CN105260663B - A kind of safe storage service system and method based on TrustZone technologies - Google Patents

A kind of safe storage service system and method based on TrustZone technologies Download PDF

Info

Publication number
CN105260663B
CN105260663B CN201510586671.5A CN201510586671A CN105260663B CN 105260663 B CN105260663 B CN 105260663B CN 201510586671 A CN201510586671 A CN 201510586671A CN 105260663 B CN105260663 B CN 105260663B
Authority
CN
China
Prior art keywords
data
common applications
trusted application
interface
storage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201510586671.5A
Other languages
Chinese (zh)
Other versions
CN105260663A (en
Inventor
田琛
王雅哲
徐震
蔡智强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201510586671.5A priority Critical patent/CN105260663B/en
Publication of CN105260663A publication Critical patent/CN105260663A/en
Application granted granted Critical
Publication of CN105260663B publication Critical patent/CN105260663B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

A kind of safe storage service system and method based on TrustZone technologies, including data demand module, common applications, safe storage service, trusted application;Data demand module is responsible for the encapsulation and calling that data safety storage service is asked between common applications and trusted application, and the service request interface of unified data storage, data loading and data destroying is provided for common applications;Safe storage service includes legitimacy detection module, data processing module and key management module.Present invention aims to support the application program on the terminal device of TrustZone technologies to provide unified data safety memory interface, both solved the safe storage problem of application program sensitive data, and ensured the convenience of application development again.

Description

A kind of safe storage service system and method based on TrustZone technologies
Technical field
The present invention relates to a kind of safe storage service system and method based on TrustZone technologies, belong to mobile terminal The data safety field of storage of equipment.
Background technology
With the fast development of development of Mobile Internet technology and mobile intelligent terminal, the business of mobile terminal processing is from traditional Communication, entertainment field extend to the high safeties such as mobile office, mobile payment, high sensitive traffic field.Mobile terminal needs to handle Increasing sensitive data, including user account information, individual privacy information, pay invoice information, enterprise's secret file etc.. How effective security that must ensure sensitive data on mobile terminal, which becomes mobile terminal device, is carried out high safety, high sensitive industry The a great problem that business faces.
Common solution is that sensitive data is encrypted by high intensity cryptographic algorithm, and encryption data is stored in into movement In the file system of operating system, and the access of data file encryption is limited using the mechanism of authorization control of operating system, from And realize the safety storage of sensitive data.But the complexity and opening due to traditional mobile terminal operating system make it can not The running environment of safety is created, operating system itself and application program are easily subject to malicious attack.When malicious application is attacked After valid application, the encryption data being stored in file system is accessed with the identity of valid application, and pass through corresponding decryption logic Sensitive data is obtained, causes sensitive data to be stolen.Part terminal user is in order to obtain more preferable experience simultaneously Brush machine is carried out to equipment, it is all to sensitive data in system after malicious application obtains the highest authority of Mobile operating system Protection will can be sayed without security.In addition, sensitive data is stored encrypted in generic file system, there is also by unauthorised broken Cause the risk of Denial of Service attack.Therefore traditional solution security is not high enough, it is difficult to really efficiently solves application The safe storage problem of program sensitive data.
In order to fundamentally solve the safe storage problem of application program for mobile terminal sensitive data, it is necessary to from bottom hardware The total solution of multiple ring layout software and hardware combinings such as framework, operating system.ARM TrustZone hardware isolated technologies It is proposed with credible performing environment (TEE) concept brings new thinking to solve this problem.Based on ARM TrustZone technologies The application program for being related to sensitive data can be divided into common applications and trusted application by the credible performing environment of structure, It is most of non-that common applications operate in common performing environment (such as traditional Linux system, Android operation system) processing Sensitive traffic.Trusted application operates in credible performing environment and handles sensitive traffic.Common performing environment and credible execution Environment is mutually isolated, ensure that the security of trusted application processing sensitive data.
Although TrustZone technologies provide the runtime environment and thing of security isolation for application program processing sensitive data Environment is managed, but TrustZone technologies are not defined the technical standard on data safety storage, based on TrustZone skills Art realizes that data safety storage still faces following problem:How to be developed for trusted application exploitation and common applications Unified secure storage interfaces are provided;How the common applications asked sending data safety storage do legitimacy detection.
The content of the invention
The technology of the present invention solves problem:A kind of overcome the deficiencies in the prior art, there is provided peace based on TrustZone technologies Full storage service system and method, prevent sensitive data from revealing, so that effectively assuring data security, has data storage high The advantages such as security, the unification of program development interface.
The technology of the present invention solution is:A kind of safe storage service system and method based on TrustZone technologies, under The basic thought of lower this programme is briefly introduced in face, and the present invention is on the basis for drawing existing solution advantage, it is proposed that from Oneself design philosophy, specifically, system of the invention include following several aspects:
Aspect one, safe storage service is run on to the SOS of credible performing environment in the form of background service In.The safe storage service refers to after the completion of credible performing environment initializes, and is responsible for static loading by SOS And in the trusted application of running background.According to function classification by safe storage service be divided into data storage, data loading and The class function of data destroying three.Data storage function realizes encryption to sensitive data and signature, and by encryption data and number of signature According to being stored in the nonvolatile storage of credible performing environment;Data loading function is realized deposits from the non-volatile of credible performing environment Encryption data is loaded in reservoir and decrypts sensitive data;Data destroying function realizes the non-volatile memory from credible performing environment Encryption data and signed data are removed in device.
The data processing module of safe storage service provides the unified long-range tune of data safety storage for trusted application With interface, including data storage calling interface, data loading calling interface and data destroying calling interface.The far call is Refer to the telecommunication mode between trusted application in credible performing environment, trusted application is sent to data processing module Far call is routed to corresponding data safety storage far call interface, performed corresponding by far call, SOS Data safety storage operation, and operating result is back to trusted application.
Aspect two, data demand module is provided for common applications.The data demand module is by volume of data The shared library that safe storage service request interface is formed, including data storage request interface, data load requests interface and data Destroy request interface.Each call request interface defines corresponding call request number.Common applications call request of data mould After block interface, data safety storage is sent to trusted application eventually through the credible performing environment communication agents of TrustZone Service request.After trusted application receives service request, long-range adjust is initiated to safe storage service according to call request number With performing the storage operation of corresponding data safety.
Aspect three, the calling that the credible performing environment based on TrustZone technologies is not initiated common performing environment please The related validation criteria of definition is sought, the rogue program of common performing environment may forge tune by attacking legal common applications Call request is initiated to trusted application with request or the legal common applications that directly disguise oneself as, it is sensitive so as to exist The risk of leaking data.Based on this problem, an important aspect of the invention is to ensure the premise to operating system minimal modifications Under, it is legal when being run in credible performing environment to the common applications for sending the request of data safety storage service to realize Property detection.It implements the legitimacy detection module dependent on safe storage service, data demand module in code realization Specially treated and common applications feature information extraction and storage.
A kind of safe storage service implementation method based on TrustZone technologies, realizes that step is as follows:
(1) data demand module is realized for common applications, while characteristic information is extracted for common applications, used Third party's CA certificate is signed to characteristic information, and by the storage of characteristic information signature value into corresponding trusted application.Commonly Application program is serviced by calling the data safety storage service request interface of data demand module to be sent to trusted application Request;
(2) when common applications call data demand module interface, normal operating system utilizes software interrupt exception machine System captures the trusted application indications of its progress information and request, and process exception information and trusted application are indicated Symbol is sent to the TrustZone monitors of credible performing environment, and the legal of safe storage service is called by TrustZone monitors Property detection module complete to detect the legitimacy of common applications process.
(3) legitimacy detection module obtains the process exception information and trusted application indications of common applications Afterwards, the characteristic information signature of common applications is loaded from trusted application, and is entered according to the common applications of capture Journey information and characteristic information are signed and common applications are carried out with legitimacy detection, last to be answered according to testing result to be currently common With program process, detection state flag bit is set.
(4) after trusted application receives the data safety storage service request of common applications, to common application journey The initial data of sequence request completes data prediction operation, and is performed accordingly by far call mode request data processing module Data safety storage operation.
(5) SOS is responsible for handling the far call that trusted application is initiated to data processing module, safety Far call is routed to data processing module and performs corresponding data safety by operating system stores far call interface.Data Safety storage far call interface needs to detect the detection state flag bit of common applications process before execution.If detection is lost Lose, then refuse the far call that trusted application is initiated;If detection passes through, data safety storage far call interface will assist It is that trusted application performs corresponding data safety storage operation with key management module.
In the step (1), data safety storage service request interface includes:Data storage request interface, data loading Request interface and data destroying request interface.Data demand module is the unique call request number of each module interface definitions.
In the step (1), the characteristic informations of common applications be one section can be with uniquely tagged common applications Information;Characteristic information by third party's CA certificate sign and be stored in trusted application be used for common applications legitimacy Detection.
In the step (2), when common applications call data demand module interface, in order that normal operating system is caught The software interrupt for obtaining its process is abnormal, it is necessary to carry out specially treated to data demand module interface in code aspect:Each Insertion software interrupt instruction SWI before the first Codabar code instruction of request interface, and define new software interrupt number;Simultaneously in guarantee pair On the premise of operating system minimal modifications, the interrupt handling logic of new software interrupt number is added for normal operating system, for catching Obtain the process exception information of common applications and send process exception information to credible performing environment.
In the step (3), legitimacy detection calculates spy during operation by the process exception information of common applications Value indicative and compared with being stored in the characteristic value in trusted application, judge that common applications are entered further according to comparative result The legitimacy of journey.
In the step (4), data prediction operation refers to that trusted application initiates long-range adjust to safe storage service With preceding, some necessary processing are carried out to the initial data of common applications request and operated.For example, common applications are from remote Journey server downloads a classified papers, and classified papers content is actual by trusted application and the shared key of remote server Encryption, after trusted application receives the call request of common applications storage file, it is necessary first to answered using credible The file content of encryption is decrypted with program and the shared key of remote server, then again by far call data at Manage module and secure storage operations are performed to the file content after decryption.
In the step (5), data safety storage far call interface includes:Data storage calling interface, data loading Calling interface and data destroying calling interface.Data safety stores far call interface before execution, it is necessary to judge by legitimacy The detection state flag bit of detection module setting, to decide whether to perform corresponding data safety storage behaviour for trusted application Make.The data safety storage operation includes:Data storage operations, data loading operations and data destroying operation.
The present invention compared with prior art, has advantages below:
(1) data safety is stored using TrustZone isolation technologies and is isolated in credible performing environment as sensitive traffic SOS in, and unified far call interface is provided for trusted application in the form of services, even if commonly Operating system is attacked, and still can ensure the security of safe storage service.
(2) in normal operating system, unified data safety is provided for common applications by data demand module Storage service request interface;And on the basis of traditional TrustZone isolation technologies, in the software with reference to normal operating system The common applications that the legitimacy detection module of off line system and safe storage service is asked sending data safety storage service Process carry out legitimacy detection.
(3) sensitive data of safe storage service storage is by encrypting and being deposited after trusted application certificate signature certification It is placed in the nonvolatile memory in credible performing environment, had both ensure that sensitive data is isolated with normal operating system, was also protected Isolation of the sensitive data between trusted application is demonstrate,proved.
(4) encryption and decryption key during safe storage service access sensitive data is managed collectively and stored by safe storage service In nonvolatile memory in credible performing environment, it both ensure that data key was isolated with normal operating system, also realized The transparency of the encryption and decryption operation to application program.
In summary, the present invention compares more traditional data encryption storage mode, not only increases the safety of data storage Property, while unified routine call interface is also provided for application development.
Brief description of the drawings
Fig. 1 is the general frame schematic diagram of the present invention;
Fig. 2 is the data demand module implementation process figure of the present invention;
Fig. 3 is the common applications feature information extraction and Stored Procedure figure of the present invention;
Fig. 4 is the data storage operations flow chart of the present invention;
Fig. 5 is the data loading operations flow chart of the present invention;
Fig. 6 is the data destroying operational flowchart of the present invention.
Embodiment
The present invention is real using platform based on ARM TrustZone hardware isolateds technologies and credible performing environment (TEE) It now can effectively provide data safety storage service, the common applications and trusted application on basic platform pass through calling The unified interface that safe storage service system provides realizes the safety storage of sensitive data, be safely loaded with and safety is destroyed;Simultaneously On the premise of ensureing to operating system minimal modifications, to initiating the general of data safety storage service request in credible performing environment Legitimacy detection when logical application program is run, refuse common applications that illegal common applications are initiated or legal By the service request initiated after malicious attack, prevent sensitive data from revealing, so that effectively assuring data security.It is based on This, there is data storage safety height, program to open for safe storage service system and method for the invention based on TrustZone technologies Send out the advantages such as interface unification.
For the purpose of the present invention, advantage and technical scheme is more clearly understood, below by way of specific implementation, and combine Accompanying drawing, the present invention is described in more detail.
The general frame of program implementation is described on the whole for Fig. 1, mainly including following tetrameric content.
First, the implementation method of the data demand module based on common performing environment
Client end AP I according to credible performing environment (TEE) realizes data demand module 101 for common applications 100, Data processing module provides three class data storage service request interfaces:Data storage request interface NS_ReqStoreData, data Load request interface NS_ReqLoadData and data destroying request interface NS_ReqDestroyData;Common applications 100 Asked by calling the interface of data demand module 101 to send data safety storage service to trusted application 102.
In order that credible performing environment can be entered when common applications send the request of data safety storage service to it Cheng Jinhang legitimacies are detected, it is necessary to make especially processing to normal operating system and data demand module;Specifically retouched with reference to Fig. 2 State the processing procedure of data demand module interface:
(11) the insertion software interrupt instruction SWI before first instruction of each interface of data demand module 101, and define New software interrupt number;
(12) when common applications 100 call data demand module interface, triggering SWI software interrupts are abnormal;
(13) normal operating system capture SWI software interrupts, into management mode;
(14) software interrupt handler of normal operating system completes the processing logic of new software interrupt number:
A) IA Addr when data demand module interface is called is calculated by LR_svc registersins=LR_ svc-4;Trusted application indications UUID is obtained from parameter register R0;
B) the process code segment base address TextBase and code segment size TextSize of currently common application program are obtained;
C) IA Addr when interface is calledins, process code segment base address TextBase, process code section it is big Small TextSize and trusted application indications UUID is packaged into the process exception information of common applications 100, by holding Process exception information is sent to credible performing environment by row SMC instructions, and is completed by legitimacy detection module 104 to common application The legitimacy detection of program process.
(15) normal operating system recovers the software interrupt exception of common applications, and is held by the way that TrustZone is credible Row Environment communication is acted on behalf of to trusted application 102 and sends the request of data safety storage service.
2nd, common applications feature information extraction and the implementation method of storage
In order to realize that the legitimacy detection module 104 in credible performing environment carries out legitimacy to common applications 100 , it is necessary to which the characteristic information that common applications are provided for legitimacy detection module is used as inspection reference, characteristic information is one for detection Section can be with the information of uniquely tagged common applications.Describe to believe common applications feature in the present invention with reference to Fig. 3 Breath extracts and what is stored realizes step:
(21) before the issue of common applications 100, developer reads common applications binary file information and obtained Take code segment size Sizetext;Hash operation is carried out to common applications code segment binary message using hash algorithm, it is raw Into code segment cryptographic Hash Htext=Hash (Text), wherein Text represent common applications code segment;By code segment size SizetextWith code segment cryptographic Hash HtextAs the characteristic information SpecInfo of common applicationsapp=(Sizetext|| Htext);
(22) using the characteristic information SpecInfo of trusted third party's CA certificate signature common applicationsapp, generate feature Information Signature Signapp=Sign (Sizetext||Htext);
(23) characteristic information is signed SignappIn the particular piece of data for storing trusted application 102.It is described credible Application program refers to the trusted application for receiving common applications data storage call request.
3rd, the implementation method of the legitimacy detection module based on credible performing environment
When common applications 100 call the interface of data demand module 101 to send data storage to trusted application 102 During call request, triggering software interrupt is abnormal, and the process exception information of common applications is sent to by normal operating system The TrustZone monitors of credible performing environment;After TrustZone monitors capture process exception information, safety storage is called The legitimacy detection module 104 of service carries out legitimacy inspection to the process exception information of common applications 100.
The specific implementation step of legitimacy detection is as follows:
(31) legitimacy detection module 104 obtains the process exception information (bag of common applications 100 by step (14) Include interface interchange IA Addrins, process code segment base address TextBase, process code section size TextSize with can Believe application program indications UUID), and the spy according to trusted application indications UUID from corresponding trusted application 102 Determine data segment loading common applications characteristic information signature Signapp
(32) legitimacy detection module 104 is arrived using the hash algorithm in step (21) to proceeding internal memory address TextBase Code segment data between TextBase+TextSize carries out Hash operation, calculates the code segment of the process of common applications 100 Cryptographic Hash H'text=Hash (Text), obtain the process characteristic information SpecInfo' of common applicationsapp=(TextSize ||H'text);Wherein Text represents the code segment of common applications process;
(33) characteristic information that legitimacy detection module 104 is obtained using the credible CA certificate public key of third party to step (31) Sign SignappSign test is carried out, obtains the characteristic information SpecInfo of common applications 100app=(Sizetext||Htext);
(34) the comparative feature information SpecInfo of legitimacy detection module 104appAnd SpecInfo'appIt is whether equal.If It is equal, and meet TextBase<Addrins<TextBase+TextSize, then judge the currently common process of application program 100 It is legal, and will detection Status Flag position 1;Otherwise it is illegal to judge currently common program process, then will detect State flag bit is set to 0;Wherein detect state flag bit and represent whether currently common program process is detected by legitimacy, such as Fruit detection flag bit is 1, then it represents that passes through detection;Otherwise represent not passing through detection.
4th, the implementation method of data processing module and key management module based on credible performing environment
Data processing module 103 is realized for safe storage service also according to the inside API of credible performing environment (TEE), Data processing module provides three class data storage operations interfaces:Data storage operations interface SE_StoreData, data loading behaviour Make interface SE_LoadData and data destroying operate interface SE_DestroyData;Trusted application 102 passes through far call Each interface of data processing module 101 completes the data safety storage service request of common applications 100.
(41) the specific implementation step that Fig. 4 specifically describes data storage calling interface is combined
A) trusted application 102 initiates the far call of data storage operations, required parameter to data processing module 103 Include trusted application indications UUID, pending sensitive data DATAtaWith cryptographic algorithm indications IDalgo
B) after data processing module 103 receives the data storage call request of trusted application 102, judgement is passed through (34) the detection state flag bit that legitimacy detection module 104 is set in step determines whether far call can be by receiving Reason.If it is 0 to detect state flag bit, refuse far call;If it is 1 to detect state flag bit, far call is handled;
C) after legitimacy detection passes through, data processing module 103 is according to cryptographic algorithm indications IDalgoMould is managed to key Block 105 initiates key generation request;
D) after key management module 105 receives key generation request, first according to cryptographic algorithm indications IDalgoCall secret Key maker generates the random secret key KEY of symmetric cryptographic algorithmalgo=KeyGenerator (IDalgo);Secondly loading trusted application The CertPubKey KEY of programtaTo cryptographic algorithm indications IDalgoWith random secret key KEYalgoEncryption, generate key encryption data EKEYta=AsymEncrypt (KEYta,(IDalgo||KEYalgo));Then the certificate and private key of trusted application 102 is loaded PKEYtaTo key encryption data EKEYtaSignature, produce key signed data SKEYta=Sign (PKEYta,EKEYta);Finally It is index by key encryption data EKEY using trusted application indications UUIDtaWith key signed data SKEYtaAccording to specific Organizational form storage on the nonvolatile memory in credible performing environment, and return and generate to data processing module 103 Random secret key KEYalgo.Wherein, KeyGenerator is Symmetric key generation device algorithm;AsymEncrypt is public key encryption Algorithm;Sign is public key signature algorithm;
E) after key is successfully generated, data processing module 103 is first according to cryptographic algorithm indications IDalgoCorresponding to calling Symmetric password encryption algorithm simultaneously uses random secret key KEYalgoTo sensitive data DATAtaIt is encrypted, generates encryption data EDATAta=SymEncrypt (KEYalgo,DATAta);Secondly using hash algorithm to computing with encrypted data cryptographic Hash HDATAta =Hash (EDATAta);Then cryptographic Hash is signed using the certificate and private key PKEYta of trusted application 102, generates number of signature According to SDATAta=Sign (PKEYta,HDATAta);Final data processing module 103 is using trusted application indications UUID as rope Draw encryption data EDATAtaWith signed data SDATAtaStored according to specific organizational form to non-in credible performing environment In volatile memory, and result is stored to trusted application returned data.Wherein, SymEncrypt is that symmetric cryptography is calculated Method;Hash is hash algorithm;Sign is public key signature algorithm.
(42) the specific implementation step that Fig. 5 specifically describes data loading calling interface is combined
A) trusted application 102 initiates the far call of data loading operations, required parameter to data processing module 103 Include trusted application indications UUID;
B) after data processing module 103 receives the data loading call request of trusted application 102, according to (41-b) Step carries out legitimacy detection to call request;
C) after legitimacy detection passes through, data processing module 103 is according to trusted application indications UUID to key pipe Manage module 104 and initiate key load request;
D) after key management module receives key load request, first using trusted application indications UUID as index from Key encryption data EKEY is loaded in credible performing environmenttaWith key signed data SKEYta;Secondly loading trusted application 102 CertPubKey KEYtaTo key signed data SKEYtaSign test, obtain key encryption data EKEY'ta=Verify (KEYta,SKEYta);Then EKEY is judgedtaAnd EKEY'taWhether equal, if unequal, refusal processing key loading operation is simultaneously Key loading failure result is returned to data processing module 103;If equal, the certificate and private key of trusted application 102 is loaded PKEYtaTo key encryption data EKEY'taDecryption, obtain cryptographic algorithm indications and random secret key, i.e. (IDalgo||KEYalgo) =AsymDecrypt (PKEYta,EKEY'ta);Last key management module 105 returns to key loading successful result and to data Processing module sends cryptographic algorithm indications IDalgoWith random secret key KEYalgo.Wherein, AsymDecrypt is that public key decryptions are calculated Method;Verify is public key sign test algorithm;
E) after key successfully loads, data processing module 103 first using trusted application indications UUID as index from Encryption data EDATA is loaded in credible performing environmenttaWith signed data SDATAta;Secondly the card of trusted application 102 is loaded Book public key KEYtaTo signed data SDATAtaSign test, obtain the cryptographic Hash HDATA' of encryption datata=Verify (KEYta, SDATAta);Then the hash algorithm in (41-e) step is used to encryption data EDATAtaCalculate cryptographic Hash HDATAta=Hash (EDATAta), and judge HDATA'taAnd HDATAtaIt is whether equal, if unequal, refusal processing data loading operation;If phase Deng then according to cryptographic algorithm indications IDalgoSymmetric cryptography decipherment algorithm corresponding to calling simultaneously uses random secret key to encrypting number According to being decrypted, sensitive data DATA is obtainedta=SymDecrypt (KEYalgo,EDATAta);Final data processing module 103 to The returned data of trusted application 102 loads successful result and sends sensitive data DATAta.Wherein, Verify is public key sign test Algorithm.Hash is hash algorithm, and SymDecrypt is symmetrical decipherment algorithm.
(43) the specific implementation step that Fig. 6 specifically describes data destroying calling interface is combined
A) trusted application 102 initiates the far call of data destroying operation, required parameter to data processing module 103 Include trusted application indications UUID;
B) after data processing module 103 receives the data destroying call request of trusted application 102, according to (41-b) Step carries out legitimacy detection to call request;
C) after legitimacy detection passes through, data processing module 103 is first using trusted application indications UUID as index Encryption data EDATA is loaded from credible performing environmenttaWith signed data SDATAta;Secondly trusted application 102 is loaded CertPubKey KEYtaTo signed data SDATAtaSign test, obtain encryption data EDATAtaCryptographic Hash HDATA'ta=Verify (KEYta,SDATAta);The hash algorithm in (41-e) step is finally used to encryption data EDATAtaCalculate cryptographic Hash HDATAta =Hash (EDATAta), and judge HDATA'taAnd HDATAtaWhether equal, if unequal, refusal processing data destroys behaviour Make;If equal, encryption data is safely removed from credible performing environment by index of trusted application indications UUID EDATAtaWith signed data SDATAta, and initiate key to key management module 105 and destroy request;
D) key management module 105 receive key destroy request after, using trusted application indications UUID for index from Key encryption data EKEY is safely removed in credible performing environmenttaWith key signed data SKEYta
E) after data processing module 103 successfully destroys encryption data and signed data, number is returned to trusted application 102 According to destruction successful result.
Above example is provided just for the sake of the description purpose of the present invention, and is not intended to limit the scope of the present invention.This The scope of invention is defined by the following claims.The various equivalent substitutions that do not depart from spirit and principles of the present invention and make and repair Change, all should cover within the scope of the present invention.

Claims (10)

1. a kind of safe storage service system based on TrustZone technologies, including credible performing environment and common performing environment, Credible performing environment provides SOS operation, is responsible for loading and running trusted application by SOS;It is general Logical performing environment provides normal operating system operation, and normal operating system calls common applications operation, it is characterised in that:
Increase data demand module in common performing environment, data demand module is responsible for common applications and trusted application journey The encapsulation and calling that data safety storage service is asked between sequence, unified data safety storage service is provided for common applications Request interface, data safety storage service request interface include data storage request interface, data load requests interface and data Destroy request interface;
Increase safe storage service in credible performing environment, realize and store data safety as service operation in credible execution In the SOS of environment;The safe storage service function is divided into data storage, data loading and data destroying;It is described Data storage, which is realized, is encrypted and signs to sensitive data, and encryption data and signed data are stored in into the non-of credible performing environment In volatile memory;Data loading, which is realized, to be loaded encryption data from the nonvolatile storage of credible performing environment and decrypts quick Feel data;Data destroying realizes the encryption data that storage is removed from the nonvolatile storage of credible performing environment;The safety Storage service is made up of legitimacy detection module, data processing module and key management module;The legitimacy detection module exists When common applications initiate the request of data safety storage service, detected when being run to common applications process, ensure number The legitimacy asked according to safe storage service;Data processing module provides unified data safety storage far for trusted application Journey calling interface, the data safety storage far call interface include data storage calling interface, data loading calling interface With data destroying calling interface;The far call refers to the remote communication party between trusted application in credible performing environment Formula, after trusted application sends far call to data processing module, it is responsible for by SOS by the far call road By storing far call interface to corresponding data safety, corresponding data safety storage operation is performed, and operating result is returned It is back to trusted application;Key management module for data processing module handle encryption and decryption data provides related key generate, it is secret Key loads and key destroys function.
2. the safe storage service system according to claim 1 based on TrustZone technologies, it is characterised in that:General Extract characteristic information in logical application program, the characteristic information be one section can be with the information of uniquely tagged common applications;It is special Reference breath is signed and is stored in trusted application by third party's CA certificate, and the legitimacy for common applications detects.
3. the safe storage service system according to claim 1 based on TrustZone technologies, it is characterised in that:It is described Data demand module is that data storage request interface, data load requests interface and data destroying request interface define uniquely Call request number;After trusted application receives the call request of data demand module, according to call request number at data Manage module and initiate far call, perform corresponding safe storage service operation.
4. the safe storage service system according to claim 1 based on TrustZone technologies, it is characterised in that:In number Before first instruction of the data storage request interface of request module, data load requests interface and data destroying request interface Software interrupt instruction SWI is inserted, and defines new software interrupt number;When common applications call data demand module interface to It is when trusted application sends the request of data safety storage service, triggering SWI software interrupts is abnormal, normal operating system capture SWI software interrupts and the TrustZone monitors that the process exception information of common applications is sent to credible performing environment; After TrustZone monitors capture process exception information, legitimacy detection module is called to close the process of common applications Method detects.
5. the safe storage service system according to claim 1 based on TrustZone technologies, it is characterised in that:It is described The implementation process of legitimacy detection module is:Obtain the process exception information and trusted application indications of common applications Afterwards, the characteristic information signature of common applications is loaded from trusted application, and is entered according to the common applications of capture Journey abnormal information and characteristic information signature carry out legitimacy detection to common applications, and last foundation testing result is current general Logical program process sets detection state flag bit.
6. a kind of safe storage method based on TrustZone technologies, it is characterised in that realize that step is as follows:
(1) data demand module is realized for common applications, while characteristic information is extracted for common applications, use the 3rd Square CA certificate is signed to characteristic information, and by the storage of characteristic information signature value into corresponding trusted application, common application Program is by calling the data safety storage service request interface of data demand module to send service request to trusted application;
(2) when common applications call data demand module interface, normal operating system is caught using software interrupt abnormal mechanism Its process exception information and the trusted application indications of request are obtained, and process exception information and trusted application are indicated Symbol is sent to the TrustZone monitors of credible performing environment, and the legal of safe storage service is called by TrustZone monitors Property detection module complete to detect the legitimacy of common applications process;
(3) after legitimacy detection module obtains the process exception information and trusted application indications of common applications, from The characteristic information signature of common applications is loaded in trusted application, and according to the common applications progress information of capture Common applications are carried out with legitimacy detection with characteristic information signature, last foundation testing result is common applications process Detection state flag bit is set;
(4), please to common applications after trusted application receives the data safety storage service request of common applications The initial data asked completes data prediction operation, and performs corresponding data safety by far call data processing module and deposit Storage operation;
(5) SOS is responsible for handling the far call that trusted application is initiated to data processing module, safety operation Far call is routed to data processing module and performs corresponding data safety by system stores far call interface, data safety Storage far call interface needs to detect the detection state flag bit of common applications process before execution, if detection failure, Then refuse the far call that trusted application is initiated;If detection passes through, data safety storage far call interface will cooperate with Key management module is that trusted application performs corresponding data safety storage operation.
A kind of 7. safe storage method based on TrustZone technologies according to claim 6, it is characterised in that: In the step (2), when common applications call data demand module interface, in order that normal operating system capture commonly should It is abnormal, it is necessary to carry out specially treated to data demand module interface in code aspect with the software interrupt of program process:Every Insertion software interrupt instruction SWI before the first Codabar code instruction of individual request interface, and define new software interrupt number;Ensureing simultaneously On the premise of to operating system minimal modifications, the interrupt handling logic of new software interrupt number is added for normal operating system, is used for Capture the process exception information of common applications and send process exception information to credible performing environment.
A kind of 8. safe storage method based on TrustZone technologies according to claim 6, it is characterised in that: In the step (3), legitimacy detection first passes through the characteristic information during process exception information calculating operation of common applications; The characteristic information signature that third party's CA certificate public key sign test is stored in trusted application is reused, obtains legal feature letter Breath;The characteristic information obtained after characteristic information and sign test when finally to operation is compared, and general according to comparative result judgement The legitimacy of logical program process.
A kind of 9. safe storage method based on TrustZone technologies according to claim 6, it is characterised in that: In the step (4), before the data prediction operation refers to that trusted application initiates far call to data processing module, Some necessary processing operations are carried out to the initial data of common applications request, including common applications are from remote service Device downloads a classified papers, and classified papers content is actual to be encrypted by trusted application and the shared key of remote server, After trusted application receives the call request of common applications storage file, it is necessary first to use trusted application The file content of encryption is decrypted with the shared key of remote server, then passes through far call data processing module again Secure storage operations are performed to the file content after decryption.
A kind of 10. safe storage method based on TrustZone technologies according to claim 6, it is characterised in that: In the step (5), data safety storage far call interface includes:Data storage calling interface, data loading calling interface With data destroying calling interface;Data safety stores far call interface before execution, it is necessary to judge by legitimacy detection module The detection state flag bit of setting, it is described to decide whether to perform corresponding data safety storage operation for trusted application Data safety storage operation includes:Data storage operations, data loading operations and data destroying operation.
CN201510586671.5A 2015-09-15 2015-09-15 A kind of safe storage service system and method based on TrustZone technologies Expired - Fee Related CN105260663B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510586671.5A CN105260663B (en) 2015-09-15 2015-09-15 A kind of safe storage service system and method based on TrustZone technologies

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510586671.5A CN105260663B (en) 2015-09-15 2015-09-15 A kind of safe storage service system and method based on TrustZone technologies

Publications (2)

Publication Number Publication Date
CN105260663A CN105260663A (en) 2016-01-20
CN105260663B true CN105260663B (en) 2017-12-01

Family

ID=55100347

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510586671.5A Expired - Fee Related CN105260663B (en) 2015-09-15 2015-09-15 A kind of safe storage service system and method based on TrustZone technologies

Country Status (1)

Country Link
CN (1) CN105260663B (en)

Families Citing this family (46)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107924449B (en) * 2016-03-18 2020-03-10 华为技术有限公司 Notification message processing method and device and terminal
CN105868975B (en) * 2016-03-25 2019-06-11 宇龙计算机通信科技(深圳)有限公司 Management method, management system and the mobile terminal of electronic banking account
CN105912930B (en) * 2016-04-11 2019-02-01 北京奇虎科技有限公司 Mobile terminal and its system resource method of controlling security
CN107436831A (en) * 2016-05-26 2017-12-05 北京京东尚科信息技术有限公司 Monitoring method and device for client server system
CN106056380A (en) * 2016-05-27 2016-10-26 深圳市雪球科技有限公司 Mobile payment risk control system and mobile payment risk control method
CN106250817A (en) * 2016-07-19 2016-12-21 青岛海信移动通信技术股份有限公司 A kind of fingerprint identification method and device
EP3447992B1 (en) 2016-11-14 2020-09-23 Huawei Technologies Co., Ltd. Message pushing method and terminal
CN109952751B (en) * 2016-11-15 2020-11-17 华为技术有限公司 Safe processor chip and terminal equipment
CN106603498B (en) * 2016-11-15 2020-01-10 华为技术有限公司 Event reporting method and device
CN108242997B (en) * 2016-12-26 2020-12-22 联芯科技有限公司 Method and apparatus for secure communication
CN106815494B (en) * 2016-12-28 2020-02-07 中软信息系统工程有限公司 Method for realizing application program safety certification based on CPU time-space isolation mechanism
CN108270569A (en) * 2016-12-30 2018-07-10 航天信息股份有限公司 A kind of method and system that Electronic Signature is carried out by safe interface
US10419402B2 (en) * 2017-01-26 2019-09-17 Microsoft Technology Licensing, Llc Addressing a trusted execution environment using signing key
CN108429719B (en) * 2017-02-14 2020-12-01 华为技术有限公司 Key protection method and device
CN106980793B (en) * 2017-04-01 2020-05-15 北京元心科技有限公司 TrustZone-based universal password storage and reading method, device and terminal equipment
CN106980794B (en) * 2017-04-01 2020-03-17 北京元心科技有限公司 TrustZone-based file encryption and decryption method and device and terminal equipment
CN106997439B (en) * 2017-04-01 2020-06-19 北京元心科技有限公司 TrustZone-based data encryption and decryption method and device and terminal equipment
CN107169347B (en) * 2017-05-08 2019-07-05 中国科学院信息工程研究所 A kind of enhancing ARM platform virtual machine is examined oneself safe method and device
CN107609412A (en) * 2017-09-19 2018-01-19 山东大学 A kind of method for realizing that mobile terminal safety stores under mobile Internet based on TrustZone technologies
CN107786341B (en) 2017-10-11 2019-11-29 Oppo广东移动通信有限公司 Certificate loading method and mobile terminal and computer readable storage medium
CN109802929B (en) * 2017-11-17 2022-09-30 厦门雅迅网络股份有限公司 Client program upgrading method based on dual systems and computer readable storage medium
CN107919960A (en) * 2017-12-04 2018-04-17 北京深思数盾科技股份有限公司 The authentication method and system of a kind of application program
CN108282466B (en) * 2017-12-29 2021-02-02 北京握奇智能科技有限公司 Method, system for providing digital certificate functionality in a TEE
CN110140124B (en) * 2017-12-29 2021-04-20 华为技术有限公司 Packet applications share data using the same key
CN108228157A (en) * 2017-12-29 2018-06-29 北京握奇智能科技有限公司 TEE system interfaces packaging method, device and mobile terminal
CN108197500A (en) * 2018-01-31 2018-06-22 长安大学 A kind of storage system and method based on TrustZone Security and Integrality of Data
CN108418812B (en) * 2018-02-12 2021-01-12 北京豆荚科技有限公司 Intelligent terminal safety message service method based on trusted execution environment
CN108491275B (en) * 2018-03-13 2022-12-13 Oppo广东移动通信有限公司 Program optimization method, device, terminal and storage medium
CN108763895B (en) * 2018-04-28 2021-03-30 Oppo广东移动通信有限公司 Image processing method and device, electronic equipment and storage medium
CN108804935A (en) * 2018-05-31 2018-11-13 中国-东盟信息港股份有限公司 A kind of safety encryption storage system and method based on TrustZone
WO2019237304A1 (en) * 2018-06-14 2019-12-19 华为技术有限公司 Key processing method and device
WO2020047764A1 (en) * 2018-09-05 2020-03-12 福建联迪商用设备有限公司 Api invoking method and terminal
CN109450620B (en) * 2018-10-12 2020-11-10 创新先进技术有限公司 Method for sharing security application in mobile terminal and mobile terminal
CN110460716A (en) * 2019-06-28 2019-11-15 华为技术有限公司 A kind of method and electronic equipment of respond request
CN110609799A (en) * 2019-09-11 2019-12-24 天津飞腾信息技术有限公司 Safety protection method for off-chip nonvolatile storage
CN110838919B (en) * 2019-11-01 2021-04-13 广州小鹏汽车科技有限公司 Communication method, storage method, operation method and device
CN111148070B (en) * 2019-12-31 2021-06-15 华为技术有限公司 V2X communication method and device and vehicle
CN111382445B (en) * 2020-03-03 2023-04-07 首都师范大学 Method for providing trusted service by using trusted execution environment system
CN111538995B (en) * 2020-04-26 2021-10-29 支付宝(杭州)信息技术有限公司 Data storage method and device and electronic equipment
CN113553125B (en) * 2020-04-26 2024-03-19 中移(成都)信息通信科技有限公司 Method, device and equipment for calling trusted application program and computer storage medium
CN112069506B (en) * 2020-09-16 2024-02-23 地平线(上海)人工智能技术有限公司 Safe starting method and device
CN113014539B (en) * 2020-11-23 2022-05-17 杭州安芯物联网安全技术有限公司 Internet of things equipment safety protection system and method
CN112818327B (en) * 2021-02-26 2024-10-01 中国人民解放军国防科技大学 TrustZone-based user-level code and data security and credibility protection method and device
CN113901485B (en) * 2021-12-07 2022-05-10 展讯通信(天津)有限公司 Application program loading method, electronic device and storage medium
CN114491565B (en) * 2022-03-31 2022-07-05 飞腾信息技术有限公司 Firmware secure boot method, device, computing equipment and readable storage medium
CN115186300B (en) * 2022-09-08 2023-01-06 粤港澳大湾区数字经济研究院(福田) File security processing system and file security processing method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104091135A (en) * 2014-02-24 2014-10-08 电子科技大学 Intelligent terminal safety system and safety storage method
CN104143065A (en) * 2014-08-28 2014-11-12 北京握奇智能科技有限公司 Safety intelligent terminal equipment and information processing method
CN104318182A (en) * 2014-10-29 2015-01-28 中国科学院信息工程研究所 Intelligent terminal isolation system and intelligent terminal isolation method both based on processor safety extension
CN104392188A (en) * 2014-11-06 2015-03-04 三星电子(中国)研发中心 Security data storage method and system
CN104581214A (en) * 2015-01-28 2015-04-29 三星电子(中国)研发中心 Multimedia content protecting method and device based on ARM TrustZone system
CN104683336A (en) * 2015-02-12 2015-06-03 中国科学院信息工程研究所 Security-region-based method and system for protecting Android private data

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104091135A (en) * 2014-02-24 2014-10-08 电子科技大学 Intelligent terminal safety system and safety storage method
CN104143065A (en) * 2014-08-28 2014-11-12 北京握奇智能科技有限公司 Safety intelligent terminal equipment and information processing method
CN104318182A (en) * 2014-10-29 2015-01-28 中国科学院信息工程研究所 Intelligent terminal isolation system and intelligent terminal isolation method both based on processor safety extension
CN104392188A (en) * 2014-11-06 2015-03-04 三星电子(中国)研发中心 Security data storage method and system
CN104581214A (en) * 2015-01-28 2015-04-29 三星电子(中国)研发中心 Multimedia content protecting method and device based on ARM TrustZone system
CN104683336A (en) * 2015-02-12 2015-06-03 中国科学院信息工程研究所 Security-region-based method and system for protecting Android private data

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ARMTrustZone安全隔离技术研究与应用;王熙友;《中国优秀硕士学位论文全文数据库信息科技辑(月刊)》;20140115(第01期);I136-387 *

Also Published As

Publication number Publication date
CN105260663A (en) 2016-01-20

Similar Documents

Publication Publication Date Title
CN105260663B (en) A kind of safe storage service system and method based on TrustZone technologies
CN107735793B (en) Binding trusted input sessions to trusted output sessions
CN108055133B (en) Key security signature method based on block chain technology
US10650139B2 (en) Securing temporal digital communications via authentication and validation for wireless user and access devices with securitized containers
CN105446713B (en) Method for secure storing and equipment
CN113572715B (en) Data transmission method and system based on block chain
CN109361668A (en) A kind of data trusted transmission method
CN104756127A (en) Secure data handling by a virtual machine
CN110175466B (en) Security management method and device for open platform, computer equipment and storage medium
CN109726588B (en) Privacy protection method and system based on information hiding
CN105975867B (en) A kind of data processing method
CN104335548A (en) Secure data processing
CN105978855B (en) Personal information safety protection system and method under a kind of system of real name
CN107430658A (en) Fail-safe software certification and checking
JP2019510316A (en) Method and device for providing account linking and service processing
CN107040520A (en) A kind of cloud computing data-sharing systems and method
CN104463584B (en) The method for realizing mobile terminal App secure payments
CN111181960A (en) Safety credit granting and signature system based on terminal equipment block chain application
CN107133512A (en) POS terminal control method and device
Cooijmans et al. Secure key storage and secure computation in Android
CN104955043B (en) A kind of intelligent terminal security protection system
CN105933117A (en) Data encryption and decryption device and method based on TPM (Trusted Platform Module) key security storage
CN108900595A (en) Access method, apparatus, equipment and the calculation medium of cloud storage service device data
CN109474431A (en) Client certificate method and computer readable storage medium
CN104866761B (en) A kind of high security Android intelligent terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20171201

Termination date: 20190915

CF01 Termination of patent right due to non-payment of annual fee