WO2022121395A1 - Trusted application control method, apparatus, computer storage medium, and terminal - Google Patents

Trusted application control method, apparatus, computer storage medium, and terminal Download PDF

Info

Publication number
WO2022121395A1
WO2022121395A1 PCT/CN2021/116919 CN2021116919W WO2022121395A1 WO 2022121395 A1 WO2022121395 A1 WO 2022121395A1 CN 2021116919 W CN2021116919 W CN 2021116919W WO 2022121395 A1 WO2022121395 A1 WO 2022121395A1
Authority
WO
WIPO (PCT)
Prior art keywords
trusted
application
thread
execution environment
sensitive data
Prior art date
Application number
PCT/CN2021/116919
Other languages
French (fr)
Chinese (zh)
Inventor
于文海
郭伟
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国银联股份有限公司 filed Critical 中国银联股份有限公司
Publication of WO2022121395A1 publication Critical patent/WO2022121395A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks

Definitions

  • the present invention relates to the field of trusted application control, and more particularly, to a trusted application control method, a trusted application device, a computer storage medium and an intelligent terminal.
  • TA Trusted application
  • the trusted application may be a fingerprint authentication application for verifying a user's identity, a face recognition application, and the like.
  • TEE Trusted Execution Environment
  • trusted applications such as face recognition applications and fingerprint recognition applications
  • smart terminals such as face recognition payment terminals
  • sensitive data such as face recognition algorithms and face image data are vulnerable to external malicious attacks in the ordinary operating systems of existing payment terminals, which lead to severe challenges for users' payment transactions. security threat.
  • a method for controlling a trusted application comprising: a trusted application sending an instruction to a peripheral application associated with the trusted application, so that the peripheral application controls an operating device writing sensitive data into a secure memory; and reading the sensitive data from the secure memory by the trusted application, wherein the trusted application is in the trusted execution environment of the first CPU core, and the peripheral application In the common execution environment of the first CPU core, a part of the space in the secure memory is obtained by changing the memory space in the common execution environment.
  • the trusted application is a trusted face recognition application
  • the peripheral application is a camera control program
  • the operating device is a camera.
  • the trusted face recognition application program includes a main thread and more than one sub-thread.
  • sending an instruction by a trusted application to a peripheral application associated with the trusted application includes: the main thread of the trusted face recognition application sending an instruction to the camera control program to start or end an image acquisition job.
  • the trusted application reading the sensitive data from the secure memory includes: the first sub-thread and the second sub-thread of the trusted face recognition application are The image buffer in the secure memory reads image data for face recognition, wherein the first sub-thread runs in the trusted execution environment of the second CPU core, and the second sub-thread runs in the first sub-thread. Trusted Execution Environment with three CPU cores.
  • the first sub-thread and the second sub-thread are started by the main thread of the trusted face recognition application.
  • the above method further includes: after the trusted application is started, the main thread of the trusted application loads and initializes an operation model.
  • the above method further includes: the main thread of the trusted application creates a physical address queue and a synchronization lock.
  • the above method further includes: the main thread of the trusted application receives a notification of completion of collection of sensitive data and an address where the sensitive data is written from the peripheral application.
  • the above method further includes: the main thread of the trusted application writes the address into the physical address queue.
  • the trusted application reading the sensitive data from the secure memory includes: the child thread of the trusted application acquires the synchronization lock before reading the sensitive data from the The address to which the sensitive data is written is read from the physical address queue.
  • the trusted application reading the sensitive data from the secure memory further includes: a child thread of the trusted application reads from the secure memory according to the address retrieve the sensitive data.
  • the above method further includes: the sub-thread of the trusted application performs face detection, feature extraction and face comparison through the operation model.
  • the above method further includes: the sub-thread of the trusted application notifies the main thread of the result of the face comparison.
  • the above method further includes: the main thread of the trusted application receives a handle from the peripheral application, where the handle corresponds one-to-one with the address where the sensitive data is written.
  • a part of the space in the secure memory is converted back to the memory space in the common execution environment after the use is complete.
  • a trusted application device includes: a sending unit configured to send an instruction to a peripheral application associated with the trusted application, so that the peripheral application controls operations
  • the device writes sensitive data into a secure memory; and a reading unit is configured to read the sensitive data from the secure memory, wherein the trusted application device is in the trusted execution environment of the first CPU core, and the The peripheral application is in the normal execution environment of the first CPU core, and a part of the space in the secure memory is obtained by changing the memory space in the normal execution environment.
  • the peripheral application is a camera control program
  • the operating device is a camera
  • the sending unit is configured to send an instruction to the camera control program to start or end the image acquisition work.
  • the reading unit includes a first reading sub-unit and a second reading sub-unit, which respectively read image data from the image buffer in the secure memory so as to Perform face recognition, wherein the first reading subunit runs in the trusted execution environment of the second CPU core, and the second reading subunit runs in the trusted execution environment of the third CPU core.
  • the above device further includes: a loading unit for loading and initializing the operation model.
  • the above device further includes: a creation unit configured to create a physical address queue and a synchronization lock.
  • the above device further includes: a receiving unit configured to receive, from the peripheral application, a notification of completion of collection of sensitive data and an address where the sensitive data is written.
  • the above device further includes: a writing unit, configured to write the address into the physical address queue.
  • the reading unit is configured to read the address to which the sensitive data is written from the physical address queue after acquiring the synchronization lock.
  • the reading unit is further configured to read the sensitive data from the secure memory according to the address.
  • a computer storage medium comprising instructions that, when executed, perform the method as previously described.
  • an intelligent terminal is provided, and the intelligent terminal includes the aforementioned trusted application device.
  • the method for controlling a trusted application and the trusted application device communicate with the associated peripheral application in the REE (Rich Execution Environment, common execution environment), so that the associated peripheral application controls the corresponding operating device
  • REE ich Execution Environment, common execution environment
  • the sensitive data is written into the secure memory in the TEE, and the trusted application in the TEE reads the sensitive data from the secure memory for subsequent processing, which realizes the secure collection (acquisition) and processing of the sensitive data.
  • the trusted application and the associated peripheral application are in the same CPU core, but belong to different execution environments (the trusted application is in the trusted execution environment, while the peripheral application is in the normal execution environment), which can help ensure security It saves the use of CPU cores under the premise of stability, that is, saves hardware overhead.
  • FIG. 1 shows a schematic diagram of a control method for a trusted application according to an embodiment of the present invention
  • Fig. 2 shows a schematic structural diagram of a trusted application device according to an embodiment of the present invention
  • FIG. 3 shows a schematic structural diagram of a trusted face recognition system according to an embodiment of the present invention
  • FIG. 4 shows an architecture diagram of face collection and recognition according to an embodiment of the present invention
  • FIG. 5 shows a memory handover process according to an embodiment of the present invention
  • Fig. 6 shows the initialization flow of a trusted face recognition application according to an embodiment of the present invention
  • FIG. 7 shows a face data collection process according to an embodiment of the present invention.
  • FIG. 8 shows a face recognition flow of a trusted face recognition application according to an embodiment of the present invention.
  • control logic of the present invention may be embodied on a computer-readable medium as executable program instructions implemented by a processor or the like.
  • Examples of computer-readable media include, but are not limited to, ROM, RAM, optical disks, magnetic tapes, floppy disks, flash drives, smart cards, and optical data storage devices.
  • the computer-readable recording medium can also be distributed over network coupled computer systems so that the computer-readable medium is stored and implemented in a distributed fashion, eg, via an in-vehicle telecommunications service or a controller area network (CAN).
  • CAN controller area network
  • FIG. 1 shows a schematic diagram of a method 1000 for controlling a trusted application according to an embodiment of the present invention. As shown in Figure 1, method 1000 includes the following steps:
  • step S110 the trusted application sends an instruction to a peripheral application associated with the trusted application, so that the peripheral application controls the operating device to write sensitive data into the secure memory;
  • step S120 the trusted application reads the sensitive data from the secure memory, wherein the trusted application is in the trusted execution environment of the first CPU core, and the peripheral application is in the first CPU core In a common execution environment of a CPU core, a part of the space in the secure memory is obtained by changing the memory space in the common execution environment.
  • TEE Trusted Execution Environment
  • TEE Trusted Execution Environment
  • a Trusted Execution Environment is a secure area within the CPU. It runs in a separate environment and runs in parallel with the operating system. The CPU ensures that both the confidentiality and integrity of the code and data in the TEE are protected. By using both hardware and software to protect data and code, TEEs are more secure than operating systems. Trusted applications running in the TEE have access to the full capabilities of the device's main processor and memory, while hardware isolation protects these components from user-installed applications running in the main operating system. In a word, the code and data running in the TEE are confidential and cannot be tampered with.
  • REE Rich Execution Environment
  • REE represents a common execution environment, which is an execution environment used to run common applications on the device, such as Android, IOS systems, etc.
  • TEE is based on ARM TrustZone. Its security features are: (1) Protected by hardware mechanisms: TEE is isolated from REE and can only communicate with TEE through a specific entry; (2) Fast communication mechanism: TEE can access REE's memory, REE cannot access hardware-protected TEE memory; (3) can resist some hardware-based attacks.
  • trusted operating system also known as Trusted OS or Trusted Operation System
  • common operating system is opposite, also known as Rich Operating System or Rich OS, which refers to the operating system running on the REE side.
  • the system operating environment of the mobile terminal is generally REE (Rich Execution Environment), and the operating system in it is Rich OS (Operating System), including Android, IOS and Linux.
  • Rich OS is characterized by powerful functions, openness and scalability. Provide all functions of the device to the upper application, such as camera, touch screen, etc.
  • Rich OS has many security risks, such as bugs are often found, OS can obtain all data of the application, it is difficult to verify whether the OS has been tampered with, and it will be subject to various attacks, which have great security for user assets hidden danger.
  • the TEE provides an environment isolated from the REE to store the user's sensitive information.
  • the TEE can directly obtain the information of the REE, but the REE cannot obtain the information of the TEE. For example, when a user pays, it is verified through the interface provided by TEE to ensure that the payment information will not be tampered with, the password will not be hijacked, and the fingerprint information will not be stolen.
  • trusted application may also be referred to as authorized security software, trusted application or TA (Trusted Application), representing an application running on the TEE side.
  • TA Trusted Application
  • the "trusted applications” can be isolated from each other through cryptographic techniques, and the data of other trusted applications will not be read and operated at will.
  • the trusted application needs to perform integrity verification before execution to ensure that the application has not been tampered with.
  • peripheral application is used for applications that control peripherals or operating devices such as touch screens, cameras, fingerprint sensors, etc., which are also called client applications, running on the REE side.
  • the trusted application is a trusted face recognition application
  • the peripheral application is a client application associated with the trusted application, that is, a camera control program
  • the operating device is a camera.
  • the trusted application is a trusted fingerprint identification application
  • the peripheral application is a fingerprint sensor control program
  • the operating device is a fingerprint sensor.
  • sensitive data refers to data that may cause serious harm to society or individuals after leakage, and its meaning may vary in different scenarios.
  • sensitive data may include face recognition-related algorithms, face image data, and other important and undisclosed data.
  • sensitive data may include fingerprint identification related algorithms, user's fingerprint data, and other data.
  • secure memory refers to a memory space (with higher security) running in a TEE environment, relative to ordinary memory.
  • Ordinary memory/REE memory can be changed to safe memory through MPU (Memory Protection Unit, memory protection unit) hardware.
  • MPU Memory Protection Unit, memory protection unit
  • CPU core also known as “CPU core” is the core chip in the middle of the CPU, made of single crystal silicon, used to complete calculations, accept/store commands, process data, etc. It is the digital processing core.
  • CPU core also known as “CPU core” is the core chip in the middle of the CPU, made of single crystal silicon, used to complete calculations, accept/store commands, process data, etc. It is the digital processing core.
  • a quad-core processor has four CPU cores
  • an octa-core processor has eight CPU cores, and so on.
  • step S110 the trusted application communicates with the associated peripheral application in the REE (Rich Execution Environment, common execution environment), so that the associated peripheral application controls the corresponding operating device to write sensitive data into the TEE.
  • Secure memory, and trusted applications in the TEE read sensitive data from the secure memory for subsequent processing, which implements secure collection (acquisition) and processing of sensitive data.
  • step S120 a part of the space in the secure memory is obtained by changing the memory space in the common execution environment.
  • the trusted application and the associated peripheral application are in the same CPU core, but belong to different execution environments (the trusted application is in the trusted execution environment, while the peripheral application is in the normal execution environment), which can help ensure security It saves the use of CPU cores under the premise of stability, that is, saves hardware overhead.
  • the trusted application can directly interact with operating devices such as a touch screen, a camera, and a fingerprint sensor, and does not need to use the interface provided by the REE, so the security is further ensured.
  • the trusted application is a trusted face recognition application, that is, the work of face recognition (ie, the specific recognition work) is performed in the TEE environment of the device, rather than through a networked server (eg, a cloud server). .
  • the trusted face recognition application includes a main thread and one or more sub-threads.
  • step S110 may include: the main thread of the trusted face recognition application program sends an instruction to the camera control program to start or end the image acquisition work.
  • step S120 may include: the first sub-thread and the second sub-thread of the trusted face recognition application respectively read image data from the image buffer in the secure memory for face recognition, wherein , the first sub-thread runs in the trusted execution environment of the second CPU core, and the second sub-thread runs in the trusted execution environment of the third CPU core.
  • the second CPU core and the third CPU core are different CPU cores from the aforementioned first CPU core, and are distinguished here by the ordinal words “first”, “second” and “third”. Those skilled in the art can understand that the number of CPU cores may not be limited to 3, but may be determined according to actual conditions.
  • the first sub-thread and the second sub-thread are started by the main thread of the trusted face recognition application.
  • the main thread of the trusted face recognition application is responsible for starting or ending the image acquisition work through the camera control program, and starts more than one sub-thread, and requests the trusted operating system (Trusted OS) to bind the sub-thread to a specific CPU core run.
  • Trusted OS trusted operating system
  • the above method 1000 further includes: after the trusted application is started, the main thread of the trusted application loads and initializes an operation model.
  • This operating model may be, for example, a face recognition AI (Artificial Intelligence) model.
  • the above method 1000 further includes: the main thread of the trusted application creates a physical address queue and a synchronization lock, wherein the physical address queue is used to record the physical address where the collected sensitive data is stored or is related to the physical address. The handle corresponding to the address.
  • the above method 1000 may further include: the main thread of the trusted application receives a notification of completion of collection of sensitive data and an address where the sensitive data is written from the peripheral application.
  • the above method 1000 may further include: the main thread of the trusted application writes the address into the physical address queue. For example, after the image data collection is completed, the camera control program notifies the main thread of the trusted face recognition application that the collection of image data has been completed, and transmits the physical address to the main thread of the trusted face recognition application, and finally the trusted face recognition application The application main thread writes the physical address of the image data to the queue.
  • step S120 includes: the sub-thread of the trusted application reads the address to which the sensitive data is written from the physical address queue after acquiring the synchronization lock. In one embodiment, step S120 further includes: the sub-thread of the trusted application reads the sensitive data from the secure memory according to the address. Since there is only one queue for storing the physical address of image data in the trusted face recognition application, in order to realize the common reading of multiple sub-threads of the trusted face recognition application, a synchronization lock mechanism is added to ensure that different sub-threads do not Get the same physical address, causing programming logic errors.
  • the method 1000 may further include: the sub-thread of the trusted application performs face detection, feature extraction and face comparison through the operation model.
  • the method 1000 may further include: judging whether the face comparison is successful, and when successful, the trusted face recognition application sub-thread notifies the main thread that the comparison is successful and ends the process.
  • the above-mentioned method 1000 further includes: the sub-thread of the trusted application notifies the main thread of the result of the face comparison.
  • the camera control program and the trusted face recognition application may use a handle instead of a handle in the implementation of transmitting the physical address related to the sensitive data.
  • the above-mentioned method 1000 further includes: the main thread of the trusted application receives a handle from the peripheral application, where the handle corresponds one-to-one with the address where the sensitive data is written. In this way, the camera control program and the trusted face recognition application can reuse the Handle to query the corresponding memory physical address from the common operating system and the trusted operating system.
  • a part of the space in the secure memory is converted back to the memory space in the common execution environment after use, that is, the converted memory space is released in time for the common execution environment to use.
  • FIG. 2 shows a schematic structural diagram of a trusted application device 2000 according to an embodiment of the present invention.
  • the trusted application device 2000 includes: a sending unit 210 and a reading unit 220, wherein the sending unit 210 is configured to send an instruction to a peripheral application associated with the trusted application, so that the peripheral application controls the The operating device writes sensitive data into the secure memory; the reading unit 220 is configured to read the sensitive data from the secure memory, wherein the trusted application device is in the trusted execution environment of the first CPU core, and the The peripheral application is in the normal execution environment of the first CPU core, and a part of the space in the secure memory is obtained by changing the memory space in the normal execution environment.
  • TEE Trusted Execution Environment
  • TEE Trusted Execution Environment
  • a Trusted Execution Environment is a secure area within the CPU. It runs in a separate environment and runs in parallel with the operating system. The CPU ensures that both the confidentiality and integrity of the code and data in the TEE are protected. By using both hardware and software to protect data and code, TEEs are more secure than operating systems. Trusted applications running in the TEE have access to the full capabilities of the device's main processor and memory, while hardware isolation protects these components from user-installed applications running in the main operating system. In a word, the code and data running in the TEE are confidential and cannot be tampered with.
  • REE Rich Execution Environment
  • REE represents a common execution environment, which is an execution environment used to run common applications on the device, such as Android, IOS systems, etc.
  • TEE is based on ARM TrustZone. Its security features are: (1) Protected by hardware mechanisms: TEE is isolated from REE and can only communicate with TEE through a specific entry; (2) Fast communication mechanism: TEE can access REE's memory, REE cannot access hardware-protected TEE memory; (3) can resist some hardware-based attacks.
  • trusted operating system also known as Trusted OS or Trusted Operation System
  • common operating system is opposite, also known as Rich Operating System or Rich OS, which refers to the operating system running on the REE side.
  • the system operating environment of the mobile terminal is generally REE (Rich Execution Environment), and the operating system in it is Rich OS (Operating System), including Android, IOS and Linux.
  • Rich OS is characterized by powerful functions, openness and scalability. Provide all functions of the device to the upper application, such as camera, touch screen, etc.
  • Rich OS has many security risks, such as bugs are often found, OS can obtain all data of the application, it is difficult to verify whether the OS has been tampered with, and it will be subject to various attacks, which have great security for user assets hidden danger.
  • the TEE provides an environment isolated from the REE to store the user's sensitive information.
  • the TEE can directly obtain the information of the REE, but the REE cannot obtain the information of the TEE. For example, when a user pays, it is verified through the interface provided by TEE to ensure that the payment information will not be tampered with, the password will not be hijacked, and the fingerprint information will not be stolen.
  • trusted application may also be referred to as authorized security software, trusted application or TA (Trusted Application), representing an application running on the TEE side.
  • TA Trusted Application
  • the "trusted applications” can be isolated from each other through cryptographic techniques, and the data of other trusted applications will not be read and operated at will.
  • the trusted application needs to perform integrity verification before execution to ensure that the application has not been tampered with.
  • peripheral application is used for applications that control peripherals or operating devices such as touch screens, cameras, fingerprint sensors, etc., which are also called client applications, running on the REE side.
  • sensitive data refers to data that may cause serious harm to society or individuals after leakage, and its meaning may vary in different scenarios.
  • sensitive data may include face recognition-related algorithms, face image data, and other important and undisclosed data.
  • sensitive data may include fingerprint identification related algorithms, user's fingerprint data, and other data.
  • secure memory refers to a memory space (with higher security) running in a TEE environment, relative to ordinary memory.
  • Ordinary memory/REE memory can be changed to safe memory through MPU (Memory Protection Unit, memory protection unit) hardware.
  • MPU Memory Protection Unit, memory protection unit
  • CPU core also known as “CPU core” is the core chip in the middle of the CPU, made of single crystal silicon, used to complete calculations, accept/store commands, process data, etc. It is the digital processing core.
  • CPU core also known as “CPU core” is the core chip in the middle of the CPU, made of single crystal silicon, used to complete calculations, accept/store commands, process data, etc. It is the digital processing core.
  • a quad-core processor has four CPU cores
  • an octa-core processor has eight CPU cores, and so on.
  • the sending unit 210 is configured to communicate with an associated peripheral application in a REE (Rich Execution Environment), so that the associated peripheral application controls the corresponding operating device to write sensitive data in the The secure memory in the TEE, and the reading unit 220 reads sensitive data from the secure memory for subsequent processing, which realizes secure collection (acquisition) and processing of sensitive data.
  • REE Row Execution Environment
  • a part of the space in the secure memory is obtained by changing the memory space in the normal execution environment.
  • the problem of insufficient memory space in the TEE environment can be solved.
  • the trusted application and the associated peripheral application are in the same CPU core, but belong to different execution environments (the trusted application is in the trusted execution environment, while the peripheral application is in the normal execution environment), which can help ensure security It saves the use of CPU cores under the premise of stability, that is, saves hardware overhead.
  • the peripheral application is a camera control program
  • the operating device is a camera
  • the sending unit 210 is configured to send an instruction to the camera control program to start or end the image acquisition work.
  • the reading unit 220 may include a first reading subunit and a second reading subunit, which respectively read image data from an image buffer in the secure memory for face recognition, wherein, The first reading subunit runs in the trusted execution environment of the second CPU core, and the second reading subunit runs in the trusted execution environment of the third CPU core.
  • the above-mentioned apparatus 2000 may further include: a loading unit for loading and initializing the operation model.
  • the above-mentioned apparatus 2000 may further include: a creation unit configured to create a physical address queue and a synchronization lock.
  • the above-mentioned device 2000 may further include: a receiving unit configured to receive a notification of completion of collection of sensitive data and an address to which the sensitive data is written from the peripheral application.
  • the above-mentioned device 2000 further includes: a writing unit, configured to write the address into the physical address queue.
  • the reading unit 220 is configured to read the address to which the sensitive data is written from the physical address queue after acquiring the synchronization lock.
  • the read unit 220 may also be configured to read the sensitive data from the secure memory according to the address.
  • the trusted application device 2000 of the embodiment shown in FIG. 2 moves the work of face recognition to the TEE environment of the device.
  • Trusted Application Device 2000 uses the hardware protection capability provided by ARM TrustZone technology to simultaneously schedule multiple CPUs (cores) in the TEE environment to improve
  • the method of dynamically scheduling REE memory space for TEE to use is also proposed to solve the problem of insufficient memory space in the TEE environment.
  • FIG. 3 shows a schematic structural diagram of a trusted system 3000 according to an embodiment of the present invention.
  • the trusted face recognition system includes a camera control program 312 in the REE environment 310 , a trusted face recognition application 322 in the TEE environment 320 , and camera hardware 330 .
  • the camera control program 312 is responsible for receiving commands from the trusted face recognition application 322 and controlling the camera hardware 330, such as turning on the camera, turning off the camera, or capturing images.
  • the camera hardware 330 is responsible for receiving commands from the camera control program 312 , performing image data collection, and writing the image data to a designated address in the secure memory 340 .
  • the main thread of the trusted face recognition application 322 is responsible for notifying the camera control program 312 to start or stop collecting image data and is responsible for creating or ending one or more sub-threads, and the sub-threads are responsible for reading image data from the secure memory 340 and performing face recognition work .
  • the trusted system 3000 shown in FIG. 3 is used for face recognition, those skilled in the art can understand that the trusted system 3000 can be used for other applications, including but not limited to fingerprint recognition, touch screen and the like.
  • the trusted system 3000 is a trusted fingerprint identification system.
  • the trusted fingerprint identification system includes a fingerprint sensor control program in a REE environment, a trusted fingerprint identification application in a TEE environment, and a fingerprint sensor.
  • the fingerprint sensor control program is responsible for receiving commands from trusted fingerprint recognition applications and controlling the fingerprint sensor, such as turning on the fingerprint sensor, turning off the fingerprint sensor, or collecting user fingerprints.
  • the fingerprint sensor is responsible for receiving the command of the fingerprint sensor control program, performing fingerprint collection, and writing the fingerprint data into the designated address of the secure memory.
  • the main thread of the trusted fingerprint identification application is responsible for notifying the fingerprint sensor control program to start or stop collecting fingerprint data and is responsible for creating or ending more than one sub-thread, and the sub-thread is responsible for reading the fingerprint data from the secure memory and performing fingerprint identification.
  • FIG. 4 shows an architecture diagram of a face collection and recognition system 4000 according to an embodiment of the present invention, wherein the face collection and recognition system 4000 adopts a multi-core approach to accelerate face recognition work.
  • the main thread 420 of the trusted face recognition application is responsible for notifying the camera control program 410 to start or end the image acquisition work, and to open more than one sub-threads 430 and 440 and request the trusted operating system (Trusted OS) to Threads 430, 440 are bound to run on specific CPU cores.
  • the first sub-thread 430 of the trusted face recognition application is bound to the CPU1 core
  • the second sub-thread 440 of the trusted face recognition application is bound to the CPU2 core.
  • the main thread 420 of the trusted face recognition application and the camera control program 410 are both located on the CPU0 core, but the main thread 420 of the trusted face recognition application is in the TEE environment, and the camera control program 410 is in the REE environment.
  • a trusted face recognition application includes a main thread and more than one sub-thread.
  • the main thread 420 of the trusted face recognition application sends an instruction to the camera control program 410 to start or end the image acquisition work.
  • the camera hardware 470 is responsible for receiving the instructions of the camera control program 410 , collecting image data, and writing the image data into the image buffer 462 .
  • the first sub-thread 430 and the second sub-thread 440 of the trusted face recognition application respectively read image data from the image buffer 462 in the secure memory 460 for face recognition.
  • the above-mentioned face collection and recognition system 4000 can be changed to a fingerprint collection and recognition system.
  • the fingerprint collection and identification system also adopts a multi-core approach to speed up the fingerprint identification work.
  • the fingerprint collection and identification system includes a fingerprint sensor control program, a trusted fingerprint identification application, a fingerprint sensor, and the like.
  • the main thread of the trusted fingerprint identification application is responsible for notifying the fingerprint sensor control program to start or end the fingerprint collection work, and to start more than one sub-thread and request the trusted operating system (Trusted OS) to bind the sub-thread to the run on a specific CPU core.
  • Trusted OS trusted operating system
  • the first sub-thread of the trusted fingerprinting application is bound on the second CPU core
  • the second sub-thread of the trusted fingerprinting application is bound on the third CPU core.
  • the main thread of the trusted fingerprint identification application and the fingerprint sensor control program are both located on the first CPU core, but the main thread of the trusted fingerprint identification application is in the TEE environment, and the fingerprint sensor control program is in the REE environment.
  • a trusted fingerprinting application may include a main thread and more than one sub-thread.
  • the main thread of the trusted fingerprint identification application sends an instruction to the fingerprint sensor control program to start or end the fingerprint collection.
  • the fingerprint sensor is responsible for receiving the instructions of the fingerprint sensor control program, collecting the fingerprint data, and writing the fingerprint data into the fingerprint buffer.
  • the first sub-thread and the second sub-thread of the trusted fingerprint identification application respectively read fingerprint data from the fingerprint buffer in the secure memory for fingerprint identification.
  • FIG. 5 illustrates a memory handover process 5000 according to one embodiment of the present invention. Because the memory space required for face recognition is large, the configuration size of the secure memory space cannot generally meet the requirements of face recognition applications. Therefore, a memory handover process is added in an embodiment of the present application, so that the ordinary memory space can be converted into Safe memory space, and then converted back to normal memory space after use.
  • the memory handover process 5000 includes the following steps:
  • step S510 a common operating system configures a common memory space, and obtains a physical address
  • step S520 the normal operating system transmits the physical address and memory space size to the trusted operating system.
  • step S530 after obtaining the physical address and the size of the memory space, the trusted operating system changes the memory space to a secure memory through the hardware of the memory protection unit MPU.
  • FIG. 6 shows an initialization flow 6000 of a trusted face recognition application according to an embodiment of the present invention.
  • the main thread of the trusted application will create a global image physical address queue, which is used to record the physical address where the image data that has been collected is stored.
  • the initialization process 6000 shown in FIG. 6 includes the following steps:
  • step S610 the trusted operating system loads and starts the trusted face recognition application
  • step S620 the trusted face recognition application program loads and initializes the face recognition AI model
  • step S630 the main thread of the trusted face recognition application program creates a global image physical address queue and synchronization lock.
  • FIG. 7 shows a face data collection process 7000 according to an embodiment of the present invention.
  • the camera control program After the main thread of the trusted face recognition application notifies the camera control program to start collecting image data, the camera control program will transmit the physical address to the camera hardware, and the camera hardware will directly write the collected image data to this physical address.
  • the camera control program informs the main thread of the trusted face recognition application that the collection of image data has been completed and transmits the physical address to the main thread of the trusted face recognition application, and finally the trusted face recognition application The main thread of the program writes the physical address of the image data into the queue.
  • the face data collection process 7000 includes the following steps:
  • step S710 the main thread of the trusted face recognition application program starts to collect images/images through the camera control program
  • step S720 the camera control program is turned on and controls the camera hardware to take a photo, and the camera hardware directly writes the data into the image buffer;
  • step S730 the camera control program notifies the main thread of the trusted face recognition application, and transmits the physical address of the image/image data to the main thread of the trusted face recognition application;
  • step S740 the camera control program determines whether it has received a notification that the trusted face recognition application stops collecting; if so, execute step S750, otherwise execute step S720;
  • step S750 the camera control program controls the camera hardware to stop capturing and closes the camera hardware.
  • the face data collection process 7000 in the above embodiment can also be applied to fingerprint data collection.
  • the fingerprint data collection process includes: (1) the main thread of the trusted fingerprint identification application program starts to collect fingerprints through the fingerprint sensor control program; (2) the fingerprint sensor control program starts and controls the fingerprint sensor to acquire a fingerprint, And the fingerprint sensor directly writes the data into the fingerprint buffer; (3) the fingerprint sensor control program notifies the main thread of the trusted fingerprint identification application program, and transmits the physical address of the fingerprint data to the main thread of the trusted fingerprint identification application program; (4) The fingerprint sensor control program judges whether it receives a notification that the trusted fingerprint identification application program stops collecting; if so, execute the next step 5, otherwise execute the aforementioned step 2; (5) The fingerprint sensor control program controls the fingerprint sensor to stop Capture your fingerprint and turn off the fingerprint sensor.
  • FIG. 8 shows a face recognition process 8000 of a trusted face recognition application according to an embodiment of the present invention.
  • the face recognition process 8000 of FIG. 8 accelerates face recognition work by utilizing multiple CPU cores.
  • the face recognition process 8000 with the support of ARM TrustZone hardware technology, the method of using multiple CPU cores to run face recognition in TEE.
  • ARM TrustZone hardware technology implements a hardware-level security protection mechanism, so that the entire system is logically divided into two execution environments: REE and TEE.
  • REE execution environments
  • the software running on this CPU core is only allowed to access REE.
  • the environment can access hardware resources.
  • software running on the TEE execution environment can access the hardware resources related to the TEE execution environment.
  • Each CPU core can switch between REE and TEE.
  • the camera control program and the main thread of the trusted face recognition application run on the same CPU core, and the sub-threads of the trusted face recognition application run on other CPU cores respectively, so that It can achieve the best performance of parallel processing multiple image data.
  • the face recognition process 8000 of the trusted face recognition application includes the following steps:
  • step S810 the main thread of the trusted face recognition application program creates one or more sub-threads and runs on different CPU cores;
  • step S820 the child thread of the trusted face recognition application waits for image data
  • step S830 the sub-thread of the trusted face recognition application program determines whether to acquire the synchronization lock; if so, execute step S840, otherwise return to step S820;
  • step S840 the sub-thread of the trusted face recognition application program further determines whether there is an address in the queue; if so, executes step S850, otherwise returns to step S820;
  • step S850 the sub-thread of the trusted face recognition application program obtains a physical address from the queue, and reads out the image data from the image buffer according to the physical address;
  • step S860 the sub-thread of the trusted face recognition application performs face detection, feature extraction and face comparison through the AI model
  • step S870 the sub-thread of the trusted face recognition application program determines whether the face comparison is successful; if so, proceed to step S880, otherwise return to step S820; and
  • step S880 the sub-thread of the trusted face recognition application notifies the main thread that the comparison is successful and ends the process.
  • the fingerprint identification process of the trusted fingerprint identification application may include the following steps: (1) the main thread of the trusted fingerprint identification application creates one or more sub-threads and runs on different CPU cores; ( 2) The sub-thread of the trusted fingerprint identification application program waits for the fingerprint data; (3) the sub-thread of the trusted fingerprint identification application program determines whether to obtain the synchronization lock; if so, execute step 4, otherwise return to step 2; (4) can The sub-thread of the trusted fingerprint identification application program further determines whether there is an address in the queue; if so, execute step 5, otherwise return to step 2; (5) the sub-thread of the trusted fingerprint identification application program obtains a physical address from the queue, and according to The physical address reads the fingerprint data from the fingerprint buffer; (6) The sub-thread of the trusted fingerprint identification application performs fingerprint detection, feature interception and fingerprint comparison through the AI model; (7) The trusted fingerprint identification application The sub-thread of the program determines whether the fingerprint comparison is successful; if so, continue to execute step 8, otherwise return to step 2;
  • the method for controlling a trusted application and the trusted application device communicate with the associated peripheral application in the REE (Rich Execution Environment, common execution environment), so that the associated peripheral application controls the corresponding peripheral application.
  • the operating device writes sensitive data into the secure memory in the TEE
  • the trusted application in the TEE reads the sensitive data from the secure memory for subsequent processing, which realizes the secure collection (acquisition) and processing of sensitive data .
  • the trusted application and the associated peripheral application are in the same CPU core, but belong to different execution environments (the trusted application is in the trusted execution environment, while the peripheral application is in the normal execution environment), which can help ensure security It saves the use of CPU cores under the premise of stability, that is, saves hardware overhead.
  • a part of the secure memory space in the TEE environment is obtained by changing the memory space in the normal execution environment, which solves the problem of insufficient memory space in the TEE environment.
  • the camera control program and the trusted face recognition application can use the handle instead of the handle in the implementation of the physical address of the transmitted image data, and the camera control program and the trusted face recognition application can use the handle to send the The conventional operating system (Rich OS) and the trusted operating system (Trusted OS) query the corresponding memory physical address.
  • ich OS conventional operating system
  • Trusted OS trusted operating system

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

A trusted application control method, a trusted application apparatus, a computer storage medium, and an intelligent terminal. A trusted application sends an instruction to a peripheral application associated with the trusted application, such that the peripheral application controls an operating device to write sensitive data into a secure memory; and the trusted application reads the sensitive data from the secure memory, wherein the trusted application is in a trusted execution environment of a first CPU core and the peripheral application is in a common execution environment of the first CPU core, and part of the space in the secure memory is obtained by changing a memory space in the common execution environment.

Description

可信应用的控制方法和设备、计算机存储介质以及终端Control method and device for trusted application, computer storage medium and terminal 技术领域technical field
本发明涉及可信应用控制领域,更具体地,涉及一种可信应用的控制方法、可信应用设备、计算机存储介质以及智能终端。The present invention relates to the field of trusted application control, and more particularly, to a trusted application control method, a trusted application device, a computer storage medium and an intelligent terminal.
背景技术Background technique
随着计算机技术的发展,用户的隐私信息安全受到越来越高的关注和重视。为此,提出了可信应用(Trusted application,TA)来处理对安全性有较高要求的用户数据。例如,可信应用可以是用于对用户身份进行核实的指纹认证应用,人脸识别应用等。为满足可信应用的高度安全性和机密性要求,需要使得可信应用运行在可信执行环境(Trusted Execution Environment,TEE)中。With the development of computer technology, users' privacy information security has received more and more attention and attention. To this end, a Trusted application (TA) is proposed to process user data with higher security requirements. For example, the trusted application may be a fingerprint authentication application for verifying a user's identity, a face recognition application, and the like. To meet the high security and confidentiality requirements of trusted applications, it is necessary to make trusted applications run in a Trusted Execution Environment (TEE).
当前,可信应用(例如人脸识别应用、指纹识别应用)逐渐被应用于金融支付领域,而且人脸识别支付终端等智能终端的出现,向原有支付系统引入了潜在的安全风险。在未有针对性安全保护的情况下,人脸识别相关算法及人脸图像数据等敏感数据在现有支付终端普通操作系统中,容易遭受到外来恶意攻击,这导致用户的支付交易面临严峻的安全威胁。At present, trusted applications (such as face recognition applications and fingerprint recognition applications) are gradually being used in the field of financial payment, and the emergence of smart terminals such as face recognition payment terminals has introduced potential security risks to the original payment system. In the absence of targeted security protection, sensitive data such as face recognition algorithms and face image data are vulnerable to external malicious attacks in the ordinary operating systems of existing payment terminals, which lead to severe challenges for users' payment transactions. security threat.
发明内容SUMMARY OF THE INVENTION
根据本发明的一方面,提供了一种可信应用的控制方法,所述方法包括:可信应用发送指令给与所述可信应用关联的外设应用,使得所述外设应用控制操作装置将敏感数据写入安全内存;以及所述可信应用从所述安全内存读取所述敏感数据,其中,所述可信应用处于第 一CPU核心的可信执行环境,而所述外设应用处于所述第一CPU核心的普通执行环境,所述安全内存中的一部分空间经由所述普通执行环境中的内存空间变更而得。According to an aspect of the present invention, a method for controlling a trusted application is provided, the method comprising: a trusted application sending an instruction to a peripheral application associated with the trusted application, so that the peripheral application controls an operating device writing sensitive data into a secure memory; and reading the sensitive data from the secure memory by the trusted application, wherein the trusted application is in the trusted execution environment of the first CPU core, and the peripheral application In the common execution environment of the first CPU core, a part of the space in the secure memory is obtained by changing the memory space in the common execution environment.
作为上述方案的补充或替换,在上述方法中,所述可信应用为可信人脸识别应用程序,所述外设应用为摄像头控制程序,且所述操作装置为摄像头。As a supplement or replacement of the above solution, in the above method, the trusted application is a trusted face recognition application, the peripheral application is a camera control program, and the operating device is a camera.
作为上述方案的补充或替换,在上述方法中,所述可信人脸识别应用程序包括主线程和一个以上的子线程。As a supplement or alternative to the above solution, in the above method, the trusted face recognition application program includes a main thread and more than one sub-thread.
作为上述方案的补充或替换,在上述方法中,可信应用发送指令给与所述可信应用关联的外设应用包括:所述可信人脸识别应用程序的主线程发送指令给所述摄像头控制程序来开始或结束图像采集工作。As a supplement or replacement of the above solution, in the above method, sending an instruction by a trusted application to a peripheral application associated with the trusted application includes: the main thread of the trusted face recognition application sending an instruction to the camera control program to start or end an image acquisition job.
作为上述方案的补充或替换,在上述方法中,所述可信应用从所述安全内存读取所述敏感数据包括:所述可信人脸识别应用的第一子线程和第二子线程分别从所述安全内存中的图像缓冲器读取图像数据以便进行人脸识别,其中,所述第一子线程运行在第二CPU核心的可信执行环境中,而所述第二子线程运行在第三CPU核心的可信执行环境中。As a supplement or replacement of the above solution, in the above method, the trusted application reading the sensitive data from the secure memory includes: the first sub-thread and the second sub-thread of the trusted face recognition application are The image buffer in the secure memory reads image data for face recognition, wherein the first sub-thread runs in the trusted execution environment of the second CPU core, and the second sub-thread runs in the first sub-thread. Trusted Execution Environment with three CPU cores.
作为上述方案的补充或替换,在上述方法中,所述第一子线程和所述第二子线程由所述可信人脸识别应用程序的主线程开启。As a supplement or alternative to the above solution, in the above method, the first sub-thread and the second sub-thread are started by the main thread of the trusted face recognition application.
作为上述方案的补充或替换,上述方法还包括:所述可信应用在被启动后,所述可信应用的主线程加载并初始化操作模型。As a supplement or alternative to the above solution, the above method further includes: after the trusted application is started, the main thread of the trusted application loads and initializes an operation model.
作为上述方案的补充或替换,上述方法还包括:所述可信应用的主线程创建物理地址队列和同步锁。As a supplement or replacement of the above solution, the above method further includes: the main thread of the trusted application creates a physical address queue and a synchronization lock.
作为上述方案的补充或替换,上述方法还包括:所述可信应用的 主线程从所述外设应用接收敏感数据采集完成的通知以及所述敏感数据被写入的地址。As a supplement or replacement of the above solution, the above method further includes: the main thread of the trusted application receives a notification of completion of collection of sensitive data and an address where the sensitive data is written from the peripheral application.
作为上述方案的补充或替换,上述方法还包括:所述可信应用的主线程将所述地址写入所述物理地址队列中。As a supplement or alternative to the above solution, the above method further includes: the main thread of the trusted application writes the address into the physical address queue.
作为上述方案的补充或替换,在上述方法中,所述可信应用从所述安全内存读取所述敏感数据包括:所述可信应用的子线程在取得所述同步锁后才从所述物理地址队列中读取所述敏感数据被写入的地址。As a supplement or replacement of the above solution, in the above method, the trusted application reading the sensitive data from the secure memory includes: the child thread of the trusted application acquires the synchronization lock before reading the sensitive data from the The address to which the sensitive data is written is read from the physical address queue.
作为上述方案的补充或替换,在上述方法中,所述可信应用从所述安全内存读取所述敏感数据还包括:所述可信应用的子线程依据所述地址从所述安全内存读取所述敏感数据。As a supplement or replacement of the above solution, in the above method, the trusted application reading the sensitive data from the secure memory further includes: a child thread of the trusted application reads from the secure memory according to the address retrieve the sensitive data.
作为上述方案的补充或替换,上述方法还包括:所述可信应用的子线程通过所述操作模型进行人脸侦测、特征截取以及人脸对比。As a supplement or replacement of the above solution, the above method further includes: the sub-thread of the trusted application performs face detection, feature extraction and face comparison through the operation model.
作为上述方案的补充或替换,上述方法还包括:所述可信应用的子线程通知所述主线程关于人脸比对的结果。As a supplement or replacement of the above solution, the above method further includes: the sub-thread of the trusted application notifies the main thread of the result of the face comparison.
作为上述方案的补充或替换,上述方法还包括:所述可信应用的主线程从所述外设应用接收句柄,所述句柄与所述敏感数据被写入的地址一一对应。As a supplement or alternative to the above solution, the above method further includes: the main thread of the trusted application receives a handle from the peripheral application, where the handle corresponds one-to-one with the address where the sensitive data is written.
作为上述方案的补充或替换,在上述方法中,所述安全内存中的一部分空间在使用完毕后被转换回所述普通执行环境中的内存空间。As a supplement or replacement of the above solution, in the above method, a part of the space in the secure memory is converted back to the memory space in the common execution environment after the use is complete.
根据本发明的另一个方面,提供了一种可信应用设备,所述设备包括:发送单元,用于发送指令给与所述可信应用关联的外设应用,使得所述外设应用控制操作装置将敏感数据写入安全内存;以及读取单元,用于从所述安全内存读取所述敏感数据,其中,所述可信应用设备处于第一CPU核心的可信执行环境,而所述外设应用处于所述第 一CPU核心的普通执行环境,所述安全内存中的一部分空间经由所述普通执行环境中的内存空间变更而得。According to another aspect of the present invention, a trusted application device is provided, the device includes: a sending unit configured to send an instruction to a peripheral application associated with the trusted application, so that the peripheral application controls operations The device writes sensitive data into a secure memory; and a reading unit is configured to read the sensitive data from the secure memory, wherein the trusted application device is in the trusted execution environment of the first CPU core, and the The peripheral application is in the normal execution environment of the first CPU core, and a part of the space in the secure memory is obtained by changing the memory space in the normal execution environment.
作为上述方案的补充或替换,在上述设备中,所述外设应用为摄像头控制程序,所述操作装置为摄像头。As a supplement or replacement of the above solution, in the above device, the peripheral application is a camera control program, and the operating device is a camera.
作为上述方案的补充或替换,在上述设备中,所述发送单元配置成发送指令给所述摄像头控制程序来开始或结束图像采集工作。As a supplement or alternative to the above solution, in the above device, the sending unit is configured to send an instruction to the camera control program to start or end the image acquisition work.
作为上述方案的补充或替换,在上述设备中,所述读取单元包括第一读取子单元和第二读取子单元,其分别从所述安全内存中的图像缓冲器读取图像数据以便进行人脸识别,其中,所述第一读取子单元运行在第二CPU核心的可信执行环境中,而所述第二读取子单元运行在第三CPU核心的可信执行环境中。As a supplement or alternative to the above solution, in the above device, the reading unit includes a first reading sub-unit and a second reading sub-unit, which respectively read image data from the image buffer in the secure memory so as to Perform face recognition, wherein the first reading subunit runs in the trusted execution environment of the second CPU core, and the second reading subunit runs in the trusted execution environment of the third CPU core.
作为上述方案的补充或替换,上述设备还包括:加载单元,用于加载并初始化操作模型。As a supplement or replacement of the above solution, the above device further includes: a loading unit for loading and initializing the operation model.
作为上述方案的补充或替换,上述设备还包括:创建单元,用于创建物理地址队列和同步锁。As a supplement or replacement of the above solution, the above device further includes: a creation unit configured to create a physical address queue and a synchronization lock.
作为上述方案的补充或替换,上述设备还包括:接收单元,用于从所述外设应用接收敏感数据采集完成的通知以及所述敏感数据被写入的地址。As a supplement or alternative to the above solution, the above device further includes: a receiving unit configured to receive, from the peripheral application, a notification of completion of collection of sensitive data and an address where the sensitive data is written.
作为上述方案的补充或替换,上述设备还包括:写入单元,用于将所述地址写入所述物理地址队列中。As a supplement or alternative to the above solution, the above device further includes: a writing unit, configured to write the address into the physical address queue.
作为上述方案的补充或替换,在上述设备中,所述读取单元配置成在取得所述同步锁后才从所述物理地址队列中读取所述敏感数据被写入的地址。As a supplement or alternative to the above solution, in the above device, the reading unit is configured to read the address to which the sensitive data is written from the physical address queue after acquiring the synchronization lock.
作为上述方案的补充或替换,在上述设备中,所述读取单元还配置成依据所述地址从所述安全内存读取所述敏感数据。As a supplement or alternative to the above solution, in the above device, the reading unit is further configured to read the sensitive data from the secure memory according to the address.
作为上述方案的补充或替换,在上述设备中,所述安全内存中的一部分空间在使用完毕后被转换回所述普通执行环境中的内存空间。As a supplement or replacement of the above solution, in the above device, a part of the space in the secure memory is converted back to the memory space in the common execution environment after use.
根据本发明的又一个方面,提供了一种计算机存储介质,所述介质包括指令,所述指令在运行时执行如前所述的方法。According to yet another aspect of the present invention, there is provided a computer storage medium comprising instructions that, when executed, perform the method as previously described.
根据本发明的又一个方面,提供了一种智能终端,所述智能终端包括如前所述的可信应用设备。According to yet another aspect of the present invention, an intelligent terminal is provided, and the intelligent terminal includes the aforementioned trusted application device.
本发明的实施例的可信应用的控制方法以及可信应用设备通过与处于REE(Rich Execution Environment,普通执行环境)中的关联外设应用进行通信,使得该关联外设应用控制相应的操作装置将敏感数据写入处于TEE中的安全内存,而处于TEE中的可信应用从该安全内存中读取敏感数据来进行后续处理,这实现了敏感数据的安全采集(获取)与处理。The method for controlling a trusted application and the trusted application device according to the embodiments of the present invention communicate with the associated peripheral application in the REE (Rich Execution Environment, common execution environment), so that the associated peripheral application controls the corresponding operating device The sensitive data is written into the secure memory in the TEE, and the trusted application in the TEE reads the sensitive data from the secure memory for subsequent processing, which realizes the secure collection (acquisition) and processing of the sensitive data.
另外,可信应用与关联外设应用处于同一CPU核心,但分属于不同执行环境(可信应用处于可信执行环境中,而外设应用处于普通执行环境),这样可有助于在保证安全性的前提下节约CPU核心的使用,即节省硬件开销。In addition, the trusted application and the associated peripheral application are in the same CPU core, but belong to different execution environments (the trusted application is in the trusted execution environment, while the peripheral application is in the normal execution environment), which can help ensure security It saves the use of CPU cores under the premise of stability, that is, saves hardware overhead.
最后,TEE环境中安全内存的一部分空间经由普通执行环境中的内存空间变更而得,这解决了TEE环境内存空间不足的问题。Finally, a part of the secure memory space in the TEE environment is obtained by changing the memory space in the normal execution environment, which solves the problem of insufficient memory space in the TEE environment.
附图说明Description of drawings
从结合附图的以下详细说明中,将会使本发明的上述和其他目的及优点更加完整清楚,其中,相同或相似的要素采用相同的标号表示。The above and other objects and advantages of the present invention will be more fully apparent from the following detailed description taken in conjunction with the accompanying drawings, wherein the same or similar elements are designated by the same reference numerals.
图1示出了根据本发明的一个实施例的可信应用的控制方法的示意图;FIG. 1 shows a schematic diagram of a control method for a trusted application according to an embodiment of the present invention;
图2示出了根据本发明的一个实施例的可信应用设备的结构示意 图;Fig. 2 shows a schematic structural diagram of a trusted application device according to an embodiment of the present invention;
图3示出了根据本发明的一个实施例的可信人脸识别系统的结构示意图;3 shows a schematic structural diagram of a trusted face recognition system according to an embodiment of the present invention;
图4示出了根据本发明的一个实施例的人脸采集及识别架构图;FIG. 4 shows an architecture diagram of face collection and recognition according to an embodiment of the present invention;
图5示出了根据本发明的一个实施例的内存移交流程;FIG. 5 shows a memory handover process according to an embodiment of the present invention;
图6示出了根据本发明的一个实施例的可信人脸识别应用程序的初始化流程;Fig. 6 shows the initialization flow of a trusted face recognition application according to an embodiment of the present invention;
图7示出了根据本发明的一个实施例的人脸数据采集流程;以及FIG. 7 shows a face data collection process according to an embodiment of the present invention; and
图8示出了根据本发明的一个实施例的可信人脸识别应用程序的人脸识别流程。FIG. 8 shows a face recognition flow of a trusted face recognition application according to an embodiment of the present invention.
具体实施方式Detailed ways
为了使本发明的目的、技术方案和优点更加清楚,下面结合附图对本发明具体实施例作进一步的详细描述。可以理解的是,此处所描述的具体实施例仅仅用于解释本发明,而非对本发明的限定。In order to make the objectives, technical solutions and advantages of the present invention clearer, the specific embodiments of the present invention will be further described in detail below with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.
另外还需要说明的是,为了便于描述,附图中仅示出了与本发明相关的部分而非全部内容。在更加详细地讨论示例性实施例之前应当提到的是,一些示例性实施例被描述成作为流程图描绘的处理或方法。虽然流程图将各项操作(或步骤)描述成顺序的处理,但是其中的许多操作可以被并行地、并发地或者同时实施。此外,各项操作的顺序可以被重新安排。当其操作完成时所述处理可以被终止,但是还可以具有未包括在附图中的附加步骤。所述处理可以对应于方法、函数、规程、子例程、子程序等等。In addition, it should be noted that, for the convenience of description, the drawings only show some but not all of the contents related to the present invention. Before discussing the exemplary embodiments in greater detail, it should be mentioned that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart depicts various operations (or steps) as a sequential process, many of the operations may be performed in parallel, concurrently, or concurrently. Additionally, the order of operations can be rearranged. The process may be terminated when its operation is complete, but may also have additional steps not included in the figures. The processes may correspond to methods, functions, procedures, subroutines, subroutines, and the like.
虽然将示例性实施例描述为使用多个单元来执行示例性过程,但是应理解,这些示例性过程也可由一个或多个模块来执行。Although example embodiments are described as using multiple units to perform example processes, it should be understood that these example processes may also be performed by one or more modules.
而且,本发明的控制逻辑可作为可执行程序指令而包含在计算机可读介质上,该可执行程序指令由处理器等实施。计算机可读介质的实例包括,但不限于,ROM、RAM、光盘、磁带、软盘、闪盘驱动器、智能卡和光学数据存储装置。计算机可读记录介质也可分布在连接有网络的计算机系统中,使得例如通过车载远程通信服务或者控制器局域网(CAN)以分布式方式储存并实施计算机可读介质。Furthermore, the control logic of the present invention may be embodied on a computer-readable medium as executable program instructions implemented by a processor or the like. Examples of computer-readable media include, but are not limited to, ROM, RAM, optical disks, magnetic tapes, floppy disks, flash drives, smart cards, and optical data storage devices. The computer-readable recording medium can also be distributed over network coupled computer systems so that the computer-readable medium is stored and implemented in a distributed fashion, eg, via an in-vehicle telecommunications service or a controller area network (CAN).
除非具体地提到或者从上下文中显而易见,否则如这里使用的,将术语“大约”理解为在本领域中的正常公差的范围内,例如在平均值的2个标准差内。Unless specifically mentioned or obvious from context, as used herein, the term "about" is understood to mean within a range of normal tolerance in the art, eg, within 2 standard deviations of the mean.
在下文中,将参考附图详细地描述根据本发明的各示例性实施例的可信应用的控制方案。Hereinafter, a control scheme of a trusted application according to various exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.
图1示出了根据本发明的一个实施例的可信应用的控制方法1000的示意图。如图1所示,方法1000包括如下步骤:FIG. 1 shows a schematic diagram of a method 1000 for controlling a trusted application according to an embodiment of the present invention. As shown in Figure 1, method 1000 includes the following steps:
在步骤S110中,可信应用发送指令给与所述可信应用关联的外设应用,使得所述外设应用控制操作装置将敏感数据写入安全内存;以及In step S110, the trusted application sends an instruction to a peripheral application associated with the trusted application, so that the peripheral application controls the operating device to write sensitive data into the secure memory; and
在步骤S120中,所述可信应用从所述安全内存读取所述敏感数据,其中,所述可信应用处于第一CPU核心的可信执行环境,而所述外设应用处于所述第一CPU核心的普通执行环境,所述安全内存中的一部分空间经由所述普通执行环境中的内存空间变更而得。In step S120, the trusted application reads the sensitive data from the secure memory, wherein the trusted application is in the trusted execution environment of the first CPU core, and the peripheral application is in the first CPU core In a common execution environment of a CPU core, a part of the space in the secure memory is obtained by changing the memory space in the common execution environment.
在本发明的上下文中,“可信执行环境”的英文为TEE(Trusted Execution Environment),是装置上用来运行可信或高安全性应用程序的执行环境。In the context of the present invention, "Trusted Execution Environment" in English is TEE (Trusted Execution Environment), which is an execution environment used on the device to run trusted or high-security applications.
可信执行环境(TEE)是CPU内的一个安全区域。它运行在一个独立的环境中且与操作系统并行运行。CPU确保TEE中代码和数据 的机密性和完整性都得到保护。通过同时使用硬件和软件来保护数据和代码,TEE比操作系统更加安全。在TEE中运行的受信任应用程序可以访问设备主处理器和内存的全部功能,而硬件隔离保护这些组件不受主操作系统中运行的用户安装应用程序的影响。一句话,运行在TEE中的代码和数据,是保密且不可篡改的。A Trusted Execution Environment (TEE) is a secure area within the CPU. It runs in a separate environment and runs in parallel with the operating system. The CPU ensures that both the confidentiality and integrity of the code and data in the TEE are protected. By using both hardware and software to protect data and code, TEEs are more secure than operating systems. Trusted applications running in the TEE have access to the full capabilities of the device's main processor and memory, while hardware isolation protects these components from user-installed applications running in the main operating system. In a word, the code and data running in the TEE are confidential and cannot be tampered with.
与“可信执行环境”相对,REE(即Rich Execution Environment)表示普通执行环境,是装置上用来运行普通应用程序的执行环境,例如Android,IOS系统等。In contrast to the "trusted execution environment", REE (ie Rich Execution Environment) represents a common execution environment, which is an execution environment used to run common applications on the device, such as Android, IOS systems, etc.
在一个实施例中,TEE的实现基于ARM TrustZone。其安全特点是:(1)受硬件机制保护:TEE隔离于REE、只能通过特定的入口与TEE通信;(2)快速通信机制:TEE可以访问REE的内存、REE无法访问受硬件保护的TEE内存;(3)可抵御某些基于硬件的攻击。In one embodiment, the implementation of TEE is based on ARM TrustZone. Its security features are: (1) Protected by hardware mechanisms: TEE is isolated from REE and can only communicate with TEE through a specific entry; (2) Fast communication mechanism: TEE can access REE's memory, REE cannot access hardware-protected TEE memory; (3) can resist some hardware-based attacks.
术语“可信操作系统”,也称为Trusted OS或Trusted Operation System,表示运行在TEE端的操作系统。术语“普通操作系统”与之相对,也称为Rich Operating System或Rich OS,其表示运行在REE端的操作系统。The term "trusted operating system", also known as Trusted OS or Trusted Operation System, refers to the operating system running on the TEE side. The term "common operating system" is opposite, also known as Rich Operating System or Rich OS, which refers to the operating system running on the REE side.
随着移动设备的发展,移动设备的功能越来越强大,移动设备会存储用户的资产,处理支付等操作。目前移动端的系统运行环境一般为REE(Rich Execution Environment),在其中运行的系统为Rich OS(Operating System),包含Android、IOS和Linux,Rich OS的特点是功能强大,开放和扩展性好,可以给上层应用提供设备的所有功能,比如摄像头,触摸屏等。但Rich OS存在很多的安全隐患,比如经常会发现bug,OS可以获得应用所有的数据,很难验证OS是否被篡改,还会受到各种各样的攻击,这些对于用户资产有很大的安全隐患。With the development of mobile devices, the functions of mobile devices become more and more powerful, and mobile devices store users' assets, process payments and other operations. At present, the system operating environment of the mobile terminal is generally REE (Rich Execution Environment), and the operating system in it is Rich OS (Operating System), including Android, IOS and Linux. Rich OS is characterized by powerful functions, openness and scalability. Provide all functions of the device to the upper application, such as camera, touch screen, etc. However, Rich OS has many security risks, such as bugs are often found, OS can obtain all data of the application, it is difficult to verify whether the OS has been tampered with, and it will be subject to various attacks, which have great security for user assets hidden danger.
为了提供更高的安全性,TEE提供了一个与REE隔离的环境保存用户的敏感信息,TEE可以直接获取REE的信息,而REE不能获取TEE的信息。例如,当用户付款时,通过TEE提供的接口来进行验证,以保证支付信息不会被篡改,密码不会被劫持,指纹信息不会被盗用。In order to provide higher security, the TEE provides an environment isolated from the REE to store the user's sensitive information. The TEE can directly obtain the information of the REE, but the REE cannot obtain the information of the TEE. For example, when a user pays, it is verified through the interface provided by TEE to ensure that the payment information will not be tampered with, the password will not be hijacked, and the fingerprint information will not be stolen.
在本发明的上下文中,术语“可信应用”也可称为授权安全软件、可信应用程序或TA(Trusted Application),表示运行在TEE侧的应用程序。“可信应用”之间可通过密码学技术等来保证它们之间是隔离开的,不会随意读取和操作其它可信应用的数据。另外,在一些示例中,可信应用在执行前需要做完整性验证,保证应用没有被篡改。In the context of the present invention, the term "trusted application" may also be referred to as authorized security software, trusted application or TA (Trusted Application), representing an application running on the TEE side. The "trusted applications" can be isolated from each other through cryptographic techniques, and the data of other trusted applications will not be read and operated at will. In addition, in some examples, the trusted application needs to perform integrity verification before execution to ensure that the application has not been tampered with.
术语“外设应用”用于控制触摸屏、摄像头、指纹传感器等外设或操作装置的应用,其也称为客户应用程序,运行在REE侧。The term "peripheral application" is used for applications that control peripherals or operating devices such as touch screens, cameras, fingerprint sensors, etc., which are also called client applications, running on the REE side.
在一个实施例中,所述可信应用为可信人脸识别应用程序,所述外设应用为与所述可信应用关联的客户应用程序,即摄像头控制程序,且所述操作装置为摄像头。在另一个实施例中,所述可信应用为可信指纹识别应用程序,所述外设应用为指纹传感器控制程序,且所述操作装置为指纹传感器。In one embodiment, the trusted application is a trusted face recognition application, the peripheral application is a client application associated with the trusted application, that is, a camera control program, and the operating device is a camera. In another embodiment, the trusted application is a trusted fingerprint identification application, the peripheral application is a fingerprint sensor control program, and the operating device is a fingerprint sensor.
术语“敏感数据”指泄漏后可能会给社会或个人带来严重危害的数据,在不同场景下其含义可以不同。例如,在人脸识别的应用场景中,“敏感数据”可以包括人脸识别相关的算法、人脸图像数据等重要、不可泄露的数据。在指纹识别的应用场景下,“敏感数据”可包括指纹识别相关的算法、用户的指纹数据等数据。The term "sensitive data" refers to data that may cause serious harm to society or individuals after leakage, and its meaning may vary in different scenarios. For example, in a face recognition application scenario, "sensitive data" may include face recognition-related algorithms, face image data, and other important and undisclosed data. In the application scenario of fingerprint identification, "sensitive data" may include fingerprint identification related algorithms, user's fingerprint data, and other data.
在本发明的上下文中,术语“安全内存”相对于普通内存而言,表示运行在TEE环境下的内存空间(安全性较高)。普通内存/REE内存可以通过MPU(Memory Protection Unit,内存保护单元)硬件来 变更为安全内存。In the context of the present invention, the term "secure memory" refers to a memory space (with higher security) running in a TEE environment, relative to ordinary memory. Ordinary memory/REE memory can be changed to safe memory through MPU (Memory Protection Unit, memory protection unit) hardware.
术语“CPU核心”也称为“CPU内核”,是CPU中间的核心芯片,由单晶硅制成,用来完成计算、接受/存储命令、处理数据等,是数字处理核心。例如,四核处理器具有四个CPU核心,八核处理器具有八个CPU核心,以此类推。The term "CPU core", also known as "CPU core", is the core chip in the middle of the CPU, made of single crystal silicon, used to complete calculations, accept/store commands, process data, etc. It is the digital processing core. For example, a quad-core processor has four CPU cores, an octa-core processor has eight CPU cores, and so on.
在步骤S110中,可信应用通过与处于REE(Rich Execution Environment,普通执行环境)中的关联外设应用进行通信,使得该关联外设应用控制相应的操作装置将敏感数据写入处于TEE中的安全内存,而处于TEE中的可信应用从该安全内存中读取敏感数据来进行后续处理,这实现了敏感数据的安全采集(获取)与处理。In step S110, the trusted application communicates with the associated peripheral application in the REE (Rich Execution Environment, common execution environment), so that the associated peripheral application controls the corresponding operating device to write sensitive data into the TEE. Secure memory, and trusted applications in the TEE read sensitive data from the secure memory for subsequent processing, which implements secure collection (acquisition) and processing of sensitive data.
在步骤S120中,安全内存中的一部分空间经由所述普通执行环境中的内存空间变更而得。通过动态调度REE内存空间给TEE使用,可以解决TEE环境内存空间不足的问题。In step S120, a part of the space in the secure memory is obtained by changing the memory space in the common execution environment. By dynamically scheduling the REE memory space for use by the TEE, the problem of insufficient memory space in the TEE environment can be solved.
另外,可信应用与关联外设应用处于同一CPU核心,但分属于不同执行环境(可信应用处于可信执行环境中,而外设应用处于普通执行环境),这样可有助于在保证安全性的前提下节约CPU核心的使用,即节省硬件开销。In addition, the trusted application and the associated peripheral application are in the same CPU core, but belong to different execution environments (the trusted application is in the trusted execution environment, while the peripheral application is in the normal execution environment), which can help ensure security It saves the use of CPU cores under the premise of stability, that is, saves hardware overhead.
在一个或多个实施例中,可信应用可以和触摸屏、摄像头、指纹传感器等操作装置进行直接交互,不需要通过REE提供的接口,所以更加保证了安全。In one or more embodiments, the trusted application can directly interact with operating devices such as a touch screen, a camera, and a fingerprint sensor, and does not need to use the interface provided by the REE, so the security is further ensured.
在一个实施例中,可信应用为可信人脸识别应用程序,即人脸识别的工作(即,具体识别工作)在装置的TEE环境中进行,而不是通过联网服务器(例如,云端服务器)实现。In one embodiment, the trusted application is a trusted face recognition application, that is, the work of face recognition (ie, the specific recognition work) is performed in the TEE environment of the device, rather than through a networked server (eg, a cloud server). .
在一个或多个实施例中,可信人脸识别应用程序包括主线程和一个以上的子线程。在一个实施例中,步骤S110可包括:所述可信人 脸识别应用程序的主线程发送指令给所述摄像头控制程序来开始或结束图像采集工作。在一个实施例中,步骤S120可包括:所述可信人脸识别应用的第一子线程和第二子线程分别从所述安全内存中的图像缓冲器读取图像数据以便进行人脸识别,其中,所述第一子线程运行在第二CPU核心的可信执行环境中,而所述第二子线程运行在第三CPU核心的可信执行环境中。需要指出的是,第二CPU核心和第三CPU核心与前述的第一CPU核心为不同的CPU核心,在此通过序数词“第一”、“第二”和“第三”来进行区分。本领域技术人员可以理解,CPU核心的数量可不限于3,而是可根据实际情况来确定。In one or more embodiments, the trusted face recognition application includes a main thread and one or more sub-threads. In one embodiment, step S110 may include: the main thread of the trusted face recognition application program sends an instruction to the camera control program to start or end the image acquisition work. In one embodiment, step S120 may include: the first sub-thread and the second sub-thread of the trusted face recognition application respectively read image data from the image buffer in the secure memory for face recognition, wherein , the first sub-thread runs in the trusted execution environment of the second CPU core, and the second sub-thread runs in the trusted execution environment of the third CPU core. It should be pointed out that the second CPU core and the third CPU core are different CPU cores from the aforementioned first CPU core, and are distinguished here by the ordinal words "first", "second" and "third". Those skilled in the art can understand that the number of CPU cores may not be limited to 3, but may be determined according to actual conditions.
在前述实施例中,所述第一子线程和所述第二子线程由可信人脸识别应用程序的主线程开启。例如,可信人脸识别应用程序主线程负责通过摄像头控制程序开始或结束图像采集工作,并且开启一个以上的子线程,并请求可信操作系统(Trusted OS)将子线程绑定在特定CPU核心上运行。In the foregoing embodiment, the first sub-thread and the second sub-thread are started by the main thread of the trusted face recognition application. For example, the main thread of the trusted face recognition application is responsible for starting or ending the image acquisition work through the camera control program, and starts more than one sub-thread, and requests the trusted operating system (Trusted OS) to bind the sub-thread to a specific CPU core run.
在一个实施例中,尽管图1中未示出,上述方法1000还包括:所述可信应用在被启动后,所述可信应用的主线程加载并初始化操作模型。这个操作模型例如可以是人脸识别AI(人工智能,Artificial Intelligence)模型。在一个实施例中,上述方法1000还包括:所述可信应用的主线程创建物理地址队列和同步锁,其中物理地址队列用于记录已经采集完成的敏感数据所存放的物理地址或与该物理地址对应的句柄(Handle)。In one embodiment, although not shown in FIG. 1 , the above method 1000 further includes: after the trusted application is started, the main thread of the trusted application loads and initializes an operation model. This operating model may be, for example, a face recognition AI (Artificial Intelligence) model. In one embodiment, the above method 1000 further includes: the main thread of the trusted application creates a physical address queue and a synchronization lock, wherein the physical address queue is used to record the physical address where the collected sensitive data is stored or is related to the physical address. The handle corresponding to the address.
在一个实施例中,上述方法1000还可包括:所述可信应用的主线程从所述外设应用接收敏感数据采集完成的通知以及所述敏感数据被写入的地址。上述方法1000还可包括:所述可信应用的主线程将所述地址写入所述物理地址队列中。例如,在完成图像数据采集后, 摄像头控制程序通知可信人脸识别应用程序主线程已经完成图像数据的采集,并将物理地址传送给可信人脸识别应用程序主线程,最后再由可信人脸识别应用程序主线程将图像数据的物理地址写入队列中。In one embodiment, the above method 1000 may further include: the main thread of the trusted application receives a notification of completion of collection of sensitive data and an address where the sensitive data is written from the peripheral application. The above method 1000 may further include: the main thread of the trusted application writes the address into the physical address queue. For example, after the image data collection is completed, the camera control program notifies the main thread of the trusted face recognition application that the collection of image data has been completed, and transmits the physical address to the main thread of the trusted face recognition application, and finally the trusted face recognition application The application main thread writes the physical address of the image data to the queue.
在一个实施例中,步骤S120包括:所述可信应用的子线程在取得所述同步锁后才从所述物理地址队列中读取所述敏感数据被写入的地址。在一个实施例中,步骤S120还包括:所述可信应用的子线程依据所述地址从所述安全内存读取所述敏感数据。由于可信人脸识别应用程序中存放图像数据物理地址的队列只有一份,因此为了实现可信人脸识别应用程序的多个子线程共同读取,加入了同步锁机制,以确保不同的子线程不会拿到相同的物理地址,造成编程逻辑上的错误。In one embodiment, step S120 includes: the sub-thread of the trusted application reads the address to which the sensitive data is written from the physical address queue after acquiring the synchronization lock. In one embodiment, step S120 further includes: the sub-thread of the trusted application reads the sensitive data from the secure memory according to the address. Since there is only one queue for storing the physical address of image data in the trusted face recognition application, in order to realize the common reading of multiple sub-threads of the trusted face recognition application, a synchronization lock mechanism is added to ensure that different sub-threads do not Get the same physical address, causing programming logic errors.
作为图1所示的可信应用的控制方法的补充,方法1000还可包括:所述可信应用的子线程通过所述操作模型进行人脸侦测、特征截取以及人脸对比。该方法1000还可包括:判断人脸比对是否成功,并且在成功时由可信人脸识别应用程序子线程通知主线程比对成功并结束流程。As a supplement to the trusted application control method shown in FIG. 1 , the method 1000 may further include: the sub-thread of the trusted application performs face detection, feature extraction and face comparison through the operation model. The method 1000 may further include: judging whether the face comparison is successful, and when successful, the trusted face recognition application sub-thread notifies the main thread that the comparison is successful and ends the process.
在一个实施例中,上述方法1000还包括:所述可信应用的子线程通知所述主线程关于人脸比对的结果。In one embodiment, the above-mentioned method 1000 further includes: the sub-thread of the trusted application notifies the main thread of the result of the face comparison.
此外,在一个实施例中,摄像头控制程序与可信人脸识别应用程序在传送与敏感数据相关的物理地址的实现上可以改用句柄(Handle)来代替。在一个实施例中,上述方法1000还包括:所述可信应用的主线程从所述外设应用接收句柄,所述句柄与所述敏感数据被写入的地址一一对应。这样,摄像头控制程序与可信人脸识别应用程序可再利用Handle来向普通操作系统以及可信操作系统查询相对应的内存 物理地址。In addition, in one embodiment, the camera control program and the trusted face recognition application may use a handle instead of a handle in the implementation of transmitting the physical address related to the sensitive data. In one embodiment, the above-mentioned method 1000 further includes: the main thread of the trusted application receives a handle from the peripheral application, where the handle corresponds one-to-one with the address where the sensitive data is written. In this way, the camera control program and the trusted face recognition application can reuse the Handle to query the corresponding memory physical address from the common operating system and the trusted operating system.
在一个实施例中,所述安全内存中的一部分空间在使用完毕后被转换回所述普通执行环境中的内存空间,即及时释放经转换的内存空间供普通执行环境使用。In one embodiment, a part of the space in the secure memory is converted back to the memory space in the common execution environment after use, that is, the converted memory space is released in time for the common execution environment to use.
图2示出了根据本发明的一个实施例的可信应用设备2000的结构示意图。如图2所示,可信应用设备2000包括:发送单元210和读取单元220,其中发送单元210用于发送指令给与所述可信应用关联的外设应用,使得所述外设应用控制操作装置将敏感数据写入安全内存;读取单元220用于从所述安全内存读取所述敏感数据,其中,所述可信应用设备处于第一CPU核心的可信执行环境,而所述外设应用处于所述第一CPU核心的普通执行环境,所述安全内存中的一部分空间经由所述普通执行环境中的内存空间变更而得。FIG. 2 shows a schematic structural diagram of a trusted application device 2000 according to an embodiment of the present invention. As shown in FIG. 2, the trusted application device 2000 includes: a sending unit 210 and a reading unit 220, wherein the sending unit 210 is configured to send an instruction to a peripheral application associated with the trusted application, so that the peripheral application controls the The operating device writes sensitive data into the secure memory; the reading unit 220 is configured to read the sensitive data from the secure memory, wherein the trusted application device is in the trusted execution environment of the first CPU core, and the The peripheral application is in the normal execution environment of the first CPU core, and a part of the space in the secure memory is obtained by changing the memory space in the normal execution environment.
在本发明的上下文中,“可信执行环境”的英文为TEE(Trusted Execution Environment),是装置上用来运行可信或高安全性应用程序的执行环境。In the context of the present invention, "Trusted Execution Environment" in English is TEE (Trusted Execution Environment), which is an execution environment used on the device to run trusted or high-security applications.
可信执行环境(TEE)是CPU内的一个安全区域。它运行在一个独立的环境中且与操作系统并行运行。CPU确保TEE中代码和数据的机密性和完整性都得到保护。通过同时使用硬件和软件来保护数据和代码,TEE比操作系统更加安全。在TEE中运行的受信任应用程序可以访问设备主处理器和内存的全部功能,而硬件隔离保护这些组件不受主操作系统中运行的用户安装应用程序的影响。一句话,运行在TEE中的代码和数据,是保密且不可篡改的。A Trusted Execution Environment (TEE) is a secure area within the CPU. It runs in a separate environment and runs in parallel with the operating system. The CPU ensures that both the confidentiality and integrity of the code and data in the TEE are protected. By using both hardware and software to protect data and code, TEEs are more secure than operating systems. Trusted applications running in the TEE have access to the full capabilities of the device's main processor and memory, while hardware isolation protects these components from user-installed applications running in the main operating system. In a word, the code and data running in the TEE are confidential and cannot be tampered with.
与“可信执行环境”相对,REE(即Rich Execution Environment)表示普通执行环境,是装置上用来运行普通应用程序的执行环境,例如Android,IOS系统等。In contrast to the "trusted execution environment", REE (ie Rich Execution Environment) represents a common execution environment, which is an execution environment used to run common applications on the device, such as Android, IOS systems, etc.
在一个实施例中,TEE的实现基于ARM TrustZone。其安全特点是:(1)受硬件机制保护:TEE隔离于REE、只能通过特定的入口与TEE通信;(2)快速通信机制:TEE可以访问REE的内存、REE无法访问受硬件保护的TEE内存;(3)可抵御某些基于硬件的攻击。In one embodiment, the implementation of TEE is based on ARM TrustZone. Its security features are: (1) Protected by hardware mechanisms: TEE is isolated from REE and can only communicate with TEE through a specific entry; (2) Fast communication mechanism: TEE can access REE's memory, REE cannot access hardware-protected TEE memory; (3) can resist some hardware-based attacks.
术语“可信操作系统”,也称为Trusted OS或Trusted Operation System,表示运行在TEE端的操作系统。术语“普通操作系统”与之相对,也称为Rich Operating System或Rich OS,其表示运行在REE端的操作系统。The term "trusted operating system", also known as Trusted OS or Trusted Operation System, refers to the operating system running on the TEE side. The term "common operating system" is opposite, also known as Rich Operating System or Rich OS, which refers to the operating system running on the REE side.
随着移动设备的发展,移动设备的功能越来越强大,移动设备会存储用户的资产,处理支付等操作。目前移动端的系统运行环境一般为REE(Rich Execution Environment),在其中运行的系统为Rich OS(Operating System),包含Android、IOS和Linux,Rich OS的特点是功能强大,开放和扩展性好,可以给上层应用提供设备的所有功能,比如摄像头,触摸屏等。但Rich OS存在很多的安全隐患,比如经常会发现bug,OS可以获得应用所有的数据,很难验证OS是否被篡改,还会受到各种各样的攻击,这些对于用户资产有很大的安全隐患。With the development of mobile devices, the functions of mobile devices become more and more powerful, and mobile devices store users' assets, process payments and other operations. At present, the system operating environment of the mobile terminal is generally REE (Rich Execution Environment), and the operating system in it is Rich OS (Operating System), including Android, IOS and Linux. Rich OS is characterized by powerful functions, openness and scalability. Provide all functions of the device to the upper application, such as camera, touch screen, etc. However, Rich OS has many security risks, such as bugs are often found, OS can obtain all data of the application, it is difficult to verify whether the OS has been tampered with, and it will be subject to various attacks, which have great security for user assets hidden danger.
为了提供更高的安全性,TEE提供了一个与REE隔离的环境保存用户的敏感信息,TEE可以直接获取REE的信息,而REE不能获取TEE的信息。例如,当用户付款时,通过TEE提供的接口来进行验证,以保证支付信息不会被篡改,密码不会被劫持,指纹信息不会被盗用。In order to provide higher security, the TEE provides an environment isolated from the REE to store the user's sensitive information. The TEE can directly obtain the information of the REE, but the REE cannot obtain the information of the TEE. For example, when a user pays, it is verified through the interface provided by TEE to ensure that the payment information will not be tampered with, the password will not be hijacked, and the fingerprint information will not be stolen.
在本发明的上下文中,术语“可信应用”也可称为授权安全软件、可信应用程序或TA(Trusted Application),表示运行在TEE侧的应用程序。“可信应用”之间可通过密码学技术等来保证它们之间是隔 离开的,不会随意读取和操作其它可信应用的数据。另外,在一些示例中,可信应用在执行前需要做完整性验证,保证应用没有被篡改。In the context of the present invention, the term "trusted application" may also be referred to as authorized security software, trusted application or TA (Trusted Application), representing an application running on the TEE side. The "trusted applications" can be isolated from each other through cryptographic techniques, and the data of other trusted applications will not be read and operated at will. In addition, in some examples, the trusted application needs to perform integrity verification before execution to ensure that the application has not been tampered with.
术语“外设应用”用于控制触摸屏、摄像头、指纹传感器等外设或操作装置的应用,其也称为客户应用程序,运行在REE侧。The term "peripheral application" is used for applications that control peripherals or operating devices such as touch screens, cameras, fingerprint sensors, etc., which are also called client applications, running on the REE side.
术语“敏感数据”指泄漏后可能会给社会或个人带来严重危害的数据,在不同场景下其含义可以不同。例如,在人脸识别的应用场景中,“敏感数据”可以包括人脸识别相关的算法、人脸图像数据等重要、不可泄露的数据。在指纹识别的应用场景下,“敏感数据”可包括指纹识别相关的算法、用户的指纹数据等数据。The term "sensitive data" refers to data that may cause serious harm to society or individuals after leakage, and its meaning may vary in different scenarios. For example, in a face recognition application scenario, "sensitive data" may include face recognition-related algorithms, face image data, and other important and undisclosed data. In the application scenario of fingerprint identification, "sensitive data" may include fingerprint identification related algorithms, user's fingerprint data, and other data.
在本发明的上下文中,术语“安全内存”相对于普通内存而言,表示运行在TEE环境下的内存空间(安全性较高)。普通内存/REE内存可以通过MPU(Memory Protection Unit,内存保护单元)硬件来变更为安全内存。In the context of the present invention, the term "secure memory" refers to a memory space (with higher security) running in a TEE environment, relative to ordinary memory. Ordinary memory/REE memory can be changed to safe memory through MPU (Memory Protection Unit, memory protection unit) hardware.
术语“CPU核心”也称为“CPU内核”,是CPU中间的核心芯片,由单晶硅制成,用来完成计算、接受/存储命令、处理数据等,是数字处理核心。例如,四核处理器具有四个CPU核心,八核处理器具有八个CPU核心,以此类推。The term "CPU core", also known as "CPU core", is the core chip in the middle of the CPU, made of single crystal silicon, used to complete calculations, accept/store commands, process data, etc. It is the digital processing core. For example, a quad-core processor has four CPU cores, an octa-core processor has eight CPU cores, and so on.
在一个实施例中,发送单元210配置成通过与处于REE(Rich Execution Environment,普通执行环境)中的关联外设应用进行通信,使得该关联外设应用控制相应的操作装置将敏感数据写入处于TEE中的安全内存,而读取单元220从该安全内存中读取敏感数据来进行后续处理,这实现了敏感数据的安全采集(获取)与处理。In one embodiment, the sending unit 210 is configured to communicate with an associated peripheral application in a REE (Rich Execution Environment), so that the associated peripheral application controls the corresponding operating device to write sensitive data in the The secure memory in the TEE, and the reading unit 220 reads sensitive data from the secure memory for subsequent processing, which realizes secure collection (acquisition) and processing of sensitive data.
另外,安全内存中的一部分空间经由所述普通执行环境中的内存空间变更而得。通过动态调度REE内存空间给TEE使用,可以解决TEE环境内存空间不足的问题。In addition, a part of the space in the secure memory is obtained by changing the memory space in the normal execution environment. By dynamically scheduling the REE memory space for use by the TEE, the problem of insufficient memory space in the TEE environment can be solved.
另外,可信应用与关联外设应用处于同一CPU核心,但分属于不同执行环境(可信应用处于可信执行环境中,而外设应用处于普通执行环境),这样可有助于在保证安全性的前提下节约CPU核心的使用,即节省硬件开销。In addition, the trusted application and the associated peripheral application are in the same CPU core, but belong to different execution environments (the trusted application is in the trusted execution environment, while the peripheral application is in the normal execution environment), which can help ensure security It saves the use of CPU cores under the premise of stability, that is, saves hardware overhead.
在一个或多个实施例中,在上述设备2000中,所述外设应用为摄像头控制程序,所述操作装置为摄像头。In one or more embodiments, in the foregoing apparatus 2000, the peripheral application is a camera control program, and the operating device is a camera.
在一个实施例中,发送单元210配置成发送指令给所述摄像头控制程序来开始或结束图像采集工作。在一个实施例中,读取单元220可包括第一读取子单元和第二读取子单元,它们分别从所述安全内存中的图像缓冲器读取图像数据以便进行人脸识别,其中,所述第一读取子单元运行在第二CPU核心的可信执行环境中,而所述第二读取子单元运行在第三CPU核心的可信执行环境中。In one embodiment, the sending unit 210 is configured to send an instruction to the camera control program to start or end the image acquisition work. In one embodiment, the reading unit 220 may include a first reading subunit and a second reading subunit, which respectively read image data from an image buffer in the secure memory for face recognition, wherein, The first reading subunit runs in the trusted execution environment of the second CPU core, and the second reading subunit runs in the trusted execution environment of the third CPU core.
尽管图2中未示出,在一个实施例中,上述设备2000还可包括:加载单元,用于加载并初始化操作模型。在一个实施例中,上述设备2000还可包括:创建单元,用于创建物理地址队列和同步锁。在一个实施例中,上述设备2000还可包括:接收单元,用于从所述外设应用接收敏感数据采集完成的通知以及所述敏感数据被写入的地址。作为前述方案的补充,在一个实施例中,上述设备2000还包括:写入单元,用于将所述地址写入所述物理地址队列中。Although not shown in FIG. 2 , in one embodiment, the above-mentioned apparatus 2000 may further include: a loading unit for loading and initializing the operation model. In one embodiment, the above-mentioned apparatus 2000 may further include: a creation unit configured to create a physical address queue and a synchronization lock. In one embodiment, the above-mentioned device 2000 may further include: a receiving unit configured to receive a notification of completion of collection of sensitive data and an address to which the sensitive data is written from the peripheral application. As a supplement to the foregoing solution, in one embodiment, the above-mentioned device 2000 further includes: a writing unit, configured to write the address into the physical address queue.
在一个实施例中,所述读取单元220配置成在取得所述同步锁后才从所述物理地址队列中读取所述敏感数据被写入的地址。所述读取单元220还可配置成依据所述地址从所述安全内存读取所述敏感数据。In one embodiment, the reading unit 220 is configured to read the address to which the sensitive data is written from the physical address queue after acquiring the synchronization lock. The read unit 220 may also be configured to read the sensitive data from the secure memory according to the address.
图2所示实施例的可信应用设备2000将人脸识别的工作移至装置的TEE环境中进行。另外,为了解决人脸识别工作所需要的计算能力及内存空间的问题,可信应用设备2000借助了ARM TrustZone技 术所提供的硬件保护能力,在TEE环境中同时调度多个CPU(核心)来提升人脸识别的效能,另外也提出了动态调度REE内存空间给TEE使用的方法,以解决TEE环境内存空间不足的问题。The trusted application device 2000 of the embodiment shown in FIG. 2 moves the work of face recognition to the TEE environment of the device. In addition, in order to solve the problem of computing power and memory space required for face recognition work, Trusted Application Device 2000 uses the hardware protection capability provided by ARM TrustZone technology to simultaneously schedule multiple CPUs (cores) in the TEE environment to improve In addition, the method of dynamically scheduling REE memory space for TEE to use is also proposed to solve the problem of insufficient memory space in the TEE environment.
参考图3,图3示出了根据本发明的一个实施例的可信系统3000的结构示意图。在人脸识别的场景下,如图3所示,可信人脸识别系统包括REE环境310中的摄像头控制程序312、TEE环境320中的可信人脸识别应用322以及摄像头硬件330。Referring to FIG. 3, FIG. 3 shows a schematic structural diagram of a trusted system 3000 according to an embodiment of the present invention. In the face recognition scenario, as shown in FIG. 3 , the trusted face recognition system includes a camera control program 312 in the REE environment 310 , a trusted face recognition application 322 in the TEE environment 320 , and camera hardware 330 .
摄像头控制程序312负责接收可信人脸识别应用322的命令并控制摄像头硬件330,例如开启摄像头、关闭摄像头或采集图像。摄像头硬件330负责接收摄像头控制程序312的命令,进行图像数据采集工作,并将图像数据写入安全内存340的指定地址。可信人脸识别应用322的主线程负责通知摄像头控制程序312开始或停止采集图像数据并负责创建或结束一个以上的子线程,子线程则负责从安全内存340读取图像数据并进行人脸识别工作。The camera control program 312 is responsible for receiving commands from the trusted face recognition application 322 and controlling the camera hardware 330, such as turning on the camera, turning off the camera, or capturing images. The camera hardware 330 is responsible for receiving commands from the camera control program 312 , performing image data collection, and writing the image data to a designated address in the secure memory 340 . The main thread of the trusted face recognition application 322 is responsible for notifying the camera control program 312 to start or stop collecting image data and is responsible for creating or ending one or more sub-threads, and the sub-threads are responsible for reading image data from the secure memory 340 and performing face recognition work .
尽管图3示出的可信系统3000用于人脸识别,但本领域技术人员可以理解,可信系统3000可以用于其他应用,包括但不限于指纹识别、触摸屏等。Although the trusted system 3000 shown in FIG. 3 is used for face recognition, those skilled in the art can understand that the trusted system 3000 can be used for other applications, including but not limited to fingerprint recognition, touch screen and the like.
在另一个实施例中,可信系统3000为可信指纹识别系统。该可信指纹识别系统包括REE环境中的指纹传感器控制程序、TEE环境中的可信指纹识别应用以及指纹传感器。指纹传感器控制程序负责接收可信指纹识别应用的命令并控制指纹传感器,例如开启指纹传感器、关闭指纹传感器或采集用户指纹。指纹传感器负责接收指纹传感器控制程序的命令,进行指纹采集工作,并将指纹数据写入安全内存的指定地址。可信指纹识别应用的主线程负责通知指纹传感器控制程序开始或停止采集指纹数据并负责创建或结束一个以上的子线程,子线程 则负责从安全内存读取指纹数据并进行指纹识别工作。In another embodiment, the trusted system 3000 is a trusted fingerprint identification system. The trusted fingerprint identification system includes a fingerprint sensor control program in a REE environment, a trusted fingerprint identification application in a TEE environment, and a fingerprint sensor. The fingerprint sensor control program is responsible for receiving commands from trusted fingerprint recognition applications and controlling the fingerprint sensor, such as turning on the fingerprint sensor, turning off the fingerprint sensor, or collecting user fingerprints. The fingerprint sensor is responsible for receiving the command of the fingerprint sensor control program, performing fingerprint collection, and writing the fingerprint data into the designated address of the secure memory. The main thread of the trusted fingerprint identification application is responsible for notifying the fingerprint sensor control program to start or stop collecting fingerprint data and is responsible for creating or ending more than one sub-thread, and the sub-thread is responsible for reading the fingerprint data from the secure memory and performing fingerprint identification.
转到图4,图4示出了根据本发明的一个实施例的人脸采集及识别系统4000的架构图,其中人脸采集及识别系统4000采用多核心的方式来加速人脸识别工作。Turning to FIG. 4 , FIG. 4 shows an architecture diagram of a face collection and recognition system 4000 according to an embodiment of the present invention, wherein the face collection and recognition system 4000 adopts a multi-core approach to accelerate face recognition work.
如图4所示,可信人脸识别应用的主线程420负责通知摄像头控制程序410开始或结束图像采集工作,以及开启一个以上的子线程430、440并请求可信操作系统(Trusted OS)将子线程430、440绑定在特定CPU核心上运行。在图4所示的实施例中,可信人脸识别应用的第一子线程430被绑定在CPU1核心上,而可信人脸识别应用的第二子线程440被绑定在CPU2核心上。可信人脸识别应用的主线程420与摄像头控制程序410均位于CPU0核心上,但可信人脸识别应用的主线程420处于TEE环境中,而摄像头控制程序410处于REE环境下。As shown in FIG. 4 , the main thread 420 of the trusted face recognition application is responsible for notifying the camera control program 410 to start or end the image acquisition work, and to open more than one sub-threads 430 and 440 and request the trusted operating system (Trusted OS) to Threads 430, 440 are bound to run on specific CPU cores. In the embodiment shown in FIG. 4 , the first sub-thread 430 of the trusted face recognition application is bound to the CPU1 core, and the second sub-thread 440 of the trusted face recognition application is bound to the CPU2 core. The main thread 420 of the trusted face recognition application and the camera control program 410 are both located on the CPU0 core, but the main thread 420 of the trusted face recognition application is in the TEE environment, and the camera control program 410 is in the REE environment.
如图4所示,可信人脸识别应用包括主线程和一个以上的子线程。可信人脸识别应用的主线程420发送指令给摄像头控制程序410来开始或结束图像采集工作。摄像头硬件470负责接收摄像头控制程序410的指令,进行图像数据采集工作,并将图像数据写入图像缓冲器462。在后续操作中,可信人脸识别应用的第一子线程430和第二子线程440分别从安全内存460中的图像缓冲器462读取图像数据以便进行人脸识别。As shown in Figure 4, a trusted face recognition application includes a main thread and more than one sub-thread. The main thread 420 of the trusted face recognition application sends an instruction to the camera control program 410 to start or end the image acquisition work. The camera hardware 470 is responsible for receiving the instructions of the camera control program 410 , collecting image data, and writing the image data into the image buffer 462 . In subsequent operations, the first sub-thread 430 and the second sub-thread 440 of the trusted face recognition application respectively read image data from the image buffer 462 in the secure memory 460 for face recognition.
本领域技术人员可以理解,在另一个实施例中,上述人脸采集及识别系统4000可变更为指纹采集及识别系统。具体来说,该指纹采集及识别系统也采用多核心的方式来加速指纹识别工作。该指纹采集及识别系统包括指纹传感器控制程序、可信指纹识别应用、指纹传感器等。Those skilled in the art can understand that, in another embodiment, the above-mentioned face collection and recognition system 4000 can be changed to a fingerprint collection and recognition system. Specifically, the fingerprint collection and identification system also adopts a multi-core approach to speed up the fingerprint identification work. The fingerprint collection and identification system includes a fingerprint sensor control program, a trusted fingerprint identification application, a fingerprint sensor, and the like.
在该实施例中,可信指纹识别应用的主线程负责通知指纹传感器 控制程序开始或结束指纹采集工作,以及开启一个以上的子线程并请求可信操作系统(Trusted OS)将子线程绑定在特定CPU核心上运行。在一个实施例中,可信指纹识别应用的第一子线程被绑定在第二CPU核心上,而可信指纹识别应用的第二子线程被绑定在第三CPU核心上。可信指纹识别应用的主线程与指纹传感器控制程序均位于第一CPU核心上,但可信指纹识别应用的主线程处于TEE环境中,而指纹传感器控制程序处于REE环境下。In this embodiment, the main thread of the trusted fingerprint identification application is responsible for notifying the fingerprint sensor control program to start or end the fingerprint collection work, and to start more than one sub-thread and request the trusted operating system (Trusted OS) to bind the sub-thread to the run on a specific CPU core. In one embodiment, the first sub-thread of the trusted fingerprinting application is bound on the second CPU core, and the second sub-thread of the trusted fingerprinting application is bound on the third CPU core. The main thread of the trusted fingerprint identification application and the fingerprint sensor control program are both located on the first CPU core, but the main thread of the trusted fingerprint identification application is in the TEE environment, and the fingerprint sensor control program is in the REE environment.
也就是说,可信指纹识别应用可包括主线程和一个以上的子线程。可信指纹识别应用的主线程发送指令给指纹传感器控制程序来开始或结束指纹采集工作。指纹传感器负责接收指纹传感器控制程序的指令,进行指纹数据采集工作,并将指纹数据写入指纹缓冲器。在后续操作中,可信指纹识别应用的第一子线程和第二子线程分别从安全内存中的指纹缓冲器读取指纹数据以便进行指纹识别。That is, a trusted fingerprinting application may include a main thread and more than one sub-thread. The main thread of the trusted fingerprint identification application sends an instruction to the fingerprint sensor control program to start or end the fingerprint collection. The fingerprint sensor is responsible for receiving the instructions of the fingerprint sensor control program, collecting the fingerprint data, and writing the fingerprint data into the fingerprint buffer. In subsequent operations, the first sub-thread and the second sub-thread of the trusted fingerprint identification application respectively read fingerprint data from the fingerprint buffer in the secure memory for fingerprint identification.
参考图5,图5示出了根据本发明的一个实施例的内存移交流程5000。因为人脸识别工作需要的内存空间较大,通常安全内存空间的配置大小无法符合人脸识别应用的需求,因此在本申请的一个实施例中加入了内存移交流程,让普通内存空间可以转换为安全内存空间,使用完毕后再转换回普通内存空间。Referring to FIG. 5, FIG. 5 illustrates a memory handover process 5000 according to one embodiment of the present invention. Because the memory space required for face recognition is large, the configuration size of the secure memory space cannot generally meet the requirements of face recognition applications. Therefore, a memory handover process is added in an embodiment of the present application, so that the ordinary memory space can be converted into Safe memory space, and then converted back to normal memory space after use.
在一个实施例中,内存移交流程5000包括如下步骤:In one embodiment, the memory handover process 5000 includes the following steps:
在步骤S510中,普通操作系统配置一块普通内存空间,并取得物理地址;In step S510, a common operating system configures a common memory space, and obtains a physical address;
在步骤S520中,普通操作系统将该物理地址及内存空间大小传送给可信操作系统;以及In step S520, the normal operating system transmits the physical address and memory space size to the trusted operating system; and
在步骤S530中,可信操作系统在取得物理地址及内存空间大小后,通过内存保护单元MPU硬件将内存空间变更为安全内存。In step S530, after obtaining the physical address and the size of the memory space, the trusted operating system changes the memory space to a secure memory through the hardware of the memory protection unit MPU.
图6示出了根据本发明的一个实施例的可信人脸识别应用程序的初始化流程6000。在该初始化流程6000中,可信应用的主线程会创建一个全域图像物理地址队列,用来记录已经采集完成的图像数据所存放的物理地址。FIG. 6 shows an initialization flow 6000 of a trusted face recognition application according to an embodiment of the present invention. In the initialization process 6000, the main thread of the trusted application will create a global image physical address queue, which is used to record the physical address where the image data that has been collected is stored.
在一个实施例中,图6所示的初始化流程6000包括如下步骤:In one embodiment, the initialization process 6000 shown in FIG. 6 includes the following steps:
在步骤S610中,可信操作系统加载并启动可信人脸识别应用程序;In step S610, the trusted operating system loads and starts the trusted face recognition application;
在步骤S620中,可信人脸识别应用程序加载并初始化人脸识别AI模型;In step S620, the trusted face recognition application program loads and initializes the face recognition AI model;
在步骤S630中,可信人脸识别应用程序的主线程创建一个全域图像物理地址队列及同步锁。In step S630, the main thread of the trusted face recognition application program creates a global image physical address queue and synchronization lock.
图7示出了根据本发明的一个实施例的人脸数据采集流程7000。当可信人脸识别应用程序的主线程通知摄像头控制程序开始采集图像数据后,摄像头控制程序会将物理地址传送给摄像头硬件,再由摄像头硬件将采集的图像数据直接写入此物理地址。在完成图像数据采集后,摄像头控制程序通知可信人脸识别应用程序的主线程已经完成图像数据的采集并将物理地址传送给可信人脸识别应用程序的主线程,最后再由可信人脸识别应用程序的主线程将图像数据的物理地址写入队列中。FIG. 7 shows a face data collection process 7000 according to an embodiment of the present invention. After the main thread of the trusted face recognition application notifies the camera control program to start collecting image data, the camera control program will transmit the physical address to the camera hardware, and the camera hardware will directly write the collected image data to this physical address. After completing the image data collection, the camera control program informs the main thread of the trusted face recognition application that the collection of image data has been completed and transmits the physical address to the main thread of the trusted face recognition application, and finally the trusted face recognition application The main thread of the program writes the physical address of the image data into the queue.
具体来说,在一个实施例中,人脸数据采集流程7000包括如下步骤:Specifically, in one embodiment, the face data collection process 7000 includes the following steps:
在步骤S710中,可信人脸识别应用程序的主线程通过摄像头控制程序开始采集图像/影像;In step S710, the main thread of the trusted face recognition application program starts to collect images/images through the camera control program;
在步骤S720中,摄像头控制程序开启并控制摄像头硬件拍摄一张照片,并由摄像头硬件直接将数据写入图像缓冲器;In step S720, the camera control program is turned on and controls the camera hardware to take a photo, and the camera hardware directly writes the data into the image buffer;
在步骤S730中,摄像头控制程序通知可信人脸识别应用程序的主线程,并将图像/影像数据的物理地址传送给可信人脸识别应用程序的主线程;In step S730, the camera control program notifies the main thread of the trusted face recognition application, and transmits the physical address of the image/image data to the main thread of the trusted face recognition application;
在步骤S740中,摄像头控制程序判断是否收到可信人脸识别应用程序停止采集的通知;如果是,则执行步骤S750,否则执行步骤S720;In step S740, the camera control program determines whether it has received a notification that the trusted face recognition application stops collecting; if so, execute step S750, otherwise execute step S720;
在步骤S750中,摄像头控制程序控制摄像头硬件停止采集并关闭摄像头硬件。In step S750, the camera control program controls the camera hardware to stop capturing and closes the camera hardware.
上述实施例的人脸数据采集流程7000也可应用在指纹数据采集上。在另一个实施例中,指纹数据采集流程包括:(1)可信指纹识别应用程序的主线程通过指纹传感器控制程序开始采集指纹;(2)指纹传感器控制程序开启并控制指纹传感器获取一个指纹,并由指纹传感器直接将数据写入指纹缓冲器;(3)指纹传感器控制程序通知可信指纹识别应用程序的主线程,并将指纹数据的物理地址传送给可信指纹识别应用程序的主线程;(4)指纹传感器控制程序判断是否收到可信指纹识别应用程序停止采集的通知;如果是,则执行接下来的步骤5,否则执行前述步骤2;(5)指纹传感器控制程序控制指纹传感器停止采集指纹并关闭指纹传感器。The face data collection process 7000 in the above embodiment can also be applied to fingerprint data collection. In another embodiment, the fingerprint data collection process includes: (1) the main thread of the trusted fingerprint identification application program starts to collect fingerprints through the fingerprint sensor control program; (2) the fingerprint sensor control program starts and controls the fingerprint sensor to acquire a fingerprint, And the fingerprint sensor directly writes the data into the fingerprint buffer; (3) the fingerprint sensor control program notifies the main thread of the trusted fingerprint identification application program, and transmits the physical address of the fingerprint data to the main thread of the trusted fingerprint identification application program; (4) The fingerprint sensor control program judges whether it receives a notification that the trusted fingerprint identification application program stops collecting; if so, execute the next step 5, otherwise execute the aforementioned step 2; (5) The fingerprint sensor control program controls the fingerprint sensor to stop Capture your fingerprint and turn off the fingerprint sensor.
图8示出了根据本发明的一个实施例的可信人脸识别应用程序的人脸识别流程8000。图8的人脸识别流程8000通过运用多CPU核心来加速人脸识别工作。在人脸识别流程8000中,通过ARM TrustZone硬件技术支持,在TEE中使用多CPU核心运行人脸识别的方法。ARM TrustZone硬件技术实现了硬件级别的安全保护机制,让整个系统在逻辑上分成REE跟TEE两个执行环境,当CPU核心切换到REE时,在此CPU核心上运行的软件就只允许存取REE环境可以存取硬件资 源,相反的,运行在TEE执行环境上的软件,才可以存取TEE执行环境相关的硬件资源。FIG. 8 shows a face recognition process 8000 of a trusted face recognition application according to an embodiment of the present invention. The face recognition process 8000 of FIG. 8 accelerates face recognition work by utilizing multiple CPU cores. In the face recognition process 8000, with the support of ARM TrustZone hardware technology, the method of using multiple CPU cores to run face recognition in TEE. ARM TrustZone hardware technology implements a hardware-level security protection mechanism, so that the entire system is logically divided into two execution environments: REE and TEE. When the CPU core switches to REE, the software running on this CPU core is only allowed to access REE. The environment can access hardware resources. On the contrary, software running on the TEE execution environment can access the hardware resources related to the TEE execution environment.
每一个CPU核心都可以在REE跟TEE之间切换。在图8的实施例中,通过让摄像头控制程序与可信人脸识别应用程序的主线程运行在同一个CPU核心上,可信人脸识别应用程序的子线程则分别运行在其他CPU核心上,这样能达到最佳的平行化处理多张图像数据的效能。Each CPU core can switch between REE and TEE. In the embodiment of FIG. 8 , the camera control program and the main thread of the trusted face recognition application run on the same CPU core, and the sub-threads of the trusted face recognition application run on other CPU cores respectively, so that It can achieve the best performance of parallel processing multiple image data.
另外,在可信人脸识别应用程序中存放图像数据物理地址的队列只有一份,因此要让多个可信人脸识别应用程序的子线程共同读取就必须加入同步锁的机制,以确保不同的子线程不会拿到相同的物理地址,造成编程逻辑上的错误。In addition, there is only one queue for storing the physical address of image data in the trusted face recognition application. Therefore, in order to allow the sub-threads of multiple trusted face recognition applications to read together, a synchronization lock mechanism must be added to ensure that different Child threads will not get the same physical address, causing programming logic errors.
在一个实施例中,可信人脸识别应用程序的人脸识别流程8000包括如下步骤:In one embodiment, the face recognition process 8000 of the trusted face recognition application includes the following steps:
在步骤S810中,可信人脸识别应用程序的主线程创建一个或多个子线程,并运行在不同CPU核心上;In step S810, the main thread of the trusted face recognition application program creates one or more sub-threads and runs on different CPU cores;
在步骤S820中,可信人脸识别应用程序的子线程等待图像数据;In step S820, the child thread of the trusted face recognition application waits for image data;
在步骤S830中,可信人脸识别应用程序的子线程确定是否取得同步锁;若是,则执行步骤S840,否则返回到步骤S820;In step S830, the sub-thread of the trusted face recognition application program determines whether to acquire the synchronization lock; if so, execute step S840, otherwise return to step S820;
在步骤S840中,可信人脸识别应用程序的子线程进一步确定队列中是否有地址;若是,则执行步骤S850,否则返回步骤S820;In step S840, the sub-thread of the trusted face recognition application program further determines whether there is an address in the queue; if so, executes step S850, otherwise returns to step S820;
在步骤S850中,可信人脸识别应用程序的子线程从队列中取得一个物理地址,并依据该物理地址从图像缓冲器将图像数据读取出来;In step S850, the sub-thread of the trusted face recognition application program obtains a physical address from the queue, and reads out the image data from the image buffer according to the physical address;
在步骤S860中,可信人脸识别应用程序的子线程通过AI模型进行人脸侦测、特征截取及人脸比对工作;In step S860, the sub-thread of the trusted face recognition application performs face detection, feature extraction and face comparison through the AI model;
在步骤S870中,可信人脸识别应用程序的子线程判定人脸比对是否成功;若是,则继续执行步骤S880,否则返回步骤S820;以及In step S870, the sub-thread of the trusted face recognition application program determines whether the face comparison is successful; if so, proceed to step S880, otherwise return to step S820; and
在步骤S880中,可信人脸识别应用程序的子线程通知主线程比对成功并结束该流程。In step S880, the sub-thread of the trusted face recognition application notifies the main thread that the comparison is successful and ends the process.
在另一个实施例中,可信指纹识别应用程序的指纹识别流程可包括如下步骤:(1)可信指纹识别应用程序的主线程创建一个或多个子线程,并运行在不同CPU核心上;(2)可信指纹识别应用程序的子线程等待指纹数据;(3)可信指纹识别应用程序的子线程确定是否取得同步锁;若是,则执行步骤4,否则返回到步骤2;(4)可信指纹识别应用程序的子线程进一步确定队列中是否有地址;若是,则执行步骤5,否则返回步骤2;(5)可信指纹识别应用程序的子线程从队列中取得一个物理地址,并依据该物理地址从指纹缓冲器将指纹数据读取出来;(6)可信指纹识别应用程序的子线程通过AI模型进行指纹侦测、特征截取及指纹比对工作;(7)可信指纹识别应用程序的子线程判定指纹比对是否成功;若是,则继续执行步骤8,否则返回步骤2;(8)可信指纹识别应用程序的子线程通知主线程比对成功并结束该流程。In another embodiment, the fingerprint identification process of the trusted fingerprint identification application may include the following steps: (1) the main thread of the trusted fingerprint identification application creates one or more sub-threads and runs on different CPU cores; ( 2) The sub-thread of the trusted fingerprint identification application program waits for the fingerprint data; (3) the sub-thread of the trusted fingerprint identification application program determines whether to obtain the synchronization lock; if so, execute step 4, otherwise return to step 2; (4) can The sub-thread of the trusted fingerprint identification application program further determines whether there is an address in the queue; if so, execute step 5, otherwise return to step 2; (5) the sub-thread of the trusted fingerprint identification application program obtains a physical address from the queue, and according to The physical address reads the fingerprint data from the fingerprint buffer; (6) The sub-thread of the trusted fingerprint identification application performs fingerprint detection, feature interception and fingerprint comparison through the AI model; (7) The trusted fingerprint identification application The sub-thread of the program determines whether the fingerprint comparison is successful; if so, continue to execute step 8, otherwise return to step 2; (8) The sub-thread of the trusted fingerprint identification application informs the main thread that the comparison is successful and ends the process.
综上,本发明的实施例的可信应用的控制方法以及可信应用设备通过与处于REE(Rich Execution Environment,普通执行环境)中的关联外设应用进行通信,使得该关联外设应用控制相应的操作装置将敏感数据写入处于TEE中的安全内存,而处于TEE中的可信应用从该安全内存中读取敏感数据来进行后续处理,这实现了敏感数据的安全采集(获取)与处理。另外,可信应用与关联外设应用处于同一CPU核心,但分属于不同执行环境(可信应用处于可信执行环境中,而外设应用处于普通执行环境),这样可有助于在保证安全性的前提下节约CPU核心的使用,即节省硬件开销。最后,TEE环境中安全内存的一部分空间经由普通执行环境中的内存空间变更而得,这解决了 TEE环境内存空间不足的问题。To sum up, the method for controlling a trusted application and the trusted application device according to the embodiments of the present invention communicate with the associated peripheral application in the REE (Rich Execution Environment, common execution environment), so that the associated peripheral application controls the corresponding peripheral application. The operating device writes sensitive data into the secure memory in the TEE, and the trusted application in the TEE reads the sensitive data from the secure memory for subsequent processing, which realizes the secure collection (acquisition) and processing of sensitive data . In addition, the trusted application and the associated peripheral application are in the same CPU core, but belong to different execution environments (the trusted application is in the trusted execution environment, while the peripheral application is in the normal execution environment), which can help ensure security It saves the use of CPU cores under the premise of stability, that is, saves hardware overhead. Finally, a part of the secure memory space in the TEE environment is obtained by changing the memory space in the normal execution environment, which solves the problem of insufficient memory space in the TEE environment.
尽管以上说明书只对其中一些本发明的实施方式进行了描述,但是本领域普通技术人员应当了解,本发明可以在不偏离其主旨与范围内以许多其他的形式实施。例如,摄像头控制程序与可信人脸识别应用程序在传送图像数据物理地址的实现上可以改用句柄(Handle)来代替,摄像头控制程序与可信人脸识别应用程序可利用句柄(Handle)分别再向常规操作系统(Rich OS)及可信操作系统(Trusted OS)查询相对应的内存物理地址。因此,所展示的例子与实施方式被视为示意性的而非限制性的,在不脱离如所附各权利要求所定义的本发明精神及范围的情况下,本发明可能涵盖各种的修改与替换。Although the foregoing specification describes only some of these embodiments of the present invention, those of ordinary skill in the art will appreciate that the present invention may be embodied in many other forms without departing from the spirit and scope thereof. For example, the camera control program and the trusted face recognition application can use the handle instead of the handle in the implementation of the physical address of the transmitted image data, and the camera control program and the trusted face recognition application can use the handle to send the The conventional operating system (Rich OS) and the trusted operating system (Trusted OS) query the corresponding memory physical address. Accordingly, the examples and embodiments shown are to be regarded as illustrative and not restrictive, and various modifications are possible within the present invention without departing from the spirit and scope of the invention as defined by the appended claims. with replacement.

Claims (29)

  1. 一种可信应用的控制方法,其特征在于,所述方法包括:A control method for trusted applications, characterized in that the method comprises:
    可信应用发送指令给与所述可信应用关联的外设应用,使得所述外设应用控制操作装置将敏感数据写入安全内存;以及The trusted application sends an instruction to a peripheral application associated with the trusted application, so that the peripheral application controls the operating device to write sensitive data into the secure memory; and
    所述可信应用从所述安全内存读取所述敏感数据,其中,所述可信应用处于第一CPU核心的可信执行环境,而所述外设应用处于所述第一CPU核心的普通执行环境,所述安全内存中的一部分空间经由所述普通执行环境中的内存空间变更而得。The trusted application reads the sensitive data from the secure memory, wherein the trusted application is in the trusted execution environment of the first CPU core, and the peripheral application is in the normal execution environment of the first CPU core. In an execution environment, a part of the space in the secure memory is obtained by changing the memory space in the normal execution environment.
  2. 如权利要求1所述的方法,其中,所述可信应用为可信人脸识别应用程序,所述外设应用为摄像头控制程序,且所述操作装置为摄像头。The method of claim 1, wherein the trusted application is a trusted face recognition application, the peripheral application is a camera control program, and the operating device is a camera.
  3. 如权利要求2所述的方法,其中,所述可信人脸识别应用程序包括主线程和一个以上的子线程。The method of claim 2, wherein the trusted face recognition application includes a main thread and more than one sub-thread.
  4. 如权利要求3所述的方法,其中,可信应用发送指令给与所述可信应用关联的外设应用包括:The method of claim 3, wherein the trusted application sending an instruction to a peripheral application associated with the trusted application comprises:
    所述可信人脸识别应用程序的主线程发送指令给所述摄像头控制程序来开始或结束图像采集工作。The main thread of the trusted face recognition application program sends an instruction to the camera control program to start or end the image acquisition work.
  5. 如权利要求4所述的方法,其中,所述可信应用从所述安全内存读取所述敏感数据包括:The method of claim 4, wherein the trusted application reading the sensitive data from the secure memory comprises:
    所述可信人脸识别应用的第一子线程和第二子线程分别从所述安全内存中的图像缓冲器读取图像数据以便进行人脸识别,其中,所述第一子线程运行在第二CPU核心的可信执行环境中,而所述第二子线程运行在第三CPU核心的可信执行环境中。The first sub-thread and the second sub-thread of the trusted face recognition application respectively read image data from the image buffer in the secure memory for face recognition, wherein the first sub-thread runs in the second sub-thread. In the trusted execution environment of the CPU core, the second sub-thread runs in the trusted execution environment of the third CPU core.
  6. 如权利要求5所述的方法,其中,所述第一子线程和所述第二 子线程由所述可信人脸识别应用程序的主线程开启。The method of claim 5, wherein the first sub-thread and the second sub-thread are started by a main thread of the trusted face recognition application.
  7. 如权利要求1所述的方法,还包括:The method of claim 1, further comprising:
    所述可信应用在被启动后,所述可信应用的主线程加载并初始化操作模型。After the trusted application is started, the main thread of the trusted application loads and initializes the operation model.
  8. 如权利要求1或7所述的方法,还包括:The method of claim 1 or 7, further comprising:
    所述可信应用的主线程创建物理地址队列和同步锁。The main thread of the trusted application creates a physical address queue and a synchronization lock.
  9. 如权利要求8所述的方法,还包括:The method of claim 8, further comprising:
    所述可信应用的主线程从所述外设应用接收敏感数据采集完成的通知以及所述敏感数据被写入的地址。The main thread of the trusted application receives from the peripheral application a notification of completion of collection of sensitive data and an address where the sensitive data is written.
  10. 如权利要求9所述的方法,还包括:The method of claim 9, further comprising:
    所述可信应用的主线程将所述地址写入所述物理地址队列中。The main thread of the trusted application writes the address into the physical address queue.
  11. 如权利要求10所述的方法,其中,所述可信应用从所述安全内存读取所述敏感数据包括:The method of claim 10, wherein the trusted application reading the sensitive data from the secure memory comprises:
    所述可信应用的子线程在取得所述同步锁后才从所述物理地址队列中读取所述敏感数据被写入的地址。The child thread of the trusted application reads the address to which the sensitive data is written from the physical address queue after acquiring the synchronization lock.
  12. 如权利要求11所述的方法,其中,所述可信应用从所述安全内存读取所述敏感数据还包括:The method of claim 11, wherein the trusted application reading the sensitive data from the secure memory further comprises:
    所述可信应用的子线程依据所述地址从所述安全内存读取所述敏感数据。The child thread of the trusted application reads the sensitive data from the secure memory according to the address.
  13. 如权利要求7所述的方法,还包括:The method of claim 7, further comprising:
    所述可信应用的子线程通过所述操作模型进行人脸侦测、特征截取以及人脸对比。The sub-thread of the trusted application performs face detection, feature extraction and face comparison through the operation model.
  14. 如权利要求13所述的方法,还包括:The method of claim 13, further comprising:
    所述可信应用的子线程通知所述主线程关于人脸比对的结果。The sub-thread of the trusted application notifies the main thread of the result of the face comparison.
  15. 如权利要求8所述的方法,还包括:The method of claim 8, further comprising:
    所述可信应用的主线程从所述外设应用接收句柄,所述句柄与所述敏感数据被写入的地址一一对应。The main thread of the trusted application receives a handle from the peripheral application, and the handle corresponds one-to-one with the address where the sensitive data is written.
  16. 如权利要求1所述的方法,其中,所述安全内存中的一部分空间在使用完毕后被转换回所述普通执行环境中的内存空间。The method of claim 1, wherein a part of the space in the secure memory is converted back to the memory space in the normal execution environment after use.
  17. 一种可信应用设备,其特征在于,所述设备包括:A trusted application device, characterized in that the device includes:
    发送单元,用于发送指令给与所述可信应用关联的外设应用,使得所述外设应用控制操作装置将敏感数据写入安全内存;以及a sending unit, configured to send an instruction to a peripheral application associated with the trusted application, so that the peripheral application controls the operating device to write sensitive data into a secure memory; and
    读取单元,用于从所述安全内存读取所述敏感数据,其中,所述可信应用设备处于第一CPU核心的可信执行环境,而所述外设应用处于所述第一CPU核心的普通执行环境,所述安全内存中的一部分空间经由所述普通执行环境中的内存空间变更而得。a reading unit, configured to read the sensitive data from the secure memory, wherein the trusted application device is located in the trusted execution environment of the first CPU core, and the peripheral application is located in the first CPU core In the general execution environment, a part of the space in the secure memory is obtained by changing the memory space in the general execution environment.
  18. 如权利要求17所述的设备,其中,所述外设应用为摄像头控制程序,所述操作装置为摄像头。The device of claim 17, wherein the peripheral application is a camera control program, and the operating device is a camera.
  19. 如权利要求18所述的设备,其中,所述发送单元配置成发送指令给所述摄像头控制程序来开始或结束图像采集工作。The apparatus of claim 18, wherein the sending unit is configured to send an instruction to the camera control program to start or end the image acquisition work.
  20. 如权利要求19所述的设备,其中,所述读取单元包括第一读取子单元和第二读取子单元,其分别从所述安全内存中的图像缓冲器读取图像数据以便进行人脸识别,其中,所述第一读取子单元运行在第二CPU核心的可信执行环境中,而所述第二读取子单元运行在第三CPU核心的可信执行环境中。20. The apparatus of claim 19, wherein the reading unit includes a first reading subunit and a second reading subunit, which respectively read image data from an image buffer in the secure memory for human Face recognition, wherein the first reading subunit runs in the trusted execution environment of the second CPU core, and the second reading subunit runs in the trusted execution environment of the third CPU core.
  21. 如权利要求17所述的设备,还包括:The apparatus of claim 17, further comprising:
    加载单元,用于加载并初始化操作模型。Loading unit, used to load and initialize the operation model.
  22. 如权利要求17或21所述的设备,还包括:The apparatus of claim 17 or 21, further comprising:
    创建单元,用于创建物理地址队列和同步锁。Creation unit for creating physical address queues and synchronization locks.
  23. 如权利要求22所述的设备,还包括:The apparatus of claim 22, further comprising:
    接收单元,用于从所述外设应用接收敏感数据采集完成的通知以及所述敏感数据被写入的地址。A receiving unit, configured to receive a notification of completion of collection of sensitive data and an address to which the sensitive data is written from the peripheral application.
  24. 如权利要求23所述的设备,还包括:The apparatus of claim 23, further comprising:
    写入单元,用于将所述地址写入所述物理地址队列中。a writing unit, configured to write the address into the physical address queue.
  25. 如权利要求24所述的设备,其中,所述读取单元配置成在取得所述同步锁后才从所述物理地址队列中读取所述敏感数据被写入的地址。25. The apparatus of claim 24, wherein the read unit is configured to read the address to which the sensitive data is written from the physical address queue after the synchronization lock is acquired.
  26. 如权利要求25所述的设备,其中,所述读取单元还配置成依据所述地址从所述安全内存读取所述敏感数据。26. The apparatus of claim 25, wherein the read unit is further configured to read the sensitive data from the secure memory according to the address.
  27. 如权利要求17所述的设备,其中,所述安全内存中的一部分空间在使用完毕后被转换回所述普通执行环境中的内存空间。18. The apparatus of claim 17, wherein a portion of the secure memory is converted back to memory space in the normal execution environment after use.
  28. 一种计算机存储介质,其特征在于,所述介质包括指令,所述指令在运行时执行如权利要求1至16中任一项所述的方法。A computer storage medium, characterized in that the medium includes instructions that, when executed, perform the method of any one of claims 1 to 16 .
  29. 一种智能终端,其特征在于,所述智能终端包括如权利要求17至27中任一项所述的可信应用设备。An intelligent terminal, characterized in that, the intelligent terminal includes the trusted application device according to any one of claims 17 to 27.
PCT/CN2021/116919 2020-12-10 2021-09-07 Trusted application control method, apparatus, computer storage medium, and terminal WO2022121395A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011435190.1 2020-12-10
CN202011435190.1A CN113051572A (en) 2020-12-10 2020-12-10 Control method and device of trusted application, computer storage medium and terminal

Publications (1)

Publication Number Publication Date
WO2022121395A1 true WO2022121395A1 (en) 2022-06-16

Family

ID=76508052

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/116919 WO2022121395A1 (en) 2020-12-10 2021-09-07 Trusted application control method, apparatus, computer storage medium, and terminal

Country Status (3)

Country Link
CN (1) CN113051572A (en)
TW (1) TW202223704A (en)
WO (1) WO2022121395A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113051572A (en) * 2020-12-10 2021-06-29 中国银联股份有限公司 Control method and device of trusted application, computer storage medium and terminal
CN115982708A (en) * 2021-10-15 2023-04-18 Oppo广东移动通信有限公司 Image processing method, device, equipment and storage medium
CN116226870B (en) * 2023-05-06 2023-09-26 北京清智龙马科技有限公司 Security enhancement system and method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109558211A (en) * 2018-11-27 2019-04-02 上海瓶钵信息科技有限公司 The method for protecting the interaction integrality and confidentiality of trusted application and common application
CN109992992A (en) * 2019-01-25 2019-07-09 中国科学院数据与通信保护研究教育中心 A kind of believable protecting sensitive data method and system
CN110245001A (en) * 2019-05-05 2019-09-17 阿里巴巴集团控股有限公司 Data isolation method and device, electronic equipment
CN113051572A (en) * 2020-12-10 2021-06-29 中国银联股份有限公司 Control method and device of trusted application, computer storage medium and terminal

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106547633B (en) * 2016-10-19 2019-12-31 沈阳微可信科技有限公司 Multi-channel communication system and electronic device
CN109426742B (en) * 2017-08-23 2022-04-22 深圳市中兴微电子技术有限公司 Trusted execution environment-based dynamic management system and method for secure memory
CN109086100B (en) * 2018-07-26 2020-03-31 中国科学院信息工程研究所 High-security credible mobile terminal security system architecture and security service method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109558211A (en) * 2018-11-27 2019-04-02 上海瓶钵信息科技有限公司 The method for protecting the interaction integrality and confidentiality of trusted application and common application
CN109992992A (en) * 2019-01-25 2019-07-09 中国科学院数据与通信保护研究教育中心 A kind of believable protecting sensitive data method and system
CN110245001A (en) * 2019-05-05 2019-09-17 阿里巴巴集团控股有限公司 Data isolation method and device, electronic equipment
CN113051572A (en) * 2020-12-10 2021-06-29 中国银联股份有限公司 Control method and device of trusted application, computer storage medium and terminal

Also Published As

Publication number Publication date
TW202223704A (en) 2022-06-16
CN113051572A (en) 2021-06-29

Similar Documents

Publication Publication Date Title
WO2022121395A1 (en) Trusted application control method, apparatus, computer storage medium, and terminal
US11461146B2 (en) Scheduling sub-thread on a core running a trusted execution environment
JP5976564B2 (en) Security enhanced computer system and method
US11537699B2 (en) Authentication techniques in response to attempts to access sensitive information
WO2016110101A1 (en) Fingerprint authentication method and device, intelligent terminal, and computer storage medium
JP4884627B2 (en) Detachable active personal storage device, system and method
TWI633443B (en) Computer-implemented method, system and computer program product for user identity attestation in mobile commerce
TWI686723B (en) Smart Security Storage
EP1993058A1 (en) System and method of providing security to an external device
US20120254602A1 (en) Methods, Systems, and Apparatuses for Managing a Hard Drive Security System
US8918652B2 (en) System and method for BIOS and controller communication
CN109086620B (en) Physical isolation dual-system construction method based on mobile storage medium
US8539246B2 (en) Secure resume for encrypted drives
US20150363763A1 (en) Mobile Information Apparatus That Includes A Secure Element Storing Payment Information And Using A Cryptographic Technique For Implementing Mobile Payment
US20240143802A1 (en) Protection of communications between trusted execution environment and hardware accelerator utilizing enhanced end-to-end encryption and inter-context security
US20090089588A1 (en) Method and apparatus for providing anti-theft solutions to a computing system
US20170289153A1 (en) Secure archival and recovery of multifactor authentication templates
KR20210127278A (en) Storage device, and data disposal method thereof
EP3543938B1 (en) Authentication of a transaction card using a multimedia file
US20220261570A1 (en) Authentication of user information handling system through stylus
US12019907B2 (en) Storage device including memory controller, and non-volatile memory system including the same and operating method thereof
US11347859B2 (en) Systems and methods for leveraging authentication for cross operating system single sign on (SSO) capabilities
US11394707B2 (en) Clamshell device authentication operations
KR102038551B1 (en) Login to a computing device based on facial recognition
TW202203056A (en) Method for authentication data transmission and system thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21902103

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21902103

Country of ref document: EP

Kind code of ref document: A1