请实施例提供的一种架构示意图;FIG. 3 is a schematic structural diagram of an embodiment provided by this application;
图4为本申请实施例提供的另一种能力开放方法的实施流程图;4 is an implementation flowchart of another capability opening method provided by an embodiment of this application;
图5为本申请实施例提供的一种能力开放装置结构示意图;5 is a schematic structural diagram of a capability opening device provided by an embodiment of the present application;
图6为本申请实施例提供的另一种能力开放装置结构示意图。FIG. 6 is a schematic structural diagram of another capability opening device provided by an embodiment of the present application.
具体实施方式detailed description
下面结合说明书附图对本申请进行具体说明。The application is described in detail below in conjunction with the accompanying drawings of the specification.
首先,对本申请中的部分用语进行解释说明,以便于本领域技术人员理解。First, some terms in this application are explained to facilitate understanding by those skilled in the art.
1)、终端,可以是指向用户提供语音和/或数据连通性的设备,又称之为用户设备(user equipment,UE)、移动台(mobile station,MS)、移动终端(mobile terminal,MT)等。例如,具有无线连接功能的手持式设备、车载设备等。目前,一些终端的举例为:手机(mobile phone)、平板电脑、笔记本电脑、掌上电脑、移动互联网设备(mobile internet device,MID)、可穿戴设备,虚拟现实(virtual reality,VR)设备、增强现实(augmented reality,AR)设备、工业控制(industrial control)中的无线终端、无人驾驶(self driving)中的无线终端、远程手术(remote medical surgery)中的无线终端、智能电网(smart grid)中的无线终端、运输安全(transportation safety)中的无线终端、智慧城市(smart city)中的无线终端、智慧家庭(smart home)中的无线终端等。1) Terminal, which can be a device that provides users with voice and / or data connectivity, also known as user equipment (UE), mobile station (MS), mobile terminal (MT) Wait. For example, hand-held devices with wireless connection, in-vehicle devices, etc. At present, some examples of terminals are: mobile phones, tablets, laptops, PDAs, mobile Internet devices (MID), wearable devices, virtual reality (VR) devices, and augmented reality (augmented reality, AR) equipment, wireless terminals in industrial control, wireless terminals in self-driving, self-driving wireless terminals, wireless terminals in remote medical surgery, and smart grids Wireless terminals, wireless terminals in transportation safety, wireless terminals in smart cities, wireless terminals in smart homes, etc.
2)、富执行环境(rich execution environment,REE),是指终端中不具备特定安全功能的运行环境。例如,Android操作系统就是一种富执行环境。2). Rich execution environment (REE) refers to the operating environment that does not have specific security functions in the terminal. For example, the Android operating system is a rich execution environment.
3)、可信执行环境(trusted execution environment)TEE,是与普通执行环境(或者称之为富执行环境(rich execution environment,REE))共同存在于终端中的运行环境。3). A trusted execution environment (trusted execution environment) TEE is an operating environment that coexists in a terminal with a common execution environment (or rich execution environment (REE)).
TEE通过硬件的支撑,具有安全能力并且能够满足一定的安全需求,可实现与REE相隔离的运行机制。TEE有自身的运行空间,定义了严格的保护措施,因此比REE的安全级别更高,能够保护TEE中的资产(如数据,软件等)免受软件攻击,抵抗特定类型的安全威胁。只有授权的安全软件才能在TEE中执行,同时它也保护了安全软件的资源和数据的机密性。相比REE,由于其隔离和权限控制等保护机制,TEE能够更好的保护数据和资源的安全性。Supported by hardware, TEE has security capabilities and can meet certain security requirements, and can achieve an operating mechanism isolated from REE. TEE has its own operating space and defines strict protection measures, so it has a higher security level than REE, and can protect assets (such as data, software, etc.) in TEE from software attacks and resist specific types of security threats. Only authorized security software can be executed in TEE, and it also protects the confidentiality of security software resources and data. Compared with REE, TEE can better protect the security of data and resources due to its protection mechanisms such as isolation and permission control.
4)、可信应用(trusted application,TA),是指运行在TEE中的应用,能够为运行在TEE之外的客户端应用(client application,CA)提供安全相关的服务。4). Trusted application (TA) refers to an application running in TEE, which can provide security-related services for client applications (CA) running outside TEE.
5)、客户端应用(client application,CA),通常是指运行在REE中的应用,但在某些TA调用TA的情况下,主动发起调用的TA也可作为CA。CA可以通过客户应用程序编程接口(application programming interface,API)对TA进行调用并使TA执行相应的安全操作。5). Client application (CA) usually refers to an application running in REE, but in the case of some TA calling TA, the TA that initiates the call can also serve as CA. The CA can call the TA through the client application programming interface (API) and make the TA perform corresponding security operations.
6)、安全单元(secure element,SE),是指具备防篡改、防硬件攻击能力的硬件单元,具备独立的处理器,能够为在其中运行的小程序(applet)或第三方业务提供安全的运行环境,并且能够保证存储在其中的资产的安全性和机密性。常见的安全单元有嵌入式安全单元(embedded secure element,eSE),集成到手机系统级芯片(system on chip,SoC)之中的inSE,通用集成电路卡(universal integrated circuit card,UICC)等。6). Security unit (SE) refers to a hardware unit with anti-tampering and anti-hardware attack capabilities, with an independent processor that can provide security for applets or third-party services running in it Operating environment, and can guarantee the security and confidentiality of the assets stored in it. Common security units are embedded security unit (embedded security element (eSE), inSE integrated into mobile phone system-on-chip (SoC), universal integrated circuit card (UICC), etc.).
7)、可信用户界面(trusted user interface,TUI),是TEE操作系统提供的一项安全功能,可以理解为是由TEE控制的安全显示界面,能够为在TEE中运行的各TA提供可信的用户交互界面,可确保在被TA使用时,内容无法被REE甚至其他TA获 取,可提升业务的安全性。全球平台组织(global platform)对TUI的常用API进行了标准化,方便TA开发者利用这些API进行TUI的开发。通过TUI,可以实现安全显示、安全输入、安全指示标记三项最基础的安全用户交互功能。在基于TEE+SE的安全架构下开展的业务,通常TEE提供的就是TUI的能力。比如在金融领域,央行的手机盾规范中,就明确要求通过TUI保障输密、签名内容显示界面的安全性。7). Trusted user interface (TUI) is a security function provided by the TEE operating system. It can be understood as a secure display interface controlled by TEE and can provide trust for each TA running in TEE. The user interaction interface ensures that when used by the TA, the content cannot be obtained by REE or even other TAs, which can improve the security of the business. The global platform organization (global platform) has standardized the common APIs of TUI, which is convenient for TA developers to use these APIs to develop TUI. Through TUI, the three most basic safe user interaction functions of safe display, safe input and safe indication mark can be realized. Businesses developed under the TEE + SE-based security architecture usually provide TUI capabilities. For example, in the financial field, the central bank's mobile phone shield specifications clearly require TUI to ensure the security of the interface for displaying secret passwords and signing content.
8)、信任根(root of trust),是指共同存在于同一个平台上的计算引擎、代码以及可能存在的一些数据,能够提供安全服务。没有其他实体能够为信任根中代码和数据的初始状态提供可信的证明(以摘要或其他形式)。比较通俗的理解,某些代码或硬件已经被加固得足够好,以至于不太可能被破坏,或者根本不能被修改,或者不能在没有密码凭证的情况下进行修改,因此这些代码或硬件能够作为信任的基点,相关领域称为信任根。信任根一般是设备启动后加载到随机存取存储器(random access memory,RAM)或者直接在芯片内运行的第一块代码。以安全启动过程为例,基于信任根,可以延伸出一个信任链——信任根保存了下一模块/启动代码(bootloader)的签名,在启动过程中运行下一模块之前,信任根中的代码首先验证下一模块的签名(确保只有被授权且未被篡改的代码可以被执行),验证通过后才允许下一模块执行;同理,经过验证的模块继续验证其下一级模块的签名,这样逐级验证直到系统完全启动。在这个场景下,启动过程从信任根开始,扩展出了一条安全启动的信任链。8) Root of trust refers to the computing engine, code and some data that may coexist on the same platform, which can provide security services. No other entity can provide credible proof (in summary or other form) for the initial state of code and data in the root of trust. In a more common understanding, some codes or hardware have been hardened enough to be unlikely to be destroyed, or cannot be modified at all, or cannot be modified without password credentials, so these codes or hardware can be used as The basis of trust, the relevant field is called the root of trust. The root of trust is generally the first piece of code that is loaded into random access memory (RAM) after the device is started or directly runs in the chip. Taking the secure boot process as an example, based on the root of trust, a chain of trust can be extended-the root of trust holds the signature of the next module / boot code (bootloader), and the code in the root of trust before running the next module during the boot process First verify the signature of the next module (ensure that only authorized and tampered code can be executed), and the next module is allowed to execute after verification; in the same way, the verified module continues to verify the signature of its next-level module, This step by step verification until the system is fully started. In this scenario, the startup process starts from the root of trust and extends a chain of trust for secure startup.
基于信任根可以提供的安全服务包括鉴别(authentication),授权(authorization),加密(confidentiality),识别(identification),完整性(integrity)验证,度量(measurement),报告(reporting),升级(update),或核实(verification)等。Security services that can be provided based on the root of trust include authentication, authorization, encryption, identification, integrity verification, measurement, measurement, reporting, and update , Or verification, etc.
其中,度量可以提供一种可靠地生成平台特性(platform characteristics)的能力。报告可以以一种不可否认的方式报告平台特性。将度量和报告结合,可以让设备生成安全证明,远端服务器通过对设备上报的安全证明进行验证,即可判断设备软硬件、固件的状态和可信性。Among them, metrics can provide a capability to reliably generate platform characteristics. The report can report platform features in an undeniable way. Combining measurement and reporting allows the device to generate a security certificate. The remote server can verify the status and credibility of the device's software, hardware, and firmware by verifying the security certificate reported by the device.
9)、可信执行环境(trusted execution environment,TEE)+安全单元(secure element,SE)安全架构,是指通过TEE与SE结合共同为应用提供安全服务的架构。9). Trusted execution environment (TEE) + security unit (SE) security architecture refers to the architecture that provides security services for applications through the combination of TEE and SE.
10)、手机盾,是一种用手机实现银行U盾(usbkey)功能的产品或者应用程序。手机盾采用TEE+SE的安全架构,手机的SE可以为手机盾提供密码运算和CA数字证书等全部功能所需的高安全环境。手机盾为移动互联网应用提供了密码运算支撑能力,用于身份认证、电子签名、数据保护等。10). Mobile phone shield is a product or application that uses a mobile phone to implement the USB key function of the bank. The mobile phone shield adopts the TEE + SE security architecture. The SE of the mobile phone can provide the mobile phone shield with a high security environment required for all functions such as cryptographic operations and CA digital certificates. The mobile phone shield provides cryptographic computing support for mobile Internet applications and is used for identity authentication, electronic signatures, and data protection.
下面以手机盾业务为例,介绍现有TEE+SE安全架构下的业务执行流程。在TEE+SE安全架构下,手机盾签名密钥被保存在SE中,所有签名操作都在SE内执行,进而确保签名的过程达到金融级安全。用户可以在手机上执行一些大额交易或其他高敏感操作,当一笔业务需要手机盾签名才能进行时,待签名信息被发送到TEE,通过TUI显示并由用户进行确认,用户确认无误后输入手机盾个人通用身份标识码(personal identification number,PIN),该PIN被发送到SE内的签名小程序进行验证,验证通过后,用户确认过的交易信息被发送到小程序进行签名,通过数字签名技术确保交易不可抵赖。The mobile shield business is taken as an example to introduce the business execution process under the existing TEE + SE security architecture. Under the TEE + SE security architecture, the mobile phone shield signature key is stored in the SE, and all signature operations are performed in the SE, thereby ensuring that the signing process reaches financial-level security. The user can perform some large-value transactions or other highly sensitive operations on the mobile phone. When a business requires the signature of the mobile phone shield, the signature information is sent to TEE, displayed through the TUI and confirmed by the user. After the user confirms the error, enter Mobile phone shield personal universal identification number (personal identification number, PIN), the PIN is sent to the signature applet in the SE for verification, after verification, the transaction information confirmed by the user is sent to the applet for signature, through digital signature Technology ensures that transactions are non-repudiation.
在上述手机盾业务执行流程中,TUI有两个重要作用:1、确保用户输入PIN的安 全性,仅有手机盾才能访问,REE侧的应用和TEE内的其他应用都无法通过读屏,读键盘等方式获取用户输入,确保PIN不会泄露,同时也能保证PIN是实时输入的。2、保证“所见即所签”(或者反过来说“所签即所见”),即,通过TUI保证送入手机盾进行签名的交易信息,不会被篡改或替换,这样,在用户确认交易信息无误后,送入到SE内进行签名的信息就是用户确认过的信息。目前,业界普遍认为REE侧是不安全的,各种攻击方式都可以实现,如果没有TEE的引入,交易信息、用户PIN等都有可能被恶意程序获取、篡改,进而恶意程序/黑客能够跳过用户进行交易,或者是修改交易内容进行欺诈。显然,TUI的引入,对REE侧常规的恶意攻击手段起到明显的防御作用。In the above mobile phone shield business execution process, TUI has two important functions: 1. To ensure the security of the user's PIN input, only the mobile phone shield can be accessed, and the applications on the REE side and other applications in TEE cannot pass the screen reading, reading Obtain user input through keyboard and other methods to ensure that the PIN will not be leaked, and also ensure that the PIN is entered in real time. 2. Ensure that "seeing is what you sign" (or vice versa "signing what you see"), that is, the transaction information sent to the mobile phone shield for signature through TUI will not be tampered with or replaced. After confirming that the transaction information is correct, the information sent to the SE for signature is the information confirmed by the user. At present, the industry generally believes that the REE side is insecure, and various attack methods can be implemented. Without the introduction of TEE, transaction information, user PIN, etc. may be acquired and tampered by malicious programs, and thus malicious programs / hackers can skip Users conduct transactions, or modify transaction content to commit fraud. Obviously, the introduction of TUI plays an obvious defensive role against the conventional malicious attacks on the REE side.
11)、在本申请的描述中,除非另有说明,“多个”是指两个或两个以上,其它量词与之类似。“和/或”,描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。字符“/”一般表示前后关联对象是一种“或”的关系。11) In the description of this application, unless otherwise stated, "plurality" means two or more, and other quantifiers are similar. "And / or" describes the relationship of the related objects, indicating that there can be three relationships, for example, A and / or B, which can indicate: there are three conditions: A exists alone, A and B exist at the same time, and B exists alone. The character "/" generally indicates that the related object is a "or" relationship.
参阅图1所示,其为现有的一种能力开放架构示意图。如图1所示,该架构包括三个部分,分别为SE、TEE以及REE,其中,REE中可运行CA,TEE中可运行TA,SE中可运行第三方业务(也可以称之为第三方小程序(applet)),此外,REE中还可以包括SE访问接口,SE访问接口可用于访问SE中的第三方业务,TEE中还可以包括SE驱动,SE驱动实现与SE的通信能力,TEE中还可以包括TEE操作系统(TEE OS),TEE OS用于管理以及维护TEE的运行,TEE OS可以为SE提供一些TEE的功能,例如,可以提供TUI能力,SE中还可以包括通信模块,SE可通过该通信模块向TEE发送消息或者接收TEE发送的消息。应理解,图1所示的架构中仅示出部分模块,实际应用中该架构还可以包括更多或者更少的模块,本申请仅以图1中架构示意,而不引以为限。Refer to FIG. 1, which is a schematic diagram of an existing capability opening architecture. As shown in Figure 1, the architecture includes three parts, namely SE, TEE and REE. Among them, CA can be run in REE, TA can be run in TEE, and third-party services (also called third parties) can be run in SE. Applet), in addition, REE can also include SE access interface, SE access interface can be used to access the third-party business in SE, TEE can also include SE driver, SE driver to achieve communication capabilities with SE, TEE It can also include the TEE operating system (TEE OS). TEE OS is used to manage and maintain the operation of TEE. TEE OS can provide some TEE functions for the SE, for example, it can provide TUI capabilities, and the SE can also include a communication module. Send messages to TEE or receive messages sent by TEE through this communication module. It should be understood that only some of the modules are shown in the architecture shown in FIG. 1. In actual applications, the architecture may further include more or fewer modules. This application is only illustrated by the architecture in FIG. 1 and is not limited.
在基于图1所示的架构执行业务时,SE可以与TEE配合执行该业务,TEE主要提供TUI能力,SE主要执行安全或密码学相关的运算。在SE使用TEE的TUI能力时,TEE内的TA通过TUI与用户交互完成后,通过SE驱动向SE的通信模块返回交互结果,SE通过通信模块接收到该交互结果后直接执行,由于该TEE的安全级别低于该SE,这样,在TEE自身存在安全漏洞的情况下,可能会导致通过TEE+SE安全架构执行业务的安全性不能得到保证。When performing a business based on the architecture shown in Figure 1, SE can cooperate with TEE to execute the business. TEE mainly provides TUI capabilities, and SE mainly performs security or cryptography-related operations. When the SE uses TEE's TUI capability, after the TA in the TEE interacts with the user through the TUI, the SE driver returns the interaction result to the SE communication module. The SE directly executes the interaction result after receiving the interaction result through the communication module. The security level is lower than the SE. In this way, in the case of a security hole in TEE itself, the security of executing business through the TEE + SE security architecture may not be guaranteed.
基于上述存在的问题,本申请提供一种能力开放方法,用以解决现有技术中通过TEE+SE安全架构执行业务的安全性不能得到保证的问题。Based on the above problems, this application provides a capability opening method to solve the problem that the security of executing services through the TEE + SE security architecture in the prior art cannot be guaranteed.
参阅图2所示,其为本申请实施例提供的一种能力开放方法的实施流程图。参阅图2所示,该方法包括:Refer to FIG. 2, which is an implementation flowchart of a capability opening method provided by an embodiment of the present application. Referring to Figure 2, the method includes:
S101:SE与TEE建立用于通信的会话。S101: The SE and TEE establish a session for communication.
本申请实施例中,SE与TEE建立用于通信的会话,可以由SE主动发起建立,也可以由TEE主动发起建立。由TEE主动发起建立该会话的方法中,TEE在检测/扫描到可建立连接的SE后,可通过SE驱动主动与SE建立会话,向SE发送建立会话的请求,SE被动响应该建立会话的请求,本申请对由TEE主动发起建立该会话的方法不做详述,本申请着重说明由SE主动发起建立该会话的方法。In the embodiment of the present application, the SE and the TEE establish a communication session, which may be initiated by the SE or established by the TEE. In the method of actively initiating the establishment of the session by TEE, after detecting / scanning the SE that can establish a connection, TEE can actively establish a session with the SE through the SE driver, send a session establishment request to the SE, and the SE passively responds to the request In this application, the method for actively establishing the session initiated by TEE will not be described in detail. This application focuses on the method for actively establishing the session initiated by the SE.
当由SE主动发起建立用于与TEE通信的会话时,SE向TEE发送会话建立请求消息,该会话建立请求消息用于请求与TEE建立会话,TEE接收到该会话建立请求消息之后,向SE发送会话建立响应消息,该会话建立响应消息用于指示确认建立会话,SE接收TEE发送的会话建立响应消息,完成与TEE的会话建立。通过该方法,由SE主动发起建立会话的过程,可以在SE有通信需求的情况下与TEE建立会话,可避免不必要的通信资源浪费。本申请中对SE主动发起建立会话的时机不做限定。在一种可能的实现方式中,上述由SE主动发起建立会话的流程,可以在SE的运行环境初始化的过程(可理解为SE的上电启动过程)中,或在SE的运行环境初始化结束的一段时间后执行。When the SE initiates the establishment of a session for communication with the TEE, the SE sends a session establishment request message to the TEE. The session establishment request message is used to request a session establishment with the TEE. After receiving the session establishment request message, the TEE sends the session establishment request message to the SE A session establishment response message, which is used to indicate confirmation of the establishment of the session, and the SE receives the session establishment response message sent by the TEE to complete the session establishment with the TEE. With this method, the SE actively initiates the process of establishing a session, and can establish a session with the TEE when the SE has communication needs, which can avoid unnecessary waste of communication resources. In this application, there is no limitation on the timing for the SE to initiate the establishment of a session. In a possible implementation manner, the above-mentioned process for the SE to initiate the establishment of the session can be in the process of initializing the SE's operating environment (which can be understood as the power-on startup process of the SE), or after the SE's operating environment is initialized Execute after a period of time.
在一个可能的实例中,若由SE主动发起会话建立,则在SE向TEE发送会话建立请求消息之前,SE还可以通过通信模块触发中断信号,该中断信号用于指示TEE接收会话建立请求消息。可以理解为,该中断信号可作为由SE主动发起会话建立的信号,这样,SE一旦通过底层的通信模块触发该中断信号,SE与TEE均可以获知SE即将主动发起会话建立,进而可做好会话建立的准备,在SE和TEE的上层通过TEE和SE交互的标准API接口实现指令的交互,可使TEE更准确的接收该会话建立请求消息。In a possible example, if the SE actively initiates the session establishment, before the SE sends the session establishment request message to the TEE, the SE may also trigger an interrupt signal through the communication module. The interrupt signal is used to instruct the TEE to receive the session establishment request message. It can be understood that the interrupt signal can be used as a signal for the SE to initiate session establishment actively. In this way, once the SE triggers the interrupt signal through the underlying communication module, both SE and TEE can learn that the SE is about to initiate session establishment actively, and then can complete the session For the establishment of preparation, the upper layer of SE and TEE realizes the interaction of instructions through the standard API interface of TEE and SE interaction, which can make TEE receive the session establishment request message more accurately.
可选的,上述用于触发中断信号的通信模块可以是核间通信(interprocess communication,IPC)模块或者其它底层硬件模块。Optionally, the above communication module for triggering the interrupt signal may be an inter-core communication (IPC) module or other underlying hardware modules.
本申请中,SE向TEE发送的会话建立请求消息,可以是为SE发起会话建立专门设置的IPC指令,可以通过IPC指令的标志位指示SE请求与TEE建立会话。当TEE通过mailbox接收该IPC指令时,执行接收SE发送的会话建立请求消息。In this application, the session establishment request message sent by the SE to the TEE may be an IPC instruction specifically set for the SE to initiate a session establishment, and the flag bit of the IPC instruction may be used to instruct the SE to establish a session with the TEE. When TEE receives the IPC instruction through the mailbox, it executes to receive the session establishment request message sent by the SE.
本申请实施例中,为实现由SE主动发起会话建立并使用TUI,可以在SE内专门设置TUI代理(TUI agent),此外,为配合实现SE使用TUI,可以在TEE内专门设置应用模块(SE-TA),如图3所示。具体功能详见下文描述。In the embodiment of the present application, in order to realize that the SE initiates session establishment and uses TUI, a TUI agent (TUI agent) can be set up specifically in the SE. In addition, in order to cooperate with the SE to use the TUI, an application module (SE -TA), as shown in Figure 3. See the description below for specific functions.
可选的,SE与TEE建立用于通信的会话,可以由SE内的TUI代理(TUI agent)与TEE内的SE-TA,通过TEE和SE交互的标准API建立该会话。Optionally, the SE and the TEE establish a session for communication. The TUI agent in the SE and the SE-TA in the TEE can establish the session through the standard API for interaction between the TEE and the SE.
一种实现方式中,由SE内的TUI代理与TEE内的SE-TA建立该会话的过程中,TEE内的SE驱动(可以作为SE的通信代理)在获取到中断信号后,解析该中断信号,并触发TEE内的SE-TA通过TEE与SE之间的API与SE内的TUI代理建立会话。In one implementation, when the session is established by the TUI agent in the SE and the SE-TA in the TEE, the SE driver in the TEE (which can act as the communication agent of the SE) parses the interrupt signal after obtaining the interrupt signal , And trigger the SE-TA in TEE to establish a session with the TUI agent in SE through the API between TEE and SE.
另一种实现方式中,由SE内的TUI代理与TEE内的SE-TA建立该会话的过程中,在SE内设置/实现客户端API(client API)通讯模块,SE内的TUI代理通过标准的TA访问接口,作为客户端(client)主动向TEE内的SE-TA发送建立会话的指令。In another implementation, during the establishment of the session between the TUI agent in the SE and the SE-TA in the TEE, the client API (client API) communication module is set / implemented in the SE, and the TUI agent in the SE passes the standard The TA access interface, as a client, actively sends a command to establish a session to the SE-TA in the TEE.
又一种实现方式中,由SE内的TUI代理与TEE内的SE-TA建立该会话的过程中,TEE内的SE驱动在获取到中断信号后,作为SE的通信代理,由SE驱动作为client通过client API与TEE内的SE-TA建立会话。In another implementation, during the process of establishing the session by the TUI agent in the SE and the SE-TA in the TEE, the SE driver in the TEE acts as the communication agent of the SE after obtaining the interrupt signal, and the SE driver acts as the client Establish a session with the SE-TA in the TEE through the client API.
S102:SE通过该会话向TEE发送用于获取TEE的安全证明的获取指令,TEE通过该会话接收来自SE的该获取指令。S102: The SE sends an acquisition instruction for acquiring the security certificate of the TEE to the TEE through the session, and the TEE receives the acquisition instruction from the SE through the session.
一个可能的实例中,SE可以通过SE内的TUI agent向TEE内的SE-TA发送该获取指令,TEE通过TEE内的SE-TA接收该获取指令。在该实例中,TEE内的SE-TA 在接收到该获取指令后,可以验证TUI agent的标识信息,待验证通过后获取TEE的属性信息生成安全证明。In a possible example, the SE may send the acquisition instruction to the SE-TA in the TEE through the TUI agent in the SE, and the TEE receives the acquisition instruction through the SE-TA in the TEE. In this example, after receiving the acquisition instruction, the SE-TA in the TEE can verify the identification information of the TUI agent, and obtain the attribute information of the TEE after the verification is passed to generate a security certificate.
本申请实施例中,TEE的属性信息可以包括TEE的平台属性信息和/或TUI能力的属性信息。其中,TEE的平台属性信息可以包括但不限于以下至少一项:TEE的标识、TEE的供应商或开发者标识、TEE的操作系统版本、TEE的启动状态、TEE的生命周期状态、TEE应用程序接口API版本信息、TEE的防回滚等级或TEE中交互应用的版本信息,交互应用为TEE中用于与SE进行通信的可信应用。TUI能力的属性信息可以包括TUI的外设类型和/或TUI的外设属性。其中,TEE的标识用于唯一标识TEE。TEE的供应商或开发者标识用于唯一标识TEE的供应商或开发者。In the embodiment of the present application, the TEE attribute information may include TEE platform attribute information and / or TUI capability attribute information. Among them, the TEE platform attribute information may include but not limited to at least one of the following: TEE logo, TEE supplier or developer logo, TEE operating system version, TEE startup status, TEE life cycle status, TEE application Interface API version information, TEE's anti-rollback level, or version information of the interactive application in TEE. The interactive application is a trusted application in TEE that communicates with the SE. The attribute information of the TUI capability may include the peripheral type of TUI and / or the peripheral attribute of TUI. Among them, the TEE logo is used to uniquely identify the TEE. The TEE supplier or developer logo is used to uniquely identify the TEE supplier or developer.
一些可能的实例中,TEE的平台属性信息还可以包括SE-TA的版本信息、设备证书、SE-TA的应用证书等。In some possible examples, the TEE platform attribute information may also include SE-TA version information, device certificate, SE-TA application certificate, and so on.
其中,TEE的启动状态可以包括TEE安全启动或TEE未安全启动。Among them, the start state of TEE may include TEE safe start or TEE unsafe start.
其中,TUI的外设属性可以包括TEE控制(TEE controllable)或TEE独占(TEE ownable)。当TUI的外设属性为TEE controllable时,该TUI的外设可以由TEE和REE共同使用,但由TEE控制。当TUI的外设属性为TEE ownable时,该TUI的外设完全由TEE独占。Among them, the peripheral attributes of TUI can include TEE control (TEE controllable) or TEE exclusive (TEE owned). When the TUI peripheral attribute is TEE controllable, the TUI peripheral can be used by both TEE and REE, but controlled by TEE. When the peripheral attribute of the TUI is TEE ownable, the peripheral of the TUI is exclusively owned by TEE.
可选的,该获取指令中可以包括TEE的属性标识,在该种情况下,该获取指令用于指示TEE使用TEE的属性标识对应的TEE属性生成安全证明。Optionally, the acquisition instruction may include a TEE attribute identifier. In this case, the acquisition instruction is used to instruct TEE to use the TEE attribute identifier corresponding to the TEE attribute identifier to generate a security certificate.
需要说明的是,当该获取指令中包括TEE的属性标识时,该TEE的属性标识可以是由SE根据预设的安全策略确定的。例如,若预设的安全策略包括TEE的操作系统版本需要为某特定版本之上的版本,则该TEE的属性标识可以包括TEE的操作系统版本的标识。It should be noted that when the TEE attribute identifier is included in the acquisition instruction, the TEE attribute identifier may be determined by the SE according to a preset security policy. For example, if the preset security policy includes that the operating system version of the TEE needs to be a version above a certain version, the attribute identification of the TEE may include the identification of the operating system version of the TEE.
S103:TEE接收到该获取指令后,根据TEE的属性信息生成安全证明。S103: After receiving the acquisition instruction, the TEE generates a security certificate according to the attribute information of the TEE.
一种可能的实现方式,该获取指令中不包括TEE的属性标识,在这种情况下,TEE根据自身能够获取到的全部属性信息或者预设的属性信息生成安全证明。具体的,TEE使用密钥对TEE的属性信息进行数字签名或消息认证码(message authentication code,MAC)操作,生成安全证明。TEE使用密钥对TEE的属性信息进行MAC操作,可以理解为,TEE使用密钥生成MAC,通过MAC确保TEE的属性信息的完整性。In a possible implementation manner, the acquisition instruction does not include the TEE attribute identifier. In this case, the TEE generates a security certificate based on all attribute information that can be acquired by itself or preset attribute information. Specifically, TEE uses a key to perform digital signature or message authentication code (MAC) operation on the TEE attribute information to generate a security certificate. TEE uses a key to perform MAC operations on TEE's attribute information. It can be understood that TEE uses a key to generate a MAC and ensure the integrity of TEE's attribute information through the MAC.
其中,该安全证明中包括TEE的属性信息,密钥包括TEE的私钥、预先配置的密钥或者TEE与SE协商的密钥。密钥可以是对称密钥或非对称密钥。Among them, the security certificate includes the attribute information of TEE, and the key includes the private key of TEE, the pre-configured key, or the key negotiated by TEE and SE. The key can be a symmetric key or an asymmetric key.
另一种可能的实现方式,该获取指令中包括TEE的属性标识,在这种情况下,TEE根据该获取指令中包括的TEE的属性标识对应的TEE属性生成安全证明。具体的,TEE查询/获取属性标识对应的TEE属性,并按照预设格式排列,使用密钥对TEE的属性标识对应的TEE属性进行数字签名或MAC操作,生成安全证明。该安全证明中包括TEE的属性标识对应的TEE属性信息。In another possible implementation manner, the acquisition instruction includes a TEE attribute identifier. In this case, the TEE generates a security certificate according to the TEE attribute corresponding to the TEE attribute identifier included in the acquisition instruction. Specifically, the TEE queries / obtains the TEE attributes corresponding to the attribute identifier, and arranges them according to a preset format, and uses the key to digitally sign or MAC the TEE attributes corresponding to the TEE attribute identifier to generate a security certificate. The security certificate includes the TEE attribute information corresponding to the TEE attribute identifier.
可选的,TEE还可以使用TEE提供的信任根(root of trust,RoT)服务接口(如度量、报告)生成TEE的安全证明。Optionally, TEE can also use the root of trust (RoT) service interfaces (such as metrics and reports) provided by TEE to generate TEE security certificates.
可以理解,TEE可以通过TEE内的SE-TA生成安全证明。Understandably, TEE can generate a security certificate through SE-TA within TEE.
S104:TEE通过该会话向SE发送生成的安全证明,SE通过该会话接收TEE发送 的安全证明。S104: The TEE sends the generated security certificate to the SE through the session, and the SE receives the security certificate sent by the TEE through the session.
可以理解,TEE可以通过TEE内的SE-TA向SE内的TUI agent发送该生成的安全证明。It can be understood that the TEE can send the generated security certificate to the TUI agent in the SE through the SE-TA in the TEE.
S105:SE通过该会话接收TEE发送的安全证明后,SE根据该安全证明以及预设的安全策略,确定TEE处于安全状态。S105: After the SE receives the security certificate sent by the TEE through the session, the SE determines that the TEE is in a safe state according to the security certificate and the preset security policy.
一种实现方式中,安全证明中包括TEE的属性信息,SE在确定TEE的属性信息满足预设的安全策略时,确定TEE处于安全状态。本申请中,安全策略的数目可以是一条,也可以是多条。当安全策略的数目为多条时,SE在确定TEE的属性信息满足全部安全策略时,确定TEE处于安全状态。In one implementation, the security certificate includes the TEE attribute information. When the SE determines that the TEE attribute information satisfies the preset security policy, the SE determines that the TEE is in a safe state. In this application, the number of security policies may be one or more. When the number of security policies is multiple, the SE determines that the TEE is in a safe state when it determines that the TEE attribute information satisfies all security policies.
可以理解SE可以通过SE内的TUI agent确定TEE处于安全状态。It can be understood that the SE can determine that the TEE is in a safe state through the TUI agent in the SE.
下面以几个实例对SE如何通过SE内的TUI agent,根据TEE的属性信息以及预设的安全策略确定TEE处于安全状态进行说明。The following describes how the SE determines the TEE is in a safe state according to the TEE attribute information and the preset security policy through the TUI agent in the SE.
例如,SE内的TUI agent预设的安全策略为仅当TUI的外设属性为TEE ownable时确定TEE安全,这样,当SE确定TUI的外设属性为TEE独占时,可以确定TEE处于安全状态。For example, the security strategy preset by the TUI agent in the SE is to determine TEE security only when the TUI peripheral attribute is TEE ownable. In this way, when the SE determines that the TUI peripheral attribute is TEE exclusive, it can be determined that the TEE is in a safe state.
又例如,SE内的TUI agent预设的安全策略为当TEE的操作系统版本为20180101xxx以上时确定TEE安全,这样,当SE确定TEE的操作系统版本为20180101xxx以上时,可以确定TEE处于安全状态。For another example, the preset security policy of the TUI agent in the SE is to determine the TEE security when the operating system version of the TEE is 20180101xxx or higher. In this way, when the SE determines that the operating system version of the TEE is 20180101xxx or higher, it can be determined that the TEE is in a safe state.
S106:SE在确定TEE处于安全状态之后,SE将第一能力开放给SE内的第三方业务。其中,第一能力基于TEE的第二能力实现,可以理解为第一能力基于第二能力封装得到。本申请实施例中,对TEE的第二能力不做限定,TEE的第二能力可以包括TUI能力。S106: After the SE determines that the TEE is in a safe state, the SE opens the first capability to third-party services in the SE. The first capability is implemented based on the second capability of TEE, which can be understood as the first capability is obtained based on the second capability encapsulation. In the embodiment of the present application, the second capability of TEE is not limited, and the second capability of TEE may include a TUI capability.
本申请实施例中,SE在确定TEE处于安全状态之后,还可以通知TEE完成认证过程。In the embodiment of the present application, after determining that the TEE is in a safe state, the SE may also notify the TEE to complete the authentication process.
以TEE的第二能力为TUI能力为例,SE在确定TEE处于安全状态之后,可以将基于TEE的TUI能力实现的第一能力(在SE内可以称之为SE的TUI服务)注册为SE的全局服务(global service)开放给SE内的第三方业务。Taking the second capability of TEE as the TUI capability as an example, after determining that the TEE is in a safe state, the SE can register the first capability (which can be called the TUI service of the SE within the SE) based on the TEE capability of the SE as the SE Global service (global service) is open to third-party services within the SE.
其中,将第一能力注册为SE的global service之后,SE内的第三方业务均可以调用该第一能力。After the first capability is registered as the global service of the SE, all third-party services in the SE can call the first capability.
在一个可能的实例中,SE可以发送广播给注册需要使用该global service的第三方业务。In a possible example, the SE may send a broadcast to a third-party service that needs to use the global service for registration.
本申请实施例中,SE接收到TEE的安全证明后,还可以存储该安全证明。在第三方业务注册使用该global service时,响应第三方业务的请求,可以同时将该安全证明发送给第三方业务。此时第三方业务也可以设置一些安全策略,用于判断是否使用该global service。In the embodiment of the present application, after receiving the TEE security certificate, the SE may also store the security certificate. When the third-party service registers to use the global service, in response to the request of the third-party service, the security certificate can be sent to the third-party service at the same time. At this time, the third-party service can also set some security policies to determine whether to use the global service.
通过上述方法,当通过TEE+SE安全架构执行业务时,SE可以在执行业务之前与TEE建立用于通信的会话,可通过该会话请求获取TEE的安全证明,进而可根据TEE的安全证明以及预设的安全策略,确定TEE处于安全状态,并在确定TEE处于安全状态之后,将第一能力开放给SE内的第三方业务,这样,在保证TEE自身处于安全 状态的情况下,才开放能力给SE内的第三方业务,可以保证在TEE+SE安全架构下执行业务的安全性。Through the above method, when the business is executed through the TEE + SE security architecture, the SE can establish a communication session with the TEE before executing the business, and can obtain the TEE security certificate through the session request, and then the TEE security certificate and the The security policy established determines that TEE is in a safe state, and after determining that TEE is in a safe state, the first capability is opened to third-party services in the SE. In this way, the ability to open is only allowed when the TEE itself is in a safe state. The third-party business within the SE can ensure the security of the business executed under the TEE + SE security architecture.
一个可能的实例中,SE在根据安全证明以及预设的安全策略确定TEE处于安全状态之前,还可以对安全证明进行认证,确定安全证明是由TEE生成,且未被篡改。可以理解为,SE对安全证明进行认证,确保安全证明来自合法的TEE。In a possible example, before determining that the TEE is in a safe state according to the security certificate and the preset security policy, the SE can also authenticate the security certificate to determine that the security certificate is generated by the TEE and has not been tampered with. It can be understood that the SE certifies the safety certificate to ensure that the safety certificate comes from a legal TEE.
以通过SE内的TUI agent对安全证明进行认证为例。一种可能的实现方式中,TUI agent可以调用预置的验证密钥验证安全证明,确保安全证明来自合法或自己信任的TEE。Take the TUI agent in the SE to authenticate the security certificate as an example. In a possible implementation, the TUI agent can call a preset verification key to verify the security certificate and ensure that the security certificate comes from a legal or trusted TEE.
通过本申请实施例提供的方法,SE既要对TEE发送的安全证明进行安全验证,保证该安全证明是由该TEE生成,且未被篡改,即,保证该安全证明的完整性和真实性,还要基于安全策略确定TEE处于SE认可的安全状态,通过该方法实现对TEE的双重安全验证,使得SE使用并开放TEE能力时更高的安全保障。Through the method provided by the embodiment of the present application, the SE must verify the security certificate sent by the TEE to ensure that the security certificate is generated by the TEE and has not been tampered with, that is, to ensure the integrity and authenticity of the security certificate, It is also necessary to determine that the TEE is in a safe state recognized by the SE based on the security strategy. This method realizes double security verification of the TEE, which enables the SE to use and open the TEE capability for higher security.
一个可能的实例中,SE确定TEE处于安全状态之后,还可以与TEE协商通信密钥,协商的该通信密钥与TEE的状态绑定,该通信密钥用于SE在后续使用第二能力过程中进行加密,当SE确定TEE重新启动或TEE的属性改变时,删除通信密钥。In a possible example, after the SE determines that the TEE is in a safe state, it can also negotiate a communication key with the TEE, and the negotiated communication key is bound to the state of the TEE, and the communication key is used by the SE to subsequently use the second capability process The encryption is performed during the process, and when the SE determines that the TEE is restarted or the attributes of the TEE are changed, the communication key is deleted.
通过该方法,SE在验证TEE处于安全状态之后,与TEE协商用于通信的通信密钥,该通信密钥与TEE的状态绑定,也就是说,只要TEE的状态未发生改变,TEE与SE的通信一直使用该通信密钥,SE不需要每次通信都去验证TEE的安全状态,可提高通信效率。此外,当SE确定TEE状态改变时,可以删除通信密钥,再次使用本申请提供的方法对TEE进行安全验证,并重新协商通信密钥。Through this method, after verifying that TEE is in a safe state, the SE negotiates a communication key for communication with the TEE, which is bound to the state of the TEE, that is, as long as the state of the TEE has not changed, the TEE and the SE The communication key is always used for communication, and SE does not need to verify the security status of TEE every communication, which can improve communication efficiency. In addition, when the SE determines that the TEE status has changed, it can delete the communication key, use the method provided in this application to perform security verification on the TEE again, and renegotiate the communication key.
可选的,该通信密钥可以包括基于该通信密钥导出的会话密钥。Optionally, the communication key may include a session key derived based on the communication key.
需要说明的是,当SE所在的设备存在多个TEE时,SE可以获取多个TEE的安全证明,并分别对多个TEE的安全证明进行验证,确定满足安全策略的多个TEE。在确定出多个满足安全策略的TEE之后,还可以分别基于这些满足安全策略的TEE的TUI能力实现对应的第一能力。SE在将第一能力开放给SE内的第三方业务时,可以显示有多个基于TEE的TUI能力实现的第一能力可用,由第三方业务选择使用哪个第一能力。It should be noted that when multiple TEEs exist in the equipment where the SE is located, the SE can obtain the security certificates of multiple TEEs, and verify the security certificates of multiple TEEs respectively to determine multiple TEEs that meet the security policy. After multiple TEEs satisfying the security policy are determined, the corresponding first capabilities can also be implemented based on the TUI capabilities of the TEEs satisfying the security policy, respectively. When the SE opens the first capability to the third-party service in the SE, it can display that multiple first capabilities realized by TEE-based TUI capabilities are available, and the third-party service selects which first capability to use.
本申请实施例上述提供的是一种在SE对TEE进行安全验证的方法,但是本申请不限定只能在SE对TEE进行安全验证。一种可能的实现方式中,SE可以将预设的安全策略发送至TEE,在TEE完成TEE对SE的认证,并向SE发送认证结果,若验证结果为验证通过,即,TEE的属性满足SE预设的安全策略,则SE在接收到该认证结果后,可以将第一能力开放给SE内的第三方业务。The embodiments of the present application provide a method for performing security verification on the TEE at the SE, but the application is not limited to performing security verification on the TEE at the SE. In a possible implementation, the SE may send the preset security policy to TEE, complete the TEE certification of the SE at the TEE, and send the certification result to the SE. If the verification result is verified, that is, the attributes of the TEE satisfy the SE With the preset security policy, after receiving the authentication result, the SE may open the first capability to the third-party service in the SE.
下面结合图3-图4,对本申请实施例提供的能力开放方法进行举例说明。The following describes the capability opening method provided by the embodiments of the present application with reference to FIGS. 3 to 4.
参阅图3所示,为本申请实施例提供的一种架构示意图,图3中架构除包括图1所示的架构中的全部模块之外,还包括为实现由SE主动发起会话建立并使用TUI,可以在SE内专门设置TUI代理(TUI agent),此外,还包括为配合实现SE使用TUI,在TEE内专门设置应用模块(SE-TA),该架构中与图1中相同的模块作用也相同,不再赘述。应理解,图3所示的架构中仅示出部分模块,实际应用中该架构还可以包括更多或者更少的模块,图3仅作为示意,而不引以为限。Refer to FIG. 3, which is a schematic diagram of an architecture provided by an embodiment of the present application. In addition to all the modules in the architecture shown in FIG. 1, the architecture in FIG. 3 also includes the initiative to initiate session establishment by the SE and use TUI , You can set up a TUI agent (TUI agent) in the SE. In addition, it also includes a dedicated application module (SE-TA) in the TEE for the use of the TUI for the implementation of the SE. The same module in the architecture as in Figure 1 also functions The same, no longer repeat. It should be understood that only some of the modules are shown in the architecture shown in FIG. 3, and the architecture may also include more or fewer modules in actual applications. FIG. 3 is only for illustration, not for limitation.
本申请实施例以下提供一种基于图3所示架构实施本申请实施例的方法。参阅图4所示,为本申请实施例提供的另一种能力开放方法流程图,图4中以SE通过SE内的TUI agent、TEE通过TEE内的SE-TA实施本申请提供的能力开放方法为例说明。Embodiments of the present application The following provides a method for implementing embodiments of the present application based on the architecture shown in FIG. 3. Referring to FIG. 4, which is a flowchart of another capability opening method provided by an embodiment of the present application, in FIG. 4, the capability opening method provided by the present application is implemented by SE through the TUI agent in the SE and TEE through the SE-TA in the TEE For example.
图4所示的方法包括以下步骤:The method shown in Figure 4 includes the following steps:
S201:TUI agent与SE-TA建立用于通信的会话。S201: The TUI agent establishes a communication session with the SE-TA.
需要说明的是,本申请中所涉及的TUI agent均是指SE内的TUI agent,所涉及的SE-TA均是指TEE内的SE-TA。It should be noted that the TUI agents involved in this application refer to the TUI agents in the SE, and the SE-TAs involved refer to the SE-TAs in the TEE.
下文中以TUI agent主动发起会话建立为例说明。The following uses the TUI agent to initiate session establishment as an example.
在TUI agent主动发起会话建立之前,SE还可以通过通信模块触发中断信号,该中断信号用于指示由TUI agent主动发起会话建立。具体如何触发可以参见图2中相关描述,此处不再赘述。Before the TUI agent actively initiates session establishment, the SE can also trigger an interrupt signal through the communication module. The interrupt signal is used to instruct the TUI agent to initiate session establishment actively. For details on how to trigger, please refer to the related description in FIG. 2, which will not be repeated here.
S202:TUI agent通过建立的会话向SE-TA发送用于获取TEE的安全证明的获取指令,SE-TA通过建立的会话接收该获取指令。S202: The TUI agent sends the SE-TA an acquisition instruction for acquiring the TEE security certificate through the established session, and the SE-TA receives the acquisition instruction through the established session.
可选的,该获取指令中可以包括TEE的属性标识,在该种情况下,该获取指令用于指示TEE使用TEE的属性标识对应的TEE属性生成安全证明。Optionally, the acquisition instruction may include a TEE attribute identifier. In this case, the acquisition instruction is used to instruct TEE to use the TEE attribute identifier corresponding to the TEE attribute identifier to generate a security certificate.
S203:SE-TA接收到该获取指令后,可以验证TUI agent的标识信息,待验证通过后可以获取TUI能力的属性信息以及TEE的平台属性信息。S203: After receiving the acquisition instruction, the SE-TA can verify the identification information of the TUI agent, and after the verification is passed, the attribute information of the TUI capability and the platform attribute information of the TEE can be acquired.
一种可能的实现方式中,SE-TA可以通过TEE操作系统提供的TUI查询接口获取TUI能力的属性信息,通过TEE操作系统提供的平台属性查询接口获取TEE的平台属性信息。In a possible implementation manner, the SE-TA may obtain TUI capability attribute information through the TUI query interface provided by the TEE operating system, and obtain TEE platform attribute information through the platform attribute query interface provided by the TEE operating system.
S204:SE-TA获取到TUI能力的属性信息以及TEE的平台属性信息后,生成安全证明。S204: After obtaining the attribute information of the TUI capability and the platform attribute information of the TEE, the SE-TA generates a security certificate.
在一个可能的实例中,SE-TA获取到TUI能力的属性信息以及TEE的平台属性信息后,还可以将获取到的TUI能力的属性信息以及TEE的平台属性信息发送给TEE操作系统,由TEE操作系统来根据TEE的平台属性信息以及TUI能力的属性信息生成安全证明,TEE操作系统生成安全证明后向SE-TA发送该安全证明,参见S205-S207。In a possible example, after SE-TA obtains TUI capability attribute information and TEE platform attribute information, it can also send the acquired TUI capability attribute information and TEE platform attribute information to the TEE operating system. The operating system generates a security certificate based on the TEE platform attribute information and the TUI capability attribute information. The TEE operating system generates the security certificate and sends the security certificate to the SE-TA, see S205-S207.
S205:SE-TA向TEE操作系统发送TUI能力的属性信息以及TEE的平台属性信息。S205: The SE-TA sends TUI capability attribute information and TEE platform attribute information to the TEE operating system.
S206:TEE操作系统根据TEE的平台属性信息以及TUI能力的属性信息生成安全证明。S206: The TEE operating system generates a security certificate according to TEE platform attribute information and TUI capability attribute information.
S207:TEE操作系统向SE-TA发送该安全证明。S207: The TEE operating system sends the security certificate to the SE-TA.
具体如何生成安全证明,以及TEE的平台属性信息、TUI能力的属性信息所包含的内容可参见上述图2所示方法中的描述。For details on how to generate the security certificate, and the content contained in the TEE platform attribute information and TUI capability attribute information, please refer to the description in the method shown in FIG. 2 above.
S208:SE-TA通过该会话向TUI agent发送安全证明,TUI agent通过该会话接收该安全证明。S208: The SE-TA sends a security certificate to the TUI agent through the session, and the TUI agent receives the security certificate through the session.
S209:TUI agent通过该会话接收到该安全证明后,TUI agent可以调用预置的验证密钥验证安全证明,确保安全证明来自合法或自己信任的TEE。S209: After the TUI agent receives the security certificate through the session, the TUI agent can call a preset verification key to verify the security certificate, to ensure that the security certificate comes from a legal or trusted TEE.
S210:TUI agent根据该安全证明以及预设的安全策略,确定TEE处于安全状态。具体如何确定可以参见上述图2所示方法中的描述。S210: The TUI agent determines that the TEE is in a safe state according to the security certificate and the preset security policy. For details, please refer to the description in the method shown in FIG. 2 above.
S211:TUI agent在确定TEE处于安全状态之后,将第一能力开放给SE内的第三方业务。S211: After determining that the TEE is in a safe state, the TUI agent opens the first capability to the third-party service in the SE.
可选的,TUI agent可以发送广播给注册需要使用该global service的第三方业务。当然,该广播也可以发送给SE-TA,参见图4的S212。Optionally, the TUI agent can send broadcasts to third-party services that need to use the global service. Of course, the broadcast can also be sent to SE-TA, see S212 of FIG. 4.
可选的,TUI agent在确定TEE处于安全状态之后,还可以与TEE协商通信密钥,协商的该通信密钥与TEE的状态绑定,该通信密钥用于SE在后续使用第二能力过程中进行加密,当SE确定TEE重新启动或TEE的属性改变时,删除通信密钥。该过程可参见图4的S213。Optionally, after determining that the TEE is in a safe state, the TUI agent may also negotiate a communication key with the TEE, and the negotiated communication key is bound to the state of the TEE, and the communication key is used by the SE to subsequently use the second capability The encryption is performed during the process, and when the SE determines that the TEE is restarted or the attributes of the TEE are changed, the communication key is deleted. For the process, please refer to S213 in FIG. 4.
通过本申请提供的方法,当通过TEE+SE安全架构执行业务时,SE可以在执行业务之前与TEE建立用于通信的会话,可通过该会话请求获取TEE的安全证明,进而可根据TEE的安全证明以及预设的安全策略,确定TEE处于安全状态,并在确定TEE处于安全状态之后,将第一能力开放给SE内的第三方业务,这样,在保证TEE自身处于安全状态的情况下,才开放能力给SE内的第三方业务,可以保证在TEE+SE安全架构下执行业务的安全性。Through the method provided in this application, when executing a business through the TEE + SE security architecture, the SE can establish a communication session with the TEE before performing the business, and can obtain the TEE security certificate through the session request, and then can be based on the TEE security Proof and pre-defined security strategy to determine that TEE is in a safe state, and after determining that TEE is in a safe state, the first capability is opened to third-party services within the SE, so that only when the TEE itself is guaranteed to be in a safe state Opening up capabilities to third-party services within the SE can ensure the security of business execution under the TEE + SE security architecture.
基于与方法实施例的同一发明构思,本申请实施例还提供了一种能力开放装置。可以理解的是,该能力开放装置为了实现上述功能,其包含了执行各个功能相应的硬件结构和/或软件模块。本领域技术人员应该很容易意识到,结合本文中所公开的实施例描述的各示例的算法步骤,本申请能够以硬件或硬件和计算机软件的结合形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。Based on the same inventive concept as the method embodiment, an embodiment of the present application also provides a capability opening device. It can be understood that, in order to realize the above-mentioned functions, the capability opening device includes a hardware structure and / or a software module corresponding to each function. Those skilled in the art should easily realize that, in combination with the algorithm steps of the examples described in the embodiments disclosed herein, the present application can be implemented in the form of hardware or a combination of hardware and computer software. Whether a function is executed by hardware or computer software driven hardware depends on the specific application and design constraints of the technical solution. Professional technicians can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application.
在采用集成单元的情况下,图5示出了本申请实施例涉及的能力开放装置的一种可能的结构示意图,该能力开放装置500可以以软件的形式存在,也可以为终端内的SE。如图5所示,能力开放装置500包括处理模块501以及通信模块502。通信模块502用于支持能力开放装置500与其他设备或模块的交互,处理模块501用于对能力开放装置500的动作进行控制管理。例如,处理模块501可以用于执行图2中的S105-S106等技术过程,还可以用于执行图4中的S208-S210等技术过程,通信模块502可以用于执行图2中的S101、S102技术过程,还可以用于执行图4中的S201、S202、S211-S212等技术过程,通信模块502可以用于执行图2中的S104技术过程,还可以用于执行图4中的S207、S212等技术过程。能力开放装置500还可以包括存储模块503,用于存储能力开放装置500的程序代码和数据。In the case of using an integrated unit, FIG. 5 shows a possible structural schematic diagram of a capability opening device according to an embodiment of the present application. The capability opening device 500 may exist in the form of software, or may be an SE in a terminal. As shown in FIG. 5, the capability opening device 500 includes a processing module 501 and a communication module 502. The communication module 502 is used to support the interaction between the capability opening device 500 and other devices or modules, and the processing module 501 is used to control and manage the actions of the capability opening device 500. For example, the processing module 501 can be used to perform the technical processes such as S105-S106 in FIG. 2, and can also be used to perform the technical processes such as S208-S210 in FIG. 4, and the communication module 502 can be used to perform S101, S102 in FIG. 2. The technical process can also be used to perform S201, S202, S211-S212 and other technical processes in FIG. 4, and the communication module 502 can be used to perform the S104 technical process in FIG. 2 and can also be used to perform S207 and S212 in FIG. 4. And other technical processes. The capability opening device 500 may further include a storage module 503 for storing program codes and data of the capability opening device 500.
在采用集成单元的情况下,图6示出了本申请实施例涉及的能力开放装置的另一种可能的结构示意图,该能力开放装置600可以以软件的形式存在,也可以为终端内的TEE。如图6所示,能力开放装置600包括处理模块601以及通信模块602。通信模块602用于支持能力开放装置600与其他设备或模块的交互,处理模块601用于对能力开放装置600的动作进行控制管理。例如,处理模块601可以用于执行图2中的S103等技术过程,还可以用于执行图4中的S203、S205等技术过程,通信模块602可以用于执行图2中的S101、S104技术过程,还可以用于执行图4中的S201、S207、S212等技术过程,通信模块602可以用于执行图2中的S102技术过程,还可以用于 执行图4中的S202、S211-S212等技术过程。能力开放装置600还可以包括存储模块603,用于存储能力开放装置600的程序代码和数据。In the case of using an integrated unit, FIG. 6 shows another possible structural schematic diagram of a capability opening device according to an embodiment of the present application. The capability opening device 600 may exist in the form of software, or may be a TEE in a terminal. . As shown in FIG. 6, the capability opening device 600 includes a processing module 601 and a communication module 602. The communication module 602 is used to support the interaction between the capability opening device 600 and other devices or modules, and the processing module 601 is used to control and manage the actions of the capability opening device 600. For example, the processing module 601 can be used to perform the technical processes such as S103 in FIG. 2, can also be used to perform the technical processes such as S203 and S205 in FIG. 4, and the communication module 602 can be used to perform the technical processes S101 and S104 in FIG. It can also be used to perform the technical processes of S201, S207, and S212 in FIG. 4, and the communication module 602 can be used to perform the technical process of S102 in FIG. 2 and can also be used to perform the technologies of S202, S211-S212 in FIG. 4. process. The capability opening device 600 may further include a storage module 603 for storing program codes and data of the capability opening device 600.
应理解以上装置中单元的划分仅仅是一种逻辑功能的划分,实际实现时可以全部或部分集成到一个物理实体上,也可以物理上分开。且装置中的单元可以全部以软件通过处理元件调用的形式实现;也可以全部以硬件的形式实现;还可以部分单元以软件通过处理元件调用的形式实现,部分单元以硬件的形式实现。例如,各个单元可以为单独设立的处理元件,也可以集成在装置的某一个芯片中实现,此外,也可以以程序的形式存储于存储器中,由装置的某一个处理元件调用并执行该单元的功能。此外这些单元全部或部分可以集成在一起,也可以独立实现。这里所述的处理元件又可以成为处理器,可以是一种具有信号的处理能力的集成电路。在实现过程中,上述方法的各步骤或以上各个单元可以通过处理器元件中的硬件的集成逻辑电路实现或者以软件通过处理元件调用的形式实现。It should be understood that the division of the units in the above device is only a division of logical functions, and in actual implementation, it may be fully or partially integrated into a physical entity or may be physically separated. Moreover, the units in the device can be implemented in the form of software calling through processing elements; they can also be implemented in the form of hardware; some units can also be implemented in software through processing elements, and some units can be implemented in hardware. For example, each unit can be a separate processing element, or it can be integrated in a chip of the device. In addition, it can also be stored in the memory in the form of a program, which is called and executed by a processing element of the device. Features. In addition, all or part of these units can be integrated together or can be implemented independently. The processing element described here can become a processor again, which can be an integrated circuit with signal processing capability. In the implementation process, each step of the above method or each unit above may be implemented by an integrated logic circuit of hardware in a processor element or in the form of software invoking through a processing element.
在一个例子中,以上任一装置中的单元可以是被配置成实施以上方法的一个或多个集成电路,例如:一个或多个特定集成电路(application specific integrated circuit,ASIC),或,一个或多个微处理器(digital singnal processor,DSP),或,一个或者多个现场可编程门阵列(field programmable gate array,FPGA),或这些集成电路形式中至少两种的组合。再如,当装置中的单元可以通过处理元件调度程序的形式实现时,该处理元件可以是通用处理器,例如中央处理器(central processing unit,CPU)或其它可以调用程序的处理器。再如,这些单元可以集成在一起,以片上系统(system-on-a-chip,SOC)的形式实现。In one example, the unit in any of the above devices may be one or more integrated circuits configured to implement the above method, for example: one or more specific integrated circuits (application specific integrated circuits, ASIC), or, one or Multiple microprocessors (DSPs), or one or more field programmable gate arrays (FPGAs), or a combination of at least two of these integrated circuit forms. As another example, when the unit in the device can be implemented in the form of a processing element scheduling program, the processing element may be a general-purpose processor, such as a central processing unit (CPU) or other processor that can call a program. As another example, these units can be integrated together and implemented in the form of a system-on-a-chip (SOC).
基于与上述方法实施例相同构思,本申请实施例中还提供一种计算机存储介质,所述计算机存储介质存储有计算机可执行指令,所述计算机可执行指令在被计算机调用时,使所述计算机执行上述提供的方法实施例中的各个实施例的具体过程。本申请实施例中,对所述计算机可读存储介质不做限定,例如,可以是RAM(random-access memory,随机存取存储器)、ROM(read-only memory,只读存储器)等。Based on the same concept as the above method embodiment, a computer storage medium is also provided in an embodiment of the present application. The computer storage medium stores computer-executable instructions. When the computer-executable instructions are called by a computer, the computer The specific process of each of the method embodiments provided above is performed. In the embodiment of the present application, the computer-readable storage medium is not limited, for example, it may be RAM (random-access memory), ROM (read-only memory).
基于与上述方法实施例相同构思,本申请实施例中还提供一种计算机程序产品,所述计算机程序产品中存储有指令,当其在计算机上运行时,使得计算机执行上述任意一种可能的设计中提供的方法。Based on the same concept as the above method embodiment, a computer program product is also provided in an embodiment of the present application, where the computer program product stores instructions that, when run on the computer, cause the computer to perform any of the above possible designs The method provided in.
本领域内的技术人员应明白,本申请实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present application may be provided as methods, systems, or computer program products. Therefore, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware. Moreover, the present application may take the form of a computer program product implemented on one or more computer usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer usable program code.
本申请是参照根据本申请实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或 多个方框中指定的功能的装置。This application is described with reference to flowcharts and / or block diagrams of methods, devices (systems), and computer program products according to embodiments of the application. It should be understood that each flow and / or block in the flowchart and / or block diagram and a combination of the flow and / or block in the flowchart and / or block diagram may be implemented by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, special-purpose computer, embedded processing machine, or other programmable data processing device to produce a machine that enables the generation of instructions executed by the processor of the computer or other programmable data processing device An apparatus for realizing the functions specified in one block or multiple blocks of one flow or multiple flows of a flowchart and / or one block or multiple blocks of a block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory that can guide a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including an instruction device, the instructions The device implements the functions specified in one block or multiple blocks of the flowchart one flow or multiple flows and / or block diagrams.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, so that a series of operating steps are performed on the computer or other programmable device to produce computer-implemented processing, which is executed on the computer or other programmable device The instructions provide steps for implementing the functions specified in one block or multiple blocks of the flowchart one flow or multiple flows and / or block diagrams.
尽管已描述了本申请中一些可能的实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括本申请实施例以及落入本申请范围的所有变更和修改。Although some possible embodiments in the present application have been described, those skilled in the art can make additional changes and modifications to these embodiments once they learn the basic inventive concept. Therefore, the appended claims are intended to be construed as including the embodiments of the present application and all changes and modifications falling within the scope of the present application.
显然,本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的精神和范围。这样,倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various modifications and variations to this application without departing from the spirit and scope of this application. In this way, if these modifications and variations of the present application fall within the scope of the claims of the present application and their equivalent technologies, the present application is also intended to include these modifications and variations.

Claims (28)

  1. 一种能力开放方法,其特征在于,包括:A capability opening method, characterized by including:
    安全单元SE与可信执行环境TEE建立用于通信的会话;The security unit SE establishes a session for communication with the trusted execution environment TEE;
    所述SE通过所述会话向所述TEE发送用于获取所述TEE的安全证明的获取指令;The SE sends an acquisition instruction for acquiring the security certificate of the TEE to the TEE through the session;
    所述SE通过所述会话接收所述TEE发送的所述安全证明;The SE receives the security certificate sent by the TEE through the session;
    所述SE根据所述安全证明以及预设的安全策略,确定所述TEE处于安全状态;The SE determines that the TEE is in a safe state according to the safety certificate and a preset safety policy;
    所述SE将第一能力开放给所述SE内的第三方业务,所述第一能力基于所述TEE的第二能力实现。The SE opens the first capability to third-party services in the SE, and the first capability is implemented based on the second capability of the TEE.
  2. 根据权利要求1所述的方法,其特征在于,所述安全证明中包括所述TEE的属性信息;The method according to claim 1, wherein the security certificate includes attribute information of the TEE;
    所述SE根据所述安全证明以及预设的安全策略,确定所述TEE处于安全状态,包括:The SE determines that the TEE is in a safe state according to the safety certificate and a preset safety policy, including:
    所述SE确定所述TEE的属性信息满足预设的安全策略时,确定所述TEE处于安全状态。When the SE determines that the attribute information of the TEE meets a preset security policy, it determines that the TEE is in a safe state.
  3. 根据权利要求2所述的方法,其特征在于,所述第二能力包括可信用户界面TUI能力,所述TEE的属性信息包括所述TEE的平台属性信息和/或所述TUI能力的属性信息;The method according to claim 2, wherein the second capability includes a trusted user interface TUI capability, and the attribute information of the TEE includes platform attribute information of the TEE and / or attribute information of the TUI capability ;
    所述TEE的平台属性信息包括以下至少一项:The TEE platform attribute information includes at least one of the following:
    所述TEE的标识、所述TEE的开发者标识、所述TEE的操作系统版本、所述TEE的启动状态、所述TEE的生命周期状态、所述TEE应用程序接口API版本信息、所述TEE的防回滚等级或所述TEE中交互应用的版本信息,所述交互应用为所述TEE中用于与所述SE进行通信的可信应用;The TEE logo, the TEE developer logo, the TEE operating system version, the TEE startup state, the TEE life cycle state, the TEE application program interface API version information, the TEE Anti-rollback level or version information of the interactive application in the TEE, the interactive application is a trusted application in the TEE for communicating with the SE;
    所述TUI能力的属性信息包括TUI的外设类型和/或TUI的外设属性。The attribute information of the TUI capability includes a peripheral type of TUI and / or a peripheral attribute of TUI.
  4. 根据权利要求1至3任一项所述的方法,其特征在于,所述SE与TEE建立用于通信的会话,包括:The method according to any one of claims 1 to 3, wherein the establishment of a communication session between the SE and the TEE includes:
    所述SE向所述TEE发送会话建立请求消息,所述会话建立请求消息用于请求与所述TEE建立所述会话;The SE sends a session establishment request message to the TEE, and the session establishment request message is used to request the establishment of the session with the TEE;
    所述SE接收所述TEE发送的会话建立响应消息,所述会话建立响应消息用于指示确认建立所述会话。The SE receives the session establishment response message sent by the TEE, and the session establishment response message is used to instruct to confirm the establishment of the session.
  5. 根据权利要求4所述的方法,其特征在于,所述SE向所述TEE发送会话建立请求消息之前,还包括:The method according to claim 4, wherein before the SE sends a session establishment request message to the TEE, the method further comprises:
    所述SE通过通信模块触发中断信号,所述中断信号用于指示所述TEE接收所述会话建立请求消息。The SE triggers an interrupt signal through the communication module, and the interrupt signal is used to instruct the TEE to receive the session establishment request message.
  6. 根据权利要求1至5任一项所述的方法,其特征在于,所述SE根据所述安全证明以及预设的安全策略,确定所述TEE处于安全状态之前,还包括:The method according to any one of claims 1 to 5, wherein the SE determines that the TEE is in a safe state according to the security certificate and a preset security policy, further comprising:
    所述SE对所述安全证明进行认证,确定所述安全证明是由所述TEE生成,且未被篡改。The SE authenticates the security certificate, and determines that the security certificate is generated by the TEE and has not been tampered with.
  7. 根据权利要求1至6任一项所述的方法,其特征在于,所述获取指令中包括所 述TEE的属性标识,所述获取指令用于指示所述TEE使用所述TEE的属性标识对应的TEE属性生成所述安全证明。The method according to any one of claims 1 to 6, wherein the acquisition instruction includes an attribute identifier of the TEE, and the acquisition instruction is used to instruct the TEE to use the attribute identifier of the TEE The TEE attribute generates the security certificate.
  8. 根据权利要求1至7任一项所述的方法,其特征在于,所述SE确定所述TEE处于安全状态之后,还包括:The method according to any one of claims 1 to 7, wherein after the SE determines that the TEE is in a safe state, the method further includes:
    所述SE与所述TEE协商通信密钥,所述通信密钥与所述TEE的状态绑定,所述通信密钥用于所述SE与所述TEE进行通信;The SE negotiates a communication key with the TEE, the communication key is bound to the state of the TEE, and the communication key is used for the SE to communicate with the TEE;
    当所述SE确定所述TEE重新启动或所述TEE的属性改变时,删除所述通信密钥。When the SE determines that the TEE is restarted or the attribute of the TEE is changed, the communication key is deleted.
  9. 一种能力开放方法,其特征在于,包括:A capability opening method, characterized by including:
    可信执行环境TEE与安全单元SE建立用于通信的会话;The trusted execution environment TEE and the security unit SE establish a session for communication;
    所述TEE通过所述会话接收来自所述SE的用于获取所述TEE的安全证明的获取指令;The TEE receives an acquisition instruction from the SE for acquiring the security certificate of the TEE through the session;
    所述TEE根据所述TEE的属性信息生成所述安全证明;The TEE generates the security certificate according to the attribute information of the TEE;
    所述TEE通过所述会话向所述SE发送所述安全证明。The TEE sends the security certificate to the SE through the session.
  10. 根据权利要求9所述的方法,其特征在于,所述TEE根据所述TEE的属性信息生成所述安全证明,包括:The method according to claim 9, wherein the TEE generating the security certificate according to the attribute information of the TEE includes:
    所述TEE使用密钥对所述TEE的属性信息进行数字签名或消息认证码MAC操作,生成所述安全证明,所述安全证明中包括所述TEE的属性信息,所述密钥包括所述TEE的私钥、预先配置的密钥或者所述TEE与所述SE协商的密钥。The TEE uses a key to perform digital signature or message authentication code MAC operation on the attribute information of the TEE to generate the security certificate, the security certificate includes the attribute information of the TEE, and the key includes the TEE Private key, pre-configured key, or key negotiated between the TEE and the SE.
  11. 根据权利要求9或10所述的方法,其特征在于,所述TEE的属性信息包括所述TEE的平台属性信息和/或TUI能力的属性信息;The method according to claim 9 or 10, wherein the attribute information of the TEE includes platform attribute information and / or TUI capability attribute information of the TEE;
    所述TEE的平台属性信息包括以下至少一项:The TEE platform attribute information includes at least one of the following:
    所述TEE的标识、所述TEE的开发者标识、所述TEE的操作系统版本、所述TEE的启动状态、所述TEE的生命周期状态、所述TEE应用程序接口API版本信息、所述TEE的防回滚等级或所述TEE中交互应用的版本信息,所述交互应用为所述TEE中用于与所述SE进行通信的可信应用;The TEE logo, the TEE developer logo, the TEE operating system version, the TEE startup state, the TEE life cycle state, the TEE application program interface API version information, the TEE Anti-rollback level or version information of the interactive application in the TEE, the interactive application is a trusted application in the TEE for communicating with the SE;
    所述TUI能力的属性信息包括TUI的外设类型和/或TUI的外设属性。The attribute information of the TUI capability includes a peripheral type of TUI and / or a peripheral attribute of TUI.
  12. 根据权利要求10所述的方法,其特征在于,所述获取指令中包括所述TEE的属性标识,所述获取指令用于指示所述TEE使用所述TEE的属性标识对应的TEE属性生成所述安全证明;The method according to claim 10, wherein the acquisition instruction includes an attribute identifier of the TEE, and the acquisition instruction is used to instruct the TEE to use the TEE attribute corresponding to the TEE attribute identifier to generate the TEE attribute. Safety certificate
    所述TEE根据所述TEE的属性信息生成所述安全证明,包括:The TEE generating the security certificate according to the attribute information of the TEE includes:
    所述TEE使用所述密钥对所述TEE的属性标识对应的TEE属性进行数字签名或消息认证码MAC操作,生成所述安全证明。The TEE uses the key to perform a digital signature or a message authentication code MAC operation on the TEE attribute corresponding to the TEE attribute identifier to generate the security certificate.
  13. 根据权利要求9至12任一项所述的方法,其特征在于,所述TEE通过所述会话向所述SE发送所述安全证明之后,还包括:The method according to any one of claims 9 to 12, wherein after the TEE sends the security certificate to the SE through the session, the method further includes:
    所述TEE与所述SE协商通信密钥,所述通信密钥与所述TEE的状态绑定,所述通信密钥用于所述SE与所述TEE进行通信;The TEE negotiates a communication key with the SE, the communication key is bound to the state of the TEE, and the communication key is used for the SE to communicate with the TEE;
    当所述TEE重新启动或所述TEE的属性改变时,删除所述通信密钥。When the TEE restarts or the attributes of the TEE change, the communication key is deleted.
  14. 一种能力开放装置,应用于安全单元SE,其特征在于,包括:A capability opening device, applied to the security unit SE, characterized by including:
    通信模块,用于与可信执行环境TEE建立用于通信的会话;Communication module, used to establish a communication session with the trusted execution environment TEE;
    所述通信模块,还用于通过所述会话,向所述TEE发送用于获取所述TEE的安全证明的获取指令,通过所述会话,接收所述TEE发送的所述安全证明;The communication module is further configured to send an acquisition instruction for acquiring the security certificate of the TEE to the TEE through the session, and receive the security certificate sent by the TEE through the session;
    处理模块,用于根据所述通信模块接收到的所述安全证明以及预设的安全策略,确定所述TEE处于安全状态,并将第一能力开放给所述SE内的第三方业务,所述第一能力基于所述TEE的第二能力实现。A processing module, configured to determine that the TEE is in a safe state according to the security certificate received by the communication module and a preset security policy, and open the first capability to a third-party service in the SE, the The first capability is realized based on the second capability of the TEE.
  15. 根据权利要求14所述的装置,其特征在于,所述安全证明中包括所述TEE的属性信息;The device according to claim 14, wherein the security certificate includes attribute information of the TEE;
    所述处理模块采用如下方式根据所述安全证明以及预设的安全策略,确定所述TEE处于安全状态:The processing module determines that the TEE is in a safe state according to the security certificate and the preset security policy in the following manner:
    所述处理模块确定所述TEE的属性信息满足预设的安全策略时,确定所述TEE处于安全状态。When the processing module determines that the attribute information of the TEE meets a preset security policy, it determines that the TEE is in a safe state.
  16. 根据权利要求15所述的装置,其特征在于,所述第二能力包括可信用户界面TUI能力,所述TEE的属性信息包括所述TEE的平台属性信息和/或所述TUI能力的属性信息;The apparatus according to claim 15, wherein the second capability includes a trusted user interface TUI capability, and the attribute information of the TEE includes platform attribute information of the TEE and / or attribute information of the TUI capability ;
    所述TEE的平台属性信息包括以下至少一项:The TEE platform attribute information includes at least one of the following:
    所述TEE的标识、所述TEE的开发者标识、所述TEE的操作系统版本、所述TEE的启动状态、所述TEE的生命周期状态、所述TEE应用程序接口API版本信息、所述TEE的防回滚等级或所述TEE中交互应用的版本信息,所述交互应用为所述TEE中用于与所述SE进行通信的可信应用;The TEE logo, the TEE developer logo, the TEE operating system version, the TEE startup state, the TEE life cycle state, the TEE application program interface API version information, the TEE Anti-rollback level or version information of the interactive application in the TEE, the interactive application is a trusted application in the TEE for communicating with the SE;
    所述TUI能力的属性信息包括TUI的外设类型和/或TUI的外设属性。The attribute information of the TUI capability includes a peripheral type of TUI and / or a peripheral attribute of TUI.
  17. 根据权利要求14至16任一项所述的装置,其特征在于,所述通信模块采用如下方式与TEE建立用于通信的会话:The device according to any one of claims 14 to 16, wherein the communication module establishes a communication session with TEE in the following manner:
    向所述TEE发送会话建立请求消息,所述会话建立请求消息用于请求与所述TEE建立所述会话;Sending a session establishment request message to the TEE, where the session establishment request message is used to request the establishment of the session with the TEE;
    接收所述TEE发送的会话建立响应消息,所述会话建立响应消息用于指示确认建立所述会话。Receiving a session establishment response message sent by the TEE, where the session establishment response message is used to indicate confirmation to establish the session.
  18. 根据权利要求17所述的装置,其特征在于,所述通信模块还用于:The device according to claim 17, wherein the communication module is further configured to:
    在向所述TEE发送会话建立请求消息之前,触发中断信号,所述中断信号用于指示所述TEE接收所述会话建立请求消息。Before sending a session establishment request message to the TEE, an interrupt signal is triggered, and the interrupt signal is used to instruct the TEE to receive the session establishment request message.
  19. 根据权利要求14至18任一项所述的装置,其特征在于,所述处理模块还用于:The device according to any one of claims 14 to 18, wherein the processing module is further configured to:
    在根据所述安全证明以及预设的安全策略,确定所述TEE处于安全状态之前,对所述安全证明进行认证,确定所述安全证明是由所述TEE生成,且未被篡改。Before determining that the TEE is in a safe state according to the security certificate and a preset security policy, authenticate the security certificate and determine that the security certificate is generated by the TEE and has not been tampered with.
  20. 根据权利要求14至19任一项所述的装置,其特征在于,所述获取指令中包括所述TEE的属性标识,所述获取指令用于指示所述TEE使用所述TEE的属性标识对应的TEE属性生成所述安全证明。The apparatus according to any one of claims 14 to 19, wherein the acquisition instruction includes an attribute identifier of the TEE, and the acquisition instruction is used to instruct the TEE to use the attribute identifier of the TEE The TEE attribute generates the security certificate.
  21. 根据权利要求14至20任一项所述的装置,其特征在于,所述通信模块还用于:The device according to any one of claims 14 to 20, wherein the communication module is further used to:
    在所述处理模块确定所述TEE处于安全状态之后,与所述TEE协商通信密钥, 所述通信密钥与所述TEE的状态绑定,所述通信密钥用于所述SE与所述TEE进行通信;After the processing module determines that the TEE is in a safe state, a communication key is negotiated with the TEE, the communication key is bound to the state of the TEE, and the communication key is used for the SE and the TEE communicates;
    所述处理模块还用于:The processing module is also used to:
    当确定所述TEE重新启动或所述TEE的属性改变时,删除所述通信密钥。When it is determined that the TEE is restarted or the attribute of the TEE is changed, the communication key is deleted.
  22. 一种能力开放装置,应用于可信执行环境TEE,其特征在于,包括:A capability opening device applied to the trusted execution environment TEE, which is characterized by including:
    通信模块,用于与安全单元SE建立用于通信的会话;The communication module is used to establish a communication session with the security unit SE;
    所述通信模块,还用于通过所述会话,接收来自所述SE的用于获取所述TEE的安全证明的获取指令;The communication module is further configured to receive an acquisition instruction from the SE for acquiring the security certificate of the TEE through the session;
    处理模块,用于根据所述TEE的属性信息生成所述安全证明;A processing module, configured to generate the security certificate according to the attribute information of the TEE;
    所述通信模块,还用于通过所述会话,向所述SE发送所述安全证明。The communication module is also used to send the security certificate to the SE through the session.
  23. 根据权利要求22所述的装置,其特征在于,所述处理模块采用如下方式根据所述TEE的属性信息生成所述安全证明:The apparatus according to claim 22, wherein the processing module generates the security certificate based on the TEE attribute information in the following manner:
    使用密钥对所述TEE的属性信息进行数字签名或消息认证码MAC操作,生成所述安全证明,所述安全证明中包括所述TEE的属性信息,所述密钥包括所述TEE的私钥、预先配置的密钥或者所述TEE与所述SE协商的密钥。Use a key to perform digital signature or message authentication code MAC operation on the TEE attribute information to generate the security certificate, where the security certificate includes the TEE attribute information, and the key includes the TEE private key , A pre-configured key or a key negotiated between the TEE and the SE.
  24. 根据权利要求22或23所述的装置,其特征在于,所述TEE的属性信息包括所述TEE的平台属性信息和/或TUI能力的属性信息;The device according to claim 22 or 23, wherein the attribute information of the TEE includes platform attribute information and / or TUI capability attribute information of the TEE;
    所述TEE的平台属性信息包括以下至少一项:The TEE platform attribute information includes at least one of the following:
    所述TEE的标识、所述TEE的开发者标识、所述TEE的操作系统版本、所述TEE的启动状态、所述TEE的生命周期状态、所述TEE应用程序接口API版本信息、所述TEE的防回滚等级或所述TEE中交互应用的版本信息,所述交互应用为所述TEE中用于与所述SE进行通信的可信应用;The TEE logo, the TEE developer logo, the TEE operating system version, the TEE startup state, the TEE life cycle state, the TEE application program interface API version information, the TEE Anti-rollback level or version information of the interactive application in the TEE, the interactive application is a trusted application in the TEE for communicating with the SE;
    所述TUI能力的属性信息包括TUI的外设类型和/或TUI的外设属性。The attribute information of the TUI capability includes a peripheral type of TUI and / or a peripheral attribute of TUI.
  25. 根据权利要求23所述的装置,其特征在于,所述获取指令中包括所述TEE的属性标识,所述获取指令用于指示所述TEE使用所述TEE的属性标识对应的TEE属性生成所述安全证明;The apparatus according to claim 23, wherein the acquisition instruction includes an attribute identifier of the TEE, and the acquisition instruction is used to instruct the TEE to use the TEE attribute corresponding to the TEE attribute identifier to generate the TEE attribute Safety certificate
    所述处理模块采用如下方式根据所述TEE的属性信息生成所述安全证明:The processing module generates the security certificate according to the attribute information of the TEE in the following manner:
    使用所述密钥对所述TEE的属性标识对应的TEE属性进行数字签名或消息认证码MAC操作,生成所述安全证明。Use the key to perform a digital signature or a message authentication code MAC operation on the TEE attribute corresponding to the TEE attribute identifier to generate the security certificate.
  26. 根据权利要求22至25任一项所述的装置,其特征在于,所述通信模块还用于:The device according to any one of claims 22 to 25, wherein the communication module is further used to:
    在通过所述会话向所述SE发送所述安全证明之后,与所述SE协商通信密钥,所述通信密钥与所述TEE的状态绑定,所述通信密钥用于所述SE与所述TEE进行通信;After sending the security certificate to the SE through the session, negotiate a communication key with the SE, the communication key is bound to the state of the TEE, and the communication key is used for the SE and The TEE communicates;
    所述处理模块还用于:The processing module is also used to:
    当确定所述TEE重新启动或所述TEE的属性改变时,删除所述通信密钥。When it is determined that the TEE is restarted or the attribute of the TEE is changed, the communication key is deleted.
  27. 一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述程序被处理器执行时实现如权利要求1至8中任一项所述的方法。A computer-readable storage medium on which a computer program is stored, characterized in that, when the program is executed by a processor, the method according to any one of claims 1 to 8 is implemented.
  28. 一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述程序被处理器执行时实现如权利要求9至13中任一项所述的方法。A computer-readable storage medium on which a computer program is stored, characterized in that, when the program is executed by a processor, the method according to any one of claims 9 to 13 is implemented.
PCT/CN2019/112731 2018-11-01 2019-10-23 Capability exposure method and device WO2020088323A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP19879640.1A EP3866385A4 (en) 2018-11-01 2019-10-23 Capability exposure method and device
US17/290,497 US20210359867A1 (en) 2018-11-01 2019-10-23 Capability Enabling Method and Apparatus

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN201811297353 2018-11-01
CN201811297353.7 2018-11-01
CN201811478516.1A CN111125705B (en) 2018-11-01 2018-12-05 Capability opening method and device
CN201811478516.1 2018-12-05

Publications (1)

Publication Number Publication Date
WO2020088323A1 true WO2020088323A1 (en) 2020-05-07

Family

ID=70462939

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/112731 WO2020088323A1 (en) 2018-11-01 2019-10-23 Capability exposure method and device

Country Status (1)

Country Link
WO (1) WO2020088323A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111859394A (en) * 2020-07-21 2020-10-30 中国人民解放军国防科技大学 TEE-based software behavior active measurement method and system
CN113821787A (en) * 2021-08-12 2021-12-21 荣耀终端有限公司 Security authentication method and electronic equipment
CN114567470A (en) * 2022-02-21 2022-05-31 北京创原天地科技有限公司 SDK-based key splitting verification system and method under multiple systems
CN114598541A (en) * 2022-03-18 2022-06-07 维沃移动通信有限公司 Security assessment method and device, electronic equipment and readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107924449A (en) * 2016-03-18 2018-04-17 华为技术有限公司 A kind of notification message processing method, device and terminal
US20180176258A1 (en) * 2015-05-18 2018-06-21 Giesecke+Devrient Mobile Security Gmbh Method for implementing security rules in a terminal device
CN108229956A (en) * 2017-12-13 2018-06-29 北京握奇智能科技有限公司 Network bank business method, apparatus, system and mobile terminal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180176258A1 (en) * 2015-05-18 2018-06-21 Giesecke+Devrient Mobile Security Gmbh Method for implementing security rules in a terminal device
CN107924449A (en) * 2016-03-18 2018-04-17 华为技术有限公司 A kind of notification message processing method, device and terminal
CN108229956A (en) * 2017-12-13 2018-06-29 北京握奇智能科技有限公司 Network bank business method, apparatus, system and mobile terminal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3866385A4 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111859394A (en) * 2020-07-21 2020-10-30 中国人民解放军国防科技大学 TEE-based software behavior active measurement method and system
CN111859394B (en) * 2020-07-21 2023-09-29 中国人民解放军国防科技大学 Software behavior active measurement method and system based on TEE
CN113821787A (en) * 2021-08-12 2021-12-21 荣耀终端有限公司 Security authentication method and electronic equipment
CN114567470A (en) * 2022-02-21 2022-05-31 北京创原天地科技有限公司 SDK-based key splitting verification system and method under multiple systems
CN114567470B (en) * 2022-02-21 2024-01-30 北京创原天地科技有限公司 SDK-based multi-system key splitting verification system and method
CN114598541A (en) * 2022-03-18 2022-06-07 维沃移动通信有限公司 Security assessment method and device, electronic equipment and readable storage medium
CN114598541B (en) * 2022-03-18 2024-03-29 维沃移动通信有限公司 Security assessment method and device, electronic equipment and readable storage medium

Similar Documents

Publication Publication Date Title
US11558381B2 (en) Out-of-band authentication based on secure channel to trusted execution environment on client device
US11489678B2 (en) Platform attestation and registration for servers
EP3061027B1 (en) Verifying the security of a remote server
US9867043B2 (en) Secure device service enrollment
WO2020088323A1 (en) Capability exposure method and device
US9871821B2 (en) Securely operating a process using user-specific and device-specific security constraints
US9208339B1 (en) Verifying Applications in Virtual Environments Using a Trusted Security Zone
CN105718807B (en) Android system and its authentic authentication system based on soft TCM and credible software stack and method
WO2021219086A1 (en) Data transmission method and system based on blockchain
CN108200078B (en) Downloading and installing method of signature authentication tool and terminal equipment
TWI745629B (en) Computer system and method for initializing computer system
CN108335105B (en) Data processing method and related equipment
WO2020088321A1 (en) Interaction method and device
CN108449322B (en) Identity registration and authentication method, system and related equipment
Jung et al. A secure platform model based on ARM platform security architecture for IoT devices
CN111125705B (en) Capability opening method and device
Angelogianni et al. How many FIDO protocols are needed? Surveying the design, security and market perspectives
US20220029826A1 (en) Non-repudiation method and system
CN113591053A (en) Method and system for identifying general mobile equipment based on biological information
KR101350438B1 (en) Digital signature system for using se(secure element) inside mobile unit and method therefor
CN113127844A (en) Variable access method, device, system, equipment and medium
US20190319949A1 (en) User terminal apparatus and control method thereof
WO2024060756A1 (en) Computer device and running method thereof, and security chip
Agarwal A Trusted-Hardware Backed Secure Payments Platform for Android

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19879640

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2019879640

Country of ref document: EP

Effective date: 20210511